cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-03 02:23:32 -04:00
Code Issues Packages Projects Releases Wiki Activity
26,545 Commits 7 Branches 115 Tags
Commit Graph

26545 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Beniamin Sandu
aa4f621901 aesce: use correct target attribute when building with clang 
Seems clang has its own issues when it comes to crypto extensions,
and right now the best way to avoid them is to accurately enable
the needed instructions instead of the broad crypto feature.

E.g.: https://github.com/llvm/llvm-project/issues/61645

Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
 2023-07-04 21:15:52 +03:00
Dave Rodgman
c8d81ad54d
Merge pull request #7784 from daverodgman/aesce-unroll 2023-07-04 18:41:13 +01:00
Tom Cosgrove
a2eff629fc
Merge pull request #7874 from yanrayw/7360-code-size-improvement 
code_size_compare.py: run make clean before build libraries
 2023-07-04 17:14:35 +01:00
Tom Cosgrove
e939464eb7
Merge pull request #7829 from mpg/deduplicate-tls-hashing 
De-duplicate TLS hashing functions
 2023-07-04 16:06:00 +01:00
Tom Cosgrove
b7af7eac05
Merge pull request #7834 from beni-sandu/development 
aesce: do not specify an arch version when enabling crypto instructions
 2023-07-04 13:32:04 +01:00
Przemek Stekiel
85b644262d Add ffdh accel vs reference check to analyze_outcomes.py 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-04 12:35:54 +02:00
Przemek Stekiel
01c248c00b Enable TLS1.3 in FFDH alg build with drivers and add reference config(without drivers) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-04 12:35:54 +02:00
Ronald Cron
1ffa450882 tls: client: Improve writing of supported_groups ext 
Align the TLS 1.3 specific and TLS 1.2 specific
tests done before to call
ssl_write_supported_groups_ext() and inside
thsi function.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-04 12:16:25 +02:00
Kusumit Ghoderao
5168bd5f0f Add changelog entry 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:03 +05:30
Kusumit Ghoderao
7333ed3efa Add max iterations test case for cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:03 +05:30
Kusumit Ghoderao
d80183864a Add test case for zero input cost 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
671320633c Add test cases for key and plain inputs 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
3fde8feaa9 FIx name of macro 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
b3042c39fe Define PSA_ALG_WANT_PBKDF2_AES_CMAC_PRF_128 and fix config 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
9d4c74f25c Add test cases for output validation of pbkdf2 cmac 
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome

Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):

Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16

password         : 4a30314e4d45
salt             : 54687265616437333563383762344f70656e54687265616444656d6f
input cost       : 16384
derived key len  : 16
output           : 8b27beed7e7a4dd6c53138c879a8e33c

"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys

def main():
    #check args
    if len(sys.argv) != 5:
        print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
        return

    password    = bytes.fromhex(sys.argv[1])
    salt        = bytes.fromhex(sys.argv[2])
    iterations  = int(sys.argv[3])
    dklen       = int(sys.argv[4])

    # If password is not 16 bytes then we need to use CMAC to derive the password
    if len(password) != 16:
        zeros     = bytes.fromhex("00000000000000000000000000000000")
        cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
        passwd    = bytes.fromhex(cobj_pass.hexdigest())
    else:
        passwd = password

    cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()

    actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)

    print('password         : ' + password.hex())
    print('salt             : ' + salt.hex())
    print('input cost       : ' + str(iterations))
    print('derived key len  : ' + str(dklen))
    print('output           : ' + actual_output.hex())

if __name__ == "__main__":
    main()
"""

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Kusumit Ghoderao
1d3fca21b1 Add test cases for input validation of pbkdf2 cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Kusumit Ghoderao
4536bb6f2b Change mac_size parameter in driver_mac_compute to output length 
See #7801 for reference

