-
Notifications
You must be signed in to change notification settings - Fork 8
File List
Ashish Bokil edited this page Dec 24, 2020
·
113 revisions
File List and per file remarks
- SSL/TLS communication (SSL/TLS)
- TCP/IP communication (TCP/IP)
- Hashing (Hash)
- Random number generation (RNG)
- Symmetric cipher (Cipher)
- Public Key cryptography (PK)
- X.509 public key infrastructure (X.509)
Other. 8. PSA-crypto -- need to figure out if this is an integral part of mbed-TLS (PSA crypto layer on top of Mbed TLS crypto)
| S No | #LOC | File Name | Module/Category | Remarks | Remarks By (github id) | Dependency Graph |
|---|---|---|---|---|---|---|
| 1 | 7579 | ssl_tls.c | ||||
| 2 | 6177 | psa_crypto.c | psa-crypto | PSA crypto layer on top of Mbed TLS crypto | alvg | |
| 3 | 5946 | ssl_msg.c | SSL/TLS | This file contains generic SSL/TLS messaging layer functions (record layer + retransmission state machine). | amanc | |
| 4 | 4573 | ssl_srv.c | SSl/TLS | This file contains SSLv3/TLSv1 server-side functions. | amanc | |
| 5 | 4285 | ssl_cli.c | SSL/TLS | Provides SSL/TLS Client functionalities. Provides functions to connect to an SSL server (write requests ) and parse the SSL responses from server. Not in documentation. Had to read from config.h | shashankatgit | - |
| 6 | 3502 | ecp.c | Public Key | Elliptic-curve cryptography is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. This file provides an API for Elliptic Curves over GF(P) (ECP). | amanc | |
| 7 | 3399 | x509_crt.c | X.509 public key infrastructure (X.509) | Implements X.509 certificates parsing and verification | gaurishg | |
| 8 | 3010 | bignum.c | Common/Helper | Provides math operations over MPIs(Multi Precision Integers like BigIntegers in java). Can be used in implementing enc/dec algos like RSA etc | shashankatgit | |
| 9 | 2759 | rsa.c | Cipher | This file provides an API for the RSA public-key cryptosystem. | pvimal816 | |
| 10 | 2406 | cipher_wrap.c | crypto | brief Generic cipher wrapper(key encrypting ) for mbed TLS | AshishBokil | |
| 11 | 2367 | ssl_ciphersuites.c | SSL/TLS | Provides a variety of cipher suits to secure SSL/TLS connections. Uses all kinds of cipher files (symmetric enc) and asymmetric encryption files underneath it. Read More on Cipher Suites | shashankatgit | Link |
| 12 | 2228 | aes.c | Cipher | This file contains AES definitions and functions | pvimal816 | |
| 13 | 1746 | certs.c | X.509/Internal Use | Sample certificates and DHM parameters for testing | pvimal816 | |
| 14 | 1533 | pkparse.c | Public Key | Public Key layer for parsing key files and structures. Contains prespecified structures to parse objects (eg: public/private key) | tanmaysule | |
| 15 | 1519 | cipher.c | Cipher | Provides a common interface to all of the available cipher operations. | pvimal816 | |
| 16 | 1484 | ecp_curves.c | Public Key | Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. This file contains curve-specific data and functions for implementation of Elliptic curves over GF(p). | amanc | |
| 17 | 1135 | ecjpake.c | Cipher | Implements Elliptic Curve J-PAKE(Password Authentication Key Exchange by juggling) protocol which provides authentication based on shared password,without using Public Key Infrastructure | Darshikatiwari | |
| 18 | 1108 | camellia.c | Cipher | Implements Camellia block cipher | goxul | |
| 19 | 1073 | cmac.c | Encryption/Decryption | This file contains implementation of cipher based message authentication code | devarajuvinoda | |
| 20 | 1073 | aria.c | Cipher | Implements the ARIA block cipher | goxul | |
| 21 | 1067 | x509.c | X.509 | X.509 generic defines and structures | pvimal816 | |
| 22 | 1058 | des.c | Cipher | Provides DES Block Cipher Implementation | shashankatgit | |
