Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DI] Use interruptible ECDH in TLS #7294

Open
mpg opened this issue Mar 15, 2023 · 0 comments
Open

[DI] Use interruptible ECDH in TLS #7294

mpg opened this issue Mar 15, 2023 · 0 comments
Assignees
@paul-elliott-arm
Labels
component-tls enhancement size-l Estimated task size: large (2w+)

Comments

@mpg
Copy link
Contributor

mpg commented Mar 15, 2023
edited by gilles-peskine-arm
Loading

Once PSAhas gained interruptible functions for ECDHE, these functions should be used by TLS when MBEDTLS_USE_PSA_CRYPTO is enabled, in all places that currently support restartable operations using the legacy API (that's currently just 1.2 with the ECDHE-ECDSA key excahnge), in order to avoid feature gaps in PSA-based builds.

This task is to investigate how to achieve that goal, and break the work down in reasonnably-size and testable steps.

Execution of the work will depend on #7293 and the tasks created from it being completed.

Part of the definition of done is to enforce that the EC restart:.*no USE_PSA.* test cases in ssl-opt.sh are executed.
@mpg mpg mentioned this issue Apr 7, 2023
Closed
@mpg mpg mentioned this issue Jun 29, 2023
Closed
@mpg mpg mentioned this issue Oct 23, 2023
Open
9 tasks
@mpg mpg mentioned this issue Dec 28, 2023
Open
@paul-elliott-arm paul-elliott-arm self-assigned this Mar 20, 2024
@paul-elliott-arm paul-elliott-arm added the size-l Estimated task size: large (2w+) label May 17, 2024
gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue Oct 9, 2024
@gilles-peskine-arm
Always enable MBEDTLS_USE_PSA_CRYPTO: ssl-opt.sh
5265bd2 
Remove `MBEDTLS_USE_PSA_CRYPTO` as a test dependency. It's now always on.

```
perl -i -pe 's/^requires_config_enabled MBEDTLS_USE_PSA_CRYPTO\n//' tests/ssl-opt.sh
```

Note that a few test cases remain with
`requires_config_disabled MBEDTLS_USE_PSA_CRYPTO`. This is deliberate:
they are restartable ECDH test cases that should be enabled eventually.
Mbed-TLS#7294

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue Oct 24, 2024
@gilles-peskine-arm
Skip "no USE_PSA" test cases in ssl-opt.sh
7a03ec7 
These test cases are desirable, but they will fail until we resolve
Mbed-TLS#7294 .

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue Oct 30, 2024
@gilles-peskine-arm
Skip "no USE_PSA" test cases in ssl-opt.sh
005370f 
These test cases are desirable, but they will fail until we resolve
Mbed-TLS#7294 .

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@paul-elliott-arm paul-elliott-arm

Labels
component-tls enhancement size-l Estimated task size: large (2w+)
Projects
Mbed TLS 4.0 planning
Status: Planning needed
Mbed TLS Backlog
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mpg @paul-elliott-arm