TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / f75e65d90baeb812f303ebe6ee99553ced01396b^! / . / docs / psa-transition.md
commitf75e65d90baeb812f303ebe6ee99553ced01396b[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Thu Jun 15 18:39:14 2023 +0200
committerGilles Peskine <Gilles.Peskine@arm.com>Thu Jun 15 18:39:14 2023 +0200
treef885e87059c6f43eaca10cbe49b82353ea3d8d76
parent5bd4f17e4e48cbffb38b92534ad01ad0af8a879b [diff] [blame]
Rename PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_USE to ..._BASIC

per https://github.com/Mbed-TLS/mbedtls/issues/7439#issuecomment-1592673401
and https://github.com/Mbed-TLS/mbedtls/pull/7774#discussion_r1230658660

State that EXPORT implies BASIC.

Also fix missing `WANT_` parts.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/docs/psa-transition.md b/docs/psa-transition.md
index 80abd25..ed6c016 100644
--- a/docs/psa-transition.md
+++ b/docs/psa-transition.md

@@ -163,11 +163,11 @@
 * To make `PSA_KEY_TYPE_ttt` available, enable `PSA_WANT_KEY_TYPE_ttt`.
 
     As an exception, starting in Mbed TLS 3.5.0, for key pair types, the feature selection is more fine-grained, with an additional suffix:
-    * `PSA_KEY_TYPE_xxx_USE` enables support for operations with a key of that type (for enabled algorithms). This is automatically enabled if any key creation method (`IMPORT`, `GENERATE` or `DERIVE`) is enabled.
-    * `PSA_KEY_TYPE_xxx_IMPORT` enables support for `psa_import_key` to import a key of that type.
-    * `PSA_KEY_TYPE_xxx_GENERATE` enables support for `psa_generate_key` to randomly generate a key of that type.
-    * `PSA_KEY_TYPE_xxx_DERIVE` enables support for `psa_key_derivation_output_key` to deterministically derive a key of that type.
-    * `PSA_KEY_TYPE_xxx_EXPORT` enables support for `psa_export_key` to export a key of that type.
+    * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC` enables basic support for the key type, and in particular support for operations with a key of that type for enabled algorithms. This is automatically enabled if any of the other `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy` options is enabled.
+    * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_IMPORT` enables support for `psa_import_key` to import a key of that type.
+    * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_GENERATE` enables support for `psa_generate_key` to randomly generate a key of that type.
+    * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_DERIVE` enables support for `psa_key_derivation_output_key` to deterministically derive a key of that type.
+    * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_EXPORT` enables support for `psa_export_key` to export a key of that type.
 
     Enabling any support for a key pair type automatically enables support for the corresponding public key type, as well as support for `psa_export_public_key` on the private key.
 
@@ -185,7 +185,7 @@
 
 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
 // ^^ In Mbed TLS <= 3.4, enable PSA_WANT_KEY_TYPE_ECC_KEY_PAIR instead
-// ^^ implicitly enables PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_USE, PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+// ^^ implicitly enables PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
 #define PSA_WANT_ECC_SECP_R1_256 1 // secp256r1 (suitable for ECDSA and ECDH)
 #define PSA_WANT_ECC_MONTGOMERY_255 1 // Curve25519 (suitable for ECDH)
 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1