yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
29468 commits 89 branches 205 tags 114 MiB
Commit graph

852 commits

Author SHA1 Message Date
Gilles Peskine f30ff75137 List all markdown files in makefile 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 17:36:36 +02:00
Gilles Peskine 3fc9e04bc4 Be more consistent with raw/cooked key derivation terminology 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-03 17:48:46 +02:00
Gilles Peskine 1a5b83007c Fix typos and copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-03 17:47:40 +02:00
Gilles Peskine c2e29108f0 Fix internal links 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-03 17:07:19 +02:00
bootstrap-prime 6dbbf44d78
Fix typos in documentation and constants with typo finding tool 
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
 2022-05-18 14:15:33 -04:00
Dave Rodgman 65a141a7b0 Fix minor grammatical error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:54 +01:00
Andrzej Kurek 5c65c5781f Fix additional misspellings found by codespell 
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-05-11 21:25:54 +01:00
Shaun Case 8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
Dave Rodgman 017a19997a Update references to old Github organisation 
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-03-31 14:43:16 +01:00
Ronald Cron 8f6d39a81d Make some handshake TLS 1.3 utility routines available for TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Gilles Peskine fdfc10b250
Merge pull request #4408 from gilles-peskine-arm/storage-format-check-mononicity 
Check storage format tests for regressions
 2022-03-07 17:02:34 +01:00
Gilles Peskine e356f075f5
Merge pull request #5512 from gilles-peskine-arm/psa-driver-interface-tweaks-202201 
PSA driver description spec: minor tweaks to the JSON format
 2022-03-01 20:46:14 +01:00
Gilles Peskine 790f7428d2 Storage format test regressions are now checked mechanically 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-22 19:16:42 +01:00
Jerry Yu bd19287a8e fix docs issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu adb1869f8d fix document about tls13 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu 72a0565e13 docs: Add version support description 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Gilles Peskine 41618da50e Clarify backward compatibility requirement 
There are two somewhat distinct aspects here: if it compiled, it still
compiles; and if it worked functionally, it still works. They're related in
that if application code currently compiles but cannot possibly work, we
could reasonably make it not compile anymore.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-16 22:32:12 +01:00
Gilles Peskine 41d0334b4c Write up requirements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-15 16:06:09 +01:00
Andrzej Kurek eec6b2c6b4 Updated slot->attr and slot->key access 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-15 16:06:03 +01:00
Ronald Cron 87829e5429 Fix documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-14 16:31:33 +01:00
Ronald Cron 4279bac965 Document TLS 1.3 MVP limitation regarding MBEDTLS_USE_PSA_CRYPTO 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-11 15:10:22 +01:00
Manuel Pégourié-Gonnard c70013e4bc Clarify the trailer field situation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-10 13:16:50 +01:00
Manuel Pégourié-Gonnard c7f3254379 Clarify a sentence 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-10 13:00:33 +01:00
Manuel Pégourié-Gonnard 58d101b721 Fix a few more typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-10 12:58:09 +01:00
Manuel Pégourié-Gonnard 2c5fbad479
Merge pull request #5004 from mpg/doc-psa-migration 
Document PSA migration strategy
 2022-02-09 12:07:12 +01:00
Manuel Pégourié-Gonnard 839bb8a238 Fix an inaccuracy 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 10:33:41 +01:00
Manuel Pégourié-Gonnard 80759c4917 Fix a few more typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 10:33:11 +01:00
Gilles Peskine 08fb89d251 Require a driver prefix to be non-empty 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-07 16:30:16 +01:00
Gilles Peskine 272ff9c309 Open a namespace for implementation-specific properties 
"IMPLEMENTATION/PROPERTY"

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-07 16:29:18 +01:00
Gilles Peskine 6c3b1a760a Allow comments in driver descriptions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-07 16:29:04 +01:00
Manuel Pégourié-Gonnard 8ebed21216 Fix a few typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-07 10:23:49 +01:00
Manuel Pégourié-Gonnard 539b9a52f9 Fix discussion of RSA-PSS salt length 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-07 10:19:08 +01:00
Manuel Pégourié-Gonnard 2467aed961 Misc updates to testing.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 10:42:30 +01:00
Manuel Pégourié-Gonnard ce6c0875d1 Misc updates to strategy.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 10:34:20 +01:00
Manuel Pégourié-Gonnard 8e559daaa8 Misc updates to psa-limitations.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 10:26:07 +01:00
Manuel Pégourié-Gonnard 335cbf61da Remove temporary documents 
The dependencies-xxx.md documents where merely a support for study,
now distilled to strategy.md, psa-limitation.md, and tasks-xx.md
and/or github issues.

The tasks-g1.md document has now been fully converted to a list of
github issues.

These documents would quickly become out-of-date and there's little
point in updating them, so it's better to remove them. They're still in
the github history if anyone wants to have a look.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 09:55:45 +01:00
Gilles Peskine 220bda7f76 Rename a function parameter to avoid confusion 
Don't use “output” for an input of the KDF. It's correct in context (it's
the output of a function that copies the input of the KDF from core-owned
memory to driver-owned memory) but confusing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 12:03:34 +01:00
Gilles Peskine a2b41598d6 Draft specification for key derivation 
Pass all the initial inputs in a single structure. It's impossible to pass
the inputs as soon as the application makes them available because the core
cannot know which driver to call until it receives the SECRET input.

Do support hiding the key material inside a secure element if the relevant
driver has all the requisite entry points.

Do cooked key derivation (i.e. derivation of non-raw keys) and key agreement
separately.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-24 14:52:59 +01:00
Manuel Pégourié-Gonnard ec3fd75cbc Update strategy with late 2021 discussion 
Unless I missed something, this should now reflect the current strategy.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:15 +01:00
Manuel Pégourié-Gonnard 5218774efb Add note about HKDF for TLS 1.3 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard ab1d3084b7 Goal 1 tasks are now all reflected on github 
Replace descriptions with links just to double-check nothing has been
forgotten.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard 0950359220 Improve "abstraction layers" section 
- fix inaccuracy about PSA hash implementation
- add note about context-less operations
- provide summary

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard a6c601c079 Explain compile-time incompatibilities 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard 7497991356 Expand discussion of goals 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard e459be2ed1 Complete discussion of RSASSA-PSS 
Update to latest draft of PSA Crypto 1.1.0: back to strict verification
by default, but ANY_SALT introduced.

Commands used to observe default values of saltlen:

    openssl genpkey -algorithm rsa-pss -out o.key
    openssl req -x509 -new -key o.key -subj "/CN=CA" -sha256 -out o.crt

    certtool --generate-privkey --key-type rsa-pss --outfile g.key
    certtool --generate-self-signed --load-privkey g.key --outfile g.crt

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard f5ee4b3da4 Add data about RSA-PSS test files 
Data gathered with:

    for c in server9*.crt; do echo $c; openssl x509 -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in crl-rsa-pss-*; do echo $c; openssl crl -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in server9.req.*; do echo $c; openssl req -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done

Unfortunately there is no record of how these files have been generated.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard b902164cf0 Add temporary list of tasks for G1 and G2 
Work in progress, some tasks have very explicit definitions and details
on how to execute, others much less so; some may need splitting.

These documents are temporary anyway, to give a rough idea of the work
remaining to reach those goals (both of which we started, but only for
some use case so far). Ultimately the result will be actionable and
estimated tasks on github.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard d9edd56bf8 Document PSA limitations that could be problems 
(WIP: the study of RSA-PSS is incomplete.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard b89fd95146 Document the general strategy for PSA migration 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard 1b52d09494 Document test strategy for USE_PSA_CRYPTO 
Note: removed `mbedtls_x509write_crt_set_subject_key()` from the list of
things that should be tested, as it's taking public key rather than a
keypair.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard 0d0a104b2d Add study for TLS/X.509 dependencies on crypto 
This is an updated version of the study that was done a few years ago.

