mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-28 19:21:08 +00:00
Manuel Pégourié-Gonnard
GitHub
commit
7404af6ec3
8
ChangeLog.d/8357.txt
Normal file
8
ChangeLog.d/8357.txt
Normal file
@ -0,0 +1,8 @@
|
||||
Features
|
||||
* It is now possible to have AEADs support (CCM, GCM and ChaChaPoly) without
|
||||
MBEDTLS_CIPHER_C. This holds both for the builtin suport (MBEDTLS_CCM_C,
|
||||
MBEDTLS_GCM_C and MBEDTLS_CHACHAPOLY_C) as well as the PSA one
|
||||
(PSA_WANT_ALG_CCM, PSA_WANT_ALG_GCM, PSA_WANT_ALG_CHACHA20_POLY1305).
|
||||
On the PSA side this means that it is possible to enable
|
||||
MBEDTLS_PSA_CRYPTO_C without MBEDTLS_CIPHER_C if none of the
|
||||
non-authenticated ciphers is enabled.
|
||||
@ -45,6 +45,11 @@
|
||||
#undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
|
||||
#undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE
|
||||
|
||||
/* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it
|
||||
* does not need CIPHER_C to be enabled, so we can disable it in order
|
||||
* to reduce code size further. */
|
||||
#undef MBEDTLS_CIPHER_C
|
||||
|
||||
/*
|
||||
* In order to get an example config that works cleanly out-of-the-box
|
||||
* for both baremetal and non-baremetal builds, we detect baremetal builds
|
||||
|
||||
@ -55,6 +55,7 @@ For now, only the following (families of) mechanisms are supported:
|
||||
- hashes: SHA-3, SHA-2, SHA-1, MD5, etc.
|
||||
- elliptic-curve cryptography (ECC): ECDH, ECDSA, EC J-PAKE, ECC key types.
|
||||
- finite-field Diffie-Hellman: FFDH algorithm, DH key types.
|
||||
- AEADs: GCM, CCM and ChachaPoly
|
||||
|
||||
Supported means that when those are provided only by drivers, everything
|
||||
(including PK, X.509 and TLS if `MBEDTLS_USE_PSA_CRYPTO` is enabled) should
|
||||
@ -63,7 +64,7 @@ in the "Limitations" sub-sections of the sections dedicated to each family
|
||||
below.
|
||||
|
||||
In the near future (end of 2023), we are planning to also add support for
|
||||
ciphers (AES) and AEADs (GCM, CCM, ChachaPoly).
|
||||
ciphers (AES, ARIA, Camellia).
|
||||
|
||||
Currently (mid-2023) we don't have plans to extend this to RSA. If
|
||||
you're interested in driver-only support for RSA, please let us know.
|
||||
@ -240,3 +241,34 @@ removing builtin support (i.e. `MBEDTLS_DHM_C`).
|
||||
### Limitations
|
||||
Support for deterministic derivation of a DH keypair
|
||||
(i.e. `PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE`) is not supported.
|
||||
|
||||
AEADs
|
||||
-----
|
||||
|
||||
[This section might contain incomplete data and it is going to be updated in
|
||||
#8358, i.e. the wrap-up task for accelerated ciphers and AEADs.]
|
||||
|
||||
It is possible to have all AEADs operations provided only by a driver.
|
||||
|
||||
More precisely you can:
|
||||
- enable desired PSA algorithm(s) and key type(s):
|
||||
- `PSA_WANT_ALG_[CCM|GCM]` with `PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]`
|
||||
- `PSA_WANT_ALG_CHACHA20_POLY1305` with `PSA_WANT_KEY_TYPE_CHACHA20`;
|
||||
- enable `MBEDTLS_PSA_ACCEL_xxx` symbol(s) which correspond to the
|
||||
`PSA_WANT_xxx` of the previous step (both for algorithms and key types);
|
||||
- disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY|POLY1305]_C`
|
||||
algorithms and key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs
|
||||
which are accelerated.
|
||||
|
||||
In a build in which all AEADs algorithms and related key types are accelerated
|
||||
all AEADs operations requested through the PSA Crypto API (including those in
|
||||
TLS and X.509) will be performed by the driver.
|
||||
Moreover if no unauthenticated cipher is required, it is also possible to
|
||||
disable all built-in block cipher's key types
|
||||
(i.e. `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C`) and `MBEDTLS_CIPHER_C`. This
|
||||
helps in further reducing code's footprint, but unfortunately it makes the
|
||||
following modules unavailable:
