yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
27722 commits 1 branch 0 tags 94 MiB
Commit graph

678 commits

Author SHA1 Message Date
Valerio Setti
bbf86afdeb test_suite_psa_crypto: fix curve dependency in test 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Gilles Peskine
ae3cda9541
Merge pull request #8092 from silabs-Kusumit/PBKDF2_output_key 
PBKDF2: test output_key
 2023-09-22 18:01:06 +00:00
Kusumit Ghoderao
94d319065a Set input cost as 1 for psa_key_exercise test 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-09-05 19:30:22 +05:30
Gilles Peskine
ead1766b5f Fix PBKDF2 with empty salt segment on platforms where malloc(0)=NULL 
"Fix PBKDF2 with empty salt on platforms where malloc(0)=NULL" took care of
making an empty salt work. But it didn't fix the case of an empty salt
segment followed by a non-empty salt segment, which still invoked memcpy
with a potentially null pointer as the source. This commit fixes that case,
and also simplifies the logic in the function a little.

Test data obtained with:
```
pip3 install cryptodome
python3 -c 'import sys; from Crypto.Hash import SHA256; from Crypto.Protocol.KDF import PBKDF2; cost = int(sys.argv[1], 0); salt = bytes.fromhex(sys.argv[2]); password = bytes.fromhex(sys.argv[3]); n = int(sys.argv[4], 0); print(PBKDF2(password=password, salt=salt, dkLen=n, count=cost, hmac_hash_module=SHA256).hex())' 1 "" "706173737764" 64
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-20 22:05:16 +02:00
Kusumit Ghoderao
8eb55891ad Add tests in derive_key for pbkdf2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
1dd596541b Add tests in derive_key_type for pbkdf2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
1fe806a1a0 Add tests in derive_key_export for pbkdf2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
e8f6a0d791 Add tests for derive_key_exercise for pbkdf2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-18 22:04:31 +05:30
Gilles Peskine
294be94922
Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation 
PBKDF2 CMAC implementation
 2023-08-17 11:15:16 +00:00
Kusumit Ghoderao
6c104b9b3b Modify derive output test cases and add actual output 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-16 11:47:24 +05:30
Dave Rodgman
6f80ac4979
Merge pull request #7864 from waleed-elmelegy-arm/enforce-min-RSA-key-size 
Enforce minimum key size when generating RSA key size
 2023-08-03 12:57:52 +00:00
Waleed Elmelegy
d4e7fe09b3 Change tests to work on different MBEDTLS_RSA_GEN_KEY_MIN_BITS configs 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-02 16:59:59 +00:00
Kusumit Ghoderao
6eff0b2258 Remove test vector 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-02 17:22:49 +05:30
Kusumit Ghoderao
be55b7e45a Add test cases for 16 byte and empty password 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-27 21:22:26 +05:30
Waleed Elmelegy
d7bdbbeb0a Improve naming of mimimum RSA key size generation configurations 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 14:50:09 +00:00
Waleed Elmelegy
3d158f0c28 Adapt tests to work on all possible minimum RSA key sizes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 11:03:35 +00:00
Waleed Elmelegy
76336c3e4d Enforce minimum key size when generating RSA key size 
Add configuration to enforce minimum size when
generating a RSA key, it's default value is 1024
bits since this the minimum secure value currently
but it can be any value greater than or equal 128
bits. Tests were modifed to accommodate for this
change.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 10:58:25 +00:00
Valerio Setti
a55f042636 psa: replace DH_KEY_PAIR_LEGACY with new symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 09:15:34 +02:00
Valerio Setti
19fec5487d test: remove GENPRIME dependency when RSA_KEY_PAIR_GENERATE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-25 12:31:50 +02:00
Valerio Setti
acab57b6b4 test: replace RSA_KEY_PAIR_LEGACY with proper symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Manuel Pégourié-Gonnard
9967f11066
Merge pull request #7810 from valeriosetti/issue7771 
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/ECC
 2023-07-07 10:22:47 +02:00
Kusumit Ghoderao
7333ed3efa Add max iterations test case for cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:03 +05:30
Kusumit Ghoderao
d80183864a Add test case for zero input cost 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
671320633c Add test cases for key and plain inputs 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
9d4c74f25c Add test cases for output validation of pbkdf2 cmac 
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome

Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):

Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16

password         : 4a30314e4d45
salt             : 54687265616437333563383762344f70656e54687265616444656d6f
input cost       : 16384
derived key len  : 16
output           : 8b27beed7e7a4dd6c53138c879a8e33c

"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys

def main():
    #check args
    if len(sys.argv) != 5:
        print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
        return