The script `syms` was used to list symbols form libmbedtls.a /
libmbedx509.a that are defined externally. It was run with config.py
full minus MBEDTLS_USE_PSA_CRYPTO minus
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:00 +01:00
Archana 21b20c72d3
Add Changelog and update documentation 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-19 10:35:15 +05:30
Archana c08248d650
Rename the template file from .conf to .jinja 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-19 10:35:15 +05:30
Archana a8939b6da3
Restructure scripts' folder alignment 
Moved python script generate_driver_wrappers.py under scripts and
corresponding template file under script/data_files.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-18 12:57:15 +05:30
Archana 1f1a34a226
Rev 1.0 of Driver Wrappers code gen 
The psa_crypto_driver_wrappers.c is merely rendered with no real
templating in version 1.0.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-18 12:22:06 +05:30
Ronald Cron b1822efe22 docs: TLS 1.3: Improve wording 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 14:28:13 +01:00
Ronald Cron 7aa6fc1992 docs: TLS 1.3: Update prototype upstreaming status 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:22:21 +01:00
Ronald Cron 653d5bc781 docs: TLS 1.3: Swap prototype upstreaming status and MVP definition 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:22:21 +01:00
Ronald Cron 43ffc9d659 docs: TLS 1.3: Update TLS 1.3 documentation file name 
Update TLS 1.3 documentation file name and its
overview section.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:22:21 +01:00
Ronald Cron 0abf07ca2c Make PSA crypto mandatory for TLS 1.3 
As we want to move to PSA for cryptographic operations
let's mandate PSA crypto from the start.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:22:21 +01:00
Dave Rodgman d7c091060f
Merge pull request #5242 from paul-elliott-arm/explain_TLS13_decision 
TLS1.3: Edit docs to explain not changing curve order.
 2021-12-07 11:01:04 +00:00
Paul Elliott cce0f5a085 Fix typo 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-03 16:13:30 +00:00
Paul Elliott c0d335bc1e Second draft of explanation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-02 16:38:05 +00:00
Paul Elliott fe08944246 Fix spelling error 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-30 10:55:53 +00:00
Paul Elliott 89c8e098ee Convert tabs to spaces 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-30 10:54:52 +00:00
Paul Elliott 66491c7d08 Edit docs to explain not changing curve order 
TLS1.3 MVP would benefit from a different curve group preference order
in order to not cause a HelloRetryRequest (which are not yet handled),
however changing the curve group preference order would affect both
TLS1.2 and TLS1.3, which is undesirable for something rare that can
be worked around.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-29 10:39:44 +00:00
Xiaofei Bai 746f9481ea Fix 1_3/13 usages in macros and function names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Andrzej Kurek e3ed82473a Fix duplicate variable name in getting_started.md 
Rename the key id variables to not clash with the raw key data.
This was introduced in cf56a0a3.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-11-19 13:40:20 +01:00
Gilles Peskine a42a8de120 PSA thread safety analysis 
Looks like a mutex isn't enough?

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-03 12:18:41 +01:00
Manuel Pégourié-Gonnard 9a7cf9a196
Merge pull request #5045 from gilles-peskine-arm/rm-PSACryptoDriverModelSpec-development 
Remove the old driver model specification draft
 2021-10-29 09:36:15 +02:00
Dave Rodgman c8aaac89d0 Fix naming examples in TLS 1.3 style guide 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-10-18 13:00:51 +01:00
Gilles Peskine 4086159910 Remove obsolete specification draft 
See https://armmbed.github.io/mbed-crypto/psa/#hardware-abstraction-layer
instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-07 19:14:01 +02:00
Manuel Pégourié-Gonnard 0729885c2b
Merge pull request #4963 from ronald-cron-arm/tls13-mvp 
Define TLS 1.3 MVP and document coding rules
 2021-09-29 10:32:49 +02:00
Ronald Cron 7fc96c1a57 Fix test description 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-28 16:29:04 +02:00
Ronald Cron fb877215b5 Fix supported signature documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-28 16:29:04 +02:00
Ronald Cron 8ee9ed6785 Fix and improve the documentation of supported groups 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-28 16:28:58 +02:00
Ronald Cron f164b6a7ff Add an overview section 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:48:09 +02:00
Ronald Cron 847c3580b8 Expend coding rules 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:48:09 +02:00
Ronald Cron 3e7c4036b4 Miscellaneous improvements 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:48:09 +02:00
Ronald Cron fecda8ddb4 Improve the description of common macros usage 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:48:02 +02:00
Ronald Cron 99733f0511 Amend vector variables 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:37 +02:00
Ronald Cron b194466e99 Amend TLS 1.3 prefix 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:37 +02:00
Ronald Cron 72064b30cf Fix usage of backticks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:37 +02:00
Ronald Cron 660c723b09 Add paragraph about expected quality 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:37 +02:00
Ronald Cron 7a7032a4ba Remove out of MVP scope items 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:37 +02:00
Ronald Cron c3b510f096 Amend supported groups and signatures based on spec 9.1 section 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:37 +02:00
Ronald Cron 3160d70049 Add comments about key_share and supported_versions support 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 15:39:29 +02:00
Ronald Cron 85e51083d8 Add support for server_name extension 
Section 9.2 of the specification defines server_name
extension as mandatory if not specified otherwise by
an application profile. Thus add its support to the
MVP scope.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 13:42:39 +02:00
Ronald Cron 004df8ad5f Improve comment about handshake failure with HRR and CertificateRequest 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 13:42:39 +02:00
Ronald Cron 1fa5088c0b Improve comment about PSK TLS 1.3 configuration options 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 13:42:27 +02:00
Ronald Cron 023987feef Use GitHub table format 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 12:05:28 +02:00
Ronald Cron def52c36e5 Remove obscure comment about TLS 1.3 renegotiation config option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-27 12:03:55 +02:00
Manuel Pégourié-Gonnard 13841cb719 Mention areas that are not (well) tested. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-09-24 11:43:14 +02:00
Manuel Pégourié-Gonnard 9155b0e396 Clarify that 1.3 is excluded 
Don't mention "TLS 1.2 only" for PSK, as that could give the impression
that the other things about TLS are supported beyond 1.2, which isn't
the case currently.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-09-24 10:17:07 +02:00
Manuel Pégourié-Gonnard ca9101739a Improve wording and fix some typos. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-09-24 10:14:32 +02:00
Manuel Pégourié-Gonnard d3ac4a9a8a Clarify wording of "not covered" section 
The section is about things that are not covered, but some lists are
about things that are covered, which was very confusing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-09-24 10:06:04 +02:00
Manuel Pégourié-Gonnard 1e07869381 Fix inaccuracy in key exchange summary 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-09-22 10:11:53 +02:00
Ronald Cron 3785c907c7 Define TLS 1.3 MVP and document coding rules 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-09-21 16:16:56 +02:00
Manuel Pégourié-Gonnard 73a0e1da0d Document parts not covered by USE_PSA_CRYPTO 
Also, remove the section about design considerations for now. It's
probably more suitable for a developer-oriented document that would also
include considerations about possible paths for the future, which would
better be separated from user documentation (separating the certain that
is now, from the uncertain that might or might not be later).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-09-21 13:55:00 +02:00
Manuel Pégourié-Gonnard 1b08c5f042 Document current effects of USE_PSA_CRYPTO 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-09-21 12:59:26 +02:00
Manuel Pégourié-Gonnard 13b0bebf7d Add docs/use-psa-crypto.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-09-21 12:59:25 +02:00
Gilles Peskine 8ec3c8f015 Do not require test data to be in the repository 
What matters is that we validate that test data is not removed. Keeping the
test data is the most obvious way, but not the only way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-07-15 16:22:14 +02:00
Gilles Peskine b91f81a55b Discuss lifetimes, in particular persistence levels 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-07-15 16:22:14 +02:00
Gilles Peskine 77f8e5cb59 Add considerations on key material representations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-07-15 16:22:14 +02:00
Gilles Peskine d131e400f0 Clarification: forward and backward compatibility 
The import-and-save and load-and-check parts of the tests don't have to be
actually the same test cases.

