mbedtls

Author	SHA1	Message	Date
Waleed Elmelegy	38202a2b18	Improve pkparse test dependencies and changelog Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-21 15:21:10 +01:00
Waleed Elmelegy	556a0790f6	Fix code style in pkparse tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-21 09:19:56 +01:00
Waleed Elmelegy	9d4d8ebaf2	Add PKCS5/12 dependecies to pkparse tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-21 08:45:56 +01:00
Waleed Elmelegy	15bcf38e88	Add test pkparse test dependencies Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-20 20:02:16 +01:00
Waleed Elmelegy	1db5cdaf57	Add tests to test pkcs8 parsing of encrypted keys Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-20 19:29:02 +01:00
Waleed Elmelegy	d527896b7e	Switch pkparse to use new mbedtls_pkcs12_pbe_ext function Switch pkparse to use new mbedtls_pkcs12_pbe_ext function and deprecate mbedtls_pkcs12_pbe function. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-20 19:29:02 +01:00
Waleed Elmelegy	c9f4040f7f	Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function and deprecate mbedtls_pkcs5_pbes2 function. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-20 19:28:28 +01:00
Gilles Peskine	8a7fb2d799	Merge pull request #1055 from waleed-elmelegy-arm/add-new-pkcs12-pbe2-ext-fun Add new pkcs12 pbe2 ext fun	2023-09-15 18:43:03 +02:00
Waleed Elmelegy	57d09b72ef	Return back to modifying input parameters in pkcs12_parse_pbe_params Return back to modifying input parameters in pkcs12_parse_pbe_params to avoid change in behaviour. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-12 14:05:10 +01:00
Dave Rodgman	49d7223036	Fix test under memsan Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-12 11:03:23 +01:00
Dave Rodgman	70e022b024	code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-12 09:29:13 +01:00
Dave Rodgman	140d5c77d0	Add single-bit difference tests Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-11 19:10:05 +01:00
Waleed Elmelegy	e1cb35b719	Add new mbedtls_pkcs12_pbe_ext function to replace old function Add new mbedtls_pkcs12_pbe_ext function to replace old mbedtls_pkcs12_pbe function that have security issues. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-08 16:51:26 +01:00
Gilles Peskine	31d49cd57f	Merge pull request #1053 from waleed-elmelegy-arm/Improve-and-test-mbedtls_pkcs12_pbe Improve & test legacy mbedtls_pkcs12_pbe	2023-09-08 13:08:05 +02:00
Waleed Elmelegy	1f59ee078f	Add correct dependencies to pkcs12 tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-07 17:59:35 +01:00
Waleed Elmelegy	096017023d	Fix identation error in pkcs12 tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-07 17:48:40 +01:00
Waleed Elmelegy	75b9eb36b4	Change pkcs12 test comparison macro to the new macro Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-07 17:02:37 +01:00
Waleed Elmelegy	8317e91b1e	Change pkcs12 test allocation macros to the new macros Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-07 15:46:58 +01:00
Waleed Elmelegy	15de809e1a	Improve pkcs12 pbe tests * Simplify pkcs12 tests to use algo parameters instead of asn1 buffers. * Fix output buffers allocation size. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-05 16:34:55 +01:00
Waleed Elmelegy	255db80910	Improve & test legacy mbedtls_pkcs12_pbe * Prevent pkcs12_pbe encryption when PKCS7 padding has been disabled since this not part of the specs. * Allow decryption when PKCS7 padding is disabled for legacy reasons, However, invalid padding is not checked. * Document new behaviour, known limitations and possible security concerns. * Add tests to check these scenarios. Test data has been generated by the below code using OpenSSL as a reference: #include <openssl/pkcs12.h> #include <openssl/evp.h> #include <openssl/des.h> #include <openssl/asn1.h> #include "crypto/asn1.h" #include <string.h> int main() { char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB"; unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC"; unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"; unsigned char ciphertext = NULL; int iter = 10; X509_ALGOR alg = X509_ALGOR_new(); int ciphertext_len = 0; int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; alg->parameter = ASN1_TYPE_new(); struct asn1_object_st * aobj; PKCS5_pbe_set0_algor(alg, alg_nid, iter, salt, sizeof(salt)-1); aobj = alg->algorithm; printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length); printf("06%.2X", aobj->length); for (int i = 0; i < aobj->length; i++) { printf("%.2X", aobj->data[i]); } for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) { printf("%.2X", alg->parameter->value.asn1_string->data[i]); } printf("\":\""); for (int i = 0; i < sizeof(pass)-1; i++) { printf("%.2X", pass[i] & 0xFF); } printf("\":\""); for (int i = 0; i < sizeof(plaintext)-1; i++) { printf("%.2X", plaintext[i]); } printf("\":"); printf("0"); printf(":\""); unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1); if (res == NULL) printf("Encryption failed!\n"); for (int i = 0; i < ciphertext_len; i++) { printf("%.2X", res[i]); } printf("\"\n"); return 0; } Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com> #	2023-09-05 15:45:55 +01:00
Gilles Peskine	1a7d387072	Merge pull request #1041 from waleed-elmelegy-arm/add-new-pkcs5-pbe2-ext-fun Add new pkcs5 pbe2 ext fun	2023-09-04 15:33:42 +02:00
Waleed Elmelegy	21d7d85af7	Fix mbedtls_pkcs5_pbes test function failure Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-08-30 13:12:09 +01:00
Dave Rodgman	730bbee226	Merge remote-tracking branch 'origin/development' into update-restricted-2023-08-30	2023-08-30 11:22:00 +01:00
Gilles Peskine	a878b663cf	Merge pull request #8090 from silabs-Kusumit/PBKDF2_higher_cost_tests PBKDF2: tests with higher input costs	2023-08-29 14:00:17 +00:00
Waleed Elmelegy	79b6e26b1b	Improve mbedtls_pkcs5_pbes2_ext function test data Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-08-29 14:55:03 +01:00
