Lines Matching refs:a

6a migration strategy for code that is not subject to `MBEDTLS_USE_PSA_CRYPTO`, is currently using …
10 This is complementary to the main [strategy document](strategy.html) and is intended as a refinemen…
12 …rategy and the current one is that in this work, we are not treating PSA as a black box. We can ch…
20 As a developer of an application that uses Mbed TLS's interfaces (including legacy crypto),  
26 As a developer of library code that uses Mbed TLS to perform cryptographic operations,  
34 As a vendor of a platform with hardware acceleration for some crypto,  
35 I want to build Mbed TLS in a way that uses my hardware wherever relevant,  
38 As a vendor of a platform with hardware acceleration for some crypto,  
44 As a maintainer of Mbed TLS,  
48 As a maintainer of Mbed TLS,  
58 * Where a PSA driver is available, it likely has better performance, and sometimes better security,…
59 * In many scenarios, where a PSA driver is available, this allows removing the software implementat…
64 Traditionally, to determine whether a cryptographic mechanism was available, you had to check wheth…
68 …Those interfaces can change, but we should minimize disruption by providing a transition path for …
76 …hough this wouldn't be considered a backward compatibility break anyway, since we don't promise th…
80 It is not a goal at this stage to make more code directly call `psa_xxx` functions. Rather, the goa…
92 …(#why-psa-is-not-always-possible). This effectively brings those modules to a partial use-PSA beha…
93a covered module calls a non-covered module which calls another module, for example X.509 calling …
100a hash for PSS/OAEP, and needing to know the hash length in PKCS1v1.5 sign/verify), …). These need…
113 … cryptographic operations which, in the long term, will be provided through a PSA interface, but c…
191 Here are some reasons why calling `psa_xxx()` to perform a hash or cipher calculation might not be …
194 * There is a PSA driver which has not been initialized (this happens in `psa_crypto_init()`).
195 * For ciphers, the keystore is not initialized yet, and Mbed TLS uses a custom implementation of PS…
198 …the crypto service, or the local implementation is faster because it avoids a costly remote proced…
202a hash. If `mbedtls_rsa_rsassa_pss_sign()` is called directly by application code, it is supposed …
206 * must call PSA if called by a module in the PSA domain;
207 * must not call PSA (or must have a fallback) if their caller is not in the PSA domain and the PSA …
217 …“Classification of callers”](#classification-of-callers)), how do we handle a cryptographic mechan…
220 * How to decide whether a specific algorithm or key type is supported (eventually based on `MBEDTLS…
224 We need a way to decide this based on the available information:
231 …ed, or (where allowed by backward compatibility) document a behavior change and, preferably, a wor…
235 Let us work through the example of RSA-PSS which calculates a hash, as in [see issue \#6497](https:…
242a parameter of type `mbedtls_md_type_t`. (More generally, all mixed-domain modules that take an al…
246 …`. Pass `MBEDTLS_MD_SHA256` and `md` will dispatch to the legacy code, pass a new constant `MBEDTL…
252 Here we try to answer the question: As a caller of RSA-PSS via `rsa.h`, how do I know whether it ca…
254 * For a caller in the legacy domain: if e.g. `MBEDTLS_SHA256_C` is enabled, then I want RSA-PSS to …
255 * For a caller in the PSA domain: if e.g. `PSA_WANT_ALG_SHA_256` is enabled, then I want RSA-PSS to…
256 * For a caller in the mixed domain: requirements depend on the caller. Whatever solution RSA has to…
266 …I can't think of a case where we would want to guarantee that if `MBEDTLS_xxx_C` is not enabled, b…
267 …omplicated because the cipher functions require the keystore, and plausibly a cipher accelerator m…
269 Note that it's a bit tricky to determine which algorithms are available. In the case where there is…
273 In this section, we specify a hash metadata and calculation for the [mixed domain](#classification-…
289 …ere is no mandatory relationship between PSA support and legacy support for a mechanism. Users can…
293 …t best a very small amount of code size in the PSA dispatch code. This may be more desirable when …
295 In this analysis, we have not found a compelling reason to require all legacy mechanisms to also be…
304 Requirements: given a hash algorithm,
308 * Set up a multipart operation to calculate the hash. The operation must support update, finish, re…
318 …d_info_t` can become a very thin type. We can't remove the extra function call from the source cod…
319 …s and HMAC optional. The mixed-domain hash interface won't be the full `MBEDTLS_MD_C` but a subset.
