Gilles Peskine
efaee9a299
Give a production-sounding name to the p256m option
...
Now that p256-m is officially a production feature and not just an example,
give it a more suitable name.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-20 20:49:47 +02:00
Gilles Peskine
452beb9076
Merge pull request #8203 from gilles-peskine-arm/p256-m-production
...
Declare p256-m as ready for production
2023-09-20 09:36:05 +00:00
Paul Elliott
3d0bffb257
Improve statement in driver-only-builds.md
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-09-13 15:15:37 +01:00
Gilles Peskine
6f784dff49
Reflect the fact p256-m has been integrated into Mbed TLS
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-13 15:32:30 +02:00
Valerio Setti
7373a6644d
driver-only-builds.md: fix text
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-04 16:16:11 +02:00
Janos Follath
b4527fbd82
Add clarifications to the threading requirements
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-31 14:01:24 +01:00
Janos Follath
b6954730f0
Fix typo
...
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-31 13:54:21 +01:00
Janos Follath
35633dd977
Add threading non-requirement
...
State explicitly the non-requirement that it's ok for psa_destroy_key to
block waiting for a driver.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-31 08:31:19 +01:00
Janos Follath
15d9ec29be
Improve thread safety presentation
...
- Use unique section titles so that there are unique anchors
- Make list style consistent between similar sections
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-31 08:22:21 +01:00
Janos Follath
0385c2815c
Tighten thread safety requirements
...
We shouldn't violate the requirement that the key identifier can be
reused. In practice, a key manager may destroy a key that's in use by
another process, and the privileged world containing the key manager and
the crypto service should not be perturbed by an unprivileged process.
With respect to blocking, again, a key manager should not be blocked
indefinitely by an unprivileged application.
These are desirable properties even in the short term.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-30 16:44:04 +01:00
Janos Follath
7ec993d804
Refine thread safety requirements
...
Split and refine short term requirements for key deletion.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-23 16:04:48 +01:00
Valerio Setti
d31b28485b
driver-only-builds: update EC and FFDH sections
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-17 12:36:40 +02:00
Manuel Pégourié-Gonnard
36cd3f9f8e
Add tentative definition of Cipher light
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-08-11 10:06:42 +02:00
Manuel Pégourié-Gonnard
948137be59
Add details on use of ciphers from other modules
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-08-10 16:58:30 +02:00
Gilles Peskine
33291ba35f
Merge pull request #5538 from gilles-peskine-arm/psa-thread_safety-doc
...
PSA thread safety requirements
2023-08-10 16:21:55 +02:00
Manuel Pégourié-Gonnard
0b6d021069
Adjust presence of warning/link.
...
- the codegen migration document is already a migration document, so
doesn't need the extra warning about work in progress;
- the driver interface can use a link to the more practical guide too.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-08-08 09:37:11 +02:00
Gilles Peskine
9aa93c8e78
Added a note about new primitives for secure destruction
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-07 16:32:09 +02:00
Gilles Peskine
584bf985f5
Elaborate on psa_destroy_key requirements
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-07 16:29:19 +02:00
Manuel Pégourié-Gonnard
de24ba6cfd
Add link to examples in relevant places
...
Some documents about driver describe a state of things that is ahead of
the reality. They already contain a warning about it, but no way to know
that the current reality is; add a pointer to a document that describes
it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-08-07 11:36:14 +02:00
Manuel Pégourié-Gonnard
b61484947a
Fix error in the guide to drivers
...
There is no export_key entry point for transparent drivers.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-08-07 11:32:51 +02:00
Gilles Peskine
d3a797710a
psa_is_key_slot_occupied: change to using the key identifier
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 18:36:06 +02:00
Valerio Setti
ab02d391cb
test: use only rev-parse for getting the current branch
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-31 16:47:07 +02:00
Valerio Setti
ccb0344969
test: add GIT alternative commands for older GIT versions
...
The Docker container used for the CI has Git version 2.7.4 which
does not support the "git branch --show-current" command since this
was added in version 2.22.
Therefore this commit adds an alternative version for old Git versions.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-31 15:07:49 +02:00
Manuel Pégourié-Gonnard
1c739ec277
Merge pull request #7900 from mpg/doc-driver-only
...
ECPf wrap-up
2023-07-26 10:25:54 +02:00
Manuel Pégourié-Gonnard
fb22c27f1d
Misc wording fixes and improvements
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-18 10:40:56 +02:00
Manuel Pégourié-Gonnard
1937cf8143
Improve wording & fix a typo
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-11 11:14:15 +02:00
Manuel Pégourié-Gonnard
c97775162e
Fix inaccurate information about FFDH
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-11 11:11:20 +02:00
Dave Rodgman
e183ecef3d
Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases
...
