From dfa42b34ab4e686079bd4fb2eb666eaa467c0106 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 22 Sep 2023 12:33:58 +0200 Subject: [PATCH] Improve documentation about driver-only p256-m. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/psa-driver-example-and-guide.md | 2 +- include/mbedtls/mbedtls_config.h | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md index 062b05cad9..85ad258f5c 100644 --- a/docs/psa-driver-example-and-guide.md +++ b/docs/psa-driver-example-and-guide.md @@ -146,7 +146,7 @@ The Mbed TLS build system includes the instructions needed to build p256-m. To b python3 scripts/config.py set MBEDTLS_PSA_P256M_DRIVER_ENABLED make -(You need extra steps if you want to disable the built-in implementation of ECC algorithms, which includes more features than p256-m. Refer to the documentation of `MBEDTLS_PSA_P256M_DRIVER_ENABLED` for more information.) +(You need extra steps if you want to disable the built-in implementation of ECC algorithms, which includes more features than p256-m. Refer to the documentation of `MBEDTLS_PSA_P256M_DRIVER_ENABLED` and `docs/driver-only-builds.md` for more information.) The driver prefix for p256-m is `P256`/`p256`. The p256-m driver implements the following entry points: `import_key`, `export_public_key`, `generate_key`, `key_agreement`, `sign_hash`, `verify_hash`. diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 1c541ca4b0..52e5bf971c 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1453,13 +1453,13 @@ * * \note To genuinely benefit from the smaller code size of p256-m, make * sure that you do not enable any ECC-related option that requires - * the built-in implementation of elliptic curve arithmetic. This - * means enabling #MBEDTLS_PSA_CRYPTO_C, #MBEDTLS_PSA_CRYPTO_CONFIG, - * #PSA_WANT_ECC_SECP_R1_256 and #MBEDTLS_PSA_P256M_DRIVER_ENABLED, - * plus any of the `PSA_WANT_ALG_xxx` and `PSA_WANT_KEY_TYPE_xxx` - * options listed above, and not enabling other ECC-related options - * through `PSA_WANT_xxx` or `MBEDTLS_xxx` (in particular, not - * enabling other curves or EC-JPAKE). + * the built-in implementation of elliptic curve arithmetic. Make sure + * #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than + * SECP256R1 are disabled as they are not supported by this driver. + * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or + * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of + * the built-in ECC implementation, see docs/driver-only-builts.md. */ //#define MBEDTLS_PSA_P256M_DRIVER_ENABLED