mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00

Author	SHA1	Message	Date
Beniamin Sandu	aa4f621901	aesce: use correct target attribute when building with clang Seems clang has its own issues when it comes to crypto extensions, and right now the best way to avoid them is to accurately enable the needed instructions instead of the broad crypto feature. E.g.: https://github.com/llvm/llvm-project/issues/61645 Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>	2023-07-04 21:15:52 +03:00
Dave Rodgman	c8d81ad54d	Merge pull request #7784 from daverodgman/aesce-unroll	2023-07-04 18:41:13 +01:00
Tom Cosgrove	a2eff629fc	Merge pull request #7874 from yanrayw/7360-code-size-improvement code_size_compare.py: run make clean before build libraries	2023-07-04 17:14:35 +01:00
Tom Cosgrove	e939464eb7	Merge pull request #7829 from mpg/deduplicate-tls-hashing De-duplicate TLS hashing functions	2023-07-04 16:06:00 +01:00
Tom Cosgrove	b7af7eac05	Merge pull request #7834 from beni-sandu/development aesce: do not specify an arch version when enabling crypto instructions	2023-07-04 13:32:04 +01:00
Przemek Stekiel	85b644262d	Add ffdh accel vs reference check to analyze_outcomes.py Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-04 12:35:54 +02:00
Przemek Stekiel	01c248c00b	Enable TLS1.3 in FFDH alg build with drivers and add reference config(without drivers) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-04 12:35:54 +02:00
Ronald Cron	1ffa450882	tls: client: Improve writing of supported_groups ext Align the TLS 1.3 specific and TLS 1.2 specific tests done before to call ssl_write_supported_groups_ext() and inside thsi function. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-07-04 12:16:25 +02:00
Kusumit Ghoderao	5168bd5f0f	Add changelog entry Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:03 +05:30
Kusumit Ghoderao	7333ed3efa	Add max iterations test case for cmac Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:03 +05:30
Kusumit Ghoderao	d80183864a	Add test case for zero input cost Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	671320633c	Add test cases for key and plain inputs Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	3fde8feaa9	FIx name of macro Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	b3042c39fe	Define PSA_ALG_WANT_PBKDF2_AES_CMAC_PRF_128 and fix config Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	9d4c74f25c	Add test cases for output validation of pbkdf2 cmac PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library: https://github.com/Legrandin/pycryptodome Steps to generate test vectors: 1. pip install pycryptodome 2. Use the python script below to generate Derived key (see description for details): Example usage: pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len> derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16 password : 4a30314e4d45 salt : 54687265616437333563383762344f70656e54687265616444656d6f input cost : 16384 derived key len : 16 output : 8b27beed7e7a4dd6c53138c879a8e33c """ from Crypto.Protocol.KDF import PBKDF2 from Crypto.Hash import CMAC from Crypto.Cipher import AES import sys def main(): #check args if len(sys.argv) != 5: print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>") return password = bytes.fromhex(sys.argv[1]) salt = bytes.fromhex(sys.argv[2]) iterations = int(sys.argv[3]) dklen = int(sys.argv[4]) # If password is not 16 bytes then we need to use CMAC to derive the password if len(password) != 16: zeros = bytes.fromhex("00000000000000000000000000000000") cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16) passwd = bytes.fromhex(cobj_pass.hexdigest()) else: passwd = password cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest() actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf) print('password : ' + password.hex()) print('salt : ' + salt.hex()) print('input cost : ' + str(iterations)) print('derived key len : ' + str(dklen)) print('output : ' + actual_output.hex()) if __name__ == "__main__": main() """ Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:01 +05:30
Kusumit Ghoderao	1d3fca21b1	Add test cases for input validation of pbkdf2 cmac Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:01 +05:30
Kusumit Ghoderao	4536bb6f2b	Change mac_size parameter in driver_mac_compute to output length See #7801 for reference Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:01 +05:30
Kusumit Ghoderao	a2520a5b7e	Add pbkdf2 cmac to key derivation output_bytes Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:00 +05:30
Kusumit Ghoderao	3d5edb8eef	Add input password function for pbkdf2 cmac Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:00 +05:30
Kusumit Ghoderao	2cd649684a	Add pbkdf2_cmac to key derivation setup Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:00 +05:30
