search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.21k stars 2.55k forks source link

Study: Adapt "Mbed TLS feature support" configuration options for the crypto split #9100

Open ronald-cron-arm opened 4 months ago

ronald-cron-arm commented 4 months ago

Adapt the configuration options in the section "Mbed TLS feature support" of mbedtls_config.h for the crypto split. As of 771fd7d1dc there are 160 such options.

Table columns legend: R: Remove K: Keep in mbedtls_config.h M: Move to crypto_config.h:C-G(general),C-S(system, not in TF-PSA-Crypto config yet), C-C(core section), C-D(driver section)

R K Move to Comment
MBEDTLS_*_ALT x #8149
MBEDTLS_AES_ROM_TABLES C-D
MBEDTLS_AES_FEWER_TABLES C-D
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH C-D
MBEDTLS_AES_USE_HARDWARE_ONLY C-D
MBEDTLS_CAMELLIA_SMALL_MEMORY C-D
MBEDTLS_CHECK_RETURN_WARNING C-G
MBEDTLSCIPHER* x #8153
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY C-D
MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED C-D
MBEDTLS_ECPDP*_ENABLED x #8153
MBEDTLS_ECP_NIST_OPTIM C-D
MBEDTLS_ECP_RESTARTABLE ???
MBEDTLS_ECP_WITH_MPI_UINT C-D
MBEDTLS_ECDSA_DETERMINISTIC x #8153
MBEDTLS_KEYEXCHANGE*_ENABLED x
MBEDTLS_PK_PARSE_EC_EXTENDED ???
MBEDTLS_PK_PARSE_EC_COMPRESSED ???
MBEDTLS_ERROR_STRERROR_DUMMY x
MBEDTLS_GENPRIME x #8153
MBEDTLS_FS_IO C-G
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES C-C
MBEDTLS_NO_PLATFORM_ENTROPY C-C TF_PSA_CRYPTO_PLATFORM_ENTROPY in TF-PSA-Crypto
MBEDTLS_ENTROPY_FORCE_SHA256 C-C
MBEDTLS_ENTROPY_NV_SEED C-C
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER C-C
MBEDTLS_MEMORY_DEBUG C-G
MBEDTLS_MEMORY_BACKTRACE C-G
MBEDTLS_PK_RSA_ALT_SUPPORT x #8149
MBEDTLS_PKCS1_V15 x #8153
MBEDTLS_PKCS1_V21 x #8153
MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS C-C
MBEDTLS_PSA_CRYPTO_CLIENT C-C
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG C-C
MBEDTLS_PSA_CRYPTO_SPM C-C
MBEDTLS_PSA_P256M_DRIVER_ENABLED C-D
MBEDTLS_PSA_INJECT_ENTROPY C-C
MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS C-C
MBEDTLS_RSA_NO_CRT C-D
MBEDTLS_SELF_TEST C-G
MBEDTLS_SHA256_SMALLER C-D
MBEDTLS_SHA512_SMALLER C-D
MBEDTLSSSL* x
MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN C-G
MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND C-G
MBEDTLS_TEST_HOOKS C-G
MBEDTLS_THREADING_ALT C-S
MBEDTLS_THREADING_PTHREAD C-S
MBEDTLS_USE_PSA_CRYPTO x
MBEDTLS_PSA_CRYPTO_CONFIG x
MBEDTLS_VERSION_FEATURES C-G
MBEDTLSX509* x
ronald-cron-arm commented 3 months ago

See https://github.com/Mbed-TLS/mbedtls/pull/9236.