mbedtls

Author	SHA1	Message	Date
Gilles Peskine	e65bba4dd2	Merge pull request #7803 from gilles-peskine-arm/psa-low-hash-mac-size Start testing the PSA built-in drivers: hashes	2023-08-22 11:19:41 +00:00
Tomás González	a0631446b5	Correct analyze_outcomes.py identation Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>	2023-08-22 12:18:04 +01:00
Gilles Peskine	30b0378008	Fix off-by-one error The value of p after adding the last entry in the gap table is not used. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-22 11:06:47 +02:00
Tomás González	5022311c9d	Tidy up allow list definition * Don't break string literals in the allow list definition * Comment each test that belongs to the allow list is there. Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>	2023-08-22 09:54:28 +01:00
Tomás González	7ebb18fbd6	Make non-executed tests that are not in the allow list an error * Turn the warnings produced when finding non-executed tests that are not in the allow list into errors. Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>	2023-08-22 09:47:49 +01:00
Gilles Peskine	ad7725d95d	Fix type annotation Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-22 09:59:50 +02:00
Gilles Peskine	6d14c2b858	Remove dead code Do explain why we don't test a smaller buffer in addition to testing the nominal size and a larger buffer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-22 09:59:50 +02:00
Gilles Peskine	c9187c5866	New test suite for the low-level hash interface Some basic test coverage for now: * Nominal operation. * Larger output buffer. * Clone an operation and use it after the original operation stops. Generate test data automatically. For the time being, only do that for hashes that Python supports natively. Supporting all algorithms is future work. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-22 09:59:42 +02:00
Dave Rodgman	e20d688463	Fix missing operand modifier Co-authored-by: Yanray Wang <yanray.wang@arm.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-22 08:46:18 +01:00
Tom Cosgrove	17d5081ffb	Merge pull request #8099 from gilles-peskine-arm/split-config_psa-prepare Prepare to split config_psa.h	2023-08-22 07:30:46 +00:00
Gilles Peskine	d50562c33c	Merge pull request #7827 from davidhorstmann-arm/reword-net-free-description-2544 Reword the description of `mbedtls_net_free()`	2023-08-21 22:23:08 +00:00
Gilles Peskine	fdb722384b	Move PSA information and dependency automation into their own module This will let us use these features from other modules (yet to be created). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-21 18:32:11 +02:00
Dave Rodgman	0c99a9083e	Avoid signed right shift UB Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-21 17:06:24 +01:00
Tom Cosgrove	31b2d7414d	Merge pull request #8053 from gilles-peskine-arm/mpi_exp_mod-remove_initial_copy mbedtls_mpi_exp_mod: remove spurious copy of the output variable	2023-08-21 15:50:28 +00:00
Gilles Peskine	796bc2b8f9	Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes Document mbedtls_calloc zeroization	2023-08-21 15:47:21 +00:00
Gilles Peskine	0addbe6dc7	Merge pull request #8069 from paul-elliott-arm/fix_ecjpake_deadcode Fix logical dead code found by Coverity	2023-08-21 14:44:36 +00:00
Gilles Peskine	d686c2a822	Merge pull request #7971 from AgathiyanB/fix-data-files-makefile Fix server1.crt.der in tests/data_files/Makefile	2023-08-21 14:43:07 +00:00
Dave Rodgman	65204f8fc8	Merge pull request #8035 from daverodgman/aesce-support-perf Make mbedtls_aesce_has_support more efficient	2023-08-21 14:39:08 +00:00
Gilles Peskine	ea4fc97cd0	Restore a comment and fix it `aca31654e6` removed a sentence with copypasta refering to PBKDF2 instead of XTS. Restore that comment but fix the copypasta. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-21 16:16:24 +02:00
Gilles Peskine	9af413bcc5	Don't try to include mbedtls/config_*.h They're included by build_info.h and must not be included directly. Currently, this only concerns one file: config_psa.h. It's technically a bug to include it, but a harmless one because that header has already been included by build_info.h except in configurations where it effectively had no effect (enabling PSA options with PSA turned off). We plan to split config_psa.h into multiple headers that are less independent, which could make the inclusion more problematic. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-21 16:12:36 +02:00
Gilles Peskine	44243e11ff	Remove obsolete header inclusions Since 3.0.0, mbedtls_config.h (formerly config.h) no longer needs to include config_psa.h or check_config.h: build_info.h takes care of that. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-21 16:10:06 +02:00
Gilles Peskine	7b7ecf5e0d	Fix condition to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when MBEDTLS_PSA_CRYPTO_CONFIG is disabled. This didn't make sense and was an editorial mistake when adding it: it's meant as an addition to MBEDTLS_PSA_CRYPTO_CONFIG_FILE, so it should be included under the same conditions. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-21 16:09:14 +02:00
Gilles Peskine	a458d48e7f	Move the inclusion of the PSA config file(s) into build_info.h They belong here, next to the inclusion of the mbedtls config file. We only put them in config_psa.h in Mbed TLS 2.x because there was no build_info.h we could use. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-21 16:06:12 +02:00
Gilles Peskine	8cd1da4b73	Remove spurious extern "C" This header only contains preprocessor definitions. They are not affected by extern "C". Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-21 16:03:41 +02:00
Tom Cosgrove	d29648026b	Merge pull request #8017 from ivq/unchecked_return Fix a few unchecked return values	2023-08-21 13:02:53 +00:00