Gilles Peskine	e65bba4dd2	Merge pull request #7803 from gilles-peskine-arm/psa-low-hash-mac-size Start testing the PSA built-in drivers: hashes	2023-08-22 11:19:41 +00:00
Gilles Peskine	6d14c2b858	Remove dead code Do explain why we don't test a smaller buffer in addition to testing the nominal size and a larger buffer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-22 09:59:50 +02:00
Gilles Peskine	c9187c5866	New test suite for the low-level hash interface Some basic test coverage for now: * Nominal operation. * Larger output buffer. * Clone an operation and use it after the original operation stops. Generate test data automatically. For the time being, only do that for hashes that Python supports natively. Supporting all algorithms is future work. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-22 09:59:42 +02:00
Gilles Peskine	796bc2b8f9	Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes Document mbedtls_calloc zeroization	2023-08-21 15:47:21 +00:00
Janos Follath	e220d258fd	Merge pull request #8086 from yanesca/remove-new-bignum Remove new bignum when not needed	2023-08-21 10:59:41 +00:00
Kusumit Ghoderao	5cad47df8a	Modify test description The test data was generated using the python script. PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library: https://github.com/Legrandin/pycryptodome Steps to generate test vectors: 1. pip install pycryptodome 2. Use the python script below to generate Derived key (see description for details): Example usage: pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len> derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16 password : 4a30314e4d45 salt : 54687265616437333563383762344f70656e54687265616444656d6f input cost : 16384 derived key len : 16 output : 8b27beed7e7a4dd6c53138c879a8e33c """ from Crypto.Protocol.KDF import PBKDF2 from Crypto.Hash import CMAC from Crypto.Cipher import AES import sys def main(): #check args if len(sys.argv) != 5: print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>") return password = bytes.fromhex(sys.argv[1]) salt = bytes.fromhex(sys.argv[2]) iterations = int(sys.argv[3]) dklen = int(sys.argv[4]) # If password is not 16 bytes then we need to use CMAC to derive the password if len(password) != 16: zeros = bytes.fromhex("00000000000000000000000000000000") cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16) passwd = bytes.fromhex(cobj_pass.hexdigest()) else: passwd = password cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest() actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf) print('password : ' + password.hex()) print('salt : ' + salt.hex()) print('input cost : ' + str(iterations)) print('derived key len : ' + str(dklen)) print('output : ' + actual_output.hex()) if __name__ == "__main__": main() """ Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-18 12:49:07 +05:30
Kusumit Ghoderao	e4d634cd87	Add tests with higher input costs for pbkdf2 Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-17 21:16:14 +05:30
Janos Follath	f2334b7b39	Remove new bignum when not needed New bignum modules are only needed when the new ecp_curves module is present. Remove them when they are not needed to save code size. Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-08-17 14:36:59 +01:00
Waleed Elmelegy	4a0a989913	Fix unused parameters warnings when MBEDTLS_CIPHER_PADDING_PKCS7 is disabled Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-08-17 14:20:58 +01:00
Waleed Elmelegy	87bc1e1cda	Fix heap overflow issue in pkcs5_pbes2 testing functions Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-08-17 14:20:58 +01:00
Waleed Elmelegy	5d3f315478	Add new mbedtls_pkcs5_pbe2_ext function Add new mbedtls_pkcs5_pbe2_ext function to replace old function with possible security issues. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-08-17 14:20:58 +01:00
Gilles Peskine	294be94922	Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation PBKDF2 CMAC implementation	2023-08-17 11:15:16 +00:00
Gilles Peskine	d370f93898	Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's	2023-08-16 09:19:46 +00:00
Kusumit Ghoderao	6c104b9b3b	Modify derive output test cases and add actual output Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-16 11:47:24 +05:30
Paul Elliott	6da3d83f33	Fix resource leak in test failure case Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-08-11 16:28:06 +01:00
Manuel Pégourié-Gonnard	26b7c93d9d	Merge pull request #7992 from valeriosetti/issue7755 driver-only ECC: BN.x509 testing	2023-08-10 19:41:09 +00:00
Manuel Pégourié-Gonnard	54da1a69a2	Merge pull request #7578 from daverodgman/safer-ct5 Improve constant-time interface	2023-08-10 16:57:39 +00:00
Tom Cosgrove	e7700a7d0a	Merge pull request #7936 from AgathiyanB/assert-false-macro Add TEST_FAIL macro for tests	2023-08-10 15:01:34 +00:00
Valerio Setti	3580f448eb	test: solve test disparities for x509[parse/write] suites Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 14:50:43 +02:00
Dave Rodgman	ac69b45486	Document and test mbedtls_ct_size_if_else_0 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-10 12:18:13 +01:00
Dave Rodgman	98ddc01a7c	Rename ...if0 to ...else_0 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-10 12:11:31 +01:00
Dave Rodgman	b7825ceb3e	Rename uint->bool operators to reflect input types Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-10 11:58:18 +01:00
Valerio Setti	c5d85e5ead	test: remove BIGNUM dependencies from pk[parse/write] suites Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 06:43:23 +02:00
Janos Follath	115784bd3f	Merge pull request #1040 from waleed-elmelegy-arm/development-restricted Improve & test legacy mbedtls_pkcs5_pbe2	2023-08-09 09:43:23 +01:00
Gilles Peskine	a79256472c	Merge pull request #7788 from marekjansta/fix-x509-ec-algorithm-identifier Fixed x509 certificate generation to conform to RFCs when using ECC key	2023-08-07 19:14:54 +00:00

1 2 3 4 5 ...

5634 commits