Dave Rodgman
b491b2b051
Add SSL error code updates from #4724
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:49:30 +01:00
Dave Rodgman
7078973b7b
Improve wording
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
4a5d3c08c6
Fix typo
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
30dc603958
Reorder sections
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
d8a1017abf
add section headings
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
36bb5ff6e3
minor updates
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
d267ec361d
Add formatting codes to level 3 headings
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
a0e8db09ac
Change headings to level 3 to enable use of sections
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
949c21b336
Minor updates to migration guide
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
1cb2331495
Remove line that got into the wrong place
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
7b0c4dea59
Fix missing part of sentence
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
759c0109f2
Fix errors in migration guide
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
1aea40427f
Add a very short summary
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
e45e6401af
Re-order to put some more significant items at the top
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
8cccbe11df
Update the migration guide
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:33:59 +01:00
Dave Rodgman
dc1a3b2d70
Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0
...
Cleanup SSL error code space
2021-06-30 09:02:55 +01:00
Ronald Cron
8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0
...
Add output size parameter to signature functions
2021-06-29 09:43:17 +02:00
Bence Szépkúti
9cd7065307
No other headers are included by mbedtls_config.h
...
These have been moved to build_info.h. Update the documentation to
reflect this.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 14:29:42 +01:00
Hanno Becker
2fc9a652bc
Address review feedback
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
2e3ecda684
Adust migration guide for SSL error codes
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Bence Szépkúti
dbf5d2b1a7
Improve the instructions in the migration guide
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 10:37:41 +01:00
Bence Szépkúti
1b2a8836c4
Correct documentation references to Mbed TLS
...
Use the correct formatting of the product name in the documentation.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 10:37:19 +01:00
Bence Szépkúti
60c863411c
Remove references to MBEDTLS_USER_CONFIG_VERSION
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
36da4ccc51
Update changelog and migration guide
...
This reflect changes to the config version symbols.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
8d9132f43c
Fix typo
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
90b79ab342
Add migration guide and changelog
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
dba968f59b
Realign Markdown table
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:47 +01:00
Bence Szépkúti
bb0cfeb2d4
Rename config.h to mbedtls_config.h
...
This commit was generated using the following script:
# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:33 +01:00
Gilles Peskine
f00f152444
Add output size parameter to signature functions
...
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.
No change to RSA because for RSA, the output size is trivial to calculate.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-25 00:46:22 +02:00
Gilles Peskine
fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation
...
Require matching hashlen in RSA functions: implementation
2021-06-24 10:28:20 +02:00
Gilles Peskine
f06b92d724
Merge pull request #4567 from mstarzyk-mobica/gcm_ad
...
Enable multiple calls to mbedtls_gcm_update_ad
2021-06-23 19:36:23 +02:00
Gilles Peskine
e9bc857327
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export
...
Implement modified key export API for Mbed TLS 3.0
2021-06-22 18:52:37 +02:00
Gilles Peskine
9dbbc297a3
PK signature function: require exact hash length
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 18:39:41 +02:00
Dave Rodgman
5ec5003992
Document the return type change in the migration guide
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-22 13:49:09 +01:00
Manuel Pégourié-Gonnard
e7885e5441
RSA: Require hashlen to match md_alg when applicable
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-22 12:29:27 +02:00
Manuel Pégourié-Gonnard
3e7ddb2bb6
Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0
...
Update the default hash and curve selection for X.509 and TLS
2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard
508d3a5824
Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext
...
Remove truncated HMAC extension
2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA
...
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-22 09:27:41 +02:00
TRodziewicz
f41dc7cb35
Removal of RC4 certs and fixes to docs and tests
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-21 13:27:29 +02:00
Hanno Becker
7e6c178b6d
Make key export callback and context connection-specific
...
Fixes #2188
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Hanno Becker
d5c9cc7c90
Add migration guide for modified key export API
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard
9a32d45819
Merge pull request #4517 from hanno-arm/ticket_api_3_0
...
Implement 3.0-API for SSL session resumption
2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard
ae35830295
Merge pull request #4661 from mpg/make-blinding-mandatory
...
Make blinding mandatory
2021-06-18 18:32:13 +02:00
Dave Rodgman
8c8166a7f1
Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test
...
Move part of timing module out of the library
2021-06-18 16:35:58 +01:00
Thomas Daubney
ac84469dd1
Modifies Migration Guide entry
...
Commit makes corrections to Migration Guide
entry for this task.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-18 14:08:56 +01:00
Thomas Daubney
379227cc59
Modifies ChangeLog and Migration Guide
...
Entries in ChangeLog and Migration guide files
have been merged to cover both the removal of
MBEDTLS_SSL_TRUNCATED_HMAC and
MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-18 10:46:12 +01:00
Gilles Peskine
39957503c5
Remove secp256k1 from the default X.509 and TLS profiles
...
For TLS, secp256k1 is deprecated by RFC 8422 §5.1.1. For X.509,
secp256k1 is not deprecated, but it isn't used in practice, especially
in the context of TLS where there isn't much point in having an X.509
certificate which most peers do not support. So remove it from the
default profile. We can add it back later if there is demand.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 23:17:52 +02:00
Gilles Peskine
ec78bc47b5
Meld DEFAULT_ALLOW_SHA1_IN_CERTIFICATES removal migration guide
...