|
||||
- `MBEDTLS_PKCS[5|12]_C`
|
||||
- `MBEDTLS_CTR_DRBG_C`
|
||||
- `MBEDTLS_NIST_KW_C`
|
||||
|
||||
|
||||
@ -3265,6 +3265,10 @@ component_test_tfm_config_p256m_driver_accel_ec () {
|
||||
# Check that p256m was built
|
||||
grep -q p256_ecdsa_ library/libmbedcrypto.a
|
||||
|
||||
# In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
|
||||
# files, so we want to ensure that it has not be re-enabled accidentally.
|
||||
not grep mbedtls_cipher library/cipher.o
|
||||
|
||||
# Run the tests
|
||||
msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
|
||||
make test
|
||||
@ -3286,6 +3290,10 @@ component_test_tfm_config() {
|
||||
# Check that p256m was not built
|
||||
not grep p256_ecdsa_ library/libmbedcrypto.a
|
||||
|
||||
# In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
|
||||
# files, so we want to ensure that it has not be re-enabled accidentally.
|
||||
not grep mbedtls_cipher library/cipher.o
|
||||
|
||||
msg "test: TF-M config"
|
||||
make test
|
||||
}
|
||||
|
||||
@ -182,56 +182,74 @@ depends_on:MBEDTLS_ARIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_ARIA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"00112233445566778899aabbccddeeff":"f92bd7c79fb72e2f2b8f80c1972d24fc"
|
||||
|
||||
Camellia-128-ECB Encrypt RFC3713 #1
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"0123456789abcdeffedcba9876543210":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43"
|
||||
|
||||
Camellia-192-ECB Encrypt RFC3713 #1
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"0123456789abcdeffedcba98765432100011223344556677":"0123456789abcdeffedcba9876543210":"b4993401b3e996f84ee5cee7d79b09b9"
|
||||
|
||||
Camellia-256-ECB Encrypt RFC3713 #1
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff":"0123456789abcdeffedcba9876543210":"9acc237dff16d76c20ef7c919e3a7509"
|
||||
|
||||
Camellia-128-ECB Encrypt Perl EVP #1 [#1]
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"000102030405060708090A0B0C0D0E0F":"00112233445566778899AABBCCDDEEFF":"77CF412067AF8270613529149919546F"
|
||||
|
||||
Camellia-192-ECB Encrypt Perl EVP #1 [#1]
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"000102030405060708090A0B0C0D0E0F1011121314151617":"00112233445566778899AABBCCDDEEFF":"B22F3C36B72D31329EEE8ADDC2906C68"
|
||||
|
||||
Camellia-256-ECB Encrypt Perl EVP #1 [#1]
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"00112233445566778899AABBCCDDEEFF":"2EDF1F3418D53B88841FC8985FB1ECF2"
|
||||
|
||||
Camellia-128-ECB Encrypt Perl EVP #1 [#2]
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"6BC1BEE22E409F96E93D7E117393172A":"432FC5DCD628115B7C388D770B270C96"
|
||||
|
||||
Camellia-128-ECB Encrypt Perl EVP #2
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"AE2D8A571E03AC9C9EB76FAC45AF8E51":"0BE1F14023782A22E8384C5ABB7FAB2B"
|
||||
|
||||
Camellia-128-ECB Encrypt Perl EVP #3
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"30C81C46A35CE411E5FBC1191A0A52EF":"A0A1ABCD1893AB6FE0FE5B65DF5F8636"
|
||||
|
||||
Camellia-128-ECB Encrypt Perl EVP #4
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"F69F2445DF4F9B17AD2B417BE66C3710":"E61925E0D5DFAA9BB29F815B3076E51A"
|
||||
|
||||
Camellia-192-ECB Encrypt Perl EVP #1 [#2]
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"6BC1BEE22E409F96E93D7E117393172A":"CCCC6C4E138B45848514D48D0D3439D3"
|
||||
|
||||
Camellia-192-ECB Encrypt Perl EVP #2
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"AE2D8A571E03AC9C9EB76FAC45AF8E51":"5713C62C14B2EC0F8393B6AFD6F5785A"
|
||||
|
||||
Camellia-192-ECB Encrypt Perl EVP #3
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"30C81C46A35CE411E5FBC1191A0A52EF":"B40ED2B60EB54D09D030CF511FEEF366"
|
||||
|
||||
Camellia-192-ECB Encrypt Perl EVP #4
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"F69F2445DF4F9B17AD2B417BE66C3710":"909DBD95799096748CB27357E73E1D26"
|
||||
|
||||
Camellia-256-ECB Encrypt Perl EVP #1 [#2]
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"6BC1BEE22E409F96E93D7E117393172A":"BEFD219B112FA00098919CD101C9CCFA"
|
||||
|
||||
Camellia-256-ECB Encrypt Perl EVP #2
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"AE2D8A571E03AC9C9EB76FAC45AF8E51":"C91D3A8F1AEA08A9386CF4B66C0169EA"
|
||||
|
||||
Camellia-256-ECB Encrypt Perl EVP #3
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"30C81C46A35CE411E5FBC1191A0A52EF":"A623D711DC5F25A51BB8A80D56397D28"
|
||||
|
||||
Camellia-256-ECB Encrypt Perl EVP #4
|
||||
depends_on:MBEDTLS_CAMELLIA_C
|
||||
test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"F69F2445DF4F9B17AD2B417BE66C3710":"7960109FB6DC42947FCFE59EA3C5EB6B"
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user