The configuration of the PSA cryptography repository is based on the PSA cryptography configuration as described in psa-conditional-incluson-c.md. Some additional implementation (not specification) specific configuration is needed though. The goal of this task is to define and document this.
The Mbed TLS configuration file mbedtls_config.h is still used internally in builtin but not accessible to the user.
Configuration options in mbedtls_config.h relevant to the PSA implementation:
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
MBEDTLS_PSA_CRYPTO_CLIENT Not sure about the use cases
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
MBEDTLS_PSA_CRYPTO_SPM
MBEDTLS_PSA_INJECT_ENTROPY keep ?
MBEDTLS_PSA_CRYPTO_STORAGE_C
MBEDTLS_PSA_ITS_FILE_C
The configuration of the PSA cryptography repository is based on the PSA cryptography configuration as described in psa-conditional-incluson-c.md. Some additional implementation (not specification) specific configuration is needed though. The goal of this task is to define and document this.
The Mbed TLS configuration file mbedtls_config.h is still used internally in builtin but not accessible to the user. Configuration options in mbedtls_config.h relevant to the PSA implementation:
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
MBEDTLS_PSA_CRYPTO_CLIENT Not sure about the use cases
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
MBEDTLS_PSA_CRYPTO_SPM
MBEDTLS_PSA_INJECT_ENTROPY keep ?
MBEDTLS_PSA_CRYPTO_STORAGE_C
MBEDTLS_PSA_ITS_FILE_C
MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 ?
MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
MBEDTLS_PSA_KEY_SLOT_COUNT 32
MBEDTLS_TEST_HOOKS
We probably need a psa_crypto_config.h with an equivalent to the above plus somehow crypto_config.h.
No equivalent of mbedtls/check_config.h, rather resolve dependencies?