mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-11 16:13:50 +00:00

Author	SHA1	Message	Date
Gilles Peskine	7df8ba6a10	Rework the description of key derivation output/verify key Some of the fallback mechanisms between the entry points were not described corrrectly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-02 18:16:02 +02:00
Gilles Peskine	dcaf104eef	Note that we may want to rename derive_key ... if we think of a better name Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-02 18:02:41 +02:00
Gilles Peskine	f96a18edc7	Probably resolve concern about the input size for derive_key Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-02 18:02:15 +02:00
Gilles Peskine	1414bc34b9	Minor copyediting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-02 17:54:32 +02:00
Gilles Peskine	24f52296f1	Key agreement needs an attribute structure for our key Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-31 00:44:04 +02:00
Gilles Peskine	e52bff994c	Note possible issue with derive_key: who should choose the input length? Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-31 00:43:29 +02:00
Gilles Peskine	b319ed69c4	State explicitly that cooked key derivation uses the export format This is the case for all key creation in a secure element, but state it explicitly where relevant. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-31 00:42:45 +02:00
Gilles Peskine	f787879a14	Clarify sequencing of long inputs Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-31 00:42:29 +02:00
Gilles Peskine	d2fe1d5498	Rationale on key derivation inputs and buffer ownership Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-31 00:42:17 +02:00
Gilles Peskine	4e94fead86	Key derivation dispatch doesn't depend on the key type At least for all currently specified algorithms. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-31 00:40:56 +02:00
Gilles Peskine	66b96e2d87	Copyediting Fix some typos and copypasta. Some very minor wording improvements. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-31 00:40:27 +02:00
Gilles Peskine	fd094081e1	Pass attributes alongside key buffer This is the generic way of going adapting a psa_key_id_t argument in the application interface to the driver interface. Thanks Hannes Lindström. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-20 20:24:17 +01:00
Gilles Peskine	635b779cfd	Fix math character used in text mode Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-12 14:33:44 +01:00
Gilles Peskine	4e346bd569	Fix entry point name Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-12 14:33:22 +01:00
Gilles Peskine	eda71ce535	Key derivation: improve overview of the problem space Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-12 14:32:56 +01:00
Gilles Peskine	d9645c847e	Fix naming confusion with opaque key derivation "key_derivation_derive_key" should have been "key_derivation_output_key". Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 18:19:51 +02:00
Gilles Peskine	54eb0686b3	New function psa_crypto_driver_key_derivation_get_input_type The new function psa_crypto_driver_key_derivation_get_input_type() allows drivers to retrieve the effective type of each input step, and thus to call the correct get-data function. This is simpler than the previous scheme which required a somewhat contrived dance with get_key() and get_bytes() for inputs that can be passed either as a key or as a byte buffer at the application's choice. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 18:13:31 +02:00
Gilles Peskine	3fc9e04bc4	Be more consistent with raw/cooked key derivation terminology Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-03 17:48:46 +02:00
Gilles Peskine	1a5b83007c	Fix typos and copypasta Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-03 17:47:40 +02:00
Gilles Peskine	c2e29108f0	Fix internal links Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-03 17:07:19 +02:00
Gilles Peskine	220bda7f76	Rename a function parameter to avoid confusion Don't use “output” for an input of the KDF. It's correct in context (it's the output of a function that copies the input of the KDF from core-owned memory to driver-owned memory) but confusing. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-25 12:03:34 +01:00
Gilles Peskine	a2b41598d6	Draft specification for key derivation Pass all the initial inputs in a single structure. It's impossible to pass the inputs as soon as the application makes them available because the core cannot know which driver to call until it receives the SECRET input. Do support hiding the key material inside a secure element if the relevant driver has all the requisite entry points. Do cooked key derivation (i.e. derivation of non-raw keys) and key agreement separately. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-24 14:52:59 +01:00
Archana	21b20c72d3	Add Changelog and update documentation Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 10:35:15 +05:30
