Gilles Peskine
Gilles Peskine
The PSA accelerator driver mechanism, as specified, can handle the accelerated crypto modules that we ship (AESNI, AESCE, SHA256 and SHA512 acceleration on armv8-A). This is only practical once the...
In the PSA client-server build (see https://github.com/Mbed-TLS/mbedtls/issues/8963), disable all client-side crypto. This may turn up problems because the X.509/TLS layers are trying to call low-level crypto functions even when `MBEDTLS_USE_PSA_CRYPTO`...
Enable RSA in the [client-server tests](https://github.com/Mbed-TLS/mbedtls/issues/8963) without enabling `MBEDTLS_RSA_C`. This is a split off https://github.com/Mbed-TLS/mbedtls/issues/8970 + https://github.com/Mbed-TLS/mbedtls/issues/8966, made separate because RSA has its own difficulties (direct reliance of the X.509/TLS...
Revise `MBEDTLS_X509_xxx` options, try to eliminate some. * Do we really need `MBEDTLS_X509_USE_C` and `MBEDTLS_X509_CREATE_C`? CREATE without USE doesn't seem very useful. But needing USE without CREATE is common, so...
Revise the granularity of TLS options: * Drop `MBEDTLS_SSL_TLS_C`, it's an internal detail. * Keep separate options for each extension (except the ones that are tightly coupled with some other...
The fact that certain options are equivalent to enabling the content of one `.c` file is an implementation detail. Furthermore, for an increasing number of options called `MBEDTLS_XXX_C`, this is...
The PSA crypto API has constants `PSA_EXPORT_KEY_PAIR_MAX_SIZE` and `PSA_EXPORT_PUBLIC_KEY_MAX_SIZE` to determine the size of a buffer to export a key pair or a public key respectively. Occasionally, it would be...
The PSA API should provide ways to customize how key material is created from random or pseudorandom inputs, i.e. key generation and key derivation. The scope here is for customizing...
Make a new component in `all.sh` that: 1. Builds the PSA simulator (psasim added in https://github.com/Mbed-TLS/mbedtls/pull/8311). 2. Doesn't build Mbed TLS (that will come later). 3. Runs the PSA simulator...
Our official pylint version (2.4.4 per [`ci.reqiurements.txt`](https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6.0/scripts/ci.requirements.txt)) chokes on `tests/scripts/translate_ciphers.py` when run under Python 3.9–3.11. Python ≤3.8 is fine. ``` $ venv-run venv-3.9 pylint tests/scripts/translate_ciphers.py Traceback (most recent call last):...