zephyr

bartoszek/zephyr

Fork 0

Commit Graph

Author	SHA1	Message	Date
Valerio Setti	12ff947568	mbedtls: add new PSA_CRYPTO_CLIENT config Using MBEDTLS_PSA_CRYPTO_CLIENT to guard all PSA_WANT symbols is not completely correct because: 1. the prefix MBEDTLS suggests that it's something related to MbedTLS, while actually PSA APIs can be provided also by other implementations (ex: TFM) 2. there might applications which are willing to use PSA APIs without using MbedTLS at all. For example computing an hash can be as simple as writing psa_hash_compute() and, if the PSA function is provided thorugh TFM, then MbedTLS is not required at all Therefore this commit: - moves MBEDTLS_PSA_CRYPTO_CLIENT to Kconfig.tls-generic since that symbol belongs to MbedTLS - adds a new symbol named PSA_CRYPTO_CLIENT as a generic way to state that there is "some" PSA crypto API provider - let MBEDTLS_PSA_CRYPTO_CLIENT automatically select PSA_CRYPTO_CLIENT, since the former is an implementation of the latter. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2024-05-23 11:53:02 -04:00
Valerio Setti	e58ebe12f4	mbedtls: add configuration file for PSA features Adding a Kconfig and a header file to control which PSA features are to be used from MbedTLS: - new kconfig symbols are placed in a separate header file (Kconfig.psa) and are guarded by MBEDTLS_PSA_CRYPTO_CLIENT. The reason for this is that TLS/X509 can either rely on PSA functions provided by MbedTLS (when MBEDTLS_PSA_CRYPTO_C is defined) or TFM (when BUILD_WITH_TFM is selected). Therefore we could not make these new Kconfigs depending on MBEDTLS_PSA_CRYPTO_C. - by default all PSA symbols are enabled, but they can be disabled by respective Kconfigs in order to reduce the image size. - the new header file (config-psa-generic.h) mimics what config-tls-generic.h does for MbedTLS builtin symbols: it enables a build symbol for every Kconfig one. The name is kept identical in the 2 cases (a part from the initial CONFIG_ in order to simplify the mechanism). - MBEDTLS_PSA_CRYPTO_CONFIG is finally enabled whenever there is any PSA crypto provider (either MBEDTLS_PSA_CRYPTO_C or TFM) Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2024-05-23 11:53:02 -04:00
Valerio Setti	7e2f06cbc2	mbedtls: add Kconfig option for PSA_WANT_ALG_SHA_256 Create a new Kconfig named CONFIG_PSA_WANT_ALG_SHA_256 which allows to enable PSA_WANT_ALG_SHA_256. This allows to use PSA functions to compute SHA256 hashes. When PSA is provided by TFM this allows also to remove legacy mbedtls_sha256() support and therefore reduce footprint for the NS side. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2024-05-08 22:14:19 -07:00

Author

SHA1

Message

Date

Valerio Setti

12ff947568

mbedtls: add new PSA_CRYPTO_CLIENT config

Using MBEDTLS_PSA_CRYPTO_CLIENT to guard all PSA_WANT symbols is
not completely correct because:

1. the prefix MBEDTLS suggests that it's something related to
   MbedTLS, while actually PSA APIs can be provided also
   by other implementations (ex: TFM)

2. there might applications which are willing to use PSA APIs
   without using MbedTLS at all. For example computing an hash
   can be as simple as writing psa_hash_compute() and, if the
   PSA function is provided thorugh TFM, then MbedTLS is not
   required at all

Therefore this commit:

- moves MBEDTLS_PSA_CRYPTO_CLIENT to Kconfig.tls-generic since
  that symbol belongs to MbedTLS

- adds a new symbol named PSA_CRYPTO_CLIENT as a generic way
  to state that there is "some" PSA crypto API provider

- let MBEDTLS_PSA_CRYPTO_CLIENT automatically select
  PSA_CRYPTO_CLIENT, since the former is an implementation of
  the latter.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>

2024-05-23 11:53:02 -04:00

Valerio Setti

e58ebe12f4

mbedtls: add configuration file for PSA features

Adding a Kconfig and a header file to control which PSA features
are to be used from MbedTLS:

- new kconfig symbols are placed in a separate header file
  (Kconfig.psa) and are guarded by MBEDTLS_PSA_CRYPTO_CLIENT. The
  reason for this is that TLS/X509 can either rely on PSA functions
  provided by MbedTLS (when MBEDTLS_PSA_CRYPTO_C is defined) or
  TFM (when BUILD_WITH_TFM is selected). Therefore we could
  not make these new Kconfigs depending on MBEDTLS_PSA_CRYPTO_C.

- by default all PSA symbols are enabled, but they can be
  disabled by respective Kconfigs in order to reduce the image
  size.

- the new header file (config-psa-generic.h) mimics what
  config-tls-generic.h does for MbedTLS builtin symbols: it
  enables a build symbol for every Kconfig one. The name is
  kept identical in the 2 cases (a part from the initial CONFIG_
  in order to simplify the mechanism).

- MBEDTLS_PSA_CRYPTO_CONFIG is finally enabled whenever there
  is any PSA crypto provider (either MBEDTLS_PSA_CRYPTO_C or
  TFM)

Signed-off-by: Valerio Setti <vsetti@baylibre.com>

2024-05-23 11:53:02 -04:00

Valerio Setti

7e2f06cbc2

mbedtls: add Kconfig option for PSA_WANT_ALG_SHA_256

Create a new Kconfig named CONFIG_PSA_WANT_ALG_SHA_256 which allows to
enable PSA_WANT_ALG_SHA_256. This allows to use PSA functions to
compute SHA256 hashes. When PSA is provided by TFM this allows also
to remove legacy mbedtls_sha256() support and therefore reduce
footprint for the NS side.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>

2024-05-08 22:14:19 -07:00

3 Commits