Add tentative definition of Cipher light

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2023-08-11 10:06:42 +02:00
parent 948137be59
commit 36cd3f9f8e

View File

@ -499,3 +499,54 @@ The architecture can be extended to support `MBEDTLS_PSA_CRYPTO_CLIENT` with a l
* Compile-time dependencies: instead of checking `defined(MBEDTLS_PSA_CRYPTO_C)`, check `defined(MBEDTLS_PSA_CRYPTO_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)`.
* Implementers of `MBEDTLS_PSA_CRYPTO_CLIENT` will need to provide `psa_can_do_hash()` (or a more general function `psa_can_do`) alongside `psa_crypto_init()`. Note that at this point, it will become a public interface, hence we won't be able to change it at a whim.
### Cipher light
#### Definition
**Note:** this definition is tentative an may be refined when implementing and
testing, based and what's needed by internal users of Cipher light.
Cipher light will be automatically enabled in `build_info.h` by modules that
need it. (Tentative list: PEM, PCKS12, PKCS5, CTR\_DRBG, CCM, CMAC, GCM,
NIS\_KW, PSA Crypto.) Note: some of these modules currently depend on the
full `CIPHER_C` (enforced by `check_config.h`); this hard dependency would be
replace by the above auto-enablement.
Cipher light includes:
- info functions;
- support for block ciphers in ECB mode (to be confirmed: supporting one block
at a time could be enough);
- support for block ciphers in CBC mode with no padding (to be confirmed: do
we need a padding mode?);
- support for both the "one-shot" and "streaming" APIs for block ciphers.
This excludes:
- the AEAD/KW API (both one-shot and streaming);
- support for stream ciphers;
- support for other modes of block ciphers (CTR, CFB, etc.);
- support for (other) padding modes of CBC.
The following API functions, and supporting types, are candidates for
inclusion in the Cipher light API, with limited features as above:
```
mbedtls_cipher_info_from_psa
mbedtls_cipher_info_from_type
mbedtls_cipher_info_from_values
mbedtls_cipher_info_get_block_size
mbedtls_cipher_info_get_iv_size
mbedtls_cipher_info_get_key_bitlen
mbedtls_cipher_init
mbedtls_cipher_setup
mbedtls_cipher_setkey
mbedtls_cipher_set_padding_mode
mbedtls_cipher_crypt
mbedtls_cipher_free
mbedtls_cipher_set_iv
mbedtls_cipher_reset
mbedtls_cipher_update
mbedtls_cipher_finish
```