1ef1eb234f
Clarify psa_constant_names
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-13 11:09:47 +01:00
5feac959a5
Correct and clarify discussion of AES-CMAC-PRF-128
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-12 19:20:45 +01:00
0308d79a34
Fix some MAC-related function names
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-12 19:20:30 +01:00
9f55e8e442
Add a section about ALT implementations
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-05 22:21:09 +01:00
e5044a0eb2
Add a generic section about key management
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-04 23:17:19 +01:00
32dfaf485c
More information about output buffer sizes
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-04 23:17:19 +01:00
76bc64e101
Diffie-Hellman: several clarifications and corrections
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-04 23:17:19 +01:00
d921391bf4
Note a few things about PAKE (thanks Manuel)
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-04 23:17:19 +01:00
5eeca33749
Use "workflow" rather than "flow" for clarity
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-04 23:17:19 +01:00
06002c5624
typos and minor clarifications
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-04 23:17:19 +01:00
2fffc45feb
fixup! Correct function names prefixes where they diverge from module names
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-04 23:17:16 +01:00
1097d4e731
Minor clarification
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 21:18:10 +01:00
c3fd0958ce
typo
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 21:18:04 +01:00
02112cc9a1
Update PBKDF2 availability for 3.5
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 21:17:55 +01:00
3ea22dcb51
Correct function names prefixes where they diverge from module names
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 21:07:24 +01:00
dbcfc7dd95
Be more informative about "No change"
...
Distinguish between interfaces that won't change in 4.0, and interfaces that
have no PSA equivalent but are likely to change in 4.0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 21:04:06 +01:00
d79854b3f7
That's not what mbedtls_ecdh_get_params does
...
Keep the discussion of how to retrieve information about a key exchange.
This doesn't seem to have equivalent legacy ECDH APIs.
Add a todo item for mbedtls_ecdh_get_params(). At this point I don't know
where it fits.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 14:01:59 +01:00
f7746bdd79
Correct lists of sign/verify functions
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 14:01:44 +01:00
951cf39b3f
Corrections and clarifications around asymmetric key formats
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 14:01:20 +01:00
4d234f1ede
Editorial corrections
...
Fix typos, copypasta, and other minor clarifications.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 13:59:49 +01:00
396a2a3dcb
Explain interruptible operations
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 11:02:06 +01:00
d96aa1b5cd
Say who to contact
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-29 21:13:02 +01:00
dfe6707fc7
Fix typos and make minor style improvements
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-29 21:12:39 +01:00
d372da6201
Expand on the removal of RNG boilerplate
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-28 18:03:53 +01:00
601d3a0bd7
Add links to newly added functions
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-28 18:03:16 +01:00
5403cb340a
typos
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-28 18:03:03 +01:00
677285a299
Clarify "functions that facilitate the transition"
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-28 16:45:50 +01:00
909cf5a3ec
Show how to extract curve information from an ecp_keypair
...
It's not pretty.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-20 23:38:39 +02:00
603f0fca6e
The ECP curve name is the one from TLS, not one we made up
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-20 23:38:21 +02:00
379ff8754d
Cover ecp.h
...
Also correct some statements about rsa/ecp/pk check functions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-15 21:15:21 +02:00
f75e65d90b
Rename PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_USE to ..._BASIC
...
per https://github.com/Mbed-TLS/mbedtls/issues/7439#issuecomment-1592673401
and https://github.com/Mbed-TLS/mbedtls/pull/7774#discussion_r1230658660
State that EXPORT implies BASIC.
Also fix missing `WANT_` parts.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-15 18:39:14 +02:00
5bd4f17e4e
Cover ECDH and DHM
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-15 18:33:30 +02:00
b33d0ac532
Mention self-tests
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-15 18:33:15 +02:00
c7b53f3ab7
Mention mbedtls_psa_get_random
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-13 21:31:53 +02:00
5ad8ca2a5f
Legacy-to-PSA transition guide
...
Covers most modules, but missing most of ecp, ecdh and dhm.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-13 19:52:31 +02:00
265ce7c1da
Merge pull request #5451 from gilles-peskine-arm/psa-driver-kdf-spec
...
PSA drivers: specification for key derivation
2023-06-06 11:37:28 +02:00
f4ba0013e2
Clarify when key derivation entry points are mandatory/permitted
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-05 14:24:14 +02:00
8dd1e623e1
Copyediting
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-05 14:14:41 +02:00
7df8ba6a10
Rework the description of key derivation output/verify key
...
Some of the fallback mechanisms between the entry points were not described
corrrectly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-02 18:16:02 +02:00
dcaf104eef
Note that we may want to rename derive_key
...
... if we think of a better name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-02 18:02:41 +02:00
f96a18edc7
Probably resolve concern about the input size for derive_key
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-02 18:02:15 +02:00
1414bc34b9
Minor copyediting
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-06-02 17:54:32 +02:00
24f52296f1
Key agreement needs an attribute structure for our key
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-05-31 00:44:04 +02:00
e52bff994c
Note possible issue with derive_key: who should choose the input length?
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-05-31 00:43:29 +02:00
b319ed69c4
State explicitly that cooked key derivation uses the export format
...
This is the case for all key creation in a secure element, but state it
explicitly where relevant.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-05-31 00:42:45 +02:00
f787879a14
Clarify sequencing of long inputs
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-05-31 00:42:29 +02:00
d2fe1d5498
Rationale on key derivation inputs and buffer ownership
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-05-31 00:42:17 +02:00
4e94fead86
Key derivation dispatch doesn't depend on the key type
...
At least for all currently specified algorithms.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-05-31 00:40:56 +02:00
66b96e2d87
Copyediting
...
Fix some typos and copypasta. Some very minor wording improvements.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-05-31 00:40:27 +02:00
63df4ec3ca
Merge pull request #7589 from daverodgman/pr4990
...
Replace references to Mbed Crypto (rebase)
2023-05-16 19:14:51 +02:00
