diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 9f8d734d65..6fd8c49934 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -114,6 +114,7 @@ section dedicated to non boolean configuration options anymore. #define MBEDTLS_HAVE_TIME #define MBEDTLS_HAVE_TIME_DATE //#define MBEDTLS_MEMORY_BACKTRACE +//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C //#define MBEDTLS_MEMORY_DEBUG #define MBEDTLS_PLATFORM_C //#define MBEDTLS_PLATFORM_EXIT_ALT @@ -248,6 +249,8 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_PSA_CRYPTO_STORAGE_C //#define MBEDTLS_PSA_INJECT_ENTROPY #define MBEDTLS_PSA_ITS_FILE_C +#define MBEDTLS_PSA_KEY_STORE_DYNAMIC +//#define MBEDTLS_PSA_STATIC_KEY_SLOTS //#define MBEDTLS_ENTROPY_MAX_GATHER 128 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 @@ -255,6 +258,7 @@ PSA_WANT_\* macros as in current `crypto_config.h`. //#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h" //#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h" //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 +//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256 ``` #### SECTION Builtin drivers diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 6096a3f3c2..d01c1d1be7 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -304,23 +304,6 @@ */ #define MBEDTLS_ERROR_STRERROR_DUMMY -/** - * \def MBEDTLS_PSA_KEY_STORE_DYNAMIC - * - * Dynamically resize the PSA key store to accommodate any number of - * volatile keys (until the heap memory is exhausted). - * - * If this option is disabled, the key store has a fixed size - * #MBEDTLS_PSA_KEY_SLOT_COUNT for volatile keys and loaded persistent keys - * together. - * - * This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled. - * - * Module: library/psa_crypto.c - * Requires: MBEDTLS_PSA_CRYPTO_C - */ -#define MBEDTLS_PSA_KEY_STORE_DYNAMIC - /** * \def MBEDTLS_SELF_TEST * @@ -941,22 +924,6 @@ */ #define MBEDTLS_ERROR_C -/** - * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Enable the buffer allocator implementation that makes use of a (stack) - * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() - * calls) - * - * Module: library/memory_buffer_alloc.c - * - * Requires: MBEDTLS_PLATFORM_C - * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS) - * - * Enable this module to enable the buffer memory allocator. - */ -//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C - /** * \def MBEDTLS_NET_C * @@ -992,26 +959,6 @@ */ #define MBEDTLS_PKCS7_C -/** - * \def MBEDTLS_PSA_STATIC_KEY_SLOTS - * - * Statically preallocate memory to store keys' material in PSA instead - * of allocating it dynamically when required. This allows builds without a - * heap, if none of the enabled cryptographic implementations or other features - * require it. - * This feature affects both volatile and persistent keys which means that - * it's not possible to persistently store a key which is larger than - * #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. - * - * \note This feature comes with a (potentially) higher RAM usage since: - * - All the key slots are allocated no matter if they are used or not. - * - Each key buffer's length is #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes. - * - * Requires: MBEDTLS_PSA_CRYPTO_C - * - */ -//#define MBEDTLS_PSA_STATIC_KEY_SLOTS - /** * \def MBEDTLS_SSL_CACHE_C * @@ -1301,19 +1248,6 @@ * plus optionally a same-line Doxygen comment here if there is a Doxygen * comment in the specific module. */ -/** - * \def MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE - * - * Define the size (in bytes) of each static key buffer when - * #MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not - * explicitly defined then it's automatically guessed from available PSA keys - * enabled in the build through PSA_WANT_xxx symbols. - * If required by the application this parameter can be set to higher values - * in order to store larger objects (ex: raw keys), but please note that this - * will increase RAM usage. - */ -//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256 - /* SSL Cache options */ //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ diff --git a/tf-psa-crypto/include/psa/crypto_config.h b/tf-psa-crypto/include/psa/crypto_config.h index 45c7bde0b3..d36f8f6d76 100644 --- a/tf-psa-crypto/include/psa/crypto_config.h +++ b/tf-psa-crypto/include/psa/crypto_config.h @@ -154,6 +154,22 @@ * \{ */ +/** + * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C + * + * Enable the buffer allocator implementation that makes use of a (stack) + * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() + * calls) + * + * Module: library/memory_buffer_alloc.c + * + * Requires: MBEDTLS_PLATFORM_C + * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS) + * + * Enable this module to enable the buffer memory allocator. + */ +//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C + /** * \def MBEDTLS_FS_IO * @@ -1241,6 +1257,43 @@ */ #define MBEDTLS_PSA_ITS_FILE_C +/** + * \def MBEDTLS_PSA_KEY_STORE_DYNAMIC + * + * Dynamically resize the PSA key store to accommodate any number of + * volatile keys (until the heap memory is exhausted). + * + * If this option is disabled, the key store has a fixed size + * #MBEDTLS_PSA_KEY_SLOT_COUNT for volatile keys and loaded persistent keys + * together. + * + * This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled. + * + * Module: library/psa_crypto.c + * Requires: MBEDTLS_PSA_CRYPTO_C + */ +#define MBEDTLS_PSA_KEY_STORE_DYNAMIC + +/** + * \def MBEDTLS_PSA_STATIC_KEY_SLOTS + * + * Statically preallocate memory to store keys' material in PSA instead + * of allocating it dynamically when required. This allows builds without a + * heap, if none of the enabled cryptographic implementations or other features + * require it. + * This feature affects both volatile and persistent keys which means that + * it's not possible to persistently store a key which is larger than + * #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. + * + * \note This feature comes with a (potentially) higher RAM usage since: + * - All the key slots are allocated no matter if they are used or not. + * - Each key buffer's length is #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes. + * + * Requires: MBEDTLS_PSA_CRYPTO_C + * + */ +//#define MBEDTLS_PSA_STATIC_KEY_SLOTS + /* Entropy options */ //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ @@ -1313,6 +1366,19 @@ */ //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 +/** + * \def MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE + * + * Define the size (in bytes) of each static key buffer when + * #MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not + * explicitly defined then it's automatically guessed from available PSA keys + * enabled in the build through PSA_WANT_xxx symbols. + * If required by the application this parameter can be set to higher values + * in order to store larger objects (ex: raw keys), but please note that this + * will increase RAM usage. + */ +//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256 + /** \} name SECTION: PSA core */ /**