mbedtls: make PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC promptless
#82862
+49
−15
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
valeriosetti
force-pushed
the
set-psa-want-key-pair-basic-promptless
branch
3 times, most recently
from
5e036e7 to
29b7f97
Compare
zephyrbot
requested review from
jukkar,
pdgendt,
rlubos,
ssharks and
tbursztyka
tomi-font
requested changes
Dec 12, 2024
valeriosetti
force-pushed
the
set-psa-want-key-pair-basic-promptless
branch
from
29b7f97 to
d910be5
Compare
tomi-font
previously approved these changes
Dec 12, 2024
Comment on lines
+60
to
+67
| # In Mbed TLS the PSA_WANT_KEY_TYPE_[ECC|RSA|DH]_KEY_PAIR_BASIC build symbols | ||
| # are automatically enabled whenever any other _IMPORT, _EXPORT, _GENERATE or | ||
| # _DERIVE feature is set for the same key type | ||
| # (see "modules/crypto/mbedtls/include/psa/crypto_adjust_config_key_pair_types.h"). | ||
| # Therefore we mimic the same pattern with Kconfigs as follows: | ||
| # - do not add _BASIC Kconfigs to the automatic generated file (KCONFIG_PATH); | ||
| # - add _BASIC Kconfigs to Kconfig.psa.logic and let them "default y" as soon as | ||
| # any other _IMPORT, _EXPORT, _GENERATE or _DERIVE Kconfigs are enabled. |
There was a problem hiding this comment.
Not sure such a length comment was needed (could have been more generic), but it's good as is to me. 🙂
valeriosetti
force-pushed
the
set-psa-want-key-pair-basic-promptless
branch
from
d910be5 to
098b37c
Compare
tomi-font
previously approved these changes
Dec 12, 2024
PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC build symbols are automatically enabled in Mbed TLS header files whenever any key pair feature between IMPORT,EXPORT, GENERATE,DERIVE is set. So we mimic the same behavior with Kconfig symbols: - do not add BASIC to the automatic generated Kconfig file; - let BASIC be auto-enabled as soon as any other feature (IMPORT,EXPORT, GENERATE,DERIVE) is enabled for the same key type. The 2nd point is achieved by adding a new Kconfig file which is meant to hold the logic between PSA_WANT symbols. This is necessary because Kconfig.psa is automatically generated. Signed-off-by: Valerio Setti <[email protected]>
Rename Kconfig.psa to Kconfig.psa.auto to emphasize that this file is automatically generated. Signed-off-by: Valerio Setti <[email protected]>
valeriosetti
force-pushed
the
set-psa-want-key-pair-basic-promptless
branch
from
098b37c to
b0e02bc
Compare
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC is promptless so it cannot be selected. Moreover it's also automatically enabled by CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE in the same overlay file so there would be no need to explicitly enable it. As for the IMPORT, EXPORT, DERIVE they are needed for the TLS connection to work properly. Previously it was working because at least IMPORT and EXPORT are internally enabled by Mbed TLS at build time. So here we are basically doing the same enablements with Kconfigs in clear. Signed-off-by: Valerio Setti <[email protected]>
valeriosetti
force-pushed
the
set-psa-want-key-pair-basic-promptless
branch
from
b0e02bc to
85b0778
Compare
tomi-font
approved these changes
Dec 12, 2024
carlescufi
approved these changes
Dec 16, 2024
ceolin
approved these changes
Dec 16, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASICwill be selected by any of:PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_IMPORTPSA_WANT_KEY_TYPE_xxx_KEY_PAIR_EXPORTPSA_WANT_KEY_TYPE_xxx_KEY_PAIR_GENERATEPSA_WANT_KEY_TYPE_xxx_KEY_PAIR_DERIVE.This mechanism mimic what Mbed TLS already does internally with the corresponding build symbols.