mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-04-07 13:22:46 +00:00
Goal 1 tasks are now all reflected on github
Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
parent
0950359220
commit
ab1d3084b7
@ -14,54 +14,31 @@ Hashes
|
||||
|
||||
### Use `psa_hash` in all of X.509
|
||||
|
||||
Conditionally on `MBEDTLS_USE_PSA_CRYPTO`, replace all remaining calls to
|
||||
`mbedtls_md()` or `mbedtls_sha1_ret()` by calls `psa_hash` functions, namely:
|
||||
- replace `mbedtls_md()` in `x509_crt_verifycrl()` in `x509_crt.c`
|
||||
- replace `mbedtls_md()` in `mbedtls_x509write_crt_der()` in `x509write_crt.c`
|
||||
- replace `mbedtls_sha1_ret() in
|
||||
`mbedtls_x509write_crt_set_subject_key_identifier()` in `x509write_crt.c`
|
||||
- replace `mbedtls_sha1_ret() in
|
||||
`mbedtls_x509write_crt_set_authority_key_identifier()` in `x509write_crt.c`
|
||||
- already done in `x509_crt_check_signature()` in `x509_crt.c`, but might
|
||||
want to replace multi-part with single-part.
|
||||
- already done in `mbedtls_x509write_csr_der_internal()` in
|
||||
`x509write_csr.c`, but might want to replace multi-part with single-part.
|
||||
https://github.com/ARMmbed/mbedtls/issues/5157
|
||||
|
||||
HMAC
|
||||
----
|
||||
|
||||
### Variable-time HMAC in TLS record protection
|
||||
|
||||
- This is about the calls to `mbedtls_md_hmac_xxx()` in
|
||||
`mbedtls_ssl_decrypt_buf()` and `mbedtls_ssl_encrypt_buf()`, but excludes the
|
||||
call in `mbedtls_ssl_cf_hmad()` (which it its own task).
|
||||
- Might need to change the `transform` structure to hold a PSA context instead
|
||||
of an MD context. Note: might keep the MD context in parallel until the
|
||||
constant-time part is done as well.
|
||||
|
||||
TODO: study this better so it can be estimated.
|
||||
https://github.com/ARMmbed/mbedtls/issues/5177
|
||||
|
||||
### Constant-time HMAC in TLS record protection
|
||||
|
||||
This is `mbedtls_ssl_cf_hmac()`. The PSA code might look a bit different as
|
||||
we'll probably need to store the HMAC key somewhere and compute the ipad/opad
|
||||
explicitly instead of using (the internals of) the MD layers for that.
|
||||
https://github.com/ARMmbed/mbedtls/issues/5178
|
||||
|
||||
TODO: study this better so it can be estimated.
|
||||
|
||||
Ciphers
|
||||
-------
|
||||
|
||||
### Use PSA for all cipher operations in TLS
|
||||
|
||||
- extend existing `mbedtls_cipher_setup_psa()` and related code to support
|
||||
other ciphers than AES that can be used in TLS: ARIA (depends on #4959),
|
||||
Camellia, ChachaPoly.
|
||||
- extend unit-testing in `test_suite_cipher` to test those new ciphers as
|
||||
AES-based cipher are already tested
|
||||
- remove the fallback mechanism in all places where `cipher_setup_psa()` is
|
||||
called from TLS code
|
||||
- expand use of `run_test_psa()` in `ssl-opt.sh`
|
||||
https://github.com/ARMmbed/mbedtls/issues/5181
|
||||
https://github.com/ARMmbed/mbedtls/issues/5182
|
||||
https://github.com/ARMmbed/mbedtls/issues/5203
|
||||
https://github.com/ARMmbed/mbedtls/issues/5204
|
||||
https://github.com/ARMmbed/mbedtls/issues/5205
|
||||
https://github.com/ARMmbed/mbedtls/issues/5206
|
||||
|
||||
Asymmetric crypto
|
||||
=================
|
||||
@ -71,82 +48,67 @@ ECDSA
|
||||
|
||||
### Make `mbedtls_pk_sign()` use PSA for ECDSA operations
|
||||
|
||||
- This is already done with `PK_OPAQUE` contexts, but this task is about doing
|
||||
it for regulard `ECKEY`/`ECDSA` contexts.
