mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-04 06:40:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
22,343 Commits 170 Branches 263 Tags
Commit Graph

563 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
ec3fd75cbc Update strategy with late 2021 discussion 
Unless I missed something, this should now reflect the current strategy.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:15 +01:00
Manuel Pégourié-Gonnard
5218774efb Add note about HKDF for TLS 1.3 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
ab1d3084b7 Goal 1 tasks are now all reflected on github 
Replace descriptions with links just to double-check nothing has been
forgotten.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
0950359220 Improve "abstraction layers" section 
- fix inaccuracy about PSA hash implementation
- add note about context-less operations
- provide summary

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
a6c601c079 Explain compile-time incompatibilities 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
7497991356 Expand discussion of goals 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
e459be2ed1 Complete discussion of RSASSA-PSS 
Update to latest draft of PSA Crypto 1.1.0: back to strict verification
by default, but ANY_SALT introduced.

Commands used to observe default values of saltlen:

    openssl genpkey -algorithm rsa-pss -out o.key
    openssl req -x509 -new -key o.key -subj "/CN=CA" -sha256 -out o.crt

    certtool --generate-privkey --key-type rsa-pss --outfile g.key
    certtool --generate-self-signed --load-privkey g.key --outfile g.crt

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
f5ee4b3da4 Add data about RSA-PSS test files 
Data gathered with:

    for c in server9*.crt; do echo $c; openssl x509 -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in crl-rsa-pss-*; do echo $c; openssl crl -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in server9.req.*; do echo $c; openssl req -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done

Unfortunately there is no record of how these files have been generated.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b902164cf0 Add temporary list of tasks for G1 and G2 
Work in progress, some tasks have very explicit definitions and details
on how to execute, others much less so; some may need splitting.

These documents are temporary anyway, to give a rough idea of the work
remaining to reach those goals (both of which we started, but only for
some use case so far). Ultimately the result will be actionable and
estimated tasks on github.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
d9edd56bf8 Document PSA limitations that could be problems 
(WIP: the study of RSA-PSS is incomplete.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b89fd95146 Document the general strategy for PSA migration 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
1b52d09494 Document test strategy for USE_PSA_CRYPTO 
Note: removed `mbedtls_x509write_crt_set_subject_key()` from the list of
things that should be tested, as it's taking public key rather than a
keypair.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
0d0a104b2d Add study for TLS/X.509 dependencies on crypto 
This is an updated version of the study that was done a few years ago.

