mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-03 10:13:40 +00:00

Author	SHA1	Message	Date
Jerry Yu	4d31022d90	Add missed intermediate file Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:16:14 +08:00
Jerry Yu	c5b2e284fa	Remove workaround code Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:16:10 +08:00
Jerry Yu	99a82dd043	fix python lint fails Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:13:46 +08:00
Jerry Yu	2ef2e78837	Add commands for `test_certs.h` And update target file Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:13:46 +08:00
Jerry Yu	5811869311	Add test_certs.h generate script Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:13:46 +08:00
Jerry Yu	fa0c3995c4	Move certs/keys data to seperate file Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:13:46 +08:00
Gabor Mezei	6db604711d	Add a new test component to test the new bignum interface with `TEST_HOOKS` Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-07-05 16:54:20 +02:00
Dave Rodgman	3d0c8255aa	Merge pull request #7825 from daverodgman/cipher_wrap_size Cipher wrap size improvement	2023-07-05 15:45:48 +01:00
David Horstmann	969c145f34	Use CONFIG_H variable rather than config file name Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-07-05 14:12:13 +01:00
David Horstmann	20550e3d59	all.sh component to test cmake custom config file Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-07-05 14:12:13 +01:00
Andrzej Kurek	026235c4ec	Disable msan errors on null allocation in all.sh Such error was raised in platform tests, and it's a valid test case. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-07-05 08:32:43 -04:00
Przemek Stekiel	565353ef71	Cleanup the code Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 11:07:07 +02:00
Przemek Stekiel	7ac93bea8c	Adapt names: dh -> xxdh Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:26:26 +02:00
Przemek Stekiel	45255e4c71	Adapt names (curves -> groups) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:26:26 +02:00
Przemek Stekiel	6f199859b6	Adapt handshake fields to ffdh Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:25:00 +02:00
Przemek Stekiel	84f4ff1dd3	Minor adaptations after ffdh was enabled for tls1.3 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:12:08 +02:00
Przemek Stekiel	85b644262d	Add ffdh accel vs reference check to analyze_outcomes.py Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-04 12:35:54 +02:00
Przemek Stekiel	01c248c00b	Enable TLS1.3 in FFDH alg build with drivers and add reference config(without drivers) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-04 12:35:54 +02:00
Kusumit Ghoderao	7333ed3efa	Add max iterations test case for cmac Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:03 +05:30
Kusumit Ghoderao	d80183864a	Add test case for zero input cost Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	671320633c	Add test cases for key and plain inputs Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	9d4c74f25c	Add test cases for output validation of pbkdf2 cmac PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library: https://github.com/Legrandin/pycryptodome Steps to generate test vectors: 1. pip install pycryptodome 2. Use the python script below to generate Derived key (see description for details): Example usage: pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len> derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16 password : 4a30314e4d45 salt : 54687265616437333563383762344f70656e54687265616444656d6f input cost : 16384 derived key len : 16 output : 8b27beed7e7a4dd6c53138c879a8e33c """ from Crypto.Protocol.KDF import PBKDF2 from Crypto.Hash import CMAC from Crypto.Cipher import AES import sys def main(): #check args if len(sys.argv) != 5: print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>") return password = bytes.fromhex(sys.argv[1]) salt = bytes.fromhex(sys.argv[2]) iterations = int(sys.argv[3]) dklen = int(sys.argv[4]) # If password is not 16 bytes then we need to use CMAC to derive the password if len(password) != 16: zeros = bytes.fromhex("00000000000000000000000000000000") cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16) passwd = bytes.fromhex(cobj_pass.hexdigest()) else: passwd = password cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest() actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf) print('password : ' + password.hex()) print('salt : ' + salt.hex()) print('input cost : ' + str(iterations)) print('derived key len : ' + str(dklen)) print('output : ' + actual_output.hex()) if __name__ == "__main__": main() """ Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:01 +05:30
