mbedtls

Author	SHA1	Message	Date
Manuel Pégourié-Gonnard	481846c82f	General update of PSA strategy documentation Not related to the changes in this PR, except in the next commit I'll update the strategy document for changes in this PR and to outline likely follow-ups, and while looking at the document I noticed a few things that needed updated, so here there are in their own commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard	b5b27c1114	Misc clean-ups in docs/use-psa-crypto.md Note: limitations of opaque PSKs changed from "TLS 1.2 only" to "none" since TLS 1.3 does not support PSK at all so far, and it is expected to support opaque PSKs as soon as it gains PSK support, it will be just a matter of selecting between psa_key_derivation_input_bytes() and psa_key_derivation_input_key() - and testing obviously. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard	0dba51cfad	Fix list of what's common to TLS 1.2 and 1.3 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard	9bf9b9e269	Link to restartable ECC EPIC Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard	f3f79a00fc	Now compatible with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER Also make a few general clarifications/improvements while at it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard	3e83098e01	Clarify the TLS 1.3 situation Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:32 +02:00
Manuel Pégourié-Gonnard	103b9929d1	Remove HKDF-Extract/Expand Being resolved in https://github.com/Mbed-TLS/mbedtls/issues/5784 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard	b2bd34ecdc	Update docs/use-psa-crypto.md The scope of the option has been expanded, now it makes more sense to describe it as "everything except ...". Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard	ff43ff6e78	Remove stability waiver from USE_PSA It was initially motivated by the fact that the PSA Crypto APIs themselves were not stable. In the meantime, PSA Crypto has reached 1.0.0 so this no longer applies. If we want user to be able to fully benefit from PSA in order to isolate long-term secrets, they need to be able to use the new APIs with confidence. There is no reason to think those APIs are any more likely to change than any of our other APIs, and if they do, we'll follow the normal process (deprecated in favour of a new variant). For reference, the APIs in question are: mbedtls_pk_setup_opaque() // to use PSA-held ECDSA/RSA keys in TLS mbedtls_ssl_conf_psk_opaque() // for PSA-held PSKs in TLS mbedtls_ssl_set_hs_psk_opaque() // for PSA-held PSKs in TLS mbedtls_cipher_setup_psa() (deprecated in 3.2) mbedtls_pk_wrap_as_opaque() (documented internal, to be removed in 3.2) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard	97ec0b7bfa	Clarify effect of USE_PSA on TLS 1.3 The previous wording was wrong, there are parts that are affected. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard	2a47d23927	Update strategy.md Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard	83c538869e	Update psa-limitations - misc updates about on-going/recent work - removal of the section about mixed-PSK: being done in #5762 - clarifications in some places - some typo fixes Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard	b8a6c2320e	Update testing.md Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard	2ffb93a83b	Rm tasks-g2.md That document was always temporary (said so at the top). Now superseded by https://github.com/orgs/Mbed-TLS/projects/1#column-18338322 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:38:43 +02:00
Paul Elliott	7c6b0e4464	Merge pull request #5972 from wernerlewis/migration_guide_removals Add guidance for deprecated functions and macros to migration guide	2022-07-01 17:40:21 +01:00
Ronald Cron	3cb707dc6d	Fix and improve logs and documentation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-01 14:36:52 +02:00
Ronald Cron	2ba0d23c65	Update TLS 1.3 support documentation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-01 11:25:49 +02:00
Manuel Pégourié-Gonnard	11ccb35987	Merge pull request #5994 from gilles-peskine-arm/storage-format-doc-2.25-development Update storage format specification for Mbed TLS 2.25.0+	2022-07-01 09:25:35 +02:00
Gilles Peskine	d9645c847e	Fix naming confusion with opaque key derivation "key_derivation_derive_key" should have been "key_derivation_output_key". Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 18:19:51 +02:00
Gilles Peskine	54eb0686b3	New function psa_crypto_driver_key_derivation_get_input_type The new function psa_crypto_driver_key_derivation_get_input_type() allows drivers to retrieve the effective type of each input step, and thus to call the correct get-data function. This is simpler than the previous scheme which required a somewhat contrived dance with get_key() and get_bytes() for inputs that can be passed either as a key or as a byte buffer at the application's choice. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 18:13:31 +02:00
Gilles Peskine	0b7ee23fe0	Historical update: the layout on stdio changed in Mbed Crypto 1.1.0 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 12:16:50 +02:00
Gilles Peskine	38989612d6	Typos Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 12:16:32 +02:00
Gilles Peskine	219a34839c	Repeat the seed file documentation in 2.25.0 This way the 2.25.0 section is now fully self-contained. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 12:15:53 +02:00