Record the outcome of each test case in compat.sh
2023-07-10 12:08:32 +01:00
Manuel Pégourié-Gonnard
7a82e27a10
Add documentation on driver-only ECC
...
Just one part left for later.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-07 17:09:14 +02:00
Manuel Pégourié-Gonnard
6d5f4946e6
Add docs/driver-only-builds.md
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-07 17:09:14 +02:00
Gilles Peskine
0ca2a1f51b
Merge pull request #7646 from gilles-peskine-arm/psa-driver-transaction-testing-spec
...
Storage resilience with stateful secure elements: design document
2023-06-29 18:25:52 +02:00
Gilles Peskine
909cf5a3ec
Show how to extract curve information from an ecp_keypair
...
It's not pretty.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-20 23:38:39 +02:00
Gilles Peskine
603f0fca6e
The ECP curve name is the one from TLS, not one we made up
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-20 23:38:21 +02:00
Manuel Pégourié-Gonnard
417ce2c574
Rename _USE to _BASIC
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-16 10:36:44 +02:00
Gilles Peskine
379ff8754d
Cover ecp.h
...
Also correct some statements about rsa/ecp/pk check functions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-15 21:15:21 +02:00
Gilles Peskine
f75e65d90b
Rename PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_USE to ..._BASIC
...
per https://github.com/Mbed-TLS/mbedtls/issues/7439#issuecomment-1592673401
and https://github.com/Mbed-TLS/mbedtls/pull/7774#discussion_r1230658660
State that EXPORT implies BASIC.
Also fix missing `WANT_` parts.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-15 18:39:14 +02:00
Gilles Peskine
5bd4f17e4e
Cover ECDH and DHM
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-15 18:33:30 +02:00
Gilles Peskine
b33d0ac532
Mention self-tests
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-15 18:33:15 +02:00
Manuel Pégourié-Gonnard
1cae90bf50
Update PSA_WANT spec for new KEY_PAIR scheme
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-14 12:19:13 +02:00
Gilles Peskine
c7b53f3ab7
Mention mbedtls_psa_get_random
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-13 21:31:53 +02:00
Gilles Peskine
34a201774e
More about whether to have the driver key id in the transaction list
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-13 21:11:43 +02:00
Gilles Peskine
009c06b973
Discuss the cost of a get_key_attributes entry point
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-13 21:11:43 +02:00
Gilles Peskine
5ad8ca2a5f
Legacy-to-PSA transition guide
...
Covers most modules, but missing most of ecp, ecdh and dhm.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-13 19:52:31 +02:00
Gilles Peskine
265ce7c1da
Merge pull request #5451 from gilles-peskine-arm/psa-driver-kdf-spec
...
PSA drivers: specification for key derivation
2023-06-06 11:37:28 +02:00
Gilles Peskine
f4ba0013e2
Clarify when key derivation entry points are mandatory/permitted
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-05 14:24:14 +02:00
Gilles Peskine
8dd1e623e1
Copyediting
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-05 14:14:41 +02:00
Gilles Peskine
7df8ba6a10
Rework the description of key derivation output/verify key
...
Some of the fallback mechanisms between the entry points were not described
corrrectly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-02 18:16:02 +02:00
Gilles Peskine
dcaf104eef
Note that we may want to rename derive_key
...
... if we think of a better name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-02 18:02:41 +02:00
Gilles Peskine
f96a18edc7
Probably resolve concern about the input size for derive_key
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-02 18:02:15 +02:00
Gilles Peskine
1414bc34b9
Minor copyediting
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-02 17:54:32 +02:00
Gilles Peskine
24f52296f1
Key agreement needs an attribute structure for our key
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:44:04 +02:00
Gilles Peskine
e52bff994c
Note possible issue with derive_key: who should choose the input length?
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:43:29 +02:00
Gilles Peskine
b319ed69c4
State explicitly that cooked key derivation uses the export format
...
This is the case for all key creation in a secure element, but state it
explicitly where relevant.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:42:45 +02:00
Gilles Peskine
f787879a14
Clarify sequencing of long inputs
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:42:29 +02:00
Gilles Peskine
d2fe1d5498
Rationale on key derivation inputs and buffer ownership
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:42:17 +02:00
Gilles Peskine
4e94fead86
Key derivation dispatch doesn't depend on the key type
...
