Updating test-ca.key to use AES instead of DES #7528
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
See doxygen/doxygen#8706 Signed-off-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Sphinx's breathe plugin cannot readily parse the Mbed TLS macros, so define the less essential ones away at the doxygen step to reduce the number of warnings. Signed-off-by: David Horstmann <david.horstmann@arm.com>
…fast_reduction Extract Secp256r1 fast reduction from the prototype
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add Threat Model Summary
Implement MD dispatch to PSA
But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the guards once that has changed. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Same note as previous commit regarding guards. Note that we could auto-enable MD_LIGHT only when SELF_TEST is defined, and even only when SHA1_C is defined too, but somewhere down the line we'll want to auto-enable it for the sake of other RSA function (not in selftest and could use any hash), so there's little point in optimizing the temporary condition, let's use the simple one upfront. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Driver-only EC JPAKE: starter
…stricted-test Fix CI build after repository merge conflict
Added ability to include the SubjectAltName extension to a CSR - v.2
Add parsing for Record Size Limit extension in TLS 1.3
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Fix psa_key_derivation_output_key not being able to derive ECC keys without MBEDTLS_BUILTIN ECC key types enabled. The PSA crypto drivers can generate these keys without requiring the builtin key types. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Note that ECC key derivation is not using drivers yet, as we don't have driver support for cooked key derivation acceleration, see Mbed-TLS#5451 and follow-ups. So, we still need MBEDTLS_ECP_C enabled at least for this, and probably in several other places for now. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This was intended as an if-else-if chain. Make it so. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add changelog entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
The PSA cryptography repository is based to start with on the PSA cryptography implementation in Mbed TLS but with a different directority structure, build system and build configuration. The build-time configuration information in the PSA cryptography repository is psa/build_info.h. This commit introduces this file in Mbed TLS to be used in place of mbedtls/build_info.h (but basically just an alias to it) in PSA headers. This is to ease the update of the PSA cryptography repository. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
When compiling some PSA core files of the PSA cryptography repository, both the Mbed TLS library and the PSA cryptography core common.h are included and if they define the same inline functions (same name), the compilation fails. Thus, inline functions prefixed by psa_crypto_ instead of mbedtls_ are defined in the PSA cryptography core common.h header. To ease the maintenance of the PSA cryptography repository, introduce those symbols in Mbed TLS as well and use them in PSA crypto core code files instead of their Mbed TLS equivalent. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The component_test_psa_crypto_drivers was renamed component_test_psa_crypto_builtin_keys in a previous commit. This was misleading as the goal of the component is not to test the builtin keys but to run the PSA unit tests with the test drivers doing the cryptographic operations. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
…tform-function Add milliseconds platform time function
Signed-off-by: Hanno Becker <hanno.becker@arm.com> Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
…new mbedtls_mpi_core_mul() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com> Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
The test cases use the following MPI values.
The .data file only includes those (a, b) values where a <= b; the test code
does a * b and b * a.
0 1 80 ff 100 fffe ffff 10000 ffffffff 100000000
20000000000000 7f7f7f7f7f7f7f7f 8000000000000000 ffffffffffffffff
10000000000000000 10000000000000001 1234567890abcdef0
fffffffffffffffffefefefefefefefe 100000000000000000000000000000000
1234567890abcdef01234567890abcdef0
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
The lines in the .data file were generated by the following script
```
#!/usr/bin/env perl
#
# mpi-test-core-mul.pl - generate MPI tests in Perl for mbedtls_mpi_core_mul()
#
use strict;
use warnings;
use Math::BigInt;
use sort 'stable';
my $echo = 0;
my @mul_mpis = qw(
0 1 80 ff 100 fffe ffff 10000 ffffffff 100000000
20000000000000 7f7f7f7f7f7f7f7f 8000000000000000 ffffffffffffffff
10000000000000000 10000000000000001 1234567890abcdef0 fffffffffffffffffefefefefefefefe
100000000000000000000000000000000 1234567890abcdef01234567890abcdef0
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
);
generate_tests();
sub generate_tests {
generate_mbedtls_mpi_core_mul();
}
sub generate_mbedtls_mpi_core_mul {
my $sub_name = (caller(0))[3]; # e.g. main::generate_mbedtls_mpi_sub_mpi
my ($ignore, $test_name) = split("main::generate_", $sub_name);
my @Cases = ();
for my $ah (@mul_mpis) {
for my $bh (@mul_mpis) {
my $a = Math::BigInt->from_hex($ah);
my $b = Math::BigInt->from_hex($bh);
next if $a > $b; # don't need to repeat test cases
my $r = $a * $b;
my $rh = $r->to_hex();
my $desc = "$test_name #NUMBER: 0x$ah * 0x$bh = 0x$rh";
my $case = output($test_name, str($ah), str($bh), str($rh));
push(@Cases, [$case, $desc]);
}
}
output_cases("", @Cases);
}
sub output_cases {
my ($explain, @Cases) = @_;
my $count = 1;
for my $c (@Cases) {
my ($case, $desc, $dep) = @$c;
$desc =~ s/NUMBER/$count/; $count++;
if (defined($explain) && $desc =~ /EXPLAIN/) {
$desc =~ s/EXPLAIN/$explain/;
$explain = "";
}
my $depends = "";
$depends = "depends_on:$dep\n" if defined($dep) && length($dep);
print <<EOF;
$desc
$depends$case
EOF
}
}
sub output {
return join(":", @_);
}
sub str {
return '"' . $_[0] . '"';
}
```
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Fix cast alignment warning in timing.c
All RSA associated algs are now forcedly disabled both on library and driver sides. Some PSA driver tests required to be fixed because they were just requiring for not having the built-in version, but they didn't check if the driver one was present (kind of assuming that RSA was always supported on the driver side). Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Some MAX_SIZE macros are too small when PSA ECC is accelerated
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
PSA cryptography miscellaneous
…e-mul Bignum: extract core_mul from the prototype
Fix memory allocations in pkcs7_verify test
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
…affolding bignum: Removed merge scaffolding
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Please refer to #7039
The PR updated only test-ca.key.
Gatekeeper checklist