Introduce the terms “forward compatibility” and “backward compatibility” and
relate them to import-and-save and load-and-check actions.

These are clarifications of intent that do not represent an intended change
in the strategy or intended coverage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-07-15 16:22:14 +02:00
Gilles Peskine f31c6c111e Typo 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-07-15 16:22:14 +02:00
Dave Rodgman 8e5020dead Remove obsolete reference to _ret in migration guide 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-07-02 12:16:03 +01:00
Dave Rodgman 7b743193b0 Move subsection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 20:10:10 +01:00
Dave Rodgman 9637bd30a3 Move subsections 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 20:07:57 +01:00
Dave Rodgman b0e6bb54f9 Move subsection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 20:03:55 +01:00
Dave Rodgman 26c12eb523 Remove C from code block 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:58:00 +01:00
Dave Rodgman 10963278e7 Mark all code blocks as C 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman a014831732 Add missing backticks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman 7d2ac88f93 Correct hyperlink 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman 2482650483 Correct hyperlink 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman 2b03457ca5 Improve wording 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman b4d15b1556 Move subsection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman 8128b69ffe Move subsection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman 715966862d Move subsection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman 507827e75a Move subsection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman 68547187f6 Move subsections 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman 897a95f46c Move subsection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman 3f66943bdd Move subsection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman 2d05e0f440 Move subsection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman aa1fba2fed Move subsection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman 7018053460 Reorder subsections 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman 28701c63cb Fix grammatical error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman ce53b3afd6 Remove reference to removed item 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:13:24 +01:00
Dave Rodgman 9d3417845c Add backticks where needed 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 19:12:32 +01:00
Dave Rodgman 2e1e623d33 Correct hyperlink syntax 
Co-authored-by: Tomasz Rodziewicz <40165497+TRodziewicz@users.noreply.github.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 17:58:10 +01:00
Dave Rodgman 6753a775b8 Fix grammatical error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 17:15:28 +01:00
Dave Rodgman 26ad6c7ea7 Fix typo 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 17:14:01 +01:00
Dave Rodgman 8d91ceb19d Remove empty 3.0-migration-guide.d 
This is now captured in 3.0-migration-guide.md

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 16:56:59 +01:00
Dave Rodgman 92170cc3e1 Add general cross-reference for low/high-level crypto 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 14:53:23 +01:00
Dave Rodgman c936bbb15a Make blank lines before sections consistent 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 14:53:23 +01:00
Dave Rodgman b1c6b4a7a5 Add cross-reference 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 14:53:16 +01:00
Dave Rodgman a3758208ae Move sub-sections to more appropriate places 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 14:17:03 +01:00
Dave Rodgman 4ea5643046 Change some section names 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 14:16:22 +01:00
Dave Rodgman d462ca1f72 Fix typos 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 11:26:08 +01:00
Dave Rodgman a54c16805e Improve wording relating to removal of MBEDTLS_ERR_SSL_BAD_HS_XXX 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 11:11:07 +01:00
Dave Rodgman a5a3cce49b Add link between sections 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 11:06:58 +01:00
Gilles Peskine a481052407 Add migration guide and changelog entry for MBEDTLS_PRIVATE 
We forgot those in #4511.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-30 11:06:40 +01:00
Dave Rodgman e4ec84631b Fix typos 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:52:40 +01:00
Dave Rodgman b491b2b051 Add SSL error code updates from #4724 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:49:30 +01:00
Dave Rodgman 7078973b7b Improve wording 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman 4a5d3c08c6 Fix typo 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman 30dc603958 Reorder sections 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman d8a1017abf add section headings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman 36bb5ff6e3 minor updates 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman d267ec361d Add formatting codes to level 3 headings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman a0e8db09ac Change headings to level 3 to enable use of sections 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman 949c21b336 Minor updates to migration guide 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman 1cb2331495 Remove line that got into the wrong place 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman 7b0c4dea59 Fix missing part of sentence 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman 759c0109f2 Fix errors in migration guide 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman 1aea40427f Add a very short summary 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman e45e6401af Re-order to put some more significant items at the top 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman 8cccbe11df Update the migration guide 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:33:59 +01:00
Dave Rodgman dc1a3b2d70
Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0 
Cleanup SSL error code space
 2021-06-30 09:02:55 +01:00
Ronald Cron 8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0 
Add output size parameter to signature functions
 2021-06-29 09:43:17 +02:00
Bence Szépkúti 9cd7065307 No other headers are included by mbedtls_config.h 
These have been moved to build_info.h. Update the documentation to
reflect this.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 14:29:42 +01:00
Hanno Becker 2fc9a652bc Address review feedback 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker 2e3ecda684 Adust migration guide for SSL error codes 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Bence Szépkúti dbf5d2b1a7 Improve the instructions in the migration guide 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 10:37:41 +01:00
Bence Szépkúti 1b2a8836c4 Correct documentation references to Mbed TLS 
Use the correct formatting of the product name in the documentation.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 10:37:19 +01:00
Bence Szépkúti 60c863411c Remove references to MBEDTLS_USER_CONFIG_VERSION 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:48 +01:00
Bence Szépkúti 36da4ccc51 Update changelog and migration guide 
This reflect changes to the config version symbols.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:48 +01:00
Bence Szépkúti 8d9132f43c Fix typo 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:48 +01:00
Bence Szépkúti 90b79ab342 Add migration guide and changelog 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:48 +01:00
Bence Szépkúti dba968f59b Realign Markdown table 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:47 +01:00
Bence Szépkúti bb0cfeb2d4 Rename config.h to mbedtls_config.h 
This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:33 +01:00
Gilles Peskine f00f152444 Add output size parameter to signature functions 
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.

No change to RSA because for RSA, the output size is trivial to calculate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-25 00:46:22 +02:00
Gilles Peskine fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation 
Require matching hashlen in RSA functions: implementation
 2021-06-24 10:28:20 +02:00
Gilles Peskine f06b92d724
Merge pull request #4567 from mstarzyk-mobica/gcm_ad 
Enable multiple calls to mbedtls_gcm_update_ad
 2021-06-23 19:36:23 +02:00
Gilles Peskine e9bc857327
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export 
Implement modified key export API for Mbed TLS 3.0
 2021-06-22 18:52:37 +02:00
Gilles Peskine 9dbbc297a3 PK signature function: require exact hash length 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-22 18:39:41 +02:00
Dave Rodgman 5ec5003992 Document the return type change in the migration guide 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-22 13:49:09 +01:00
Manuel Pégourié-Gonnard e7885e5441 RSA: Require hashlen to match md_alg when applicable 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-22 12:29:27 +02:00
Manuel Pégourié-Gonnard 3e7ddb2bb6
Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0 
Update the default hash and curve selection for X.509 and TLS
 2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard 508d3a5824
Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext 
Remove truncated HMAC extension
 2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA 
Remove MD2, MD4, RC4, Blowfish and XTEA
 2021-06-22 09:27:41 +02:00
TRodziewicz f41dc7cb35 Removal of RC4 certs and fixes to docs and tests 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-21 13:27:29 +02:00
Hanno Becker 7e6c178b6d Make key export callback and context connection-specific 
Fixes #2188