| 23 | 1057 | pk_wrap.c | Public Key | Public Key abstraction layer: wrapper functions. Contains functions used by RSA/Elliptic Curve key-pair etc | tanmaysule | |
| 24 | 1015 | gcm.c | Encryption/Decryption | This file contains implementation of Galois counter mode(GCM) of operation. There are functions written to perform authenticated encryption and authenticated decryption. | devarajuvinoda | |
| 25 | 1002 | ecdsa.c | Cipher | This file contains ECDSA definitions and functions | pvimal816 | |
| 26 | 978 | error.c | Common | Contains all the error strings, and a switch statement which throws the error based on an error code | ashishkankal | |
| 27 | 890 | md.c | Hashing | This file contains the generic message-digest wrapper | pvimal816 | |
| 28 | 848 | version_features.c | Common/Internal Use(Optional) | Checks if a feature is enabled for a particular feature | ashishkankal | |
| 29 | 810 | ctr_drbg.c | RNG | Contains functions for generating random numbers interacts with AES sub module | ashishkankal | |
| 30 | 768 | x509_crl.c | X.509 | X.509 certificate revocation list parsing | pvimal816 | |
| 31 | 767 | oid.c | X.509 | Generates OIDs(object identifiers) for various object types and stores them together in a database | Darshikatiwari | |
| 32 | 750 | nist_kw.c | Cipher | Key wrapping encryption algorithm | ashishkankal | |
| 33 | 744 | memory_buffer_alloc.c | Common | Contains thread safe memory allocator and de-allocator functions | ashishkankal | |
| 34 | 735 | dhm.c | Protocol - Key Exchange | Key exchange is done while initiating a secure session. may need bignum support | alvg | |
| 35 | 729 | ecdh.c | SSL | Elliptic curve Diffie-Hellman key agreement protocol, contains functions related to key manipulation | ashishkankal | |
| 36 | 724 | entropy.c | RNG | Entropy is the used as a measure of randomness. There can be multiple sources of the entropy, entropy collector combines them all into one. This file contains functions related to that. | ashishkankal | |
| 37 | 690 | blowfish.c | Cipher | Blowfish is a symmetric-key cipher algorithm used for encryption and decryption | ashishkankal | |
| 38 | 680 | net_sockets.c | TCP/IP or SSL/TLS. I am not sure | Provides a BSD-style sockets API abstraction for Mbed TLS i.e. uses the mbed tls ssl/tls functions to expose a BSD-style sockets API | shashankatgit | Link |
| 39 | 674 | sha512.c | Hashing | Contains implementation of SHA-2 family of hash functions (512 bit digest) | goxul | |
| 40 | 635 | pk.c | X.509 | Contains function related to public key, operations it can perform, verification of signature, encryption and decryption | ashishkankal | |
| 41 | 623 | pkwrite.c | Public Key | Public Key layer for writing key files and structures for RSA/EC key | tanmaysule | |
| 42 | 620 | hmac_drbg.c | RNG/ Hash | Hashing algorithm, contains entropy and internal functions related to the algorithm | ashishkankal | |
| 43 | 581 | sha256.c | Hashing | Contains implementation of SHA-2 family of hash functions (256 bit digest) | goxul | |
| 44 | 568 | sha1.c | Hashing | SHA-1 is a cryptographic hash function which takes an input and produces a hash value known as a "message digest". The central function in this source file take a data block (stored in an input buffer) as input and produces the message digest as, output = SHA-1(input buffer). | amanc | |
| 45 | 568 | chacha20.c | Cipher | Implementation of ChaCha20 Stream Cipher | shashankatgit | |
| 46 | 557 | poly1305.c | Cipher | This file contains Poly1305 definitions and functions (for chacha). Poly1305 is a one-time message authenticator that can be used to authenticate messages. | tanmaysule | Link |
| 47 | 554 | ripemd160.c | Hashing | Contains implementation of RIPEMD family of hash functions - in particular RIPEMD-160 | goxul | |
