lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00
Code Activity
19,518 Commits 176 Branches 276 Tags
c5763b5efd34bfe058f05fb224c8553a96e67173
Commit Graph

488 Commits

Author SHA1 Message Date
Dave Rodgman
017a19997a Update references to old Github organisation 
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-03-31 14:43:16 +01:00
Ronald Cron
8f6d39a81d Make some handshake TLS 1.3 utility routines available for TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Gilles Peskine
fdfc10b250 Merge pull request #4408 from gilles-peskine-arm/storage-format-check-mononicity 
Check storage format tests for regressions
 2022-03-07 17:02:34 +01:00
Gilles Peskine
e356f075f5 Merge pull request #5512 from gilles-peskine-arm/psa-driver-interface-tweaks-202201 
PSA driver description spec: minor tweaks to the JSON format
 2022-03-01 20:46:14 +01:00
Gilles Peskine
790f7428d2 Storage format test regressions are now checked mechanically 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-22 19:16:42 +01:00
Jerry Yu
bd19287a8e fix docs issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
adb1869f8d fix document about tls13 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
72a0565e13 docs: Add version support description 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Ronald Cron
87829e5429 Fix documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-14 16:31:33 +01:00
Ronald Cron
4279bac965 Document TLS 1.3 MVP limitation regarding MBEDTLS_USE_PSA_CRYPTO 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-11 15:10:22 +01:00
Manuel Pégourié-Gonnard
c70013e4bc Clarify the trailer field situation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-10 13:16:50 +01:00
Manuel Pégourié-Gonnard
c7f3254379 Clarify a sentence 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-10 13:00:33 +01:00
Manuel Pégourié-Gonnard
58d101b721 Fix a few more typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-10 12:58:09 +01:00
Manuel Pégourié-Gonnard
2c5fbad479 Merge pull request #5004 from mpg/doc-psa-migration 
Document PSA migration strategy
 2022-02-09 12:07:12 +01:00
Manuel Pégourié-Gonnard
839bb8a238 Fix an inaccuracy 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 10:33:41 +01:00
Manuel Pégourié-Gonnard
80759c4917 Fix a few more typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 10:33:11 +01:00
Gilles Peskine
08fb89d251 Require a driver prefix to be non-empty 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-07 16:30:16 +01:00
Gilles Peskine
272ff9c309 Open a namespace for implementation-specific properties 
"IMPLEMENTATION/PROPERTY"

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-07 16:29:18 +01:00
Gilles Peskine
6c3b1a760a Allow comments in driver descriptions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-07 16:29:04 +01:00
Manuel Pégourié-Gonnard
8ebed21216 Fix a few typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-07 10:23:49 +01:00
Manuel Pégourié-Gonnard
539b9a52f9 Fix discussion of RSA-PSS salt length 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-07 10:19:08 +01:00
Manuel Pégourié-Gonnard
2467aed961 Misc updates to testing.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 10:42:30 +01:00
Manuel Pégourié-Gonnard
ce6c0875d1 Misc updates to strategy.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 10:34:20 +01:00
Manuel Pégourié-Gonnard
8e559daaa8 Misc updates to psa-limitations.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 10:26:07 +01:00
Manuel Pégourié-Gonnard
335cbf61da Remove temporary documents 
The dependencies-xxx.md documents where merely a support for study,
now distilled to strategy.md, psa-limitation.md, and tasks-xx.md
and/or github issues.

The tasks-g1.md document has now been fully converted to a list of
github issues.

These documents would quickly become out-of-date and there's little
point in updating them, so it's better to remove them. They're still in
the github history if anyone wants to have a look.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 09:55:45 +01:00
Manuel Pégourié-Gonnard
ec3fd75cbc Update strategy with late 2021 discussion 
Unless I missed something, this should now reflect the current strategy.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:15 +01:00
Manuel Pégourié-Gonnard
5218774efb Add note about HKDF for TLS 1.3 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
ab1d3084b7 Goal 1 tasks are now all reflected on github 
Replace descriptions with links just to double-check nothing has been
forgotten.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
0950359220 Improve "abstraction layers" section 
- fix inaccuracy about PSA hash implementation
- add note about context-less operations
- provide summary

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
a6c601c079 Explain compile-time incompatibilities 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
7497991356 Expand discussion of goals 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
e459be2ed1 Complete discussion of RSASSA-PSS 
Update to latest draft of PSA Crypto 1.1.0: back to strict verification
by default, but ANY_SALT introduced.