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Hanno Becker d5c9cc7c90 Add migration guide for modified key export API 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard 9a32d45819
Merge pull request #4517 from hanno-arm/ticket_api_3_0 
Implement 3.0-API for SSL session resumption
 2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard ae35830295
Merge pull request #4661 from mpg/make-blinding-mandatory 
Make blinding mandatory
 2021-06-18 18:32:13 +02:00
Dave Rodgman 8c8166a7f1
Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test 
Move part of timing module out of the library
 2021-06-18 16:35:58 +01:00
Thomas Daubney ac84469dd1 Modifies Migration Guide entry 
Commit makes corrections to Migration Guide
entry for this task.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-06-18 14:08:56 +01:00
Thomas Daubney 379227cc59 Modifies ChangeLog and Migration Guide 
Entries in ChangeLog and Migration guide files
have been merged to cover both the removal of
MBEDTLS_SSL_TRUNCATED_HMAC and
MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-06-18 10:46:12 +01:00
Gilles Peskine 39957503c5 Remove secp256k1 from the default X.509 and TLS profiles 
For TLS, secp256k1 is deprecated by RFC 8422 §5.1.1. For X.509,
secp256k1 is not deprecated, but it isn't used in practice, especially
in the context of TLS where there isn't much point in having an X.509
certificate which most peers do not support. So remove it from the
default profile. We can add it back later if there is demand.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 23:17:52 +02:00
Gilles Peskine ec78bc47b5 Meld DEFAULT_ALLOW_SHA1_IN_CERTIFICATES removal migration guide 
Meld the migration guide for the removal of
MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES into the migration guide for
the strengthening of TLS and X.509 defaults, which is more general. The
information in the SHA-1 section was largely already present in the
strengthening section. It is now less straightforward to figure out how to
enable SHA-1 in certificates, but that's a good thing, since no one should
still be doing this in 2021.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:29 +02:00
Gilles Peskine 6b1f64a150 Wording clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:29 +02:00
Gilles Peskine b1940a76ad In TLS, order curves by resource usage, not size 
TLS used to prefer larger curves, under the idea that a larger curve has a
higher security strength and is therefore harder to attack. However, brute
force attacks are not a practical concern, so this was not particularly
meaningful. If a curve is considered secure enough to be allowed, then we
might as well use it.

So order curves by resource usage. The exact definition of what this means
is purposefully left open. It may include criteria such as performance and
memory usage. Risk of side channels could be a factor as well, although it
didn't affect the current choice.

The current list happens to exactly correspond to the numbers reported by
one run of the benchmark program for "full handshake/s" on my machine.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:29 +02:00
Gilles Peskine 3758fd6b79 Changelog entry and migration guide for hash and curve profile upgrades 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:14 +02:00
Thomas Daubney 50afb4378f Adds Migration guide 
Commit adds a migraiton guide entry that was
missing.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-06-17 09:23:41 +01:00
Manuel Pégourié-Gonnard 8707259318 Improve ChangeLog and migration guide entries 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard e6e51aab55 Add ChangeLog and migration guide entries 
Merge part of the RSA entries into this one, as I think it's easier for
users to have all similar changes in one place regardless of whether
they were introduce in the same PR or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-17 09:38:38 +02:00
Mateusz Starzyk bd513bb53d Enable multiple calls to mbedtls_gcm_update_ad. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-06-16 14:34:09 +02:00
TRodziewicz 15a7b73708 Documentation rewording 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 11:22:53 +02:00
TRodziewicz 8f91c721d3 Code review follow-up corrections 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 10:34:45 +02:00
TRodziewicz 7ff652ae53 Addition of ChangeLog and migration guide entry files. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 10:34:39 +02:00
Gilles Peskine 17575dcb03
Merge pull request #4629 from TRodziewicz/rename_functions_whose_deprecated_variants_have_been_removd 
Rename the _ret() functions
 2021-06-15 20:32:07 +02:00
TRodziewicz 9c90226df1 Addition of the migration guide and change log files 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-15 15:49:20 +02:00
Manuel Pégourié-Gonnard 8cad2e22fc
Merge pull request #4595 from gilles-peskine-arm/alt-dummy-headers-3.0 
Lighten and test constraints on context types in alternative implementations
 2021-06-15 12:12:46 +02:00
TRodziewicz 28a4a963fc Corrections to the docs wording and changes to aux scripts 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-15 00:18:32 +02:00
Gilles Peskine cadd3d860e Give examples of PLATFORM_XXX_ALT 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:14:28 +02:00
Gilles Peskine bf26bef157 Discuss the durability of PSA drivers vs ALT when introducing them 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:14:28 +02:00
Gilles Peskine a71db94c66 Document that contexts must be movable 
Fix #4451.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:14:28 +02:00
Gilles Peskine f35c42bdb9 Document the remaining constraints on ALT context types 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:14:28 +02:00
Gilles Peskine 6a2fb61896 Rename library/ecp_alt.h to ecp_internal_alt.h 
library/ecp_alt.h (declaring individual functions of the ECP module that can
be substituted, included when building the library with
MBEDTLS_ECP_INTERNAL_ALT enabled) clashes with ecp_alt.h (not provided,
declaring types of the ECP module when the whole implementation is
substituted, included when building the library with MBEDTLS_ECP_ALT enabled).
Depending on the search path during build, this can make MBEDTLS_ECP_ALT
unusable.

Rename library/ecp_alt.h to follow the naming convention of other alt headers:
MBEDTLS_XXX_ALT corresponds to xxx_alt.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:10:37 +02:00
Gilles Peskine b9ccb25f33 Starter-class documentation of alternative implementations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:10:37 +02:00
TRodziewicz 3946f79cab Correction according to code review (function and param. names change 
and docs rewording)

