yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

driver-only-builds: add section for accelerated ciphers/AEADs

Browse source 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2023-12-18 15:52:44 +01:00
parent cddab78612
commit 7e11dd6ec6
1 changed files with 105 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

134
docs/driver-only-builds.md
View file

@ -55,7 +55,12 @@ For now, only the following (families of) mechanisms are supported:
- hashes: SHA-3, SHA-2, SHA-1, MD5, etc. - hashes: SHA-3, SHA-2, SHA-1, MD5, etc.
- elliptic-curve cryptography (ECC): ECDH, ECDSA, EC J-PAKE, ECC key types. - elliptic-curve cryptography (ECC): ECDH, ECDSA, EC J-PAKE, ECC key types.
- finite-field Diffie-Hellman: FFDH algorithm, DH key types. - finite-field Diffie-Hellman: FFDH algorithm, DH key types.
- AEADs: GCM, CCM and ChachaPoly - AEADs:
- GCM and CCM with AES, ARIA and Camellia key types
- ChachaPoly with ChaCha20 Key type
- Ciphers:
- key types: AES, ARIA, Camellia, DES
- modes: ECB, CBC, CTR, CFB, OFB, XTS
Supported means that when those are provided only by drivers, everything Supported means that when those are provided only by drivers, everything
(including PK, X.509 and TLS if `MBEDTLS_USE_PSA_CRYPTO` is enabled) should (including PK, X.509 and TLS if `MBEDTLS_USE_PSA_CRYPTO` is enabled) should
@ -63,9 +68,6 @@ work in the same way as if the mechanisms where built-in, except as documented
in the "Limitations" sub-sections of the sections dedicated to each family in the "Limitations" sub-sections of the sections dedicated to each family
below. below.
In the near future (end of 2023), we are planning to also add support for
ciphers (AES, ARIA, Camellia).
Currently (mid-2023) we don't have plans to extend this to RSA. If Currently (mid-2023) we don't have plans to extend this to RSA. If
you're interested in driver-only support for RSA, please let us know. you're interested in driver-only support for RSA, please let us know.
@ -242,33 +244,107 @@ removing builtin support (i.e. `MBEDTLS_DHM_C`).
Support for deterministic derivation of a DH keypair Support for deterministic derivation of a DH keypair
(i.e. `PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE`) is not supported. (i.e. `PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE`) is not supported.
AEADs Ciphers and AEADs
----- -----------------
[This section might contain incomplete data and it is going to be updated in It is possible to have all ciphers and AEADs operations provided only by a
#8358, i.e. the wrap-up task for accelerated ciphers and AEADs.] driver. More precisely, for each desired combination of key type and
algorithm/mode you can:
- enable desired PSA key type(s):
- `PSA_WANT_KEY_TYPE_AES`,
- `PSA_WANT_KEY_TYPE_ARIA`,
- `PSA_WANT_KEY_TYPE_CAMELLIA`,
- `PSA_WANT_KEY_TYPE_CHACHA20`,
- `PSA_WANT_KEY_TYPE_DES`;
- enable desired PSA algorithm(s):
- unauthenticated ciphers modes:
- `PSA_WANT_ALG_CBC_NO_PADDING`,
- `PSA_WANT_ALG_CBC_PKCS7`,
- `PSA_WANT_ALG_CCM_STAR_NO_TAG`,
- `PSA_WANT_ALG_CFB`,
- `PSA_WANT_ALG_CTR`,
- `PSA_WANT_ALG_ECB_NO_PADDING`,
- `PSA_WANT_ALG_OFB`,
- `PSA_WANT_ALG_STREAM_CIPHER`;
- AEADs:
- `PSA_WANT_ALG_CCM`,
- `PSA_WANT_ALG_GCM`,
- `PSA_WANT_ALG_CHACHA20_POLY1305`;
- enable `MBEDTLS_PSA_ACCEL_[KEY_TYPE_xxx|ALG_yyy]` symbol(s) which correspond
to the PSA_WANT_KEY_TYPE_xxx` and `PSA_WANT_ALG_yyy` of the previous steps;
- disable builtin support of key types:
- `MBEDTLS_AES_C`,
- `MBEDTLS_ARIA_C`,
- `MBEDTLS_CAMELLIA_C`,
- `MBEDTLS_DES_C`,
- `MBEDTLS_CHACHA20_C`;
and algorithms/modes:
- `MBEDTLS_CBC_C`
- `MBEDTLS_CFB_C`
- `MBEDTLS_CTR_C`
- `MBEDTLS_OFB_C`
- `MBEDTLS_XTS_C`
- `MBEDTLS_CCM_C`
- `MBEDTLS_GCM_C`
- `MBEDTLS_CHACHAPOLY_C`
- `MBEDTLS_NULL_CIPHER`
