MBEDTLS_PSA_KEY_STORE_DYNAMIC macro

\def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS Enable support for platform built-in keys. If you enable this feature, you must implement the function mbedtls_psa_platform_get_builtin_key(). See the documentation of that function for more information. Built-in keys are typically derived from a hardware unique key or stored in a secure element. Requires: MBEDTLS_PSA_CRYPTO_C. \warning This interface is experimental and may change or be removed without notice. \def MBEDTLS_PSA_CRYPTO_CLIENT Enable support for PSA crypto client. \warning This interface is experimental and may change or be removed without notice. \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Make the PSA Crypto module use an external random generator provided by a driver, instead of Mbed TLS's entropy and DRBG modules. If you enable this option, you must configure the type ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h and define a function called mbedtls_psa_external_get_random() with the following prototype: ``` psa_status_t mbedtls_psa_external_get_random( mbedtls_psa_external_random_context_t *context, uint8_t *output, size_t output_size, size_t *output_length); ); ``` The \c context value is initialized to 0 before the first call. The function must fill the \c output buffer with \c output_size bytes of random data and set \c *output_length to \c output_size. Requires: MBEDTLS_PSA_CRYPTO_C \warning If you enable this option, code that uses the PSA cryptography interface will not use any of the entropy sources set up for the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED enables. \def MBEDTLS_PSA_CRYPTO_SPM When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure Partition Manager) integration which separates the code into two parts: a NSPE (Non-Secure Process Environment) and an SPE (Secure Process Environment). If you enable this option, your build environment must include a header file `"crypto_spe.h"` (either in the `psa` subdirectory of the Mbed TLS header files, or in another directory on the compiler's include search path). Alternatively, your platform may customize the header `psa/crypto_platform.h`, in which case it can skip or replace the inclusion of `"crypto_spe.h"`. Module: library/psa_crypto.c Requires: MBEDTLS_PSA_CRYPTO_C \def MBEDTLS_PSA_KEY_STORE_DYNAMIC Dynamically resize the PSA key store to accommodate any number of volatile keys (until the heap memory is exhausted). If this option is disabled, the key store has a fixed size #MBEDTLS_PSA_KEY_SLOT_COUNT for volatile keys and loaded persistent keys together. This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled. Module: library/psa_crypto.c Requires: MBEDTLS_PSA_CRYPTO_C

Syntax

Show:

Summary

Declaration

from mbedtls_config.h:1432

#define MBEDTLS_PSA_KEY_STORE_DYNAMIC

Notes

This option allows to include the code necessary for a PSA crypto client when the PSA crypto implementation is not included in the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the code to set and get PSA key attributes. The development of PSA drivers partially relying on the library to fulfill the hardware gaps is another possible usage of this option. This random generator must deliver random numbers with cryptographic quality and high performance. It must supply unpredictable numbers with a uniform distribution. The implementation of this function is responsible for ensuring that the random generator is seeded with sufficient entropy. If you have a hardware TRNG which is slow or delivers non-uniform output, declare it as an entropy source with mbedtls_entropy_add_source() instead of enabling this option. This option is experimental and may be removed without notice.