From 1f968fdf19309893394bf0a86ecd54dcc24388e2 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 15 Feb 2021 14:00:24 +0100 Subject: [PATCH] Define the user-configurable PSA config flag in config.h Signed-off-by: Steven Cooreman --- include/mbedtls/config.h | 11 +++++++++++ include/psa/crypto_extra.h | 4 ++++ library/psa_crypto_slot_management.h | 6 ------ 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 251d4f057..0b755e35e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3671,6 +3671,17 @@ */ //#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 +/** \def PSA_KEY_SLOT_COUNT + * Restrict the PSA library to supporting a maximum amount of simultaneously + * loaded keys. A loaded key is a key stored by the PSA Crypto core as a + * volatile key, or a persistent key which is loaded temporarily by the + * library as part of a crypto operation in flight. + * + * If this option is unset, the library will fall back to a default value of + * 32 keys. + */ +//#define PSA_KEY_SLOT_COUNT 32 + /* SSL Cache options */ //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 14b5be39f..a10bb8bfd 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -39,6 +39,10 @@ extern "C" { /* UID for secure storage seed */ #define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52 +/* See config.h for definition */ +#if !defined(PSA_KEY_SLOT_COUNT) +#define PSA_KEY_SLOT_COUNT 32 +#endif /** \addtogroup attributes * @{ diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 32ccd4982..b0148bdca 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -25,12 +25,6 @@ #include "psa_crypto_core.h" #include "psa_crypto_se.h" -/* Number of key slots (plus one because 0 is not used). - * The value is a compile-time constant for now, for simplicity. */ -#if !defined(PSA_KEY_SLOT_COUNT) -#define PSA_KEY_SLOT_COUNT 32 -#endif - /** Range of volatile key identifiers. * * The last PSA_KEY_SLOT_COUNT identifiers of the implementation range