mbedtls

Author	SHA1	Message	Date
Gilles Peskine	91af0f9c0e	Minor clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-10 14:31:36 +01:00
Gilles Peskine	ff674d4c6f	Typos Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-10 14:31:17 +01:00
Gilles Peskine	199ee456b1	Summarize how to improve MBEDTLS_PSA_CRYPTO_CLIENT Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-08 12:35:19 +01:00
Gilles Peskine	58e935fc6b	add a missing Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-08 12:07:12 +01:00
Gilles Peskine	fad34a4f10	Support all legacy algorithms in PSA This is not strictly mandatory, but it helps. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-07 20:37:56 +01:00
Gilles Peskine	3e30e1fb19	We haven't actually made hash accelerators initless in 3.3 It seems that it won't be necessary anyway. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-13 20:34:17 +01:00
Gilles Peskine	14239c6e2e	Switching to PSA can break things with MBEDTLS_PSA_CRYPTO_CLIENT It's a rare scenario, but it's currently possible: if you use mbedtls_cipher_xxx() to encrypt the communication between the application and the crypto service, changing those functions to call PSA will break your system. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-13 20:32:48 +01:00
Gilles Peskine	22db9916fe	The PSA cipher/AEAD API requires an initialized keystore Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-13 20:32:29 +01:00
Gilles Peskine	143ebcc1d6	PKCS#1v1.5 sign/verify uses hash metadata Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-13 20:30:10 +01:00
Gilles Peskine	cb93ac91bb	Note that we can tweak the meaning of MBEDTLS_PSA_CRYPTO_CONFIG too Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-13 20:29:43 +01:00
Gilles Peskine	d167f16d55	Wording clarifications and typo fixes No intended meaning change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-13 20:29:15 +01:00
Gilles Peskine	4eefade8bf	Sketch some optimizations relevant to MD light Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-25 23:05:14 +01:00
Gilles Peskine	f634fe10e7	Sketch the work to migrate to MD light Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-25 23:04:51 +01:00
Gilles Peskine	188e900a6d	Specify MD light based on the interface requirements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-25 23:04:16 +01:00
Gilles Peskine	382b34ca84	Work out the hash interface requirements Finish working out the RSA-PSS example in terms of what it implies about the interface. The key takeaway is that a mixed-domain module must support algorithms if they are available through either interface, and that's all there is to it. The details of how dispatch is done don't matter, what matters is only the availability, and it's just the disjunction of availabilities. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-25 22:57:18 +01:00
Gilles Peskine	c82050efdb	Starting to work out the RSA-PSS example Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-08 19:17:58 +01:00
Gilles Peskine	d47ba71676	New strategy: start the analysis Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-07 22:28:26 +01:00

17 commits