Commit graph

86 commits

Author SHA1 Message Date
Ronald Cron
3e7c4036b4 Miscellaneous improvements
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:48:09 +02:00
Ronald Cron
fecda8ddb4 Improve the description of common macros usage
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:48:02 +02:00
Ronald Cron
99733f0511 Amend vector variables
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:37 +02:00
Ronald Cron
b194466e99 Amend TLS 1.3 prefix
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:37 +02:00
Ronald Cron
72064b30cf Fix usage of backticks
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:37 +02:00
Ronald Cron
660c723b09 Add paragraph about expected quality
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:37 +02:00
Ronald Cron
7a7032a4ba Remove out of MVP scope items
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:37 +02:00
Ronald Cron
c3b510f096 Amend supported groups and signatures based on spec 9.1 section
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:37 +02:00
Ronald Cron
3160d70049 Add comments about key_share and supported_versions support
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:29 +02:00
Ronald Cron
85e51083d8 Add support for server_name extension
Section 9.2 of the specification defines server_name
extension as mandatory if not specified otherwise by
an application profile. Thus add its support to the
MVP scope.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 13:42:39 +02:00
Ronald Cron
004df8ad5f Improve comment about handshake failure with HRR and CertificateRequest
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 13:42:39 +02:00
Ronald Cron
1fa5088c0b Improve comment about PSK TLS 1.3 configuration options
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 13:42:27 +02:00
Ronald Cron
023987feef Use GitHub table format
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 12:05:28 +02:00
Ronald Cron
def52c36e5 Remove obscure comment about TLS 1.3 renegotiation config option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 12:03:55 +02:00
Ronald Cron
3785c907c7 Define TLS 1.3 MVP and document coding rules
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-21 16:16:56 +02:00
Gilles Peskine
8ec3c8f015 Do not require test data to be in the repository
What matters is that we validate that test data is not removed. Keeping the
test data is the most obvious way, but not the only way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Gilles Peskine
b91f81a55b Discuss lifetimes, in particular persistence levels
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Gilles Peskine
77f8e5cb59 Add considerations on key material representations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Gilles Peskine
d131e400f0 Clarification: forward and backward compatibility
The import-and-save and load-and-check parts of the tests don't have to be
actually the same test cases.

Introduce the terms “forward compatibility” and “backward compatibility” and
relate them to import-and-save and load-and-check actions.

These are clarifications of intent that do not represent an intended change
in the strategy or intended coverage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Gilles Peskine
f31c6c111e Typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Bence Szépkúti
bb0cfeb2d4 Rename config.h to mbedtls_config.h
This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:33 +01:00
Gilles Peskine
cadd3d860e Give examples of PLATFORM_XXX_ALT
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:14:28 +02:00
Gilles Peskine
bf26bef157 Discuss the durability of PSA drivers vs ALT when introducing them
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:14:28 +02:00
Gilles Peskine
a71db94c66 Document that contexts must be movable
Fix #4451.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:14:28 +02:00
Gilles Peskine
f35c42bdb9 Document the remaining constraints on ALT context types
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:14:28 +02:00
Gilles Peskine
b9ccb25f33 Starter-class documentation of alternative implementations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:10:37 +02:00
Dave Rodgman
12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs
Merge development_3.0 into development
2021-04-26 19:48:16 +01:00
Tobias Nießen
835beffcf4
Fix typo in architecture docs
Signed-off-by: Tobias Nießen <tniessen@tnie.de>
2021-04-19 23:56:25 +02:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
2021-04-07 16:31:09 +01:00
Chris Jones
6f554e388e Remove reference to include/mbedtls/*_internal.h files
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-01 09:52:37 +01:00
Hanno Becker
7594c68049 Document status of MPS upstreaming
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Ronald Cron
d9763466b7 Expand and improve psa-crypto-implementation-structure.md
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:49:14 +01:00
Ronald Cron
31520b4b1c Fix psa-crypto-implementation-structure.md
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:38:50 +01:00
Ronald Cron
0dbbf1e27f psa: Add architecture document
Add architecture document explaining how this
PR aim to restructure the PSA implementation (only
part of it) and why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
a120146afe
Merge pull request #3962 from gilles-peskine-arm/psa-storage-format-test-strategy
Keystore format stability test strategy
2021-01-25 16:44:23 +01:00
Gilles Peskine
ff457506d3 Remind the reader of what is done about old formats
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-19 14:25:20 +01:00
Gilles Peskine
697ee190b5 Add a section about non-default lifetimes
Alternative locations should be covered. We don't yet support
alternative persistence levels.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-18 23:38:21 +01:00
Gilles Peskine
528144f523 Clarify the methods of key storage testing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-18 23:36:18 +01:00
Gilles Peskine
cf62f10d3f Clarify interoperability non-requirement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 11:49:18 +01:00
Gilles Peskine
739e08a68d Keystore format stability test strategy
Initial revision.