Meld the migration guide for the removal of
MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES into the migration guide for
the strengthening of TLS and X.509 defaults, which is more general. The
information in the SHA-1 section was largely already present in the
strengthening section. It is now less straightforward to figure out how to
enable SHA-1 in certificates, but that's a good thing, since no one should
still be doing this in 2021.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
6b1f64a150
Wording clarifications
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
b1940a76ad
In TLS, order curves by resource usage, not size
...
TLS used to prefer larger curves, under the idea that a larger curve has a
higher security strength and is therefore harder to attack. However, brute
force attacks are not a practical concern, so this was not particularly
meaningful. If a curve is considered secure enough to be allowed, then we
might as well use it.
So order curves by resource usage. The exact definition of what this means
is purposefully left open. It may include criteria such as performance and
memory usage. Risk of side channels could be a factor as well, although it
didn't affect the current choice.
The current list happens to exactly correspond to the numbers reported by
one run of the benchmark program for "full handshake/s" on my machine.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
3758fd6b79
Changelog entry and migration guide for hash and curve profile upgrades
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:14 +02:00
Thomas Daubney
50afb4378f
Adds Migration guide
...
Commit adds a migraiton guide entry that was
missing.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-17 09:23:41 +01:00
Manuel Pégourié-Gonnard
8707259318
Improve ChangeLog and migration guide entries
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard
e6e51aab55
Add ChangeLog and migration guide entries
...
Merge part of the RSA entries into this one, as I think it's easier for
users to have all similar changes in one place regardless of whether
they were introduce in the same PR or not.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Mateusz Starzyk
bd513bb53d
Enable multiple calls to mbedtls_gcm_update_ad.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-16 14:34:09 +02:00
TRodziewicz
15a7b73708
Documentation rewording
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 11:22:53 +02:00
TRodziewicz
8f91c721d3
Code review follow-up corrections
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:45 +02:00
TRodziewicz
7ff652ae53
Addition of ChangeLog and migration guide entry files.
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:39 +02:00
Gilles Peskine
17575dcb03
Merge pull request #4629 from TRodziewicz/rename_functions_whose_deprecated_variants_have_been_removd
...
Rename the _ret() functions
2021-06-15 20:32:07 +02:00
TRodziewicz
9c90226df1
Addition of the migration guide and change log files
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-15 15:49:20 +02:00
Manuel Pégourié-Gonnard
8cad2e22fc
Merge pull request #4595 from gilles-peskine-arm/alt-dummy-headers-3.0
...
Lighten and test constraints on context types in alternative implementations
2021-06-15 12:12:46 +02:00
TRodziewicz
28a4a963fc
Corrections to the docs wording and changes to aux scripts
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-15 00:18:32 +02:00
Gilles Peskine
cadd3d860e
Give examples of PLATFORM_XXX_ALT
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:14:28 +02:00
Gilles Peskine
bf26bef157
Discuss the durability of PSA drivers vs ALT when introducing them
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:14:28 +02:00
Gilles Peskine
a71db94c66
Document that contexts must be movable
...
Fix #4451 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:14:28 +02:00
Gilles Peskine
f35c42bdb9
Document the remaining constraints on ALT context types
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:14:28 +02:00
Gilles Peskine
6a2fb61896
Rename library/ecp_alt.h to ecp_internal_alt.h
...
library/ecp_alt.h (declaring individual functions of the ECP module that can
be substituted, included when building the library with
MBEDTLS_ECP_INTERNAL_ALT enabled) clashes with ecp_alt.h (not provided,
declaring types of the ECP module when the whole implementation is
substituted, included when building the library with MBEDTLS_ECP_ALT enabled).
Depending on the search path during build, this can make MBEDTLS_ECP_ALT
unusable.
Rename library/ecp_alt.h to follow the naming convention of other alt headers:
MBEDTLS_XXX_ALT corresponds to xxx_alt.h.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:10:37 +02:00
Gilles Peskine
b9ccb25f33
Starter-class documentation of alternative implementations
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:10:37 +02:00
TRodziewicz
3946f79cab
Correction according to code review (function and param. names change
...
and docs rewording)
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-14 13:46:21 +02:00
TRodziewicz
8b223b6509
Addition of the migration guide entry file.
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-14 11:56:33 +02:00
TRodziewicz
1fcd72e93c
change log and migr. guide fixes and _DEPRECATED_REMOVED removed
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-14 11:16:06 +02:00
Gilles Peskine
02b76b7d18
Merge pull request #4619 from TRodziewicz/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options
...
Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
2021-06-10 17:43:36 +02:00
TRodziewicz
2a5e5a2759
Correction to the migration guide entry wording
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-09 16:54:20 +02:00
TRodziewicz
0ea2576502
Correction to the migr. guide wording and removal of not needed option
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-09 13:31:42 +02:00
TRodziewicz
b8367380b1
Addition of the migration guide
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-09 13:31:42 +02:00
TRodziewicz
1e66642d68
Addition of change log and migration guide files.