Gilles Peskine	3d65a19ee3	Fix wrong type in C snippet Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 12:15:35 +02:00
Tom Cosgrove	d7adb3c7d9	Add comments about MBEDTLS_PSA_CRYPTO_C also being required by MBEDTLS_SSL_PROTO_TLS1_3 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-06-30 09:48:40 +01:00
Gilles Peskine	25e39f24b9	Add section for Mbed TLS 2.25.0+ We hadn't updated the storage specification in a while. There have been no changes to the storage layout, but the details of the contents of some fields have changed. Since this is now a de facto stable format (unchanged between 2.25 and 3.2), describe it fully, avoiding references to previous versions. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 09:16:53 +02:00
Tom Cosgrove	afb2fe1acf	Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3 Also have check_config.h enforce this. And MBEDTLS_SSL_EXPORT_KEYS has been removed, so no longer mention it. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-06-29 16:36:12 +01:00
Werner Lewis	05d5f81c20	Fix spelling and formatting consistency Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-29 09:19:29 +01:00
Ronald Cron	6b14c69277	Improve documentation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	139d0aa9d3	Fix typo in documentation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	44b23b10e1	tls13: Document TLS 1.3 handshake implementation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Werner Lewis	4abd7c2545	Minor phrasing changes Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 09:42:34 +01:00
Werner Lewis	129d6adc0e	Use mbedtls-2.28 branch for documentation link Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 09:42:34 +01:00
Werner Lewis	4b8aaa4e60	Add clarification on 2.x branch choice Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 09:41:54 +01:00
Werner Lewis	f5b86f3b16	Add clarification for 2.x section Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 09:20:01 +01:00
Werner Lewis	f8a478795c	Add guidance for generating deprecated list Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-24 11:10:48 +01:00
Werner Lewis	016cec17e8	Add deprecated macros to migration guide Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-23 16:55:52 +01:00
Werner Lewis	745fcde406	Add reference to 2.x docs to migration guide Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-23 16:51:45 +01:00
Gilles Peskine	2e22ecbd09	Add guide to implementing new cryptographic mechanisms Add a check list with what typically needs to be done when adding a new algorithm, key type or operation. There are a few explanations but this is primarily intended as a list of places to look and not as a detailed explanation of exactly what to do. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 17:39:10 +02:00
Gilles Peskine	f30ff75137	List all markdown files in makefile Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 17:36:36 +02:00
Gilles Peskine	3fc9e04bc4	Be more consistent with raw/cooked key derivation terminology Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-03 17:48:46 +02:00
Gilles Peskine	1a5b83007c	Fix typos and copypasta Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-03 17:47:40 +02:00
Gilles Peskine	c2e29108f0	Fix internal links Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-03 17:07:19 +02:00
bootstrap-prime	6dbbf44d78	Fix typos in documentation and constants with typo finding tool Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>	2022-05-18 14:15:33 -04:00
Dave Rodgman	65a141a7b0	Fix minor grammatical error Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-11 21:25:54 +01:00
Andrzej Kurek	5c65c5781f	Fix additional misspellings found by codespell Remaining hits seem to be hex data, certificates, and other miscellaneous exceptions. List generated by running codespell -w -L keypair,Keypair,KeyPair,keyPair,ciph,nd Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-05-11 21:25:54 +01:00
Shaun Case	8b0ecbccf4	Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. Signed-off-by: Shaun Case <warmsocks@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-11 21:25:51 +01:00
Dave Rodgman	017a19997a	Update references to old Github organisation Replace references to ARMmbed organisation with the new org, Mbed-TLS, following project migration. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-03-31 14:43:16 +01:00
Ronald Cron	8f6d39a81d	Make some handshake TLS 1.3 utility routines available for TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Gilles Peskine	fdfc10b250	Merge pull request #4408 from gilles-peskine-arm/storage-format-check-mononicity Check storage format tests for regressions	2022-03-07 17:02:34 +01:00
Gilles Peskine	e356f075f5	Merge pull request #5512 from gilles-peskine-arm/psa-driver-interface-tweaks-202201 PSA driver description spec: minor tweaks to the JSON format	2022-03-01 20:46:14 +01:00
Gilles Peskine	790f7428d2	Storage format test regressions are now checked mechanically Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-22 19:16:42 +01:00
Jerry Yu	bd19287a8e	fix docs issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	adb1869f8d	fix document about tls13 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	72a0565e13	docs: Add version support description Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Gilles Peskine	41618da50e	Clarify backward compatibility requirement There are two somewhat distinct aspects here: if it compiled, it still compiles; and if it worked functionally, it still works. They're related in that if application code currently compiles but cannot possibly work, we could reasonably make it not compile anymore. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-16 22:32:12 +01:00
