Turn the MBEDTLS_RSA_FULL selects into depends on.
This is how the other MBEDTLS_KEY_EXCHANGE_* Kconfig options are defined.
This is done to avoid circular dependencies.
At the same time update uses of the affected MBEDTLS_KEY_EXCHANGE_*
Kconfig options to enable/disable the dependencies which used to be
automatically handled.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This is based on the introduction of a helper Kconfig symbol in
"subsys/random/Kconfig" which is named CSPRNG_AVAILABLE. When this is
enabled it means that there is a "zephyr,entropy" property defined in the
device-tree, therefore Mbed TLS can select ENTROPY_GENERATOR to allow
the platform specific driver to be included into the build.
This commit also changes other locations where CSPRNG_ENABLED was used
moving it to CSPRNG_AVAILABLE in order to solve dependency loop
build failures.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
As part of TinyCrypt deprecation process (#79566) this commit
removes usage of this library from the JWT subsystem and its
related tests.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit:
- creates 2 new files, jwt_ecdsa.c and jwt_rsa.c, to hold the
implementations of the corresponding ECDSA/RSA signature
algorithms;
- RSA signature is stil done through Mbed TLS's PK module which
can optionally make use of PSA (if enabled);
- ECDSA signature will instead use PSA, if possible, or TinyCrypt
as fallback.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Mbed TLS automatically sets PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR_BASIC
whenever "_IMPORT || _EXPORT || _GENERATE || _DERIVE" operations
are set. Therefore we just set the proper actions where required.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit add the proper PSA_WANT kconfigs which are required
to perform an RSA signature when a PSA crypto provider is
available in the system (i.e. CONFIG_PSA_CRYPTO_CLIENT is set).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
In an effort to shave off code size, remove out-of-the-box
enabling of crypto features (except SHA-256).
Configurations are adjusted to enable what they need.
Bonuses:
- When enabled, AES now defaults to using a smaller version
(`CONFIG_MBEDTLS_AES_ROM_TABLES` isn't default enabled anymore,
and if enabled, `CONFIG_MBEDTLS_AES_FEWER_TABLES` defaults to y).
- Conditions around Mbed TLS Kconfig options have been improved
to reflect the reality of the dependencies.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Sort entries alphabetically and cleanup top level menu for each
subsystem. Move stats subsystem Kconfig from debug into its own Kconfig.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
I think people might be reading differences into 'if' and 'depends on'
that aren't there, like maybe 'if' being needed to "hide" a symbol,
while 'depends on' just adds a dependency.
There are no differences between 'if' and 'depends on'. 'if' is just a
shorthand for 'depends on'. They work the same when it comes to creating
implicit menus too.
The way symbols get "hidden" is through their dependencies not being
satisfied ('if'/'depends on' get copied up as a dependency on the
prompt).
Since 'if' and 'depends on' are the same, an 'if' with just a single
symbol in it can be replaced with a 'depends on'. IMO, it's best to
avoid 'if' there as a style choice too, because it confuses people into
thinking there's deep Kconfig magic going on that requires 'if'.
Going for 'depends on' can also remove some nested 'if's, which
generates nicer symbol information and docs, because nested 'if's really
are so simple/dumb that they just add the dependencies from both 'if's
to all symbols within.
Replace a bunch of single-symbol 'if's with 'depends on' to despam the
Kconfig files a bit and make it clearer how things work. Also do some
other minor related dependency refactoring.
The replacement isn't complete. Will fix up the rest later. Splitting it
a bit to make it more manageable.
(Everything above is true for choices, menus, and comments as well.)
Detected by tweaking the Kconfiglib parsing code. It's impossible to
detect after parsing, because 'if' turns into 'depends on'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This patch adds a JSON web token library that adds the capability
to sign JSON tokens. This was located in subsys due to the dependency
on MBEDTLS, which resides in /ext.
Signed-off-by: David Brown <david.brown@linaro.org>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