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-09 11:25:28 +02:00
Ronald Cron
f8abfa8b1b
Improve migration guide
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-09 10:54:14 +02:00
Ronald Cron
6fe1bc3f24
Add change log and migration guide
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:19 +02:00
Manuel Pégourié-Gonnard
16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api
...
Remove MFL query API and add API for maximum plaintext size of incoming records
2021-06-08 11:07:27 +02:00
Hanno Becker
61f292ea0a
Fix migration guide for now-removed deprecated functions
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-08 07:50:55 +01:00
TRodziewicz
0730cd5d9e
Merge branch 'development' into Remove__CHECK_PARAMS_option
2021-06-07 15:41:49 +02:00
TRodziewicz
442fdc22ea
Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-07 13:52:23 +02:00
Manuel Pégourié-Gonnard
13a9776676
Editorial improvements
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-07 12:00:04 +02:00
Manuel Pégourié-Gonnard
3b5a7c198c
Update ChangeLog and migration guide
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-07 11:13:34 +02:00
Manuel Pégourié-Gonnard
84191eab06
Merge pull request #4315 from Kxuan/feat-pre-compute-tls
...
Static initialize comb table
2021-06-03 11:41:54 +02:00
kXuan
782c2b9f36
fix comment, ChangeLog & migration-guide for MBEDTLS_ECP_FIXED_POINT_OPTIM
...
Signed-off-by: kXuan <kxuanobj@gmail.com>
2021-06-03 15:47:40 +08:00
Manuel Pégourié-Gonnard
1b1327cc0d
Merge pull request #4581 from TRodziewicz/remove_supp_for_extensions_in_pre-v3_X.509_certs
...
Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option
2021-06-02 13:48:03 +02:00
Manuel Pégourié-Gonnard
df77624ab5
Merge pull request #4490 from TRodziewicz/Combine__SSL_<CID-TLS1_3>_PADDING_GRANULARITY_options
...
Combine _SSL_<CID-TLS1_3>_PADDING_GRANULARITY options
2021-06-02 13:47:48 +02:00
Manuel Pégourié-Gonnard
1b3b27cbb0
Merge pull request #4587 from TRodziewicz/remove_3DES_ciphersuites
...
Remove 3DES ciphersuites
2021-06-02 11:01:42 +02:00
Ronald Cron
3dafa9bda8
Merge pull request #4555 from ronald-cron-arm/m-ccm-api
...
Define CCM multi-part API
2021-06-02 09:56:43 +02:00
Gilles Peskine
fe3069b7f1
Merge pull request #4585 from mpg/cipher-aead-delayed
...
Clarify multi-part AEAD calling sequence in Cipher module
2021-06-01 12:04:19 +02:00
Manuel Pégourié-Gonnard
c01b87b820
Fix some typos
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-01 09:40:53 +02:00
Ronald Cron
f668bd18df
Add migration guide for developers of CCM alternative implementation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-01 09:07:46 +02:00
kXuan
22fc906d57
Add ChangeLog and migration guide for MBEDTLS_ECP_FIXED_POINT_OPTIM
...
Signed-off-by: kXuan <kxuanobj@gmail.com>
2021-06-01 14:01:59 +08:00
TRodziewicz
231649a020
Changing the migration guide entry wording.
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-31 13:12:16 +02:00
TRodziewicz
4e57f4cdfd
Adding removed defines to check_config.h and fixing the migration guide entry.
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-31 12:58:25 +02:00
Manuel Pégourié-Gonnard
6d84e917bb
Merge pull request #4568 from creiter32/to_upstream/csr_critical_extensions
...
Expose flag for critical extensions
2021-05-31 12:46:59 +02:00
Manuel Pégourié-Gonnard
ee57ebe553
Add ChangeLog and migration guide entries
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-31 12:25:01 +02:00
TRodziewicz
3670e387dc
Remove 3DES ciphersuites
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-31 12:11:53 +02:00
Ronald Cron
ea62d2f391
Merge pull request #4369 from hanno-arm/relax_psk_config
...
Implement relaxed semantics for static PSK configuration in Mbed TLS 3.0
2021-05-31 10:03:56 +02:00
TRodziewicz
dee975af7d
Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option
...
Remove define
Add ChangeLog file and migration guide entry
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-28 15:27:01 +02:00
Hanno Becker
2bec09c113
Fix typo in migration guide
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-28 09:54:31 +01:00
Hanno Becker
196739b478
Change wording in documentation of PSK configuration
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-28 05:33:14 +01:00
TRodziewicz
062f353804
Changes after code review
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:34:14 +02:00
TRodziewicz
caf2ae04b8
ChangeLog and migration guide added.
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:33:51 +02:00
Christoph Reiter
95273f4b07
Expose flag for critical extensions
...
Enables creating X.509 CSRs with critical extensions.
Signed-off-by: Christoph Reiter <christoph.reiter@infineon.com>
2021-05-27 14:27:43 +02:00
TRodziewicz
0a02fbb783
Addition of the migration guide entry.
