Commit Graph

123 Commits

Author SHA1 Message Date
Ronald Cron
93ba625b96 Remove MBEDTLS_PSA_CRYPTO_CONFIG configuration option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-11-21 15:52:06 +01:00
Ronald Cron
7e5d61c41a Adjust more paths to PSA headers
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-06-13 09:51:20 +02:00
Gilles Peskine
3f557ad59c Wording improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-07 11:22:16 +01:00
Gilles Peskine
30a303f1a8 ECDSA signature conversion: put bits first
Metadata, then inputs, then outputs.
https://github.com/Mbed-TLS/mbedtls/pull/8703#discussion_r1474697136

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-06 19:45:11 +01:00
Manuel Pégourié-Gonnard
f1562a7217
Merge pull request #8657 from gilles-peskine-arm/pk-psa-bridge-design
PK-PSA bridge design document
2024-01-31 09:51:43 +00:00
Gilles Peskine
36dee75368 Update ECDSA signature conversion based on experimentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-30 16:15:17 +01:00
Gilles Peskine
dd77343381 Open question for ECDSA signature that can be resolved during implementation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 14:33:32 +01:00
Gilles Peskine
d5b04a0c63 Add a usage parameter to mbedtls_pk_get_psa_attributes
Let the user specify whether to use the key as a sign/verify key, an
encrypt/decrypt key or a key agreement key. Also let the user indicate if
they just want the public part when the input is a key pair.

Based on a discussion in
https://github.com/Mbed-TLS/mbedtls/pull/8682#discussion_r1444936480

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 14:31:57 +01:00
Gilles Peskine
702d9f65f6 Resolve several open questions as nothing special to do
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 12:58:25 +01:00
Gilles Peskine
42a025dc9c Reference filed issues
All PK-related actions are now covered.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 12:35:31 +01:00
Gilles Peskine
5a64c42693 Reference ongoing work
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 10:09:16 +01:00
Gilles Peskine
89ca6c7e72 typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 10:08:56 +01:00
Gilles Peskine
32294044e1 Generalize mbedtls_pk_setup_opaque beyond MBEDTLS_USE_PSA_CRYPTO
It's useful in applications that want to use some PSA opaque keys regardless
of whether all pk operations go through PSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 10:07:55 +01:00
Manuel Pégourié-Gonnard
0f45a1aec5 Fix typos / improve syntax
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-01-10 09:43:30 +01:00
Manuel Pégourié-Gonnard
60c9eee267 Improve wording & fix typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-01-09 10:09:17 +01:00
Manuel Pégourié-Gonnard
d0c6f70e58 Update architecture doc for cipher dual dispatch
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-01-08 11:35:01 +01:00
Gilles Peskine
9fe1c699a8 Clarify PSA-to-PK copy intent
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 13:16:31 +01:00
Gilles Peskine
f80dcc5f8b Resolve ECDSA conversion API: don't use an ASN.1 interface
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 13:15:47 +01:00
Gilles Peskine
a7226a1f60 Our TLS 1.3 API doesn't actually require PSA key identifiers
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 13:15:14 +01:00
Gilles Peskine
93cdb77835 Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 13:15:04 +01:00
Gilles Peskine
8f1307adcd Asymmetric cryptography: rough draft
Still many open questions

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-25 21:42:23 +01:00
Manuel Pégourié-Gonnard
69b290589b
Merge pull request #8057 from mpg/cipher-study
[G2] Tentative definition of Cipher light
2023-12-22 08:53:30 +00:00
Manuel Pégourié-Gonnard
4dde0b293c md-cipher-dispatch: editorial improvements
Fix a typo, add a reference.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-12-14 12:09:38 +01:00
Manuel Pégourié-Gonnard
b8c4254f44 Update cipher light -> block cipher definition
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-12-07 12:12:39 +01:00
Manuel Pégourié-Gonnard
303121eb16 Fix a typo
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-12-07 12:05:07 +01:00
Gilles Peskine
7ee4cc302a Create legacy-API bridge API design document
Do the analysis for hashes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-28 16:08:26 +01:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Manuel Pégourié-Gonnard
4823d2c94e Extend design discussion
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-26 12:56:39 +02:00
Manuel Pégourié-Gonnard
6b3643117b Document chosen goals and priorities for 3.x
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-26 11:02:17 +02:00
Manuel Pégourié-Gonnard
3bcda449c0 Things forgotten in the previous commit
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-26 10:03:49 +02:00
Manuel Pégourié-Gonnard
f1878d8974 Update to only serve GCM and CCM
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-12 11:19:00 +02:00
Manuel Pégourié-Gonnard
301d2a29a7 Update to MD light section
Mostly to reflect this has been implemented, and remove references to
temporary remains from the previous strategy (hash_info, legacy_or_psa)
which would probably be more confusing than helpful at this point.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-10 10:04:07 +02:00
Manuel Pégourié-Gonnard
2daee0410e Update list of modules using hashes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-10 10:04:07 +02:00
Manuel Pégourié-Gonnard
ca18b7747e Update definition of Cipher light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-10 10:04:07 +02:00
Manuel Pégourié-Gonnard
839d3580bd Update details of modules using cipher operations
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-10 09:22:59 +02:00
Manuel Pégourié-Gonnard
36cd3f9f8e Add tentative definition of Cipher light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-08-11 10:06:42 +02:00
Manuel Pégourié-Gonnard
948137be59 Add details on use of ciphers from other modules
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-08-10 16:58:30 +02:00
Valerio Setti
ab02d391cb test: use only rev-parse for getting the current branch
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-31 16:47:07 +02:00
Valerio Setti
ccb0344969 test: add GIT alternative commands for older GIT versions
The Docker container used for the CI has Git version 2.7.4 which
does not support the "git branch --show-current" command since this
was added in version 2.22.
Therefore this commit adds an alternative version for old Git versions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-31 15:07:49 +02:00
valerio
0b0486452c improve syms.sh script for external dependencies analysis
It is now possible to analyze also modules and not only
x509 and tls libraries.

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-24 10:34:08 +02:00
Manuel Pégourié-Gonnard
5c8c9e068e Minor improvements
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-29 10:33:03 +02:00
Manuel Pégourié-Gonnard
b38c9c888f Fix a typo
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
03cb87ea3c Update psa-limitations.md
For recent work and latest plans.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
52f7edb6ad Update psa-migration/strategy.md
- Update for the new hashes strategy, in part by adding references to
md-cipher-dispatch.md
- General update about the status of things since the last update

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
c9e0ad23c1 Update design document
- Support for PSA_CRYPTO_CLIENT without PSA_CRYPTO_C is out of scope for
now but might be added later (the architecture supports that).
- While we're using a void pointer for md_ctx, we don't need a union
here; the union will be useful only if & when we remove the indirection.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
6778ddf657
Merge pull request #6549 from gilles-peskine-arm/psa-migration-md-cipher-strategy
Dual-API hash dispatch strategy
2023-02-15 12:50:13 +01:00
Gilles Peskine
91af0f9c0e Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-10 14:31:36 +01:00
Gilles Peskine
ff674d4c6f Typos
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-10 14:31:17 +01:00
Gilles Peskine
199ee456b1 Summarize how to improve MBEDTLS_PSA_CRYPTO_CLIENT
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 12:35:19 +01:00
Gilles Peskine
58e935fc6b add a missing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 12:07:12 +01:00