/mbedtls-latest/library/ |
D | hkdf.c | 68 size_t where = 0; in mbedtls_hkdf_expand() local 148 num_to_copy = i != n ? hash_len : okm_len - where; in mbedtls_hkdf_expand() 149 memcpy(okm + where, t, num_to_copy); in mbedtls_hkdf_expand() 150 where += hash_len; in mbedtls_hkdf_expand()
|
/mbedtls-latest/ChangeLog.d/ |
D | 00README.md | 70 the present tense. Use the imperative where applicable. For example: “Fix a 73 Include GitHub issue numbers where relevant. Use the format “#1234” for an 74 Mbed TLS issue. Add other external references such as CVE numbers where 77 Credit bug reporters where applicable.
|
/mbedtls-latest/docs/ |
D | psa-driver-example-and-guide.md | 10 [Process for Entry Points where auto-generation is implemented](#process-for-entry-points-where-aut… 11 [Process for Entry Points where auto-generation is not implemented](#process-for-entry-points-where… 37 ### Process for Entry Points where auto-generation is implemented 48 ### Process for Entry Points where auto-generation is not implemented 50 …ntry points are not present in the table, a different process is followed where the developer manu… 180 … config, p256-m's implementations of key generation, ECDH, and ECDSA will be used where applicable.
|
D | tls13-early-data.md | 33 where ssl is the SSL context to use, data_to_write the address of the data 158 For example, a typical code to establish a TLS connection, where ssl is the SSL
|
D | driver-only-builds.md | 1 This document explains how to create builds of Mbed TLS where some 75 work in the same way as if the mechanisms where built-in, except as documented 194 `mbedtls/build_info.h` where xxx can take the same values as for 207 - `MBEDTLS_PK_PARSE_EC_COMPRESSED` - support for parsing ECC keys where the 209 - `MBEDTLS_PK_PARSE_EC_EXTENDED` - support for parsing ECC keys where the
|
D | psa-transition.md | 15 1. [Where can I find documentation?](#where-can-i-find-documentation) 37 * Mbed TLS legacy APIs require passing around a random generator argument where needed. This has hi… 84 …ze of a buffer containing a hash, you can use `PSA_HASH_LENGTH(hash_alg)` where `hash_alg` is a sp… 267 All PSA APIs have algorithm agility, where the functions depend only on the nature of the operation… 343 …functions for encryption and decryption, while the PSA API has separate functions where applicable. 369 For a one-shot operation (where the whole plaintext or ciphertext is passed as a single input), the… 396 …crypt_ext` or `mbedtls_cipher_auth_decrypt_ext` for a one-shot operation (where the whole plaintex… 454 …_types/#group__crypto__types_1ga70f397425684b3efcde1e0e34c28261f)`(hash)` where `hash` is the unde… 531 …functions for encryption and decryption, while the PSA API has separate functions where applicable. 614 …73c2f829a6d99252d69). For PBKDF2-HMAC, select `PSA_ALG_PBKDF2_HMAC(hash)` where `hash` is the unde… [all …]
|
/mbedtls-latest/docs/architecture/psa-migration/ |
D | psa-legacy-bridges.md | 15 * [OPEN] Open question: a specific aspect of the design where there are several plausible decisions. 25 …rom the legacy API to the PSA API. Mbed TLS 4.0 will be the first version where the PSA API is con… 63 * Manipulating data formats, other than keys, where the PSA API is lacking. 73 …specially enums and functions) that they provide, listing PSA equivalents where they exist. There … 78 Based on “[Where mixing happens](#where-mixing-happens)”, we focus the gap analysis on two topics: … 147 There are several scenarios where an application has a legacy key pair or public key (`mbedtls_pk_c… 149 Reasons for first creating a legacy key object, where it's impossible or impractical to directly cr… 151 * A very common case where the input is a legacy key object is parsing. PSA does not (yet) have an … 164 There are several scenarios where an application has a PSA key and needs to use it through an inter… 211 * Mention it where relevant in the PSA transition guide. [all …]
|
D | strategy.md | 18 implemented, see `docs/use-psa-crypto.md`, where new APIs are about (G2), and 84 PK/X.509/TLS in all places where we currently allow restartable operations. 147 layer; the MD layer uses a variant where it dispatches to PSA if a driver is 193 There are two variants of this strategy: one where using the new setup 270 work is divided into PRs, sometimes not. For example, in situations where it's 353 There is however a risk, especially in step 3 where we change how dependencies 380 to reduce the number of places where library code needs to be changed. It's
