psa-conditional-inclusion-c.md - OpenGrok cross reference for /third_party/mbedtls/docs/proposed/psa-conditional-inclusion-c.md

Lines Matching +full:no +full:- +full:tls
1 Conditional inclusion of cryptographic mechanism through the PSA API in Mbed TLS
6 This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA.
12 …-crypto/psa/#application-programming-interface) specifies the interface between a PSA Cryptography…
18 Mbed TLS offers a way to select which cryptographic mechanisms are included in a build through its …
22 …-in implementations of cryptographic mechanisms) can be augmented with drivers. **Transparent driv…
24 … for asymmetric cryptography. For example, many parts of the ECC code have no `MBEDTLS_xxx_ALT` sy…
30 …d Mbed TLS build must not include it. The granularity of mechanisms must work for typical use case…
32 [Req.drivers] If a PSA driver is available in the build, a suitably configured Mbed TLS build must …
34 …ssary to allow building an application and Mbed TLS in development environments that do not allow …
36 …able with future evolution of the PSA cryptography specifications and Mbed TLS. Therefore the inte…
40 …C, CTR, CFB, …) and a block permutation (AES, CAMELLIA, ARIA, …), there is no requirement to inclu…
42 …e multiple directions (for example encrypt/decrypt, sign/verify), there is no requirement to inclu…
44 [Limitation.size] There is no requirement to include only support for certain key sizes.
46 …re multiple ways to perform an operation, for example single-part and multi-part, there is no mech…
52 …cumented in the section [“PSA Crypto configuration symbols”](#psa-crypto-configuration-symbols) be…
56 * If `MBEDTLS_PSA_CRYPTO_CONFIG` is unset, which is the default at least in Mbed TLS 2.x versions, …
57 …ased on both the content of the PSA Crypto configuration file and the Mbed TLS configuration file.…
71 The presence of a symbol `PSA_WANT_xxx` in the Mbed TLS configuration determines whether a feature …
73 * In Mbed TLS test code.
74 * In Mbed TLS library code using `MBEDTLS_USE_PSA_CRYPTO`, for example in TLS to determine which ci…
79 …r because the library does not support the exclusion of this feature. Mbed TLS should make a best …
85 …-key operations are desired, and `PSA_WANT_KEY_TYPE_xxx_PUBLIC_KEY` determines whether public-key …
89 …5` for Curve25519. It is an error to require an ECC key type but no curve, and Mbed TLS will rejec…
93 #### Configuration symbols for Diffie-Hellman groups
95 There are no configuration symbols for Diffie-Hellman groups (`PSA_DH_GROUP_xxx`).
97 Rationale: Finite-field Diffie-Hellman code is usually not specialized for any particular group, so…
103 …include a base mechanism without at least one possible parameter, and Mbed TLS will reject this at…
107 ### Additional non-public symbols
111 In addition to the [configuration symbols](#psa-crypto-configuration-symbols), we need two parallel…
113 * **`MBEDTLS_PSA_ACCEL_xxx`** indicates whether a fully-featured, fallback-free transparent driver …
120 These symbols are not part of the public interface of Mbed TLS towards applications or to drivers, …
124 #### New-style definition of configuration symbols
128 `mbedtls/config_psa.h` includes `psa/crypto_config.h`, the user-editable file that defines applicat…
130 #### Old-style definition of configuration symbols
132 …CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non…
134 …plication code that's specific to a given cryptographic mechanism. In Mbed TLS itself, code under …
136 … edited copy of `mbedtls/mbedtls_config.h` from an earlier version of Mbed TLS, `mbedtls/config_ps…
145 * (D) indicates a symbol that is deduced from other symbols by code that ships with Mbed TLS.
149 | ------------------------- | --------------------------------- | ---------------------------------…
160 #### Compile-time checks
164 A mechanism similar to `mbedtls/check_config.h` detects errors such as enabling ECDSA but no curve.
176 An entry point can be eliminated entirely if no algorithm requires it.
178 #### Conditional inclusion of mechanism-specific code
180 …the application, and `MBEDTLS_PSA_BUILTIN_xxx` for code that calls an Mbed TLS software implementa…
192 …anguage allows a more fine-grained selection than the C mechanism proposed here. For example, it a…
194 …-CTR and one for CAMELLIA-GCM, the translation to boolean symbols will also include AES-GCM and CA…
196 …apability with that algorithm, the key types that apply to that algorithm, no size restriction, an…
204 The names of [elliptic curve symbols](#configuration-symbols-for-elliptic-curves) are a bit weird: …
210 #### Diffie-Hellman
214 #### Coexistence with the current Mbed TLS configuration
222 Is it realistic to mandate a compile-time error if a key type is required, but no matching algorith…
224 #### Opaque-only mechanisms
228 …ant to suppress a mechanism completely if there is no matching algorithm. For example, if there is…
236 <!--
238 time-stamp-line-limit: 40
239 time-stamp-start: "Time-stamp: *\""
240 time-stamp-end: "\""
241 time-stamp-format: "%04Y/%02m/%02d %02H:%02M:%02S %Z"
242 time-stamp-time-zone: "GMT"
244 -->