yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
26773 commits 1 branch 0 tags 94 MiB
Commit graph

26773 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dave Rodgman
730bbee226 Merge remote-tracking branch 'origin/development' into update-restricted-2023-08-30 2023-08-30 11:22:00 +01:00
Gilles Peskine
f3a41685e7
Merge pull request #8126 from daverodgman/p256-m-aarch64 
Disable p256-m asm on aarch64
 2023-08-29 14:15:08 +00:00
Gilles Peskine
a878b663cf
Merge pull request #8090 from silabs-Kusumit/PBKDF2_higher_cost_tests 
PBKDF2: tests with higher input costs
 2023-08-29 14:00:17 +00:00
Dave Rodgman
024a3b3f04 Disable p256-m asm on aarch64 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-29 13:21:43 +01:00
Dave Rodgman
d395590597
Merge pull request #7579 from daverodgman/safer-ct-asm 
Arm assembly implementation of constant time primitives
 2023-08-28 08:26:29 +00:00
Gilles Peskine
8ca2041145
Merge pull request #8074 from tgonzalezorlandoarm/tg/allowlist 
Implement allowlist of test cases that are legitimately not executed
 2023-08-24 18:03:20 +00:00
Gilles Peskine
2a296729d0
Merge pull request #8084 from AgathiyanB/remove-type-qualifier-in-assignment-casts 
Remove type qualifier in assignment casts
 2023-08-24 18:02:11 +00:00
Tomás González
d43cab3f5c Correct analyze_outcomes identation 
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-24 09:12:40 +01:00
Tom Cosgrove
41d689f389
Merge pull request #7985 from tom-cosgrove-arm/single-source-of-truth-for-licensing 
Single source of truth for licensing
 2023-08-22 16:27:21 +00:00
Agathiyan Bragadeesh
1515f351a1 Remove IAR warning fixes to 2.28 from changelog 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 15:24:38 +01:00
Agathiyan Bragadeesh
c5eb13d2a9 Reword IAR changelog for fixing compiler warnings 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 15:13:04 +01:00
Tom Cosgrove
3d2d599d3e
Merge pull request #7996 from gilles-peskine-arm/small_primes-gaps 
Reduce the size of the small primes table used by primality testing
 2023-08-22 12:48:56 +00:00
Gilles Peskine
e65bba4dd2
Merge pull request #7803 from gilles-peskine-arm/psa-low-hash-mac-size 
Start testing the PSA built-in drivers: hashes
 2023-08-22 11:19:41 +00:00
Tomás González
a0631446b5 Correct analyze_outcomes.py identation 
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-22 12:18:04 +01:00
Gilles Peskine
30b0378008 Fix off-by-one error 
The value of p after adding the last entry in the gap table is not used.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-22 11:06:47 +02:00
Tomás González
5022311c9d Tidy up allow list definition 
* Don't break string literals in the allow list definition
 * Comment each test that belongs to the allow list is there.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-22 09:54:28 +01:00
Tomás González
7ebb18fbd6 Make non-executed tests that are not in the allow list an error 
* Turn the warnings produced when finding non-executed tests that
   are not in the allow list into errors.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-22 09:47:49 +01:00
Gilles Peskine
ad7725d95d Fix type annotation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-22 09:59:50 +02:00
Gilles Peskine
6d14c2b858 Remove dead code 
Do explain why we don't test a smaller buffer in addition to testing the
nominal size and a larger buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-22 09:59:50 +02:00
Gilles Peskine
c9187c5866 New test suite for the low-level hash interface 
Some basic test coverage for now:

* Nominal operation.
* Larger output buffer.
* Clone an operation and use it after the original operation stops.

Generate test data automatically. For the time being, only do that for
hashes that Python supports natively. Supporting all algorithms is future
work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-22 09:59:42 +02:00
Dave Rodgman
e20d688463
Fix missing operand modifier 
Co-authored-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-22 08:46:18 +01:00
Tom Cosgrove
17d5081ffb
Merge pull request #8099 from gilles-peskine-arm/split-config_psa-prepare 
Prepare to split config_psa.h
 2023-08-22 07:30:46 +00:00
Gilles Peskine
d50562c33c
Merge pull request #7827 from davidhorstmann-arm/reword-net-free-description-2544 
Reword the description of `mbedtls_net_free()`
 2023-08-21 22:23:08 +00:00
Gilles Peskine
fdb722384b Move PSA information and dependency automation into their own module 
This will let us use these features from other modules (yet to be created).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 18:32:11 +02:00
Dave Rodgman
0c99a9083e Avoid signed right shift UB 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-21 17:06:24 +01:00
Tom Cosgrove
31b2d7414d
Merge pull request #8053 from gilles-peskine-arm/mpi_exp_mod-remove_initial_copy 
mbedtls_mpi_exp_mod: remove spurious copy of the output variable
 2023-08-21 15:50:28 +00:00
Gilles Peskine
796bc2b8f9
Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes 
Document mbedtls_calloc zeroization
 2023-08-21 15:47:21 +00:00
Gilles Peskine
0addbe6dc7
Merge pull request #8069 from paul-elliott-arm/fix_ecjpake_deadcode 
Fix logical dead code found by Coverity
 2023-08-21 14:44:36 +00:00
Gilles Peskine
d686c2a822
Merge pull request #7971 from AgathiyanB/fix-data-files-makefile 
Fix server1.crt.der in tests/data_files/Makefile
 2023-08-21 14:43:07 +00:00
Dave Rodgman
65204f8fc8
Merge pull request #8035 from daverodgman/aesce-support-perf 
Make mbedtls_aesce_has_support more efficient
 2023-08-21 14:39:08 +00:00
Gilles Peskine
ea4fc97cd0 Restore a comment and fix it 
aca31654e6 removed a sentence with copypasta
refering to PBKDF2 instead of XTS. Restore that comment but fix the
copypasta.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 16:16:24 +02:00
Gilles Peskine
9af413bcc5 Don't try to include mbedtls/config_*.h 
They're included by build_info.h and must not be included directly.

