crypto_config: Migrated newer configuration options.
This commit, moves configuration entries that were not present
during the design-review.
It also updates the proposal accordingly.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md
index 9f8d734..6fd8c49 100644
--- a/docs/proposed/config-split.md
+++ b/docs/proposed/config-split.md
@@ -114,6 +114,7 @@
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE
//#define MBEDTLS_MEMORY_BACKTRACE
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
//#define MBEDTLS_MEMORY_DEBUG
#define MBEDTLS_PLATFORM_C
//#define MBEDTLS_PLATFORM_EXIT_ALT
@@ -248,6 +249,8 @@
#define MBEDTLS_PSA_CRYPTO_STORAGE_C
//#define MBEDTLS_PSA_INJECT_ENTROPY
#define MBEDTLS_PSA_ITS_FILE_C
+#define MBEDTLS_PSA_KEY_STORE_DYNAMIC
+//#define MBEDTLS_PSA_STATIC_KEY_SLOTS
//#define MBEDTLS_ENTROPY_MAX_GATHER 128
//#define MBEDTLS_ENTROPY_MAX_SOURCES 20
@@ -255,6 +258,7 @@
//#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h"
//#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h"
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
+//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256
```
#### SECTION Builtin drivers
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 6096a3f..d01c1d1 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -305,23 +305,6 @@
#define MBEDTLS_ERROR_STRERROR_DUMMY
/**
- * \def MBEDTLS_PSA_KEY_STORE_DYNAMIC
- *
- * Dynamically resize the PSA key store to accommodate any number of
- * volatile keys (until the heap memory is exhausted).
- *
- * If this option is disabled, the key store has a fixed size
- * #MBEDTLS_PSA_KEY_SLOT_COUNT for volatile keys and loaded persistent keys
- * together.
- *
- * This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled.
- *
- * Module: library/psa_crypto.c
- * Requires: MBEDTLS_PSA_CRYPTO_C
- */
-#define MBEDTLS_PSA_KEY_STORE_DYNAMIC
-
-/**
* \def MBEDTLS_SELF_TEST
*
* Enable the checkup functions (*_self_test).
@@ -942,22 +925,6 @@
#define MBEDTLS_ERROR_C
/**
- * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Enable the buffer allocator implementation that makes use of a (stack)
- * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
- * calls)
- *
- * Module: library/memory_buffer_alloc.c
- *
- * Requires: MBEDTLS_PLATFORM_C
- * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
- *
- * Enable this module to enable the buffer memory allocator.
- */
-//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-
-/**
* \def MBEDTLS_NET_C
*
* Enable the TCP and UDP over IPv6/IPv4 networking routines.
@@ -993,26 +960,6 @@
#define MBEDTLS_PKCS7_C
/**
- * \def MBEDTLS_PSA_STATIC_KEY_SLOTS
- *
- * Statically preallocate memory to store keys' material in PSA instead
- * of allocating it dynamically when required. This allows builds without a
- * heap, if none of the enabled cryptographic implementations or other features
- * require it.
- * This feature affects both volatile and persistent keys which means that
- * it's not possible to persistently store a key which is larger than
- * #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE.
- *
- * \note This feature comes with a (potentially) higher RAM usage since:
- * - All the key slots are allocated no matter if they are used or not.
- * - Each key buffer's length is #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- */
-//#define MBEDTLS_PSA_STATIC_KEY_SLOTS
-
-/**
* \def MBEDTLS_SSL_CACHE_C
*
* Enable simple SSL cache implementation.
@@ -1301,19 +1248,6 @@
* plus optionally a same-line Doxygen comment here if there is a Doxygen
* comment in the specific module. */
-/**
- * \def MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
- *
- * Define the size (in bytes) of each static key buffer when
- * #MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not
- * explicitly defined then it's automatically guessed from available PSA keys
- * enabled in the build through PSA_WANT_xxx symbols.
- * If required by the application this parameter can be set to higher values
- * in order to store larger objects (ex: raw keys), but please note that this
- * will increase RAM usage.
- */
-//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256
-
/* SSL Cache options */
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
diff --git a/tf-psa-crypto/include/psa/crypto_config.h b/tf-psa-crypto/include/psa/crypto_config.h
index 45c7bde..d36f8f6 100644
--- a/tf-psa-crypto/include/psa/crypto_config.h
+++ b/tf-psa-crypto/include/psa/crypto_config.h
@@ -155,6 +155,22 @@
*/
/**
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
+ * calls)
+ *
+ * Module: library/memory_buffer_alloc.c
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+/**
* \def MBEDTLS_FS_IO
*
* Enable functions that use the filesystem.
@@ -1241,6 +1257,43 @@
*/
#define MBEDTLS_PSA_ITS_FILE_C
+/**
+ * \def MBEDTLS_PSA_KEY_STORE_DYNAMIC
+ *
+ * Dynamically resize the PSA key store to accommodate any number of
+ * volatile keys (until the heap memory is exhausted).
+ *
+ * If this option is disabled, the key store has a fixed size
+ * #MBEDTLS_PSA_KEY_SLOT_COUNT for volatile keys and loaded persistent keys
+ * together.
+ *
+ * This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled.
+ *
+ * Module: library/psa_crypto.c
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ */
+#define MBEDTLS_PSA_KEY_STORE_DYNAMIC
+
+/**
+ * \def MBEDTLS_PSA_STATIC_KEY_SLOTS
+ *
+ * Statically preallocate memory to store keys' material in PSA instead
+ * of allocating it dynamically when required. This allows builds without a
+ * heap, if none of the enabled cryptographic implementations or other features
+ * require it.
+ * This feature affects both volatile and persistent keys which means that
+ * it's not possible to persistently store a key which is larger than
+ * #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE.
+ *
+ * \note This feature comes with a (potentially) higher RAM usage since:
+ * - All the key slots are allocated no matter if they are used or not.
+ * - Each key buffer's length is #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ */
+//#define MBEDTLS_PSA_STATIC_KEY_SLOTS
+
/* Entropy options */
//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
@@ -1313,6 +1366,19 @@
*/
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
+/**
+ * \def MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+ *
+ * Define the size (in bytes) of each static key buffer when
+ * #MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not
+ * explicitly defined then it's automatically guessed from available PSA keys
+ * enabled in the build through PSA_WANT_xxx symbols.
+ * If required by the application this parameter can be set to higher values
+ * in order to store larger objects (ex: raw keys), but please note that this
+ * will increase RAM usage.
+ */
+//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256
+
/** \} name SECTION: PSA core */
/**