lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00
Code Activity
28,136 Commits 176 Branches 276 Tags
dd1d6a7cca72bd65ac54dba85b1e7bf9a2f4cef3
Commit Graph

269 Commits

Author SHA1 Message Date
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Janos Follath
a365efc6f1 Threading design: fix internal links 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-10-26 10:22:55 +01:00
Janos Follath
54bd71b40f Update operation threading strategy 
The library does not need to provide protection, leave it to the crypto
service.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-10-23 10:30:50 +01:00
Janos Follath
e604269a59 Threading Design: emphasise performance requirement 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-10-23 10:16:58 +01:00
Janos Follath
23f7e41633 Threading design: improve language 
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-10-23 10:11:18 +01:00
Janos Follath
49d467c37d Threading design: update and clarify 3.6 plan 
- Separation of attr and slot state is added
- Driver support is cut back

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-10-20 15:41:40 +01:00
Janos Follath
de0e3e352d Threading design: Update empty slot tracking 
Using a dedicated field allows clean separatin between key attributes
and slot state. This allows us to use the same mechanics for attributes
and key content. Which in turn means lower code size and easier
maintenance.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-10-20 15:12:42 +01:00
Janos Follath
52586895f7 Clarify threading design document structure 
Separate design analysis from plans and make the distinction clear
between what is implemented, what is planned to be implemented soon,
what is planned to be implemented in the future, and what is ideas that
are rejected.

(The distinction between the last two categories doesn't have to be
clear, we can't and shouldn't plan that far ahead.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-10-20 14:26:57 +01:00
Janos Follath
19192a5158 Clarify reentrancy requirements for drivers 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-10-20 13:16:48 +01:00
Janos Follath
d7a39ae21e Add plan for 3.6 to threading design 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-10-17 14:34:26 +01:00
Janos Follath
574100bb0d Add clarifications to thread safety design 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-10-17 12:50:28 +01:00
Janos Follath
811a954383 Add reentrancy section to thread safety design 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-10-17 12:50:21 +01:00
Janos Follath
28b4da954b Add PSA threading design 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-10-10 15:15:55 +01:00
Gilles Peskine
32743619a2 Merge pull request #8114 from yanesca/threading_requirements_update 
Refine thread safety requirements
 2023-10-09 11:22:59 +00:00
Xiaokang Qian
db3035b8bc Fix a typo in psa-crypto-implementation-structure.md 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-09-26 09:09:20 +00:00
Xiaokang Qian
76e55a20dd Change the documenti about psa_crypto_driver_wrappers.c{h} 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-09-26 09:09:20 +00:00
Xiaokang Qian
1198e43644 Change the description of auto-generated driver dispatch files 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-09-26 09:09:20 +00:00
Xiaokang Qian
845693c513 Change comments to psa_crypto_driver_wrappers.h 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-09-26 09:09:20 +00:00
Janos Follath
b4527fbd82 Add clarifications to the threading requirements 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-31 14:01:24 +01:00
Janos Follath
b6954730f0 Fix typo 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-31 13:54:21 +01:00
Janos Follath
35633dd977 Add threading non-requirement 
State explicitly the non-requirement that it's ok for psa_destroy_key to
block waiting for a driver.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-31 08:31:19 +01:00
Janos Follath
15d9ec29be Improve thread safety presentation 
- Use unique section titles so that there are unique anchors
- Make list style consistent between similar sections

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-31 08:22:21 +01:00
Janos Follath
0385c2815c Tighten thread safety requirements 
We shouldn't violate the requirement that the key identifier can be
reused. In practice, a key manager may destroy a key that's in use by
another process, and the privileged world containing the key manager and
the crypto service should not be perturbed by an unprivileged process.

With respect to blocking, again, a key manager should not be blocked
indefinitely by an unprivileged application.