Gilles Peskine	41d0334b4c	Write up requirements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-15 16:06:09 +01:00
Andrzej Kurek	eec6b2c6b4	Updated slot->attr and slot->key access Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-15 16:06:03 +01:00
Ronald Cron	87829e5429	Fix documentation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-02-14 16:31:33 +01:00
Ronald Cron	4279bac965	Document TLS 1.3 MVP limitation regarding MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-02-11 15:10:22 +01:00
Manuel Pégourié-Gonnard	c70013e4bc	Clarify the trailer field situation Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-10 13:16:50 +01:00
Manuel Pégourié-Gonnard	c7f3254379	Clarify a sentence Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-10 13:00:33 +01:00
Manuel Pégourié-Gonnard	58d101b721	Fix a few more typos Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-10 12:58:09 +01:00
Manuel Pégourié-Gonnard	2c5fbad479	Merge pull request #5004 from mpg/doc-psa-migration Document PSA migration strategy	2022-02-09 12:07:12 +01:00
Manuel Pégourié-Gonnard	839bb8a238	Fix an inaccuracy Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-08 10:33:41 +01:00
Manuel Pégourié-Gonnard	80759c4917	Fix a few more typos Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-08 10:33:11 +01:00
Gilles Peskine	08fb89d251	Require a driver prefix to be non-empty Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-07 16:30:16 +01:00
Gilles Peskine	272ff9c309	Open a namespace for implementation-specific properties "IMPLEMENTATION/PROPERTY" Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-07 16:29:18 +01:00
Gilles Peskine	6c3b1a760a	Allow comments in driver descriptions Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-07 16:29:04 +01:00
Manuel Pégourié-Gonnard	8ebed21216	Fix a few typos Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-07 10:23:49 +01:00
Manuel Pégourié-Gonnard	539b9a52f9	Fix discussion of RSA-PSS salt length Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-07 10:19:08 +01:00
Manuel Pégourié-Gonnard	2467aed961	Misc updates to testing.md Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-01 10:42:30 +01:00
Manuel Pégourié-Gonnard	ce6c0875d1	Misc updates to strategy.md Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-01 10:34:20 +01:00
Manuel Pégourié-Gonnard	8e559daaa8	Misc updates to psa-limitations.md Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-01 10:26:07 +01:00
Manuel Pégourié-Gonnard	335cbf61da	Remove temporary documents The dependencies-xxx.md documents where merely a support for study, now distilled to strategy.md, psa-limitation.md, and tasks-xx.md and/or github issues. The tasks-g1.md document has now been fully converted to a list of github issues. These documents would quickly become out-of-date and there's little point in updating them, so it's better to remove them. They're still in the github history if anyone wants to have a look. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-01 09:55:45 +01:00
Gilles Peskine	220bda7f76	Rename a function parameter to avoid confusion Don't use “output” for an input of the KDF. It's correct in context (it's the output of a function that copies the input of the KDF from core-owned memory to driver-owned memory) but confusing. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-25 12:03:34 +01:00
Gilles Peskine	a2b41598d6	Draft specification for key derivation Pass all the initial inputs in a single structure. It's impossible to pass the inputs as soon as the application makes them available because the core cannot know which driver to call until it receives the SECRET input. Do support hiding the key material inside a secure element if the relevant driver has all the requisite entry points. Do cooked key derivation (i.e. derivation of non-raw keys) and key agreement separately. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-24 14:52:59 +01:00
Manuel Pégourié-Gonnard	ec3fd75cbc	Update strategy with late 2021 discussion Unless I missed something, this should now reflect the current strategy. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:15 +01:00
Manuel Pégourié-Gonnard	5218774efb	Add note about HKDF for TLS 1.3 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	ab1d3084b7	Goal 1 tasks are now all reflected on github Replace descriptions with links just to double-check nothing has been forgotten. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	0950359220	Improve "abstraction layers" section - fix inaccuracy about PSA hash implementation - add note about context-less operations - provide summary Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	a6c601c079	Explain compile-time incompatibilities Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	7497991356	Expand discussion of goals Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	e459be2ed1	Complete discussion of RSASSA-PSS Update to latest draft of PSA Crypto 1.1.0: back to strict verification by default, but ANY_SALT introduced. Commands used to observe default values of saltlen: openssl genpkey -algorithm rsa-pss -out o.key openssl req -x509 -new -key o.key -subj "/CN=CA" -sha256 -out o.crt certtool --generate-privkey --key-type rsa-pss --outfile g.key certtool --generate-self-signed --load-privkey g.key --outfile g.crt Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	f5ee4b3da4	Add data about RSA-PSS test files Data gathered with: for c in server9.crt; do echo $c; openssl x509 -noout -text -in $c \| grep '^ Signature Algorithm: rsassaPss' -A3 \| sed '1d'; done for c in crl-rsa-pss-; do echo $c; openssl crl -noout -text -in $c \| grep '^ Signature Algorithm: rsassaPss' -A3 \| sed '1d'; done for c in server9.req.