Skip to content

Commit

Permalink
mbedtls: make PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC Kconfig promptless
Browse files Browse the repository at this point in the history
The corresponding build symbols are automatically enabled in Mbed TLS
header files whenever any key pair feature between IMPORT,EXPORT,
GENERATE,DERIVE is set. So we do the same with Kconfig symbols:
- make BASIC promptless
- let key pair features (IMPORT,EXPORT,GENERATE,DERIVE) select BASIC.

The 2nd point is achieved by adding a new Kconfig file which is meant
to hold the logic between PSA_WANT symbols. This is necessary because
Kconfig.psa is automatically generated.

This commit also removes manual enablement of
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC from one test case.

Signed-off-by: Valerio Setti <[email protected]>
  • Loading branch information
valeriosetti committed Dec 11, 2024
1 parent 90ff9c0 commit 75fb9f8
Show file tree
Hide file tree
Showing 5 changed files with 47 additions and 7 deletions.
1 change: 1 addition & 0 deletions modules/mbedtls/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ config MBEDTLS_PROMPTLESS
dependent sub-configurations and thus prevent stuck symbol behavior.

rsource "Kconfig.psa"
rsource "Kconfig.psa.logic"

menuconfig MBEDTLS
bool "mbed TLS Support" if !MBEDTLS_PROMPTLESS
Expand Down
6 changes: 3 additions & 3 deletions modules/mbedtls/Kconfig.psa
Original file line number Diff line number Diff line change
Expand Up @@ -301,7 +301,7 @@ config PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
default y if PSA_CRYPTO_ENABLE_ALL

config PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC
bool "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC" if !MBEDTLS_PROMPTLESS
bool
default y if PSA_CRYPTO_ENABLE_ALL

config PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
Expand All @@ -321,7 +321,7 @@ config PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
default y if PSA_CRYPTO_ENABLE_ALL

config PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
bool "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" if !MBEDTLS_PROMPTLESS
bool
default y if PSA_CRYPTO_ENABLE_ALL

config PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
Expand All @@ -337,7 +337,7 @@ config PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
default y if PSA_CRYPTO_ENABLE_ALL

config PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC
bool "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC" if !MBEDTLS_PROMPTLESS
bool
default y if PSA_CRYPTO_ENABLE_ALL

config PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
Expand Down
24 changes: 24 additions & 0 deletions modules/mbedtls/Kconfig.psa.logic
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Copyright (c) 2024 BayLibre SAS
# SPDX-License-Identifier: Apache-2.0

# This file extends Kconfig.psa (which is automatically generated) by adding
# some logic between PSA_WANT symbols.

config PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC
default y
depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT || \
PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT || \
PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE || \
PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE

config PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
default y
depends on PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT || \
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT || \
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE

config PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC
default y
depends on PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT || \
PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT || \
PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
22 changes: 19 additions & 3 deletions modules/mbedtls/create_psa_files.py
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,18 @@

H_FOOTER="\n#endif /* CONFIG_PSA_H */\n"

# In Mbed TLS the following build symbols are automatically enabled whenever
# any other _IMPORT, _EXPORT, _GENERATE, _DERIVE feature is set for the same key
# type (see "modules/crypto/mbedtls/include/psa/crypto_adjust_config_key_pair_types.h").
# Therefore we make the corresponding Kconfigs promptless so that they can
# be selected by other IMPORT,EXPORT,GENERATE,DERIVE Kconfigs, replicating
# the same pattern of Mbed TLS.
PROMPTLESS_SYMBOLS = [
"PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC",
"PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC",
"PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC"
]

def parse_psa_symbols(input_file: str):
symbols = []
with open(input_file) as file:
Expand All @@ -70,11 +82,15 @@ def parse_psa_symbols(input_file: str):
def generate_kconfig_content(symbols: List[str]) -> str:
output = []
for sym in symbols:
if sym in PROMPTLESS_SYMBOLS:
prompt = ""
else:
prompt = " \"{}\" if !MBEDTLS_PROMPTLESS".format(sym)
output.append("""
config {0}
\tbool "{0}" if !MBEDTLS_PROMPTLESS
config {}
\tbool{}
\tdefault y if PSA_CRYPTO_ENABLE_ALL
""".format(sym))
""".format(sym, prompt))

return KCONFIG_HEADER + "".join(output) + KCONFIG_FOOTER

Expand Down
1 change: 0 additions & 1 deletion tests/net/socket/tls_configurations/overlay-ec.conf
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
CONFIG_PSA_WANT_ALG_ECDH=y
CONFIG_PSA_WANT_ALG_ECDSA=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE=y
CONFIG_PSA_WANT_ECC_SECP_R1_256=y

0 comments on commit 75fb9f8

Please sign in to comment.