Kusumit Ghoderao	1d3fca21b1	Add test cases for input validation of pbkdf2 cmac Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:01 +05:30
Pengyu Lv	b687c03183	Fix the command for server9-sha.crt The new command could generate parse_input/server9-sha.crt correctly. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	49c56e651d	Add target for parse_input/cert_example_multi_nocn.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	19e949e644	Fix typo and long line format Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	736d2bb715	Update crl-rsa-pss-*.pem manually The rules will be in a seperate PR. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	59f392cd4d	upgrade server9-bad-saltlen.crt Upgrade scripts ```python import subprocess from asn1crypto import pem, x509,core output_filename="server9-bad-saltlen.crt" tmp_filename="server9-bad-saltlen.crt.tmp" tmp1_filename="server9-bad-saltlen.crt.tmp1" subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \ -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \ -set_serial 24 -days 3650 \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \ -sigopt rsa_mgf1_md:sha256 -sha256 \ -in server9.csr -out {output_filename} ''',shell=True) with open(output_filename,'rb') as f: _,_,der_bytes=pem.unarmor(f.read()) target_certificate=x509.Certificate.load(der_bytes) with open(tmp_filename,'wb') as f: f.write(target_certificate['tbs_certificate'].dump()) subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \ -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}', shell=True) with open(tmp1_filename,'rb') as f: signature_value= core.OctetBitString(f.read()) with open(output_filename,'wb') as f: target_certificate['signature_value']=signature_value f.write(pem.armor('CERTIFICATE',target_certificate.dump())) ``` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	4ad45c01b9	Update server9*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	8c40c573b2	Add server9-bad-{mgfhash,saltlen}.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	b5ac935e44	Add rules to generate server9*.crt Except for server9-bad-saltlen.crt and server9-bad-mgfhash.crt. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	4ca9520582	Update server1-nospace.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	0efdfcbfd3	Update v1 crt files Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	0d545a1815	Update cert_example_multi_nocn.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	e025cb2096	Add rules to generate cert_example_multi_nocn.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	d9ba29733e	Update server5.[e]ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	1ca5c0eae9	Add rules to generate server5.[e]ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	5b91dc7265	Update server2.ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	0063599e6f	Add rules to generate server2.ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	55ee7f8e13	Add rule for server2-badsign.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	0f381fd02f	Update test-ca2.ku-*.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	5a1dbf3d6e	Fix the rule for server5-ss-forgeca.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	affc294dfe	Add the rule and update server6-ss-child.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	4d69b29076	Update server5-selfsigned.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Dave Rodgman	9cf17dad9d	Merge pull request #7851 from daverodgman/fix-unused-aes Fix AES dependencies - build TF-M config cleanly	2023-07-03 16:49:00 +01:00
Andrzej Kurek	cf669b058b	Add a dummy usage of a pointer in tests This way clang with O1 doesn't optimize it. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-07-03 10:42:27 -04:00
Gilles Peskine	e554f1b9c0	Merge pull request #7853 from lpy4105/issue/7816/add-commands-for-files-in-parse_input 7831 follow-up: fix wrong dependency name and wrong commands	2023-07-03 16:00:45 +02:00
Dave Rodgman	0d539c222c	Merge pull request #7702 from silabs-Kusumit/PBKDF2_out_of_range_input_cost PBKDF2: Out of range input cost	2023-07-03 09:58:22 +01:00
Manuel Pégourié-Gonnard	56b159a12a	Merge pull request #7627 from mprse/ffdh_tls13_v2 Make use of FFDH keys in TLS 1.3 v.2	2023-07-03 10:12:33 +02:00
Manuel Pégourié-Gonnard	45e009aa97	Merge pull request #7814 from valeriosetti/issue7746 PK: refactor wrappers in the USE_PSA case	2023-07-03 09:32:31 +02:00

... 3 4 5 6 7 ...

9522 Commits