mirror of
https://github.com/apache/nuttx.git
synced 2026-05-20 12:33:27 +08:00
makejian
c8145313ae
This patch adds support for managing cryptographic keys using MTD storage. It enables the persistence of keys across reboots using a software-based key management system. Includes fixes for compilation warnings and validation logic. Signed-off-by: makejian <makejian@xiaomi.com>
115 lines
2.8 KiB
Plaintext
115 lines
2.8 KiB
Plaintext
#
|
|
# For a description of the syntax of this configuration file,
|
|
# see the file kconfig-language.txt in the NuttX tools repository.
|
|
#
|
|
|
|
config CRYPTO
|
|
bool "Crypto API support"
|
|
default n
|
|
---help---
|
|
Enable or disable Crypto API features
|
|
|
|
if CRYPTO
|
|
|
|
config CRYPTO_AES
|
|
bool "AES cypher support"
|
|
default n
|
|
|
|
config CRYPTO_ALGTEST
|
|
bool "Perform automatic crypto algorithms test on startup"
|
|
default n
|
|
|
|
if CRYPTO_ALGTEST
|
|
|
|
config CRYPTO_AES128_DISABLE
|
|
bool "Omit 128-bit AES tests"
|
|
default n
|
|
|
|
config CRYPTO_AES192_DISABLE
|
|
bool "Omit 192-bit AES tests"
|
|
default n
|
|
|
|
config CRYPTO_AES256_DISABLE
|
|
bool "Omit 256-bit AES tests"
|
|
default n
|
|
|
|
endif # CRYPTO_ALGTEST
|
|
|
|
config CRYPTO_CRYPTODEV
|
|
bool "cryptodev support"
|
|
depends on ALLOW_BSD_COMPONENTS
|
|
default n
|
|
|
|
config CRYPTO_CRYPTODEV_SOFTWARE_CRYPTO
|
|
bool "cryptodev software cipher support"
|
|
depends on CRYPTO_CRYPTODEV && CRYPTO_SW_AES
|
|
default n
|
|
|
|
config CRYPTO_CRYPTODEV_SOFTWARE_KEYMGMT
|
|
bool "cryptodev software key management support"
|
|
depends on CRYPTO_CRYPTODEV && !MTD_CONFIG_NONE
|
|
default n
|
|
|
|
if CRYPTO_CRYPTODEV_SOFTWARE_KEYMGMT
|
|
|
|
config CRYPTO_CRYPTODEV_SOFTWARE_KEYMGMT_DEVICE
|
|
string "device of trusted storage"
|
|
default "/dev/nvs"
|
|
|
|
config CRYPTO_CRYPTODEV_SOFTWARE_KEYMGMT_NSLOTS
|
|
int "Maximum number of key in cache"
|
|
default 4
|
|
|
|
config CRYPTO_CRYPTODEV_SOFTWARE_KEYMGMT_BUFSIZE
|
|
int "Maximum size of key buffer in cache (bytes)"
|
|
default 64
|
|
|
|
config CRYPTO_CRYPTODEV_SOFTWARE_KEYMGMT_NKEYS
|
|
int "Maximum number of key in flash"
|
|
default 32
|
|
|
|
endif # CRYPTO_CRYPTODEV_SOFTWARE_KEYMGMT
|
|
|
|
config CRYPTO_CRYPTODEV_HARDWARE
|
|
bool "cryptodev hardware support"
|
|
depends on CRYPTO_CRYPTODEV
|
|
default n
|
|
|
|
config CRYPTO_SW_AES
|
|
bool "Software AES library"
|
|
depends on ALLOW_BSD_COMPONENTS
|
|
default n
|
|
---help---
|
|
Enable the software AES library as described in
|
|
include/nuttx/crypto/aes.h
|
|
|
|
TODO: Adapt interfaces so that they are consistent with H/W AES
|
|
implementations. This needs to support up_aesinitialize() and
|
|
aes_cypher() per include/nuttx/crypto/crypto.h.
|
|
|
|
config CRYPTO_RANDOM_POOL
|
|
bool "Entropy pool and strong random number generator"
|
|
default n
|
|
---help---
|
|
Entropy pool gathers environmental noise from device drivers,
|
|
user-space, etc., and returns good random numbers, suitable
|
|
for cryptographic use. Based on entropy pool design from
|
|
*BSDs and uses BLAKE2Xs algorithm for CSPRNG output.
|
|
|
|
NOTE: May not actually be cyptographically secure, if
|
|
not enough entropy is made available to the entropy pool.
|
|
|
|
if CRYPTO_RANDOM_POOL
|
|
|
|
config CRYPTO_RANDOM_POOL_COLLECT_IRQ_RANDOMNESS
|
|
bool "Use interrupts to feed timing randomness to entropy pool"
|
|
default y
|
|
---help---
|
|
Feed entropy pool with interrupt randomness from interrupt
|
|
dispatch function 'irq_dispatch'. This adds some overhead
|
|
for every interrupt handled.
|
|
|
|
endif # CRYPTO_RANDOM_POOL
|
|
|
|
endif # CRYPTO
|