*; do echo $c; openssl req -noout -text -in $c \| grep '^ Signature Algorithm: rsassaPss' -A3 \| sed '1d'; done Unfortunately there is no record of how these files have been generated. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	b902164cf0	Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	d9edd56bf8	Document PSA limitations that could be problems (WIP: the study of RSA-PSS is incomplete.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	b89fd95146	Document the general strategy for PSA migration Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	1b52d09494	Document test strategy for USE_PSA_CRYPTO Note: removed `mbedtls_x509write_crt_set_subject_key()` from the list of things that should be tested, as it's taking public key rather than a keypair. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	0d0a104b2d	Add study for TLS/X.509 dependencies on crypto This is an updated version of the study that was done a few years ago. The script `syms` was used to list symbols form libmbedtls.a / libmbedx509.a that are defined externally. It was run with config.py full minus MBEDTLS_USE_PSA_CRYPTO minus MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:00 +01:00
Archana	21b20c72d3	Add Changelog and update documentation Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 10:35:15 +05:30
Archana	c08248d650	Rename the template file from .conf to .jinja Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 10:35:15 +05:30
Archana	a8939b6da3	Restructure scripts' folder alignment Moved python script generate_driver_wrappers.py under scripts and corresponding template file under script/data_files. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 12:57:15 +05:30
Archana	1f1a34a226	Rev 1.0 of Driver Wrappers code gen The psa_crypto_driver_wrappers.c is merely rendered with no real templating in version 1.0. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 12:22:06 +05:30
Ronald Cron	b1822efe22	docs: TLS 1.3: Improve wording Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 14:28:13 +01:00
Ronald Cron	7aa6fc1992	docs: TLS 1.3: Update prototype upstreaming status Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:22:21 +01:00
Ronald Cron	653d5bc781	docs: TLS 1.3: Swap prototype upstreaming status and MVP definition Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:22:21 +01:00
Ronald Cron	43ffc9d659	docs: TLS 1.3: Update TLS 1.3 documentation file name Update TLS 1.3 documentation file name and its overview section. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:22:21 +01:00
Ronald Cron	0abf07ca2c	Make PSA crypto mandatory for TLS 1.3 As we want to move to PSA for cryptographic operations let's mandate PSA crypto from the start. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:22:21 +01:00
Dave Rodgman	d7c091060f	Merge pull request #5242 from paul-elliott-arm/explain_TLS13_decision TLS1.3: Edit docs to explain not changing curve order.	2021-12-07 11:01:04 +00:00
Paul Elliott	cce0f5a085	Fix typo Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-03 16:13:30 +00:00
Paul Elliott	c0d335bc1e	Second draft of explanation Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-02 16:38:05 +00:00
Paul Elliott	fe08944246	Fix spelling error Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-11-30 10:55:53 +00:00
Paul Elliott	89c8e098ee	Convert tabs to spaces Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-11-30 10:54:52 +00:00
Paul Elliott	66491c7d08	Edit docs to explain not changing curve order TLS1.3 MVP would benefit from a different curve group preference order in order to not cause a HelloRetryRequest (which are not yet handled), however changing the curve group preference order would affect both TLS1.2 and TLS1.3, which is undesirable for something rare that can be worked around. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-11-29 10:39:44 +00:00
Xiaofei Bai	746f9481ea	Fix 1_3/13 usages in macros and function names Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
Andrzej Kurek	e3ed82473a	Fix duplicate variable name in getting_started.md Rename the key id variables to not clash with the raw key data. This was introduced in `cf56a0a3`. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2021-11-19 13:40:20 +01:00
Gilles Peskine	a42a8de120	PSA thread safety analysis Looks like a mutex isn't enough? Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-11-03 12:18:41 +01:00
Manuel Pégourié-Gonnard	9a7cf9a196	Merge pull request #5045 from gilles-peskine-arm/rm-PSACryptoDriverModelSpec-development Remove the old driver model specification draft	2021-10-29 09:36:15 +02:00
Dave Rodgman	c8aaac89d0	Fix naming examples in TLS 1.3 style guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-10-18 13:00:51 +01:00
Gilles Peskine	4086159910	Remove obsolete specification draft See https://armmbed.github.io/mbed-crypto/psa/#hardware-abstraction-layer instead. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-07 19:14:01 +02:00
Manuel Pégourié-Gonnard	0729885c2b	Merge pull request #4963 from ronald-cron-arm/tls13-mvp Define TLS 1.3 MVP and document coding rules	2021-09-29 10:32:49 +02:00
