Commit graph

686 commits

Author SHA1 Message Date
Gilles Peskine
0ca2a1f51b
Merge pull request #7646 from gilles-peskine-arm/psa-driver-transaction-testing-spec
Storage resilience with stateful secure elements: design document
2023-06-29 18:25:52 +02:00
Manuel Pégourié-Gonnard
417ce2c574 Rename _USE to _BASIC
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-16 10:36:44 +02:00
Manuel Pégourié-Gonnard
1cae90bf50 Update PSA_WANT spec for new KEY_PAIR scheme
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-14 12:19:13 +02:00
Gilles Peskine
34a201774e More about whether to have the driver key id in the transaction list
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-13 21:11:43 +02:00
Gilles Peskine
009c06b973 Discuss the cost of a get_key_attributes entry point
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-13 21:11:43 +02:00
Gilles Peskine
265ce7c1da
Merge pull request #5451 from gilles-peskine-arm/psa-driver-kdf-spec
PSA drivers: specification for key derivation
2023-06-06 11:37:28 +02:00
Gilles Peskine
f4ba0013e2 Clarify when key derivation entry points are mandatory/permitted
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-05 14:24:14 +02:00
Gilles Peskine
8dd1e623e1 Copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-05 14:14:41 +02:00
Gilles Peskine
7df8ba6a10 Rework the description of key derivation output/verify key
Some of the fallback mechanisms between the entry points were not described
corrrectly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-02 18:16:02 +02:00
Gilles Peskine
dcaf104eef Note that we may want to rename derive_key
... if we think of a better name

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-02 18:02:41 +02:00
Gilles Peskine
f96a18edc7 Probably resolve concern about the input size for derive_key
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-02 18:02:15 +02:00
Gilles Peskine
1414bc34b9 Minor copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-02 17:54:32 +02:00
Gilles Peskine
24f52296f1 Key agreement needs an attribute structure for our key
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:44:04 +02:00
Gilles Peskine
e52bff994c Note possible issue with derive_key: who should choose the input length?
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:43:29 +02:00
Gilles Peskine
b319ed69c4 State explicitly that cooked key derivation uses the export format
This is the case for all key creation in a secure element, but state it
explicitly where relevant.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:42:45 +02:00
Gilles Peskine
f787879a14 Clarify sequencing of long inputs
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:42:29 +02:00
Gilles Peskine
d2fe1d5498 Rationale on key derivation inputs and buffer ownership
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:42:17 +02:00
Gilles Peskine
4e94fead86 Key derivation dispatch doesn't depend on the key type
At least for all currently specified algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:40:56 +02:00
Gilles Peskine
66b96e2d87 Copyediting
Fix some typos and copypasta. Some very minor wording improvements.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-31 00:40:27 +02:00
Gilles Peskine
4e5088476e Finish test strategy
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-30 23:34:07 +02:00
Gilles Peskine
44bbf29597 Write up the transaction/recovery processess
Still missing: details of part of the testing

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-24 20:35:49 +02:00
Gilles Peskine
76a852f8fb Design document for storage resilience
Explore possibilities for implementing stateful secure elements with
storage. Choose one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-24 09:37:30 +02:00
Gilles Peskine
63df4ec3ca
Merge pull request #7589 from daverodgman/pr4990
Replace references to Mbed Crypto (rebase)
2023-05-16 19:14:51 +02:00
Gilles Peskine
7e37aa85a2
Merge pull request #5904 from gilles-peskine-arm/psa-doc-implementing-new-mechanism
Check list for implementing a new mechanism in PSA crypto
2023-05-16 14:04:15 +02:00
Gilles Peskine
de4cbc54d3 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-16 12:04:57 +02:00
Fredrik Hesse
95bd5a5004 Minor adjustments after review.
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 15:01:59 +01:00
Fredrik Hesse
0ec8a90d48 Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 15:00:45 +01:00
Fredrik Hesse
cc207bc379 Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 14:59:01 +01:00
Bence Szépkúti
e06d863267
Merge pull request #7538 from bensze01/in-tree-redirects
Add in-tree configuration file for Readthedocs redirects
2023-05-11 15:07:06 +02:00
Bence Szépkúti
09f8df86ac Reword the API token explanation in redirects.yaml
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2023-05-09 21:07:30 +02:00
Gilles Peskine
d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1
Fix the JPAKE driver interface for user+peer
2023-05-02 20:42:25 +02:00
Bence Szépkúti
7ce8fba3cb Add post-build step to update redirects
This allows us to maintain the list of redirects in-tree.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2023-05-02 20:16:12 +02:00
Bence Szépkúti
4f4c87b01e Add readthedocs-cli to requirements.in
This will allow us to manage our redirects in-tree.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2023-05-02 19:59:34 +02:00
Manuel Pégourié-Gonnard
8e076e4132
Merge pull request #6915 from aditya-deshpande-arm/example-driver-post-codestyle
Document (with examples) how to integrate a third-party driver with Mbed TLS
2023-05-02 12:13:42 +02:00
Aditya Deshpande
8225587fd7 Change from Mbed TLS 3.3.0 to 3.4.0 in driver documentation.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:55:02 +01:00
Aditya Deshpande
641cb8914d Minor changes to documentation and code comments for clarity
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:55:02 +01:00
Aditya Deshpande
bac592d53e Remove rand() from p256_generate_random() and move to an implementation based on mbedtls_ctr_drbg
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
f80b939096 Add information for driver points where auto-generation is implemented
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
755b174fec Add example for integrating a driver alongside Mbed TLS for entrypoints where auto-generation of driver wrappers is not implemented yet.
Using p256-m as the example driver/software accelerator.

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
abf4bf31cb Start the driver example write-up (p256-m integration)
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
277690e944 Add step-by-step guide for writing and integrating drivers for entry points where auto-generation is not implemented
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
e41f7e457f Integrate p256-m as an example driver alongside Mbed TLS and write documentation for the example.
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:09 +01:00
valerio
95e57c3517 doc: update use-psa-crypto.md
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-24 13:47:18 +02:00
valerio
0b0486452c improve syms.sh script for external dependencies analysis
It is now possible to analyze also modules and not only
x509 and tls libraries.

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-24 10:34:08 +02:00
Paul Elliott
4359badbb2
Merge pull request #7331 from mprse/ec-jpake-fix2
PSA PAKE: Check input_length against PSA_PAKE_INPUT_SIZE() in psa_pake_input
2023-04-17 16:31:09 +01:00
Ronald Cron
4d31496294 Update TLS 1.3 documentation and add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
e6e6b75ad3 psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:54 +02:00
Manuel Pégourié-Gonnard
0ab380a8ae
Merge pull request #7354 from mpg/ecc-doc-update
Ecc doc update
2023-03-30 15:38:47 +02:00
Manuel Pégourié-Gonnard
9463e780c6 Fix a typo
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-30 09:37:39 +02:00
Dave Rodgman
05c5a91514
Merge pull request #7307 from Mbed-TLS/sphinx-versioned-documentation
Generate API documentation with Sphinx and Breathe
2023-03-29 12:01:59 +01:00