mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-03 10:13:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
26,748 Commits 172 Branches 263 Tags
Commit Graph

9529 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
a30c5cfc66 Use minimal include in test_suite_random 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:29 +02:00
Manuel Pégourié-Gonnard
d55d66f5ec Fix missing includes 
Some files relied on psa_util.h to provide the includes they need.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:28 +02:00
Manuel Pégourié-Gonnard
801d5b441d Remove unnecessary (and harmful) include 
Besides being unnecessary, it was causing problem when build SSL test
programs, which include this header, then in turn trying to include the
internal header from library, which didn't work.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:26 +02:00
Manuel Pégourié-Gonnard
2be8c63af7 Create psa_util_internal.h 
Most functions in psa_util.h are going to end up there (except those
that can be static in one file), but I wanted to have separate commits
for file creation and moving code around, so for now the new file's
pretty empty but that will change in the next few commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:42:33 +02:00
Przemek Stekiel
615cbcdbdf Provide additional comments for claryfication 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-06 12:16:39 +02:00
Gabor Mezei
2a7bcaf8af
Use only MBEDTLS_ECP_WITH_MPI_UINT to switch between the ecp variants 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-07-06 10:37:51 +02:00
Jerry Yu
ba3eee7211 Add indent 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:16:15 +08:00
Jerry Yu
4d31022d90 Add missed intermediate file 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:16:14 +08:00
Jerry Yu
c5b2e284fa Remove workaround code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:16:10 +08:00
Jerry Yu
99a82dd043 fix python lint fails 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:13:46 +08:00
Jerry Yu
2ef2e78837 Add commands for test_certs.h 
And update target file

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:13:46 +08:00
Jerry Yu
5811869311 Add test_certs.h generate script 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:13:46 +08:00
Jerry Yu
fa0c3995c4 Move certs/keys data to seperate file 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:13:46 +08:00
Gabor Mezei
6db604711d
Add a new test component to test the new bignum interface with TEST_HOOKS 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-07-05 16:54:20 +02:00
Dave Rodgman
3d0c8255aa
Merge pull request #7825 from daverodgman/cipher_wrap_size 
Cipher wrap size improvement
 2023-07-05 15:45:48 +01:00
David Horstmann
969c145f34 Use CONFIG_H variable rather than config file name 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-07-05 14:12:13 +01:00
David Horstmann
20550e3d59 all.sh component to test cmake custom config file 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-07-05 14:12:13 +01:00
Andrzej Kurek
026235c4ec Disable msan errors on null allocation in all.sh 
Such error was raised in platform tests,
and it's a valid test case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-05 08:32:43 -04:00
Przemek Stekiel
565353ef71 Cleanup the code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 11:07:07 +02:00
Przemek Stekiel
7ac93bea8c Adapt names: dh -> xxdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:26:26 +02:00
Przemek Stekiel
45255e4c71 Adapt names (curves -> groups) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:26:26 +02:00
Przemek Stekiel
6f199859b6 Adapt handshake fields to ffdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:25:00 +02:00
Przemek Stekiel
84f4ff1dd3 Minor adaptations after ffdh was enabled for tls1.3 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:12:08 +02:00
Przemek Stekiel
85b644262d Add ffdh accel vs reference check to analyze_outcomes.py 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-04 12:35:54 +02:00
Przemek Stekiel
01c248c00b Enable TLS1.3 in FFDH alg build with drivers and add reference config(without drivers) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-04 12:35:54 +02:00
Kusumit Ghoderao
7333ed3efa Add max iterations test case for cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:03 +05:30
Kusumit Ghoderao
d80183864a Add test case for zero input cost 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
671320633c Add test cases for key and plain inputs 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
9d4c74f25c Add test cases for output validation of pbkdf2 cmac 
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome

Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):

Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16

password         : 4a30314e4d45
salt             : 54687265616437333563383762344f70656e54687265616444656d6f
input cost       : 16384
derived key len  : 16
output           : 8b27beed7e7a4dd6c53138c879a8e33c

"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys

def main():
    #check args
    if len(sys.argv) != 5:
        print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
        return

    password    = bytes.fromhex(sys.argv[1])
    salt        = bytes.fromhex(sys.argv[2])
    iterations  = int(sys.argv[3])
    dklen       = int(sys.argv[4])

    # If password is not 16 bytes then we need to use CMAC to derive the password
    if len(password) != 16:
        zeros     = bytes.fromhex("00000000000000000000000000000000")
        cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
        passwd    = bytes.fromhex(cobj_pass.hexdigest())
    else:
        passwd = password

    cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()

    actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)

    print('password         : ' + password.hex())
    print('salt             : ' + salt.hex())
    print('input cost       : ' + str(iterations))
    print('derived key len  : ' + str(dklen))
    print('output           : ' + actual_output.hex())

if __name__ == "__main__":
    main()
"""

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Kusumit Ghoderao
1d3fca21b1 Add test cases for input validation of pbkdf2 cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Pengyu Lv
b687c03183 Fix the command for server9-sha*.crt 
The new command could generate
parse_input/server9-sha*.crt correctly.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
49c56e651d Add target for parse_input/cert_example_multi_nocn.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
19e949e644 Fix typo and long line format 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
736d2bb715 Update crl-rsa-pss-*.pem manually 
The rules will be in a seperate PR.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Jerry Yu
59f392cd4d upgrade server9-bad-saltlen.crt 
Upgrade scripts
```python
import subprocess
from asn1crypto import pem, x509,core

output_filename="server9-bad-saltlen.crt"
tmp_filename="server9-bad-saltlen.crt.tmp"
tmp1_filename="server9-bad-saltlen.crt.tmp1"

subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \
        -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \
        -set_serial 24 -days 3650 \
        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
        -sigopt rsa_mgf1_md:sha256 -sha256 \
        -in server9.csr -out {output_filename}
''',shell=True)

with open(output_filename,'rb') as f:
    _,_,der_bytes=pem.unarmor(f.read())
    target_certificate=x509.Certificate.load(der_bytes)

with open(tmp_filename,'wb') as f:
    f.write(target_certificate['tbs_certificate'].dump())

subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \
                        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \
                        -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}',
                        shell=True)

with open(tmp1_filename,'rb') as f:
    signature_value= core.OctetBitString(f.read())

with open(output_filename,'wb') as f:
    target_certificate['signature_value']=signature_value
    f.write(pem.armor('CERTIFICATE',target_certificate.dump()))
```

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
4ad45c01b9 Update server9*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
8c40c573b2 Add server9-bad-{mgfhash,saltlen}.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
b5ac935e44 Add rules to generate server9*.crt 
Except for server9-bad-saltlen.crt and
server9-bad-mgfhash.crt.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Jerry Yu
4ca9520582 Update server1-nospace.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-04 17:30:21 +08:00
Jerry Yu
0efdfcbfd3 Update v1 crt files 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
0d545a1815 Update cert_example_multi_nocn.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
e025cb2096 Add rules to generate cert_example_multi_nocn.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
d9ba29733e Update server5.[e]ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
1ca5c0eae9 Add rules to generate server5.[e]ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
5b91dc7265 Update server2.ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
0063599e6f Add rules to generate server2.ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
55ee7f8e13 Add rule for server2-badsign.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Jerry Yu
0f381fd02f Update test-ca2.ku-*.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
5a1dbf3d6e Fix the rule for server5-ss-forgeca.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Jerry Yu
affc294dfe Add the rule and update server6-ss-child.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-04 17:30:21 +08:00