yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
26834 commits 89 branches 205 tags 114 MiB
Commit graph

26834 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jerry Yu 0a6272d6c9 revert padlock from aesni module 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-18 17:35:59 +08:00
Jerry Yu 61fc5ed5f3 improve readability of error message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-18 17:28:48 +08:00
Jerry Yu 372f7a04d0 Add missing check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-18 17:26:25 +08:00
Kusumit Ghoderao 5cad47df8a Modify test description 
The test data was generated using the python script.
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome

Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):

Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16

password         : 4a30314e4d45
salt             : 54687265616437333563383762344f70656e54687265616444656d6f
input cost       : 16384
derived key len  : 16
output           : 8b27beed7e7a4dd6c53138c879a8e33c

"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys

def main():
    #check args
    if len(sys.argv) != 5:
        print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
        return

    password    = bytes.fromhex(sys.argv[1])
    salt        = bytes.fromhex(sys.argv[2])
    iterations  = int(sys.argv[3])
    dklen       = int(sys.argv[4])

    # If password is not 16 bytes then we need to use CMAC to derive the password
    if len(password) != 16:
        zeros     = bytes.fromhex("00000000000000000000000000000000")
        cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
        passwd    = bytes.fromhex(cobj_pass.hexdigest())
    else:
        passwd = password

    cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()

    actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)

    print('password         : ' + password.hex())
    print('salt             : ' + salt.hex())
    print('input cost       : ' + str(iterations))
    print('derived key len  : ' + str(dklen))
    print('output           : ' + actual_output.hex())

if __name__ == "__main__":
    main()
"""

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-18 12:49:07 +05:30
Bence Szépkúti 505dffd5e3
Merge pull request #7937 from yanrayw/code_size_compare_improvement 
code_size_compare.py: preparation work to show code size changes in PR comment
 2023-08-17 20:59:11 +00:00
Gilles Peskine eeaad50cd6
Merge pull request #8079 from adeaarm/port_IAR_build_fix 
Small fixes for IAR support
 2023-08-17 19:10:51 +00:00
Kusumit Ghoderao e4d634cd87 Add tests with higher input costs for pbkdf2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-17 21:16:14 +05:30
Gilles Peskine dbd13c3689
Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01 
Updating crt/crl files due to expiry before 2027-01-01
 2023-08-17 15:38:35 +00:00
Waleed Elmelegy 1a89170f8d Add changelog entry for new mbedtls_pkcs5_pbe2_ext function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-17 16:00:58 +01:00
Antonio de Angelis 8e9d6b927e Remove the workaround for psa_key_agreement_internal 
Remove the workaround for psa_key_agreement_internal to
have a shared_secret array always non-zero. The spec is
recently updated so that PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
is always non-zero

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
 2023-08-17 15:27:56 +01:00
Waleed Elmelegy 12dd040374 Improve mbedtls_pkcs5_pbes2_ext function signature comments 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-17 15:08:03 +01:00
Janos Follath f2334b7b39 Remove new bignum when not needed 
New bignum modules are only needed when the new ecp_curves module is
present. Remove them when they are not needed to save code size.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-17 14:36:59 +01:00
Waleed Elmelegy 4a0a989913 Fix unused parameters warnings when MBEDTLS_CIPHER_PADDING_PKCS7 is disabled 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-17 14:20:58 +01:00
Waleed Elmelegy 87bc1e1cda Fix heap overflow issue in pkcs5_pbes2 testing functions 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-17 14:20:58 +01:00
Waleed Elmelegy 5d3f315478 Add new mbedtls_pkcs5_pbe2_ext function 
Add new mbedtls_pkcs5_pbe2_ext function to replace old
function with possible security issues.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-17 14:20:58 +01:00
Agathiyan Bragadeesh 48eae138a5 Fix formatting in changelog 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-17 14:08:47 +01:00
Agathiyan Bragadeesh 2c018744e5 Add newline at end of changelog 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-17 14:00:10 +01:00
Gilles Peskine 294be94922
Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation 
PBKDF2 CMAC implementation
 2023-08-17 11:15:16 +00:00
Jerry Yu 9608447545 replace padlock_c with padlock_have_code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 18:10:45 +08:00
Jerry Yu 3a0f044bde improve readability 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 17:06:21 +08:00
Agathiyan Bragadeesh 9ebfa7f64c Fix style 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-17 10:00:45 +01:00
Jerry Yu 6c6b9f602c Change document to match real status 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 16:53:01 +08:00
Agathiyan Bragadeesh da8c587531 Add ChangeLog entry 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-17 09:37:46 +01:00
Jerry Yu e9c6b53e74 remove return-type when runtime detection enabled without plain c 
This case does not exist