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-14 13:46:21 +02:00
TRodziewicz 8b223b6509 Addition of the migration guide entry file. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-14 11:56:33 +02:00
TRodziewicz 1fcd72e93c change log and migr. guide fixes and _DEPRECATED_REMOVED removed 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-14 11:16:06 +02:00
Gilles Peskine 02b76b7d18
Merge pull request #4619 from TRodziewicz/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options 
Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
 2021-06-10 17:43:36 +02:00
TRodziewicz 2a5e5a2759 Correction to the migration guide entry wording 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 16:54:20 +02:00
TRodziewicz 0ea2576502 Correction to the migr. guide wording and removal of not needed option 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 13:31:42 +02:00
TRodziewicz b8367380b1 Addition of the migration guide 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 13:31:42 +02:00
TRodziewicz 1e66642d68 Addition of change log and migration guide files. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 11:25:28 +02:00
Ronald Cron f8abfa8b1b Improve migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-09 10:54:14 +02:00
Ronald Cron 6fe1bc3f24 Add change log and migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:19 +02:00
Manuel Pégourié-Gonnard 16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api 
Remove MFL query API and add API for maximum plaintext size of incoming records
 2021-06-08 11:07:27 +02:00
Hanno Becker 61f292ea0a Fix migration guide for now-removed deprecated functions 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-08 07:50:55 +01:00
TRodziewicz 0730cd5d9e Merge branch 'development' into Remove__CHECK_PARAMS_option 2021-06-07 15:41:49 +02:00
TRodziewicz 442fdc22ea Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-07 13:52:23 +02:00
Manuel Pégourié-Gonnard 13a9776676 Editorial improvements 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 12:00:04 +02:00
Manuel Pégourié-Gonnard 3b5a7c198c Update ChangeLog and migration guide 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 11:13:34 +02:00
Manuel Pégourié-Gonnard 84191eab06
Merge pull request #4315 from Kxuan/feat-pre-compute-tls 
Static initialize comb table
 2021-06-03 11:41:54 +02:00
kXuan 782c2b9f36
fix comment, ChangeLog & migration-guide for MBEDTLS_ECP_FIXED_POINT_OPTIM 
Signed-off-by: kXuan <kxuanobj@gmail.com>
 2021-06-03 15:47:40 +08:00
Manuel Pégourié-Gonnard 1b1327cc0d
Merge pull request #4581 from TRodziewicz/remove_supp_for_extensions_in_pre-v3_X.509_certs 
Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option
 2021-06-02 13:48:03 +02:00
Manuel Pégourié-Gonnard df77624ab5
Merge pull request #4490 from TRodziewicz/Combine__SSL_<CID-TLS1_3>_PADDING_GRANULARITY_options 
Combine _SSL_<CID-TLS1_3>_PADDING_GRANULARITY options
 2021-06-02 13:47:48 +02:00
Manuel Pégourié-Gonnard 1b3b27cbb0
Merge pull request #4587 from TRodziewicz/remove_3DES_ciphersuites 
Remove 3DES ciphersuites
 2021-06-02 11:01:42 +02:00
Ronald Cron 3dafa9bda8
Merge pull request #4555 from ronald-cron-arm/m-ccm-api 
Define CCM multi-part API
 2021-06-02 09:56:43 +02:00
Gilles Peskine fe3069b7f1
Merge pull request #4585 from mpg/cipher-aead-delayed 
Clarify multi-part AEAD calling sequence in Cipher module
 2021-06-01 12:04:19 +02:00
Manuel Pégourié-Gonnard c01b87b820 Fix some typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-01 09:40:53 +02:00
Ronald Cron f668bd18df Add migration guide for developers of CCM alternative implementation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-01 09:07:46 +02:00
kXuan 22fc906d57
Add ChangeLog and migration guide for MBEDTLS_ECP_FIXED_POINT_OPTIM 
Signed-off-by: kXuan <kxuanobj@gmail.com>
 2021-06-01 14:01:59 +08:00
TRodziewicz 231649a020 Changing the migration guide entry wording. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-31 13:12:16 +02:00
TRodziewicz 4e57f4cdfd Adding removed defines to check_config.h and fixing the migration guide entry. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-31 12:58:25 +02:00
Manuel Pégourié-Gonnard 6d84e917bb
Merge pull request #4568 from creiter32/to_upstream/csr_critical_extensions 
Expose flag for critical extensions
 2021-05-31 12:46:59 +02:00
Manuel Pégourié-Gonnard ee57ebe553 Add ChangeLog and migration guide entries 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-31 12:25:01 +02:00
TRodziewicz 3670e387dc Remove 3DES ciphersuites 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-31 12:11:53 +02:00
Ronald Cron ea62d2f391
Merge pull request #4369 from hanno-arm/relax_psk_config 
Implement relaxed semantics for static PSK configuration in Mbed TLS 3.0
 2021-05-31 10:03:56 +02:00
TRodziewicz dee975af7d Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option 
Remove define

Add ChangeLog file and migration guide entry

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-28 15:27:01 +02:00
Hanno Becker 2bec09c113 Fix typo in migration guide 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-28 09:54:31 +01:00
Hanno Becker 196739b478 Change wording in documentation of PSK configuration 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-28 05:33:14 +01:00
TRodziewicz 062f353804 Changes after code review 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-27 17:34:14 +02:00
TRodziewicz caf2ae04b8 ChangeLog and migration guide added. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-27 17:33:51 +02:00
Christoph Reiter 95273f4b07 Expose flag for critical extensions 
Enables creating X.509 CSRs with critical extensions.

Signed-off-by: Christoph Reiter <christoph.reiter@infineon.com>
 2021-05-27 14:27:43 +02:00
TRodziewicz 0a02fbb783 Addition of the migration guide entry. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-26 15:57:50 +02:00
TRodziewicz a86c312d92 Addition of the migration guide entry. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-26 15:29:36 +02:00
Gilles Peskine b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2 
Remove rsa mode params part 2
 2021-05-25 20:36:33 +02:00
Thomas Daubney 6f966112c7 Corrections to ChangeLog and Migration guide 
Corrections to address wording of ChangeLog
and Migration guide.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-25 15:00:19 +01:00
Thomas Daubney 3ca92b182c Re-wording of Migration guide entry 
Commit re-words the migration guide
entry as requested in review.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-24 14:11:39 +01:00
TRodziewicz 4ca18aae38 Corrections after the code review 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 13:38:00 +02:00
TRodziewicz d807060e0a Addition of migration guide and corrections to the ChangeLog file 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:50:51 +02:00
Thomas Daubney 2fbbe1d2fe Corrections to ChangeLog and Migration guide 
This commit fixes typos and re-words
the migration guide. It also adds
the issue number to the ChangeLog.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-24 10:53:57 +01:00
Hanno Becker 3bbf4c058f Fix typo in migration guide for ticket API change 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-23 06:20:23 +01:00
Hanno Becker b2efc4d464 Add migration guide 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-23 06:03:55 +01:00
Thomas Daubney 62b0d1dbc8 Adds ChangeLog and Migration guide entry 
Commit adds relevant entry to the
ChangeLog and to the
Migration guide.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-21 17:05:12 +01:00
Janos Follath 7fc487c4d6
Merge pull request #4347 from hanno-arm/ssl_session_cache_3_0 
Add session ID as an explicit parameter to SSL session cache API
 2021-05-21 09:28:55 +01:00
Ronald Cron ca72287583
Merge pull request #4304 from mstarzyk-mobica/convert_NO_SHA384_to_positive 
Modify config option for SHA384.
 2021-05-21 08:04:33 +02:00
Ronald Cron 49fef37ebf
Merge pull request #4342 from gilles-peskine-arm/gcm-update-any-length 
GCM: allow arbitrary lengths for update
Only the ABI-API-checking job failed and this is expected thus good to go.
 2021-05-20 15:08:55 +02:00
Mateusz Starzyk 17011a3185 Merge branch 'development' into convert_NO_SHA384_to_positive 
Conflicts:
	library/version_features.c
	programs/test/query_config.c

