Gilles Peskine
0ca2a1f51b
Merge pull request #7646 from gilles-peskine-arm/psa-driver-transaction-testing-spec
...
Storage resilience with stateful secure elements: design document
2023-06-29 18:25:52 +02:00
Gilles Peskine
34a201774e
More about whether to have the driver key id in the transaction list
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-13 21:11:43 +02:00
Gilles Peskine
009c06b973
Discuss the cost of a get_key_attributes entry point
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-13 21:11:43 +02:00
Gilles Peskine
4e5088476e
Finish test strategy
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-30 23:34:07 +02:00
Gilles Peskine
44bbf29597
Write up the transaction/recovery processess
...
Still missing: details of part of the testing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-24 20:35:49 +02:00
Gilles Peskine
76a852f8fb
Design document for storage resilience
...
Explore possibilities for implementing stateful secure elements with
storage. Choose one.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-24 09:37:30 +02:00
Gilles Peskine
63df4ec3ca
Merge pull request #7589 from daverodgman/pr4990
...
Replace references to Mbed Crypto (rebase)
2023-05-16 19:14:51 +02:00
Gilles Peskine
7e37aa85a2
Merge pull request #5904 from gilles-peskine-arm/psa-doc-implementing-new-mechanism
...
Check list for implementing a new mechanism in PSA crypto
2023-05-16 14:04:15 +02:00
Gilles Peskine
de4cbc54d3
Fix copypasta
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-16 12:04:57 +02:00
Fredrik Hesse
95bd5a5004
Minor adjustments after review.
...
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 15:01:59 +01:00
Fredrik Hesse
0ec8a90d48
Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
...
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 15:00:45 +01:00
Fredrik Hesse
cc207bc379
Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
...
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 14:59:01 +01:00
valerio
0b0486452c
improve syms.sh script for external dependencies analysis
...
It is now possible to analyze also modules and not only
x509 and tls libraries.
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-24 10:34:08 +02:00
Ronald Cron
4d31496294
Update TLS 1.3 documentation and add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
e6e6b75ad3
psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option
...
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:54 +02:00
Manuel Pégourié-Gonnard
5c8c9e068e
Minor improvements
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-29 10:33:03 +02:00
Manuel Pégourié-Gonnard
b38c9c888f
Fix a typo
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
03cb87ea3c
Update psa-limitations.md
...
For recent work and latest plans.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
52f7edb6ad
Update psa-migration/strategy.md
...
- Update for the new hashes strategy, in part by adding references to
md-cipher-dispatch.md
- General update about the status of things since the last update
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
c9e0ad23c1
Update design document
...
- Support for PSA_CRYPTO_CLIENT without PSA_CRYPTO_C is out of scope for
now but might be added later (the architecture supports that).
- While we're using a void pointer for md_ctx, we don't need a union
here; the union will be useful only if & when we remove the indirection.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
6778ddf657
Merge pull request #6549 from gilles-peskine-arm/psa-migration-md-cipher-strategy
...
Dual-API hash dispatch strategy
2023-02-15 12:50:13 +01:00
Gilles Peskine
91af0f9c0e
Minor clarifications
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-10 14:31:36 +01:00
Gilles Peskine
ff674d4c6f
Typos
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-10 14:31:17 +01:00
Gilles Peskine
199ee456b1
Summarize how to improve MBEDTLS_PSA_CRYPTO_CLIENT
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 12:35:19 +01:00
Gilles Peskine
58e935fc6b
add a missing
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 12:07:12 +01:00
Gilles Peskine
fad34a4f10
Support all legacy algorithms in PSA
...
This is not strictly mandatory, but it helps.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-07 20:37:56 +01:00
Manuel Pégourié-Gonnard
5a2e02635a
Improve a few comments & documentation
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:51:52 +01:00
Manuel Pégourié-Gonnard
6bbeba6a44
Add ssl-opt.sh support to outcome-analysis.sh
...
But make it optional as it makes things much slower.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
222bc85c6c
Update outcome analysis script & documentation
...
Now that the script only makes before-after comparison, it no longer
makes sense to ignore some test suites.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Gilles Peskine
3e30e1fb19
We haven't actually made hash accelerators initless in 3.3
...
It seems that it won't be necessary anyway.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:34:17 +01:00
Gilles Peskine
14239c6e2e
Switching to PSA can break things with MBEDTLS_PSA_CRYPTO_CLIENT
...
It's a rare scenario, but it's currently possible: if you use
mbedtls_cipher_xxx() to encrypt the communication between the application
and the crypto service, changing those functions to call PSA will break your
system.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:32:48 +01:00
Gilles Peskine
22db9916fe
The PSA cipher/AEAD API requires an initialized keystore
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:32:29 +01:00
Gilles Peskine
143ebcc1d6
PKCS#1v1.5 sign/verify uses hash metadata
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:30:10 +01:00
Gilles Peskine
cb93ac91bb
Note that we can tweak the meaning of MBEDTLS_PSA_CRYPTO_CONFIG too
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:29:43 +01:00
Gilles Peskine
d167f16d55
Wording clarifications and typo fixes
...
No intended meaning change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:29:15 +01:00
Manuel Pégourié-Gonnard
55a188b420
Clarify the "restart vs use PSA" situation in TLS
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Gilles Peskine
4eefade8bf
Sketch some optimizations relevant to MD light
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 23:05:14 +01:00
Gilles Peskine
f634fe10e7
Sketch the work to migrate to MD light
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 23:04:51 +01:00
Gilles Peskine
188e900a6d
Specify MD light based on the interface requirements
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 23:04:16 +01:00
Gilles Peskine
382b34ca84
Work out the hash interface requirements
...
Finish working out the RSA-PSS example in terms of what it implies about the
interface. The key takeaway is that a mixed-domain module must support
algorithms if they are available through either interface, and that's all
there is to it. The details of how dispatch is done don't matter, what
matters is only the availability, and it's just the disjunction of
availabilities.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 22:57:18 +01:00
Ronald Cron
4a8c9e2cff
tls13: Add definition of mbedtls_ssl_{write,read}_early_data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-23 14:29:37 +01:00
Manuel Pégourié-Gonnard
ba7c006222
Merge pull request #6466 from mprse/driver-only-hash-ci
...
Driver-only hashes: test coverage in the CI
2022-11-18 09:31:13 +01:00
Przemek Stekiel
93986645d8
Remove reference vs drivers test from outcome-analysis.sh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-09 15:06:44 +01:00
Gilles Peskine
c82050efdb
Starting to work out the RSA-PSS example
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-08 19:17:58 +01:00
Gilles Peskine
d47ba71676
New strategy: start the analysis
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-07 22:28:26 +01:00
Gilles Peskine
18e76e7eef
typo
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-26 14:43:13 +02:00
Ronald Cron
93dcb1ba8d
Update TLS 1.3 support document
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-25 20:02:09 +02:00
Ronald Cron
10bf956334
tls13: Fix documentation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
9810b6d0b7
Fix kex config options documentation in tls13-support.md
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
d8d2ea5674
Add TLS 1.3 key exchange mode config options
...
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.
These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:41:57 +02:00