Commit graph

11 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
ab1d3084b7 Goal 1 tasks are now all reflected on github
Replace descriptions with links just to double-check nothing has been
forgotten.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
0950359220 Improve "abstraction layers" section
- fix inaccuracy about PSA hash implementation
- add note about context-less operations
- provide summary

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
a6c601c079 Explain compile-time incompatibilities
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
7497991356 Expand discussion of goals
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
e459be2ed1 Complete discussion of RSASSA-PSS
Update to latest draft of PSA Crypto 1.1.0: back to strict verification
by default, but ANY_SALT introduced.

Commands used to observe default values of saltlen:

    openssl genpkey -algorithm rsa-pss -out o.key
    openssl req -x509 -new -key o.key -subj "/CN=CA" -sha256 -out o.crt

    certtool --generate-privkey --key-type rsa-pss --outfile g.key
    certtool --generate-self-signed --load-privkey g.key --outfile g.crt

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
f5ee4b3da4 Add data about RSA-PSS test files
Data gathered with:

    for c in server9*.crt; do echo $c; openssl x509 -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in crl-rsa-pss-*; do echo $c; openssl crl -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in server9.req.*; do echo $c; openssl req -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done

Unfortunately there is no record of how these files have been generated.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b902164cf0 Add temporary list of tasks for G1 and G2
Work in progress, some tasks have very explicit definitions and details
on how to execute, others much less so; some may need splitting.

These documents are temporary anyway, to give a rough idea of the work
remaining to reach those goals (both of which we started, but only for
some use case so far). Ultimately the result will be actionable and
estimated tasks on github.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
d9edd56bf8 Document PSA limitations that could be problems
(WIP: the study of RSA-PSS is incomplete.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b89fd95146 Document the general strategy for PSA migration
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
1b52d09494 Document test strategy for USE_PSA_CRYPTO
Note: removed `mbedtls_x509write_crt_set_subject_key()` from the list of
things that should be tested, as it's taking public key rather than a
keypair.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
0d0a104b2d Add study for TLS/X.509 dependencies on crypto
This is an updated version of the study that was done a few years ago.

The script `syms` was used to list symbols form libmbedtls.a /
libmbedx509.a that are defined externally. It was run with config.py
full minus MBEDTLS_USE_PSA_CRYPTO minus
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:00 +01:00