It is possible to have all AEADs operations provided only by a driver. Once a key type and related algorithm are accelerated, all cipher and AEADs
operations of that type requested through the PSA Crypto API are performed by
the driver. Only functions belonging to legacy modules which are disabled won't
be available in this configuration.
More precisely you can: ### Legacy <-> PSA matching
- enable desired PSA algorithm(s) and key type(s):
- `PSA_WANT_ALG_[CCM|GCM]` with `PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]` It should be noticed that the matching between legacy (i.e. `MBEDTLS_xxx_C`)
- `PSA_WANT_ALG_CHACHA20_POLY1305` with `PSA_WANT_KEY_TYPE_CHACHA20`; and PSA (i.e. `PSA_WANT_xxx`) symbols is not always 1:1. For example:
- enable `MBEDTLS_PSA_ACCEL_xxx` symbol(s) which correspond to the - ECB mode is always enabled in legacy configuration for each key type that
`PSA_WANT_xxx` of the previous step (both for algorithms and key types); allows it (AES, ARIA, Camellia, DES), whereas it must be explicitly enabled
- disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY|POLY1305]_C` in PSA with `PSA_WANT_ALG_ECB`;
algorithms and key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs - similarly for stream ciphers, it is automatically enabled for key types that
which are accelerated. support it (`CHACHA20_C` and `NULL_CIPHER`) whereas it must be explicitly
enabled in PSA with `PSA_WANT_ALG_STREAM_CIPHER`;
- legacy symbol `MBEDTLS_CCM_C` adds support for both cipher and AEAD, whereas
in PSA there are 2 different symbols: `PSA_WANT_ALG_CCM_STAR_NO_TAG` and
`PSA_WANT_ALG_CCM`, respectively.
### Partial acceleration for CCM/GCM
[This section depends on #8598 so it might updated while that PR progresses.]
In case legacy CCM/GCM algorithms are enabled it is still possible to benefit
from PSA acceleration by enabling support for ECB mode
(`PSA_WANT_ALG_ECB_NO_PADDING`) together with desired key type(s)
(`PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]`). In such configuration it is possible
to:
- still benefit from legacy functions belonging to CCM/GCM modules
(`mbedtls_[ccm|gcm]_xxx()`),
- disable legacy key types (`MBEDTLS_[AES|ARIA|CAMELLIA]_C`) if there is no
other dependency requiring them, of course.
ChaChaPoly has not such feature, so it requires full acceleration (key type +
algorithm) in order to work with a driver.
### CTR-DRBG
Legacy CTR-DRBG module (enabled by `MBEDTLS_CTR_DRBG_C`) can also benefit from
PSA acceleration when:
- legacy AES module is not enabled (`MBEDTLS_AES_C`) and
- AES is supported on PSA side together with ECB mode, i.e.
`PSA_WANT_KEY_TYPE_AES` + `PSA_WANT_ALG_ECB_NO_PADDING`.
### Disabling CIPHER_C
This is possible when:
- all ciphers and AEADs are accelerated;
- no legacy module, either cipher or AEAD, is enabled. The only exception being
CCM/GCM when key types are accelerated, as described in section
[Partial acceleration for CCM/GCM](#partial-acceleration-for-CCM/GCM).
It should be noticed that disabling `MBEDTLS_CIPHER_C` helps in reducing code's
footprint, but unfortunately it makes the following modules unavailable:
- `MBEDTLS_PKCS[5|12]_C`,
- `MBEDTLS_NIST_KW_C`.
In a build in which all AEADs algorithms and related key types are accelerated
all AEADs operations requested through the PSA Crypto API (including those in
TLS and X.509) will be performed by the driver.
Moreover if no unauthenticated cipher is required, it is also possible to
disable all built-in block cipher's key types
(i.e. `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C`) and `MBEDTLS_CIPHER_C`. This
helps in further reducing code's footprint, but unfortunately it makes the
following modules unavailable:
- `MBEDTLS_PKCS[5|12]_C`
- `MBEDTLS_CTR_DRBG_C`
- `MBEDTLS_NIST_KW_C`