ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-07-13 19:56:44 +08:00
Code Issues Releases Wiki Activity
33,322 Commits 173 Branches 272 Tags
Commit Graph

12410 Commits

Author SHA1 Message Date
Gilles Peskine
31d49cd57f
Merge pull request #1053 from waleed-elmelegy-arm/Improve-and-test-mbedtls_pkcs12_pbe 
Improve & test legacy mbedtls_pkcs12_pbe
 2023-09-08 13:08:05 +02:00
Waleed Elmelegy
1f59ee078f Add correct dependencies to pkcs12 tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-07 17:59:35 +01:00
Waleed Elmelegy
096017023d Fix identation error in pkcs12 tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-07 17:48:40 +01:00
David Horstmann
8ece2e9712 Fix incorrect test dependencies in pkwrite tests 
These should rely in MBEDTLS_PEM_{PARSE,WRITE}_C where applicable, not
MBEDTLS_BASE64_C.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-09-07 17:43:12 +01:00
Waleed Elmelegy
75b9eb36b4 Change pkcs12 test comparison macro to the new macro 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-07 17:02:37 +01:00
Waleed Elmelegy
8317e91b1e Change pkcs12 test allocation macros to the new macros 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-07 15:46:58 +01:00
Yanray Wang
c5944d4a3c all.sh: fix a typo 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-07 18:00:35 +08:00
Yanray Wang
4f4822c553 Revert "des: add CIPHER_ENCRYPT_ONLY dependency for test cases" 
This reverts commit 3c565275c48f1ffc00b5854b1cfecb4dfeacf844.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-07 18:00:25 +08:00
Yanray Wang
9b811658a8 Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-09-07 16:18:00 +08:00
Waleed Elmelegy
15de809e1a Improve pkcs12 pbe tests 
* Simplify pkcs12 tests to use algo parameters instead of asn1 buffers.
* Fix output buffers allocation size.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-05 16:34:55 +01:00
Waleed Elmelegy
255db80910 Improve & test legacy mbedtls_pkcs12_pbe 
* Prevent pkcs12_pbe encryption when PKCS7 padding has been
  disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
  reasons, However, invalid padding is not checked.
* Document new behaviour, known limitations and possible
  security concerns.
* Add tests to check these scenarios. Test data has been
  generated by the below code using OpenSSL as a reference:

#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <openssl/des.h>
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include <string.h>

int main()
{
    char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB";
    unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC";
    unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA";
    unsigned char *ciphertext = NULL;
    int iter = 10;
    X509_ALGOR *alg =  X509_ALGOR_new();
    int ciphertext_len = 0;
    int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    alg->parameter = ASN1_TYPE_new();
    struct asn1_object_st * aobj;
    PKCS5_pbe_set0_algor(alg, alg_nid, iter,
                         salt, sizeof(salt)-1);

    aobj = alg->algorithm;
    printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length);
    printf("06%.2X", aobj->length);
    for (int i = 0; i < aobj->length; i++) {
        printf("%.2X", aobj->data[i]);
    }

    for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) {
        printf("%.2X", alg->parameter->value.asn1_string->data[i]);
    }
    printf("\":\"");

    for (int i = 0; i < sizeof(pass)-1; i++) {
        printf("%.2X", pass[i] & 0xFF);
    }
    printf("\":\"");
    for (int i = 0; i < sizeof(plaintext)-1; i++) {
        printf("%.2X", plaintext[i]);
    }
    printf("\":");
    printf("0");
    printf(":\"");

    unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1);

    if (res == NULL)
        printf("Encryption failed!\n");
    for (int i = 0; i < ciphertext_len; i++) {
        printf("%.2X", res[i]);
    }
    printf("\"\n");