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Kusumit Ghoderao
a2520a5b7e Add pbkdf2 cmac to key derivation output_bytes 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:00 +05:30
Kusumit Ghoderao
3d5edb8eef Add input password function for pbkdf2 cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:00 +05:30
Kusumit Ghoderao
2cd649684a Add pbkdf2_cmac to key derivation setup 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:00 +05:30
Kusumit Ghoderao
857cd4b3ee Add AES_CMAC_PRF_128 output size macro 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:16:59 +05:30
Kusumit Ghoderao
3ab146f99e Add builtin pbkdf2 cmac guard for all the pbkdf2 functions 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:16:59 +05:30
Kusumit Ghoderao
dd45667a18 Define struct for pbkdf2_cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:16:59 +05:30
Kusumit Ghoderao
3cb6e41dfa Add define for builtin pbkdf2_cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:16:59 +05:30
Manuel Pégourié-Gonnard
aaad2b6bfc Rename some local variables 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-04 11:35:16 +02:00
Yanray Wang
699a6c8a6d code_size_compare.py: add comment for sys_arch 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-07-04 17:27:45 +08:00
Yanray Wang
4c26db0845 code_size_compare.py: run make clean before build libraries 
If we don't remove all executable files in current working
directory, we might measure code size between different architecture
and configuration. This generates a wrong code size comparison
report. This commit guarantees it runs `make clean` before build
libraries for code size comparison.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-07-04 17:27:45 +08:00
Manuel Pégourié-Gonnard
443589ac53
Merge pull request #7870 from valeriosetti/fix-tls13-guards 
tls13: fix guards for PSA error translating function
 2023-07-04 11:21:14 +02:00
Tom Cosgrove
1940e7bae4
Merge pull request #7671 from yanrayw/7360-code-size-improve-format 
code size: improve format of csv file
 2023-07-04 09:15:48 +01:00
Tom Cosgrove
9b20c6fcc1
Merge pull request #7840 from yanrayw/7381_aes_gen_table 
AES: use uint8_t for array of pow and log to save RAM usage
 2023-07-04 08:34:12 +01:00
Valerio Setti
dbd01cb677 tls13: fix guards for PSA error translating function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-04 09:18:52 +02:00
Gilles Peskine
958346917c Officially require Python 3.8 
Our code is still compatible with Python 3.5 at the time of writing, but we
don't want to commit to that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-03 17:59:37 +02:00
Gilles Peskine
552c9ab8c4 Correct Python requirements in releases 
The wording wasn't quite right for 3.0.0 and up: there's nothing special
about Python and sample programs (that was true in the end times of 2.x, but
not since 3.0). Python is not needed in a release unless you want to build
the tests or you want to integrate PSA drivers without writing your own C
wrappers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-03 17:54:26 +02:00
Dave Rodgman
9cf17dad9d
Merge pull request #7851 from daverodgman/fix-unused-aes 
Fix AES dependencies - build TF-M config cleanly
 2023-07-03 16:49:00 +01:00
Gilles Peskine
e554f1b9c0
Merge pull request #7853 from lpy4105/issue/7816/add-commands-for-files-in-parse_input 
7831 follow-up: fix wrong dependency name and wrong commands
 2023-07-03 16:00:45 +02:00
Dave Rodgman
0d539c222c
Merge pull request #7702 from silabs-Kusumit/PBKDF2_out_of_range_input_cost 
PBKDF2: Out of range input cost
 2023-07-03 09:58:22 +01:00
Dave Rodgman
6f37495ea4
Merge pull request #7626 from SlugFiller/patch-1 
Support compilation using CLang on Windows
 2023-07-03 09:51:59 +01:00
Manuel Pégourié-Gonnard
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2 
Make use of FFDH keys in TLS 1.3 v.2
 2023-07-03 10:12:33 +02:00
Manuel Pégourié-Gonnard
45e009aa97
Merge pull request #7814 from valeriosetti/issue7746 
PK: refactor wrappers in the USE_PSA case
 2023-07-03 09:32:31 +02:00
Valerio Setti
f7cd419ade pk: ignore opaque EC keys in pk_setup when they are not supported 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 18:11:29 +02:00
Valerio Setti
35d1dacd82 pk_wrap: fix: always clear buffer holding private key in eckey_check_pair_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 18:04:16 +02:00
Gabor Mezei
f4aab6f666
Add comments and remove unneeded defines 
For `check_names.py` it is enough to appear a macro definition in
a comment to validate it.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-06-30 16:54:55 +02:00
Valerio Setti
38913c16b0 pk_wrap: do not support opaque EC keys when !PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 16:18:33 +02:00
Tom Cosgrove
c4a760c538
Merge pull request #7849 from davidhorstmann-arm/fix-string-to-names-retcode 
Fix false success return code in `mbedtls_x509_string_to_names()`
 2023-06-30 14:28:29 +01:00
Andrzej Kurek
78ecf41f22 Change spaces to a tab in a makefile recipe 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-30 08:42:05 -04:00
Andrzej Kurek
03478d2b90
Merge branch 'development' into issue/7816/add-commands-for-files-in-parse_input 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-30 14:38:05 +02:00
Dave Rodgman
c23d2222ea
Merge pull request #7728 from waleed-elmelegy-arm/crypt_and_hash-decrypt-fix 
Fix crypt_and_hash decrypt issue when used with stream cipher
 2023-06-30 11:42:35 +01:00
Dave Rodgman
a2c1a387e4
Merge pull request #7630 from daverodgman/prefer-intrinsics 
Prefer intrinsics over asm for AES-NI
 2023-06-30 11:39:38 +01:00
Dave Rodgman
2d07a72b35
Merge pull request #7821 from davidhorstmann-arm/simplify-test-dn-formatting 
Simplify directory name comparison in AuthorityKeyIdentifier tests
 2023-06-30 11:38:03 +01:00
Dave Rodgman
38939f705a
Merge pull request #7822 from gilles-peskine-arm/code-style-since 
code_style.py --since
 2023-06-30 11:37:02 +01:00