27312 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Przemek Stekiel	6f199859b6	Adapt handshake fields to ffdh ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:25:00 +02:00
Przemek Stekiel	e03ddbb497	Use valid size of peerkey buffer (EC vs FF) ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:25:00 +02:00
Przemek Stekiel	84f4ff1dd3	Minor adaptations after ffdh was enabled for tls1.3 ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:12:08 +02:00
Beniamin Sandu	aa4f621901	aesce: use correct target attribute when building with clang ... Seems clang has its own issues when it comes to crypto extensions, and right now the best way to avoid them is to accurately enable the needed instructions instead of the broad crypto feature. E.g.: https://github.com/llvm/llvm-project/issues/61645 Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>	2023-07-04 21:15:52 +03:00
Dave Rodgman	c8d81ad54d	Merge pull request #7784 from daverodgman/aesce-unroll	2023-07-04 18:41:13 +01:00
Tom Cosgrove	a2eff629fc	Merge pull request #7874 from yanrayw/7360-code-size-improvement ... code_size_compare.py: run make clean before build libraries	2023-07-04 17:14:35 +01:00
Tom Cosgrove	e939464eb7	Merge pull request #7829 from mpg/deduplicate-tls-hashing ... De-duplicate TLS hashing functions	2023-07-04 16:06:00 +01:00
Tom Cosgrove	b7af7eac05	Merge pull request #7834 from beni-sandu/development ... aesce: do not specify an arch version when enabling crypto instructions	2023-07-04 13:32:04 +01:00
Przemek Stekiel	85b644262d	Add ffdh accel vs reference check to analyze_outcomes.py ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-04 12:35:54 +02:00
Przemek Stekiel	01c248c00b	Enable TLS1.3 in FFDH alg build with drivers and add reference config(without drivers) ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-04 12:35:54 +02:00
Ronald Cron	1ffa450882	tls: client: Improve writing of supported_groups ext ... Align the TLS 1.3 specific and TLS 1.2 specific tests done before to call ssl_write_supported_groups_ext() and inside thsi function. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-07-04 12:16:25 +02:00
Kusumit Ghoderao	5168bd5f0f	Add changelog entry ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:03 +05:30
Kusumit Ghoderao	7333ed3efa	Add max iterations test case for cmac ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:03 +05:30
Kusumit Ghoderao	d80183864a	Add test case for zero input cost ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	671320633c	Add test cases for key and plain inputs ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	3fde8feaa9	FIx name of macro ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	b3042c39fe	Define PSA_ALG_WANT_PBKDF2_AES_CMAC_PRF_128 and fix config ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:02 +05:30
Kusumit Ghoderao	9d4c74f25c	Add test cases for output validation of pbkdf2 cmac ... PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library: https://github.com/Legrandin/pycryptodome Steps to generate test vectors: 1. pip install pycryptodome 2. Use the python script below to generate Derived key (see description for details): Example usage: pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len> derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16 password : 4a30314e4d45 salt : 54687265616437333563383762344f70656e54687265616444656d6f input cost : 16384 derived key len : 16 output : 8b27beed7e7a4dd6c53138c879a8e33c """ from Crypto.Protocol.KDF import PBKDF2 from Crypto.Hash import CMAC from Crypto.Cipher import AES import sys def main(): #check args if len(sys.argv) != 5: print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>") return password = bytes.fromhex(sys.argv[1]) salt = bytes.fromhex(sys.argv[2]) iterations = int(sys.argv[3]) dklen = int(sys.argv[4]) # If password is not 16 bytes then we need to use CMAC to derive the password if len(password) != 16: zeros = bytes.fromhex("00000000000000000000000000000000") cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16) passwd = bytes.fromhex(cobj_pass.hexdigest()) else: passwd = password cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest() actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf) print('password : ' + password.hex()) print('salt : ' + salt.hex()) print('input cost : ' + str(iterations)) print('derived key len : ' + str(dklen)) print('output : ' + actual_output.hex()) if __name__ == "__main__": main() """ Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:01 +05:30
Kusumit Ghoderao	1d3fca21b1	Add test cases for input validation of pbkdf2 cmac ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:01 +05:30
