Commit graph

566 commits

Author SHA1 Message Date
Gilles Peskine
fad34a4f10 Support all legacy algorithms in PSA
This is not strictly mandatory, but it helps.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-07 20:37:56 +01:00
Gilles Peskine
3e30e1fb19 We haven't actually made hash accelerators initless in 3.3
It seems that it won't be necessary anyway.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:34:17 +01:00
Gilles Peskine
14239c6e2e Switching to PSA can break things with MBEDTLS_PSA_CRYPTO_CLIENT
It's a rare scenario, but it's currently possible: if you use
mbedtls_cipher_xxx() to encrypt the communication between the application
and the crypto service, changing those functions to call PSA will break your
system.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:32:48 +01:00
Gilles Peskine
22db9916fe The PSA cipher/AEAD API requires an initialized keystore
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:32:29 +01:00
Gilles Peskine
143ebcc1d6 PKCS#1v1.5 sign/verify uses hash metadata
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:30:10 +01:00
Gilles Peskine
cb93ac91bb Note that we can tweak the meaning of MBEDTLS_PSA_CRYPTO_CONFIG too
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:29:43 +01:00
Gilles Peskine
d167f16d55 Wording clarifications and typo fixes
No intended meaning change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:29:15 +01:00
Gilles Peskine
4eefade8bf Sketch some optimizations relevant to MD light
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 23:05:14 +01:00
Gilles Peskine
f634fe10e7 Sketch the work to migrate to MD light
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 23:04:51 +01:00
Gilles Peskine
188e900a6d Specify MD light based on the interface requirements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 23:04:16 +01:00
Gilles Peskine
382b34ca84 Work out the hash interface requirements
Finish working out the RSA-PSS example in terms of what it implies about the
interface. The key takeaway is that a mixed-domain module must support
algorithms if they are available through either interface, and that's all
there is to it. The details of how dispatch is done don't matter, what
matters is only the availability, and it's just the disjunction of
availabilities.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 22:57:18 +01:00
Gilles Peskine
c82050efdb Starting to work out the RSA-PSS example
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-08 19:17:58 +01:00
Gilles Peskine
d47ba71676 New strategy: start the analysis
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-07 22:28:26 +01:00
Ronald Cron
93dcb1ba8d Update TLS 1.3 support document
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-25 20:02:09 +02:00
Ronald Cron
10bf956334 tls13: Fix documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
9810b6d0b7 Fix kex config options documentation in tls13-support.md
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
d8d2ea5674 Add TLS 1.3 key exchange mode config options
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.

These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:41:57 +02:00
Manuel Pégourié-Gonnard
0dc40773d6 Improve comments & messages
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-19 12:12:21 +02:00
Manuel Pégourié-Gonnard
d92fb01419 Skip bits not needed in outcome-analysis.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-18 12:10:45 +02:00
Manuel Pégourié-Gonnard
b51051f1c7 Cosmetic improvement
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-18 12:10:45 +02:00
Manuel Pégourié-Gonnard
f6e6df9dbf Add option for before-after or just ref-drivers
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-18 12:10:45 +02:00
Manuel Pégourié-Gonnard
2bb2f15772 Improve driver-only outcome-analysis script
Instead of having a list of test suites of interest, have a list of
suites to ignore and look at all the others.

In order for this to only yield interesting results, we need to tune the
reference configuration a bit, in order to exclude STREAM and ECB to
more closely match the driver-based configuration.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-18 12:10:45 +02:00
Dave Rodgman
b319684bca Additional updates to docs links
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-12 16:47:08 +01:00
Manuel Pégourié-Gonnard
138387fc8c Fix some typos, improve wording & formatting
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
d18c24b166 EC J-PAKE is now implemented in PSA
Quite unrelated to the other commits in this branch, but I happened to
spot it, so I fixed it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
c42c7e660e Update documentation in legacy_or_psa.h
- Some things that were indicated as in the near future are now done.
- Clarify when these macros are needed and when they're not.
- Prepare to make the header public.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-15 11:28:24 +02:00
Andrzej Kurek
11265d78bb Remove PKCS5 from the ref config in the migration script
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:06:54 -04:00
Andrzej Kurek
7bd12c5d5e Remove MD dependency from pkcs12 module
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-01 08:57:41 -04:00
Tom Cosgrove
0b86ac1957 Fix typographical errors in .md files found by cspell
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-29 13:44:01 +01:00
Manuel Pégourié-Gonnard
68429fc44d Fix a few more typos
Update link while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-27 20:44:02 +02:00
Manuel Pégourié-Gonnard
fca4dc6ba6 Clarifications & improved documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-26 10:10:07 +02:00
Manuel Pégourié-Gonnard
fb2ed58064 Add notes on steps and testing
Also add example/template script to check for coverage regressions.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-21 13:51:19 +02:00
Manuel Pégourié-Gonnard
c8c352c322 Update strategy document to reflect new macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-21 13:35:08 +02:00
Manuel Pégourié-Gonnard
bdc8fd630a Suggest strategy for intra-crypto dependencies
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-21 10:19:26 +02:00
Manuel Pégourié-Gonnard
8c7b81cdf9 Fix a bunch of typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 12:49:20 +02:00
Manuel Pégourié-Gonnard
f88b1b5375 Introduce MBEDTLS_OR_PSA_WANT_xxx helper macros
Currently just replacing existing uses, but the real point of having
these conditions as a single macro is that we'll be able to use them in
tests case dependencies, see next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-15 12:08:14 +02:00
Manuel Pégourié-Gonnard
af8cf5c04e Add a partial plan towards G5
Strategy for dependencies inside libmbecrypto, in particular in the PSA
Crypto core, are outside the scope of the present study.

