Commit graph

856 commits

Author SHA1 Message Date
Gilles Peskine
acdc52e154 mbedtls_ecp_write_key_ext(): recommend over the old function in documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-28 13:19:42 +01:00
Gilles Peskine
3ea9450463
Merge pull request #8734 from valeriosetti/issue8564
Add test for driver-only HMAC
2024-02-14 13:43:40 +00:00
Gilles Peskine
3f557ad59c Wording improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-07 11:22:16 +01:00
Gilles Peskine
30a303f1a8 ECDSA signature conversion: put bits first
Metadata, then inputs, then outputs.
https://github.com/Mbed-TLS/mbedtls/pull/8703#discussion_r1474697136

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-06 19:45:11 +01:00
Manuel Pégourié-Gonnard
f1562a7217
Merge pull request #8657 from gilles-peskine-arm/pk-psa-bridge-design
PK-PSA bridge design document
2024-01-31 09:51:43 +00:00
Gilles Peskine
36dee75368 Update ECDSA signature conversion based on experimentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-30 16:15:17 +01:00
Valerio Setti
18be2fb9df driver-only-builds: improve a sentence in the HMAC section
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 15:07:02 +01:00
Valerio Setti
9f521056bc driver-only-builds: add documentation for HMAC acceleration
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 15:44:24 +01:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
Gilles Peskine
c9077cccd3
Merge pull request #8664 from valeriosetti/issue7764
Conversion function from ecp group to PSA curve
2024-01-18 10:28:55 +00:00
Gilles Peskine
dd77343381 Open question for ECDSA signature that can be resolved during implementation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 14:33:32 +01:00
Gilles Peskine
d5b04a0c63 Add a usage parameter to mbedtls_pk_get_psa_attributes
Let the user specify whether to use the key as a sign/verify key, an
encrypt/decrypt key or a key agreement key. Also let the user indicate if
they just want the public part when the input is a key pair.

Based on a discussion in
https://github.com/Mbed-TLS/mbedtls/pull/8682#discussion_r1444936480

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 14:31:57 +01:00
Gilles Peskine
702d9f65f6 Resolve several open questions as nothing special to do
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 12:58:25 +01:00
Gilles Peskine
42a025dc9c Reference filed issues
All PK-related actions are now covered.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 12:35:31 +01:00
Gilles Peskine
5a64c42693 Reference ongoing work
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 10:09:16 +01:00
Gilles Peskine
89ca6c7e72 typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 10:08:56 +01:00
Gilles Peskine
32294044e1 Generalize mbedtls_pk_setup_opaque beyond MBEDTLS_USE_PSA_CRYPTO
It's useful in applications that want to use some PSA opaque keys regardless
of whether all pk operations go through PSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 10:07:55 +01:00
Bence Szépkúti
333ca8fdfc Migrate to new RTD redirect format
Migrate to the new redirect format introduced by ReadTheDocs in
readthedocs/readthedocs.org#10881

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-01-16 17:06:06 +01:00
Manuel Pégourié-Gonnard
e334486753 Add new lines before lists
This is more portable markdown, and also for people who read the text,
it make the new lines after the list (but inside the same sentence) less
surprising I hope.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-01-10 10:24:31 +01:00
Manuel Pégourié-Gonnard
0f45a1aec5 Fix typos / improve syntax
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-01-10 09:43:30 +01:00
Valerio Setti
afa01c7394 psa-transition: update "Elliptic curve mechanism selection" section
- add hyperlinks for the conversion functions.
- move conversion functions' description before the legacy<->PSA table.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Valerio Setti
dc33200b74 psa-transition: extend "Elliptic curve mechanism selection"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Manuel Pégourié-Gonnard
60c9eee267 Improve wording & fix typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-01-09 10:09:17 +01:00
Manuel Pégourié-Gonnard
d0c6f70e58 Update architecture doc for cipher dual dispatch
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-01-08 11:35:01 +01:00
Manuel Pégourié-Gonnard
c1cea63478 Quickly mention the status of RSA accel
Not related to other commits in this PR, should have been done in #8616
really, but since I'm updating the document, might as well do it here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-01-08 11:35:01 +01:00
Manuel Pégourié-Gonnard
dc4103e9aa Clarify CCM/CM with partial accel
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-01-08 11:35:01 +01:00
Manuel Pégourié-Gonnard
5bad043c06
Merge pull request #8641 from valeriosetti/issue8358
G3-G4 wrap-up
2024-01-04 10:48:00 +00:00
Valerio Setti
7406b74fce driver-only-builds: fix typo
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-03 14:47:36 +01:00
Valerio Setti
a87cd17b35 psa-transition: update with MD translation functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 16:20:44 +01:00
Gilles Peskine
9fe1c699a8 Clarify PSA-to-PK copy intent
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 13:16:31 +01:00
Gilles Peskine
f80dcc5f8b Resolve ECDSA conversion API: don't use an ASN.1 interface
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 13:15:47 +01:00
Gilles Peskine
a7226a1f60 Our TLS 1.3 API doesn't actually require PSA key identifiers
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 13:15:14 +01:00
Gilles Peskine
93cdb77835 Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 13:15:04 +01:00
Valerio Setti
045d680054 driver-only-builds: enhancing cipher related sections
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-29 15:42:22 +01:00
Valerio Setti
f333b3fbde driver-only-builds: fix typos
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-29 15:08:39 +01:00
Valerio Setti
92e5c693ba driver-only-builds: updated ciphers and AEADs related sections
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 13:28:03 +01:00
Gilles Peskine
8f1307adcd Asymmetric cryptography: rough draft
Still many open questions

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-25 21:42:23 +01:00
Manuel Pégourié-Gonnard
69b290589b
Merge pull request #8057 from mpg/cipher-study
[G2] Tentative definition of Cipher light
2023-12-22 08:53:30 +00:00
Valerio Setti
49067d7d0e driver-only-builds: update documentation
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-21 17:07:10 +01:00
Valerio Setti
8c1e6bbcdc driver-only-builds: fix typos
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-21 15:02:48 +01:00
Gilles Peskine
907cb020ef
Merge pull request #8618 from Ryan-Everett-arm/new-state-transition-documentation
Update thread safety state transition documentation
2023-12-21 12:09:58 +00:00
Ryan Everett
3dd6cde0d8 Mention functional correctness explicitly
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-12-20 16:47:57 +00:00
Valerio Setti
66134661cd driver-only-builds: add Restrictions section
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 17:06:13 +01:00
Ryan Everett
f5e135670b Clarify key generation and memory-management correctness
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-12-20 15:24:47 +00:00
Valerio Setti
af53132e44 driver-only-builds: enhancing section on removing CIPHER_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 15:56:09 +01:00
Valerio Setti
3fab8a4deb driver-only-builds: fix typos
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 14:25:37 +01:00
Valerio Setti
5eb8de12cb driver-only-build: remove paragraph about RSA/DH deterministic key generation
This feature is not supported at all in MbedTLS, driver or not.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 11:59:32 +01:00
Manuel Pégourié-Gonnard
9934f834af
Merge pull request #7766 from gilles-peskine-arm/psa-transition-doc-create
Legacy-to-PSA transition guide
2023-12-20 10:28:31 +00:00
Valerio Setti
7e11dd6ec6 driver-only-builds: add section for accelerated ciphers/AEADs
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-18 15:52:44 +01:00
Ryan Everett
c1c6e0d906 Justify linearization points
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-12-15 12:33:26 +00:00