Ronald Cron	7fc96c1a57	Fix test description Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-28 16:29:04 +02:00
Ronald Cron	fb877215b5	Fix supported signature documentation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-28 16:29:04 +02:00
Ronald Cron	8ee9ed6785	Fix and improve the documentation of supported groups Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-28 16:28:58 +02:00
Ronald Cron	f164b6a7ff	Add an overview section Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:48:09 +02:00
Ronald Cron	847c3580b8	Expend coding rules Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:48:09 +02:00
Ronald Cron	3e7c4036b4	Miscellaneous improvements Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:48:09 +02:00
Ronald Cron	fecda8ddb4	Improve the description of common macros usage Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:48:02 +02:00
Ronald Cron	99733f0511	Amend vector variables Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:37 +02:00
Ronald Cron	b194466e99	Amend TLS 1.3 prefix Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:37 +02:00
Ronald Cron	72064b30cf	Fix usage of backticks Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:37 +02:00
Ronald Cron	660c723b09	Add paragraph about expected quality Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:37 +02:00
Ronald Cron	7a7032a4ba	Remove out of MVP scope items Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:37 +02:00
Ronald Cron	c3b510f096	Amend supported groups and signatures based on spec 9.1 section Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:37 +02:00
Ronald Cron	3160d70049	Add comments about key_share and supported_versions support Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:29 +02:00
Ronald Cron	85e51083d8	Add support for server_name extension Section 9.2 of the specification defines server_name extension as mandatory if not specified otherwise by an application profile. Thus add its support to the MVP scope. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 13:42:39 +02:00
Ronald Cron	004df8ad5f	Improve comment about handshake failure with HRR and CertificateRequest Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 13:42:39 +02:00
Ronald Cron	1fa5088c0b	Improve comment about PSK TLS 1.3 configuration options Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 13:42:27 +02:00
Ronald Cron	023987feef	Use GitHub table format Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 12:05:28 +02:00
Ronald Cron	def52c36e5	Remove obscure comment about TLS 1.3 renegotiation config option Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 12:03:55 +02:00
Manuel Pégourié-Gonnard	13841cb719	Mention areas that are not (well) tested. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-24 11:43:14 +02:00
Manuel Pégourié-Gonnard	9155b0e396	Clarify that 1.3 is excluded Don't mention "TLS 1.2 only" for PSK, as that could give the impression that the other things about TLS are supported beyond 1.2, which isn't the case currently. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-24 10:17:07 +02:00
Manuel Pégourié-Gonnard	ca9101739a	Improve wording and fix some typos. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-24 10:14:32 +02:00
Manuel Pégourié-Gonnard	d3ac4a9a8a	Clarify wording of "not covered" section The section is about things that are not covered, but some lists are about things that are covered, which was very confusing. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-24 10:06:04 +02:00
Manuel Pégourié-Gonnard	1e07869381	Fix inaccuracy in key exchange summary Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-22 10:11:53 +02:00
Ronald Cron	3785c907c7	Define TLS 1.3 MVP and document coding rules Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-21 16:16:56 +02:00
Manuel Pégourié-Gonnard	73a0e1da0d	Document parts not covered by USE_PSA_CRYPTO Also, remove the section about design considerations for now. It's probably more suitable for a developer-oriented document that would also include considerations about possible paths for the future, which would better be separated from user documentation (separating the certain that is now, from the uncertain that might or might not be later). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-21 13:55:00 +02:00
Manuel Pégourié-Gonnard	1b08c5f042	Document current effects of USE_PSA_CRYPTO Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-21 12:59:26 +02:00
Manuel Pégourié-Gonnard	13b0bebf7d	Add docs/use-psa-crypto.md Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-21 12:59:25 +02:00
Gilles Peskine	8ec3c8f015	Do not require test data to be in the repository What matters is that we validate that test data is not removed. Keeping the test data is the most obvious way, but not the only way. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-07-15 16:22:14 +02:00
Gilles Peskine	b91f81a55b	Discuss lifetimes, in particular persistence levels Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-07-15 16:22:14 +02:00
Gilles Peskine	77f8e5cb59	Add considerations on key material representations Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-07-15 16:22:14 +02:00
Gilles Peskine	d131e400f0	Clarification: forward and backward compatibility The import-and-save and load-and-check parts of the tests don't have to be actually the same test cases. Introduce the terms “forward compatibility” and “backward compatibility” and relate them to import-and-save and load-and-check actions. These are clarifications of intent that do not represent an intended change in the strategy or intended coverage. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-07-15 16:22:14 +02:00