|
D | md-cipher-dispatch.md | 56 … to use PSA interfaces under the hood, without breaking code in the cases where this doesn't work.… 59 * In many scenarios, where a PSA driver is available, this allows removing the software implementat… 80 …sa_xxx` functions. Rather, the goal is to make more code call PSA drivers where available. How dis… 195 …not initialized yet, and Mbed TLS uses a custom implementation of PSA ITS where the file system is… 231 …the [the cases where PSA is not possible](#why-psa-is-not-always-possible): either make sure the c… 264 …plausible use cases where only the server has access to an accelerator so it's best to call the se… 266 …tant that the call fails. At the time of writing, I can't think of a case where we would want to g… 269 Note that it's a bit tricky to determine which algorithms are available. In the case where there is…
|
/mbedtls-latest/docs/architecture/ |
D | alternative-implementations.md | 28 On platforms where a hardware cryptographic engine is present, you can implement a driver for this … 37 * Enable `MBEDTLS_XXX_ALT` in the compile-time configuration where XXX is the module name. For exam… 45 …ld normally be `struct` types). This section lists some known limitations where the context type n… 52 …ble, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`,…
|
D | mbed-crypto-storage-specification.md | 112 …where there is no concept of key owner (in particular, in library integrations), the key identifie… 117 * PSA service integration: the key file name is `(uint64_t)owner_uid << 32 | key_id` where `key_id`… 260 All integers are encoded in little-endian order in 8-bit bytes except where otherwise indicated. 319 All integers are encoded in little-endian order in 8-bit bytes except where otherwise indicated. 401 …where there is no concept of key owner (in particular, in library integrations), the key identifie… 406 * PSA service integration: the key file name is `(uint64_t)owner_uid << 32 | key_id` where `key_id`… 410 All integers are encoded in little-endian order in 8-bit bytes except where otherwise indicated.
|
D | psa-keystore-design.md | 71 …e and RAM consumption are larger. This is intended for higher-end devices where applications are n… 79 The static key store could become a runtime decision, where only keys larger than some threshold re… 81 …e slot. This pushed towards the slice-based organisation described below, where each slice is allo… 124 * Allocating a key takes amortized $O(1)$ time. Usually the time is $O(s)$ where $s$ is the number … 125 …ion are likely to involve calls to `free()` which may total $O(k)$ memory where $k$ is the maximum… 137 …parate bit positions. That is, `key_id = BASE | slice_index | slot_index` where the bits set in `B…
|
D | psa-storage-resilience.md | 15 …point in time, the system is either in a state where the function has not started yet, or in a sta… 17 …sequence has been performed. For example, there will never be a situation where $M_2$ has been per… 30 …n that was previously passed to `set()`. We do not try to handle the case where a file might be pa… 107 …writes are likely to dominate the runtime in some hardware configurations where storage writes are… 117 …on must transform the internal storage from a state where file `id` does not exist, to a state whe… 156 …`"get_key_attributes"` entry point. Recovery means resuming the operation where it left off. For k… 211 …t. This means following the destruction process, starting after the point where the key has been a… 236 …t. This means following the destruction process, starting after the point where the key has been a… 307 …rios, each with their own invariant: one where the transaction list contains only key identifiers,…
|
D | psa-shared-memory.md | 6 This document discusses the security architecture of systems where PSA API functions might receive … 21 …where our PSA Crypto implementation is running inside one partition, called the **crypto service**… 23 …r a way to do it. (Even systems that have absolute thread priorities, and where crypto has a highe… 35 … for in terms of values of inputs and outputs. This models an ideal world where the content of inp… 130 …his chapter, we will discuss how to implement this high-level requirement where it belongs: inside… 257 …e must only be reviewed for correctness in one place, rather than in all functions where it occurs. 293 Proposed general idea: have tests where the test code calling API functions allocates memory in a c… 384 Note: We are focusing on read-read inconsistencies for now, as most of the cases where we aren't co… 616 …copying is specific to systems where shared memory is passed to PSA functions, it is useful to be … 668 Poisoning code is added to these test wrappers where relevant in order to pre-poison and post-unpoi…
