Specify that the cryptographic operations of Mbed TLS are governed by
its threat model and point specifically to block ciphers as an important
case of this.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
To avoid confusion about the threat model of cryptographic code, add a
link to the SECURITY.md of TF-PSA-Crypto. This should help users who are
unaware that the cryptography has been split into a separate repository.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Add a note that we do aim to protect against undefined behaviour and
undefined behaviour in certificate parsing is in scope.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Clarify that strict formatting of X.509 certificates is not checked by
Mbed TLS and that it therefore should not be used to construct a CA.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Timing attacks can be launched by any of the main 3 attackers. Clarify
exactly how these are covered.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The block cipher exception affects both remote and local timing attacks.
Move them to the Caveats section and reference it from both the local
and the remote attack section.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Originally for the sake of simplicity there was a single category for
software based attacks, namely timing side channel attacks.
Be more precise and categorise attacks as software based whether or not
they rely on physical information.
Signed-off-by: Janos Follath <janos.follath@arm.com>
