Skip to content

Commit 4075370

Browse files
gudnimgnordicjm
gudnimg
authored and
nordicjm
committed
nrf_security: adjust SPAKE2P dependencies
This commit fixes an issue where if the following configs were NOT enabled: CONFIG_PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY CONFIG_PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT CONFIG_PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT CONFIG_PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE Then the following SPAKE2P configs would still get enabled when CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY is enabled: CONFIG_PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 CONFIG_PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 CONFIG_PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256 CONFIG_PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 The ECC config is always enabled when using Bluetooth. SPAKE2P is not a requirement for either Bluetooth or ECC. On nRF52832 this change reduces flash memory consumption by 320 bytes. Signed-off-by: Guðni Már Gilbert <[email protected]>
1 parent 10c9d0b commit 4075370

File tree

4 files changed

+15
-5
lines changed

4 files changed

+15
-5
lines changed

samples/crypto/spake2p/prj.conf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,4 +17,4 @@ CONFIG_PSA_WANT_ALG_HKDF=y
1717
CONFIG_PSA_WANT_ALG_HMAC=y
1818
CONFIG_PSA_WANT_ALG_SHA_256=y
1919
CONFIG_PSA_WANT_ECC_SECP_R1_256=y
20-
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT=y
20+
CONFIG_PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT=y

subsys/nrf_security/Kconfig.psa.nordic

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -348,6 +348,7 @@ config PSA_WANT_KEY_TYPE_PEPPER
348348

349349
config PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC
350350
bool
351+
select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC if PSA_CRYPTO_DRIVER_CRACEN
351352
default y
352353
depends on PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT || \
353354
PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT || \
@@ -359,33 +360,38 @@ config PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC
359360
config PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT
360361
bool "SPAKE2+ key pair import support" if !PSA_PROMPTLESS
361362
select PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY
363+
select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT if PSA_CRYPTO_DRIVER_CRACEN
362364
default y if PSA_CRYPTO_ENABLE_ALL
363365
help
364366
SPAKE2+ key pair: Import key for both the private and public key.
365367

366368
config PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT
367369
bool "SPAKE2+ key pair export support" if !PSA_PROMPTLESS
368370
select PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY
371+
select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT if PSA_CRYPTO_DRIVER_CRACEN
369372
default y if PSA_CRYPTO_ENABLE_ALL
370373
help
371374
SPAKE2+ key pair: Export key for both the private and public key.
372375

373376
config PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_GENERATE
374377
bool "SPAKE2+ key pair generate support" if !PSA_PROMPTLESS
375378
select PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY
379+
select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE if PSA_CRYPTO_DRIVER_CRACEN
376380
default y if PSA_CRYPTO_ENABLE_ALL
377381
help
378382
SPAKE2+ key pair: Generate key for both the private and public key.
379383

380384
config PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE
381385
bool "SPAKE2+ key pair derive support" if !PSA_PROMPTLESS
382386
select PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY
387+
select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE if PSA_CRYPTO_DRIVER_CRACEN
383388
default y if PSA_CRYPTO_ENABLE_ALL
384389
help
385390
SPAKE2+ key pair: Derive key for both the private and public key.
386391

387392
config PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY
388393
bool "SPAKE2+ public key support" if !PSA_PROMPTLESS
394+
select PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY if PSA_CRYPTO_DRIVER_CRACEN
389395
default y if PSA_CRYPTO_ENABLE_ALL
390396
help
391397
SPAKE2+ public key support.

subsys/nrf_security/src/drivers/cracen/psa_driver.Kconfig

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1580,6 +1580,7 @@ config PSA_NEED_CRACEN_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256
15801580
select PSA_ACCEL_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256
15811581
depends on PSA_WANT_ECC_SECP_R1_256
15821582
depends on PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
1583+
depends on PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY
15831584
depends on PSA_USE_CRACEN_KEY_MANAGEMENT_DRIVER
15841585

15851586
config PSA_NEED_CRACEN_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256
@@ -1588,6 +1589,7 @@ config PSA_NEED_CRACEN_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256
15881589
select PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256
15891590
depends on PSA_WANT_ECC_SECP_R1_256
15901591
depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
1592+
depends on PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT
15911593
depends on PSA_USE_CRACEN_KEY_MANAGEMENT_DRIVER
15921594

15931595
config PSA_NEED_CRACEN_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256
@@ -1596,6 +1598,7 @@ config PSA_NEED_CRACEN_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256
15961598
select PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256
15971599
depends on PSA_WANT_ECC_SECP_R1_256
15981600
depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
1601+
depends on PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT
15991602
depends on PSA_USE_CRACEN_KEY_MANAGEMENT_DRIVER
16001603

16011604
config PSA_NEED_CRACEN_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256
@@ -1604,6 +1607,7 @@ config PSA_NEED_CRACEN_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256
16041607
select PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256
16051608
depends on PSA_WANT_ECC_SECP_R1_256
16061609
depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
1610+
depends on PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE
16071611
depends on PSA_USE_CRACEN_KEY_MANAGEMENT_DRIVER
16081612

16091613
config PSA_NEED_CRACEN_KEY_TYPE_SPAKE2P_SECP_R1_256

subsys/nrf_security/src/drivers/nrf_oberon/Kconfig

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -605,25 +605,25 @@ config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256
605605
bool
606606
default y
607607
depends on PSA_WANT_ECC_SECP_R1_256
608-
depends on PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256
608+
depends on PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256
609609

610610
config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256
611611
bool
612612
default y
613613
depends on PSA_WANT_ECC_SECP_R1_256
614-
depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256
614+
depends on PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256
615615

616616
config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256
617617
bool
618618
default y
619619
depends on PSA_WANT_ECC_SECP_R1_256
620-
depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256
620+
depends on PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256
621621

622622
config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256
623623
bool
624624
default y
625625
depends on PSA_WANT_ECC_SECP_R1_256
626-
depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256
626+
depends on PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256
627627

628628
# SRP6
629629
config PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072

0 commit comments

Comments
 (0)