mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-16 04:20:49 +00:00
Add tentative definition of Cipher light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
948137be59
commit
36cd3f9f8e
@ -499,3 +499,54 @@ The architecture can be extended to support `MBEDTLS_PSA_CRYPTO_CLIENT` with a l
|
||||
|
||||
* Compile-time dependencies: instead of checking `defined(MBEDTLS_PSA_CRYPTO_C)`, check `defined(MBEDTLS_PSA_CRYPTO_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)`.
|
||||
* Implementers of `MBEDTLS_PSA_CRYPTO_CLIENT` will need to provide `psa_can_do_hash()` (or a more general function `psa_can_do`) alongside `psa_crypto_init()`. Note that at this point, it will become a public interface, hence we won't be able to change it at a whim.
|
||||
|
||||
### Cipher light
|
||||
|
||||
#### Definition
|
||||
|
||||
**Note:** this definition is tentative an may be refined when implementing and
|
||||
testing, based and what's needed by internal users of Cipher light.
|
||||
|
||||
Cipher light will be automatically enabled in `build_info.h` by modules that
|
||||
need it. (Tentative list: PEM, PCKS12, PKCS5, CTR\_DRBG, CCM, CMAC, GCM,
|
||||
NIS\_KW, PSA Crypto.) Note: some of these modules currently depend on the
|
||||
full `CIPHER_C` (enforced by `check_config.h`); this hard dependency would be
|
||||
replace by the above auto-enablement.
|
||||
|
||||
Cipher light includes:
|
||||
- info functions;
|
||||
- support for block ciphers in ECB mode (to be confirmed: supporting one block
|
||||
at a time could be enough);
|
||||
- support for block ciphers in CBC mode with no padding (to be confirmed: do
|
||||
we need a padding mode?);
|
||||
- support for both the "one-shot" and "streaming" APIs for block ciphers.
|
||||
|
||||
This excludes:
|
||||
- the AEAD/KW API (both one-shot and streaming);
|
||||
- support for stream ciphers;
|
||||
- support for other modes of block ciphers (CTR, CFB, etc.);
|
||||
- support for (other) padding modes of CBC.
|
||||
|
||||
The following API functions, and supporting types, are candidates for
|
||||
inclusion in the Cipher light API, with limited features as above:
|
||||
```
|
||||
mbedtls_cipher_info_from_psa
|
||||
mbedtls_cipher_info_from_type
|
||||
mbedtls_cipher_info_from_values
|
||||
|
||||
mbedtls_cipher_info_get_block_size
|
||||
mbedtls_cipher_info_get_iv_size
|
||||
mbedtls_cipher_info_get_key_bitlen
|
||||
|
||||
mbedtls_cipher_init
|
||||
mbedtls_cipher_setup
|
||||
mbedtls_cipher_setkey
|
||||
mbedtls_cipher_set_padding_mode
|
||||
mbedtls_cipher_crypt
|
||||
mbedtls_cipher_free
|
||||
|
||||
mbedtls_cipher_set_iv
|
||||
mbedtls_cipher_reset
|
||||
mbedtls_cipher_update
|
||||
mbedtls_cipher_finish
|
||||
```
|
||||
|
Loading…
x
Reference in New Issue
Block a user