commit 948137be5923961acd6726f275d4e9bb3ddfbbfe
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Aug 10 16:58:04 2023 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Aug 10 16:58:30 2023 +0200
tree f90c6f27451df4a30cb23e1f556e715ba62d4b12
parent 2f12a29cdd51dce4584020b0be2888686b310d40

Add details on use of ciphers from other modules

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

docs/architecture/psa-migration/md-cipher-dispatch.md

diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md
index 355f561..ba76f49 100644
--- a/docs/architecture/psa-migration/md-cipher-dispatch.md
+++ b/docs/architecture/psa-migration/md-cipher-dispatch.md
@@ -110,23 +110,45 @@
 
 #### Non-use-PSA modules
 
-The following modules in Mbed TLS call another module to perform cryptographic operations which, in the long term, will be provided through a PSA interface, but cannot make any PSA-related assumption:
+The following modules in Mbed TLS call another module to perform cryptographic operations which, in the long term, will be provided through a PSA interface, but cannot make any PSA-related assumption.
 
-* CCM (block cipher in ECB mode; interdependent with cipher)
-* cipher (cipher and AEAD algorithms)
-* CMAC (AES-ECB and DES-ECB, but could be extended to the other block ciphers; interdependent with cipher)
-* CTR\_DRBG (AES-ECB, but could be extended to the other block ciphers)
-* entropy (hashes via low-level)
+Hashes and HMAC (after the work on MD-light):
+
+* entropy (hashes via MD-light)
 * ECDSA (HMAC\_DRBG; `md.h` exposed through API)
-* ECJPAKE (hashes via md; `md.h` exposed through API)
-* GCM (block cipher in ECB mode; interdependent with cipher)
-* md (hashes and HMAC)
-* NIST\_KW (AES-ECB; interdependent with cipher)
+* ECJPAKE (hashes via MD-light; `md.h` exposed through API)
+* MD (hashes and HMAC)
 * HMAC\_DRBG (hashes and HMAC via `md.h`; `md.h` exposed through API)
-* PEM (AES and DES in CBC mode without padding; MD5 hash via low-level)
-* PKCS12 (cipher, generically, selected from ASN.1 or function parameters; hashes via md; `cipher.h` exposed through API)
-* PKCS5 (cipher, generically, selected from ASN.1; HMAC via `md.h`; `md.h` exposed through API)
-* RSA (hash via md for PSS and OAEP; `md.h` exposed through API)
+* PKCS12 (hashes via MD-light)
+* PKCS5 (HMAC via `md.h`; `md.h` exposed through API)
+* RSA (hash via MD-light for PSS and OAEP; `md.h` exposed through API)
+* PEM (MD5 hash via MD-light)
+
+Symmetric ciphers and AEADs (before Cipher-light work):
+
+* PEM (AES and DES in CBC mode without padding)
+       AES and DES: setkey_dec + crypt_cbc
+       (look at test data for DES)
+* PKCS12 (cipher, generically, selected from ASN.1 or function parameters; `cipher.h` exposed through API)
+       setup, setkey, set_iv, reset, update, finish (in sequence, once)
+       no documented restriction, block cipher in CBC mode in practice
+       (padding?)
+       (look at test cases)
+* PKCS5 (cipher, generically, selected from ASN.1)
+       only DES-CBC or 3DES-CBC
+       (padding?)
+       setup, setkey, crypt
+* CTR\_DRBG (AES-ECB, but could be extended to the other block ciphers)
+        setkey_enc + crypt_ecb
+* CCM (block cipher in ECB mode; interdependent with cipher)
+        info, setup, setkey, update (several times), (never finish)
+* CMAC (AES-ECB and DES-ECB, but could be extended to the other block ciphers; interdependent with cipher)
+        info, setup, setkey, update (several times), (never finish)
+* GCM (block cipher in ECB mode; interdependent with cipher)
+        info, setup, setkey, update (several times), (never finish)
+* NIST\_KW (AES-ECB; interdependent with cipher)
+        info, setup, setkey, update (several times), (never finish)
+* cipher (cipher and AEAD algorithms)
 
 ### Difficulties