Commands used to observe default values of saltlen:

    openssl genpkey -algorithm rsa-pss -out o.key
    openssl req -x509 -new -key o.key -subj "/CN=CA" -sha256 -out o.crt

    certtool --generate-privkey --key-type rsa-pss --outfile g.key
    certtool --generate-self-signed --load-privkey g.key --outfile g.crt

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
f5ee4b3da4 Add data about RSA-PSS test files 
Data gathered with:

    for c in server9*.crt; do echo $c; openssl x509 -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in crl-rsa-pss-*; do echo $c; openssl crl -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in server9.req.*; do echo $c; openssl req -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done

Unfortunately there is no record of how these files have been generated.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b902164cf0 Add temporary list of tasks for G1 and G2 
Work in progress, some tasks have very explicit definitions and details
on how to execute, others much less so; some may need splitting.

These documents are temporary anyway, to give a rough idea of the work
remaining to reach those goals (both of which we started, but only for
some use case so far). Ultimately the result will be actionable and
estimated tasks on github.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
d9edd56bf8 Document PSA limitations that could be problems 
(WIP: the study of RSA-PSS is incomplete.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b89fd95146 Document the general strategy for PSA migration 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
1b52d09494 Document test strategy for USE_PSA_CRYPTO 
Note: removed `mbedtls_x509write_crt_set_subject_key()` from the list of
things that should be tested, as it's taking public key rather than a
keypair.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
0d0a104b2d Add study for TLS/X.509 dependencies on crypto 
This is an updated version of the study that was done a few years ago.

The script `syms` was used to list symbols form libmbedtls.a /
libmbedx509.a that are defined externally. It was run with config.py
full minus MBEDTLS_USE_PSA_CRYPTO minus
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:00 +01:00
Archana
21b20c72d3 Add Changelog and update documentation 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-19 10:35:15 +05:30
Archana
c08248d650 Rename the template file from .conf to .jinja 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-19 10:35:15 +05:30
Archana
a8939b6da3 Restructure scripts' folder alignment 
Moved python script generate_driver_wrappers.py under scripts and
corresponding template file under script/data_files.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-18 12:57:15 +05:30
Archana
1f1a34a226 Rev 1.0 of Driver Wrappers code gen 
The psa_crypto_driver_wrappers.c is merely rendered with no real
templating in version 1.0.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-18 12:22:06 +05:30
Ronald Cron
b1822efe22 docs: TLS 1.3: Improve wording 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 14:28:13 +01:00
Ronald Cron
7aa6fc1992 docs: TLS 1.3: Update prototype upstreaming status 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:22:21 +01:00
Ronald Cron
653d5bc781 docs: TLS 1.3: Swap prototype upstreaming status and MVP definition 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:22:21 +01:00
Ronald Cron
43ffc9d659 docs: TLS 1.3: Update TLS 1.3 documentation file name 
Update TLS 1.3 documentation file name and its
overview section.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:22:21 +01:00
Ronald Cron
0abf07ca2c Make PSA crypto mandatory for TLS 1.3 
As we want to move to PSA for cryptographic operations
let's mandate PSA crypto from the start.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:22:21 +01:00
Dave Rodgman
d7c091060f Merge pull request #5242 from paul-elliott-arm/explain_TLS13_decision 
TLS1.3: Edit docs to explain not changing curve order.
 2021-12-07 11:01:04 +00:00
Paul Elliott
cce0f5a085 Fix typo 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-03 16:13:30 +00:00
Paul Elliott
c0d335bc1e Second draft of explanation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-02 16:38:05 +00:00