strategy.md - OpenGrok cross reference for /third_party/mbedtls/docs/architecture/psa-migration/strategy.md

Lines Matching refs:PK
40 - to avoid a hard/default dependency of TLS, X.509 and PK on
78 PK/X.509/TLS in all places where we currently allow restartable operations.
83    TLS, X.509 or PK. We can try to work around that by calling (the relevant
114 - PK for asymmetric (aka public-key) cryptography (excluding key exchange)
140 This strategy is currently (early 2022) used for all operations in the PK
146 This strategy will probably be used for some time for the PK layer, while we
149 they will need to keep existing in some way. (Also, the PK layer is a good
189 private-key operations in the PK layer - see `mbedtls_pk_setup_opaque()`. This
199 Note: for private key operations in the PK layer, both the "silent" and the
210 - PK (for G1): silently call PSA
211 - PK (for G2): opt-in use of PSA (new key type)
242    operations. (This is G1, and for PK, X.509 and TLS this is controlled by
268 - Step 1 is achieved for most of PK, X.509, and TLS when
281   #5797. It is being done in PK and RSA PKCS#1 v1.5 by PR #6065.
282 - Step 3 was mostly not started at all before 3.2; it is being done for PK by
287 Regarding PK, X.509, and TLS, this is mostly achieved with only a few gaps.
407 The role of the PK/Cipher/MD APIs in user migration
410 We're currently taking advantage of the existing PK layer in order
412 only natural to consider using the same strategy (with the PK, MD and Cipher
437 Another possibility is to keep most or all of the existing API for the PK, MD
455 Note: when it comes to holding public keys in the PK layer, depending on how
457 memory controlled by the PK layer as opposed to a PSA key slot, moving it to a
464 bytes in the X.509 CRT structure, and only moved to a PK context / PSA slot
467 Note: the PK layer actually consists of two relatively distinct parts: crypto
476 those would be in the MD, Cipher and PK compatibility layers mentioned above,
485 API. (The compatibility implementation of the existing PK, MD, Cipher APIs
498 Since some users would probably still be using the compatibility PK layer, it
499 would need a way to easily extract the PSA key ID from the PK context.
513 the low-level crypto APIs and making PK, MD and Cipher optional compatibility