PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC build symbols are automatically
enabled in Mbed TLS header files whenever any key pair feature between
IMPORT,EXPORT, GENERATE,DERIVE is set. So we mimic the same behavior with
Kconfig symbols:
- do not add BASIC to the automatic generated Kconfig file;
- let BASIC be auto-enabled as soon as any other feature (IMPORT,EXPORT,
GENERATE,DERIVE) is enabled for the same key type.
The 2nd point is achieved by adding a new Kconfig file which is meant
to hold the logic between PSA_WANT symbols. This is necessary because
Kconfig.psa is automatically generated.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Using MBEDTLS_PSA_CRYPTO_CLIENT to guard all PSA_WANT symbols is
not completely correct because:
1. the prefix MBEDTLS suggests that it's something related to
MbedTLS, while actually PSA APIs can be provided also
by other implementations (ex: TFM)
2. there might applications which are willing to use PSA APIs
without using MbedTLS at all. For example computing an hash
can be as simple as writing psa_hash_compute() and, if the
PSA function is provided thorugh TFM, then MbedTLS is not
required at all
Therefore this commit:
- moves MBEDTLS_PSA_CRYPTO_CLIENT to Kconfig.tls-generic since
that symbol belongs to MbedTLS
- adds a new symbol named PSA_CRYPTO_CLIENT as a generic way
to state that there is "some" PSA crypto API provider
- let MBEDTLS_PSA_CRYPTO_CLIENT automatically select
PSA_CRYPTO_CLIENT, since the former is an implementation of
the latter.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Since PSA has several different symbols defined and since it's
better to keep them aligned with the current MbedTLS release,
a python script is used to generate both:
- Kconfig.psa
- config-psa-generic.h
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