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-26 15:57:50 +02:00
TRodziewicz
a86c312d92
Addition of the migration guide entry.
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-26 15:29:36 +02:00
Gilles Peskine
b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2
...
Remove rsa mode params part 2
2021-05-25 20:36:33 +02:00
Thomas Daubney
6f966112c7
Corrections to ChangeLog and Migration guide
...
Corrections to address wording of ChangeLog
and Migration guide.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-25 15:00:19 +01:00
Thomas Daubney
3ca92b182c
Re-wording of Migration guide entry
...
Commit re-words the migration guide
entry as requested in review.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-24 14:11:39 +01:00
TRodziewicz
4ca18aae38
Corrections after the code review
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 13:38:00 +02:00
TRodziewicz
d807060e0a
Addition of migration guide and corrections to the ChangeLog file
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:50:51 +02:00
Thomas Daubney
2fbbe1d2fe
Corrections to ChangeLog and Migration guide
...
This commit fixes typos and re-words
the migration guide. It also adds
the issue number to the ChangeLog.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-24 10:53:57 +01:00
Hanno Becker
3bbf4c058f
Fix typo in migration guide for ticket API change
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-23 06:20:23 +01:00
Hanno Becker
b2efc4d464
Add migration guide
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-23 06:03:55 +01:00
Thomas Daubney
62b0d1dbc8
Adds ChangeLog and Migration guide entry
...
Commit adds relevant entry to the
ChangeLog and to the
Migration guide.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-21 17:05:12 +01:00
Janos Follath
7fc487c4d6
Merge pull request #4347 from hanno-arm/ssl_session_cache_3_0
...
Add session ID as an explicit parameter to SSL session cache API
2021-05-21 09:28:55 +01:00
Ronald Cron
ca72287583
Merge pull request #4304 from mstarzyk-mobica/convert_NO_SHA384_to_positive
...
Modify config option for SHA384.
2021-05-21 08:04:33 +02:00
Ronald Cron
49fef37ebf
Merge pull request #4342 from gilles-peskine-arm/gcm-update-any-length
...
GCM: allow arbitrary lengths for update
Only the ABI-API-checking job failed and this is expected thus good to go.
2021-05-20 15:08:55 +02:00
Mateusz Starzyk
17011a3185
Merge branch 'development' into convert_NO_SHA384_to_positive
...
Conflicts:
library/version_features.c
programs/test/query_config.c
Files were removed in development branch and modified by current branch.
Conflicts fixes by removing them.
2021-05-20 14:18:12 +02:00
Mateusz Starzyk
3489cc1433
Improve migration guide for SHA384 option
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-20 13:52:48 +02:00
Gilles Peskine
15c7b40ab7
Reorder the text to say who is affected first
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 12:11:19 +02:00
Gilles Peskine
7f312c811b
Add migration guides for GCM
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 11:51:46 +02:00
Manuel Pégourié-Gonnard
729fa5be88
Merge pull request #4450 from mstarzyk-mobica/remove_null_entropy
...
Remove MBEDTLS_TEST_NULL_ENTROPY config option.
2021-05-20 09:19:55 +02:00
Mateusz Starzyk
2396b21f80
Provide more in-depth migration guide after removal of null entropy.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-19 16:35:51 +02:00
Manuel Pégourié-Gonnard
2213871654
Merge pull request #4489 from TRodziewicz/Remove__SSL_RECORD_CHECKING
...
Remove ssl record checking
2021-05-19 13:57:51 +02:00
Mateusz Starzyk
44085de5f7
Add migration guide for SHA384 and SHA224 options.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-19 13:22:53 +02:00
Ronald Cron
0e3ec27598
Merge pull request #4506 from gilles-peskine-arm/array-parameters-to-pointers-sha512
...
Change sha256 and sha512 output type from an array to a pointer
2021-05-19 12:37:17 +02:00
Mateusz Starzyk
ef80a9c5e0
Add migration guide for removed null entropy config option
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-18 16:25:01 +02:00
Hanno Becker
9039303cf5
Add migration guide
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-18 05:27:18 +01:00
Ronald Cron
fdcde47f36
Merge pull request #4458 from davidhorstmann-arm/remove-max-content-len
...
Remove MBEDTLS_SSL_MAX_CONTENT_LEN option
2021-05-17 16:36:04 +02:00
TRodziewicz
e13a23b439
New line added at the end of the migration guide entry
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-17 11:16:52 +02:00
Manuel Pégourié-Gonnard
5605911fd3
Merge pull request #4447 from hanno-arm/ssl_config_cleanup
...
