On Fri, 4 Oct 2024 at 00:55, Raymond Mao <[email protected]> wrote: > > Smaller implementation for SHA256 and SHA512 helps to reduce the > ROM footprint though it has a certain impact on performance. > As a trade-off, enable it as a default config when MbedTLS is > enabled can reduce the target size significantly with acceptable > performace loss. > > Signed-off-by: Raymond Mao <[email protected]> > --- > Changes in v6 > - Initial patch > Changes in v7 > - Fixed the config dependencies. > Changes in v8 > - None > > lib/mbedtls/Kconfig | 24 ++++++++++++++++++++++++ > lib/mbedtls/mbedtls_def_config.h | 6 ++++++ > 2 files changed, 30 insertions(+) > > diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig > index 262abb2cec7..8e3a94c6f2b 100644 > --- a/lib/mbedtls/Kconfig > +++ b/lib/mbedtls/Kconfig > @@ -164,6 +164,18 @@ config SHA256_MBEDTLS > This option enables support of hashing using SHA256 algorithm > with MbedTLS crypto library. > > +if SHA256_MBEDTLS > + > +config SHA256_SMALLER > + bool "Enable SHA256 smaller implementation with MbedTLS crypto > library" > + depends on SHA256_MBEDTLS > + default y if SHA256_MBEDTLS > + help > + This option enables support of hashing using SHA256 algorithm > + smaller implementation with MbedTLS crypto library. > + > +endif > + > config SHA512_MBEDTLS > bool "Enable SHA512 support with MbedTLS crypto library" > depends on MBEDTLS_LIB_CRYPTO && SHA512 > @@ -172,6 +184,18 @@ config SHA512_MBEDTLS > This option enables support of hashing using SHA512 algorithm > with MbedTLS crypto library. > > +if SHA512_MBEDTLS > + > +config SHA512_SMALLER > + bool "Enable SHA512 smaller implementation with MbedTLS crypto > library" > + depends on SHA512_MBEDTLS > + default y if SHA512_MBEDTLS > + help > + This option enables support of hashing using SHA512 algorithm > + smaller implementation with MbedTLS crypto library. > + > +endif > + > config SHA384_MBEDTLS > bool "Enable SHA384 support with MbedTLS crypto library" > depends on MBEDTLS_LIB_CRYPTO && SHA384 > diff --git a/lib/mbedtls/mbedtls_def_config.h > b/lib/mbedtls/mbedtls_def_config.h > index 6fba053bd7c..1af911c2003 100644 > --- a/lib/mbedtls/mbedtls_def_config.h > +++ b/lib/mbedtls/mbedtls_def_config.h > @@ -35,6 +35,9 @@ > #if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT > #define MBEDTLS_SHA256_ALT > #endif > +#if CONFIG_IS_ENABLED(SHA256_SMALLER) > +#define MBEDTLS_SHA256_SMALLER > +#endif > #endif > > #if CONFIG_IS_ENABLED(SHA384) > @@ -48,6 +51,9 @@ > #if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT > #define MBEDTLS_SHA512_ALT > #endif > +#if CONFIG_IS_ENABLED(SHA512_SMALLER) > +#define MBEDTLS_SHA512_SMALLER > +#endif > #endif > > #if defined CONFIG_MBEDTLS_LIB_X509 > -- > 2.25.1 >
Reviewed-by: Ilias Apalodimas <[email protected]>