Files were removed in development branch and modified by current branch.
Conflicts fixes by removing them.
 2021-05-20 14:18:12 +02:00
Mateusz Starzyk 3489cc1433 Improve migration guide for SHA384 option 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-20 13:52:48 +02:00
Gilles Peskine 15c7b40ab7 Reorder the text to say who is affected first 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-20 12:11:19 +02:00
Gilles Peskine 7f312c811b Add migration guides for GCM 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-20 11:51:46 +02:00
Manuel Pégourié-Gonnard 729fa5be88
Merge pull request #4450 from mstarzyk-mobica/remove_null_entropy 
Remove MBEDTLS_TEST_NULL_ENTROPY config option.
 2021-05-20 09:19:55 +02:00
Mateusz Starzyk 2396b21f80 Provide more in-depth migration guide after removal of null entropy. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-19 16:35:51 +02:00
Manuel Pégourié-Gonnard 2213871654
Merge pull request #4489 from TRodziewicz/Remove__SSL_RECORD_CHECKING 
Remove  ssl record checking
 2021-05-19 13:57:51 +02:00
Mateusz Starzyk 44085de5f7 Add migration guide for SHA384 and SHA224 options. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-19 13:22:53 +02:00
Ronald Cron 0e3ec27598
Merge pull request #4506 from gilles-peskine-arm/array-parameters-to-pointers-sha512 
Change sha256 and sha512 output type from an array to a pointer
 2021-05-19 12:37:17 +02:00
Mateusz Starzyk ef80a9c5e0 Add migration guide for removed null entropy config option 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-18 16:25:01 +02:00
Hanno Becker 9039303cf5 Add migration guide 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-18 05:27:18 +01:00
Ronald Cron fdcde47f36
Merge pull request #4458 from davidhorstmann-arm/remove-max-content-len 
Remove MBEDTLS_SSL_MAX_CONTENT_LEN option
 2021-05-17 16:36:04 +02:00
TRodziewicz e13a23b439 New line added at the end of the migration guide entry 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-17 11:16:52 +02:00
Manuel Pégourié-Gonnard 5605911fd3
Merge pull request #4447 from hanno-arm/ssl_config_cleanup 
Avoid and remove some SSL error codes for Mbed TLS 3.0
 2021-05-17 10:55:17 +02:00
TRodziewicz 57d7ab72fb Correction to migration guide entry wording 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-17 10:43:41 +02:00
Hanno Becker 67e49a627d Add migration guide 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 20:13:54 +01:00
Hanno Becker 8e184e2deb Add migration guide 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 17:10:27 +01:00
Hanno Becker 699d4d7df7 Add migration guide for new SSL ticket API 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 16:36:44 +01:00
Hanno Becker 548b136e8f Add migration guide for removal of mbedtls_ssl_get_session_pointer() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 16:36:44 +01:00
TRodziewicz 1cf33bf94d Corrections o the migration guide 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-14 14:35:26 +02:00
TRodziewicz 95f8f22c27 Migration guide added and ChangeLog clarified 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-14 14:07:51 +02:00
Gilles Peskine d7b3d92476 Change sha256 output type from an array to a pointer 
The output parameter of mbedtls_sha256_finish_ret and mbedtls_sha256_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-224 hash into a
28-byte buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-13 00:46:29 +02:00
Gilles Peskine e02e02f203 Change sha512 output type from an array to a pointer 
The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-384 hash into a
48-byte buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-13 00:32:45 +02:00
Gilles Peskine 5d1f747d85
Merge pull request #4377 from mpg/psa-pbkdf2-api 
PSA API for PBKDF2-HMAC
 2021-05-12 18:00:30 +02:00
David Horstmann 95d516f319 Remove MBEDTLS_SSL_MAX_CONTENT_LEN option 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-05-10 17:02:48 +01:00
Manuel Pégourié-Gonnard f9a68ad62a Fix typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-07 12:11:38 +02:00
Manuel Pégourié-Gonnard dd57b2f240
Merge pull request #4445 from TRodziewicz/remove_deprecated_things_-_remainder 
Remove deprecated functions and constants.
 2021-05-07 10:05:30 +02:00
TRodziewicz d9d035a5b5 Corrections of the migration guide from the code review. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-06 11:53:06 +02:00
TRodziewicz c1c479fbe9 Fllow-up of the review: ChangeLog expansion, mmigration guides added and comments fixed 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-06 00:53:22 +02:00
Gilles Peskine 275b9b2ef4
Merge pull request #4402 from mpg/migration-guide-3.0 
Migration guide for 3.0
 2021-05-05 14:30:39 +02:00
Manuel Pégourié-Gonnard 143b1e387b Fix a number of typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

Co-authored-by: Ronald Cron <ronald.cron@arm.com>
 2021-05-05 09:47:47 +02:00
Ronald Cron d5d04962ef Add change log and migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-05-04 15:59:10 +02:00
Manuel Pégourié-Gonnard 438ac27059 Quit using title case for entry titles 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-04 13:06:34 +02:00
Manuel Pégourié-Gonnard 72f762b1da Clarify 3.0-migration-guide.d/00README 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-04 11:36:40 +02:00
Manuel Pégourié-Gonnard e756306dd6 Move some details from ChangeLog to migration guide 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-04 11:36:33 +02:00
Manuel Pégourié-Gonnard 57e93e5296 Clarify a sentence 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard f5acfbac99 Improve description of migration guide entries 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard 2960b2e88c Fix a few typos 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard b2a1043a4c Add a directory for 3.0 migration guide entries 
Similarly to ChangeLog.d, we want to avoid endless merge conflicts.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard 89d4ab0999 Add a "3.0 migration guide document" 
For now the entries are in no particular order. Before the release we
should have a final pass over this document and order them from most
impactful to least impactful. We might even create sections, a table of
contents, etc.

In the meantime, each PR should add an entry about it changes.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard 421390f52f Fix driver interface for key derivation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-04-30 12:38:12 +02:00
Dave Rodgman 12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs 
Merge development_3.0 into development
 2021-04-26 19:48:16 +01:00
Ronald Cron b5939e814e
Merge pull request #4160 from stevew817/feature/driver_builtin_keys 
Add implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS

Merging as it has been ready for four days now and I prefer not having to go through other rebases especially given the coming change of scope of development (3.0 rather than 2.2x).
 2021-04-23 09:40:31 +02:00
Manuel Pégourié-Gonnard 351a2576f5 PSA PBKDF2: extend key derivation driver interface 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-04-20 13:11:17 +02:00
Tobias Nießen 835beffcf4
Fix typo in architecture docs 
Signed-off-by: Tobias Nießen <tniessen@tnie.de>
 2021-04-19 23:56:25 +02:00
Manuel Pégourié-Gonnard 16529bd439
Merge pull request #4344 from TRodziewicz/remove_deprecated_things_in_crypto_compat_h 
Remove deprecated things from crypto_compat.h and dependent tests.
 2021-04-19 10:55:21 +02:00
Steven Cooreman 31e27af0cc Reword the builtin key language on persistency declaration 
Specifically allow the driver to override the persistency level of a
builtin key in cases where the driver is persistency-aware.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-04-16 11:25:18 +02:00
TRodziewicz 2a1a67300d Remove deprecated things from crypto_compat.h and dependent tests. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-13 23:12:42 +02:00
Dave Rodgman 73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
 2021-04-07 16:31:09 +01:00
Chris Jones 6f554e388e Remove reference to include/mbedtls/*_internal.h files 
Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2021-04-01 09:52:37 +01:00
Hanno Becker 7594c68049 Document status of MPS upstreaming 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Gilles Peskine 2c5d9e6a32 No configuration symbols for FFDH 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-09 21:40:41 +01:00
Gilles Peskine 7df7d1eb57 ECC: add rationale 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-09 21:40:29 +01:00
Gilles Peskine c74712f12d Fix an example that didn't follow the given pattern 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-09 21:40:02 +01:00
Gilles Peskine 59c6347810 Remove the time stamp 
Time stamps are useful when the document gets shared around, but they
tend to lead to merge conflicts.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-09 21:39:13 +01:00
Ronald Cron d9763466b7 Expand and improve psa-crypto-implementation-structure.md 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-02-02 11:49:14 +01:00
Ronald Cron 31520b4b1c Fix psa-crypto-implementation-structure.md 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-02-02 11:38:50 +01:00
Ronald Cron 0dbbf1e27f psa: Add architecture document 
Add architecture document explaining how this
PR aim to restructure the PSA implementation (only
part of it) and why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-02-02 11:29:07 +01:00
Ronald Cron ac80be111b
Merge pull request #3878 from gilles-peskine-arm/psa-builtin-keys-via-slot-number-spec 
New entry point get_builtin_key for opaque drivers (PSA spec)
 2021-01-29 10:43:15 +01:00
Ronald Cron 318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames 
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
 2021-01-29 09:31:59 +01:00
Ronald Cron a120146afe
Merge pull request #3962 from gilles-peskine-arm/psa-storage-format-test-strategy 
Keystore format stability test strategy
 2021-01-25 16:44:23 +01:00
Gilles Peskine 055be83413 Fix typo 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-01-25 11:36:24 +01:00
gabor-mezei-arm cbcec21684
Rename output buffer size macros 
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-01-21 13:17:25 +01:00
Gilles Peskine 84ae1eefb4 Minor clarification 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-01-20 20:20:10 +01:00
Gilles Peskine 3d67365ef7 Add a key_buffer_length output to "get_builtin_key" 
While builtin keys will often have a fixed-size context, this is not
necessarily the case, so the "get_builtin_key" entry point needs to
return the size of the actual key context.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-01-20 20:19:14 +01:00
Gilles Peskine ff457506d3 Remind the reader of what is done about old formats 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-01-19 14:25:20 +01:00
Gilles Peskine 697ee190b5 Add a section about non-default lifetimes 
Alternative locations should be covered. We don't yet support
alternative persistence levels.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-01-18 23:38:21 +01:00
Gilles Peskine 528144f523 Clarify the methods of key storage testing 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-01-18 23:36:18 +01:00
Gilles Peskine cf62f10d3f Clarify interoperability non-requirement 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-01-05 11:49:18 +01:00
Gilles Peskine 739e08a68d Keystore format stability test strategy 
Initial revision.

