yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
24286 commits 1 branch 0 tags 94 MiB
Commit graph

215 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
5c8c9e068e Minor improvements 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-29 10:33:03 +02:00
Manuel Pégourié-Gonnard
b38c9c888f Fix a typo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
03cb87ea3c Update psa-limitations.md 
For recent work and latest plans.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
52f7edb6ad Update psa-migration/strategy.md 
- Update for the new hashes strategy, in part by adding references to
md-cipher-dispatch.md
- General update about the status of things since the last update

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
c9e0ad23c1 Update design document 
- Support for PSA_CRYPTO_CLIENT without PSA_CRYPTO_C is out of scope for
now but might be added later (the architecture supports that).
- While we're using a void pointer for md_ctx, we don't need a union
here; the union will be useful only if & when we remove the indirection.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
6778ddf657
Merge pull request #6549 from gilles-peskine-arm/psa-migration-md-cipher-strategy 
Dual-API hash dispatch strategy
 2023-02-15 12:50:13 +01:00
Gilles Peskine
91af0f9c0e Minor clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-10 14:31:36 +01:00
Gilles Peskine
ff674d4c6f Typos 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-10 14:31:17 +01:00
Gilles Peskine
199ee456b1 Summarize how to improve MBEDTLS_PSA_CRYPTO_CLIENT 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 12:35:19 +01:00
Gilles Peskine
58e935fc6b add a missing 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 12:07:12 +01:00
Gilles Peskine
fad34a4f10 Support all legacy algorithms in PSA 
This is not strictly mandatory, but it helps.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-07 20:37:56 +01:00
Manuel Pégourié-Gonnard
5a2e02635a Improve a few comments & documentation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-01-23 12:51:52 +01:00
Manuel Pégourié-Gonnard
6bbeba6a44 Add ssl-opt.sh support to outcome-analysis.sh 
But make it optional as it makes things much slower.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
222bc85c6c Update outcome analysis script & documentation 
Now that the script only makes before-after comparison, it no longer
makes sense to ignore some test suites.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-01-05 12:55:08 +01:00
Gilles Peskine
3e30e1fb19 We haven't actually made hash accelerators initless in 3.3 
It seems that it won't be necessary anyway.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-13 20:34:17 +01:00
Gilles Peskine
14239c6e2e Switching to PSA can break things with MBEDTLS_PSA_CRYPTO_CLIENT 
It's a rare scenario, but it's currently possible: if you use
mbedtls_cipher_xxx() to encrypt the communication between the application
and the crypto service, changing those functions to call PSA will break your
system.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-13 20:32:48 +01:00
Gilles Peskine
22db9916fe The PSA cipher/AEAD API requires an initialized keystore 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-13 20:32:29 +01:00
Gilles Peskine
143ebcc1d6 PKCS#1v1.5 sign/verify uses hash metadata 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-13 20:30:10 +01:00
Gilles Peskine
cb93ac91bb Note that we can tweak the meaning of MBEDTLS_PSA_CRYPTO_CONFIG too 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-13 20:29:43 +01:00
Gilles Peskine
d167f16d55 Wording clarifications and typo fixes 
No intended meaning change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-13 20:29:15 +01:00
Manuel Pégourié-Gonnard
55a188b420 Clarify the "restart vs use PSA" situation in TLS 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-09 10:09:33 +01:00
Gilles Peskine
4eefade8bf Sketch some optimizations relevant to MD light 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-25 23:05:14 +01:00
Gilles Peskine
f634fe10e7 Sketch the work to migrate to MD light 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-25 23:04:51 +01:00
Gilles Peskine
188e900a6d Specify MD light based on the interface requirements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-25 23:04:16 +01:00
Gilles Peskine
382b34ca84 Work out the hash interface requirements 
Finish working out the RSA-PSS example in terms of what it implies about the
interface. The key takeaway is that a mixed-domain module must support
algorithms if they are available through either interface, and that's all
there is to it. The details of how dispatch is done don't matter, what
matters is only the availability, and it's just the disjunction of
availabilities.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-25 22:57:18 +01:00
Ronald Cron
4a8c9e2cff tls13: Add definition of mbedtls_ssl_{write,read}_early_data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-23 14:29:37 +01:00
Manuel Pégourié-Gonnard
ba7c006222
Merge pull request #6466 from mprse/driver-only-hash-ci 
Driver-only hashes: test coverage in the CI
 2022-11-18 09:31:13 +01:00
Przemek Stekiel
93986645d8 Remove reference vs drivers test from outcome-analysis.sh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-09 15:06:44 +01:00
Gilles Peskine
c82050efdb Starting to work out the RSA-PSS example 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-08 19:17:58 +01:00
Gilles Peskine
d47ba71676 New strategy: start the analysis 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-07 22:28:26 +01:00
Ronald Cron
93dcb1ba8d Update TLS 1.3 support document 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-25 20:02:09 +02:00
Ronald Cron
10bf956334 tls13: Fix documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
9810b6d0b7 Fix kex config options documentation in tls13-support.md 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
d8d2ea5674 Add TLS 1.3 key exchange mode config options 
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.

These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:41:57 +02:00
Manuel Pégourié-Gonnard
0dc40773d6 Improve comments & messages 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-19 12:12:21 +02:00
Manuel Pégourié-Gonnard
d92fb01419 Skip bits not needed in outcome-analysis.sh 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-18 12:10:45 +02:00
Manuel Pégourié-Gonnard
b51051f1c7 Cosmetic improvement 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-18 12:10:45 +02:00
Manuel Pégourié-Gonnard
f6e6df9dbf Add option for before-after or just ref-drivers 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-18 12:10:45 +02:00
Manuel Pégourié-Gonnard
2bb2f15772 Improve driver-only outcome-analysis script 
Instead of having a list of test suites of interest, have a list of
suites to ignore and look at all the others.

In order for this to only yield interesting results, we need to tune the
reference configuration a bit, in order to exclude STREAM and ECB to
more closely match the driver-based configuration.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-18 12:10:45 +02:00
Dave Rodgman
b319684bca Additional updates to docs links 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-12 16:47:08 +01:00
Manuel Pégourié-Gonnard
138387fc8c Fix some typos, improve wording & formatting 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
d18c24b166 EC J-PAKE is now implemented in PSA 
Quite unrelated to the other commits in this branch, but I happened to
spot it, so I fixed it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
c42c7e660e Update documentation in legacy_or_psa.h 
- Some things that were indicated as in the near future are now done.
- Clarify when these macros are needed and when they're not.
- Prepare to make the header public.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-15 11:28:24 +02:00
Andrzej Kurek
11265d78bb Remove PKCS5 from the ref config in the migration script 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:06:54 -04:00
Andrzej Kurek
7bd12c5d5e Remove MD dependency from pkcs12 module 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-01 08:57:41 -04:00
Tom Cosgrove
0b86ac1957 Fix typographical errors in .md files found by cspell 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-07-29 13:44:01 +01:00
Manuel Pégourié-Gonnard
68429fc44d Fix a few more typos 
Update link while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-27 20:44:02 +02:00
Manuel Pégourié-Gonnard
fca4dc6ba6 Clarifications & improved documentation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-26 10:10:07 +02:00
Manuel Pégourié-Gonnard
fb2ed58064 Add notes on steps and testing 
Also add example/template script to check for coverage regressions.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-21 13:51:19 +02:00
Manuel Pégourié-Gonnard
c8c352c322 Update strategy document to reflect new macros 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-21 13:35:08 +02:00