mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-11 00:40:05 +00:00

Author	SHA1	Message	Date
Gilles Peskine	603b5b842b	Documentation: point to key_custom instead of key_ext Replace references to the deprecated functions `psa_generate_key_ext()` and `psa_key_derivation_output_key_ext()` by their replacements Implement `psa_generate_key_custom()` and `psa_key_derivation_output_key_custom()`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-08-06 13:12:06 +02:00
Gilles Peskine	b49e884c87	Merge pull request #9309 from gilles-peskine-arm/psa-keystore-design-doc-3.6 Backport 3.6: Document the key store design	2024-08-02 07:16:19 +00:00
Gilles Peskine	fd01bec6b6	Miscellaneous clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 15:37:46 +02:00
Gilles Peskine	f13fdf8a80	Expand on performance Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 15:37:39 +02:00
Gilles Peskine	1a0107bf1b	Discuss why we have so many variants Explain that the hybrid key store is the historical implementation and neither alternative is a drop-in replacement. Discuss how we could potentially reduce the number of variants after the next major release. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 15:36:13 +02:00
Gilles Peskine	dbd726bb45	Link to issue about freeing empty slices Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 00:21:42 +02:00
Gilles Peskine	ac6b61077a	Improve and fix explanation of next_free In particular, fix an off-by-one error right after I explain how the number is off by one from what you'd expect. State explicitly that the number can be negative. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 00:12:46 +02:00
Gilles Peskine	7d8ababd0c	Update macro name about the static key store Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 00:12:30 +02:00
Gilles Peskine	47f3fcd0f3	Typos and minor clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 00:12:21 +02:00
David Horstmann	4e7ca644ce	Upgrade python dependencies in requirements file Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-07-15 16:35:50 +01:00
Gilles Peskine	c7d9b2b586	psa_open_key does not lock the key in memory Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-06-24 18:31:37 +02:00
Gilles Peskine	3343e78655	Document the key store design Include the proposed dynamic and fully-static key stores that are currently proposed in https://github.com/Mbed-TLS/mbedtls/pull/9240 and https://github.com/Mbed-TLS/mbedtls/pull/9302 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-06-24 16:59:45 +02:00
David Horstmann	ea09152be9	Update file paths for moved files Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-05-31 15:51:41 +01:00
Bence Szépkúti	29c4017007	Merge pull request #9131 from davidhorstmann-arm/move-mbedtls-dev-to-framework-3.6 [Backport 3.6] Move `mbedtls_dev` to framework submodule	2024-05-28 15:50:56 +00:00
Gilles Peskine	89ef2fabb5	Driver-only FFDH is not good enough for DHE support in TLS 1.2 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-05-14 12:06:20 +02:00
David Horstmann	9638ca389b	Update references to mbedtls_dev Change these to point to the new mbedtls_framework module in the framework submodule. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-05-13 14:44:37 +01:00
Valerio Setti	320180f043	pk: add check_pair info to mbedtls_pk_setup_opaque() documentation This also updates use-psa-crypto.md accordingly. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-04-04 09:42:01 +02:00
Minos Galanakis	b70f0fd9a9	Merge branch 'development' into 'development-restricted' Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-19 22:24:40 +00:00
David Horstmann	3147034457	Mention MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS Explain this option and the way it relates to the copying macros. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 15:59:03 +00:00
David Horstmann	0ea8071bda	Remove 'Question' line around testing This question has been resolved, as we know that we can test transparently. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 15:51:03 +00:00
David Horstmann	4d01066311	Mention metatest.c Add a note that validation of validation was implemented in metatest.c and explain briefly what that program is for. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 15:02:08 +00:00
David Horstmann	872ee6ece0	Mention MBEDTLS_TEST_MEMORY_CAN_POISON The configuration of memory poisoning is now performed via compile-time detection setting MBEDTLS_MEMORY_CAN_POISON. Update the design to take account of this. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 15:00:08 +00:00
David Horstmann	12b35bf3c2	Discuss test wrappers and updating them Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 14:48:52 +00:00
