mbedtls/docs/architecture/psa-migration/tasks-g1.md

This document is temporary; it lists tasks to achieve G1 as described in
`strategy.md` while the strategy is being reviewed - once that's done,
corresponding github issues will be created and this document removed.

For all of the tasks here, no specific testing is expected to be required,
beyond passing the existing tests in a build with `MBEDTLS_USE_PSA_ENABLED`,
see `testing.md`.

Symmetric crypto
================

Hashes
------

### Use `psa_hash` in all of X.509

https://github.com/ARMmbed/mbedtls/issues/5157

HMAC
----

### Variable-time HMAC in TLS record protection

https://github.com/ARMmbed/mbedtls/issues/5177

### Constant-time HMAC in TLS record protection

https://github.com/ARMmbed/mbedtls/issues/5178


Ciphers
-------

### Use PSA for all cipher operations in TLS

https://github.com/ARMmbed/mbedtls/issues/5181
https://github.com/ARMmbed/mbedtls/issues/5182
https://github.com/ARMmbed/mbedtls/issues/5203
https://github.com/ARMmbed/mbedtls/issues/5204
https://github.com/ARMmbed/mbedtls/issues/5205
https://github.com/ARMmbed/mbedtls/issues/5206

Asymmetric crypto
=================

ECDSA
-----

### Make `mbedtls_pk_sign()` use PSA for ECDSA operations

https://github.com/ARMmbed/mbedtls/issues/5274

RSA signature (and verification)
--------------------------------

### Make `mbedtls_pk_sign()` use PSA for RSA operations

https://github.com/ARMmbed/mbedtls/issues/5162

### Make `mbedtls_pk_verify()` use PSA for RSA operations

https://github.com/ARMmbed/mbedtls/issues/5159

### Make `mbedtls_pk_verify_ext()` use PSA for RSA operations

https://github.com/ARMmbed/mbedtls/issues/5333 (partial)
https://github.com/ARMmbed/mbedtls/issues/5277 (futher)

RSA en/decryption
-----------------

### Make `mbedtls_pk_encrypt()` use PSA for RSA operations


https://github.com/ARMmbed/mbedtls/issues/5161

### Make `mbedtls_pk_decrypt()` use PSA for RSA operations

https://github.com/ARMmbed/mbedtls/issues/5160

ECDH
----

Additional:
https://github.com/ARMmbed/mbedtls/issues/5291 (pre clean-up)
https://github.com/ARMmbed/mbedtls/issues/5321 (TLS 1.3)
https://github.com/ARMmbed/mbedtls/issues/5322 (post clean-up)

### Write remaining utilities for ECDH parsing/writing

(not a task on its own, part of other tasks)

### Use PSA for ECDHE in ECDHE-ECDSA and ECDHE-RSA server-side

https://github.com/ARMmbed/mbedtls/issues/5317

### Use PSA for ECDH in ECDHE-PSK (all sides and versions)

https://github.com/ARMmbed/mbedtls/issues/5318

### Use PSA for ECDH in static-ECDH key exchanges

https://github.com/ARMmbed/mbedtls/issues/5319
https://github.com/ARMmbed/mbedtls/issues/5320

FFDH
----

https://github.com/ARMmbed/mbedtls/issues/5287

EC J-PAKE
---------

https://github.com/ARMmbed/mbedtls/issues/5275
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00			`This document is temporary; it lists tasks to achieve G1 as described in`
			`strategy.md` while the strategy is being reviewed - once that's done,
			`corresponding github issues will be created and this document removed.`

			`For all of the tasks here, no specific testing is expected to be required,`
			beyond passing the existing tests in a build with `MBEDTLS_USE_PSA_ENABLED`,
			see `testing.md`.

			`Symmetric crypto`
			`================`

			`Hashes`
			`------`

			### Use `psa_hash` in all of X.509

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5157`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			`HMAC`
			`----`

			`### Variable-time HMAC in TLS record protection`

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5177`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			`### Constant-time HMAC in TLS record protection`

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5178`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00

			`Ciphers`
			`-------`

			`### Use PSA for all cipher operations in TLS`

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5181`
			`https://github.com/ARMmbed/mbedtls/issues/5182`
			`https://github.com/ARMmbed/mbedtls/issues/5203`
			`https://github.com/ARMmbed/mbedtls/issues/5204`
			`https://github.com/ARMmbed/mbedtls/issues/5205`
			`https://github.com/ARMmbed/mbedtls/issues/5206`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			`Asymmetric crypto`
			`=================`

			`ECDSA`
			`-----`

			### Make `mbedtls_pk_sign()` use PSA for ECDSA operations

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5274`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			`RSA signature (and verification)`
			`--------------------------------`

			### Make `mbedtls_pk_sign()` use PSA for RSA operations

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5162`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			### Make `mbedtls_pk_verify()` use PSA for RSA operations

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5159`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			### Make `mbedtls_pk_verify_ext()` use PSA for RSA operations

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5333 (partial)`
			`https://github.com/ARMmbed/mbedtls/issues/5277 (futher)`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			`RSA en/decryption`
			`-----------------`

			### Make `mbedtls_pk_encrypt()` use PSA for RSA operations

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00
			`https://github.com/ARMmbed/mbedtls/issues/5161`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			### Make `mbedtls_pk_decrypt()` use PSA for RSA operations

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5160`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			`ECDH`
			`----`

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`Additional:`
			`https://github.com/ARMmbed/mbedtls/issues/5291 (pre clean-up)`
			`https://github.com/ARMmbed/mbedtls/issues/5321 (TLS 1.3)`
			`https://github.com/ARMmbed/mbedtls/issues/5322 (post clean-up)`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`### Write remaining utilities for ECDH parsing/writing`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`(not a task on its own, part of other tasks)`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			`### Use PSA for ECDHE in ECDHE-ECDSA and ECDHE-RSA server-side`

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5317`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			`### Use PSA for ECDH in ECDHE-PSK (all sides and versions)`

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5318`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			`### Use PSA for ECDH in static-ECDH key exchanges`

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5319`
			`https://github.com/ARMmbed/mbedtls/issues/5320`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			`FFDH`
			`----`

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5287`
Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-10-01 13:16:01 +02:00
			`EC J-PAKE`
			`---------`

Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-17 10:47:24 +01:00			`https://github.com/ARMmbed/mbedtls/issues/5275`