Janos Follath	e220d258fd	Merge pull request #8086 from yanesca/remove-new-bignum Remove new bignum when not needed	2023-08-21 10:59:41 +00:00
Dave Rodgman	0ce0fbc32a	Simplify aarch64 asm for mbedtls_ct_uint_lt Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-21 07:58:50 +01:00
Dave Rodgman	3ab114e3da	Move non-function-specific macro outside of function definition Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-21 07:54:11 +01:00
Dave Rodgman	f2249ec905	Rename mbedtls_aesce_has_support macro to satisfy case rules Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-20 20:20:12 +01:00
Dave Rodgman	b30adce7fd	Use -1 as uninitialised marker Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-20 20:20:12 +01:00
Dave Rodgman	4566132163	Make mbedtls_aesce_has_support more efficient Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-20 20:20:12 +01:00
Dave Rodgman	1fdc884ed8	Merge pull request #7384 from yuhaoth/pr/add-aes-accelerator-only-mode AES: Add accelerator only mode	2023-08-18 20:55:44 +00:00
Jerry Yu	0a6272d6c9	revert padlock from aesni module Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-18 17:35:59 +08:00
Jerry Yu	61fc5ed5f3	improve readability of error message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-18 17:28:48 +08:00
Jerry Yu	372f7a04d0	Add missing check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-18 17:26:25 +08:00
Kusumit Ghoderao	5cad47df8a	Modify test description The test data was generated using the python script. PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library: https://github.com/Legrandin/pycryptodome Steps to generate test vectors: 1. pip install pycryptodome 2. Use the python script below to generate Derived key (see description for details): Example usage: pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len> derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16 password : 4a30314e4d45 salt : 54687265616437333563383762344f70656e54687265616444656d6f input cost : 16384 derived key len : 16 output : 8b27beed7e7a4dd6c53138c879a8e33c """ from Crypto.Protocol.KDF import PBKDF2 from Crypto.Hash import CMAC from Crypto.Cipher import AES import sys def main(): #check args if len(sys.argv) != 5: print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>") return password = bytes.fromhex(sys.argv[1]) salt = bytes.fromhex(sys.argv[2]) iterations = int(sys.argv[3]) dklen = int(sys.argv[4]) # If password is not 16 bytes then we need to use CMAC to derive the password if len(password) != 16: zeros = bytes.fromhex("00000000000000000000000000000000") cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16) passwd = bytes.fromhex(cobj_pass.hexdigest()) else: passwd = password cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest() actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf) print('password : ' + password.hex()) print('salt : ' + salt.hex()) print('input cost : ' + str(iterations)) print('derived key len : ' + str(dklen)) print('output : ' + actual_output.hex()) if __name__ == "__main__": main() """ Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-18 12:49:07 +05:30
Bence Szépkúti	505dffd5e3	Merge pull request #7937 from yanrayw/code_size_compare_improvement code_size_compare.py: preparation work to show code size changes in PR comment	2023-08-17 20:59:11 +00:00
Gilles Peskine	eeaad50cd6	Merge pull request #8079 from adeaarm/port_IAR_build_fix Small fixes for IAR support	2023-08-17 19:10:51 +00:00
Kusumit Ghoderao	e4d634cd87	Add tests with higher input costs for pbkdf2 Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-17 21:16:14 +05:30
Gilles Peskine	dbd13c3689	Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01 Updating crt/crl files due to expiry before 2027-01-01	2023-08-17 15:38:35 +00:00
Waleed Elmelegy	1a89170f8d	Add changelog entry for new mbedtls_pkcs5_pbe2_ext function Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-08-17 16:00:58 +01:00
Antonio de Angelis	8e9d6b927e	Remove the workaround for psa_key_agreement_internal Remove the workaround for psa_key_agreement_internal to have a shared_secret array always non-zero. The spec is recently updated so that PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE is always non-zero Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>	2023-08-17 15:27:56 +01:00
Waleed Elmelegy	12dd040374	Improve mbedtls_pkcs5_pbes2_ext function signature comments Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-08-17 15:08:03 +01:00
Janos Follath	f2334b7b39	Remove new bignum when not needed New bignum modules are only needed when the new ecp_curves module is present. Remove them when they are not needed to save code size. Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-08-17 14:36:59 +01:00
Waleed Elmelegy	4a0a989913	Fix unused parameters warnings when MBEDTLS_CIPHER_PADDING_PKCS7 is disabled Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-08-17 14:20:58 +01:00
Waleed Elmelegy	87bc1e1cda	Fix heap overflow issue in pkcs5_pbes2 testing functions Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-08-17 14:20:58 +01:00
Waleed Elmelegy	5d3f315478	Add new mbedtls_pkcs5_pbe2_ext function Add new mbedtls_pkcs5_pbe2_ext function to replace old function with possible security issues. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-08-17 14:20:58 +01:00
Agathiyan Bragadeesh	48eae138a5	Fix formatting in changelog Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-17 14:08:47 +01:00
Agathiyan Bragadeesh	2c018744e5	Add newline at end of changelog Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-17 14:00:10 +01:00
Gilles Peskine	294be94922	Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation PBKDF2 CMAC implementation	2023-08-17 11:15:16 +00:00

1 2 3 4 5 ...

26816 commits