Kusumit Ghoderao	857cd4b3ee	Add AES_CMAC_PRF_128 output size macro Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:16:59 +05:30
Kusumit Ghoderao	3ab146f99e	Add builtin pbkdf2 cmac guard for all the pbkdf2 functions Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:16:59 +05:30
Kusumit Ghoderao	dd45667a18	Define struct for pbkdf2_cmac Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:16:59 +05:30
Kusumit Ghoderao	3cb6e41dfa	Add define for builtin pbkdf2_cmac Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:16:59 +05:30
Manuel Pégourié-Gonnard	aaad2b6bfc	Rename some local variables Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-07-04 11:35:16 +02:00
Pengyu Lv	b687c03183	Fix the command for server9-sha.crt The new command could generate parse_input/server9-sha.crt correctly. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	49c56e651d	Add target for parse_input/cert_example_multi_nocn.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	19e949e644	Fix typo and long line format Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	736d2bb715	Update crl-rsa-pss-*.pem manually The rules will be in a seperate PR. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	59f392cd4d	upgrade server9-bad-saltlen.crt Upgrade scripts ```python import subprocess from asn1crypto import pem, x509,core output_filename="server9-bad-saltlen.crt" tmp_filename="server9-bad-saltlen.crt.tmp" tmp1_filename="server9-bad-saltlen.crt.tmp1" subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \ -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \ -set_serial 24 -days 3650 \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \ -sigopt rsa_mgf1_md:sha256 -sha256 \ -in server9.csr -out {output_filename} ''',shell=True) with open(output_filename,'rb') as f: _,_,der_bytes=pem.unarmor(f.read()) target_certificate=x509.Certificate.load(der_bytes) with open(tmp_filename,'wb') as f: f.write(target_certificate['tbs_certificate'].dump()) subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \ -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}', shell=True) with open(tmp1_filename,'rb') as f: signature_value= core.OctetBitString(f.read()) with open(output_filename,'wb') as f: target_certificate['signature_value']=signature_value f.write(pem.armor('CERTIFICATE',target_certificate.dump())) ``` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	4ad45c01b9	Update server9*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	8c40c573b2	Add server9-bad-{mgfhash,saltlen}.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	b5ac935e44	Add rules to generate server9*.crt Except for server9-bad-saltlen.crt and server9-bad-mgfhash.crt. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	4ca9520582	Update server1-nospace.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	0efdfcbfd3	Update v1 crt files Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	0d545a1815	Update cert_example_multi_nocn.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	e025cb2096	Add rules to generate cert_example_multi_nocn.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	d9ba29733e	Update server5.[e]ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	1ca5c0eae9	Add rules to generate server5.[e]ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	b078607f04	cert_write: Support write any for extended key usage Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	5b91dc7265	Update server2.ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	0063599e6f	Add rules to generate server2.ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	55ee7f8e13	Add rule for server2-badsign.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	0f381fd02f	Update test-ca2.ku-*.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	5a1dbf3d6e	Fix the rule for server5-ss-forgeca.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	affc294dfe	Add the rule and update server6-ss-child.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	4d69b29076	Update server5-selfsigned.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Yanray Wang	699a6c8a6d	code_size_compare.py: add comment for sys_arch Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-07-04 17:27:45 +08:00
Yanray Wang	4c26db0845	code_size_compare.py: run make clean before build libraries If we don't remove all executable files in current working directory, we might measure code size between different architecture and configuration. This generates a wrong code size comparison report. This commit guarantees it runs `make clean` before build libraries for code size comparison. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-07-04 17:27:45 +08:00
Manuel Pégourié-Gonnard	443589ac53	Merge pull request #7870 from valeriosetti/fix-tls13-guards tls13: fix guards for PSA error translating function	2023-07-04 11:21:14 +02:00

... 61 62 63 64 65 ...

29227 Commits