Kusumit Ghoderao	4536bb6f2b	Change mac_size parameter in driver_mac_compute to output length ... See #7801 for reference Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:01 +05:30
Kusumit Ghoderao	a2520a5b7e	Add pbkdf2 cmac to key derivation output_bytes ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:00 +05:30
Kusumit Ghoderao	3d5edb8eef	Add input password function for pbkdf2 cmac ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:00 +05:30
Kusumit Ghoderao	2cd649684a	Add pbkdf2_cmac to key derivation setup ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:17:00 +05:30
Kusumit Ghoderao	857cd4b3ee	Add AES_CMAC_PRF_128 output size macro ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:16:59 +05:30
Kusumit Ghoderao	3ab146f99e	Add builtin pbkdf2 cmac guard for all the pbkdf2 functions ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:16:59 +05:30
Kusumit Ghoderao	dd45667a18	Define struct for pbkdf2_cmac ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:16:59 +05:30
Kusumit Ghoderao	3cb6e41dfa	Add define for builtin pbkdf2_cmac ... Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-07-04 15:16:59 +05:30
Manuel Pégourié-Gonnard	aaad2b6bfc	Rename some local variables ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-07-04 11:35:16 +02:00
Pengyu Lv	b687c03183	Fix the command for server9-sha*.crt ... The new command could generate parse_input/server9-sha*.crt correctly. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	49c56e651d	Add target for parse_input/cert_example_multi_nocn.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	19e949e644	Fix typo and long line format ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	736d2bb715	Update crl-rsa-pss-*.pem manually ... The rules will be in a seperate PR. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	59f392cd4d	upgrade server9-bad-saltlen.crt ... Upgrade scripts ```python import subprocess from asn1crypto import pem, x509,core output_filename="server9-bad-saltlen.crt" tmp_filename="server9-bad-saltlen.crt.tmp" tmp1_filename="server9-bad-saltlen.crt.tmp1" subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \ -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \ -set_serial 24 -days 3650 \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \ -sigopt rsa_mgf1_md:sha256 -sha256 \ -in server9.csr -out {output_filename} ''',shell=True) with open(output_filename,'rb') as f: _,_,der_bytes=pem.unarmor(f.read()) target_certificate=x509.Certificate.load(der_bytes) with open(tmp_filename,'wb') as f: f.write(target_certificate['tbs_certificate'].dump()) subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \ -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}', shell=True) with open(tmp1_filename,'rb') as f: signature_value= core.OctetBitString(f.read()) with open(output_filename,'wb') as f: target_certificate['signature_value']=signature_value f.write(pem.armor('CERTIFICATE',target_certificate.dump())) ``` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	4ad45c01b9	Update server9*.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	8c40c573b2	Add server9-bad-{mgfhash,saltlen}.crt ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	b5ac935e44	Add rules to generate server9*.crt ... Except for server9-bad-saltlen.crt and server9-bad-mgfhash.crt. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	4ca9520582	Update server1-nospace.crt ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	0efdfcbfd3	Update v1 crt files ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	0d545a1815	Update cert_example_multi_nocn.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	e025cb2096	Add rules to generate cert_example_multi_nocn.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	d9ba29733e	Update server5.[e]ku-*.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	1ca5c0eae9	Add rules to generate server5.[e]ku-*.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	b078607f04	cert_write: Support write any for extended key usage ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	5b91dc7265	Update server2.ku-*.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	0063599e6f	Add rules to generate server2.ku-*.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	55ee7f8e13	Add rule for server2-badsign.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	0f381fd02f	Update test-ca2.ku-*.crt ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	5a1dbf3d6e	Fix the rule for server5-ss-forgeca.crt ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	affc294dfe	Add the rule and update server6-ss-child.crt ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	4d69b29076	Update server5-selfsigned.crt ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00