mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 03:40:04 +00:00

Author	SHA1	Message	Date
Janos Follath	b6954730f0	Fix typo Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-08-31 13:54:21 +01:00
Janos Follath	35633dd977	Add threading non-requirement State explicitly the non-requirement that it's ok for psa_destroy_key to block waiting for a driver. Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-08-31 08:31:19 +01:00
Janos Follath	15d9ec29be	Improve thread safety presentation - Use unique section titles so that there are unique anchors - Make list style consistent between similar sections Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-08-31 08:22:21 +01:00
Janos Follath	0385c2815c	Tighten thread safety requirements We shouldn't violate the requirement that the key identifier can be reused. In practice, a key manager may destroy a key that's in use by another process, and the privileged world containing the key manager and the crypto service should not be perturbed by an unprivileged process. With respect to blocking, again, a key manager should not be blocked indefinitely by an unprivileged application. These are desirable properties even in the short term. Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-08-30 16:44:04 +01:00
Janos Follath	7ec993d804	Refine thread safety requirements Split and refine short term requirements for key deletion. Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-08-23 16:04:48 +01:00
Valerio Setti	d31b28485b	driver-only-builds: update EC and FFDH sections Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-17 12:36:40 +02:00
Manuel Pégourié-Gonnard	36cd3f9f8e	Add tentative definition of Cipher light Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-08-11 10:06:42 +02:00
Manuel Pégourié-Gonnard	948137be59	Add details on use of ciphers from other modules Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-08-10 16:58:30 +02:00
Gilles Peskine	33291ba35f	Merge pull request #5538 from gilles-peskine-arm/psa-thread_safety-doc PSA thread safety requirements	2023-08-10 16:21:55 +02:00
Manuel Pégourié-Gonnard	0b6d021069	Adjust presence of warning/link. - the codegen migration document is already a migration document, so doesn't need the extra warning about work in progress; - the driver interface can use a link to the more practical guide too. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-08-08 09:37:11 +02:00
Gilles Peskine	9aa93c8e78	Added a note about new primitives for secure destruction Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-07 16:32:09 +02:00
Gilles Peskine	584bf985f5	Elaborate on psa_destroy_key requirements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-07 16:29:19 +02:00
Manuel Pégourié-Gonnard	de24ba6cfd	Add link to examples in relevant places Some documents about driver describe a state of things that is ahead of the reality. They already contain a warning about it, but no way to know that the current reality is; add a pointer to a document that describes it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-08-07 11:36:14 +02:00
Manuel Pégourié-Gonnard	b61484947a	Fix error in the guide to drivers There is no export_key entry point for transparent drivers. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-08-07 11:32:51 +02:00
Gilles Peskine	d3a797710a	psa_is_key_slot_occupied: change to using the key identifier Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-02 18:36:06 +02:00
Valerio Setti	ab02d391cb	test: use only rev-parse for getting the current branch Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-31 16:47:07 +02:00
Valerio Setti	ccb0344969	test: add GIT alternative commands for older GIT versions The Docker container used for the CI has Git version 2.7.4 which does not support the "git branch --show-current" command since this was added in version 2.22. Therefore this commit adds an alternative version for old Git versions. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-31 15:07:49 +02:00
Manuel Pégourié-Gonnard	1c739ec277	Merge pull request #7900 from mpg/doc-driver-only ECPf wrap-up	2023-07-26 10:25:54 +02:00
Manuel Pégourié-Gonnard	fb22c27f1d	Misc wording fixes and improvements Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-07-18 10:40:56 +02:00
Manuel Pégourié-Gonnard	1937cf8143	Improve wording & fix a typo Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-07-11 11:14:15 +02:00
Manuel Pégourié-Gonnard	c97775162e	Fix inaccurate information about FFDH Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-07-11 11:11:20 +02:00
Dave Rodgman	e183ecef3d	Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases Record the outcome of each test case in compat.sh	2023-07-10 12:08:32 +01:00
