| /mbedtls-3.6.0/docs/architecture/ |
| D | psa-crypto-implementation-structure.md | 1 PSA Cryptography API implementation and PSA driver interface
6 …API specification](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface) d…
8 This document describes the high level organization of the Mbed TLS PSA Cryptography API implementa…
10 ## High level organization of the Mbed TLS PSA Cryptography API implementation
11 In one sentence, the Mbed TLS PSA Cryptography API implementation is made of a core and PSA drivers…
20 ## The Mbed TLS PSA Cryptography API implementation core
22 The core implements all the APIs as defined in the PSA Cryptography API specification but does not …
26 * checking PSA API arguments and translating them into valid arguments for the necessary calls to t…
29 The sketch of an Mbed TLS PSA cryptographic API implementation is thus:
50 …C and those that are only capable of computing a MAC, the psa_mac_verify() API could call first ps…
[all …]
|
| /mbedtls-3.6.0/ |
| D | BRANCHES.md | 10 prepared. It has API changes that make it incompatible with Mbed TLS 2.x,
21 API compatibility in the `master` branch across minor version changes (e.g.
22 the API of 3.(x+1) is backward compatible with 3.x). We only break API
33 We maintain API compatibility in released versions of Mbed TLS. If you have
42 result in an incompatible API or ABI, although features will generally not
47 Note that new releases of Mbed TLS may extend the API. Here are some
49 not considered API compatibility breaks:
62 There are rare exceptions where we break API compatibility: code that was
90 compatibility (same definition as API except with re-linking instead of
|
| D | CONTRIBUTING.md | 33 …, no modifications to their own code should be necessary. To achieve this, API compatibility is ma…
35 …API, even on the main development branch where new features are added, need to be justifiable by e…
37 … the definition of functions in the public interface which will change the API. Instead the interf…
39 …precated functions from the library which will be a breaking change in the API, but such changes w…
43 …API extensions which may introduce issues or change the code size or RAM usage, which can be signi…
47 1. Any change to the library which changes the API or ABI cannot be backported.
48 …bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid…
|
| D | README.md | 6 Mbed TLS includes a reference implementation of the [PSA Cryptography API](#psa-cryptography-api). …
22 Documentation for the PSA Cryptography API is available [on GitHub](https://arm-software.github.io/…
270 PSA cryptography API
273 ### PSA API argument
277 The [PSA cryptography API](https://arm-software.github.io/psa-api/crypto/) provides access to a set…
279 The design goals of the PSA cryptography API include:
281 * The API distinguishes caller memory from internal memory, which allows the library to be implemen…
287 Arm welcomes feedback on the design of the API. If you think something could be improved, please op…
291 Mbed TLS includes a reference implementation of the PSA Cryptography API.
298 …preserve backward compatibility for application code (using the PSA Crypto API), but the code of t…
|
| D | ChangeLog | 30 API changes
84 as PSA does not have an API for restartable ECDH yet.
127 * Add support for PBKDF2-HMAC through the PSA API.
141 configured using the existing API function mbedtls_ssl_conf_groups().
161 * Add support for PBKDF2-CMAC through the PSA API.
169 * Applications using ECC over secp256r1 through the PSA API can use a
392 * Add new API mbedtls_ssl_cache_remove for cache entry removal by
413 ECJPAKE key exchange, using the new API function
487 instead of role in PAKE PSA Crypto API as described in the specification.
569 * Expose the EC J-PAKE functionality through the Draft PSA PAKE Crypto API.
[all …]
|
| /mbedtls-3.6.0/docs/ |
| D | index.rst | 6 Mbed TLS API documentation
17 api/grouplist.rst
18 api/filelist.rst
19 api/structlist.rst
20 api/unionlist.rst
|
| D | use-psa-crypto.md | 9 "New APIs / API extensions" below.
28 - `MBEDTLS_PSA_CRYPTO_C` enables the implementation of the PSA Crypto API.
67 New APIs / API extensions
72 **New API function:** `mbedtls_pk_setup_opaque()` - can be used to
87 using the new API in order to get the benefits; it can then pass the
98 **New API functions:** `mbedtls_ssl_conf_psk_opaque()` and
111 **New API function:** `mbedtls_ssl_set_hs_ecjpake_password_opaque()`.