These are desirable properties even in the short term.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-30 16:44:04 +01:00
Janos Follath
7ec993d804 Refine thread safety requirements 
Split and refine short term requirements for key deletion.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-23 16:04:48 +01:00
Gilles Peskine
33291ba35f Merge pull request #5538 from gilles-peskine-arm/psa-thread_safety-doc 
PSA thread safety requirements
 2023-08-10 16:21:55 +02:00
Gilles Peskine
9aa93c8e78 Added a note about new primitives for secure destruction 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-07 16:32:09 +02:00
Gilles Peskine
584bf985f5 Elaborate on psa_destroy_key requirements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-07 16:29:19 +02:00
Gilles Peskine
d3a797710a psa_is_key_slot_occupied: change to using the key identifier 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-02 18:36:06 +02:00
Valerio Setti
ab02d391cb test: use only rev-parse for getting the current branch 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-31 16:47:07 +02:00
Valerio Setti
ccb0344969 test: add GIT alternative commands for older GIT versions 
The Docker container used for the CI has Git version 2.7.4 which
does not support the "git branch --show-current" command since this
was added in version 2.22.
Therefore this commit adds an alternative version for old Git versions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-31 15:07:49 +02:00
Dave Rodgman
e183ecef3d Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases 
Record the outcome of each test case in compat.sh
 2023-07-10 12:08:32 +01:00
Gilles Peskine
0ca2a1f51b Merge pull request #7646 from gilles-peskine-arm/psa-driver-transaction-testing-spec 
Storage resilience with stateful secure elements: design document
 2023-06-29 18:25:52 +02:00
Gilles Peskine
34a201774e More about whether to have the driver key id in the transaction list 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-13 21:11:43 +02:00
Gilles Peskine
009c06b973 Discuss the cost of a get_key_attributes entry point 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-13 21:11:43 +02:00
Gilles Peskine
4e5088476e Finish test strategy 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-30 23:34:07 +02:00
Gilles Peskine
44bbf29597 Write up the transaction/recovery processess 
Still missing: details of part of the testing

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-24 20:35:49 +02:00
Gilles Peskine
76a852f8fb Design document for storage resilience 
Explore possibilities for implementing stateful secure elements with
storage. Choose one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-24 09:37:30 +02:00
Gilles Peskine
63df4ec3ca Merge pull request #7589 from daverodgman/pr4990 
Replace references to Mbed Crypto (rebase)
 2023-05-16 19:14:51 +02:00
Gilles Peskine
7e37aa85a2 Merge pull request #5904 from gilles-peskine-arm/psa-doc-implementing-new-mechanism 
Check list for implementing a new mechanism in PSA crypto
 2023-05-16 14:04:15 +02:00
Gilles Peskine
de4cbc54d3 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-16 12:04:57 +02:00
Fredrik Hesse
95bd5a5004 Minor adjustments after review. 
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
 2023-05-12 15:01:59 +01:00
Fredrik Hesse
0ec8a90d48 Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments. 
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
 2023-05-12 15:00:45 +01:00
Fredrik Hesse
cc207bc379 Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments. 
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
 2023-05-12 14:59:01 +01:00
valerio
0b0486452c improve syms.sh script for external dependencies analysis 
It is now possible to analyze also modules and not only
x509 and tls libraries.

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-04-24 10:34:08 +02:00
Ronald Cron
4d31496294 Update TLS 1.3 documentation and add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
e6e6b75ad3 psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option 
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-03-31 09:07:54 +02:00
Manuel Pégourié-Gonnard
5c8c9e068e Minor improvements 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-29 10:33:03 +02:00
Manuel Pégourié-Gonnard
b38c9c888f Fix a typo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
03cb87ea3c Update psa-limitations.md 
For recent work and latest plans.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
52f7edb6ad Update psa-migration/strategy.md 
- Update for the new hashes strategy, in part by adding references to
md-cipher-dispatch.md
- General update about the status of things since the last update

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:44:59 +01:00