Save-compare-load approach: the test case data contains attributes of
the object under test and the expected file content. Create the
object, save it, check that the file has the expected content, load
the file and check that the new object has the expected attributes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-14 18:51:47 +01:00
Ronald Cron 8f05aeb2e3
Merge pull request #3882 from gilles-peskine-arm/psa-random-driver-spec 
PSA: Specification for random generation and entropy drivers
 2020-12-11 14:07:35 +01:00
Gilles Peskine 348eeebb24 Clarify the intent of the KEEPALIVE flag 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-11 10:52:36 +01:00
Manuel Pégourié-Gonnard a27a4e2f18
Merge pull request #3929 from gilles-peskine-arm/psa-driver-remove-old-accel 
Remove old proposed accelerator interfaces
 2020-12-10 11:31:47 +01:00
Gilles Peskine 24cebf6671 Add a section for transparent drivers 
No strategy yet, just state some basic requirements.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-08 15:19:04 +01:00
Gilles Peskine f0e2853d46 Minimal update to mention unified-interface opaque drivers 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-08 15:19:04 +01:00
Gilles Peskine ae7772d0f3 Clarifications around reseed_entropy_size 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:48:39 +01:00
Gilles Peskine 43100e3fcb Add section on combining get_entropy with add_entropy 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:48:29 +01:00
Gilles Peskine 32e584c38a Copyediting and minor clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:48:29 +01:00
Gilles Peskine 3ff79066b1 Note an interrogation about integer value representation 
Especially 0 values may need special treatment since they can't be
used as an array size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:48:29 +01:00
Gilles Peskine 6a530e8d26 Random driver: make initial_entropy_size mandatory 
If a random driver has a built-in entropy source and doesn't need an
external entropy source, make the driver author declare this
explicitly, rather than it being a less secure default.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:48:22 +01:00
Gilles Peskine ee914f34fa Minor clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:48:14 +01:00
Gilles Peskine 609394c1cf Open question: can there be multiple RNG instances? 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:48:06 +01:00
Gilles Peskine 8d5092c11f get_random: no output on error 
The get_random entry point was allowed to return partial data on both
PSA_SUCCESS and PSA_ERROR_INSUFFICIENT_ENTROPY, but there was no
meaningful difference between the two. Keep it simple: PSA_SUCCESS is
success but can be partial, and PSA_ERROR_INSUFFICIENT_ENTROPY is an
error with no output.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:47:56 +01:00
Gilles Peskine 1ef6ad48d1 Note that I'm not completly sure about the get_entropy flags 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:47:45 +01:00
Gilles Peskine 3eb65fbba6 Open question: should add_entropy take an estimated_entropy_bits parameter? 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:47:45 +01:00
Gilles Peskine b89b4b9025 get_entropy: recommendations on conditioning and entropy estimates 
Explicitly recommend that the driver accounts for environmental
conditions that can affect the amount of entropy.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:47:36 +01:00
Gilles Peskine 05ab2646a3 get_entropy: recommendations on the output_size 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:47:36 +01:00
Gilles Peskine a14326f054 Make add_entropy optional 
A random generation driver does not need to support entropy injection.
This will limit it to platforms where the RNG peripheral is the sole
entropy source and without an RNG seed saved into persistent storage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:47:27 +01:00
Gilles Peskine 390c5a2c6f It is not meaningful for reseed_entropy_size to be 0 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:47:19 +01:00
Gilles Peskine 0e3b7ced4c Don't require a call to add_entropy when 0 bytes are needed 
If an RNG peripheral includes an entropy source, it would presumably
declare "initial_entropy_size" and "reseed_entropy_size" to be 0. In
this case, don't require the core to call "add_entropy".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:47:10 +01:00
Gilles Peskine 5263e1ecdd Transparent drivers can have get_entropy as well 
The `get_entropy` entry point can be provided by multiple transparent
drivers, and the core will call all of them. But apart from that,
`get_entropy` doesn't involve an opaque key or a location, so it can
be in a transparent driver.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:46:58 +01:00
Gilles Peskine e80978a260 Specification for random generation and entropy drivers 
Transparent drivers may provide a DRBG interface through "add_entropy"
and "get_random" entry points. This interface may also be used with a
non-deterministic generator, for chips that include a TRNG.

Opaque driver may provide a "get_entropy" entry point.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:46:42 +01:00
Gilles Peskine 1fc4c8d11b Let get_builtin_key be called to retrieve the key's attributes 
Allow the core to call the "get_builtin_key" entry point to retrieve
the attributes of a built-in key. This is useful to implement
psa_get_key_attributes(), and also when the key data buffer's size
depends on the key type and size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 18:41:50 +01:00
Gilles Peskine a6454d2820 Minor clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 17:01:52 +01:00
Gilles Peskine 48d71f2aa4 New entry point get_builtin_key for opaque drivers 
Allow opaque drivers to expose keys that were not created through the
PSA API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 17:01:37 +01:00
Gilles Peskine 51977355dc Remove the time stamp 
Having a time stamp identifying each revision of the document is
useful, but it's also a pain because it creates a conflict whenever
there are multiple pending changes at the same time. The gain isn't
worth the pain, so I'm removing the time stamp.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 17:01:17 +01:00
Gilles Peskine db6b03b4f2 Remove old-style accelerator and entropy driver interfaces 
The driver interfaces described in crypto_accel_driver.h and
crypto_entropy_driver.h are no longer being worked on. We do not
intend to finish the design of these interfaces or to implement them
in Mbed TLS. They have been superseded by the unified driver
interface (docs/proposed/psa-driver-interface.md), which is being
actively worked on both to finalize the specification and to implement
it in Mbed TLS.

The partially implemented dynamic secure element interface is staying
for now.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-30 17:37:14 +01:00
Gilles Peskine e533ff7bb7
Merge pull request #3695 from gilles-peskine-arm/psa-unified-driver-specs-20200918 
PSA unified driver specification: key validation and transparent key import
 2020-11-30 15:54:45 +01:00
Gilles Peskine f0a9721c18 Use GitHub-compatible table formatting 
Also fix a stray `.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-26 10:31:32 +01:00
Gilles Peskine 4228671d0f Copyediting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-24 13:11:31 +01:00
Gilles Peskine 99e52f6313 Clarifications around key import 
Rework the section describing key import, in particular to clarify key
size determination and checking. There is no intended semantic change.