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 13:53:38 +08:00
Jerry Yu f258d17acd remove aesni + padlock - plain c tests 
This test is not valid for padlock depends
on plain c

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 12:39:00 +08:00
Jerry Yu 1b4c7eda80 add hardware only check for padlock 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 11:25:17 +08:00
Jerry Yu 9e628621b4 Add via padlock detection macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 11:20:09 +08:00
Jerry Yu 2319af0d64 Change the order of runtime detection 
If aesni is available, we will use it.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 10:38:57 +08:00
Jerry Yu 35b59d7805 exclude arm64ec mode for aesni 
AESNI does not work correctly for msvc arm64ec

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 10:34:15 +08:00
Agathiyan Bragadeesh 285f85f962 Remove unnecessary const type qualifiers in casts 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-16 17:15:48 +01:00
Antonio de Angelis f1adc2a7a1 Use asm instead of __asm in constant_time.c 
The original IAR fix submitted to TF-M directly changed asm to __asm.
But mbed TLS now has a workaround for such cases hence just remove the
original change modification.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
 2023-08-16 12:48:48 +01:00
Antonio de Angelis 1ee4d1228c Fix error strings without quotes 
Some of the error strings that should be printed with the
error preprocessor directive are missing quotes

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
 2023-08-16 12:48:33 +01:00
TTornblom e4f6d79bbe BUILD: Update For IAR support 
Applied the same change as in mbed-crypto for using this as a sub
project with the IAR toolchain. Use __asm generic ,and avoid empty
enum. Avoid declaration of array with null size. This is a porting
of the original patch contributed to trusted-firmware-m.

Signed-off-by: TTornblom <thomas.tornblom@iar.com>
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
 2023-08-16 12:36:21 +01:00
Jerry Yu bdd96b9adf disable aesni for componets without cpu modifiers 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 17:34:27 +08:00
Jerry Yu 516cf27d45 fix msvc build fail on i386 target 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 17:33:32 +08:00
Gilles Peskine a4c01dd6e9
Merge pull request #7991 from sarveshb14/fix/psa_rsa_signature_using_large_stack 
rsa_signature: Use heap memory to allocate DER encoded RSA private key
 2023-08-16 09:23:29 +00:00
Jerry Yu 3ce0398d1d Add compiler cflags error message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 17:22:18 +08:00
Gilles Peskine d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn 
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
 2023-08-16 09:19:46 +00:00
Jerry Yu 506759f5ce fix build fail for via padlock test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 17:11:22 +08:00
Jerry Yu b6d39c2f8c Add aesni test for i386 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 16:14:02 +08:00
Jerry Yu c628486cd9 enable runtime detection when padlock enabled and plain c disabled 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 16:14:02 +08:00
Jerry Yu cc068ae631 fix -Werror=return-type when runtime detection enabled and plain c disabled 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 16:14:01 +08:00
Yanray Wang bc775c48c9 code_size_compare: handle deleted files and new files properly 
'Removed' and 'NotCreated' should be displayed in new and old column
respectively. The value of delta is reflected on change column. This
commit handles the corner cases properly.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-08-16 16:08:22 +08:00
Jerry Yu e62ff09569 Restore aesni for i386 
intrinsic code can be work on i386 also

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 14:33:16 +08:00
Kusumit Ghoderao 9928ca1875 Code styling 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-16 11:48:27 +05:30
Kusumit Ghoderao 6c104b9b3b Modify derive output test cases and add actual output 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-16 11:47:24 +05:30
Dave Rodgman 5d396327a7
Merge pull request #8077 from davidhorstmann-arm/remove-unnecessary-ct-include 
Tidying: Remove unnecessary include from constant_time.c
 2023-08-15 17:32:11 +00:00
David Horstmann ba44e918b8 Remove unnecessary include from constant_time.c 
This was added in order to use TEST_CF_XYZ macros which have since been
removed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-15 15:17:22 +01:00
Dave Rodgman b476177849
Merge pull request #8073 from daverodgman/empty-enum-fix 
Fix compile fail for empty enum in cipher_wrap
 2023-08-14 18:43:09 +00:00
Tomás González 358c6c644a Add EdDSA and XTS to the allow list 
As specified in
https://github.com/Mbed-TLS/mbedtls/issues/5390#issuecomment-1669585707
EdDSA and XTS tests are legitimately never executed, so add them to
the allow list.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-14 15:46:25 +01:00