26834 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Ronald Cron	1ffa450882	tls: client: Improve writing of supported_groups ext ... Align the TLS 1.3 specific and TLS 1.2 specific tests done before to call ssl_write_supported_groups_ext() and inside thsi function. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-07-04 12:16:25 +02:00
Kusumit Ghoderao	5168bd5f0f	Add changelog entry ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:03 +05:30
Kusumit Ghoderao	7333ed3efa	Add max iterations test case for cmac ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:03 +05:30
Kusumit Ghoderao	d80183864a	Add test case for zero input cost ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	671320633c	Add test cases for key and plain inputs ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	3fde8feaa9	FIx name of macro ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	b3042c39fe	Define PSA_ALG_WANT_PBKDF2_AES_CMAC_PRF_128 and fix config ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	9d4c74f25c	Add test cases for output validation of pbkdf2 cmac ... PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library: https://github.com/Legrandin/pycryptodome Steps to generate test vectors: 1. pip install pycryptodome 2. Use the python script below to generate Derived key (see description for details): Example usage: pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len> derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16 password : 4a30314e4d45 salt : 54687265616437333563383762344f70656e54687265616444656d6f input cost : 16384 derived key len : 16 output : 8b27beed7e7a4dd6c53138c879a8e33c """ from Crypto.Protocol.KDF import PBKDF2 from Crypto.Hash import CMAC from Crypto.Cipher import AES import sys def main(): #check args if len(sys.argv) != 5: print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>") return password = bytes.fromhex(sys.argv[1]) salt = bytes.fromhex(sys.argv[2]) iterations = int(sys.argv[3]) dklen = int(sys.argv[4]) # If password is not 16 bytes then we need to use CMAC to derive the password if len(password) != 16: zeros = bytes.fromhex("00000000000000000000000000000000") cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16) passwd = bytes.fromhex(cobj_pass.hexdigest()) else: passwd = password cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest() actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf) print('password : ' + password.hex()) print('salt : ' + salt.hex()) print('input cost : ' + str(iterations)) print('derived key len : ' + str(dklen)) print('output : ' + actual_output.hex()) if __name__ == "__main__": main() """ Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:01 +05:30
Kusumit Ghoderao	1d3fca21b1	Add test cases for input validation of pbkdf2 cmac ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:01 +05:30
Kusumit Ghoderao	4536bb6f2b	Change mac_size parameter in driver_mac_compute to output length ... See #7801 for reference Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:01 +05:30
Kusumit Ghoderao	a2520a5b7e	Add pbkdf2 cmac to key derivation output_bytes ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:00 +05:30
Kusumit Ghoderao	3d5edb8eef	Add input password function for pbkdf2 cmac ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:00 +05:30
Kusumit Ghoderao	2cd649684a	Add pbkdf2_cmac to key derivation setup ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:00 +05:30
Kusumit Ghoderao	857cd4b3ee	Add AES_CMAC_PRF_128 output size macro ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:16:59 +05:30
Kusumit Ghoderao	3ab146f99e	Add builtin pbkdf2 cmac guard for all the pbkdf2 functions ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:16:59 +05:30
Kusumit Ghoderao	dd45667a18	Define struct for pbkdf2_cmac ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:16:59 +05:30
Kusumit Ghoderao	3cb6e41dfa	Add define for builtin pbkdf2_cmac ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:16:59 +05:30
Manuel Pégourié-Gonnard	aaad2b6bfc	Rename some local variables ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-07-04 11:35:16 +02:00
Pengyu Lv	b687c03183	Fix the command for server9-sha*.crt ... The new command could generate parse_input/server9-sha*.crt correctly. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	49c56e651d	Add target for parse_input/cert_example_multi_nocn.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	19e949e644	Fix typo and long line format ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	736d2bb715	Update crl-rsa-pss-*.pem manually ... The rules will be in a seperate PR. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	59f392cd4d	upgrade server9-bad-saltlen.crt ... Upgrade scripts ```python import subprocess from asn1crypto import pem, x509,core output_filename="server9-bad-saltlen.crt" tmp_filename="server9-bad-saltlen.crt.tmp" tmp1_filename="server9-bad-saltlen.crt.tmp1" subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \ -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \ -set_serial 24 -days 3650 \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \ -sigopt rsa_mgf1_md:sha256 -sha256 \ -in server9.csr -out {output_filename} ''',shell=True) with open(output_filename,'rb') as f: _,_,der_bytes=pem.unarmor(f.read()) target_certificate=x509.Certificate.load(der_bytes) with open(tmp_filename,'wb') as f: f.write(target_certificate['tbs_certificate'].dump()) subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \ -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}', shell=True) with open(tmp1_filename,'rb') as f: signature_value= core.OctetBitString(f.read()) with open(output_filename,'wb') as f: target_certificate['signature_value']=signature_value f.write(pem.armor('CERTIFICATE',target_certificate.dump())) ``` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	4ad45c01b9	Update server9*.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	8c40c573b2	Add server9-bad-{mgfhash,saltlen}.crt ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	b5ac935e44	Add rules to generate server9*.crt ... Except for server9-bad-saltlen.crt and server9-bad-mgfhash.crt. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	4ca9520582	Update server1-nospace.crt ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	0efdfcbfd3	Update v1 crt files ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	0d545a1815	Update cert_example_multi_nocn.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	e025cb2096	Add rules to generate cert_example_multi_nocn.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	d9ba29733e	Update server5.[e]ku-*.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	1ca5c0eae9	Add rules to generate server5.[e]ku-*.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	b078607f04	cert_write: Support write any for extended key usage ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	5b91dc7265	Update server2.ku-*.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	0063599e6f	Add rules to generate server2.ku-*.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	55ee7f8e13	Add rule for server2-badsign.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	0f381fd02f	Update test-ca2.ku-*.crt ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	5a1dbf3d6e	Fix the rule for server5-ss-forgeca.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	affc294dfe	Add the rule and update server6-ss-child.crt ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	4d69b29076	Update server5-selfsigned.crt ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Yanray Wang	699a6c8a6d	code_size_compare.py: add comment for sys_arch ... Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-07-04 17:27:45 +08:00
Yanray Wang	4c26db0845	code_size_compare.py: run make clean before build libraries ... If we don't remove all executable files in current working directory, we might measure code size between different architecture and configuration. This generates a wrong code size comparison report. This commit guarantees it runs `make clean` before build libraries for code size comparison. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-07-04 17:27:45 +08:00
Manuel Pégourié-Gonnard	443589ac53	Merge pull request #7870 from valeriosetti/fix-tls13-guards ... tls13: fix guards for PSA error translating function	2023-07-04 11:21:14 +02:00
Tom Cosgrove	1940e7bae4	Merge pull request #7671 from yanrayw/7360-code-size-improve-format ... code size: improve format of csv file	2023-07-04 09:15:48 +01:00
Tom Cosgrove	9b20c6fcc1	Merge pull request #7840 from yanrayw/7381_aes_gen_table ... AES: use uint8_t for array of pow and log to save RAM usage	2023-07-04 08:34:12 +01:00
Valerio Setti	dbd01cb677	tls13: fix guards for PSA error translating function ... Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-04 09:18:52 +02:00
Gilles Peskine	958346917c	Officially require Python 3.8 ... Our code is still compatible with Python 3.5 at the time of writing, but we don't want to commit to that. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-07-03 17:59:37 +02:00
Gilles Peskine	552c9ab8c4	Correct Python requirements in releases ... The wording wasn't quite right for 3.0.0 and up: there's nothing special about Python and sample programs (that was true in the end times of 2.x, but not since 3.0). Python is not needed in a release unless you want to build the tests or you want to integrate PSA drivers without writing your own C wrappers. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-07-03 17:54:26 +02:00
Dave Rodgman	9cf17dad9d	Merge pull request #7851 from daverodgman/fix-unused-aes ... Fix AES dependencies - build TF-M config cleanly	2023-07-03 16:49:00 +01:00
Andrzej Kurek	cf669b058b	Add a dummy usage of a pointer in tests ... This way clang with O1 doesn't optimize it. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-07-03 10:42:27 -04:00