David Horstmann	5ea99af0f2	Add discussion of copying conveience macros Namely LOCAL_INPUT_DECLARE() and friends Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 14:12:12 +00:00
David Horstmann	1c3b227065	Abstractify example in design exploration Since this is just an example, remove specific-sounding references to mbedtls_psa_core_poison_memory() and replace with more abstract and generic-sounding memory_poison_hook() and memory_unpoison_hook(). Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 13:37:59 +00:00
David Horstmann	3f2dcdd142	Rename mbedtls_psa_core_poison_memory() The actual functions were called mbedtls_test_memory_poison() and mbedtls_test_memory_unpoison(). Update the design section to reflect this. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 13:32:57 +00:00
David Horstmann	331b2cfb31	Clarify design decision in light of actions We were successful in adding transparent memory-poisoning testing, so simplify to the real design decision we made. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 13:17:25 +00:00
Dave Rodgman	5ce1577629	Merge pull request #8928 from Ryan-Everett-arm/update-psa-thread-safety-docs Update psa-thread-safety.md to reflect version 3.6 changes	2024-03-18 12:06:39 +00:00
Ryan Everett	765b75f2f8	Update docs/architecture/psa-thread-safety/psa-thread-safety.md Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com> Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-18 10:20:43 +00:00
Ryan Everett	f266b51e3f	Respond to feedback on psa-thread-safety.md A few typo fixes, extrapolations and extra details. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-15 17:30:31 +00:00
Ryan Everett	c408ef463c	Update slot transition diagram Adds missing transition and italicises internal functions Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-15 17:29:46 +00:00
Ronald Cron	a9bdc8fbb8	Improve tls13-support.md Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-15 15:52:04 +01:00
Ronald Cron	d514d9c798	tls13-early-data.md: Fix reading early data documentation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-15 10:41:52 +01:00
Ronald Cron	0fce958f17	tls13-early-data.md: Adapt code examples to new coding style Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-15 10:41:52 +01:00
Ronald Cron	b372b2e5bb	docs: Move TLS 1.3 early data doc to a dedicated file Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-15 10:41:52 +01:00
Ronald Cron	d76a2d8b98	tls13-support.md: Stop referring to the prototype Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-15 10:41:52 +01:00
Ronald Cron	1b606d8835	tls13-support.md: Early data supported now Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-15 10:41:52 +01:00
Ronald Cron	124ed8a775	tls13-support.md: Some fixes Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-15 10:41:52 +01:00
David Horstmann	24c269fd4a	Rewrite section on PSA copy functions The finally implemented functions were significantly different from the initial design idea, so update the document accordingly. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-14 18:03:35 +00:00
Ryan Everett	d4d6a7a20d	Rework and update psa-thread-safety.md I have restructured this file, and updated it to reflect changes in design/designs now being implemented. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-14 15:22:06 +00:00
Ryan Everett	c9515600fd	Fix state transition diagram This now represents the implemented model Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-14 13:22:05 +00:00
Manuel Pégourié-Gonnard	fb84c7681c	Merge pull request #8889 from gilles-peskine-arm/pk-psa-bridge-3.6-doc Document PK-PSA bridge functions	2024-03-13 10:55:36 +00:00
Gilles Peskine	e29b4b42b7	Fix copypasta Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-13 09:33:03 +01:00
David Horstmann	93fa4e1b87	Merge branch 'development' into buffer-sharing-merge	2024-03-12 15:05:06 +00:00
Gilles Peskine	e4220fef2f	MBEDTLS_USE_PSA_CRYPTO: most pk bridge functions don't require it mbedtls_setup_pk_opaque does require it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 13:03:12 +01:00
Gilles Peskine	0cff1116f7	Remind the reader that PK doesn't support DH Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 13:02:58 +01:00
Gilles Peskine	7caf2dc964	Discuss mbedtls_pk_copy_public_from_psa Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 13:02:45 +01:00
Gilles Peskine	8462146d01	Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core Merge psa_core_key_attributes_t back into psa_key_attributes_t	2024-03-05 09:59:24 +00:00
Gilles Peskine	634d60ce0a	List ECDSA signature conversion functions Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-04 19:29:13 +01:00
Gilles Peskine	0612adc0f7	Document mbedtls_pk_setup_opaque and mbedtls_pk_copy_from_psa Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-04 19:29:13 +01:00

1 2 3 4 5 ...

964 Commits