Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DI] Use interruptible ECDH in TLS #7294

Open
mpg opened this issue Mar 15, 2023 · 1 comment
Open

[DI] Use interruptible ECDH in TLS #7294

mpg opened this issue Mar 15, 2023 · 1 comment
Assignees
@paul-elliott-arm
Labels
component-tls enhancement size-l Estimated task size: large (2w+)

Comments

@mpg
Copy link
Contributor

mpg commented Mar 15, 2023
edited by gilles-peskine-arm
Loading

Once PSAhas gained interruptible functions for ECDHE, these functions should be used by TLS when MBEDTLS_USE_PSA_CRYPTO is enabled, in all places that currently support restartable operations using the legacy API (that's currently just 1.2 with the ECDHE-ECDSA key excahnge), in order to avoid feature gaps in PSA-based builds.

This task is to investigate how to achieve that goal, and break the work down in reasonnably-size and testable steps.

Execution of the work will depend on #7293 and the tasks created from it being completed.

Part of the definition of done is to enforce that the EC restart:.*no USE_PSA.* test cases in ssl-opt.sh are executed.
@mpg mpg mentioned this issue Apr 7, 2023
Closed
@mpg mpg mentioned this issue Jun 29, 2023
Closed
@mpg mpg mentioned this issue Oct 23, 2023
Open
9 tasks
@mpg mpg mentioned this issue Dec 28, 2023
Open
@paul-elliott-arm paul-elliott-arm self-assigned this Mar 20, 2024
@paul-elliott-arm paul-elliott-arm added the size-l Estimated task size: large (2w+) label May 17, 2024
@minosgalanakis minosgalanakis moved this to PSA Interruptible ECC (Part 2) in Mbed TLS Epics Jul 31, 2024
@yanesca yanesca moved this to 4.0 - PSA Crypto always on in Mbed TLS Backlog Aug 27, 2024
@yanesca yanesca removed this from Mbed TLS Epics Aug 27, 2024
@yanesca yanesca moved this to Planning needed in Mbed TLS 4.0 planning Aug 29, 2024
gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue Oct 9, 2024
@gilles-peskine-arm
Always enable MBEDTLS_USE_PSA_CRYPTO: ssl-opt.sh
5265bd2 
Remove `MBEDTLS_USE_PSA_CRYPTO` as a test dependency. It's now always on.

```
perl -i -pe 's/^requires_config_enabled MBEDTLS_USE_PSA_CRYPTO\n//' tests/ssl-opt.sh
```

Note that a few test cases remain with
`requires_config_disabled MBEDTLS_USE_PSA_CRYPTO`. This is deliberate:
they are restartable ECDH test cases that should be enabled eventually.
Mbed-TLS#7294

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue Oct 24, 2024
@gilles-peskine-arm
Skip "no USE_PSA" test cases in ssl-opt.sh
7a03ec7 
These test cases are desirable, but they will fail until we resolve
Mbed-TLS#7294 .

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@github-project-automation github-project-automation bot moved this from Planning needed to Done in Mbed TLS 4.0 planning Nov 14, 2024
@davidhorstmann-arm
Copy link
Contributor

GitHub false positive. Closed accidentally by a commit message with the text:

These test cases are desirable, but they will fail until we resolve Mbed-TLS/mbedtls#7294.

@yanesca yanesca mentioned this issue Dec 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@paul-elliott-arm paul-elliott-arm

Labels
component-tls enhancement size-l Estimated task size: large (2w+)
Projects
Mbed TLS 4.0 planning
Status: Done
Mbed TLS Backlog
Status: No status
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mpg @paul-elliott-arm @davidhorstmann-arm