Avoid and remove some SSL error codes for Mbed TLS 3.0
2021-05-17 10:55:17 +02:00
TRodziewicz
57d7ab72fb
Correction to migration guide entry wording
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-17 10:43:41 +02:00
Hanno Becker
67e49a627d
Add migration guide
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 20:13:54 +01:00
Hanno Becker
8e184e2deb
Add migration guide
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 17:10:27 +01:00
Hanno Becker
699d4d7df7
Add migration guide for new SSL ticket API
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 16:36:44 +01:00
Hanno Becker
548b136e8f
Add migration guide for removal of mbedtls_ssl_get_session_pointer()
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 16:36:44 +01:00
TRodziewicz
1cf33bf94d
Corrections o the migration guide
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-14 14:35:26 +02:00
TRodziewicz
95f8f22c27
Migration guide added and ChangeLog clarified
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-14 14:07:51 +02:00
Gilles Peskine
d7b3d92476
Change sha256 output type from an array to a pointer
...
The output parameter of mbedtls_sha256_finish_ret and mbedtls_sha256_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-224 hash into a
28-byte buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-13 00:46:29 +02:00
Gilles Peskine
e02e02f203
Change sha512 output type from an array to a pointer
...
The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-384 hash into a
48-byte buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-13 00:32:45 +02:00
Gilles Peskine
5d1f747d85
Merge pull request #4377 from mpg/psa-pbkdf2-api
...
PSA API for PBKDF2-HMAC
2021-05-12 18:00:30 +02:00
David Horstmann
95d516f319
Remove MBEDTLS_SSL_MAX_CONTENT_LEN option
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-05-10 17:02:48 +01:00
Manuel Pégourié-Gonnard
f9a68ad62a
Fix typos
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-07 12:11:38 +02:00
Manuel Pégourié-Gonnard
dd57b2f240
Merge pull request #4445 from TRodziewicz/remove_deprecated_things_-_remainder
...
Remove deprecated functions and constants.
2021-05-07 10:05:30 +02:00
TRodziewicz
d9d035a5b5
Corrections of the migration guide from the code review.
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-06 11:53:06 +02:00
TRodziewicz
c1c479fbe9
Fllow-up of the review: ChangeLog expansion, mmigration guides added and comments fixed
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-06 00:53:22 +02:00
Gilles Peskine
275b9b2ef4
Merge pull request #4402 from mpg/migration-guide-3.0
...
Migration guide for 3.0
2021-05-05 14:30:39 +02:00
Manuel Pégourié-Gonnard
143b1e387b
Fix a number of typos
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
2021-05-05 09:47:47 +02:00
Ronald Cron
d5d04962ef
Add change log and migration guide
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-04 15:59:10 +02:00
Manuel Pégourié-Gonnard
438ac27059
Quit using title case for entry titles
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 13:06:34 +02:00
Manuel Pégourié-Gonnard
72f762b1da
Clarify 3.0-migration-guide.d/00README
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 11:36:40 +02:00
Manuel Pégourié-Gonnard
e756306dd6
Move some details from ChangeLog to migration guide
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 11:36:33 +02:00
Manuel Pégourié-Gonnard
57e93e5296
Clarify a sentence
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard
f5acfbac99
Improve description of migration guide entries
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard
2960b2e88c
Fix a few typos
...
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard
b2a1043a4c
Add a directory for 3.0 migration guide entries
...
Similarly to ChangeLog.d, we want to avoid endless merge conflicts.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard
89d4ab0999
Add a "3.0 migration guide document"
...
For now the entries are in no particular order. Before the release we
should have a final pass over this document and order them from most
impactful to least impactful. We might even create sections, a table of
contents, etc.
In the meantime, each PR should add an entry about it changes.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard
421390f52f
Fix driver interface for key derivation
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-30 12:38:12 +02:00
Dave Rodgman
12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs
...
Merge development_3.0 into development
2021-04-26 19:48:16 +01:00
Ronald Cron
b5939e814e
Merge pull request #4160 from stevew817/feature/driver_builtin_keys
...
Add implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
Merging as it has been ready for four days now and I prefer not having to go through other rebases especially given the coming change of scope of development (3.0 rather than 2.2x).
2021-04-23 09:40:31 +02:00
Manuel Pégourié-Gonnard
351a2576f5
PSA PBKDF2: extend key derivation driver interface
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 13:11:17 +02:00
Tobias Nießen
835beffcf4
Fix typo in architecture docs
...
Signed-off-by: Tobias Nießen <tniessen@tnie.de>
2021-04-19 23:56:25 +02:00
Manuel Pégourié-Gonnard
16529bd439
Merge pull request #4344 from TRodziewicz/remove_deprecated_things_in_crypto_compat_h
...
Remove deprecated things from crypto_compat.h and dependent tests.
2021-04-19 10:55:21 +02:00
Steven Cooreman
31e27af0cc
Reword the builtin key language on persistency declaration
...
Specifically allow the driver to override the persistency level of a
builtin key in cases where the driver is persistency-aware.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-16 11:25:18 +02:00
TRodziewicz
2a1a67300d
Remove deprecated things from crypto_compat.h and dependent tests.
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-13 23:12:42 +02:00
Dave Rodgman
73e3e2cb1a
Merge remote-tracking branch 'origin/development' into development_new
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Conflicts:
include/mbedtls/check_config.h: nearby edits
library/entropy.c: nearby edits
programs/random/gen_random_havege.c: modification vs. removal
programs/ssl/ssl_test_lib.h: nearby edits
programs/test/cpp_dummy_build.cpp: nearby edits
visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
regenerated with scripts/generate_visualc_files.pl
2021-04-07 16:31:09 +01:00
Chris Jones
6f554e388e
Remove reference to include/mbedtls/*_internal.h files
...
