TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 36cd3f9f8ef6edbf9c7ba16a442117ddfa506748^! / .
commit36cd3f9f8ef6edbf9c7ba16a442117ddfa506748[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Fri Aug 11 10:06:42 2023 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Fri Aug 11 10:06:42 2023 +0200
treedd47cfa5da84c3cb8cb5d204fce4e82fc3428efd
parent948137be5923961acd6726f275d4e9bb3ddfbbfe [diff]
Add tentative definition of Cipher light

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md
index ba76f49..488cf20 100644
--- a/docs/architecture/psa-migration/md-cipher-dispatch.md
+++ b/docs/architecture/psa-migration/md-cipher-dispatch.md

@@ -499,3 +499,54 @@
 
 * Compile-time dependencies: instead of checking `defined(MBEDTLS_PSA_CRYPTO_C)`, check `defined(MBEDTLS_PSA_CRYPTO_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)`.
 * Implementers of `MBEDTLS_PSA_CRYPTO_CLIENT` will need to provide `psa_can_do_hash()` (or a more general function `psa_can_do`) alongside `psa_crypto_init()`. Note that at this point, it will become a public interface, hence we won't be able to change it at a whim.
+
+### Cipher light
+
+#### Definition
+
+**Note:** this definition is tentative an may be refined when implementing and
+testing, based and what's needed by internal users of Cipher light.
+
+Cipher light will be automatically enabled in `build_info.h` by modules that
+need it. (Tentative list: PEM, PCKS12, PKCS5, CTR\_DRBG, CCM, CMAC, GCM,
+NIS\_KW, PSA Crypto.) Note: some of these modules currently depend on the
+full `CIPHER_C` (enforced by `check_config.h`); this hard dependency would be
+replace by the above auto-enablement.
+
+Cipher light includes:
+- info functions;
+- support for block ciphers in ECB mode (to be confirmed: supporting one block
+  at a time could be enough);
+- support for block ciphers in CBC mode with no padding (to be confirmed: do
+  we need a padding mode?);
+- support for both the "one-shot" and "streaming" APIs for block ciphers.
+
+This excludes:
+- the AEAD/KW API (both one-shot and streaming);
+- support for stream ciphers;
+- support for other modes of block ciphers (CTR, CFB, etc.);
+- support for (other) padding modes of CBC.
+
+The following API functions, and supporting types, are candidates for
+inclusion in the Cipher light API, with limited features as above:
+```
+mbedtls_cipher_info_from_psa
+mbedtls_cipher_info_from_type
+mbedtls_cipher_info_from_values
+
+mbedtls_cipher_info_get_block_size
+mbedtls_cipher_info_get_iv_size
+mbedtls_cipher_info_get_key_bitlen
+
+mbedtls_cipher_init
+mbedtls_cipher_setup
+mbedtls_cipher_setkey
+mbedtls_cipher_set_padding_mode
+mbedtls_cipher_crypt
+mbedtls_cipher_free
+
+mbedtls_cipher_set_iv
+mbedtls_cipher_reset
+mbedtls_cipher_update
+mbedtls_cipher_finish
+```