At least for all currently specified algorithms.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:40:56 +02:00
Gilles Peskine
66b96e2d87
Copyediting
...
Fix some typos and copypasta. Some very minor wording improvements.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:40:27 +02:00
Gilles Peskine
4e5088476e
Finish test strategy
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-30 23:34:07 +02:00
Gilles Peskine
44bbf29597
Write up the transaction/recovery processess
...
Still missing: details of part of the testing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-24 20:35:49 +02:00
Gilles Peskine
76a852f8fb
Design document for storage resilience
...
Explore possibilities for implementing stateful secure elements with
storage. Choose one.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-24 09:37:30 +02:00
Gilles Peskine
63df4ec3ca
Merge pull request #7589 from daverodgman/pr4990
...
Replace references to Mbed Crypto (rebase)
2023-05-16 19:14:51 +02:00
Gilles Peskine
7e37aa85a2
Merge pull request #5904 from gilles-peskine-arm/psa-doc-implementing-new-mechanism
...
Check list for implementing a new mechanism in PSA crypto
2023-05-16 14:04:15 +02:00
Gilles Peskine
de4cbc54d3
Fix copypasta
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-16 12:04:57 +02:00
Fredrik Hesse
95bd5a5004
Minor adjustments after review.
...
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 15:01:59 +01:00
Fredrik Hesse
0ec8a90d48
Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
...
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 15:00:45 +01:00
Fredrik Hesse
cc207bc379
Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
...
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 14:59:01 +01:00
Bence Szépkúti
e06d863267
Merge pull request #7538 from bensze01/in-tree-redirects
...
Add in-tree configuration file for Readthedocs redirects
2023-05-11 15:07:06 +02:00
Bence Szépkúti
09f8df86ac
Reword the API token explanation in redirects.yaml
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2023-05-09 21:07:30 +02:00
Gilles Peskine
d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1
...
Fix the JPAKE driver interface for user+peer
2023-05-02 20:42:25 +02:00
Bence Szépkúti
7ce8fba3cb
Add post-build step to update redirects
...
This allows us to maintain the list of redirects in-tree.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2023-05-02 20:16:12 +02:00
Bence Szépkúti
4f4c87b01e
Add readthedocs-cli to requirements.in
...
This will allow us to manage our redirects in-tree.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2023-05-02 19:59:34 +02:00
Manuel Pégourié-Gonnard
8e076e4132
Merge pull request #6915 from aditya-deshpande-arm/example-driver-post-codestyle
...
Document (with examples) how to integrate a third-party driver with Mbed TLS
2023-05-02 12:13:42 +02:00
Aditya Deshpande
8225587fd7
Change from Mbed TLS 3.3.0 to 3.4.0 in driver documentation.
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:55:02 +01:00
Aditya Deshpande
641cb8914d
Minor changes to documentation and code comments for clarity
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:55:02 +01:00
Aditya Deshpande
bac592d53e
Remove rand() from p256_generate_random() and move to an implementation based on mbedtls_ctr_drbg
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
f80b939096
Add information for driver points where auto-generation is implemented
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
755b174fec
Add example for integrating a driver alongside Mbed TLS for entrypoints where auto-generation of driver wrappers is not implemented yet.
...
Using p256-m as the example driver/software accelerator.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
abf4bf31cb
Start the driver example write-up (p256-m integration)
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
277690e944
Add step-by-step guide for writing and integrating drivers for entry points where auto-generation is not implemented
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
e41f7e457f
Integrate p256-m as an example driver alongside Mbed TLS and write documentation for the example.
...
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:09 +01:00
valerio
95e57c3517
doc: update use-psa-crypto.md
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-24 13:47:18 +02:00
valerio
0b0486452c
improve syms.sh script for external dependencies analysis
...
It is now possible to analyze also modules and not only
x509 and tls libraries.
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-24 10:34:08 +02:00
Paul Elliott
4359badbb2
Merge pull request #7331 from mprse/ec-jpake-fix2
...
PSA PAKE: Check input_length against PSA_PAKE_INPUT_SIZE() in psa_pake_input
2023-04-17 16:31:09 +01:00
Ronald Cron
4d31496294
Update TLS 1.3 documentation and add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
e6e6b75ad3
psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option
...
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:54 +02:00
Manuel Pégourié-Gonnard
0ab380a8ae
Merge pull request #7354 from mpg/ecc-doc-update
...