Gilles Peskine	f31c6c111e	Typo Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-07-15 16:22:14 +02:00
Dave Rodgman	8e5020dead	Remove obsolete reference to _ret in migration guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-07-02 12:16:03 +01:00
Dave Rodgman	7b743193b0	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 20:10:10 +01:00
Dave Rodgman	9637bd30a3	Move subsections Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 20:07:57 +01:00
Dave Rodgman	b0e6bb54f9	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 20:03:55 +01:00
Dave Rodgman	26c12eb523	Remove C from code block Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:58:00 +01:00
Dave Rodgman	10963278e7	Mark all code blocks as C Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	a014831732	Add missing backticks Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	7d2ac88f93	Correct hyperlink Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	2482650483	Correct hyperlink Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	2b03457ca5	Improve wording Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	b4d15b1556	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	8128b69ffe	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	715966862d	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	507827e75a	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	68547187f6	Move subsections Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	897a95f46c	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	3f66943bdd	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	2d05e0f440	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	aa1fba2fed	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	7018053460	Reorder subsections Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	28701c63cb	Fix grammatical error Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	ce53b3afd6	Remove reference to removed item Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	9d3417845c	Add backticks where needed Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:12:32 +01:00
Dave Rodgman	2e1e623d33	Correct hyperlink syntax Co-authored-by: Tomasz Rodziewicz <40165497+TRodziewicz@users.noreply.github.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 17:58:10 +01:00
Dave Rodgman	6753a775b8	Fix grammatical error Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 17:15:28 +01:00
Dave Rodgman	26ad6c7ea7	Fix typo Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 17:14:01 +01:00
Dave Rodgman	8d91ceb19d	Remove empty 3.0-migration-guide.d This is now captured in 3.0-migration-guide.md Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 16:56:59 +01:00
Dave Rodgman	92170cc3e1	Add general cross-reference for low/high-level crypto Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 14:53:23 +01:00
Dave Rodgman	c936bbb15a	Make blank lines before sections consistent Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 14:53:23 +01:00
Dave Rodgman	b1c6b4a7a5	Add cross-reference Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 14:53:16 +01:00
Dave Rodgman	a3758208ae	Move sub-sections to more appropriate places Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 14:17:03 +01:00
Dave Rodgman	4ea5643046	Change some section names Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 14:16:22 +01:00
Dave Rodgman	d462ca1f72	Fix typos Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 11:26:08 +01:00
Dave Rodgman	a54c16805e	Improve wording relating to removal of MBEDTLS_ERR_SSL_BAD_HS_XXX Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 11:11:07 +01:00
Dave Rodgman	a5a3cce49b	Add link between sections Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 11:06:58 +01:00
Gilles Peskine	a481052407	Add migration guide and changelog entry for MBEDTLS_PRIVATE We forgot those in #4511. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-30 11:06:40 +01:00
Dave Rodgman	e4ec84631b	Fix typos Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:52:40 +01:00
Dave Rodgman	b491b2b051	Add SSL error code updates from #4724 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:49:30 +01:00
Dave Rodgman	7078973b7b	Improve wording Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	4a5d3c08c6	Fix typo Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	30dc603958	Reorder sections Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	d8a1017abf	add section headings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	36bb5ff6e3	minor updates Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	d267ec361d	Add formatting codes to level 3 headings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	a0e8db09ac	Change headings to level 3 to enable use of sections Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	949c21b336	Minor updates to migration guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	1cb2331495	Remove line that got into the wrong place Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	7b0c4dea59	Fix missing part of sentence Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	759c0109f2	Fix errors in migration guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	1aea40427f	Add a very short summary Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	e45e6401af	Re-order to put some more significant items at the top Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	8cccbe11df	Update the migration guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:33:59 +01:00
