From 3f7e42a7501b43f5efbb1420fdb10e09b2412b77 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Thu, 19 Oct 2023 15:14:20 +0100
Subject: [PATCH] Move implementation by module table earlier

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 docs/architecture/psa-shared-memory.md | 28 +++++++++++++-------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/docs/architecture/psa-shared-memory.md b/docs/architecture/psa-shared-memory.md
index b68c874ff8..279e8651df 100644
--- a/docs/architecture/psa-shared-memory.md
+++ b/docs/architecture/psa-shared-memory.md
@@ -420,6 +420,20 @@ Make sure that such mechanisms preserve the guarantees when buffers overlap.
 
 ## Detailed design
 
+### Implementation by module
+
+Module | Input protection strategy | Output protection strategy | Notes
+---|---|---|---
+Hash and MAC | Careful access | Careful access | Low risk of multiple-access as the input and output are raw unformatted data.
+Cipher | Copying | Copying |
+AEAD | Copying (careful access for additional data) | Copying |
+Key derivation | Careful access | Careful access |
+Asymmetric signature | Careful access | Copying | Inputs to signatures are passed to a hash. This will no longer hold once PureEdDSA support is implemented.
+Asymmetric encryption | Copying | Copying |
+Key agreement | Copying | Copying |
+PAKE | Copying | Copying |
+Key import / export | Copying | Copying | Keys may be imported and exported in DER format, which is a structured format and therefore susceptible to read-read inconsistencies and potentially write-read inconsistencies.
+
 ### Copying functions
 
 As discussed above, it is simpler to use a single unified API for copying. Therefore, we create the following functions:
@@ -443,20 +457,6 @@ This function would first copy the `buffers->out` buffer to the user-supplied ou
 
 Some PSA functions may not use these convenience functions as they may have local optimizations that reduce memory usage. For example, ciphers may be able to use a single intermediate buffer for both input and output.
 
-### Implementation by module
-
-Module | Input protection strategy | Output protection strategy | Notes
----|---|---|---
-Hash and MAC | Careful access | Careful access | Low risk of multiple-access as the input and output are raw unformatted data.
-Cipher | Copying | Copying |
-AEAD | Copying (careful access for additional data) | Copying |
-Key derivation | Careful access | Careful access |
-Asymmetric signature | Careful access | Copying | Inputs to signatures are passed to a hash. This will no longer hold once PureEdDSA support is implemented.
-Asymmetric encryption | Copying | Copying |
-Key agreement | Copying | Copying |
-PAKE | Copying | Copying |
-Key import / export | Copying | Copying | Keys may be imported and exported in DER format, which is a structured format and therefore susceptible to read-read inconsistencies and potentially write-read inconsistencies.
-
 ### Validation of copying
 
 As discussed above, the best strategy for validation of copies appears to be validation by memory poisoning.