crypto_config: Migrated newer configuration options.

This commit, moves configuration entries that were not present during the design-review. It also updates the proposal accordingly. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2025-01-30 15:32:58 +00:00 · 2024-11-29 17:53:24 +00:00 · 2024-11-29 17:53:24 +00:00 · cb32d084aa
commit cb32d084aa
parent f33250fcc1
3 changed files with 70 additions and 66 deletions
--- a/docs/proposed/config-split.md
+++ b/docs/proposed/config-split.md
@ -114,6 +114,7 @@ section dedicated to non boolean configuration options anymore.
 #define MBEDTLS_HAVE_TIME
 #define MBEDTLS_HAVE_TIME_DATE
 //#define MBEDTLS_MEMORY_BACKTRACE
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
 //#define MBEDTLS_MEMORY_DEBUG
 #define MBEDTLS_PLATFORM_C
 //#define MBEDTLS_PLATFORM_EXIT_ALT
@ -248,6 +249,8 @@ PSA_WANT_\* macros as in current `crypto_config.h`.
 #define MBEDTLS_PSA_CRYPTO_STORAGE_C
 //#define MBEDTLS_PSA_INJECT_ENTROPY
 #define MBEDTLS_PSA_ITS_FILE_C
+#define MBEDTLS_PSA_KEY_STORE_DYNAMIC
+//#define MBEDTLS_PSA_STATIC_KEY_SLOTS

 //#define MBEDTLS_ENTROPY_MAX_GATHER                128
 //#define MBEDTLS_ENTROPY_MAX_SOURCES                20
@ -255,6 +258,7 @@ PSA_WANT_\* macros as in current `crypto_config.h`.
 //#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h"
 //#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h"
 //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
+//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE       256
 ```

 #### SECTION Builtin drivers
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@ -304,23 +304,6 @@
 */
 #define MBEDTLS_ERROR_STRERROR_DUMMY

-/**
- * \def MBEDTLS_PSA_KEY_STORE_DYNAMIC
- *
- * Dynamically resize the PSA key store to accommodate any number of
- * volatile keys (until the heap memory is exhausted).
- *
- * If this option is disabled, the key store has a fixed size
- * #MBEDTLS_PSA_KEY_SLOT_COUNT for volatile keys and loaded persistent keys
- * together.
- *
- * This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled.
- *
- * Module:  library/psa_crypto.c
- * Requires: MBEDTLS_PSA_CRYPTO_C
- */
-#define MBEDTLS_PSA_KEY_STORE_DYNAMIC
-
 /**
 * \def MBEDTLS_SELF_TEST
 *
@ -941,22 +924,6 @@
 */
 #define MBEDTLS_ERROR_C

-/**
- * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Enable the buffer allocator implementation that makes use of a (stack)
- * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
- * calls)
- *
- * Module:  library/memory_buffer_alloc.c
- *
- * Requires: MBEDTLS_PLATFORM_C
- *           MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
- *
- * Enable this module to enable the buffer memory allocator.
- */
-//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-
 /**
 * \def MBEDTLS_NET_C
 *
@ -992,26 +959,6 @@
 */
 #define MBEDTLS_PKCS7_C

-/**
- * \def MBEDTLS_PSA_STATIC_KEY_SLOTS
- *
- * Statically preallocate memory to store keys' material in PSA instead
- * of allocating it dynamically when required. This allows builds without a
- * heap, if none of the enabled cryptographic implementations or other features
- * require it.
- * This feature affects both volatile and persistent keys which means that
- * it's not possible to persistently store a key which is larger than
- * #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE.
- *
- * \note This feature comes with a (potentially) higher RAM usage since:
- *       - All the key slots are allocated no matter if they are used or not.
- *       - Each key buffer's length is #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- */
-//#define MBEDTLS_PSA_STATIC_KEY_SLOTS
-
 /**
 * \def MBEDTLS_SSL_CACHE_C
 *
@ -1301,19 +1248,6 @@
 * plus optionally a same-line Doxygen comment here if there is a Doxygen
 * comment in the specific module. */

-/**
- * \def MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
- *
- * Define the size (in bytes) of each static key buffer when
- * #MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not
- * explicitly defined then it's automatically guessed from available PSA keys
- * enabled in the build through PSA_WANT_xxx symbols.
- * If required by the application this parameter can be set to higher values
- * in order to store larger objects (ex: raw keys), but please note that this
- * will increase RAM usage.
- */
-//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE       256
-
 /* SSL Cache options */
 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
--- a/tf-psa-crypto/include/psa/crypto_config.h
+++ b/tf-psa-crypto/include/psa/crypto_config.h
@ -154,6 +154,22 @@
 * \{
 */

+/**
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
+ * calls)
+ *
+ * Module:  library/memory_buffer_alloc.c
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *           MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
 /**
 * \def MBEDTLS_FS_IO
 *
@ -1241,6 +1257,43 @@
 */
 #define MBEDTLS_PSA_ITS_FILE_C

+/**
+ * \def MBEDTLS_PSA_KEY_STORE_DYNAMIC
+ *
+ * Dynamically resize the PSA key store to accommodate any number of
+ * volatile keys (until the heap memory is exhausted).
+ *
+ * If this option is disabled, the key store has a fixed size
+ * #MBEDTLS_PSA_KEY_SLOT_COUNT for volatile keys and loaded persistent keys
+ * together.
+ *
+ * This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled.
+ *
+ * Module:  library/psa_crypto.c
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ */
+#define MBEDTLS_PSA_KEY_STORE_DYNAMIC
+
+/**
+ * \def MBEDTLS_PSA_STATIC_KEY_SLOTS
+ *
+ * Statically preallocate memory to store keys' material in PSA instead
+ * of allocating it dynamically when required. This allows builds without a
+ * heap, if none of the enabled cryptographic implementations or other features
+ * require it.
+ * This feature affects both volatile and persistent keys which means that
+ * it's not possible to persistently store a key which is larger than
+ * #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE.
+ *
+ * \note This feature comes with a (potentially) higher RAM usage since:
+ *       - All the key slots are allocated no matter if they are used or not.
+ *       - Each key buffer's length is #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ */
+//#define MBEDTLS_PSA_STATIC_KEY_SLOTS
+
 /* Entropy options */
 //#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
 //#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
@ -1313,6 +1366,19 @@
 */
 //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32

+/**
+ * \def MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+ *
+ * Define the size (in bytes) of each static key buffer when
+ * #MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not
+ * explicitly defined then it's automatically guessed from available PSA keys
+ * enabled in the build through PSA_WANT_xxx symbols.
+ * If required by the application this parameter can be set to higher values
+ * in order to store larger objects (ex: raw keys), but please note that this
+ * will increase RAM usage.
+ */
+//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE       256
+
 /** \} name SECTION: PSA core */

 /**