    return 0;
}

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
#
 2023-09-05 15:45:55 +01:00
Kusumit Ghoderao
94d319065a Set input cost as 1 for psa_key_exercise test 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-09-05 19:30:22 +05:30
Kusumit Ghoderao
7c61ffcc44 Rename parse_binary_string function 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-09-05 19:29:47 +05:30
Valerio Setti
5dfaca4af5 all.sh: fix comments 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-05 08:48:51 +02:00
Agathiyan Bragadeesh
4ce9ac8463 Add round trip tests for x509 RDNs 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-09-04 16:18:26 +01:00
Gilles Peskine
1a7d387072
Merge pull request #1041 from waleed-elmelegy-arm/add-new-pkcs5-pbe2-ext-fun 
Add new pkcs5 pbe2 ext fun
 2023-09-04 15:33:42 +02:00
Tom Cosgrove
b2fafa5a49 config-wrapper-zeroize-memset.h should be user-config-zeroize-memset.h and not include mbedtls_config.h 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
7eced7d1d2 Move zeroize-as-memset into a config file under tests/ 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
daddf11a30 Add a build to all.sh to check mbedtls_platform_zeroize() calls 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
351a391011 Fix incorrect use of mbedtls_platform_zeroize() in tests 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Dave Rodgman
4f69668558
Merge pull request #8082 from daverodgman/misc-code-size 
Misc code size improvements
 2023-09-02 11:44:31 +00:00
Yanray Wang
782190417c all.sh: ciper_encrypt_only: cover VIA PADLOCK 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:46:52 +08:00
Yanray Wang
bf66ef9085 all.sh: ciper_encrypt_only: cover baremetal build for AESCE 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:46:24 +08:00
Yanray Wang
207c991d56 all.sh: ciper_encrypt_only: cover AESNI and C Implementation 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:43:42 +08:00
Yanray Wang
3c565275c4 des: add CIPHER_ENCRYPT_ONLY dependency for test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
ba473b1c82 camellia: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
702c220809 aria: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
85c3023c60 AES-ECB: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
a8ac23a758 all.sh: add test case for CIPHER_ENCRYPT_ONLY 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 16:40:11 +08:00
Paul Elliott
6147511bc0
Merge pull request #7955 from davidhorstmann-arm/psa-crypto-script-changes 
Miscellaneous changes to scripts for PSA-Crypto enablement
 2023-08-31 18:19:52 +00:00
Paul Elliott
6ebe7d2e3a
Merge pull request #8095 from davidhorstmann-arm/initialize-struct-get-other-name 
Coverity fix: Set `type_id` in `x509_get_other_name()`
 2023-08-31 16:26:00 +00:00
Paul Elliott
b5d97156e4
Merge pull request #7857 from minosgalanakis/bugifx/address_curve_bits 
[BigNum] test_suite_ecp: Fixed curve bit-length.
 2023-08-31 13:14:11 +00:00
Dave Rodgman
a9a53a05f0 Merge remote-tracking branch 'origin/development' into misc-code-size 2023-08-31 11:53:46 +01:00
Gilles Peskine
f7632382cc
Merge pull request #8130 from davidhorstmann-arm/fix-unnecessary-include-prefixes 
Fix unnecessary header prefixes in tests
 2023-08-31 08:57:26 +00:00
Gilles Peskine
7b2b76a2d4
Merge pull request #7165 from yanrayw/7094-collect-compatsh-test-cases 
check_test_cases.py: support to collect test cases for compat.sh
 2023-08-31 07:30:20 +00:00
Dave Rodgman
dbddb00158 Ensure mbedtls_sha3_finish zeroizes the context 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-30 18:43:23 +01:00
Gilles Peskine
03e9dea30b Merge remote-tracking branch 'development' into psa_crypto_config-in-full 
Conflicts:
* `include/psa/crypto_sizes.h`: the addition of the `u` suffix in this branch
  conflicts with the rework of the calculation of `PSA_HASH_MAX_SIZE` and
  `PSA_HMAC_MAX_HASH_BLOCK_SIZE` in `development`. Use the new definitions
  from `development`, and add the `u` suffix to the relevant constants.
 2023-08-30 18:32:57 +02:00
Gilles Peskine
2c40b90598 ssl-opt.sh doesn't actually use OPENSSL_LEGACY: remove unused function 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-30 16:38:56 +02:00
David Horstmann
22ec2aefa9 Fix unnecessary header prefixes in tests 
Remove unnecessary "../library" prefix from test suite includes. This
makes the tests repo-agnostic between the mbedtls and psa-crypto repos.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-30 15:34:34 +01:00
Waleed Elmelegy
21d7d85af7 Fix mbedtls_pkcs5_pbes test function failure 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-30 13:12:09 +01:00
Yanray Wang
63f0abe226 check_test_cases: add a comment to explain idx in walk_compat_sh 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-08-30 18:31:37 +08:00
Dave Rodgman
730bbee226 Merge remote-tracking branch 'origin/development' into update-restricted-2023-08-30 2023-08-30 11:22:00 +01:00
Dave Rodgman
29bf911058
Merge pull request #7839 from daverodgman/psa-sha3 
SHA-3 via PSA
 2023-08-30 08:51:36 +00:00
David Horstmann
8f3ec8ec9d Use '--target' instead of shortened '-t' 
This enables compatibility with older versions of CMake that do not have
the abbreviated switch.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-30 09:46:20 +01:00
Yanray Wang
ab717b5287 Merge remote-tracking branch 'origin/development' into 7094-collect-compatsh-test-cases 2023-08-30 10:38:28 +08:00
David Horstmann
3ed1871920 Disable pylint error for non-uppercase names 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 18:20:19 +01:00
Dave Rodgman
33e1f42307 Fix use of mbedtls_psa_safer_memcmp in test code 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-29 18:17:29 +01:00
David Horstmann
9cc6b2f446 Add missing import in test_psa_compliance.py 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 17:36:35 +01:00
David Horstmann
fd9264e65b Fix pylint errors 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 16:21:15 +01:00
Gilles Peskine
a878b663cf
Merge pull request #8090 from silabs-Kusumit/PBKDF2_higher_cost_tests 
PBKDF2: tests with higher input costs
 2023-08-29 14:00:17 +00:00