This document is mainly about a plan that was driven by backward
compatibility constraints that no longer exist in 4.0.
Although some of it is still of interest to explain why 4.0 is the way
it is (and more complicated than one would expect based on the APIs that
are left in 4.0). But for this it should suffice to consult earlier
versions and does not worth to maintain it.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Some sentences or paragraphs became confusing or meaningless after
removing USE_PSA and only fixing the local context/semantics.
Fix the semantics where needed and remove parts that became meaningless.
Signed-off-by: Janos Follath <janos.follath@arm.com>
This is an architecture document focusing on how PSA APIs can be mixed
with non-PSA APIs, notably including PK (and in fact, it's mostly about
PK, since we didn't identify work to be done in other areas). It is not
really relevant in 4.0/1.0, where the goals will be different — to do
without low-level legacy APIs.
Signed-off-by: Janos Follath <janos.follath@arm.com>
This is an architecture document focusing on how parts of the code base
can accommodate both builds with PSA crypto disabled and builds with
driver-only mechanisms. Going forward, this coexistence is no longer
relevant.
The document does explain why some parts of md and cipher are the way
they are. In the future, we'll want to remove legacy code paths and keep
only the PSA code paths. But for that, it isn't particularly useful to
know how the dual code paths came about, or what constraints they had to
obey. Those constraints no longer apply.
Signed-off-by: Janos Follath <janos.follath@arm.com>
MBED_TLS_USE_PSA_CRYPTO is now always enabled we need to remove
documentation discussing cases when it is disabled.
Signed-off-by: Janos Follath <janos.follath@arm.com>
MBED_TLS_USE_PSA_CRYPTO is now always enabled we need to remove
documentation discussing cases when it is disabled.
The goal is not to update the document, only to remove
MBED_TLS_USE_PSA_CRYPTO, while making a minimal local context of the
occurrance up to date and sensible.
Signed-off-by: Janos Follath <janos.follath@arm.com>
This document is describes the testing strategy for the
`MBEDTLS_USE_PSA_CRYPTO` option. This option is now always on, can't be
disabled and the corresponding behaviour is the only library behaviour.
Signed-off-by: Janos Follath <janos.follath@arm.com>
MBED_TLS_USE_PSA_CRYPTO is now always enabled we need to remove
documentation discussing cases when it is disabled.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Move the docuumentation files that after
the split will fit better in TF-PSA-Crypto
than Mbed TLS. No comment update.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
config_test_driver.h and
crypto_config_test_driver_extension.h are
configuration files thus they better fit in
mbedtls branches than in the framework.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
These were accidentally documented incorrectly in the PSA shared memory
documentation due to a global find and replace.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Remove the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED and all
code guarded by it. This remove support for the RSA-PSK key exchange in TLS
1.2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Explain that the hybrid key store is the historical implementation and
neither alternative is a drop-in replacement. Discuss how we could
potentially reduce the number of variants after the next major release.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In particular, fix an off-by-one error right after I explain how the number
is off by one from what you'd expect. State explicitly that the number can
be negative.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