The script `syms` was used to list symbols form libmbedtls.a /
libmbedx509.a that are defined externally. It was run with config.py
full minus MBEDTLS_USE_PSA_CRYPTO minus
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:00 +01:00
Archana
21b20c72d3
Add Changelog and update documentation 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-19 10:35:15 +05:30
Archana
c08248d650
Rename the template file from .conf to .jinja 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-19 10:35:15 +05:30
Archana
a8939b6da3
Restructure scripts' folder alignment 
Moved python script generate_driver_wrappers.py under scripts and
corresponding template file under script/data_files.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-18 12:57:15 +05:30
Archana
1f1a34a226
Rev 1.0 of Driver Wrappers code gen 
The psa_crypto_driver_wrappers.c is merely rendered with no real
templating in version 1.0.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-18 12:22:06 +05:30
Ronald Cron
b1822efe22 docs: TLS 1.3: Improve wording 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 14:28:13 +01:00
Ronald Cron
7aa6fc1992 docs: TLS 1.3: Update prototype upstreaming status 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:22:21 +01:00
Ronald Cron
653d5bc781 docs: TLS 1.3: Swap prototype upstreaming status and MVP definition 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:22:21 +01:00
Ronald Cron
43ffc9d659 docs: TLS 1.3: Update TLS 1.3 documentation file name 
Update TLS 1.3 documentation file name and its
overview section.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:22:21 +01:00
Ronald Cron
0abf07ca2c Make PSA crypto mandatory for TLS 1.3 
As we want to move to PSA for cryptographic operations
let's mandate PSA crypto from the start.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:22:21 +01:00
Dave Rodgman
d7c091060f
Merge pull request #5242 from paul-elliott-arm/explain_TLS13_decision 
TLS1.3: Edit docs to explain not changing curve order.
 2021-12-07 11:01:04 +00:00
Paul Elliott
cce0f5a085 Fix typo 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-03 16:13:30 +00:00
Paul Elliott
c0d335bc1e Second draft of explanation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-02 16:38:05 +00:00
Paul Elliott
fe08944246 Fix spelling error 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-30 10:55:53 +00:00
Paul Elliott
89c8e098ee Convert tabs to spaces 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-30 10:54:52 +00:00
Paul Elliott
66491c7d08 Edit docs to explain not changing curve order 
TLS1.3 MVP would benefit from a different curve group preference order
in order to not cause a HelloRetryRequest (which are not yet handled),
however changing the curve group preference order would affect both
TLS1.2 and TLS1.3, which is undesirable for something rare that can
be worked around.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-29 10:39:44 +00:00
Xiaofei Bai
746f9481ea Fix 1_3/13 usages in macros and function names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Andrzej Kurek
e3ed82473a Fix duplicate variable name in getting_started.md 
Rename the key id variables to not clash with the raw key data.
This was introduced in cf56a0a3.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-11-19 13:40:20 +01:00
Manuel Pégourié-Gonnard
9a7cf9a196
Merge pull request #5045 from gilles-peskine-arm/rm-PSACryptoDriverModelSpec-development 
Remove the old driver model specification draft
 2021-10-29 09:36:15 +02:00
Dave Rodgman
c8aaac89d0 Fix naming examples in TLS 1.3 style guide 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-10-18 13:00:51 +01:00
Gilles Peskine
4086159910 Remove obsolete specification draft 
See https://armmbed.github.io/mbed-crypto/psa/#hardware-abstraction-layer
instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-07 19:14:01 +02:00
Manuel Pégourié-Gonnard
0729885c2b
Merge pull request #4963 from ronald-cron-arm/tls13-mvp 
Define TLS 1.3 MVP and document coding rules
 2021-09-29 10:32:49 +02:00
Ronald Cron
7fc96c1a57 Fix test description 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-28 16:29:04 +02:00
Ronald Cron
fb877215b5 Fix supported signature documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-28 16:29:04 +02:00
Ronald Cron
8ee9ed6785 Fix and improve the documentation of supported groups 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-28 16:28:58 +02:00
Ronald Cron
f164b6a7ff Add an overview section 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:48:09 +02:00
Ronald Cron
847c3580b8 Expend coding rules 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:48:09 +02:00
Ronald Cron
3e7c4036b4 Miscellaneous improvements 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:48:09 +02:00
Ronald Cron
fecda8ddb4 Improve the description of common macros usage 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:48:02 +02:00
Ronald Cron
99733f0511 Amend vector variables 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:37 +02:00
Ronald Cron
b194466e99 Amend TLS 1.3 prefix 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:37 +02:00
Ronald Cron
72064b30cf Fix usage of backticks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:37 +02:00
Ronald Cron
660c723b09 Add paragraph about expected quality 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:37 +02:00
Ronald Cron
7a7032a4ba Remove out of MVP scope items 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:37 +02:00
Ronald Cron
c3b510f096 Amend supported groups and signatures based on spec 9.1 section 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:37 +02:00
Ronald Cron
3160d70049 Add comments about key_share and supported_versions support 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:29 +02:00
Ronald Cron
85e51083d8 Add support for server_name extension 
Section 9.2 of the specification defines server_name
extension as mandatory if not specified otherwise by
an application profile. Thus add its support to the
MVP scope.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 13:42:39 +02:00
Ronald Cron
004df8ad5f Improve comment about handshake failure with HRR and CertificateRequest 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 13:42:39 +02:00