|
||||
- May share some code (transcoding) with the exist support for `PK_OPAQUE`
|
||||
contexts
|
||||
https://github.com/ARMmbed/mbedtls/issues/5274
|
||||
|
||||
RSA signature (and verification)
|
||||
--------------------------------
|
||||
|
||||
### Make `mbedtls_pk_sign()` use PSA for RSA operations
|
||||
|
||||
- with regular `PK_RSA` context
|
||||
- only PKCS#1 v1.5 for this task
|
||||
- similar to what's done for ECDSA, except no need for transcoding (I think)
|
||||
https://github.com/ARMmbed/mbedtls/issues/5162
|
||||
|
||||
### Make `mbedtls_pk_verify()` use PSA for RSA operations
|
||||
|
||||
- with regular `PK_RSA` context
|
||||
- only PKCS#1 v1.5 for this task
|
||||
- similar to what's done for ECDSA, except no need for transcoding (I think)
|
||||
https://github.com/ARMmbed/mbedtls/issues/5159
|
||||
|
||||
### Make `mbedtls_pk_verify_ext()` use PSA for RSA operations
|
||||
|
||||
- with regular `PK_RSA` context
|
||||
- this is for RSA-PSS
|
||||
- similar to what's done for ECDSA, except no need for transcoding (I think)
|
||||
- acceptable to enforce that all hashes are equal in the parameters (as
|
||||
imposed by the PSA API) and reject the signature otherwise
|
||||
- then need to check if all X.509 tests still pass, and if some don't, make
|
||||
them depend on `!MBEDTLS_USE_PSA_CRYPTO`
|
||||
|
||||
RISK: see `psa-limitations.md`
|
||||
https://github.com/ARMmbed/mbedtls/issues/5333 (partial)
|
||||
https://github.com/ARMmbed/mbedtls/issues/5277 (futher)
|
||||
|
||||
RSA en/decryption
|
||||
-----------------
|
||||
|
||||
### Make `mbedtls_pk_encrypt()` use PSA for RSA operations
|
||||
|
||||
- with regular `PK_RSA` context
|
||||
|
||||
https://github.com/ARMmbed/mbedtls/issues/5161
|
||||
|
||||
### Make `mbedtls_pk_decrypt()` use PSA for RSA operations
|
||||
|
||||
- with regular `PK_RSA` context
|
||||
https://github.com/ARMmbed/mbedtls/issues/5160
|
||||
|
||||
ECDH
|
||||
----
|
||||
|
||||
Additional:
|
||||
https://github.com/ARMmbed/mbedtls/issues/5291 (pre clean-up)
|
||||
https://github.com/ARMmbed/mbedtls/issues/5321 (TLS 1.3)
|
||||
https://github.com/ARMmbed/mbedtls/issues/5322 (post clean-up)
|
||||
|
||||
### Write remaining utilities for ECDH parsing/writing
|
||||
|
||||
- PSA only provides an API for the operation, need to parse and write
|
||||
parameters and public keys to/from grp ID + string of bytes
|
||||
- need to complete what was done in 4a.1
|
||||
- testing: positive: extract known-good inputs/outputs from actual handshakes?
|
||||
- testing: negative: manipulate known-good input to make it invalid
|
||||
|
||||
Note: future task in this section depend on this one, but not on each other.
|
||||
(not a task on its own, part of other tasks)
|
||||
|
||||
### Use PSA for ECDHE in ECDHE-ECDSA and ECDHE-RSA server-side
|
||||
|
||||
- may need to separate branches from other ECDHE-based key exchanges
|
||||
- only server-side (client-side is already done, can be used for inspiration)
|
||||
https://github.com/ARMmbed/mbedtls/issues/5317
|
||||
|
||||
### Use PSA for ECDH in ECDHE-PSK (all sides and versions)
|
||||
|
||||
- only with non-opaque PSK (support for opaque PSK here is part of G2)
|
||||
https://github.com/ARMmbed/mbedtls/issues/5318
|
||||
|
||||
### Use PSA for ECDH in static-ECDH key exchanges
|
||||
|
||||
- may require additional utility functions to load from cert to PSA
|
||||
https://github.com/ARMmbed/mbedtls/issues/5319
|
||||
https://github.com/ARMmbed/mbedtls/issues/5320
|
||||
|
||||
FFDH
|
||||
----
|
||||
|
||||
This may be hard, see `psa-limitations.md`
|
||||
https://github.com/ARMmbed/mbedtls/issues/5287
|
||||
|
||||
EC J-PAKE
|
||||
---------
|
||||
|
||||
Use PSA for all EC J-PAKE operations in TLS (both sides).
|
||||
(TODO: consider how this could be split.)
|
||||
https://github.com/ARMmbed/mbedtls/issues/5275
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user