Blame - docs/architecture/psa-migration/tasks-g1.md - mirror/mbed-tls

blob: d906bf9ea5ef6dfbe90b250035958d9fdaea657b [file] [log] [blame] [view]

Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	1	This document is temporary; it lists tasks to achieve G1 as described in
				2	`strategy.md` while the strategy is being reviewed - once that's done,
				3	corresponding github issues will be created and this document removed.
				4
				5	For all of the tasks here, no specific testing is expected to be required,
				6	beyond passing the existing tests in a build with `MBEDTLS_USE_PSA_ENABLED`,
				7	see `testing.md`.
				8
				9	Symmetric crypto
				10	================
				11
				12	Hashes
				13	------
				14
				15	### Use `psa_hash` in all of X.509
				16
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	17	https://github.com/ARMmbed/mbedtls/issues/5157
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	18
				19	HMAC
				20	----
				21
				22	### Variable-time HMAC in TLS record protection
				23
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	24	https://github.com/ARMmbed/mbedtls/issues/5177
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	25
				26	### Constant-time HMAC in TLS record protection
				27
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	28	https://github.com/ARMmbed/mbedtls/issues/5178
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	29
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	30
				31	Ciphers
				32	-------
				33
				34	### Use PSA for all cipher operations in TLS
				35
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	36	https://github.com/ARMmbed/mbedtls/issues/5181
				37	https://github.com/ARMmbed/mbedtls/issues/5182
				38	https://github.com/ARMmbed/mbedtls/issues/5203
				39	https://github.com/ARMmbed/mbedtls/issues/5204
				40	https://github.com/ARMmbed/mbedtls/issues/5205
				41	https://github.com/ARMmbed/mbedtls/issues/5206
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	42
				43	Asymmetric crypto
				44	=================
				45
				46	ECDSA
				47	-----
				48
				49	### Make `mbedtls_pk_sign()` use PSA for ECDSA operations
				50
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	51	https://github.com/ARMmbed/mbedtls/issues/5274
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	52
				53	RSA signature (and verification)
				54	--------------------------------
				55
				56	### Make `mbedtls_pk_sign()` use PSA for RSA operations
				57
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	58	https://github.com/ARMmbed/mbedtls/issues/5162
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	59
				60	### Make `mbedtls_pk_verify()` use PSA for RSA operations
				61
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	62	https://github.com/ARMmbed/mbedtls/issues/5159
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	63
				64	### Make `mbedtls_pk_verify_ext()` use PSA for RSA operations
				65
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	66	https://github.com/ARMmbed/mbedtls/issues/5333 (partial)
				67	https://github.com/ARMmbed/mbedtls/issues/5277 (futher)
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	68
				69	RSA en/decryption
				70	-----------------
				71
				72	### Make `mbedtls_pk_encrypt()` use PSA for RSA operations
				73
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	74
				75	https://github.com/ARMmbed/mbedtls/issues/5161
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	76
				77	### Make `mbedtls_pk_decrypt()` use PSA for RSA operations
				78
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	79	https://github.com/ARMmbed/mbedtls/issues/5160
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	80
				81	ECDH
				82	----
				83
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	84	Additional:
				85	https://github.com/ARMmbed/mbedtls/issues/5291 (pre clean-up)
				86	https://github.com/ARMmbed/mbedtls/issues/5321 (TLS 1.3)
				87	https://github.com/ARMmbed/mbedtls/issues/5322 (post clean-up)
				88
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	89	### Write remaining utilities for ECDH parsing/writing
				90
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	91	(not a task on its own, part of other tasks)
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	92
				93	### Use PSA for ECDHE in ECDHE-ECDSA and ECDHE-RSA server-side
				94
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	95	https://github.com/ARMmbed/mbedtls/issues/5317
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	96
				97	### Use PSA for ECDH in ECDHE-PSK (all sides and versions)
				98
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	99	https://github.com/ARMmbed/mbedtls/issues/5318
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	100
				101	### Use PSA for ECDH in static-ECDH key exchanges
				102
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	103	https://github.com/ARMmbed/mbedtls/issues/5319
				104	https://github.com/ARMmbed/mbedtls/issues/5320
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	105
				106	FFDH
				107	----
				108
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	109	https://github.com/ARMmbed/mbedtls/issues/5287
Manuel Pégourié-Gonnard	b902164	2021-10-01 13:16:01 +0200	[diff] [blame]	110
				111	EC J-PAKE
				112	---------
				113
Manuel Pégourié-Gonnard	ab1d308	2022-01-17 10:47:24 +0100	[diff] [blame]	114	https://github.com/ARMmbed/mbedtls/issues/5275