| 48 | 547 | ccm.c | Cipher | Recommendation for Block Cipher modes of Operation for a symmetric key key block cipher algorithm, used to provide assurance of the confidentiality and the authenticity of computer data bby combining the techniques of the Counter (CTR) mode and the Cipher Block Chaining-Message Authentication Code(CMC-MAC)algorithm | Showkat | |
| 49 | 544 | x509write_crt.c | X.509 public key infrastructure (X.509) | Implement X.509 certificate writing | gaurishg | |
| 50 | 538 | chachapoly.c | Cipher | Chachapoly is an algorithm for Authenticated Encryption with Associated Data (AEAD) that can be used to encrypt and authenticate data. Seems to be a very specialized algo implementation file. | shashankatgit | Link |
| 51 | 530 | timing.c | Common | Portable interface to timeouts and to the CPU cycle counter. Setting a CPU alarm, fetching elapsed cycles etc | shashankatgit | |
| 52 | 509 | psa_crypto_storage.c | psa-crypto | PSA persistent key storage | alvg | |
| 53 | 493 | md5.c | Hashing | Implements MD5 hash function | goxul | |
| 54 | 486 | rsa_internal.c | Public Key | This file contains RSA helper functions. These functions make it easy for designers of alternative RSA implementations to use them in their own code, as the functionality they provide will be necessary for most complete implementations. End-users of Mbed TLS who are not providing their own alternative RSA implementations should not use these functions directly, and should instead use only the functions declared in rsa.h. | amanc | |
| 55 | 485 | pem.c | X.509 Certificates | Implements Pem(Privacy Enhanced Mail)context setup,decodes pem data and defines the pem error codes | Darshikatiwari | |
| 56 | 481 | asn1parse.c | ASN-format | asn1 parser -- looks like only DER encoding is handled | alvg | |
| 57 | 480 | asn1write.c | ASN-format | asn1 format writer | alvg | |
| 58 | 479 | md4.c | Hashing | Implements MD4 hash function | goxul | |
| 59 | 464 | aesni.c | Cipher - Optional | For hardware acceleration of AES (Symm Enc) on Intel processors. This seems to be an optional functionality | shashankatgit | |
| 60 | 433 | debug.c | Common/Internal Use | Contains functions for printing debug messages & setting debug levels. For internal use within library. | shashankatgit | |
| 61 | 414 | x509_csr.c | X.509 public key infrastructure (X.509) | X.509 Certificate Signing Request (CSR) parsing | gaurishg | |
| 62 | 414 | pkcs5.c | Public Key | PKCS#5 functions. PKCS #5 is the Password-Based Cryptography Specification. (pkcs5 pbkdf2 hmac) | tanmaysule | |
| 63 | 408 | ssl_ticket.c | SSL | Implementation of various server ticket callbacks like ticket write,ticket parse etc. | darshikatiwari | |
| 64 | 386 | platform.c | Common | Contains the definitions and functions of the Mbed TLS platform abstraction layer; the layer removes the need for the library to directly link to standard C library functions or operating system services, making the library easier to port and embed More-details | tanmaysule | |
| 65 | 383 | psa_crypto_se.c | psa-crypto | TODO | alvg | |
| 66 | 374 | x509_create.c | X.509 public key infrastructure (X.509) | Contains base functions for creating X.509 certificates and CSRs | gaurishg | |
| 67 | 360 | pkcs12.c | Public Key | PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate | tanmaysule | |
| 68 | 358 | md2.c | Hash | Contains md 2 hash function implementation | ashishkankal | |
| 69 | 347 | ssl_cache.c | SSL/TLS | Implements SSL Session Caching. SSL Session Caching is a concept/method to permit a closed SSL connection to be resumed for a fixed period of time to escape costly SSL handshake. Read More | shashankatgit | Link |
