mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-09-11 12:10:46 +03:00

Author	SHA1	Message	Date
Gilles Peskine	fdb722384b	Move PSA information and dependency automation into their own module This will let us use these features from other modules (yet to be created). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-21 18:32:11 +02:00
Gilles Peskine	796bc2b8f9	Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes Document mbedtls_calloc zeroization	2023-08-21 15:47:21 +00:00
Gilles Peskine	d686c2a822	Merge pull request #7971 from AgathiyanB/fix-data-files-makefile Fix server1.crt.der in tests/data_files/Makefile	2023-08-21 14:43:07 +00:00
Gilles Peskine	44243e11ff	Remove obsolete header inclusions Since 3.0.0, mbedtls_config.h (formerly config.h) no longer needs to include config_psa.h or check_config.h: build_info.h takes care of that. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-21 16:10:06 +02:00
Janos Follath	e220d258fd	Merge pull request #8086 from yanesca/remove-new-bignum Remove new bignum when not needed	2023-08-21 10:59:41 +00:00
Dave Rodgman	1fdc884ed8	Merge pull request #7384 from yuhaoth/pr/add-aes-accelerator-only-mode AES: Add accelerator only mode	2023-08-18 20:55:44 +00:00
David Horstmann	cfae6a1ae9	Fix incorrect detection of HardwareModuleName The hardware module name otherName SAN contains 2 OIDs: OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING } The first, type-id, is the one that identifies the otherName as a HardwareModuleName. The second, hwType, identifies the type of hardware. This change fixes 2 issues: 1. We were erroneously trying to identify HardwareModuleNames by looking at hwType, not type-id. 2. We accidentally inverted the check so that we were checking that hwType did NOT match HardwareModuleName. This fix ensures that type-id is correctly checked to make sure that it matches the OID for HardwareModuleName. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-08-18 19:31:39 +01:00
Kusumit Ghoderao	5cad47df8a	Modify test description The test data was generated using the python script. PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library: https://github.com/Legrandin/pycryptodome Steps to generate test vectors: 1. pip install pycryptodome 2. Use the python script below to generate Derived key (see description for details): Example usage: pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len> derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16 password : 4a30314e4d45 salt : 54687265616437333563383762344f70656e54687265616444656d6f input cost : 16384 derived key len : 16 output : 8b27beed7e7a4dd6c53138c879a8e33c """ from Crypto.Protocol.KDF import PBKDF2 from Crypto.Hash import CMAC from Crypto.Cipher import AES import sys def main(): #check args if len(sys.argv) != 5: print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>") return password = bytes.fromhex(sys.argv[1]) salt = bytes.fromhex(sys.argv[2]) iterations = int(sys.argv[3]) dklen = int(sys.argv[4]) # If password is not 16 bytes then we need to use CMAC to derive the password if len(password) != 16: zeros = bytes.fromhex("00000000000000000000000000000000") cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16) passwd = bytes.fromhex(cobj_pass.hexdigest()) else: passwd = password cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest() actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf) print('password : ' + password.hex()) print('salt : ' + salt.hex()) print('input cost : ' + str(iterations)) print('derived key len : ' + str(dklen)) print('output : ' + actual_output.hex()) if __name__ == "__main__": main() """ Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-18 12:49:07 +05:30
Bence Szépkúti	505dffd5e3	Merge pull request #7937 from yanrayw/code_size_compare_improvement code_size_compare.py: preparation work to show code size changes in PR comment	2023-08-17 20:59:11 +00:00
Kusumit Ghoderao	e4d634cd87	Add tests with higher input costs for pbkdf2 Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-17 21:16:14 +05:30
Gilles Peskine	dbd13c3689	Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01 Updating crt/crl files due to expiry before 2027-01-01	2023-08-17 15:38:35 +00:00
Janos Follath	f2334b7b39	Remove new bignum when not needed New bignum modules are only needed when the new ecp_curves module is present. Remove them when they are not needed to save code size. Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-08-17 14:36:59 +01:00
Gilles Peskine	294be94922	Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation PBKDF2 CMAC implementation	2023-08-17 11:15:16 +00:00
Jerry Yu	f258d17acd	remove aesni + padlock - plain c tests This test is not valid for padlock depends on plain c Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 12:39:00 +08:00
Jerry Yu	bdd96b9adf	disable aesni for componets without cpu modifiers Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-16 17:34:27 +08:00
Gilles Peskine	d370f93898	Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's	2023-08-16 09:19:46 +00:00
Jerry Yu	506759f5ce	fix build fail for via padlock test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-16 17:11:22 +08:00
Jerry Yu	b6d39c2f8c	Add aesni test for i386 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-16 16:14:02 +08:00
Kusumit Ghoderao	6c104b9b3b	Modify derive output test cases and add actual output Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-16 11:47:24 +05:30