Dave Rodgman	dc1a3b2d70	Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0 Cleanup SSL error code space	2021-06-30 09:02:55 +01:00
Ronald Cron	8682faeb09	Merge pull request #4694 from gilles-peskine-arm/out_size-3.0 Add output size parameter to signature functions	2021-06-29 09:43:17 +02:00
Bence Szépkúti	9cd7065307	No other headers are included by mbedtls_config.h These have been moved to build_info.h. Update the documentation to reflect this. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 14:29:42 +01:00
Hanno Becker	2fc9a652bc	Address review feedback Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	2e3ecda684	Adust migration guide for SSL error codes Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Bence Szépkúti	dbf5d2b1a7	Improve the instructions in the migration guide Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 10:37:41 +01:00
Bence Szépkúti	1b2a8836c4	Correct documentation references to Mbed TLS Use the correct formatting of the product name in the documentation. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 10:37:19 +01:00
Bence Szépkúti	60c863411c	Remove references to MBEDTLS_USER_CONFIG_VERSION Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:48 +01:00
Bence Szépkúti	36da4ccc51	Update changelog and migration guide This reflect changes to the config version symbols. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:48 +01:00
Bence Szépkúti	8d9132f43c	Fix typo Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:48 +01:00
Bence Szépkúti	90b79ab342	Add migration guide and changelog Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:48 +01:00
Bence Szépkúti	dba968f59b	Realign Markdown table Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:47 +01:00
Bence Szépkúti	bb0cfeb2d4	Rename config.h to mbedtls_config.h This commit was generated using the following script: # ======================== #!/bin/sh git ls-files \| grep -v '^ChangeLog' \| xargs sed -b -E -i ' s/((check\|crypto\|full\|mbedtls\|query)_config)\.h/\1\nh/g s/config\.h/mbedtls_config.h/g y/\n/./ ' mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:33 +01:00
Gilles Peskine	f00f152444	Add output size parameter to signature functions The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(), mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable() now take an extra parameter indicating the size of the output buffer for the signature. No change to RSA because for RSA, the output size is trivial to calculate. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-25 00:46:22 +02:00
Gilles Peskine	fedd52ca19	Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation Require matching hashlen in RSA functions: implementation	2021-06-24 10:28:20 +02:00
Gilles Peskine	f06b92d724	Merge pull request #4567 from mstarzyk-mobica/gcm_ad Enable multiple calls to mbedtls_gcm_update_ad	2021-06-23 19:36:23 +02:00
Gilles Peskine	e9bc857327	Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export Implement modified key export API for Mbed TLS 3.0	2021-06-22 18:52:37 +02:00
Gilles Peskine	9dbbc297a3	PK signature function: require exact hash length Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-22 18:39:41 +02:00
Dave Rodgman	5ec5003992	Document the return type change in the migration guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-22 13:49:09 +01:00
Manuel Pégourié-Gonnard	e7885e5441	RSA: Require hashlen to match md_alg when applicable Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-22 12:29:27 +02:00
Manuel Pégourié-Gonnard	3e7ddb2bb6	Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0 Update the default hash and curve selection for X.509 and TLS	2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard	508d3a5824	Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext Remove truncated HMAC extension	2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard	a805d57261	Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA Remove MD2, MD4, RC4, Blowfish and XTEA	2021-06-22 09:27:41 +02:00
TRodziewicz	f41dc7cb35	Removal of RC4 certs and fixes to docs and tests Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-21 13:27:29 +02:00
Hanno Becker	7e6c178b6d	Make key export callback and context connection-specific Fixes #2188 Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	d5c9cc7c90	Add migration guide for modified key export API Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard	9a32d45819	Merge pull request #4517 from hanno-arm/ticket_api_3_0 Implement 3.0-API for SSL session resumption	2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard	ae35830295	Merge pull request #4661 from mpg/make-blinding-mandatory Make blinding mandatory	2021-06-18 18:32:13 +02:00
Dave Rodgman	8c8166a7f1	Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test Move part of timing module out of the library	2021-06-18 16:35:58 +01:00
Thomas Daubney	ac84469dd1	Modifies Migration Guide entry Commit makes corrections to Migration Guide entry for this task. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-06-18 14:08:56 +01:00
Thomas Daubney	379227cc59	Modifies ChangeLog and Migration Guide Entries in ChangeLog and Migration guide files have been merged to cover both the removal of MBEDTLS_SSL_TRUNCATED_HMAC and MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-06-18 10:46:12 +01:00