Note an open question around support for implementation-specific
import formats.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-24 13:11:31 +01:00
Gilles Peskine 28b3a946e9 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-24 13:08:30 +01:00
Gilles Peskine 662deb38d6
Merge pull request #3547 from ronald-cron-arm/psa-openless 
Openless PSA crypto APIs implementation
 2020-11-20 18:48:33 +01:00
Gilles Peskine 406a5da4ab
Merge pull request #3697 from gilles-peskine-arm/psa-conditional-inclusion-c-project 
PSA C configuration: more concrete information
 2020-11-19 13:28:10 +01:00
Gilles Peskine 43818f8614 Copyediting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-19 11:24:11 +01:00
Gilles Peskine d8c27ccab0 Fix copypasta; minor wording improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-16 21:44:23 +01:00
Gilles Peskine bb483f6af8 Improve explanations around config_psa.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-16 14:35:12 +01:00
Gilles Peskine 198024cd02 Note that application code needs PSA_WANT_xxx too 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-16 12:04:40 +01:00
Gilles Peskine 1b1f3fb96d Minor clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-16 12:02:01 +01:00
Gilles Peskine 9e069070de Fix typos 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-16 10:26:01 +01:00
Gilles Peskine 993c249242 Add a section explaining the uses of PSA_WANT_xxx 
PSA_WANT_xxx is useful regardless of how the symbols are defined:
explicitly (with MBEDTLS_PSA_CRYPTO_CONFIG) or implicitly (without
MBEDTLS_PSA_CRYPTO_CONFIG).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-13 22:45:13 +01:00
Gilles Peskine b2679984d9 Note that crypto_sizes.h needs config_psa.h as well 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-13 22:37:19 +01:00
Ronald Cron cf56a0a320 psa: Move from key handle to key identifier 
Move all the PSA crypto APIs using key handles
to use key identifiers but psa_key_open() and
psa_key_close(). This is done without modifying
any test as key handles and key identifiers are
now the same.

Update the library modules using PSA crypto APIs
to get rid of key handles.

Programs and unit tests are updated to not use
key handles in subsequent commits, not in this
one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2020-11-10 16:00:41 +01:00
Gilles Peskine 7b5e6b9dcc Typos and clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-04 18:30:01 +01:00
Gilles Peskine ce3ec6ffd6 Unify the sections on key creation 
Now that transparent drivers have an "import_key" entry point, the key
creation interfaces for transparent drivers and opaque drivers are
very similar. Unify the sections that describe their behavior,
including key validation and key size determination.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-10-27 18:31:50 +01:00
Gilles Peskine 12760595e7 Replace validate_key by import_key 
When importing a transparent key, the key needs to be not only
validated, but also possibly converted, if it is not already in the
canonical representation. So change the validate_key entry point to an
import_key entry point.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-10-26 18:07:01 +01:00
Torstein Nesse d9246559ca Update changelog entry, format specification, and correct test vectors 
Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
 2020-10-21 11:17:09 +02:00
Gilles Peskine 48584b589f Editorial fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-10-13 19:07:02 +02:00
Gilles Peskine e4cbb2bb73 Minor clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-10-12 23:39:18 +02:00
Gilles Peskine 55687646c8 PSA_WANT_xxx needs to be defined in the old-style config mechanism 
Without MBEDTLS_PSA_CRYPTO_CONFIG, PSA_WANT_xxx needs to be defined,
for the sake of code that calls the PSA API (TLS code, tests, sample
apps).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-10-12 23:23:52 +02:00
Torstein Nesse 162a1104be Changes PSA key storage format to include key bits 
* Stores bits in psa_persistent_key_storage_format.
* psa_load_persistent_key_into_slot still imports plaintext keys which
  ensures that the bits value gets set.
* Updates key specification to match new implementation.
* Expands persistent store and load tests with to check for bits
  attribute.
* Removes bits storage from psa_se_key_data_storage_t.

Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
 2020-10-07 10:54:24 +02:00
Gilles Peskine 233f91d5c1 Add bits output to validate_key and import_key 
When importing a key, the code that parses the input needs to
determine the key size ("bits" attribute). This is specific to import
since other key creation methods require the caller to supply a size.
Therefore, add an extra output parameter `bits` to the "import_key"
entry point for opaque drivers. Likewise, add a `bits` output
parameter to the "validate_key" entry point for transparent drivers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-10-02 18:00:00 +02:00
Gilles Peskine 95434380e1 Detailed architecture of symbol definitions and header inclusion 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-09-21 20:08:51 +02:00
Gilles Peskine a8fc171418 Add validate_key entry point 
Validate transparent keys when they are imported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-09-21 13:54:00 +02:00
Gilles Peskine 27e69b59a5 Fix prototypes of opaque key creation entry points 
The output length parameter was missing.

Reported by Steven Cooreman.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-09-19 00:35:27 +02:00
Gilles Peskine 22270b5048 Fix copypasta punctuation in some function prototypes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-09-19 00:35:07 +02:00
Gilles Peskine 5cb54f7b27
Merge pull request #3542 from gilles-peskine-arm/psa-unified-driver-specs-20200807 
PSA unified driver specification: minor updates
 2020-09-18 22:53:46 +02:00
Janos Follath 2a25904f45
Merge pull request #3568 from hanno-arm/tls13_experimental_key_schedule_1 
TLS 1.3: Add HKDF-based key derivation functionality
 2020-09-16 11:40:06 +01:00
Gilles Peskine dc57c25e30
Merge pull request #3527 from ronald-cron-arm/key-extended-id 
PSA key identifiers rework
 2020-09-15 16:06:06 +02:00
Hanno Becker b11c3097a5 Update state of TLS 1.3 functionality in architecture document 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 10:28:29 +01:00
Gilles Peskine 34b07e7f25 Add a subsection with driver interface terminology 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-09-07 10:28:38 +02:00
Gilles Peskine 6cf4ab8f2f Fix formatting glitch 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-09-07 09:43:16 +02:00
Ronald Cron 71016a9ea7 psa: Rename psa_key_file_id_t to mbedtls_svc_key_id_t 
With PSA crypto v1.0.0, a volatile key identifier may
contain a owner identifier but no file is associated
to it. Thus rename the type psa_key_file_id_t to
mbedtls_svc_key_id_t to avoid a direct link with a
file when a key identifier involves an owner
identifier.

The new type name is prefixed by mbedtls to highlight
that the type is specific to Mbed TLS implementation
and not defined in the PSA Cryptography API
specification.

The svc in the type name stands for service as this
is the key identifier type from the point of view of
the service providing the Cryptography services.
The service can be completely provided by the present
library or partially in case of a multi-client service.

As a consequence rename as well:
. MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER to
  MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
. PSA_KEY_ID_INIT to MBEDTLS_SVC_KEY_ID_INIT
. PSA_KEY_FILE_GET_KEY_ID to MBEDTLS_SVC_KEY_ID_GET_KEY_ID
. psa_key_file_id_make to mbedtls_svc_key_id_make

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2020-09-02 14:27:07 +02:00
Gilles Peskine 2e4062ce17 First go at describing how this can be implemented 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-31 15:41:54 +02:00
Gilles Peskine 54a0ad2012 Note the limitation that you can't exclude multipart support 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-31 15:41:29 +02:00
Gilles Peskine dbd2e3c43f Nicer time stamp format 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-31 15:41:10 +02:00
Gilles Peskine b51f96a7bf Pure C configuration of PSA crypto mechanisms 
Proposed specification for conditional inclusion of cryptographic
mechanism through the PSA API in Mbed TLS.

The inclusion of a mechanism is based on a declaration of boolean
symbols by the application. There is a symbol for each key type or
parametrized key type constructor, and for each algorithm or
parametrized algorithm constructor.

This is work in progress, presented for a first design discussion.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-31 14:45:51 +02:00