Commit Graph

123 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
c7f3254379 Clarify a sentence
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-10 13:00:33 +01:00
Manuel Pégourié-Gonnard
58d101b721 Fix a few more typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-10 12:58:09 +01:00
Manuel Pégourié-Gonnard
839bb8a238 Fix an inaccuracy
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 10:33:41 +01:00
Manuel Pégourié-Gonnard
80759c4917 Fix a few more typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 10:33:11 +01:00
Manuel Pégourié-Gonnard
8ebed21216 Fix a few typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-07 10:23:49 +01:00
Manuel Pégourié-Gonnard
539b9a52f9 Fix discussion of RSA-PSS salt length
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-07 10:19:08 +01:00
Manuel Pégourié-Gonnard
2467aed961 Misc updates to testing.md
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 10:42:30 +01:00
Manuel Pégourié-Gonnard
ce6c0875d1 Misc updates to strategy.md
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 10:34:20 +01:00
Manuel Pégourié-Gonnard
8e559daaa8 Misc updates to psa-limitations.md
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 10:26:07 +01:00
Manuel Pégourié-Gonnard
335cbf61da Remove temporary documents
The dependencies-xxx.md documents where merely a support for study,
now distilled to strategy.md, psa-limitation.md, and tasks-xx.md
and/or github issues.

The tasks-g1.md document has now been fully converted to a list of
github issues.

These documents would quickly become out-of-date and there's little
point in updating them, so it's better to remove them. They're still in
the github history if anyone wants to have a look.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 09:55:45 +01:00
Manuel Pégourié-Gonnard
ec3fd75cbc Update strategy with late 2021 discussion
Unless I missed something, this should now reflect the current strategy.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:15 +01:00
Manuel Pégourié-Gonnard
5218774efb Add note about HKDF for TLS 1.3
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
ab1d3084b7 Goal 1 tasks are now all reflected on github
Replace descriptions with links just to double-check nothing has been
forgotten.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
0950359220 Improve "abstraction layers" section
- fix inaccuracy about PSA hash implementation
- add note about context-less operations
- provide summary

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
a6c601c079 Explain compile-time incompatibilities
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
7497991356 Expand discussion of goals
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
e459be2ed1 Complete discussion of RSASSA-PSS
Update to latest draft of PSA Crypto 1.1.0: back to strict verification
by default, but ANY_SALT introduced.

Commands used to observe default values of saltlen:

    openssl genpkey -algorithm rsa-pss -out o.key
    openssl req -x509 -new -key o.key -subj "/CN=CA" -sha256 -out o.crt

    certtool --generate-privkey --key-type rsa-pss --outfile g.key
    certtool --generate-self-signed --load-privkey g.key --outfile g.crt

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
f5ee4b3da4 Add data about RSA-PSS test files
Data gathered with:

    for c in server9*.crt; do echo $c; openssl x509 -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in crl-rsa-pss-*; do echo $c; openssl crl -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in server9.req.*; do echo $c; openssl req -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done

Unfortunately there is no record of how these files have been generated.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b902164cf0 Add temporary list of tasks for G1 and G2
Work in progress, some tasks have very explicit definitions and details
on how to execute, others much less so; some may need splitting.

These documents are temporary anyway, to give a rough idea of the work
remaining to reach those goals (both of which we started, but only for
some use case so far). Ultimately the result will be actionable and
estimated tasks on github.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
d9edd56bf8 Document PSA limitations that could be problems
(WIP: the study of RSA-PSS is incomplete.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b89fd95146 Document the general strategy for PSA migration
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
1b52d09494 Document test strategy for USE_PSA_CRYPTO
Note: removed `mbedtls_x509write_crt_set_subject_key()` from the list of
things that should be tested, as it's taking public key rather than a
keypair.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
0d0a104b2d Add study for TLS/X.509 dependencies on crypto
This is an updated version of the study that was done a few years ago.

The script `syms` was used to list symbols form libmbedtls.a /
libmbedx509.a that are defined externally. It was run with config.py
full minus MBEDTLS_USE_PSA_CRYPTO minus
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:00 +01:00