mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-28 08:37:25 +00:00

Author	SHA1	Message	Date
Gilles Peskine	36dee75368	Update ECDSA signature conversion based on experimentation Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-30 16:15:17 +01:00
Gilles Peskine	dd77343381	Open question for ECDSA signature that can be resolved during implementation Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 14:33:32 +01:00
Gilles Peskine	d5b04a0c63	Add a usage parameter to mbedtls_pk_get_psa_attributes Let the user specify whether to use the key as a sign/verify key, an encrypt/decrypt key or a key agreement key. Also let the user indicate if they just want the public part when the input is a key pair. Based on a discussion in https://github.com/Mbed-TLS/mbedtls/pull/8682#discussion_r1444936480 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 14:31:57 +01:00
Gilles Peskine	702d9f65f6	Resolve several open questions as nothing special to do Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 12:58:25 +01:00
Gilles Peskine	42a025dc9c	Reference filed issues All PK-related actions are now covered. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 12:35:31 +01:00
Gilles Peskine	5a64c42693	Reference ongoing work Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 10:09:16 +01:00
Gilles Peskine	89ca6c7e72	typo Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 10:08:56 +01:00
Gilles Peskine	32294044e1	Generalize mbedtls_pk_setup_opaque beyond MBEDTLS_USE_PSA_CRYPTO It's useful in applications that want to use some PSA opaque keys regardless of whether all pk operations go through PSA. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 10:07:55 +01:00
Gilles Peskine	9fe1c699a8	Clarify PSA-to-PK copy intent Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-02 13:16:31 +01:00
Gilles Peskine	f80dcc5f8b	Resolve ECDSA conversion API: don't use an ASN.1 interface Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-02 13:15:47 +01:00
Gilles Peskine	a7226a1f60	Our TLS 1.3 API doesn't actually require PSA key identifiers Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-02 13:15:14 +01:00
Gilles Peskine	93cdb77835	Minor clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-02 13:15:04 +01:00
Gilles Peskine	8f1307adcd	Asymmetric cryptography: rough draft Still many open questions Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-25 21:42:23 +01:00
Gilles Peskine	7ee4cc302a	Create legacy-API bridge API design document Do the analysis for hashes. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-11-28 16:08:26 +01:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Valerio Setti	ab02d391cb	test: use only rev-parse for getting the current branch Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-31 16:47:07 +02:00
Valerio Setti	ccb0344969	test: add GIT alternative commands for older GIT versions The Docker container used for the CI has Git version 2.7.4 which does not support the "git branch --show-current" command since this was added in version 2.22. Therefore this commit adds an alternative version for old Git versions. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-31 15:07:49 +02:00
valerio	0b0486452c	improve syms.sh script for external dependencies analysis It is now possible to analyze also modules and not only x509 and tls libraries. Signed-off-by: valerio <valerio.setti@nordicsemi.no>	2023-04-24 10:34:08 +02:00
Manuel Pégourié-Gonnard	5c8c9e068e	Minor improvements Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-29 10:33:03 +02:00
Manuel Pégourié-Gonnard	b38c9c888f	Fix a typo Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard	03cb87ea3c	Update psa-limitations.md For recent work and latest plans. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard	52f7edb6ad	Update psa-migration/strategy.md - Update for the new hashes strategy, in part by adding references to md-cipher-dispatch.md - General update about the status of things since the last update Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard	c9e0ad23c1	Update design document - Support for PSA_CRYPTO_CLIENT without PSA_CRYPTO_C is out of scope for now but might be added later (the architecture supports that). - While we're using a void pointer for md_ctx, we don't need a union here; the union will be useful only if & when we remove the indirection. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard	6778ddf657	Merge pull request #6549 from gilles-peskine-arm/psa-migration-md-cipher-strategy Dual-API hash dispatch strategy	2023-02-15 12:50:13 +01:00
