Add a crypto config file for suite-b Also converts legacy symbols into their PSA equivalents. When PSA is defined this does not change the compiled code Signed-off-by: Ryan Everett <ryan.everett@arm.com>

commit: 4540cd342900bb9bd64f540ea51cb0629e614da0 [log] [tgz]
author: Ryan Everett <ryan.everett@arm.com> Thu Apr 25 17:30:30 2024 +0100
committer: Ronald Cron <ronald.cron@arm.com> Thu May 16 08:12:03 2024 +0200
tree: 8a4e8040cbca3e14686664fe91bb68156c8e122e
parent: 0a0393e8bd32fa2b9abf06dd41b5d2b73bed6d81 [diff]
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 9bba6e6..20bd7f9 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h

@@ -32,17 +32,13 @@
 #define MBEDTLS_SSL_PROTO_TLS1_2
 
 /* Mbed TLS modules */
-#define MBEDTLS_AES_C
 #define MBEDTLS_ASN1_PARSE_C
 #define MBEDTLS_ASN1_WRITE_C
 #define MBEDTLS_BIGNUM_C
 #define MBEDTLS_CIPHER_C
 #define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_ECDH_C
-#define MBEDTLS_ECDSA_C
 #define MBEDTLS_ECP_C
 #define MBEDTLS_ENTROPY_C
-#define MBEDTLS_GCM_C
 #define MBEDTLS_MD_C
 #define MBEDTLS_NET_C
 #define MBEDTLS_OID_C

diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h
new file mode 100644
index 0000000..8ad3875
--- /dev/null
+++ b/configs/crypto-config-suite-b.h

@@ -0,0 +1,50 @@
+/**
+ * \file crypto-config-symmetric-only.h
+ *
+ * \brief \brief Minimal crypto configuration for
+ * TLS NSA Suite B Profile (RFC 6460).
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * Minimal crypto configuration for TLS NSA Suite B Profile (RFC 6460)
+ *
+ * Distinguishing features:
+ * - no RSA or classic DH, fully based on ECC
+ * - optimized for low RAM usage
+ *
+ * Possible improvements:
+ * - if 128-bit security is enough, disable secp384r1 and SHA-512
+ * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C
+ *
+ * To be used in conjunction with configs/config-suite-b.h. */
+
+#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-suite-b.h"
+
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+
+#ifndef PSA_CRYPTO_CONFIG_H
+#define PSA_CRYPTO_CONFIG_H
+
+#define PSA_WANT_ALG_ECB_NO_PADDING              1
+#define PSA_WANT_ALG_ECDH                        1
+#define PSA_WANT_ALG_ECDSA                       1
+#define PSA_WANT_ALG_GCM                         1
+#define PSA_WANT_ALG_HMAC                        1
+#define PSA_WANT_ALG_SHA_256                     1
+#define PSA_WANT_ALG_SHA_384                     1
+#define PSA_WANT_ALG_SHA_512                     1
+#define PSA_WANT_ECC_SECP_R1_256                 1
+#define PSA_WANT_ALG_TLS12_PRF                   1
+#define PSA_WANT_ALG_TLS12_PSK_TO_MS             1
+#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS        1
+
+#define PSA_WANT_KEY_TYPE_AES                    1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC     1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE    1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE  1
+#define PSA_WANT_KEY_TYPE_HMAC                   1
+#endif /* PSA_CRYPTO_CONFIG_H */
commit	4540cd342900bb9bd64f540ea51cb0629e614da0	[log] [tgz]
author	Ryan Everett <ryan.everett@arm.com>	Thu Apr 25 17:30:30 2024 +0100
committer	Ronald Cron <ronald.cron@arm.com>	Thu May 16 08:12:03 2024 +0200
tree	8a4e8040cbca3e14686664fe91bb68156c8e122e
parent	0a0393e8bd32fa2b9abf06dd41b5d2b73bed6d81 [diff]