mbedtls/docs/architecture/psa-migration/tasks-g2.md

This document is temporary; it lists tasks to achieve G2 as described in
`strategy.md` while the strategy is being reviewed - once that's done,
corresponding github issues will be created and this document removed.

For all of the tasks here, specific testing (integration and unit test depending
on the task) is required, see `testing.md`.

RSA Signature operations
========================

In PK
-----

### Modify existing `PK_OPAQUE` type to allow for RSA keys

- the following must work and be tested: `mbedtls_pk_get_type()`,
  `mbedtls_pk_get_name()`, `mbedtls_pk_get_bitlen()`, `mbedtls_pk_get_len()`,
`mbedtls_pk_can_do()`.
- most likely adapt `pk_psa_genkey()` in `test_suite_pk.function`.
- all other function (sign, verify, encrypt, decrypt, check pair, debug) will
  return `MBEDTLS_ERR_PK_TYPE_MISMATCH` and this will be tested too.

### Modify `mbedtls_pk_wrap_as_opaque()` to work with RSA.

- OK to have policy hardcoded on signing with PKCS1v1.5, or allow more if
  available at this time

### Modify `mbedtls_pk_write_pubkey_der()` to work with RSA-opaque.

- OK to just test that a generated key (with `pk_psa_genkey()`) can be
  written, without checking for correctness of the result - this will be
tested as part of another task

### Make `mbedtls_pk_sign()` work with RSA-opaque.

- testing may extend `pk_psa_sign()` in `test_suite_pk_function` by adding
  selector for ECDSA/RSA.

In X.509
--------

### Test using RSA-opaque for CSR generation

- similar to what's already done with ECDSA-opaque

### Test using opaque keys for Certificate generation

- similar to what's done with testing CSR generation
- should test both RSA and ECDSA as ECDSA is not tested yet
- might require slight code adaptations, even if unlikely


In TLS
------

### Test using RSA-opaque for TLS client auth

- similar to what's already done with ECDSA-opaque

### Test using RSA-opaque for TLS server auth

- similar to what's already done with ECDSA-opaque
- key exchanges: ECDHE-RSA and DHE-RSA

RSA decrypt
===========

### Extend `PK_OPAQUE` to allow RSA decryption (PKCS1 v1.5)

### Test using that in TLS for RSA and RSA-PSK key exchange.

Support opaque PSKs for "mixed-PSK" key exchanges
=================================================

See `PSA-limitations.md`.

Possible split:
- one task to extend PSA (see `PSA-limitations.md`)
- then one task per handshake: DHE-PSK, ECDHE-PSK, RSA-PSK (with tests for
  each)
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00			`This document is temporary; it lists tasks to achieve G2 as described in`
			`strategy.md` while the strategy is being reviewed - once that's done,
			`corresponding github issues will be created and this document removed.`

			`For all of the tasks here, specific testing (integration and unit test depending`
			on the task) is required, see `testing.md`.

			`RSA Signature operations`
			`========================`

			`In PK`
			`-----`

			### Modify existing `PK_OPAQUE` type to allow for RSA keys

			- the following must work and be tested: `mbedtls_pk_get_type()`,
			`mbedtls_pk_get_name()`, `mbedtls_pk_get_bitlen()`, `mbedtls_pk_get_len()`,
			`mbedtls_pk_can_do()`.
			- most likely adapt `pk_psa_genkey()` in `test_suite_pk.function`.
			`- all other function (sign, verify, encrypt, decrypt, check pair, debug) will`
			return `MBEDTLS_ERR_PK_TYPE_MISMATCH` and this will be tested too.

			### Modify `mbedtls_pk_wrap_as_opaque()` to work with RSA.

			`- OK to have policy hardcoded on signing with PKCS1v1.5, or allow more if`
			`available at this time`

			### Modify `mbedtls_pk_write_pubkey_der()` to work with RSA-opaque.

			- OK to just test that a generated key (with `pk_psa_genkey()`) can be
			`written, without checking for correctness of the result - this will be`
			`tested as part of another task`

			### Make `mbedtls_pk_sign()` work with RSA-opaque.

			- testing may extend `pk_psa_sign()` in `test_suite_pk_function` by adding
			`selector for ECDSA/RSA.`

			`In X.509`
			`--------`

			`### Test using RSA-opaque for CSR generation`

			`- similar to what's already done with ECDSA-opaque`

			`### Test using opaque keys for Certificate generation`

			`- similar to what's done with testing CSR generation`
			`- should test both RSA and ECDSA as ECDSA is not tested yet`
			`- might require slight code adaptations, even if unlikely`


			`In TLS`
			`------`

			`### Test using RSA-opaque for TLS client auth`

			`- similar to what's already done with ECDSA-opaque`

			`### Test using RSA-opaque for TLS server auth`

			`- similar to what's already done with ECDSA-opaque`
			`- key exchanges: ECDHE-RSA and DHE-RSA`

			`RSA decrypt`
			`===========`

			### Extend `PK_OPAQUE` to allow RSA decryption (PKCS1 v1.5)

			`### Test using that in TLS for RSA and RSA-PSK key exchange.`

			`Support opaque PSKs for "mixed-PSK" key exchanges`
			`=================================================`

			See `PSA-limitations.md`.

			`Possible split:`
			- one task to extend PSA (see `PSA-limitations.md`)
			`- then one task per handshake: DHE-PSK, ECDHE-PSK, RSA-PSK (with tests for`
			`each)`