Note: PR 6065, referenced in a few places, is the one that also
introduces the present commit. It kicks of the work towards G5 in parts
of the code governed by MBEDTLS_USE_PSA_CRYPTO.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
c0d78e9e69 Remove outdated paragraphs about G5
- lack of support for PSA_CRYPTO_CONFIG is not really a reason not to
enable MBEDTLS_USE_PSA_CRYPTO by default - while it's true that
currently X.509/TLS do not behave as expected when PSA_CRYPTO_CONFIG and
MBEDTLS_USE_PSA_CRYPTO are both enabled, it's no worse than when
MBEDTLS_USE_PSA_CRYPTO is disabled.
- as a consequence of removing the paragraph mentioned above, the
sub-section about PSA_CRYPTO_CONFIG no longer belongs in the
"compile-time option" section. Also, it's superseded by the study work
that happened in the meantime (of which this PR is part). So let's
remove it, and the new commit will add something more up-to-date
instead.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
481846c82f General update of PSA strategy documentation
Not related to the changes in this PR, except in the next commit I'll
update the strategy document for changes in this PR and to outline
likely follow-ups, and while looking at the document I noticed a few
things that needed updated, so here there are in their own commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
b5b27c1114 Misc clean-ups in docs/use-psa-crypto.md
Note: limitations of opaque PSKs changed from "TLS 1.2 only" to "none"
since TLS 1.3 does not support PSK at all so far, and it is expected to
support opaque PSKs as soon as it gains PSK support, it will be just a
matter of selecting between psa_key_derivation_input_bytes() and
psa_key_derivation_input_key() - and testing obviously.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
0dba51cfad Fix list of what's common to TLS 1.2 and 1.3
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
9bf9b9e269 Link to restartable ECC EPIC
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
f3f79a00fc Now compatible with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
Also make a few general clarifications/improvements while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
3e83098e01 Clarify the TLS 1.3 situation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:32 +02:00
Manuel Pégourié-Gonnard
103b9929d1 Remove HKDF-Extract/Expand
Being resolved in https://github.com/Mbed-TLS/mbedtls/issues/5784

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
b2bd34ecdc Update docs/use-psa-crypto.md
The scope of the option has been expanded, now it makes more sense to
describe it as "everything except ...".

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
ff43ff6e78 Remove stability waiver from USE_PSA
It was initially motivated by the fact that the PSA Crypto APIs
themselves were not stable. In the meantime, PSA Crypto has reached
1.0.0 so this no longer applies.

If we want user to be able to fully benefit from PSA in order to
isolate long-term secrets, they need to be able to use the new APIs with
confidence. There is no reason to think those APIs are any more likely
to change than any of our other APIs, and if they do, we'll follow the
normal process (deprecated in favour of a new variant).

For reference, the APIs in question are:

mbedtls_pk_setup_opaque() // to use PSA-held ECDSA/RSA keys in TLS

mbedtls_ssl_conf_psk_opaque()   // for PSA-held PSKs in TLS
mbedtls_ssl_set_hs_psk_opaque() // for PSA-held PSKs in TLS

mbedtls_cipher_setup_psa() (deprecated in 3.2)
mbedtls_pk_wrap_as_opaque() (documented internal, to be removed in 3.2)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
97ec0b7bfa Clarify effect of USE_PSA on TLS 1.3
The previous wording was wrong, there are parts that are affected.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
2a47d23927 Update strategy.md
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
83c538869e Update psa-limitations
- misc updates about on-going/recent work
- removal of the section about mixed-PSK: being done in #5762
- clarifications in some places
- some typo fixes

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00