cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-28 07:51:36 -04:00
Code Issues Packages Projects Releases Wiki Activity
26,792 Commits 7 Branches 115 Tags
Commit Graph

26792 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kusumit Ghoderao
5cad47df8a Modify test description 
The test data was generated using the python script.
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome

Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):

Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16

password         : 4a30314e4d45
salt             : 54687265616437333563383762344f70656e54687265616444656d6f
input cost       : 16384
derived key len  : 16
output           : 8b27beed7e7a4dd6c53138c879a8e33c

"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys

def main():
    #check args
    if len(sys.argv) != 5:
        print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
        return

    password    = bytes.fromhex(sys.argv[1])
    salt        = bytes.fromhex(sys.argv[2])
    iterations  = int(sys.argv[3])
    dklen       = int(sys.argv[4])

    # If password is not 16 bytes then we need to use CMAC to derive the password
    if len(password) != 16:
        zeros     = bytes.fromhex("00000000000000000000000000000000")
        cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
        passwd    = bytes.fromhex(cobj_pass.hexdigest())
    else:
        passwd = password

    cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()

    actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)

    print('password         : ' + password.hex())
    print('salt             : ' + salt.hex())
    print('input cost       : ' + str(iterations))
    print('derived key len  : ' + str(dklen))
    print('output           : ' + actual_output.hex())

if __name__ == "__main__":
    main()
"""

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-18 12:49:07 +05:30
Bence Szépkúti
505dffd5e3
Merge pull request #7937 from yanrayw/code_size_compare_improvement 
code_size_compare.py: preparation work to show code size changes in PR comment
 2023-08-17 20:59:11 +00:00
Gilles Peskine
eeaad50cd6
Merge pull request #8079 from adeaarm/port_IAR_build_fix 
Small fixes for IAR support
 2023-08-17 19:10:51 +00:00
Kusumit Ghoderao
e4d634cd87 Add tests with higher input costs for pbkdf2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-17 21:16:14 +05:30
Gilles Peskine
dbd13c3689
Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01 
Updating crt/crl files due to expiry before 2027-01-01
 2023-08-17 15:38:35 +00:00
Antonio de Angelis
8e9d6b927e Remove the workaround for psa_key_agreement_internal 
Remove the workaround for psa_key_agreement_internal to
have a shared_secret array always non-zero. The spec is
recently updated so that PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
is always non-zero

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
 2023-08-17 15:27:56 +01:00
Janos Follath
f2334b7b39 Remove new bignum when not needed 
New bignum modules are only needed when the new ecp_curves module is
present. Remove them when they are not needed to save code size.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-17 14:36:59 +01:00
Agathiyan Bragadeesh
48eae138a5 Fix formatting in changelog 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-17 14:08:47 +01:00
Agathiyan Bragadeesh
2c018744e5 Add newline at end of changelog 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-17 14:00:10 +01:00
Gilles Peskine
294be94922
Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation 
PBKDF2 CMAC implementation
 2023-08-17 11:15:16 +00:00
Jerry Yu
9608447545 replace padlock_c with padlock_have_code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 18:10:45 +08:00
Jerry Yu
3a0f044bde improve readability 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 17:06:21 +08:00
Agathiyan Bragadeesh
9ebfa7f64c Fix style 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-17 10:00:45 +01:00
Jerry Yu
6c6b9f602c Change document to match real status 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 16:53:01 +08:00
Agathiyan Bragadeesh
da8c587531 Add ChangeLog entry 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-17 09:37:46 +01:00
Jerry Yu
e9c6b53e74 remove return-type when runtime detection enabled without plain c 
This case does not exist

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 13:53:38 +08:00
Jerry Yu
f258d17acd remove aesni + padlock - plain c tests 
This test is not valid for padlock depends
on plain c

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 12:39:00 +08:00
Jerry Yu
1b4c7eda80 add hardware only check for padlock 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 11:25:17 +08:00
Jerry Yu
9e628621b4 Add via padlock detection macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 11:20:09 +08:00
Jerry Yu
2319af0d64 Change the order of runtime detection 
If aesni is available, we will use it.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 10:38:57 +08:00
Jerry Yu
35b59d7805 exclude arm64ec mode for aesni 
AESNI does not work correctly for msvc arm64ec

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 10:34:15 +08:00
Agathiyan Bragadeesh
285f85f962 Remove unnecessary const type qualifiers in casts 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-16 17:15:48 +01:00
Antonio de Angelis
f1adc2a7a1 Use asm instead of __asm in constant_time.c 
The original IAR fix submitted to TF-M directly changed asm to __asm.
But mbed TLS now has a workaround for such cases hence just remove the
original change modification.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
 2023-08-16 12:48:48 +01:00
Antonio de Angelis
1ee4d1228c Fix error strings without quotes 
Some of the error strings that should be printed with the
error preprocessor directive are missing quotes

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
 2023-08-16 12:48:33 +01:00
TTornblom
e4f6d79bbe BUILD: Update For IAR support 
Applied the same change as in mbed-crypto for using this as a sub
project with the IAR toolchain. Use __asm generic ,and avoid empty
enum. Avoid declaration of array with null size. This is a porting
of the original patch contributed to trusted-firmware-m.

