mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-01 09:10:03 +00:00
Document parts not covered by USE_PSA_CRYPTO
Also, remove the section about design considerations for now. It's probably more suitable for a developer-oriented document that would also include considerations about possible paths for the future, which would better be separated from user documentation (separating the certain that is now, from the uncertain that might or might not be later). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
200bcf77f8
commit
73a0e1da0d
@ -1,6 +1,6 @@
|
|||||||
This document describes the compile-time configutation option
|
This document describes the compile-time configuration option
|
||||||
`MBEDTLS_USE_PSA_CRYPTO`: its current effects as well as some design
|
`MBEDTLS_USE_PSA_CRYPTO` from a user's perspective, more specifically its
|
||||||
considerations and plans for the future.
|
current effects as well as the parts that aren't covered yet.
|
||||||
|
|
||||||
Current effects
|
Current effects
|
||||||
===============
|
===============
|
||||||
@ -148,10 +148,39 @@ Benefits: use of PSA Crypto drivers.
|
|||||||
Parts that are not covered yet
|
Parts that are not covered yet
|
||||||
==============================
|
==============================
|
||||||
|
|
||||||
(To be written.)
|
This is only a high-level overview, grouped by theme
|
||||||
|
|
||||||
Design considerations
|
TLS: key exchanges / asymmetric crypto
|
||||||
=====================
|
--------------------------------------
|
||||||
|
|
||||||
(To be written.)
|
- RSA: not covered
|
||||||
|
- DHE-RSA: not covered
|
||||||
|
- ECDHE-RSA: ECDHE computation client-side only
|
||||||
|
- ECDHE-ECDSA:
|
||||||
|
- ECDHE computation client-side
|
||||||
|
- ECDSA verification both sides
|
||||||
|
- ECDSA signature (if using `mbedtls_pk_setup_opaque()`)
|
||||||
|
- PSK: client-side PSA-held using `mbedtls_ssl_conf_psk_opaque()`
|
||||||
|
- DHE-PSK: not covered
|
||||||
|
- RSA-PSK: not covered
|
||||||
|
- ECDHE-PSK: not covered
|
||||||
|
- ECDH-RSA: not covered
|
||||||
|
- ECDH-ECDSA: not covered
|
||||||
|
- ECJPAKE: not covered
|
||||||
|
|
||||||
|
TLS: symmetric crypto
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
- some ciphers not supported via PSA yet: ARIA, Camellia, ChachaPoly (silent
|
||||||
|
fallback to the legacy APIs)
|
||||||
|
- the HMAC part of the CBC and NULL ciphersuites is not covered
|
||||||
|
- the HMAC computation in `ssl_cookie.c`
|
||||||
|
|
||||||
|
X.509
|
||||||
|
-----
|
||||||
|
|
||||||
|
- most hash operations are still done via the legacy API, except the few that
|
||||||
|
are documented above as using PSA
|
||||||
|
- RSA PKCS#1 v1.5 signature generation (from PSA-held keys): not covered
|
||||||
|
- RSA PKCS#1 v1.5 signature verification: not covered
|
||||||
|
- RSA-PSS signature verification: not covered
|
||||||
|
Loading…
Reference in New Issue
Block a user