commit 885ea8db8f04cdc4237a220ed3ad3f05909e3e87
author Ryan Everett <ryan.everett@arm.com> Wed Apr 24 16:34:14 2024 +0100
committer Ronald Cron <ronald.cron@arm.com> Thu May 16 08:12:02 2024 +0200
tree 4a76463378edf79fa8a18ecbf6acdcd08651517e
parent bdce65700ecb11adbc845993199badfb1c64072d

Add a crypto config file for config-thread

This file consists of PSA symbols which are defined
if and only if the original config was set

Signed-off-by: Ryan Everett <ryan.everett@arm.com>

configs/config-thread.h

diff --git a/configs/config-thread.h b/configs/config-thread.h
index 2f81f90..e696583 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -17,15 +17,19 @@
  * - no X.509
  * - support for experimental EC J-PAKE key exchange
  *
+ * To be used in conjunction with configs/crypto-config-thread.h.
  * See README.txt for usage instructions.
  */
 
+#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-thread.h"
+
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+
 /* System support */
 #define MBEDTLS_HAVE_ASM
 
 /* Mbed TLS feature support */
 #define MBEDTLS_AES_ROM_TABLES
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
 #define MBEDTLS_ECP_NIST_OPTIM
 #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
@@ -35,23 +39,17 @@
 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
 
 /* Mbed TLS modules */
-#define MBEDTLS_AES_C
 #define MBEDTLS_ASN1_PARSE_C
 #define MBEDTLS_ASN1_WRITE_C
 #define MBEDTLS_BIGNUM_C
-#define MBEDTLS_CCM_C
 #define MBEDTLS_CIPHER_C
 #define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_CMAC_C
-#define MBEDTLS_ECJPAKE_C
-#define MBEDTLS_ECP_C
 #define MBEDTLS_ENTROPY_C
 #define MBEDTLS_HMAC_DRBG_C
 #define MBEDTLS_MD_C
 #define MBEDTLS_OID_C
 #define MBEDTLS_PK_C
 #define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_SHA256_C
 #define MBEDTLS_SSL_COOKIE_C
 #define MBEDTLS_SSL_CLI_C
 #define MBEDTLS_SSL_SRV_C

configs/crypto-config-thread.h

diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h
new file mode 100644
index 0000000..7ea66da
--- /dev/null
+++ b/configs/crypto-config-thread.h
@@ -0,0 +1,46 @@
+/**
+ * \file crypto-config-thread.h
+ *
+ * \brief Minimal crypto configuration for using TLS as part of Thread
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * Minimal crypto configuration for using TLS as part of Thread
+ * http://threadgroup.org/
+ *
+ * Distinguishing features:
+ * - no RSA or classic DH, fully based on ECC
+ * - no X.509
+ * - support for experimental EC J-PAKE key exchange
+ *
+ * To be used in conjunction with configs/config-thread.h.
+ * See README.txt for usage instructions.
+ */
+
+#ifndef PSA_CRYPTO_CONFIG_H
+#define PSA_CRYPTO_CONFIG_H
+
+#define PSA_WANT_ALG_CCM                        1
+#define PSA_WANT_ALG_CMAC                       1
+#define PSA_WANT_ALG_JPAKE                      1
+#define PSA_WANT_ALG_SHA_256                    1
+#define PSA_WANT_ALG_TLS12_PRF                  1
+#define PSA_WANT_ALG_TLS12_PSK_TO_MS            1
+#define PSA_WANT_ALG_CCM_STAR_NO_TAG            1
+#define PSA_WANT_ALG_ECB_NO_PADDING             1
+#define PSA_WANT_ALG_HMAC                       1
+#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS       1
+#define PSA_WANT_ECC_SECP_R1_256                1
+
+#define PSA_WANT_KEY_TYPE_AES                   1
+#define PSA_WANT_KEY_TYPE_DERIVE                1
+#define PSA_WANT_KEY_TYPE_HMAC                  1
+#define PSA_WANT_KEY_TYPE_RAW_DATA              1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC    1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE   1
+#endif /* PSA_CRYPTO_CONFIG_H */