mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-30 16:20:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

driver-only-build: update AEADs section

Browse Source 
Note: this section shouldn't actually be updated in #8357, but
rather in #8358 which is the wrapup related to cipher and AEADs
accelaration. As a consequence we start the AEAD section with
a disclaimer explaining that the information written there will
be updated soon by a follow up PR.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2023-12-06 15:17:12 +01:00
parent 1e3fcc5692
commit acd7bafcbb
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
docs/driver-only-builds.md
View File

@ -245,6 +245,9 @@ Support for deterministic derivation of a DH keypair
AEADs AEADs
----- -----
[This section might contain incomplete data and it is going to be updated in
#8358, i.e. the wrap-up task for accelerated ciphers and AEADs.]
It is possible to have all AEADs operations provided only by a driver. It is possible to have all AEADs operations provided only by a driver.
More precisely you can: More precisely you can:
@ -252,15 +255,20 @@ More precisely you can:
- `PSA_WANT_ALG_[CCM|GCM]` with `PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]` - `PSA_WANT_ALG_[CCM|GCM]` with `PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]`
- `PSA_WANT_ALG_CHACHA20_POLY1305` with `PSA_WANT_KEY_TYPE_CHACHA20`; - `PSA_WANT_ALG_CHACHA20_POLY1305` with `PSA_WANT_KEY_TYPE_CHACHA20`;
- enable `MBEDTLS_PSA_ACCEL_xxx` symbol(s) which correspond to the - enable `MBEDTLS_PSA_ACCEL_xxx` symbol(s) which correspond to the
`PSA_WANT_xxx` of the previous step; `PSA_WANT_xxx` of the previous step (both for algorithms and key types);
- disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY]_C` algorithms and - disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY|POLY1305]_C`
key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs which are algorithms and key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs
accelerated. which are accelerated.
In such a build all AEADs operations requested through the PSA Crypto API In a build in which all AEADs algorithms and related key types are accelerated
(including those in TLS and X.509) will be performed by the provided driver. all AEADs operations requested through the PSA Crypto API (including those in
Of course direct calls to the disabled builtin modules TLS and X.509) will be performed by the driver.
(ex: `mbedtls_ccm_init()`, etc) won't be possible. Moreover if no unauthenticated cipher is required, it is also possible to
disable all built-in block cipher's key types
(i.e. `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C`) and `MBEDTLS_CIPHER_C`. This
helps in further reducing code's footprint, but unfortunately it makes the
following modules unavailable:
- `MBEDTLS_PKCS[5|12]_C`
- `MBEDTLS_CTR_DRBG_C`
- `MBEDTLS_NIST_KW_C`
If no other non-authenticated cipher is required, it is also possible to
disable `MBEDTLS_CIPHER_C` in order to further reduce code's footprint.