| 70 | 341 | x509write_csr.c | X.509 public key infrastructure (X.509) | Implement X.509 certificate signing request writing | gaurishg | |
| 71 | 309 | psa_crypto_slot_management.c | psa-crypto | PSA key slot reservation, initialization, slot management | alvg | |
| 72 | 287 | base64.c | Common | Provides Base64 encoding/decoding of data. Will be used to serialize keys and certificate data. | shashankatgit | |
| 73 | 276 | entropy_poll.c | RNG - Optional | Contains custom entropy polling functions | ashishkankal | |
| 74 | 271 | xtea.c | Encryption/Decryption | This file contains implementation of 32 bit extended tiny encryption algorithm | devarajuvinoda | |
| 75 | 259 | psa_its_file.c | ||||
| 76 | 249 | ssl_cookie.c | SSL/TLS | Provides function callbacks for Datagram Transport Layer Security which provides SSL over UDP instead of TCP by using some cookie mechanism to remember state as UDP is stateless. Read More | shashankatgit | Link |
| 77 | 238 | pkcs11.c | Public Key | Wrapper file for Public-Key Cryptography Standards#11. Implements functions of pkcs#11 | tanmaysule | |
| 78 | 237 | havege.c | RNG [Not sure] | User level software to generate random number - link | goxul | |
| 79 | 195 | arc4.c | Cipher | Implements the ARCFOUR stream cipher | goxul | |
| 80 | 189 | hkdf.c | Hashing | HKDF is a simple key derivation function (KDF) based on a hash-based message authentication code (HMAC) | AshishBokil | |
| 81 | 181 | threading.c | Common | Ensures thread safety by implemneting global mutexes | Darshikatiwari | |
| 82 | 164 | padlock.c | Encryption/Decryption | Provides padlock ACE(Advanced Cryptographic Encryption)for faster harware encryp./decryp. | Darshikatiwari | |
| 83 | 133 | platform_util.c | Common | Common and shared functions used by multiple modules in the Mbed TLS library | tanmaysule | Link |
| 84 | 44 | version.c | Common/Internal Use | Contains util function to get the mbedTLS version number | ashishkankal | |
| 85 | 388 | psa_crypto_storage.h | psa-crytpo | key storage to persistent memory, crypto transaction data definition | alvg | |
| 86 | 188 | psa_crypto_se.h | psa-crypto | TODO | alvg | |
| 87 | 164 | psa_crypto_core.h | psa-crypto | PSA crypto core internal interfaces -- small file having internal psa module functions for locks etc | alvg | |
| 88 | 145 | psa_crypto_its.h | psa-crypto | TODO | alvg | |
| 89 | 126 | psa_crypto_slot_management.h | ||||
| 90 | 100 | ssl_invasive.h | SSL/TLS | Interfaces for invasive testing. (Testing purposes only) | shashankatgit | |
| 91 | 77 | psa_crypto_invasive.h | psa-crypto/INTERNAL | these functions MUST not be available to clients. only for internal testing. currently only one API related to entropy. | alvg | |
| 92 | 53 | common.h | Common | Contains utility macros for internal use in the library | Darshikatiwari | |
| 93 | 39 | psa_crypto_service_integration.h | psa-crypto |
the psa_* files are missing from the https://tls.mbed.org/api/files.html page.
https://tls.mbed.org/tech-updates/blog/working-towards-mbed-tls-3
Working towards Mbed TLS 3.0 Last updated: May 2, 2019
Impacts on Mbed TLS Mbed TLS will be split into two projects:
The Mbed TLS library itself, dedicated to provide the network security layer, including X.509 support The Mbed Crypto library project, dedicated to support the PSA Crypto API and provide support for pluggable device drivers for crypto hardware and architecture-specific implementations. The split will be effective with the Mbed TLS 3.0 release, expected in June 2019.
some extra info about PSA https://www.electronicdesign.com/industrial-automation/article/21805760/arms-platform-security-architecture-targets-cortexm
google for "PSA_ITS_API_VERSION_MAJOR" will give more info about PSA crypto project
PSA ITS API == "PSA Internal Trusted Storage" API