mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-29 03:32:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,593 Commits 170 Branches 263 Tags
Commit Graph

392 Commits

Author SHA1 Message Date
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted' 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-19 22:24:40 +00:00
David Horstmann
3147034457 Mention MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS 
Explain this option and the way it relates to the copying macros.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 15:59:03 +00:00
David Horstmann
0ea8071bda Remove 'Question' line around testing 
This question has been resolved, as we know that we can test
transparently.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 15:51:03 +00:00
David Horstmann
4d01066311 Mention metatest.c 
Add a note that validation of validation was implemented in metatest.c
and explain briefly what that program is for.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 15:02:08 +00:00
David Horstmann
872ee6ece0 Mention MBEDTLS_TEST_MEMORY_CAN_POISON 
The configuration of memory poisoning is now performed via
compile-time detection setting MBEDTLS_MEMORY_CAN_POISON. Update
the design to take account of this.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 15:00:08 +00:00
David Horstmann
12b35bf3c2 Discuss test wrappers and updating them 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 14:48:52 +00:00
David Horstmann
5ea99af0f2 Add discussion of copying conveience macros 
Namely LOCAL_INPUT_DECLARE() and friends

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 14:12:12 +00:00
David Horstmann
1c3b227065 Abstractify example in design exploration 
Since this is just an example, remove specific-sounding references to
mbedtls_psa_core_poison_memory() and replace with more abstract and
generic-sounding memory_poison_hook() and memory_unpoison_hook().

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 13:37:59 +00:00
David Horstmann
3f2dcdd142 Rename mbedtls_psa_core_poison_memory() 
The actual functions were called mbedtls_test_memory_poison()
and mbedtls_test_memory_unpoison(). Update the design section to
reflect this.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 13:32:57 +00:00
David Horstmann
331b2cfb31 Clarify design decision in light of actions 
We were successful in adding transparent memory-poisoning testing, so
simplify to the real design decision we made.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 13:17:25 +00:00
Dave Rodgman
5ce1577629
Merge pull request #8928 from Ryan-Everett-arm/update-psa-thread-safety-docs 
Update psa-thread-safety.md to reflect version 3.6 changes
 2024-03-18 12:06:39 +00:00
Ryan Everett
765b75f2f8
Update docs/architecture/psa-thread-safety/psa-thread-safety.md 
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-18 10:20:43 +00:00
Ryan Everett
f266b51e3f Respond to feedback on psa-thread-safety.md 
A few typo fixes, extrapolations and extra details.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-15 17:30:31 +00:00
Ryan Everett
c408ef463c Update slot transition diagram 
Adds missing transition and italicises internal functions

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-15 17:29:46 +00:00
Ronald Cron
a9bdc8fbb8 Improve tls13-support.md 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 15:52:04 +01:00
Ronald Cron
b372b2e5bb docs: Move TLS 1.3 early data doc to a dedicated file 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
Ronald Cron
d76a2d8b98 tls13-support.md: Stop referring to the prototype 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
Ronald Cron
1b606d8835 tls13-support.md: Early data supported now 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
Ronald Cron
124ed8a775 tls13-support.md: Some fixes 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
David Horstmann
24c269fd4a Rewrite section on PSA copy functions 
The finally implemented functions were significantly different from the
initial design idea, so update the document accordingly.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-14 18:03:35 +00:00
Ryan Everett
d4d6a7a20d Rework and update psa-thread-safety.md 
I have restructured this file, and updated it to reflect changes in design/designs now being implemented.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 15:22:06 +00:00
Ryan Everett
c9515600fd Fix state transition diagram 
This now represents the implemented model

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 13:22:05 +00:00
David Horstmann
93fa4e1b87 Merge branch 'development' into buffer-sharing-merge 2024-03-12 15:05:06 +00:00
Gilles Peskine
3f557ad59c Wording improvement 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-07 11:22:16 +01:00
Gilles Peskine
30a303f1a8 ECDSA signature conversion: put bits first 
Metadata, then inputs, then outputs.
https://github.com/Mbed-TLS/mbedtls/pull/8703#discussion_r1474697136

