eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Goal 1 tasks are now all reflected on github

Browse source 
Replace descriptions with links just to double-check nothing has been
forgotten.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2022-01-17 10:47:24 +01:00
parent 0950359220
commit ab1d3084b7
1 changed files with 29 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

96
docs/architecture/psa-migration/tasks-g1.md
View file

@ -14,54 +14,31 @@ Hashes
### Use `psa_hash` in all of X.509 ### Use `psa_hash` in all of X.509
Conditionally on `MBEDTLS_USE_PSA_CRYPTO`, replace all remaining calls to https://github.com/ARMmbed/mbedtls/issues/5157
`mbedtls_md()` or `mbedtls_sha1_ret()` by calls `psa_hash` functions, namely:
- replace `mbedtls_md()` in `x509_crt_verifycrl()` in `x509_crt.c`
- replace `mbedtls_md()` in `mbedtls_x509write_crt_der()` in `x509write_crt.c`
- replace `mbedtls_sha1_ret() in
`mbedtls_x509write_crt_set_subject_key_identifier()` in `x509write_crt.c`
- replace `mbedtls_sha1_ret() in
`mbedtls_x509write_crt_set_authority_key_identifier()` in `x509write_crt.c`
- already done in `x509_crt_check_signature()` in `x509_crt.c`, but might
want to replace multi-part with single-part.
- already done in `mbedtls_x509write_csr_der_internal()` in
`x509write_csr.c`, but might want to replace multi-part with single-part.
HMAC HMAC
---- ----
### Variable-time HMAC in TLS record protection ### Variable-time HMAC in TLS record protection
- This is about the calls to `mbedtls_md_hmac_xxx()` in https://github.com/ARMmbed/mbedtls/issues/5177
`mbedtls_ssl_decrypt_buf()` and `mbedtls_ssl_encrypt_buf()`, but excludes the
call in `mbedtls_ssl_cf_hmad()` (which it its own task).
- Might need to change the `transform` structure to hold a PSA context instead
of an MD context. Note: might keep the MD context in parallel until the
constant-time part is done as well.
TODO: study this better so it can be estimated.
### Constant-time HMAC in TLS record protection ### Constant-time HMAC in TLS record protection
This is `mbedtls_ssl_cf_hmac()`. The PSA code might look a bit different as https://github.com/ARMmbed/mbedtls/issues/5178
we'll probably need to store the HMAC key somewhere and compute the ipad/opad
explicitly instead of using (the internals of) the MD layers for that.
TODO: study this better so it can be estimated.
Ciphers Ciphers
------- -------
### Use PSA for all cipher operations in TLS ### Use PSA for all cipher operations in TLS
- extend existing `mbedtls_cipher_setup_psa()` and related code to support https://github.com/ARMmbed/mbedtls/issues/5181
other ciphers than AES that can be used in TLS: ARIA (depends on #4959), https://github.com/ARMmbed/mbedtls/issues/5182
Camellia, ChachaPoly. https://github.com/ARMmbed/mbedtls/issues/5203
- extend unit-testing in `test_suite_cipher` to test those new ciphers as https://github.com/ARMmbed/mbedtls/issues/5204
AES-based cipher are already tested https://github.com/ARMmbed/mbedtls/issues/5205
- remove the fallback mechanism in all places where `cipher_setup_psa()` is https://github.com/ARMmbed/mbedtls/issues/5206
called from TLS code
- expand use of `run_test_psa()` in `ssl-opt.sh`
Asymmetric crypto Asymmetric crypto
================= =================
@ -71,82 +48,67 @@ ECDSA
### Make `mbedtls_pk_sign()` use PSA for ECDSA operations ### Make `mbedtls_pk_sign()` use PSA for ECDSA operations
- This is already done with `PK_OPAQUE` contexts, but this task is about doing https://github.com/ARMmbed/mbedtls/issues/5274
it for regulard `ECKEY`/`ECDSA` contexts.
- May share some code (transcoding) with the exist support for `PK_OPAQUE`
contexts
RSA signature (and verification) RSA signature (and verification)