Signed-off-by: TTornblom <thomas.tornblom@iar.com>
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
 2023-08-16 12:36:21 +01:00
Jerry Yu
bdd96b9adf disable aesni for componets without cpu modifiers 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 17:34:27 +08:00
Jerry Yu
516cf27d45 fix msvc build fail on i386 target 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 17:33:32 +08:00
Gilles Peskine
a4c01dd6e9
Merge pull request #7991 from sarveshb14/fix/psa_rsa_signature_using_large_stack 
rsa_signature: Use heap memory to allocate DER encoded RSA private key
 2023-08-16 09:23:29 +00:00
Jerry Yu
3ce0398d1d Add compiler cflags error message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 17:22:18 +08:00
Gilles Peskine
d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn 
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
 2023-08-16 09:19:46 +00:00
Jerry Yu
506759f5ce fix build fail for via padlock test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 17:11:22 +08:00
Jerry Yu
b6d39c2f8c Add aesni test for i386 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 16:14:02 +08:00
Jerry Yu
c628486cd9 enable runtime detection when padlock enabled and plain c disabled 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 16:14:02 +08:00
Jerry Yu
cc068ae631 fix -Werror=return-type when runtime detection enabled and plain c disabled 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 16:14:01 +08:00
Yanray Wang
bc775c48c9 code_size_compare: handle deleted files and new files properly 
'Removed' and 'NotCreated' should be displayed in new and old column
respectively. The value of delta is reflected on change column. This
commit handles the corner cases properly.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-08-16 16:08:22 +08:00
Jerry Yu
e62ff09569 Restore aesni for i386 
intrinsic code can be work on i386 also

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 14:33:16 +08:00
Kusumit Ghoderao
9928ca1875 Code styling 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-16 11:48:27 +05:30
Kusumit Ghoderao
6c104b9b3b Modify derive output test cases and add actual output 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-16 11:47:24 +05:30
Dave Rodgman
5d396327a7
Merge pull request #8077 from davidhorstmann-arm/remove-unnecessary-ct-include 
Tidying: Remove unnecessary include from constant_time.c
 2023-08-15 17:32:11 +00:00
David Horstmann
ba44e918b8 Remove unnecessary include from constant_time.c 
This was added in order to use TEST_CF_XYZ macros which have since been
removed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-15 15:17:22 +01:00
Dave Rodgman
b476177849
Merge pull request #8073 from daverodgman/empty-enum-fix 
Fix compile fail for empty enum in cipher_wrap
 2023-08-14 18:43:09 +00:00
Tomás González
358c6c644a Add EdDSA and XTS to the allow list 
As specified in
https://github.com/Mbed-TLS/mbedtls/issues/5390#issuecomment-1669585707
EdDSA and XTS tests are legitimately never executed, so add them to
the allow list.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-14 15:46:25 +01:00
Tomás González
b401e113ff Add a flag for requiring full coverage in coverage tests 
Introduce the --require-full-coverage in analyze_outcomes.py so that
when analyze_outcomes.py --require-full-coverage is called, those
tests that are not executed and are not in the allowed list issue an
error instead of a warning.

Note that it is useful to run analyze_outcomes.py on incomplete test
results, so this error mode needs to remain optional in the long
term.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-14 15:46:12 +01:00
Tomás González
07bdcc2b0d Add allow list for non-executed test cases 
The allow list explicits which test cases are allowed to not be
executed when testing. This may be, for example, because a feature
is yet to be developed but the test for that feature is already in
our code base.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-14 15:46:12 +01:00
Dave Rodgman
e3330f86d2 Make naming more consistent 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-14 15:26:28 +01:00
Dave Rodgman
f97eb58e51 Fix Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-14 15:19:23 +01:00
Dave Rodgman
b8f23b9cfb Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-14 14:28:23 +01:00
Dave Rodgman
0b7bf876e4 Fix compile fail for empty enum in cipher_wrap 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-14 14:25:29 +01:00
Dave Rodgman
a797f152ee
Merge pull request #8067 from paul-elliott-arm/fix_bignum_test_leak 
Fix resource leak in bignum test failure case
 2023-08-14 09:33:13 +01:00
Dave Rodgman
2f4e6e748c
Merge pull request #8066 from paul-elliott-arm/aes_memcpy_iv_fix 
Fix potential corruption of IV for AES CBC with zero length
 2023-08-14 09:32:45 +01:00