Archana	c08248d650	Rename the template file from .conf to .jinja Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 10:35:15 +05:30
Archana	a8939b6da3	Restructure scripts' folder alignment Moved python script generate_driver_wrappers.py under scripts and corresponding template file under script/data_files. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 12:57:15 +05:30
Archana	1f1a34a226	Rev 1.0 of Driver Wrappers code gen The psa_crypto_driver_wrappers.c is merely rendered with no real templating in version 1.0. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 12:22:06 +05:30
Bence Szépkúti	dba968f59b	Realign Markdown table Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:47 +01:00
Bence Szépkúti	bb0cfeb2d4	Rename config.h to mbedtls_config.h This commit was generated using the following script: # ======================== #!/bin/sh git ls-files \| grep -v '^ChangeLog' \| xargs sed -b -E -i ' s/((check\|crypto\|full\|mbedtls\|query)_config)\.h/\1\nh/g s/config\.h/mbedtls_config.h/g y/\n/./ ' mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:33 +01:00
Gilles Peskine	5d1f747d85	Merge pull request #4377 from mpg/psa-pbkdf2-api PSA API for PBKDF2-HMAC	2021-05-12 18:00:30 +02:00
Manuel Pégourié-Gonnard	f9a68ad62a	Fix typos Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-05-07 12:11:38 +02:00
Manuel Pégourié-Gonnard	421390f52f	Fix driver interface for key derivation Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-04-30 12:38:12 +02:00
Dave Rodgman	12f93f4fc2	Merge pull request #4407 from ARMmbed/dev3_signoffs Merge development_3.0 into development	2021-04-26 19:48:16 +01:00
Manuel Pégourié-Gonnard	351a2576f5	PSA PBKDF2: extend key derivation driver interface Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-04-20 13:11:17 +02:00
Steven Cooreman	31e27af0cc	Reword the builtin key language on persistency declaration Specifically allow the driver to override the persistency level of a builtin key in cases where the driver is persistency-aware. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-04-16 11:25:18 +02:00
TRodziewicz	2a1a67300d	Remove deprecated things from crypto_compat.h and dependent tests. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-04-13 23:12:42 +02:00
Gilles Peskine	2c5d9e6a32	No configuration symbols for FFDH Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-02-09 21:40:41 +01:00
Gilles Peskine	7df7d1eb57	ECC: add rationale Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-02-09 21:40:29 +01:00
Gilles Peskine	c74712f12d	Fix an example that didn't follow the given pattern Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-02-09 21:40:02 +01:00
Gilles Peskine	59c6347810	Remove the time stamp Time stamps are useful when the document gets shared around, but they tend to lead to merge conflicts. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-02-09 21:39:13 +01:00
Ronald Cron	ac80be111b	Merge pull request #3878 from gilles-peskine-arm/psa-builtin-keys-via-slot-number-spec New entry point get_builtin_key for opaque drivers (PSA spec)	2021-01-29 10:43:15 +01:00
Gilles Peskine	055be83413	Fix typo Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-25 11:36:24 +01:00
Gilles Peskine	84ae1eefb4	Minor clarification Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-20 20:20:10 +01:00
Gilles Peskine	3d67365ef7	Add a key_buffer_length output to "get_builtin_key" While builtin keys will often have a fixed-size context, this is not necessarily the case, so the "get_builtin_key" entry point needs to return the size of the actual key context. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-20 20:19:14 +01:00
Gilles Peskine	348eeebb24	Clarify the intent of the KEEPALIVE flag Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-11 10:52:36 +01:00
Gilles Peskine	ae7772d0f3	Clarifications around reseed_entropy_size Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:48:39 +01:00
Gilles Peskine	43100e3fcb	Add section on combining get_entropy with add_entropy Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:48:29 +01:00
Gilles Peskine	32e584c38a	Copyediting and minor clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:48:29 +01:00
Gilles Peskine	3ff79066b1	Note an interrogation about integer value representation Especially 0 values may need special treatment since they can't be used as an array size. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:48:29 +01:00
Gilles Peskine	6a530e8d26	Random driver: make initial_entropy_size mandatory If a random driver has a built-in entropy source and doesn't need an external entropy source, make the driver author declare this explicitly, rather than it being a less secure default. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:48:22 +01:00
Gilles Peskine	ee914f34fa	Minor clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:48:14 +01:00

1 2 3

136 Commits