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-01 09:52:37 +01:00
Hanno Becker
7594c68049
Document status of MPS upstreaming
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Gilles Peskine
2c5d9e6a32
No configuration symbols for FFDH
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-09 21:40:41 +01:00
Gilles Peskine
7df7d1eb57
ECC: add rationale
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-09 21:40:29 +01:00
Gilles Peskine
c74712f12d
Fix an example that didn't follow the given pattern
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-09 21:40:02 +01:00
Gilles Peskine
59c6347810
Remove the time stamp
...
Time stamps are useful when the document gets shared around, but they
tend to lead to merge conflicts.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-09 21:39:13 +01:00
Ronald Cron
d9763466b7
Expand and improve psa-crypto-implementation-structure.md
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:49:14 +01:00
Ronald Cron
31520b4b1c
Fix psa-crypto-implementation-structure.md
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:38:50 +01:00
Ronald Cron
0dbbf1e27f
psa: Add architecture document
...
Add architecture document explaining how this
PR aim to restructure the PSA implementation (only
part of it) and why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
ac80be111b
Merge pull request #3878 from gilles-peskine-arm/psa-builtin-keys-via-slot-number-spec
...
New entry point get_builtin_key for opaque drivers (PSA spec)
2021-01-29 10:43:15 +01:00
Ronald Cron
318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames
...
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
2021-01-29 09:31:59 +01:00
Ronald Cron
a120146afe
Merge pull request #3962 from gilles-peskine-arm/psa-storage-format-test-strategy
...
Keystore format stability test strategy
2021-01-25 16:44:23 +01:00
Gilles Peskine
055be83413
Fix typo
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-25 11:36:24 +01:00
gabor-mezei-arm
cbcec21684
Rename output buffer size macros
...
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 13:17:25 +01:00
Gilles Peskine
84ae1eefb4
Minor clarification
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-20 20:20:10 +01:00
Gilles Peskine
3d67365ef7
Add a key_buffer_length output to "get_builtin_key"
...
While builtin keys will often have a fixed-size context, this is not
necessarily the case, so the "get_builtin_key" entry point needs to
return the size of the actual key context.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-20 20:19:14 +01:00
Gilles Peskine
ff457506d3
Remind the reader of what is done about old formats
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-19 14:25:20 +01:00
Gilles Peskine
697ee190b5
Add a section about non-default lifetimes
...
Alternative locations should be covered. We don't yet support
alternative persistence levels.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-18 23:38:21 +01:00
Gilles Peskine
528144f523
Clarify the methods of key storage testing
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-18 23:36:18 +01:00
Gilles Peskine
cf62f10d3f
Clarify interoperability non-requirement
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 11:49:18 +01:00
Gilles Peskine
739e08a68d
Keystore format stability test strategy
...
Initial revision.
Save-compare-load approach: the test case data contains attributes of
the object under test and the expected file content. Create the
object, save it, check that the file has the expected content, load
the file and check that the new object has the expected attributes.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-14 18:51:47 +01:00
Ronald Cron
8f05aeb2e3
Merge pull request #3882 from gilles-peskine-arm/psa-random-driver-spec
...
PSA: Specification for random generation and entropy drivers
2020-12-11 14:07:35 +01:00
Gilles Peskine
348eeebb24
Clarify the intent of the KEEPALIVE flag
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-11 10:52:36 +01:00
Manuel Pégourié-Gonnard
a27a4e2f18
Merge pull request #3929 from gilles-peskine-arm/psa-driver-remove-old-accel
...
Remove old proposed accelerator interfaces
2020-12-10 11:31:47 +01:00
Gilles Peskine
24cebf6671
Add a section for transparent drivers
...
No strategy yet, just state some basic requirements.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-08 15:19:04 +01:00
Gilles Peskine
f0e2853d46
Minimal update to mention unified-interface opaque drivers
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-08 15:19:04 +01:00
Gilles Peskine
ae7772d0f3
Clarifications around reseed_entropy_size
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:39 +01:00
Gilles Peskine
43100e3fcb
Add section on combining get_entropy with add_entropy
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:29 +01:00
Gilles Peskine
32e584c38a
Copyediting and minor clarifications
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:29 +01:00
Gilles Peskine
3ff79066b1
Note an interrogation about integer value representation
...
Especially 0 values may need special treatment since they can't be
used as an array size.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:29 +01:00
Gilles Peskine
6a530e8d26
Random driver: make initial_entropy_size mandatory
...
If a random driver has a built-in entropy source and doesn't need an
external entropy source, make the driver author declare this
explicitly, rather than it being a less secure default.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:22 +01:00
Gilles Peskine
ee914f34fa
Minor clarifications
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:14 +01:00
Gilles Peskine
609394c1cf
Open question: can there be multiple RNG instances?
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:06 +01:00
Gilles Peskine
8d5092c11f
get_random: no output on error
...