344 The primary target is a configuration like TF-M's medium profile, plus TLS with only AEAD ciphersui…
350 - Support for CBC ciphersuites in TLS. (They've been recommended against for a while now.)
354 … is done by using "ECB mode" (which for both Cipher and `aes.h` only allows a single block, contra…
356 …gly suggesting using the same design for both. On the other hand, there are a number of difference…
358 - CTR-DRBG holds a special position in the stack: most users don't care about it per se, they only …
363   - Using AES, Aria or Camellia in a uniform way.
366 …M and CCM may either be a new internal module, or a subset of the existing Cipher API, extended wi…
368 Reasons for making this layer's API a subset of the existing Cipher API:
369 - No need to design, implement and test a new module. (Will need to test the new subset though, as …
371 - No risk for code duplication between a potential new module and Cipher: source-level, and in in p…
374 Possible costs of re-using (a subset of) the existing Cipher API instead of defining a new one:
379 …nces in how the `cipher.h` API is implemented between builds with the full Cipher or only a subset;
382 Prototyping both approaches showed better code size savings and cleaner code with a new internal mo…
390 MD light is a subset of `md.h` that implements the hash calculation interface described in ”[Design…
421 For each hash algorithm, `md.h` defines a macro `MBEDTLS_MD_CAN_xxx` whenever the corresponding has…
426 Note that some algorithms have different spellings in legacy and PSA. Since MD is a legacy interfac…
443 * If at least one hash has a PSA driver, define `MBEDTLS_MD_SOME_PSA`.
444 * If at least one hash has a legacy implementation, defined `MBEDTLS_MD_SOME_LEGACY`.
448 …ontext needs to contain either a legacy module's context (or a pointer to one, as is the case now)…
450 …ext. So for the time being, this specification keeps a pointer. For uniformity, PSA will also have…
472 …ge about `type`. However, when an algorithm is available both via a legacy module and a PSA accele…
482 The implementation needs to convert from a legacy type encoding to a PSA encoding.
497 As a starting point, return 1 if PSA crypto's driver subsystem has been initialized.
499 …psa_can_do_hash` is generally safe: whether it returns 0 or 1, you can call a PSA hash function on…
507 If given an algorithm as an `mbedtls_md_type_t type` (possibly being the `type` field of a `const m…
509 * If there is a PSA accelerator for this hash and `psa_can_do_hash(alg)`, call the corresponding PS…
517 After calling a PSA function, MD light calls `mbedtls_md_error_from_psa` to convert its status code.
523 > If an algorithm has a legacy implementation, it is also available through PSA.
533 Remove hash names from `mbedtls_md_info_t`. Use a simple switch-case or a separate list to implemen…
537 In `mbedtls_md_get_size` and in modules that want a hash's block size, instead of looking up hash m…
558a single implementation. Replace the one in `md.h` by calls to the PSA driver interface. This will…
564 The architecture can be extended to support `MBEDTLS_PSA_CRYPTO_CLIENT` with a little extra work. H…
567a more general function `psa_can_do`) alongside `psa_crypto_init()`. Note that at this point, it w…
601 …lock cipher context contains either a legacy module's context (AES, ARIA, Camellia) or a PSA key i…
603 …ge about `type`. However, when an algorithm is available both via a legacy module and a PSA accele…
610 … 0 otherwise. It is only defined on algorithms that are enabled via PSA. As a starting point, retu…
616 After calling a PSA function, `block_cipher` functions call `mbedtls_cipher_error_from_psa` to conv…