driver-only-build: update AEADs section
Note: this section shouldn't actually be updated in #8357, but rather in #8358 which is the wrapup related to cipher and AEADs accelaration. As a consequence we start the AEAD section with a disclaimer explaining that the information written there will be updated soon by a follow up PR. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
parent
1e3fcc5692
commit
acd7bafcbb
1 changed files with 18 additions and 10 deletions
|
@ -245,6 +245,9 @@ Support for deterministic derivation of a DH keypair
|
|||
AEADs
|
||||
-----
|
||||
|
||||
[This section might contain incomplete data and it is going to be updated in
|
||||
#8358, i.e. the wrap-up task for accelerated ciphers and AEADs.]
|
||||
|
||||
It is possible to have all AEADs operations provided only by a driver.
|
||||
|
||||
More precisely you can:
|
||||
|
@ -252,15 +255,20 @@ More precisely you can:
|
|||
- `PSA_WANT_ALG_[CCM|GCM]` with `PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]`
|
||||
- `PSA_WANT_ALG_CHACHA20_POLY1305` with `PSA_WANT_KEY_TYPE_CHACHA20`;
|
||||
- enable `MBEDTLS_PSA_ACCEL_xxx` symbol(s) which correspond to the
|
||||
`PSA_WANT_xxx` of the previous step;
|
||||
- disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY]_C` algorithms and
|
||||
key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs which are
|
||||
accelerated.
|
||||
`PSA_WANT_xxx` of the previous step (both for algorithms and key types);
|
||||
- disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY|POLY1305]_C`
|
||||
algorithms and key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs
|
||||
which are accelerated.
|
||||
|
||||
In such a build all AEADs operations requested through the PSA Crypto API
|
||||
(including those in TLS and X.509) will be performed by the provided driver.
|
||||
Of course direct calls to the disabled builtin modules
|
||||
(ex: `mbedtls_ccm_init()`, etc) won't be possible.
|
||||
In a build in which all AEADs algorithms and related key types are accelerated
|
||||
all AEADs operations requested through the PSA Crypto API (including those in
|
||||
TLS and X.509) will be performed by the driver.
|
||||
Moreover if no unauthenticated cipher is required, it is also possible to
|
||||
disable all built-in block cipher's key types
|
||||
(i.e. `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C`) and `MBEDTLS_CIPHER_C`. This
|
||||
helps in further reducing code's footprint, but unfortunately it makes the
|
||||
following modules unavailable:
|
||||
- `MBEDTLS_PKCS[5|12]_C`
|
||||
- `MBEDTLS_CTR_DRBG_C`
|
||||
- `MBEDTLS_NIST_KW_C`
|
||||
|
||||
If no other non-authenticated cipher is required, it is also possible to
|
||||
disable `MBEDTLS_CIPHER_C` in order to further reduce code's footprint.
|
||||
|
|
Loading…
Reference in a new issue