The get_random entry point was allowed to return partial data on both
PSA_SUCCESS and PSA_ERROR_INSUFFICIENT_ENTROPY, but there was no
meaningful difference between the two. Keep it simple: PSA_SUCCESS is
success but can be partial, and PSA_ERROR_INSUFFICIENT_ENTROPY is an
error with no output.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:56 +01:00
Gilles Peskine
1ef6ad48d1
Note that I'm not completly sure about the get_entropy flags
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:45 +01:00
Gilles Peskine
3eb65fbba6
Open question: should add_entropy take an estimated_entropy_bits parameter?
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:45 +01:00
Gilles Peskine
b89b4b9025
get_entropy: recommendations on conditioning and entropy estimates
...
Explicitly recommend that the driver accounts for environmental
conditions that can affect the amount of entropy.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:36 +01:00
Gilles Peskine
05ab2646a3
get_entropy: recommendations on the output_size
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:36 +01:00
Gilles Peskine
a14326f054
Make add_entropy optional
...
A random generation driver does not need to support entropy injection.
This will limit it to platforms where the RNG peripheral is the sole
entropy source and without an RNG seed saved into persistent storage.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:27 +01:00
Gilles Peskine
390c5a2c6f
It is not meaningful for reseed_entropy_size to be 0
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:19 +01:00
Gilles Peskine
0e3b7ced4c
Don't require a call to add_entropy when 0 bytes are needed
...
If an RNG peripheral includes an entropy source, it would presumably
declare "initial_entropy_size" and "reseed_entropy_size" to be 0. In
this case, don't require the core to call "add_entropy".
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:10 +01:00
Gilles Peskine
5263e1ecdd
Transparent drivers can have get_entropy as well
...
The `get_entropy` entry point can be provided by multiple transparent
drivers, and the core will call all of them. But apart from that,
`get_entropy` doesn't involve an opaque key or a location, so it can
be in a transparent driver.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:46:58 +01:00
Gilles Peskine
e80978a260
Specification for random generation and entropy drivers
...
Transparent drivers may provide a DRBG interface through "add_entropy"
and "get_random" entry points. This interface may also be used with a
non-deterministic generator, for chips that include a TRNG.
Opaque driver may provide a "get_entropy" entry point.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:46:42 +01:00
Gilles Peskine
1fc4c8d11b
Let get_builtin_key be called to retrieve the key's attributes
...
Allow the core to call the "get_builtin_key" entry point to retrieve
the attributes of a built-in key. This is useful to implement
psa_get_key_attributes(), and also when the key data buffer's size
depends on the key type and size.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:41:50 +01:00
Gilles Peskine
a6454d2820
Minor clarifications
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 17:01:52 +01:00
Gilles Peskine
48d71f2aa4
New entry point get_builtin_key for opaque drivers
...
Allow opaque drivers to expose keys that were not created through the
PSA API.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 17:01:37 +01:00
Gilles Peskine
51977355dc
Remove the time stamp
...
Having a time stamp identifying each revision of the document is
useful, but it's also a pain because it creates a conflict whenever
there are multiple pending changes at the same time. The gain isn't
worth the pain, so I'm removing the time stamp.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 17:01:17 +01:00
Gilles Peskine
db6b03b4f2
Remove old-style accelerator and entropy driver interfaces
...
The driver interfaces described in crypto_accel_driver.h and
crypto_entropy_driver.h are no longer being worked on. We do not
intend to finish the design of these interfaces or to implement them
in Mbed TLS. They have been superseded by the unified driver
interface (docs/proposed/psa-driver-interface.md), which is being
actively worked on both to finalize the specification and to implement
it in Mbed TLS.
The partially implemented dynamic secure element interface is staying
for now.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-30 17:37:14 +01:00
Gilles Peskine
e533ff7bb7
Merge pull request #3695 from gilles-peskine-arm/psa-unified-driver-specs-20200918
...
PSA unified driver specification: key validation and transparent key import
2020-11-30 15:54:45 +01:00
Gilles Peskine
f0a9721c18
Use GitHub-compatible table formatting
...
Also fix a stray `.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-26 10:31:32 +01:00
Gilles Peskine
4228671d0f
Copyediting
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-24 13:11:31 +01:00
Gilles Peskine
99e52f6313
Clarifications around key import
...
Rework the section describing key import, in particular to clarify key
size determination and checking. There is no intended semantic change.
Note an open question around support for implementation-specific
import formats.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-24 13:11:31 +01:00
Gilles Peskine
28b3a946e9
Fix copypasta
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-24 13:08:30 +01:00
Gilles Peskine
662deb38d6
Merge pull request #3547 from ronald-cron-arm/psa-openless
...
Openless PSA crypto APIs implementation
2020-11-20 18:48:33 +01:00
Gilles Peskine
406a5da4ab
Merge pull request #3697 from gilles-peskine-arm/psa-conditional-inclusion-c-project
...
