lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Update definition of Cipher light

Browse Source 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
2023-10-10 09:45:28 +02:00
parent 839d3580bd
commit ca18b7747e
1 changed files with 24 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
docs/architecture/psa-migration/md-cipher-dispatch.md
View File

@ -537,48 +537,51 @@ The architecture can be extended to support `MBEDTLS_PSA_CRYPTO_CLIENT` with a l
#### Definition #### Definition
**Note:** this definition is tentative an may be refined when implementing and **Note:** this definition is tentative an may be refined when implementing and
testing, based and what's needed by internal users of Cipher light. testing, based and what's needed by internal users of Cipher light. The new
config symbol will not be considered public so its definition may change.
Cipher light will be automatically enabled in `build_info.h` by modules that Cipher light will be automatically enabled in `build_info.h` by modules that
need it. (Tentative list: PEM, PCKS12, PKCS5, CTR\_DRBG, CCM, CMAC, GCM, need it, namely: CTR\_DRBG, CCM, GCM. Note: CCM and GCM currently depend on
NIS\_KW, PSA Crypto.) Note: some of these modules currently depend on the the full `CIPHER_C` (enforced by `check_config.h`); this hard dependency would
full `CIPHER_C` (enforced by `check_config.h`); this hard dependency would be be replaced by the above auto-enablement.
replace by the above auto-enablement.
Cipher light includes: Cipher light includes:
- info functions; - info functions;
- support for block ciphers in ECB mode (to be confirmed: supporting one block - support for block ciphers in ECB mode, encrypt only (note: in Cipher, "ECB"
at a time could be enough); means just one block, contrary to PSA);
- support for block ciphers in CBC mode with no padding (to be confirmed: do - the one-shot API as well as (part of) the streaming API;
we need a padding mode?); - only AES, Aria and Camellia.
- support for both the "one-shot" and "streaming" APIs for block ciphers.
This excludes: This excludes:
- the AEAD/KW API (both one-shot and streaming); - the AEAD/KW API (both one-shot and streaming);
- support for stream ciphers; - support for stream ciphers;
- support for other modes of block ciphers (CTR, CFB, etc.); - support for other modes of block ciphers (CBC, CTR, CFB, etc.);
- support for (other) padding modes of CBC. - DES and variants (3DES).
The following API functions, and supporting types, are candidates for The following API functions, and supporting types, are candidates for
inclusion in the Cipher light API, with limited features as above: inclusion in the Cipher light API, with limited features as above:
``` ```
mbedtls_cipher_info_from_psa
mbedtls_cipher_info_from_type mbedtls_cipher_info_from_type
mbedtls_cipher_info_from_values
mbedtls_cipher_info_get_block_size mbedtls_cipher_info_get_block_size
mbedtls_cipher_info_get_iv_size
mbedtls_cipher_info_get_key_bitlen
mbedtls_cipher_init mbedtls_cipher_init
mbedtls_cipher_setup mbedtls_cipher_setup
mbedtls_cipher_setkey mbedtls_cipher_setkey
mbedtls_cipher_set_padding_mode
mbedtls_cipher_crypt mbedtls_cipher_crypt
mbedtls_cipher_free mbedtls_cipher_free
mbedtls_cipher_set_iv
mbedtls_cipher_reset
mbedtls_cipher_update mbedtls_cipher_update
mbedtls_cipher_finish (mbedtls_cipher_finish)
``` ```
Note: `mbedtls_cipher_info_get_block_size()` can be hard-coded to return 16,
as all three supported block ciphers have the same block size (DES was
excluded).
Note: `mbedtls_cipher_finish()` is not required by any of the modules using
Cipher light, but it might be convenient to include it anyway as it's used in
the implementation of `mbedtls_cipher_crypt()`.
#### Cipher light dual dispatch
This is likely to come in the future, but has not been defined yet.