mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 12:40:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Reorder sections

Browse Source 
Move "Cryptographic mechanism selection (extended API)"
and "Data format support" just after section
Cryptographic mechanism selection (PSA API)"

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2024-09-02 16:21:44 +02:00
parent e5d0f8c906
commit 8e1b463e34
1 changed files with 48 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
docs/proposed/config-split.md
View File

@ -53,19 +53,21 @@ Then, the "Cryptographic mechanism selection (PSA API)" section is the
equivalent of the pre-split crypto_config.h configuration file containing the equivalent of the pre-split crypto_config.h configuration file containing the
PSA_WANT_ prefixed macros. PSA_WANT_ prefixed macros.
The following section named "Cryptographic mechanism selection (extended API)"
contains the configuration options for the cryptography mechanisms that are not
yet part of the PSA cryptography API (like LMS or PK).
It is followed by the "Data format support" section that contains configuration
options of utilities related to various data formats (like base64 or ASN1 APIs).
These utilities aim to facilitate the usage of the PSA cryptography API in other
cryptography projects.
Compared to Mbed TLS, the cryptography code in TF-PSA-Crypto is not located Compared to Mbed TLS, the cryptography code in TF-PSA-Crypto is not located
in a single directory but split between the PSA core (core directory) and the in a single directory but split between the PSA core (core directory) and the
PSA builtin drivers (drivers/builtin/src directory). This is reflected in PSA builtin drivers (drivers/builtin/src directory). This is reflected in
tf_psa_crypto_config.h with two sections respectively named "PSA core" and tf_psa_crypto_config.h with two sections respectively named "PSA core" and
"Builtin drivers". "Builtin drivers".
The two following sections contain the configuration options for the cryptography
mechanisms that are not yet part of the PSA cryptography API (like LMS) and
for cryptography utilities (like base64 or ASN1 APIs) that facilitate the usage
of the PSA cryptography API in other cryptography projects. They are
named respectively "Cryptographic mechanism selection (extended API)"
options" and "Data format support".
Finally, the last section named "Legacy cryptography" contains the configuration Finally, the last section named "Legacy cryptography" contains the configuration
options that will eventually be removed as duplicates of PSA_WANT_\* and options that will eventually be removed as duplicates of PSA_WANT_\* and
MBEDTLS_PSA_ACCEL_\* configuration options. MBEDTLS_PSA_ACCEL_\* configuration options.
@ -156,6 +158,45 @@ Open question: do we group them into a subsection?
PSA_WANT_\* macros as in current crypto_config.h. PSA_WANT_\* macros as in current crypto_config.h.
* SECTION "Cryptographic mechanism selection (extended API)"
#define MBEDTLS_CIPHER_C
//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_LMS_C
//#define MBEDTLS_LMS_PRIVATE
#define MBEDTLS_MD_C
#define MBEDTLS_NIST_KW_C
#define MBEDTLS_PK_PARSE_EC_EXTENDED
#define MBEDTLS_PK_PARSE_EC_COMPRESSED
#define MBEDTLS_PK_RSA_ALT_SUPPORT
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_PKCS5_C
#define MBEDTLS_PKCS12_C
//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256
//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000
//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256
//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024
//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384
* SECTION "Data format support"
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_OID_C
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PEM_WRITE_C
* SECTION "PSA core" * SECTION "PSA core"
//#define MBEDTLS_ENTROPY_HARDWARE_ALT //#define MBEDTLS_ENTROPY_HARDWARE_ALT
//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
@ -215,44 +256,6 @@ PSA_WANT_\* macros as in current crypto_config.h.
//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 //#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024
* SECTION "Cryptographic mechanism selection (extended API)"
#define MBEDTLS_CIPHER_C
//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_LMS_C
//#define MBEDTLS_LMS_PRIVATE
#define MBEDTLS_MD_C
#define MBEDTLS_NIST_KW_C
#define MBEDTLS_PK_PARSE_EC_EXTENDED
#define MBEDTLS_PK_PARSE_EC_COMPRESSED
#define MBEDTLS_PK_RSA_ALT_SUPPORT
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_PKCS5_C
#define MBEDTLS_PKCS12_C
//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256
//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000
//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256
//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024
//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384
* SECTION "Data format support"
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_OID_C
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PEM_WRITE_C
* SECTION "Legacy cryptography" * SECTION "Legacy cryptography"
#define MBEDTLS_CIPHER_MODE_CBC #define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_MODE_CFB #define MBEDTLS_CIPHER_MODE_CFB