Tomás González	358c6c644a	Add EdDSA and XTS to the allow list As specified in https://github.com/Mbed-TLS/mbedtls/issues/5390#issuecomment-1669585707 EdDSA and XTS tests are legitimately never executed, so add them to the allow list. Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>	2023-08-14 15:46:25 +01:00
Tomás González	b401e113ff	Add a flag for requiring full coverage in coverage tests Introduce the --require-full-coverage in analyze_outcomes.py so that when analyze_outcomes.py --require-full-coverage is called, those tests that are not executed and are not in the allowed list issue an error instead of a warning. Note that it is useful to run analyze_outcomes.py on incomplete test results, so this error mode needs to remain optional in the long term. Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>	2023-08-14 15:46:12 +01:00
Tomás González	07bdcc2b0d	Add allow list for non-executed test cases The allow list explicits which test cases are allowed to not be executed when testing. This may be, for example, because a feature is yet to be developed but the test for that feature is already in our code base. Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>	2023-08-14 15:46:12 +01:00
Dave Rodgman	a797f152ee	Merge pull request #8067 from paul-elliott-arm/fix_bignum_test_leak Fix resource leak in bignum test failure case	2023-08-14 09:33:13 +01:00
Paul Elliott	6da3d83f33	Fix resource leak in test failure case Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-08-11 16:28:06 +01:00
Dave Rodgman	963513dba5	Merge pull request #8008 from valeriosetti/issue7756 driver-only ECC: BN.TLS testing	2023-08-11 13:51:36 +00:00
Dave Rodgman	246210e3c4	Test CT asm under valgrind Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-11 08:47:38 +01:00
Valerio Setti	36344cecbd	ssl-opt: remove redundant requirement for RSA_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-11 09:37:14 +02:00
Tom Cosgrove	5e678fd4d2	Merge pull request #8050 from gilles-peskine-arm/all.sh-remove-crypto_full_no_cipher Remove redundant test component component_test_crypto_full_no_cipher	2023-08-11 07:28:10 +00:00
Valerio Setti	e0be95e81d	analyze_outcomes: skip tests that depend on BIGNUM_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-11 06:35:23 +02:00
Valerio Setti	4f577f3e51	ssl-opt: add RSA_C requirement when RSA encryption is used in certificate Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-11 06:35:23 +02:00
Valerio Setti	18535c352d	test: enable TLS, key exchances and ssl-opt teting in ecc_no_bignum() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-11 06:33:52 +02:00
Manuel Pégourié-Gonnard	26b7c93d9d	Merge pull request #7992 from valeriosetti/issue7755 driver-only ECC: BN.x509 testing	2023-08-10 19:41:09 +00:00
Manuel Pégourié-Gonnard	54da1a69a2	Merge pull request #7578 from daverodgman/safer-ct5 Improve constant-time interface	2023-08-10 16:57:39 +00:00
Tom Cosgrove	e7700a7d0a	Merge pull request #7936 from AgathiyanB/assert-false-macro Add TEST_FAIL macro for tests	2023-08-10 15:01:34 +00:00
Valerio Setti	3580f448eb	test: solve test disparities for x509[parse/write] suites Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 14:50:43 +02:00
Valerio Setti	29c1b4d04a	test: enable X509 testing in ecc_no_bignum component Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 14:50:03 +02:00
Dave Rodgman	ac69b45486	Document and test mbedtls_ct_size_if_else_0 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-10 12:18:13 +01:00
Dave Rodgman	98ddc01a7c	Rename ...if0 to ...else_0 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-10 12:11:31 +01:00
Dave Rodgman	b7825ceb3e	Rename uint->bool operators to reflect input types Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-10 11:58:18 +01:00
Gilles Peskine	f5a29a5b83	Remove redundant test component component_test_crypto_full_no_cipher doesn't bring any extra value given the existence of component_test_full_no_cipher. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-10 12:07:49 +02:00
Valerio Setti	2e0275d2a1	test: use unset-all option in config.py to optimize test code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 07:05:47 +02:00
Valerio Setti	a8c655edb0	test: remove redundant code setting MBEDTLS_PSA_CRYPTO_CONFIG Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 07:05:47 +02:00
Valerio Setti	fe7d96cff7	test: minor optimizations to ecc_no_bignum components Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 06:43:23 +02:00
Valerio Setti	c5d85e5ead	test: remove BIGNUM dependencies from pk[parse/write] suites Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 06:43:23 +02:00
Valerio Setti	9b3dbcc2e3	analyze_outcomes: skip tests that unavoidably depend on bignum Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard	660bbf2470	test: disable BIGNUM support on the test ecc_no_bignum component Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard	06aebe4995	test: disable FFDH support on the test ecc_no_bignum component Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard	7dccb66d49	test: disable RSA support on the test ecc_no_bignum component Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard	abd00d0be8	test: adding new components for testing and driver coverage analysis without BN Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 06:43:23 +02:00
Paul Elliott	2f12a29cdd	Merge pull request #7896 from AgathiyanB/gitignore-generated-files-toggle Add script to toggle ignoring generated files	2023-08-09 14:54:32 +00:00

1 2 3 4 5 ...

9606 Commits