From c7c03b7d173b416e1d20157776e65b935eaa52a2 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 12 Oct 2020 21:42:03 -0700 Subject: [PATCH] Enhanced documentation for crypto_config.h Provided more detailed documentation for crypto_config.h file so it is clear to users can enable cryptographic mechanisms using PSA_WANT_XXX. If MBEDTLS_PSA_CRYPTO_CONFIG is not set the settings in this file are not used. Ensure that defines used in this file are set to 1 and not simply defined per the specification. Also removed the __cplusplus guards since they are not needed for this file. Signed-off-by: John Durkop --- include/psa/crypto_config.h | 46 +++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 8e2f40ed86..808c68a57e 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -2,10 +2,34 @@ * \file psa/crypto_config.h * \brief PSA crypto configuration options (set of defines) * - * This set of compile-time options may be used to enable - * or disable PSA crypto features selectively. This will aid - * in reducing the size of the library by removing unused code. +*/ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +/** + * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in config.h, + * this file determines which cryptographic mechanisms are enabled + * through the PSA Cryptography API (\c psa_xxx() functions). + * + * To enable a cryptographic mechanism, uncomment the definition of + * the corresponding \c PSA_WANT_xxx preprocessor symbol. + * To disable a cryptographic mechanism, comment out the definition of + * the corresponding \c PSA_WANT_xxx preprocessor symbol. + * The names of cryptographic mechanisms correspond to values + * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead + * of \c PSA_. + * + * Note that many cryptographic mechanisms involve two symbols: one for + * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm + * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve + * additional symbols. */ +#else +/** + * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in config.h, + * this file is not used, and cryptographic mechanisms are supported + * through the PSA API if and only if they are supported through the + * mbedtls_xxx API. + */ +#endif /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -26,19 +50,7 @@ #ifndef PSA_CRYPTO_CONFIG_H #define PSA_CRYPTO_CONFIG_H -#ifdef __cplusplus -extern "C" { -#endif - -#define PSA_WANT_ALG_ECDSA - -#define PSA_WANT_ALG_ECDSA_DETERMINISTIC - -//#define MBEDTLS_PSA_ACCEL_ALG_ECDSA -//#define MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC - -#ifdef __cplusplus -} -#endif +#define PSA_WANT_ALG_ECDSA 1 +#define PSA_WANT_ALG_ECDSA_DETERMINISTIC 1 #endif /* PSA_CRYPTO_CONFIG_H */