    password    = bytes.fromhex(sys.argv[1])
    salt        = bytes.fromhex(sys.argv[2])
    iterations  = int(sys.argv[3])
    dklen       = int(sys.argv[4])

    # If password is not 16 bytes then we need to use CMAC to derive the password
    if len(password) != 16:
        zeros     = bytes.fromhex("00000000000000000000000000000000")
        cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
        passwd    = bytes.fromhex(cobj_pass.hexdigest())
    else:
        passwd = password

    cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()

    actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)

    print('password         : ' + password.hex())
    print('salt             : ' + salt.hex())
    print('input cost       : ' + str(iterations))
    print('derived key len  : ' + str(dklen))
    print('output           : ' + actual_output.hex())

if __name__ == "__main__":
    main()
"""

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Kusumit Ghoderao
1d3fca21b1 Add test cases for input validation of pbkdf2 cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Valerio Setti
27c501a10c lib/test: replace BASIC_IMPORT_EXPORT internal symbol with BASIC,IMPORT,EXPORT 
Also the python script for automatic test generation is fixed accordingly

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti
2a63460248 psa: fix guards for EC key derivation 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:21 +02:00
Valerio Setti
6a9d0ee373 library/test: replace LEGACY symbol with BASIC_IMPORT_EXPORT 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:21 +02:00
Valerio Setti
f09977023b test: replace ECC_KEY_PAIR_LEGACY with GENERATE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:21 +02:00
Valerio Setti
c2a4fb7754 test: replace ECC_KEY_PAIR_LEGACY with DERIVE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:21 +02:00
Kusumit Ghoderao
cbfe333c2b add test case for zero input cost 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-27 11:19:12 +05:30
Kusumit Ghoderao
42b02b9fe9 Add test and test case for input cost greater than vendor maximum 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-27 11:12:27 +05:30
Valerio Setti
ff7f861761 tests: replace deprecated symbols with temporary _LEGACY ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Gilles Peskine
f45a5a0ddd
Merge pull request #7700 from silabs-Kusumit/PBKDF2_output_bytes 
PBKDF2: Output bytes
 2023-06-16 10:08:02 +02:00
Tom Cosgrove
6edf8b8c7b
Merge pull request #7451 from yanrayw/7376_aes_128bit_only 
Introduce config option of 128-bit key only in AES calculation
 2023-06-15 10:35:32 +01:00
Kusumit Ghoderao
b31059f072 Remove negative tests for input validation 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-08 16:42:37 +05:30
Kusumit Ghoderao
c63d140436 Add negative cases for pbkdf2 output 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-06 15:05:45 +05:30
Kusumit Ghoderao
2b5c91b757 Add RFC tests for pbkdf2 output 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-06 15:05:44 +05:30
Kusumit Ghoderao
e70a8bbb08 Change derive_input test cases for implemented output_bytes 
The tests earlier reported PSA_ERROR_NOT_SUPPORTED as final output as
the output_bytes function was not implemented for pbkdf2. The test
cases have now been modified to the correct error codes.

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-06 15:05:43 +05:30
Gilles Peskine
a1b416670e
Merge pull request #7547 from silabs-Kusumit/PBKDF2_input_validation 
PBKDF2: Input Validation
 2023-06-01 10:05:34 +02:00
Kusumit Ghoderao
b20f13a41b Change input cost type to uint64_t and fix max iteration test case 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-31 12:51:02 +05:30
Kusumit Ghoderao
5e7ef203e3 Add test case for PSA_VENDOR_PBKDF2_MAX_ITERATIONS 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-24 22:59:42 +05:30
Kusumit Ghoderao
0202ccc9cc Add tests with direct and key output 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-24 12:38:40 +05:30
Manuel Pégourié-Gonnard
1d046fa0dd
Merge pull request #6010 from mprse/ffdh_import_export 
FFDH 1, 2A, 2B: FFDH add support for import/export key, key agreement, key generation + tests
 2023-05-10 11:40:54 +02:00
Yanray Wang
d98ae2f075 Add AES 128-bit key dependency in test_suite_psa_crypto.data 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-05 11:21:31 +08:00
Yanray Wang
ecb6a02fa9 Add AES 128-bit key dependency for tests data 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-05 11:21:30 +08:00
Kusumit Ghoderao
056f0c5047 Make output_byte return not_supported for pbkdf2 
As output functionality is not added yet return PSA_SUCCESS for
now if inputs are passed correctly. If input validation fails
operation is aborted and output_bytes will return PSA_ERROR_BAD_STATE

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-03 17:33:27 +05:30
Kusumit Ghoderao
7c05c00988 Add test cases for pbkdf2 input functions 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-03 14:20:37 +05:30
Gilles Peskine
c70d9eab8a
Merge pull request #7412 from silabs-Kusumit/PBKDF2_implementation 
PBKDF2: Implement input_integer
 2023-05-02 20:41:23 +02:00