Currently, this only concerns one file: config_psa.h. It's technically a bug
to include it, but a harmless one because that header has already been
included by build_info.h except in configurations where it
effectively had no effect (enabling PSA options with PSA turned off).

We plan to split config_psa.h into multiple headers that are less
independent, which could make the inclusion more problematic.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 16:12:36 +02:00
Gilles Peskine
44243e11ff Remove obsolete header inclusions 
Since 3.0.0, mbedtls_config.h (formerly config.h) no longer needs to include
config_psa.h or check_config.h: build_info.h takes care of that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 16:10:06 +02:00
Gilles Peskine
7b7ecf5e0d Fix condition to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE 
Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when
MBEDTLS_PSA_CRYPTO_CONFIG is disabled. This didn't make sense and was an
editorial mistake when adding it: it's meant as an addition to
MBEDTLS_PSA_CRYPTO_CONFIG_FILE, so it should be included under the same
conditions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 16:09:14 +02:00
Gilles Peskine
a458d48e7f Move the inclusion of the PSA config file(s) into build_info.h 
They belong here, next to the inclusion of the mbedtls config file. We only
put them in config_psa.h in Mbed TLS 2.x because there was no build_info.h
we could use.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 16:06:12 +02:00
Gilles Peskine
8cd1da4b73 Remove spurious extern "C" 
This header only contains preprocessor definitions. They are not affected by
extern "C".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 16:03:41 +02:00
Tom Cosgrove
d29648026b
Merge pull request #8017 from ivq/unchecked_return 
Fix a few unchecked return values
 2023-08-21 13:02:53 +00:00
Janos Follath
e220d258fd
Merge pull request #8086 from yanesca/remove-new-bignum 
Remove new bignum when not needed
 2023-08-21 10:59:41 +00:00
Dave Rodgman
0ce0fbc32a Simplify aarch64 asm for mbedtls_ct_uint_lt 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-21 07:58:50 +01:00
Dave Rodgman
3ab114e3da Move non-function-specific macro outside of function definition 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-21 07:54:11 +01:00
Dave Rodgman
f2249ec905 Rename mbedtls_aesce_has_support macro to satisfy case rules 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-20 20:20:12 +01:00
Dave Rodgman
b30adce7fd Use -1 as uninitialised marker 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-20 20:20:12 +01:00
Dave Rodgman
4566132163 Make mbedtls_aesce_has_support more efficient 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-20 20:20:12 +01:00
Dave Rodgman
1fdc884ed8
Merge pull request #7384 from yuhaoth/pr/add-aes-accelerator-only-mode 
AES: Add accelerator only mode
 2023-08-18 20:55:44 +00:00
Jerry Yu
0a6272d6c9 revert padlock from aesni module 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-18 17:35:59 +08:00
Jerry Yu
61fc5ed5f3 improve readability of error message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-18 17:28:48 +08:00
Jerry Yu
372f7a04d0 Add missing check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-18 17:26:25 +08:00
Kusumit Ghoderao
5cad47df8a Modify test description 
The test data was generated using the python script.
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome

Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):

Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16

password         : 4a30314e4d45
salt             : 54687265616437333563383762344f70656e54687265616444656d6f
input cost       : 16384
derived key len  : 16
output           : 8b27beed7e7a4dd6c53138c879a8e33c

"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys

def main():
    #check args
    if len(sys.argv) != 5:
        print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
        return

    password    = bytes.fromhex(sys.argv[1])
    salt        = bytes.fromhex(sys.argv[2])
    iterations  = int(sys.argv[3])
    dklen       = int(sys.argv[4])

    # If password is not 16 bytes then we need to use CMAC to derive the password
    if len(password) != 16:
        zeros     = bytes.fromhex("00000000000000000000000000000000")
        cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
        passwd    = bytes.fromhex(cobj_pass.hexdigest())
    else:
        passwd = password

    cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()

    actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)

    print('password         : ' + password.hex())
    print('salt             : ' + salt.hex())
    print('input cost       : ' + str(iterations))
    print('derived key len  : ' + str(dklen))
    print('output           : ' + actual_output.hex())

if __name__ == "__main__":
    main()
"""

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-18 12:49:07 +05:30
Bence Szépkúti
505dffd5e3
Merge pull request #7937 from yanrayw/code_size_compare_improvement 
code_size_compare.py: preparation work to show code size changes in PR comment
 2023-08-17 20:59:11 +00:00
Gilles Peskine
eeaad50cd6
Merge pull request #8079 from adeaarm/port_IAR_build_fix 
Small fixes for IAR support
 2023-08-17 19:10:51 +00:00