-------------------------------- --------------------------------
### Make `mbedtls_pk_sign()` use PSA for RSA operations ### Make `mbedtls_pk_sign()` use PSA for RSA operations
- with regular `PK_RSA` context https://github.com/ARMmbed/mbedtls/issues/5162
- only PKCS#1 v1.5 for this task
- similar to what's done for ECDSA, except no need for transcoding (I think)
### Make `mbedtls_pk_verify()` use PSA for RSA operations ### Make `mbedtls_pk_verify()` use PSA for RSA operations
- with regular `PK_RSA` context https://github.com/ARMmbed/mbedtls/issues/5159
- only PKCS#1 v1.5 for this task
- similar to what's done for ECDSA, except no need for transcoding (I think)
### Make `mbedtls_pk_verify_ext()` use PSA for RSA operations ### Make `mbedtls_pk_verify_ext()` use PSA for RSA operations
- with regular `PK_RSA` context https://github.com/ARMmbed/mbedtls/issues/5333 (partial)
- this is for RSA-PSS https://github.com/ARMmbed/mbedtls/issues/5277 (futher)
- similar to what's done for ECDSA, except no need for transcoding (I think)
- acceptable to enforce that all hashes are equal in the parameters (as
imposed by the PSA API) and reject the signature otherwise
- then need to check if all X.509 tests still pass, and if some don't, make
them depend on `!MBEDTLS_USE_PSA_CRYPTO`
RISK: see `psa-limitations.md`
RSA en/decryption RSA en/decryption
----------------- -----------------
### Make `mbedtls_pk_encrypt()` use PSA for RSA operations ### Make `mbedtls_pk_encrypt()` use PSA for RSA operations
- with regular `PK_RSA` context
https://github.com/ARMmbed/mbedtls/issues/5161
### Make `mbedtls_pk_decrypt()` use PSA for RSA operations ### Make `mbedtls_pk_decrypt()` use PSA for RSA operations
- with regular `PK_RSA` context https://github.com/ARMmbed/mbedtls/issues/5160
ECDH ECDH
---- ----
Additional:
https://github.com/ARMmbed/mbedtls/issues/5291 (pre clean-up)
https://github.com/ARMmbed/mbedtls/issues/5321 (TLS 1.3)
https://github.com/ARMmbed/mbedtls/issues/5322 (post clean-up)
### Write remaining utilities for ECDH parsing/writing ### Write remaining utilities for ECDH parsing/writing
- PSA only provides an API for the operation, need to parse and write (not a task on its own, part of other tasks)
parameters and public keys to/from grp ID + string of bytes
- need to complete what was done in 4a.1
- testing: positive: extract known-good inputs/outputs from actual handshakes?
- testing: negative: manipulate known-good input to make it invalid
Note: future task in this section depend on this one, but not on each other.
### Use PSA for ECDHE in ECDHE-ECDSA and ECDHE-RSA server-side ### Use PSA for ECDHE in ECDHE-ECDSA and ECDHE-RSA server-side
- may need to separate branches from other ECDHE-based key exchanges https://github.com/ARMmbed/mbedtls/issues/5317
- only server-side (client-side is already done, can be used for inspiration)
### Use PSA for ECDH in ECDHE-PSK (all sides and versions) ### Use PSA for ECDH in ECDHE-PSK (all sides and versions)
- only with non-opaque PSK (support for opaque PSK here is part of G2) https://github.com/ARMmbed/mbedtls/issues/5318
### Use PSA for ECDH in static-ECDH key exchanges ### Use PSA for ECDH in static-ECDH key exchanges
- may require additional utility functions to load from cert to PSA https://github.com/ARMmbed/mbedtls/issues/5319
https://github.com/ARMmbed/mbedtls/issues/5320
FFDH FFDH
---- ----
This may be hard, see `psa-limitations.md` https://github.com/ARMmbed/mbedtls/issues/5287
EC J-PAKE EC J-PAKE
--------- ---------
Use PSA for all EC J-PAKE operations in TLS (both sides). https://github.com/ARMmbed/mbedtls/issues/5275
(TODO: consider how this could be split.)