Gilles Peskine	91af0f9c0e	Minor clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-10 14:31:36 +01:00
Gilles Peskine	ff674d4c6f	Typos Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-10 14:31:17 +01:00
Gilles Peskine	199ee456b1	Summarize how to improve MBEDTLS_PSA_CRYPTO_CLIENT Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-08 12:35:19 +01:00
Gilles Peskine	58e935fc6b	add a missing Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-08 12:07:12 +01:00
Gilles Peskine	fad34a4f10	Support all legacy algorithms in PSA This is not strictly mandatory, but it helps. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-07 20:37:56 +01:00
Manuel Pégourié-Gonnard	5a2e02635a	Improve a few comments & documentation Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-01-23 12:51:52 +01:00
Manuel Pégourié-Gonnard	6bbeba6a44	Add ssl-opt.sh support to outcome-analysis.sh But make it optional as it makes things much slower. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard	222bc85c6c	Update outcome analysis script & documentation Now that the script only makes before-after comparison, it no longer makes sense to ignore some test suites. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-01-05 12:55:08 +01:00
Gilles Peskine	3e30e1fb19	We haven't actually made hash accelerators initless in 3.3 It seems that it won't be necessary anyway. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-13 20:34:17 +01:00
Gilles Peskine	14239c6e2e	Switching to PSA can break things with MBEDTLS_PSA_CRYPTO_CLIENT It's a rare scenario, but it's currently possible: if you use mbedtls_cipher_xxx() to encrypt the communication between the application and the crypto service, changing those functions to call PSA will break your system. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-13 20:32:48 +01:00
Gilles Peskine	22db9916fe	The PSA cipher/AEAD API requires an initialized keystore Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-13 20:32:29 +01:00
Gilles Peskine	143ebcc1d6	PKCS#1v1.5 sign/verify uses hash metadata Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-13 20:30:10 +01:00
Gilles Peskine	cb93ac91bb	Note that we can tweak the meaning of MBEDTLS_PSA_CRYPTO_CONFIG too Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-13 20:29:43 +01:00
Gilles Peskine	d167f16d55	Wording clarifications and typo fixes No intended meaning change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-13 20:29:15 +01:00
Manuel Pégourié-Gonnard	55a188b420	Clarify the "restart vs use PSA" situation in TLS Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-12-09 10:09:33 +01:00
Gilles Peskine	4eefade8bf	Sketch some optimizations relevant to MD light Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-25 23:05:14 +01:00
Gilles Peskine	f634fe10e7	Sketch the work to migrate to MD light Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-25 23:04:51 +01:00
Gilles Peskine	188e900a6d	Specify MD light based on the interface requirements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-25 23:04:16 +01:00
Gilles Peskine	382b34ca84	Work out the hash interface requirements Finish working out the RSA-PSS example in terms of what it implies about the interface. The key takeaway is that a mixed-domain module must support algorithms if they are available through either interface, and that's all there is to it. The details of how dispatch is done don't matter, what matters is only the availability, and it's just the disjunction of availabilities. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-25 22:57:18 +01:00
Przemek Stekiel	93986645d8	Remove reference vs drivers test from outcome-analysis.sh Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-11-09 15:06:44 +01:00
Gilles Peskine	c82050efdb	Starting to work out the RSA-PSS example Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-08 19:17:58 +01:00
Gilles Peskine	d47ba71676	New strategy: start the analysis Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-07 22:28:26 +01:00
Manuel Pégourié-Gonnard	0dc40773d6	Improve comments & messages Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-19 12:12:21 +02:00
Manuel Pégourié-Gonnard	d92fb01419	Skip bits not needed in outcome-analysis.sh Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-18 12:10:45 +02:00
Manuel Pégourié-Gonnard	b51051f1c7	Cosmetic improvement Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-18 12:10:45 +02:00
Manuel Pégourié-Gonnard	f6e6df9dbf	Add option for before-after or just ref-drivers Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-18 12:10:45 +02:00

1 2 3

101 Commits