yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 16:35:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clarify wording of "not covered" section

Browse Source 
The section is about things that are not covered, but some lists are
about things that are covered, which was very confusing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2021-09-24 10:06:04 +02:00 committed by Gilles Peskine
parent 1fa923a5bc
commit b4113bac9a
1 changed files with 24 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
docs/use-psa-crypto.md
View File

@ -153,27 +153,33 @@ This is only a high-level overview, grouped by theme
TLS: key exchanges / asymmetric crypto
--------------------------------------
- RSA: not covered
- DHE-RSA: not covered
- ECDHE-RSA: ECDHE computation client-side only
- ECDHE-ECDSA:
- ECDHE computation client-side
- ECDSA verification both sides
- ECDSA signature (if using `mbedtls_pk_setup_opaque()`)
- PSK: PSA-held keys using `mbedtls_ssl_conf_psk_opaque()`
- DHE-PSK: not covered
- RSA-PSK: not covered
- ECDHE-PSK: not covered
- ECDH-RSA: not covered
- ECDH-ECDSA: not covered
- ECJPAKE: not covered
The following key exchanges are not covered at all:
- RSA
- DHE-RSA
- DHE-PSK
- RSA-PSK
- ECDHE-PSK
- ECDH-RSA
- ECDH-ECDSA
- ECJPAKE
The following key exchanges are only partially covered:
- ECDHE-RSA: RSA operations are not covered and, server-side, the ECDHE
operation isn't either
- ECDHE-ECDSA: server-side, the ECDHE operation isn't covered. (ECDSA
signature generation is only covered if using `mbedtls_pk_setup_opaque()`.)
PSK if covered when the application uses `mbedtls_ssl_conf_psk_opaque()` or
`mbedtls_ssl_set_hs_psk_opaque()`.
TLS: symmetric crypto
---------------------
- some ciphers not supported via PSA yet: ARIA, Camellia, ChachaPoly (silent
fallback to the legacy APIs)
- the HMAC part of the CBC and NULL ciphersuites is not covered
- the HMAC part of the CBC and NULL ciphersuites
- the HMAC computation in `ssl_cookie.c`
X.509
@ -181,6 +187,6 @@ X.509
- most hash operations are still done via the legacy API, except the few that
are documented above as using PSA
- RSA PKCS#1 v1.5 signature generation (from PSA-held keys): not covered
- RSA PKCS#1 v1.5 signature verification: not covered
- RSA-PSS signature verification: not covered
- RSA PKCS#1 v1.5 signature generation (from PSA-held keys)
- RSA PKCS#1 v1.5 signature verification
- RSA-PSS signature verification