commit 8e1b463e340a4e7af23194b47f312f5ac903776a
author Ronald Cron <ronald.cron@arm.com> Mon Sep 02 16:21:44 2024 +0200
committer Ronald Cron <ronald.cron@arm.com> Wed Sep 04 08:35:34 2024 +0200
tree 2407f01debb927997d40a0553b09ef449ff7bc27
parent e5d0f8c90638430f61b73983524bdc9ae458356e

Reorder sections

Move "Cryptographic mechanism selection (extended API)"
and "Data format support" just after section
Cryptographic mechanism selection (PSA API)"

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

docs/proposed/config-split.md

diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md
index 7116245..f4d7bda 100644
--- a/docs/proposed/config-split.md
+++ b/docs/proposed/config-split.md
@@ -53,19 +53,21 @@
 equivalent of the pre-split crypto_config.h configuration file containing the
 PSA_WANT_ prefixed macros.
 
+The following section named "Cryptographic mechanism selection (extended API)"
+contains the configuration options for the cryptography mechanisms that are not
+yet part of the PSA cryptography API (like LMS or PK).
+
+It is followed by the "Data format support" section that contains configuration
+options of utilities related to various data formats (like base64 or ASN1 APIs).
+These utilities aim to facilitate the usage of the PSA cryptography API in other
+cryptography projects.
+
 Compared to Mbed TLS, the cryptography code in TF-PSA-Crypto is not located
 in a single directory but split between the PSA core (core directory) and the
 PSA builtin drivers (drivers/builtin/src directory). This is reflected in
 tf_psa_crypto_config.h with two sections respectively named "PSA core" and
 "Builtin drivers".
 
-The two following sections contain the configuration options for the cryptography
-mechanisms that are not yet part of the PSA cryptography API (like LMS) and
-for cryptography utilities (like base64 or ASN1 APIs) that facilitate the usage
-of the PSA cryptography API in other cryptography projects. They are
-named respectively "Cryptographic mechanism selection (extended API)"
-options" and "Data format support".
-
 Finally, the last section named "Legacy cryptography" contains the configuration
 options that will eventually be removed as duplicates of PSA_WANT_\* and
 MBEDTLS_PSA_ACCEL_\* configuration options.
@@ -156,6 +158,45 @@
 PSA_WANT_\* macros as in current crypto_config.h.
 
 
+* SECTION "Cryptographic mechanism selection (extended API)"
+#define MBEDTLS_CIPHER_C
+//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_HMAC_DRBG_C
+#define MBEDTLS_LMS_C
+//#define MBEDTLS_LMS_PRIVATE
+#define MBEDTLS_MD_C
+#define MBEDTLS_NIST_KW_C
+#define MBEDTLS_PK_PARSE_EC_EXTENDED
+#define MBEDTLS_PK_PARSE_EC_COMPRESSED
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_PKCS5_C
+#define MBEDTLS_PKCS12_C
+
+//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
+//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48
+//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000
+//#define MBEDTLS_CTR_DRBG_MAX_INPUT                256
+//#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024
+//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384
+//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000
+//#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256
+//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024
+//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384
+
+
+* SECTION "Data format support"
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PEM_PARSE_C
+#define MBEDTLS_PEM_WRITE_C
+
+
 * SECTION "PSA core"
 //#define MBEDTLS_ENTROPY_HARDWARE_ALT
 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
@@ -215,44 +256,6 @@
 //#define MBEDTLS_RSA_GEN_KEY_MIN_BITS            1024
 
 
-* SECTION "Cryptographic mechanism selection (extended API)"
-#define MBEDTLS_CIPHER_C
-//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
-#define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_LMS_C
-//#define MBEDTLS_LMS_PRIVATE
-#define MBEDTLS_MD_C
-#define MBEDTLS_NIST_KW_C
-#define MBEDTLS_PK_PARSE_EC_EXTENDED
-#define MBEDTLS_PK_PARSE_EC_COMPRESSED
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
-#define MBEDTLS_PK_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PKCS5_C
-#define MBEDTLS_PKCS12_C
-
-//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
-//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48
-//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000
-//#define MBEDTLS_CTR_DRBG_MAX_INPUT                256
-//#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024
-//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384
-//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000
-//#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256
-//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024
-//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384
-
-
-* SECTION "Data format support"
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#define MBEDTLS_BASE64_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PEM_PARSE_C
-#define MBEDTLS_PEM_WRITE_C
-
 * SECTION "Legacy cryptography"
 #define MBEDTLS_CIPHER_MODE_CBC
 #define MBEDTLS_CIPHER_MODE_CFB