124 There is a new API function `mbedtls_cipher_setup_psa()` to set up a context
|
| D | redirects.yaml | 5 # 'development' branch. This is because the API token (RTD_TOKEN) is not
10 from_url: /projects/api/en/latest/$rest
11 to_url: /projects/api/en/development/
|
| D | driver-only-builds.md | 27 mechanism through the PSA API in Mbed
32 means the algorithm will be available in the PSA Crypto API.
47 the PSA Crypto API, as well as for use of the PK, X.509 and TLS modules when
83 In such a build, all crypto operations (via the PSA Crypto API, or non-PSA
95 - for code that uses only the PSA Crypto API: `PSA_WANT_ALG_xxx` from
142 In such builds, all crypto operations via the PSA Crypto API will work as
152 - for code that uses only the PSA Crypto API: `PSA_WANT_ECC_xxx` from
219 requested curves. In such builds, only the PSA API is currently tested and
|
| D | 3.0-migration-guide.md | 64 … Mbed TLS 3, the layout of structures is not considered part of the stable API, and minor versions…
407 using the multi-part API.
446 This affects users of the PK API as well as users of the low-level API in the RSA module. Users of …
513 API were removed from version 1.0 of specification. Please switch to the new
531 and explain your need; we'll consider adding a new API in a future version.
536 multi-part operations. Five new API functions have been defined:
540 implement those additional five API functions.
555 ### Change the API to allow adding critical extensions to CSRs
560 The API is changed to include the parameter `critical` which enables marking an
623 PSA crypto API. If you have a use case that's not covered yet by this API,
[all …]
|
| D | Makefile | 22 rm -rf ./api
32 rm -rf ./api
34 breathe-apidoc -o ./api ../apidoc/xml
|
| /mbedtls-3.6.0/library/ |
| D | mps_common.h | 27 * expected abstract state at the entry of API calls.
29 * Context: All MPS API functions impose assumptions/preconditions on the
32 * calls to the MPS API which satisfy their preconditions and either succeed,
39 * notion of abstract state that the API operates on. For example, all layers
46 * it's a design choice whether the API should fail gracefully on such
50 * is part of the API preconditions or not: If the option is set,
56 * is included in the preconditions of the respective API calls, and
71 * is used within the bounds of its API and preconditions.
160 /** \brief The type of buffer sizes and offsets used in the MPS API
|
| D | psa_crypto_pake.c | 295 * The PSA CRYPTO PAKE and MbedTLS JPAKE API have a different in mbedtls_psa_pake_output_internal()
298 * The MbedTLS JPAKE API outputs the whole X1+X2 and X2S steps data in mbedtls_psa_pake_output_internal()
299 * at once, on the other side the PSA CRYPTO PAKE api requires in mbedtls_psa_pake_output_internal()
303 * In order to achieve API compatibility, the whole X1+X2 or X2S steps in mbedtls_psa_pake_output_internal()
414 * The PSA CRYPTO PAKE and MbedTLS JPAKE API have a different in mbedtls_psa_pake_input_internal()
417 * The MbedTLS JPAKE API takes the whole X1+X2 or X4S steps data in mbedtls_psa_pake_input_internal()
418 * at once as input, on the other side the PSA CRYPTO PAKE api requires in mbedtls_psa_pake_input_internal()
422 * In order to achieve API compatibility, each X1+X2 or X4S step data in mbedtls_psa_pake_input_internal()
424 * MbedTLS JPAKE API on the last step. in mbedtls_psa_pake_input_internal()
430 * Copy input to local buffer and format it as the Mbed TLS API in mbedtls_psa_pake_input_internal()
|
| /mbedtls-3.6.0/docs/architecture/psa-migration/ |
| D | strategy.md | 12 G4. Have a clean, unified API for Crypto (retire the legacy API).
92 <https://github.com/ARM-software/psa-crypto-api/pull/536> for that).
124 These abstraction layers typically provide, in addition to the API for crypto
140 crypto API.
251 dispatch to PSA, but not the low-level legacy API, for all operations.
254 2. Have users of these algorithms not depend on the legacy API for information
284 ciphers. For example,`ctr_drbg.c` calls the legacy API `mbedtls_aes`.
304 The most satisfying situation here is when we can just use the PSA Crypto API
307 (such as `mbedtls_md_type_t`) in their API and can't assume PSA to be
323 API, or for `MBEDTLS_MD_C && MBEDTLS_SHA256_C` if using the `mbedtls_md` API.
[all …]
|
| D | testing.md | 40 - unit testing of the new API and directly-related APIs - for example:
50 - integration testing of the new API with each existing API which should
53 new API to be used, and one or more tests in `ssl-opt.sh` using that.
