commit 3f7e42a7501b43f5efbb1420fdb10e09b2412b77
author David Horstmann <david.horstmann@arm.com> Thu Oct 19 15:14:20 2023 +0100
committer David Horstmann <david.horstmann@arm.com> Thu Oct 19 15:14:50 2023 +0100
tree 4849251a90bc4e4bd752262951fdeeff94b039b0
parent dae0ad439f71ae4114e1fc547a7e19d903dee59d

Move implementation by module table earlier

Signed-off-by: David Horstmann <david.horstmann@arm.com>

docs/architecture/psa-shared-memory.md

diff --git a/docs/architecture/psa-shared-memory.md b/docs/architecture/psa-shared-memory.md
index b68c874..279e865 100644
--- a/docs/architecture/psa-shared-memory.md
+++ b/docs/architecture/psa-shared-memory.md
@@ -420,6 +420,20 @@
 
 ## Detailed design
 
+### Implementation by module
+
+Module | Input protection strategy | Output protection strategy | Notes
+---|---|---|---
+Hash and MAC | Careful access | Careful access | Low risk of multiple-access as the input and output are raw unformatted data.
+Cipher | Copying | Copying |
+AEAD | Copying (careful access for additional data) | Copying |
+Key derivation | Careful access | Careful access |
+Asymmetric signature | Careful access | Copying | Inputs to signatures are passed to a hash. This will no longer hold once PureEdDSA support is implemented.
+Asymmetric encryption | Copying | Copying |
+Key agreement | Copying | Copying |
+PAKE | Copying | Copying |
+Key import / export | Copying | Copying | Keys may be imported and exported in DER format, which is a structured format and therefore susceptible to read-read inconsistencies and potentially write-read inconsistencies.
+
 ### Copying functions
 
 As discussed above, it is simpler to use a single unified API for copying. Therefore, we create the following functions:
@@ -443,20 +457,6 @@
 
 Some PSA functions may not use these convenience functions as they may have local optimizations that reduce memory usage. For example, ciphers may be able to use a single intermediate buffer for both input and output.
 
-### Implementation by module
-
-Module | Input protection strategy | Output protection strategy | Notes
----|---|---|---
-Hash and MAC | Careful access | Careful access | Low risk of multiple-access as the input and output are raw unformatted data.
-Cipher | Copying | Copying |
-AEAD | Copying (careful access for additional data) | Copying |
-Key derivation | Careful access | Careful access |
-Asymmetric signature | Careful access | Copying | Inputs to signatures are passed to a hash. This will no longer hold once PureEdDSA support is implemented.
-Asymmetric encryption | Copying | Copying |
-Key agreement | Copying | Copying |
-PAKE | Copying | Copying |
-Key import / export | Copying | Copying | Keys may be imported and exported in DER format, which is a structured format and therefore susceptible to read-read inconsistencies and potentially write-read inconsistencies.
-
 ### Validation of copying
 
 As discussed above, the best strategy for validation of copies appears to be validation by memory poisoning.