Ecc doc update
2023-03-30 15:38:47 +02:00
Manuel Pégourié-Gonnard
9463e780c6
Fix a typo
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-30 09:37:39 +02:00
Dave Rodgman
05c5a91514
Merge pull request #7307 from Mbed-TLS/sphinx-versioned-documentation
...
Generate API documentation with Sphinx and Breathe
2023-03-29 12:01:59 +01:00
Manuel Pégourié-Gonnard
5c8c9e068e
Minor improvements
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-29 10:33:03 +02:00
Manuel Pégourié-Gonnard
93b21e74f9
Update documentation to mention ECC drivers
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-29 10:30:26 +02:00
David Horstmann
2717f622b8
Add _build/ and api/ to gitignore
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-28 15:00:24 +01:00
David Horstmann
c1f2eef43a
Clean the breathe-apidoc files with make clean
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-28 14:24:47 +01:00
David Horstmann
434fc5ecbd
Remove make.bat for documentation
...
Building the docs on Windows is not supported in any case, as the apidoc
target in the main Makefile will not run on Windows.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-27 15:24:37 +01:00
David Horstmann
9bca03a2b2
Improve docs Makefile to do full build
...
Include the make apidoc and breathe-apidoc steps in the documentation
Makefile for ease of use. In this way, depart from the Makefile
generated automatically by Sphinx.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-27 15:21:27 +01:00
Manuel Pégourié-Gonnard
b38c9c888f
Fix a typo
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
86efa852df
Mention EC J-PAKE opaque passwords.
...
Unrelated to the other changes, other than I noticed it was missing
while making the other edits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
2ca08c8409
Try again to clarify USE_PSA_CRYPTO
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
3dd9add294
Use PSA Crypto: try clarifying what it means
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
03cb87ea3c
Update psa-limitations.md
...
For recent work and latest plans.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
52f7edb6ad
Update psa-migration/strategy.md
...
- Update for the new hashes strategy, in part by adding references to
md-cipher-dispatch.md
- General update about the status of things since the last update
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Przemek Stekiel
b175b146a2
Remove driver_pake_get_role function
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 13:37:18 +01:00
Przemek Stekiel
fa1754e9ef
Update documentation of psa_pake_input
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 08:06:09 +01:00
David Horstmann
5158bd8ac8
Remove Exhale from requirements and regenerate
...
Regenerate the requirements.txt with Exhale removed and also with Python
3.9 instead of 3.8, for parity with Read The Docs.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-22 17:30:22 +00:00
David Horstmann
e84d61cb64
Add initial API doc configuration
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-16 18:01:58 +00:00
Manuel Pégourié-Gonnard
c9e0ad23c1
Update design document
...
- Support for PSA_CRYPTO_CLIENT without PSA_CRYPTO_C is out of scope for
now but might be added later (the architecture supports that).
- While we're using a void pointer for md_ctx, we don't need a union
here; the union will be useful only if & when we remove the indirection.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
18336dace2
Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user
...
EC J-PAKE: partial fix for role vs user+peer
2023-03-15 09:37:30 +01:00
Przemek Stekiel
c0e6250ff9
Fix documentation and tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-14 11:49:36 +01:00
Manuel Pégourié-Gonnard
439dbc5c60
Fix dependency for TLS 1.3 as well
...
Turns out TLS 1.3 is using the PK layer for signature generation &
verification, and the PK layer is influenced by USE_PSA_CRYPTO.
Also update docs/use-psa-crypto.md accordingly.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Przemek Stekiel
e9254a0e55
Adapt driver dispatch documentation for user/peer getters
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Gilles Peskine
a4c6a3c355
Merge pull request #7237 from davidhorstmann-arm/move-getting-started-guide
...
Move docs/getting_started.md to docs repo
2023-03-09 23:31:25 +01:00
David Horstmann
369930dec2
Move docs/getting_started.md to docs repo
...
Delete docs/getting_started.md as it has been moved to the dedicated
documentation repo.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-09 09:52:13 +00:00
Przemek Stekiel
691e91adac
Further pake code optimizations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-08 09:54:00 +01:00
Przemek Stekiel
4dc83d40af
Add check for pake operation buffer overflow
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:00 +01:00
Yanray Wang
7fc349e903
test-framework.md: document compat.sh
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-28 14:30:26 +08:00
Przemek Stekiel
6b64862ef7
Documentation fixes and code adaptation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
251e86ae3f
Adapt names to more suitable and fix conditional compilation flags
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
27cd488088
Update the documentation (v.3)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
33ea63d766
Minor updates of the documentation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
8c8ab26b2a
Update documentation (handling inputs, function names)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
d67a5b6320
Update PAKE driver documentation (v.2)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
d6eb11007f
Add draft documentation for the PAKE driver dispatch logic
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Manuel Pégourié-Gonnard
6778ddf657
Merge pull request #6549 from gilles-peskine-arm/psa-migration-md-cipher-strategy
...