56 `x509_csr_check_opaque()` checking integration of the new API with the
73 - unit testing of the new API and directly-related APIs - for example:
82 - however if use of the new API in higher layers involves more logic that
83 use of the old API, specific integrations test may be required
|
| D | psa-limitations.md | 1 This document lists current limitations of the PSA Crypto API (as of version
28 they use the legacy API instead, in order to get restartable behaviour.
30 Things that are in the API but not implemented yet
33 PSA Crypto has an API for FFDH, but it's not implemented in Mbed TLS yet.
44 Currently, the PSA Crypto API can only perform FFDH with a limited set of
57 option, so the current PSA Crypto API is a good match for that. (Not
64 non-trivial API design problem, but most importantly seems backwards, as
72 easy to support in terms of API/protocol, as the server picks the
104 Both the existing `mbedtls_` API and the PSA API support only MGF1 as the
109 ### API comparison
[all …]
|
| /mbedtls-3.6.0/configs/ |
| D | crypto_config_profile_medium.h | 14 * through the PSA Cryptography API (\c psa_xxx() functions).
33 * through the PSA API if and only if they are supported through the
34 * mbedtls_xxx API.
42 * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
61 /* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
77 /* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
88 * SECP224K1 is buggy via the PSA API in Mbed TLS
|
| /mbedtls-3.6.0/include/psa/ |
| D | crypto_config.h | 10 * through the PSA Cryptography API (\c psa_xxx() functions).
29 * through the PSA API if and only if they are supported through the
30 * mbedtls_xxx API.
42 * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
87 /* XTS is not yet supported via the PSA API in Mbed TLS.
98 * SECP224K1 is buggy via the PSA API in Mbed TLS
|
| D | crypto_compat.h | 65 * \note This API is not part of the PSA Cryptography API Release 1.0.0
67 * specification but was removed in the 1.0.0 released version. This API is
122 * \note This API is not part of the PSA Cryptography API Release 1.0.0
124 * specification but was removed in the 1.0.0 released version. This API is
|
| /mbedtls-3.6.0/docs/architecture/testing/ |
| D | driver-interface-test-strategy.md | 21 …ver's methods. All calls to a driver function are triggered by a call to a PSA crypto API function.
27 Many SE driver interface unit tests could be covered by running the existing API tests with a key i…
39 For each API function that can lead to a driver call (more precisely, for each driver method call s…
41 …ey in a secure element that checks that the driver method is called. A few API functions involve m…
52 For each API function that can lead to a driver call (more precisely, for each driver method call s…
55 * If the API function can take parameters that are invalid and must not reach the driver, call the …
60 For each API function that leads to a driver call, call it with parameters that cause a driver to b…
|
| /mbedtls-3.6.0/3rdparty/p256-m/p256-m/ |
| D | README.md | 37 **API design:**
39 - The API is minimal: only 4 public functions.
41 - The API uses arrays of octets for all input and output.
50 public API), one for open-box testing (for unit-testing internal functions,
322 - The public API
334 This layer's API consists of:
353 This layer's API consists of:
371 This layer's API consists of:
391 This layer's API consists of:
397 **Public API.**
[all …]
|
| /mbedtls-3.6.0/programs/hash/ |
| D | md_hmac_demo.c | 2 * MD API multi-part HMAC demonstration.
4 * This programs computes the HMAC of two messages using the multi-part API.
7 * legacy MD API. The goal is that comparing the two programs will help people
8 * migrating to the PSA Crypto API.
88 * the multipart API.
|
| /mbedtls-3.6.0/programs/psa/ |
| D | hmac_demo.c | 2 * PSA API multi-part HMAC demonstration.
4 * This programs computes the HMAC of two messages using the multi-part API.
7 * operations with the legacy MD API. The goal is that comparing the two
8 * programs will help people migrating to the PSA Crypto API.
91 * the multipart API.
|
| /mbedtls-3.6.0/tests/suites/ |
| D | test_suite_chacha20.function | 27 * Test the integrated API
36 * Test the streaming API
51 * Test the streaming API again, piecewise
|
| D | test_suite_poly1305.function | 20 * Test the integrated API
29 * Test the streaming API
43 * Test the streaming API again, piecewise
|