|
/mbedtls-latest/ |
D | BRANCHES.md | 9 this is where the next major version of Mbed TLS (version 4.0) is being 57 * Changing which error code is returned in a case where multiple error 63 There are rare exceptions where we break API compatibility: code that was
|
D | ChangeLog | 73 starting with Mbed TLS 2.17) and, where relevant, `pk.h`. 120 * Fix rare concurrent access bug where attempting to operate on a 151 Crypto, where it never worked. Fixes #9311. 154 * Fixes an issue where some TLS 1.2 clients could not connect to an 169 * Fixed a regression introduced in 3.6.0 where the CA callback set with 173 * Fixed a regression introduced in 3.6.0 where clients that relied on 181 * Fixed a regression introduced in 3.6.0 where context-specific certificate 507 MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR, where xxx is either ECC or RSA, 527 and only in builds where MBEDTLS_MD_C was disabled; in particular the 584 MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy (where xxx is either ECC, RSA [all …]
|
D | CONTRIBUTING.md | 35 …ruption to users, where a change to the interface is required, all changes to the ABI or API, even… 91 All new files should include the standard SPDX license identifier where possible, i.e. "SPDX-Licens…
|
/mbedtls-latest/tests/suites/ |
D | test_suite_net.function | 79 * platforms with a Unix-like select() function, which is where 121 * is problematic on the particular platform where the code is running,
|
D | test_suite_psa_crypto_storage_format.function | 100 /* We test some configurations using drivers where the driver doesn't 105 * Hash-and-sign algorithms where the asymmetric part doesn't use
|
D | test_suite_gcm.function | 511 // Only testable on platforms where sizeof(size_t) >= 8. 528 // Only testable on platforms where sizeof(size_t) >= 8. 567 // Only testable on platforms where sizeof(size_t) >= 8
|
D | test_suite_ctr_drbg.function | 49 * where nonce||perso = nonce[nonce->len] */ 460 // test all increments from 2^n - 1 to 2^n (i.e. where we roll over into the next bit)
|
D | test_suite_bignum_core.function | 50 /* A == B, so test where A and B are aliased */ 121 /* A == B, so test where A and B are aliased */ 321 // Construct a test input value where the count of leading zeros and 1218 * `1 + N_limbs * (welem + 3)`, where welem is the number of elements in 1297 /* We are testing A - b, where A is an MPI and b is a scalar, expecting
|
/mbedtls-latest/docs/architecture/testing/ |
D | psa-storage-format-testing.md | 23 … the storage format by creating test cases under a version V of Mbed TLS, where the test case para… 31 Use a similar approach for files other than keys where possible and relevant. 66 Objective: test the format of the key file: which field goes where and how big it is.
|
D | driver-interface-test-strategy.md | 129 …river B, with one run where A returns `PSA_SUCCESS`, one where A returns `PSA_ERROR_NOT_SUPPORTED`…
|
/mbedtls-latest/docs/proposed/ |
D | psa-driver-interface.md | 311 …e independent drivers. This also happens when deriving an asymmetric key, where processing the sec… 402 …es of `buffer` with the specified input and sets `*buffer_length` to *N*, where *N* is the length … 443 …ivation_output_key"`](#key-derivation-driver-outputs), i.e. for key types where the derived key ma… 502 * For a call to `psa_key_derivation_output_key()` where the derived key is in a secure element, cal… 506 Key derivation is said to be *raw* for some key types, where the key material of a derived (8×*n*)-… 546 * `PSA_KEY_TYPE_ECC_KEY_PAIR(…)`, `PSA_KEY_TYPE_DH_KEY_PAIR(…)`: $m$ bytes, where the bit-size of t… 556 To implement a call to `psa_key_derivation_key_agreement()` where the private key is in a secure el… 699 * `output` buffer where the output is to be written. 752 * `output` Buffer where the implicit key is to be written. 832 …ure. Drivers should return a conservative estimate, even in circumstances where the quality of the… [all …]
|