Dual-API hash dispatch strategy
2023-02-15 12:50:13 +01:00
Gilles Peskine
91af0f9c0e
Minor clarifications
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-10 14:31:36 +01:00
Gilles Peskine
ff674d4c6f
Typos
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-10 14:31:17 +01:00
Gilles Peskine
199ee456b1
Summarize how to improve MBEDTLS_PSA_CRYPTO_CLIENT
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 12:35:19 +01:00
Gilles Peskine
58e935fc6b
add a missing
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 12:07:12 +01:00
Gilles Peskine
fad34a4f10
Support all legacy algorithms in PSA
...
This is not strictly mandatory, but it helps.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-07 20:37:56 +01:00
Manuel Pégourié-Gonnard
00d3e96042
Merge pull request #6855 from mpg/driver-only-ecdsa-starter
...
Driver-only ECDSA starter
2023-01-24 13:06:17 +01:00
Dave Rodgman
17292f7823
Minor fixes
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-23 12:32:51 +00:00
Dave Rodgman
99ff0a7c50
Fix some additional over-long lines
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-23 12:31:01 +00:00
Manuel Pégourié-Gonnard
5a2e02635a
Improve a few comments & documentation
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:51:52 +01:00
Gilles Peskine
fd094081e1
Pass attributes alongside key buffer
...
This is the generic way of going adapting a psa_key_id_t argument in the
application interface to the driver interface. Thanks Hannes Lindström.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-20 20:24:17 +01:00
Dave Rodgman
38699e5323
Update the getting-started doc
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 12:43:53 +00:00
Gilles Peskine
635b779cfd
Fix math character used in text mode
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-12 14:33:44 +01:00
Gilles Peskine
4e346bd569
Fix entry point name
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-12 14:33:22 +01:00
Gilles Peskine
eda71ce535
Key derivation: improve overview of the problem space
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-12 14:32:56 +01:00
Manuel Pégourié-Gonnard
6bbeba6a44
Add ssl-opt.sh support to outcome-analysis.sh
...
But make it optional as it makes things much slower.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
222bc85c6c
Update outcome analysis script & documentation
...
Now that the script only makes before-after comparison, it no longer
makes sense to ignore some test suites.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
a6e0291c51
Update documentation
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-21 09:59:33 +01:00
Gilles Peskine
3e30e1fb19
We haven't actually made hash accelerators initless in 3.3
...
It seems that it won't be necessary anyway.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:34:17 +01:00
Gilles Peskine
14239c6e2e
Switching to PSA can break things with MBEDTLS_PSA_CRYPTO_CLIENT
...
It's a rare scenario, but it's currently possible: if you use
mbedtls_cipher_xxx() to encrypt the communication between the application
and the crypto service, changing those functions to call PSA will break your
system.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:32:48 +01:00
Gilles Peskine
22db9916fe
The PSA cipher/AEAD API requires an initialized keystore
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:32:29 +01:00
Gilles Peskine
143ebcc1d6
PKCS#1v1.5 sign/verify uses hash metadata
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:30:10 +01:00
Gilles Peskine
cb93ac91bb
Note that we can tweak the meaning of MBEDTLS_PSA_CRYPTO_CONFIG too
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:29:43 +01:00
Gilles Peskine
d167f16d55
Wording clarifications and typo fixes
...
No intended meaning change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:29:15 +01:00
Manuel Pégourié-Gonnard
55a188b420
Clarify the "restart vs use PSA" situation in TLS
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Gilles Peskine
4eefade8bf
Sketch some optimizations relevant to MD light
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 23:05:14 +01:00
Gilles Peskine
f634fe10e7
Sketch the work to migrate to MD light
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 23:04:51 +01:00
Gilles Peskine
188e900a6d
Specify MD light based on the interface requirements
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 23:04:16 +01:00
Gilles Peskine
382b34ca84
Work out the hash interface requirements
...
Finish working out the RSA-PSS example in terms of what it implies about the
interface. The key takeaway is that a mixed-domain module must support
algorithms if they are available through either interface, and that's all
there is to it. The details of how dispatch is done don't matter, what
matters is only the availability, and it's just the disjunction of
availabilities.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 22:57:18 +01:00