Manuel Pégourié-Gonnard	7a82e27a10	Add documentation on driver-only ECC Just one part left for later. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-07-07 17:09:14 +02:00
Manuel Pégourié-Gonnard	6d5f4946e6	Add docs/driver-only-builds.md Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-07-07 17:09:14 +02:00
Gilles Peskine	0ca2a1f51b	Merge pull request #7646 from gilles-peskine-arm/psa-driver-transaction-testing-spec Storage resilience with stateful secure elements: design document	2023-06-29 18:25:52 +02:00
Gilles Peskine	909cf5a3ec	Show how to extract curve information from an ecp_keypair It's not pretty. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-20 23:38:39 +02:00
Gilles Peskine	603f0fca6e	The ECP curve name is the one from TLS, not one we made up Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-20 23:38:21 +02:00
Manuel Pégourié-Gonnard	417ce2c574	Rename _USE to _BASIC Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-16 10:36:44 +02:00
Gilles Peskine	379ff8754d	Cover ecp.h Also correct some statements about rsa/ecp/pk check functions. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-15 21:15:21 +02:00
Gilles Peskine	f75e65d90b	Rename PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_USE to ..._BASIC per https://github.com/Mbed-TLS/mbedtls/issues/7439#issuecomment-1592673401 and https://github.com/Mbed-TLS/mbedtls/pull/7774#discussion_r1230658660 State that EXPORT implies BASIC. Also fix missing `WANT_` parts. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-15 18:39:14 +02:00
Gilles Peskine	5bd4f17e4e	Cover ECDH and DHM Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-15 18:33:30 +02:00
Gilles Peskine	b33d0ac532	Mention self-tests Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-15 18:33:15 +02:00
Manuel Pégourié-Gonnard	1cae90bf50	Update PSA_WANT spec for new KEY_PAIR scheme Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-14 12:19:13 +02:00
Gilles Peskine	c7b53f3ab7	Mention mbedtls_psa_get_random Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-13 21:31:53 +02:00
Gilles Peskine	34a201774e	More about whether to have the driver key id in the transaction list Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-13 21:11:43 +02:00
Gilles Peskine	009c06b973	Discuss the cost of a get_key_attributes entry point Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-13 21:11:43 +02:00
Gilles Peskine	5ad8ca2a5f	Legacy-to-PSA transition guide Covers most modules, but missing most of ecp, ecdh and dhm. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-13 19:52:31 +02:00
Gilles Peskine	265ce7c1da	Merge pull request #5451 from gilles-peskine-arm/psa-driver-kdf-spec PSA drivers: specification for key derivation	2023-06-06 11:37:28 +02:00
Gilles Peskine	f4ba0013e2	Clarify when key derivation entry points are mandatory/permitted Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-05 14:24:14 +02:00
Gilles Peskine	8dd1e623e1	Copyediting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-05 14:14:41 +02:00
Gilles Peskine	7df8ba6a10	Rework the description of key derivation output/verify key Some of the fallback mechanisms between the entry points were not described corrrectly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-02 18:16:02 +02:00
Gilles Peskine	dcaf104eef	Note that we may want to rename derive_key ... if we think of a better name Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-02 18:02:41 +02:00
Gilles Peskine	f96a18edc7	Probably resolve concern about the input size for derive_key Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-02 18:02:15 +02:00
Gilles Peskine	1414bc34b9	Minor copyediting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-02 17:54:32 +02:00
Gilles Peskine	24f52296f1	Key agreement needs an attribute structure for our key Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-31 00:44:04 +02:00
Gilles Peskine	e52bff994c	Note possible issue with derive_key: who should choose the input length? Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-31 00:43:29 +02:00
Gilles Peskine	b319ed69c4	State explicitly that cooked key derivation uses the export format This is the case for all key creation in a secure element, but state it explicitly where relevant. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-31 00:42:45 +02:00
Gilles Peskine	f787879a14	Clarify sequencing of long inputs Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-31 00:42:29 +02:00
Gilles Peskine	d2fe1d5498	Rationale on key derivation inputs and buffer ownership Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-31 00:42:17 +02:00
Gilles Peskine	4e94fead86	Key derivation dispatch doesn't depend on the key type At least for all currently specified algorithms. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-31 00:40:56 +02:00

1 2 3 4 5 ...

823 Commits