Gilles Peskine	39957503c5	Remove secp256k1 from the default X.509 and TLS profiles For TLS, secp256k1 is deprecated by RFC 8422 §5.1.1. For X.509, secp256k1 is not deprecated, but it isn't used in practice, especially in the context of TLS where there isn't much point in having an X.509 certificate which most peers do not support. So remove it from the default profile. We can add it back later if there is demand. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 23:17:52 +02:00
Gilles Peskine	ec78bc47b5	Meld DEFAULT_ALLOW_SHA1_IN_CERTIFICATES removal migration guide Meld the migration guide for the removal of MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES into the migration guide for the strengthening of TLS and X.509 defaults, which is more general. The information in the SHA-1 section was largely already present in the strengthening section. It is now less straightforward to figure out how to enable SHA-1 in certificates, but that's a good thing, since no one should still be doing this in 2021. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00
Gilles Peskine	6b1f64a150	Wording clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00
Gilles Peskine	b1940a76ad	In TLS, order curves by resource usage, not size TLS used to prefer larger curves, under the idea that a larger curve has a higher security strength and is therefore harder to attack. However, brute force attacks are not a practical concern, so this was not particularly meaningful. If a curve is considered secure enough to be allowed, then we might as well use it. So order curves by resource usage. The exact definition of what this means is purposefully left open. It may include criteria such as performance and memory usage. Risk of side channels could be a factor as well, although it didn't affect the current choice. The current list happens to exactly correspond to the numbers reported by one run of the benchmark program for "full handshake/s" on my machine. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00
Gilles Peskine	3758fd6b79	Changelog entry and migration guide for hash and curve profile upgrades Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:14 +02:00
Thomas Daubney	50afb4378f	Adds Migration guide Commit adds a migraiton guide entry that was missing. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-06-17 09:23:41 +01:00
Manuel Pégourié-Gonnard	8707259318	Improve ChangeLog and migration guide entries Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard	e6e51aab55	Add ChangeLog and migration guide entries Merge part of the RSA entries into this one, as I think it's easier for users to have all similar changes in one place regardless of whether they were introduce in the same PR or not. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-17 09:38:38 +02:00
Mateusz Starzyk	bd513bb53d	Enable multiple calls to mbedtls_gcm_update_ad. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-06-16 14:34:09 +02:00
TRodziewicz	15a7b73708	Documentation rewording Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-16 11:22:53 +02:00
TRodziewicz	8f91c721d3	Code review follow-up corrections Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-16 10:34:45 +02:00
TRodziewicz	7ff652ae53	Addition of ChangeLog and migration guide entry files. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-16 10:34:39 +02:00
Gilles Peskine	17575dcb03	Merge pull request #4629 from TRodziewicz/rename_functions_whose_deprecated_variants_have_been_removd Rename the _ret() functions	2021-06-15 20:32:07 +02:00
TRodziewicz	9c90226df1	Addition of the migration guide and change log files Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-15 15:49:20 +02:00
Manuel Pégourié-Gonnard	8cad2e22fc	Merge pull request #4595 from gilles-peskine-arm/alt-dummy-headers-3.0 Lighten and test constraints on context types in alternative implementations	2021-06-15 12:12:46 +02:00
TRodziewicz	28a4a963fc	Corrections to the docs wording and changes to aux scripts Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-15 00:18:32 +02:00
Gilles Peskine	cadd3d860e	Give examples of PLATFORM_XXX_ALT Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-15 00:14:28 +02:00
Gilles Peskine	bf26bef157	Discuss the durability of PSA drivers vs ALT when introducing them Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-15 00:14:28 +02:00
Gilles Peskine	a71db94c66	Document that contexts must be movable Fix #4451. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-15 00:14:28 +02:00
Gilles Peskine	f35c42bdb9	Document the remaining constraints on ALT context types Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-15 00:14:28 +02:00
Gilles Peskine	6a2fb61896	Rename library/ecp_alt.h to ecp_internal_alt.h library/ecp_alt.h (declaring individual functions of the ECP module that can be substituted, included when building the library with MBEDTLS_ECP_INTERNAL_ALT enabled) clashes with ecp_alt.h (not provided, declaring types of the ECP module when the whole implementation is substituted, included when building the library with MBEDTLS_ECP_ALT enabled). Depending on the search path during build, this can make MBEDTLS_ECP_ALT unusable. Rename library/ecp_alt.h to follow the naming convention of other alt headers: MBEDTLS_XXX_ALT corresponds to xxx_alt.h. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-15 00:10:37 +02:00
Gilles Peskine	b9ccb25f33	Starter-class documentation of alternative implementations Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-15 00:10:37 +02:00

... 3 4 5 6 7 ...

741 commits