secure_storage: its: transform: aead: improve expandability

Instead of checking for CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_*_CUSTOM,
check for any of the existing providers.
This allows downstream users to expand the choices with more options

Signed-off-by: Tomi Fontanilles <[email protected]>

Author: tomi-font

subsys/secure_storage/CMakeLists.txt

@@ -41,11 +41,21 @@ if(CONFIG_SECURE_STORAGE_ITS_STORE_IMPLEMENTATION_CUSTOM)
   make_available(its/store.h)
 endif()
 
-if(CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_SCHEME_CUSTOM
- OR CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_CUSTOM
- OR CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_NONCE_PROVIDER_CUSTOM)
-  make_available(its/transform/aead_get.h)
-endif()
+if(CONFIG_SECURE_STORAGE_ITS_TRANSFORM_IMPLEMENTATION_AEAD)
+
+  # Make the aead_get.h header available whenever none of the Zephyr-provided
+  # implementations are in use. In that case either the custom or an additional
+  # option added downstream is used, and it needs that header file.
+
+  if((NOT CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_SCHEME_AES_GCM
+      AND NOT CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_SCHEME_CHACHA20_POLY1305)
+  OR (NOT CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_DEVICE_ID_HASH
+      AND NOT CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_ENTRY_UID_HASH)
+  OR (NOT CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_NONCE_PROVIDER_DEFAULT))
+    make_available(its/transform/aead_get.h)
+  endif()
+
+endif() # CONFIG_SECURE_STORAGE_ITS_TRANSFORM_IMPLEMENTATION_AEAD
 
 if(CONFIG_SECURE_STORAGE_ITS_STORE_SETTINGS_NAME_CUSTOM)
   make_available(its/store/settings_get.h)

subsys/secure_storage/Kconfig.its_transform

@@ -97,7 +97,8 @@ config SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_SIZE
 	int "AEAD ITS transform module encryption key size in bytes"
 	default 32
 
-if !SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_CUSTOM
+if SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_DEVICE_ID_HASH \
+|| SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_ENTRY_UID_HASH
 
 config SECURE_STORAGE_ITS_TRANSFORM_AEAD_NO_INSECURE_KEY_WARNING
 	bool "Silence the insecure ITS encryption key warnings"

subsys/secure_storage/src/its/transform/aead_get.c

@@ -12,22 +12,23 @@
 
 LOG_MODULE_DECLARE(secure_storage, CONFIG_SECURE_STORAGE_LOG_LEVEL);
 
-#ifdef CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_SCHEME_AES_GCM
+#if defined(CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_SCHEME_AES_GCM)
 #define PSA_KEY_TYPE PSA_KEY_TYPE_AES
 #define PSA_ALG PSA_ALG_GCM
 #elif defined(CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_SCHEME_CHACHA20_POLY1305)
 #define PSA_KEY_TYPE PSA_KEY_TYPE_CHACHA20
 #define PSA_ALG PSA_ALG_CHACHA20_POLY1305
 #endif
-#ifndef CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_SCHEME_CUSTOM
+#ifdef PSA_KEY_TYPE
 void secure_storage_its_transform_aead_get_scheme(psa_key_type_t *key_type, psa_algorithm_t *alg)
 {
 	*key_type = PSA_KEY_TYPE;
 	*alg = PSA_ALG;
 }
-#endif /* !CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_SCHEME_CUSTOM */
+#endif /* PSA_KEY_TYPE */
 
-#ifndef CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_CUSTOM
+#if	defined(CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_DEVICE_ID_HASH) || \
+	defined(CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_ENTRY_UID_HASH)
 
 #define SHA256_OUTPUT_SIZE 32
 BUILD_ASSERT(SHA256_OUTPUT_SIZE == PSA_HASH_LENGTH(PSA_ALG_SHA_256));
@@ -114,7 +115,8 @@ SYS_INIT(warn_insecure_key, APPLICATION, CONFIG_APPLICATION_INIT_PRIORITY);
 
 #endif /* !CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_NO_INSECURE_KEY_WARNING */
 
-#endif /* !CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_CUSTOM */
+#endif /* CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_DEVICE_ID_HASH || */
+       /* CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_ENTRY_UID_HASH    */
 
 #ifdef CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_NONCE_PROVIDER_DEFAULT