Let the user specify whether to use the key as a sign/verify key, an
encrypt/decrypt key or a key agreement key. Also let the user indicate if
they just want the public part when the input is a key pair.
Based on a discussion in
https://github.com/Mbed-TLS/mbedtls/pull/8682#discussion_r1444936480
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It's useful in applications that want to use some PSA opaque keys regardless
of whether all pk operations go through PSA.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The Docker container used for the CI has Git version 2.7.4 which
does not support the "git branch --show-current" command since this
was added in version 2.22.
Therefore this commit adds an alternative version for old Git versions.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- Update for the new hashes strategy, in part by adding references to
md-cipher-dispatch.md
- General update about the status of things since the last update
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- Support for PSA_CRYPTO_CLIENT without PSA_CRYPTO_C is out of scope for
now but might be added later (the architecture supports that).
- While we're using a void pointer for md_ctx, we don't need a union
here; the union will be useful only if & when we remove the indirection.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Now that the script only makes before-after comparison, it no longer
makes sense to ignore some test suites.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
It's a rare scenario, but it's currently possible: if you use
mbedtls_cipher_xxx() to encrypt the communication between the application
and the crypto service, changing those functions to call PSA will break your
system.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Finish working out the RSA-PSS example in terms of what it implies about the
interface. The key takeaway is that a mixed-domain module must support
algorithms if they are available through either interface, and that's all
there is to it. The details of how dispatch is done don't matter, what
matters is only the availability, and it's just the disjunction of
availabilities.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Instead of having a list of test suites of interest, have a list of
suites to ignore and look at all the others.
In order for this to only yield interesting results, we need to tune the
reference configuration a bit, in order to exclude STREAM and ECB to
more closely match the driver-based configuration.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
