mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-01 09:10:03 +00:00
Update details of modules using cipher operations
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
36cd3f9f8e
commit
839d3580bd
@ -112,7 +112,7 @@ For the purposes of this work, three domains emerge:
|
|||||||
|
|
||||||
The following modules in Mbed TLS call another module to perform cryptographic operations which, in the long term, will be provided through a PSA interface, but cannot make any PSA-related assumption.
|
The following modules in Mbed TLS call another module to perform cryptographic operations which, in the long term, will be provided through a PSA interface, but cannot make any PSA-related assumption.
|
||||||
|
|
||||||
Hashes and HMAC (after the work on MD-light):
|
Hashes and HMAC (after the work on driver-only hashes):
|
||||||
|
|
||||||
* entropy (hashes via MD-light)
|
* entropy (hashes via MD-light)
|
||||||
* ECDSA (HMAC\_DRBG; `md.h` exposed through API)
|
* ECDSA (HMAC\_DRBG; `md.h` exposed through API)
|
||||||
@ -124,31 +124,63 @@ Hashes and HMAC (after the work on MD-light):
|
|||||||
* RSA (hash via MD-light for PSS and OAEP; `md.h` exposed through API)
|
* RSA (hash via MD-light for PSS and OAEP; `md.h` exposed through API)
|
||||||
* PEM (MD5 hash via MD-light)
|
* PEM (MD5 hash via MD-light)
|
||||||
|
|
||||||
Symmetric ciphers and AEADs (before Cipher-light work):
|
Symmetric ciphers and AEADs (before work on driver-only cipher):
|
||||||
|
|
||||||
* PEM (AES and DES in CBC mode without padding)
|
* PEM:
|
||||||
AES and DES: setkey_dec + crypt_cbc
|
* AES, DES or 3DES in CBC mode without padding, decrypt only (!).
|
||||||
(look at test data for DES)
|
* Currently using low-level non-generic APIs.
|
||||||
* PKCS12 (cipher, generically, selected from ASN.1 or function parameters; `cipher.h` exposed through API)
|
* No hard dependency, features guarded by `AES_C` resp. `DES_C`.
|
||||||
setup, setkey, set_iv, reset, update, finish (in sequence, once)
|
* Functions called: `setkey_dec()` + `crypt_cbc()`.
|
||||||
no documented restriction, block cipher in CBC mode in practice
|
* PKCS12:
|
||||||
(padding?)
|
* In practice: 2DES or 3DES in CBC mode with PKCS7 padding, decrypt only
|
||||||
(look at test cases)
|
(when called from pkparse).
|
||||||
* PKCS5 (cipher, generically, selected from ASN.1)
|
* In principle: any cipher-mode (default padding), passed an
|
||||||
only DES-CBC or 3DES-CBC
|
`mbedtls_cipher_type_t` as an argument, no documented restriction.
|
||||||
(padding?)
|
* Cipher, generically, selected from ASN.1 or function parameters;
|
||||||
setup, setkey, crypt
|
no documented restriction but in practice TODO (inc. padding and
|
||||||
* CTR\_DRBG (AES-ECB, but could be extended to the other block ciphers)
|
en/decrypt, look at standards and tests)
|
||||||
setkey_enc + crypt_ecb
|
* Unconditional dependency on `CIPHER_C` in `check_config.h`.
|
||||||
* CCM (block cipher in ECB mode; interdependent with cipher)
|
* Note: `cipher.h` exposed through API.
|
||||||
info, setup, setkey, update (several times), (never finish)
|
* Functions called: `setup`, `setkey`, `set_iv`, `reset`, `update`, `finish` (in sequence, once).
|
||||||
* CMAC (AES-ECB and DES-ECB, but could be extended to the other block ciphers; interdependent with cipher)
|
* PKCS5 (PBES2, `mbedtls_pkcs5_pbes2()`):
|
||||||
info, setup, setkey, update (several times), (never finish)
|
* 3DES or DES in CBC mode with PKCS7 padding, both encrypt and decrypt.
|
||||||
* GCM (block cipher in ECB mode; interdependent with cipher)
|
* Note: could also be AES in the future, see #7038.
|
||||||
info, setup, setkey, update (several times), (never finish)
|
* Unconditional dependency on `CIPHER_C` in `check_config.h`.
|
||||||
* NIST\_KW (AES-ECB; interdependent with cipher)
|
* Functions called: `setup`, `setkey`, `crypt`.
|
||||||
info, setup, setkey, update (several times), (never finish)
|
* CTR\_DRBG:
|
||||||
* cipher (cipher and AEAD algorithms)
|
* AES in ECB mode, encrypt only.
|
||||||
|
* Currently using low-level non-generic API (`aes.h`).
|
||||||
|
* Unconditional dependency on `AES_C` in `check_config.h`.
|
||||||
|
* Functions called: `setkey_enc`, `crypt_ecb`.
|
||||||
|
* CCM:
|
||||||
|
* AES, Camellia or Aria in ECB mode, encrypt only.
|
||||||
|
* Unconditional dependency on `AES_C || CAMELLIA_C || ARIA_C` in `check_config.h`.
|
||||||
|
* Unconditional dependency on `CIPHER_C` in `check_config.h`.
|
||||||
|
* Note: also called by `cipher.c` if enabled.
|
||||||
|
* Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish)
|
||||||
|
* CMAC:
|
||||||
|
* AES or DES in ECB mode, encrypt only.
|
||||||
|
* Unconditional dependency on `AES_C || DES_C` in `check_config.h`.
|
||||||
|
* Unconditional dependency on `CIPHER_C` in `check_config.h`.
|
||||||
|
* Note: also called by `cipher.c` if enabled.
|
||||||
|
* Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish)
|
||||||
|
* GCM:
|
||||||
|
* AES, Camellia or Aria in ECB mode, encrypt only.
|
||||||
|
* Unconditional dependency on `AES_C || CAMELLIA_C || ARIA_C` in `check_config.h`.
|
||||||
|
* Unconditional dependency on `CIPHER_C` in `check_config.h`.
|
||||||
|
* Note: also called by `cipher.c` if enabled.
|
||||||
|
* Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish)
|
||||||
|
* NIST\_KW:
|
||||||
|
* AES in ECB mode, both encryt and decrypt.
|
||||||
|
* Unconditional dependency on `AES_C || DES_C` in `check_config.h`.
|
||||||
|
* Unconditional dependency on `CIPHER_C` in `check_config.h`.
|
||||||
|
* Note: also called by `cipher.c` if enabled.
|
||||||
|
* Note: `cipher.h` exposed through API.
|
||||||
|
* Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish)
|
||||||
|
* Cipher:
|
||||||
|
* potentially any cipher/AEAD in any mode and any direction
|
||||||
|
|
||||||
|
Note: PSA cipher is built on Cipher, but PSA AEAD directly calls the underlying AEAD modules (GCM, CCM, ChachaPoly).
|
||||||
|
|
||||||
### Difficulties
|
### Difficulties
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user