Save-compare-load approach: the test case data contains attributes of
the object under test and the expected file content. Create the
object, save it, check that the file has the expected content, load
the file and check that the new object has the expected attributes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-14 18:51:47 +01:00
Gilles Peskine
24cebf6671 Add a section for transparent drivers
No strategy yet, just state some basic requirements.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-08 15:19:04 +01:00
Gilles Peskine
f0e2853d46 Minimal update to mention unified-interface opaque drivers
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-08 15:19:04 +01:00
Gilles Peskine
db6b03b4f2 Remove old-style accelerator and entropy driver interfaces
The driver interfaces described in crypto_accel_driver.h and
crypto_entropy_driver.h are no longer being worked on. We do not
intend to finish the design of these interfaces or to implement them
in Mbed TLS. They have been superseded by the unified driver
interface (docs/proposed/psa-driver-interface.md), which is being
actively worked on both to finalize the specification and to implement
it in Mbed TLS.

The partially implemented dynamic secure element interface is staying
for now.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-30 17:37:14 +01:00
Ronald Cron
cf56a0a320 psa: Move from key handle to key identifier
Move all the PSA crypto APIs using key handles
to use key identifiers but psa_key_open() and
psa_key_close(). This is done without modifying
any test as key handles and key identifiers are
now the same.

Update the library modules using PSA crypto APIs
to get rid of key handles.

Programs and unit tests are updated to not use
key handles in subsequent commits, not in this
one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Torstein Nesse
d9246559ca Update changelog entry, format specification, and correct test vectors
Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
2020-10-21 11:17:09 +02:00
Torstein Nesse
162a1104be Changes PSA key storage format to include key bits
* Stores bits in psa_persistent_key_storage_format.
* psa_load_persistent_key_into_slot still imports plaintext keys which
  ensures that the bits value gets set.
* Updates key specification to match new implementation.
* Expands persistent store and load tests with to check for bits
  attribute.
* Removes bits storage from psa_se_key_data_storage_t.

Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
2020-10-07 10:54:24 +02:00
Janos Follath
2a25904f45
Merge pull request #3568 from hanno-arm/tls13_experimental_key_schedule_1
TLS 1.3: Add HKDF-based key derivation functionality
2020-09-16 11:40:06 +01:00
Hanno Becker
b11c3097a5 Update state of TLS 1.3 functionality in architecture document
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:29 +01:00
Ronald Cron
71016a9ea7 psa: Rename psa_key_file_id_t to mbedtls_svc_key_id_t
With PSA crypto v1.0.0, a volatile key identifier may
contain a owner identifier but no file is associated
to it. Thus rename the type psa_key_file_id_t to
mbedtls_svc_key_id_t to avoid a direct link with a
file when a key identifier involves an owner
identifier.

The new type name is prefixed by mbedtls to highlight
that the type is specific to Mbed TLS implementation
and not defined in the PSA Cryptography API
specification.

The svc in the type name stands for service as this
is the key identifier type from the point of view of
the service providing the Cryptography services.
The service can be completely provided by the present
library or partially in case of a multi-client service.

As a consequence rename as well:
. MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER to
  MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
. PSA_KEY_ID_INIT to MBEDTLS_SVC_KEY_ID_INIT
. PSA_KEY_FILE_GET_KEY_ID to MBEDTLS_SVC_KEY_ID_GET_KEY_ID
. psa_key_file_id_make to mbedtls_svc_key_id_make

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00
danh-arm
0ca6d38bc3
Merge pull request #3493 from gilles-peskine-arm/psa-unified-driver-specs
PSA unified driver specification
2020-08-06 16:10:17 +01:00