From af53132e443420649daeaec40d5c614aea56007a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Dec 2023 15:56:09 +0100 Subject: [PATCH] driver-only-builds: enhancing section on removing CIPHER_C Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 05bffa5747..7b4b480d3d 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -331,12 +331,17 @@ PSA acceleration when: ### Disabling CIPHER_C -This is possible when: +This only depends on unauthenticated ciphers: they can be either completely +accelerated or disabled in order to remove the dependency on `MBEDTLS_CIPHER_C`. -- all ciphers and AEADs are accelerated, or -- no legacy module, either cipher or AEAD, is enabled. The only exception being - CCM/GCM when key types are accelerated, as described in section - [Partial acceleration for CCM/GCM](#partial-acceleration-for-CCM/GCM). +AEADs do not have such restriction. Of course they can be accelerated as well, +but they can also rely on the legacy modules (`MBEDTLS_[CCM|GCM|CHACHAPOLY]`) +with the following conditions on the underlying key types: +- CCM/GCM can either use legacy key type modules `MBEDTLS_[AES|ARIA|CAMELLIA]_C` + or their accelerated version, as described in section + ["Partial acceleration for CCM/GCM"](#partial-acceleration-for-CCM/GCM). +- ChaChaPoly instead can only rely on legacy key type module `MBEDTLS_CHACHA20_C` + and algorithm `MBEDTLS_POLY1305_C`. It should be noticed that disabling `MBEDTLS_CIPHER_C` helps in reducing code's footprint, but unfortunately it makes the following modules unavailable: