1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-12 08:21:54 +03:00
Commit Graph

87 Commits

Author SHA1 Message Date
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
ab02d391cb test: use only rev-parse for getting the current branch
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-31 16:47:07 +02:00
ccb0344969 test: add GIT alternative commands for older GIT versions
The Docker container used for the CI has Git version 2.7.4 which
does not support the "git branch --show-current" command since this
was added in version 2.22.
Therefore this commit adds an alternative version for old Git versions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-31 15:07:49 +02:00
0b0486452c improve syms.sh script for external dependencies analysis
It is now possible to analyze also modules and not only
x509 and tls libraries.

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-24 10:34:08 +02:00
5c8c9e068e Minor improvements
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-29 10:33:03 +02:00
b38c9c888f Fix a typo
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
03cb87ea3c Update psa-limitations.md
For recent work and latest plans.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
52f7edb6ad Update psa-migration/strategy.md
- Update for the new hashes strategy, in part by adding references to
md-cipher-dispatch.md
- General update about the status of things since the last update

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
c9e0ad23c1 Update design document
- Support for PSA_CRYPTO_CLIENT without PSA_CRYPTO_C is out of scope for
now but might be added later (the architecture supports that).
- While we're using a void pointer for md_ctx, we don't need a union
here; the union will be useful only if & when we remove the indirection.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
6778ddf657 Merge pull request #6549 from gilles-peskine-arm/psa-migration-md-cipher-strategy
Dual-API hash dispatch strategy
2023-02-15 12:50:13 +01:00
91af0f9c0e Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-10 14:31:36 +01:00
ff674d4c6f Typos
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-10 14:31:17 +01:00
199ee456b1 Summarize how to improve MBEDTLS_PSA_CRYPTO_CLIENT
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 12:35:19 +01:00
58e935fc6b add a missing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 12:07:12 +01:00
fad34a4f10 Support all legacy algorithms in PSA
This is not strictly mandatory, but it helps.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-07 20:37:56 +01:00
5a2e02635a Improve a few comments & documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:51:52 +01:00
6bbeba6a44 Add ssl-opt.sh support to outcome-analysis.sh
But make it optional as it makes things much slower.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
222bc85c6c Update outcome analysis script & documentation
Now that the script only makes before-after comparison, it no longer
makes sense to ignore some test suites.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
3e30e1fb19 We haven't actually made hash accelerators initless in 3.3
It seems that it won't be necessary anyway.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:34:17 +01:00
14239c6e2e Switching to PSA can break things with MBEDTLS_PSA_CRYPTO_CLIENT
It's a rare scenario, but it's currently possible: if you use
mbedtls_cipher_xxx() to encrypt the communication between the application
and the crypto service, changing those functions to call PSA will break your
system.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:32:48 +01:00
22db9916fe The PSA cipher/AEAD API requires an initialized keystore
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:32:29 +01:00
143ebcc1d6 PKCS#1v1.5 sign/verify uses hash metadata
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:30:10 +01:00
cb93ac91bb Note that we can tweak the meaning of MBEDTLS_PSA_CRYPTO_CONFIG too
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:29:43 +01:00
d167f16d55 Wording clarifications and typo fixes
No intended meaning change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-13 20:29:15 +01:00
55a188b420 Clarify the "restart vs use PSA" situation in TLS
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
4eefade8bf Sketch some optimizations relevant to MD light
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 23:05:14 +01:00
f634fe10e7 Sketch the work to migrate to MD light
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 23:04:51 +01:00
188e900a6d Specify MD light based on the interface requirements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 23:04:16 +01:00
382b34ca84 Work out the hash interface requirements
Finish working out the RSA-PSS example in terms of what it implies about the
interface. The key takeaway is that a mixed-domain module must support
algorithms if they are available through either interface, and that's all
there is to it. The details of how dispatch is done don't matter, what
matters is only the availability, and it's just the disjunction of
availabilities.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 22:57:18 +01:00
93986645d8 Remove reference vs drivers test from outcome-analysis.sh
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-09 15:06:44 +01:00
c82050efdb Starting to work out the RSA-PSS example
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-08 19:17:58 +01:00
d47ba71676 New strategy: start the analysis
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-07 22:28:26 +01:00
0dc40773d6 Improve comments & messages
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-19 12:12:21 +02:00
d92fb01419 Skip bits not needed in outcome-analysis.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-18 12:10:45 +02:00
b51051f1c7 Cosmetic improvement
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-18 12:10:45 +02:00
f6e6df9dbf Add option for before-after or just ref-drivers
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-18 12:10:45 +02:00
2bb2f15772 Improve driver-only outcome-analysis script
Instead of having a list of test suites of interest, have a list of
suites to ignore and look at all the others.

In order for this to only yield interesting results, we need to tune the
reference configuration a bit, in order to exclude STREAM and ECB to
more closely match the driver-based configuration.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-18 12:10:45 +02:00
138387fc8c Fix some typos, improve wording & formatting
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
d18c24b166 EC J-PAKE is now implemented in PSA
Quite unrelated to the other commits in this branch, but I happened to
spot it, so I fixed it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
c42c7e660e Update documentation in legacy_or_psa.h
- Some things that were indicated as in the near future are now done.
- Clarify when these macros are needed and when they're not.
- Prepare to make the header public.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-15 11:28:24 +02:00
11265d78bb Remove PKCS5 from the ref config in the migration script
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:06:54 -04:00
7bd12c5d5e Remove MD dependency from pkcs12 module
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-01 08:57:41 -04:00
0b86ac1957 Fix typographical errors in .md files found by cspell
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-29 13:44:01 +01:00
68429fc44d Fix a few more typos
Update link while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-27 20:44:02 +02:00
fca4dc6ba6 Clarifications & improved documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-26 10:10:07 +02:00
fb2ed58064 Add notes on steps and testing
Also add example/template script to check for coverage regressions.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-21 13:51:19 +02:00
c8c352c322 Update strategy document to reflect new macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-21 13:35:08 +02:00
bdc8fd630a Suggest strategy for intra-crypto dependencies
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-21 10:19:26 +02:00
8c7b81cdf9 Fix a bunch of typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 12:49:20 +02:00
f88b1b5375 Introduce MBEDTLS_OR_PSA_WANT_xxx helper macros
Currently just replacing existing uses, but the real point of having
these conditions as a single macro is that we'll be able to use them in
tests case dependencies, see next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-15 12:08:14 +02:00