PSA C configuration: more concrete information
2020-11-19 13:28:10 +01:00
Gilles Peskine
43818f8614
Copyediting
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-19 11:24:11 +01:00
Gilles Peskine
d8c27ccab0
Fix copypasta; minor wording improvements
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 21:44:23 +01:00
Gilles Peskine
bb483f6af8
Improve explanations around config_psa.h
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 14:35:12 +01:00
Gilles Peskine
198024cd02
Note that application code needs PSA_WANT_xxx too
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 12:04:40 +01:00
Gilles Peskine
1b1f3fb96d
Minor clarifications
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 12:02:01 +01:00
Gilles Peskine
9e069070de
Fix typos
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 10:26:01 +01:00
Gilles Peskine
993c249242
Add a section explaining the uses of PSA_WANT_xxx
...
PSA_WANT_xxx is useful regardless of how the symbols are defined:
explicitly (with MBEDTLS_PSA_CRYPTO_CONFIG) or implicitly (without
MBEDTLS_PSA_CRYPTO_CONFIG).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-13 22:45:13 +01:00
Gilles Peskine
b2679984d9
Note that crypto_sizes.h needs config_psa.h as well
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-13 22:37:19 +01:00
Ronald Cron
cf56a0a320
psa: Move from key handle to key identifier
...
Move all the PSA crypto APIs using key handles
to use key identifiers but psa_key_open() and
psa_key_close(). This is done without modifying
any test as key handles and key identifiers are
now the same.
Update the library modules using PSA crypto APIs
to get rid of key handles.
Programs and unit tests are updated to not use
key handles in subsequent commits, not in this
one.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Gilles Peskine
7b5e6b9dcc
Typos and clarifications
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-04 18:30:01 +01:00
Gilles Peskine
ce3ec6ffd6
Unify the sections on key creation
...
Now that transparent drivers have an "import_key" entry point, the key
creation interfaces for transparent drivers and opaque drivers are
very similar. Unify the sections that describe their behavior,
including key validation and key size determination.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-27 18:31:50 +01:00
Gilles Peskine
12760595e7
Replace validate_key by import_key
...
When importing a transparent key, the key needs to be not only
validated, but also possibly converted, if it is not already in the
canonical representation. So change the validate_key entry point to an
import_key entry point.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-26 18:07:01 +01:00
Torstein Nesse
d9246559ca
Update changelog entry, format specification, and correct test vectors
...
Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
2020-10-21 11:17:09 +02:00
Gilles Peskine
48584b589f
Editorial fixes
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-13 19:07:02 +02:00
Gilles Peskine
e4cbb2bb73
Minor clarifications
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-12 23:39:18 +02:00
Gilles Peskine
55687646c8
PSA_WANT_xxx needs to be defined in the old-style config mechanism
...
Without MBEDTLS_PSA_CRYPTO_CONFIG, PSA_WANT_xxx needs to be defined,
for the sake of code that calls the PSA API (TLS code, tests, sample
apps).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-12 23:23:52 +02:00
Torstein Nesse
162a1104be
Changes PSA key storage format to include key bits
...
* Stores bits in psa_persistent_key_storage_format.
* psa_load_persistent_key_into_slot still imports plaintext keys which
ensures that the bits value gets set.
* Updates key specification to match new implementation.
* Expands persistent store and load tests with to check for bits
attribute.
* Removes bits storage from psa_se_key_data_storage_t.
Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
2020-10-07 10:54:24 +02:00
Gilles Peskine
233f91d5c1
Add bits output to validate_key and import_key
...
When importing a key, the code that parses the input needs to
determine the key size ("bits" attribute). This is specific to import
since other key creation methods require the caller to supply a size.
Therefore, add an extra output parameter `bits` to the "import_key"
entry point for opaque drivers. Likewise, add a `bits` output
parameter to the "validate_key" entry point for transparent drivers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-02 18:00:00 +02:00
Gilles Peskine
95434380e1
Detailed architecture of symbol definitions and header inclusion
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-21 20:08:51 +02:00
Gilles Peskine
a8fc171418
Add validate_key entry point
...
Validate transparent keys when they are imported.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-21 13:54:00 +02:00
Gilles Peskine
27e69b59a5
Fix prototypes of opaque key creation entry points
...
The output length parameter was missing.
Reported by Steven Cooreman.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-19 00:35:27 +02:00
Gilles Peskine
22270b5048
Fix copypasta punctuation in some function prototypes
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-19 00:35:07 +02:00
Gilles Peskine
5cb54f7b27
Merge pull request #3542 from gilles-peskine-arm/psa-unified-driver-specs-20200807
...
PSA unified driver specification: minor updates
2020-09-18 22:53:46 +02:00
Janos Follath
2a25904f45
Merge pull request #3568 from hanno-arm/tls13_experimental_key_schedule_1
...
TLS 1.3: Add HKDF-based key derivation functionality
2020-09-16 11:40:06 +01:00
Gilles Peskine
dc57c25e30
Merge pull request #3527 from ronald-cron-arm/key-extended-id
...
PSA key identifiers rework
2020-09-15 16:06:06 +02:00
Hanno Becker
b11c3097a5
Update state of TLS 1.3 functionality in architecture document
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:29 +01:00