mbedtls: add a new Kconfig file for PSA_WANT logic #78531
+152
−9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
valeriosetti
force-pushed
the
psa-depedency-logic
branch
3 times, most recently
from
ade8e9e to
eb033cc
Compare
tomi-font
requested changes
Oct 10, 2024
modules/mbedtls/Kconfig.psa.logic
Outdated
| EC-JPAKE. | ||
|
|
||
| # All the following logical constraints are taken from the PSA API documentation: | ||
| # https://arm-software.github.io/psa-api/crypto/1.1/index.html |
There was a problem hiding this comment.
It could've been good to keep this reference, but just to make it more precise if possible.
modules/mbedtls/Kconfig.psa.logic
Outdated
|
|
||
| # Mbed TLS does some assumption on asymmetric keys' build symbols | ||
| # (see modules/crypto/mbedtls/include/psa/crypto_adjust_config_key_pair_types.h): | ||
| # - PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC is automatically set whenever one of |
There was a problem hiding this comment.
Suggested change
| # - PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC is automatically set whenever one of | |
| # - that PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC is set whenever one of |
There was a problem hiding this comment.
automatically is still there but could be removed IMO.
valeriosetti
force-pushed
the
psa-depedency-logic
branch
from
eb033cc to
8406c3d
Compare
The already existing "Kconfig.psa" maps Mbed TLS's PSA_WANT_xxx symbols to Kconfigs that can be used in Zephyr to select which PSA crypto API feature should be enabled in the build. In order to ease maintainability, "Kconfig.psa" is automatically generated so it should not be edited manually to add logic between Kconfigs symbols defined there. As a consequence a new Kconfig file is introduced in this commit, named "Kconfig.psa.logic", to address this limitation. This new Kconfig file does not add new public symbols (only hidden ones, if needed) and it simply adds logic between PSA_WANT ones. This commit also renames "Kconfig.psa" as "Kconfig.psa.auto" to put it at the same "naming level" as the newly created file and, at the same time, emphasize that it is an automatically generated file. Signed-off-by: Valerio Setti <[email protected]>
valeriosetti
force-pushed
the
psa-depedency-logic
branch
from
8406c3d to
2c167ed
Compare
tomi-font
reviewed
Oct 18, 2024
| # Copyright (c) 2024 BayLibre SAS | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| # This file extends Kconfig.psa (which is automatically generated) by adding |
There was a problem hiding this comment.
Suggested change
| # This file extends Kconfig.psa (which is automatically generated) by adding | |
| # This file extends Kconfig.psa.auto (which is automatically generated) by adding |
| # SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| # This file extends Kconfig.psa (which is automatically generated) by adding | ||
| # some logic between PSA_WANT symbols. |
There was a problem hiding this comment.
Suggested change
| # some logic between PSA_WANT symbols. | |
| # some logic around PSA_WANT symbols. |
modules/mbedtls/Kconfig.psa.logic
Outdated
| EC-JPAKE. | ||
|
|
||
| # All the following logical constraints are taken from the PSA API documentation: | ||
| # https://arm-software.github.io/psa-api/crypto/1.1/index.html |
There was a problem hiding this comment.
It could've been good to keep this reference, but just to make it more precise if possible.
tomi-font
requested changes
Oct 18, 2024
Comment on lines
+66
to
+67
| # Dependencies between KDF (key derivation function) algorithms and low-level | ||
| # crypto ones. |
There was a problem hiding this comment.
If you are making such a comment, then it would make sense to properly cover all the sections. Because I think that this section stops at PSA_WANT_ALG_TLS12_PRF?
(Or just keep the old comment, IMO it was good, with a reference to the PSA Crypto spec.)
| config PSA_WANT_ALG_PBKDF2_HMAC | ||
| depends on PSA_WANT_KEY_TYPE_HMAC | ||
| depends on PSA_WANT_ALG_HMAC | ||
| depends on PSA_CAN_SOME_HASH |
There was a problem hiding this comment.
Why did you remove all the depends on PSA_WANT_KEY_TYPE_* in here?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The already existing
Kconfig.psamaps Mbed TLS's PSA_WANT_xxx symbols to Kconfigs that can be used in Zephyr to select which PSA crypto API feature should be enabled in the build. In order to ease maintainability,Kconfig.psais automatically generated so it should not be edited manually to add logic between Kconfigs symbols defined there. As a consequence a new Kconfig file is introduced in this PR, namedKconfig.psa.logic, to address this limitation. This new Kconfig file does not add new public symbols (only hidden ones, if needed) and it simply adds logic between PSA_WANT ones.This commit also updates the pyhton script
create_psa_files.pyin order to adapt it to the changes done inKconfig.psa.