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-06 19:45:11 +01:00
Manuel Pégourié-Gonnard
f1562a7217
Merge pull request #8657 from gilles-peskine-arm/pk-psa-bridge-design 
PK-PSA bridge design document
 2024-01-31 09:51:43 +00:00
Gilles Peskine
36dee75368 Update ECDSA signature conversion based on experimentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-30 16:15:17 +01:00
Dave Rodgman
047c724c22 Merge remote-tracking branch 'restricted/development-restricted' into update-development-r 
Conflicts:
	programs/Makefile
	tests/scripts/check-generated-files.sh
 2024-01-26 12:42:51 +00:00
Gilles Peskine
dd77343381 Open question for ECDSA signature that can be resolved during implementation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 14:33:32 +01:00
Gilles Peskine
d5b04a0c63 Add a usage parameter to mbedtls_pk_get_psa_attributes 
Let the user specify whether to use the key as a sign/verify key, an
encrypt/decrypt key or a key agreement key. Also let the user indicate if
they just want the public part when the input is a key pair.

Based on a discussion in
https://github.com/Mbed-TLS/mbedtls/pull/8682#discussion_r1444936480

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 14:31:57 +01:00
Gilles Peskine
702d9f65f6 Resolve several open questions as nothing special to do 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 12:58:25 +01:00
Gilles Peskine
42a025dc9c Reference filed issues 
All PK-related actions are now covered.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 12:35:31 +01:00
Gilles Peskine
5a64c42693 Reference ongoing work 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 10:09:16 +01:00
Gilles Peskine
89ca6c7e72 typo 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 10:08:56 +01:00
Gilles Peskine
32294044e1 Generalize mbedtls_pk_setup_opaque beyond MBEDTLS_USE_PSA_CRYPTO 
It's useful in applications that want to use some PSA opaque keys regardless
of whether all pk operations go through PSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 10:07:55 +01:00
Manuel Pégourié-Gonnard
0f45a1aec5 Fix typos / improve syntax 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-01-10 09:43:30 +01:00
Manuel Pégourié-Gonnard
60c9eee267 Improve wording & fix typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-01-09 10:09:17 +01:00
Manuel Pégourié-Gonnard
d0c6f70e58 Update architecture doc for cipher dual dispatch 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-01-08 11:35:01 +01:00
Gilles Peskine
9fe1c699a8 Clarify PSA-to-PK copy intent 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-02 13:16:31 +01:00
Gilles Peskine
f80dcc5f8b Resolve ECDSA conversion API: don't use an ASN.1 interface 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-02 13:15:47 +01:00
Gilles Peskine
a7226a1f60 Our TLS 1.3 API doesn't actually require PSA key identifiers 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-02 13:15:14 +01:00
Gilles Peskine
93cdb77835 Minor clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-02 13:15:04 +01:00
Gilles Peskine
8f1307adcd Asymmetric cryptography: rough draft 
Still many open questions

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-25 21:42:23 +01:00
Manuel Pégourié-Gonnard
69b290589b
Merge pull request #8057 from mpg/cipher-study 
[G2] Tentative definition of Cipher light
 2023-12-22 08:53:30 +00:00
Ryan Everett
3dd6cde0d8 Mention functional correctness explicitly 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-12-20 16:47:57 +00:00
Ryan Everett
f5e135670b Clarify key generation and memory-management correctness 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-12-20 15:24:47 +00:00
Ryan Everett
c1c6e0d906 Justify linearization points 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-12-15 12:33:26 +00:00
Ryan Everett
6ecb9ce5fc Link directly to the state transition diagram 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-12-14 15:19:31 +00:00
Ryan Everett
acfd774bca Add some clarifications in thread_safety.md 
Make it clearer how it is possible to reason here using linearization

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-12-14 15:19:31 +00:00
Ryan Everett
3eb4274a57 Fix transitions in diagram 
Move the finish_key_creation transition
Neaten the diagram
Add transitions for the key loading functions in psa_get_and_lock_key_slot
Add psa_wipe_key_slot transition
Change file to be a png

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-12-14 15:19:01 +00:00