[nrf noup] mbedtls: Remove unsupported algorithms in PSA crypto

-This commit is a [nrf noup] because it removes configuration options for cryptographic algortihms available in Mbed TLS but which is not actively supported in nRF Connect SDK. The list of algorithms removed: - AES CFB - Cipher Feedback block cipher - AES OFB - Output Feedback block cipher - FFDH - RIPEMD160 - Aria - Camellia - DES The removal of these algorithms is based both on a wish to remove weaker cryptography and unsupported features in the products we have today. Signed-off-by: Frank Audun Kvamtrø <[email protected]>
frkv · Sep 19, 2024 · 46e254f · 46e254f
1 parent 5ef3d39
commit 46e254f
Showing 1 changed file with 0 additions and 65 deletions.
diff --git a/modules/mbedtls/Kconfig.psa b/modules/mbedtls/Kconfig.psa
@@ -36,10 +36,6 @@ config PSA_WANT_ALG_CMAC
 	bool "PSA_WANT_ALG_CMAC" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
 
-config PSA_WANT_ALG_CFB
-	bool "PSA_WANT_ALG_CFB" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
 config PSA_WANT_ALG_CHACHA20_POLY1305
 	bool "PSA_WANT_ALG_CHACHA20_POLY1305" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
@@ -60,10 +56,6 @@ config PSA_WANT_ALG_ECDH
 	bool "PSA_WANT_ALG_ECDH" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
 
-config PSA_WANT_ALG_FFDH
-	bool "PSA_WANT_ALG_FFDH" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
 config PSA_WANT_ALG_ECDSA
 	bool "PSA_WANT_ALG_ECDSA" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
@@ -96,9 +88,6 @@ config PSA_WANT_ALG_MD5
 	bool "PSA_WANT_ALG_MD5" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
 
-config PSA_WANT_ALG_OFB
-	bool "PSA_WANT_ALG_OFB" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
 
 config PSA_WANT_ALG_PBKDF2_HMAC
 	bool "PSA_WANT_ALG_PBKDF2_HMAC" if !MBEDTLS_PROMPTLESS
@@ -108,9 +97,6 @@ config PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
 	bool "PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
 
-config PSA_WANT_ALG_RIPEMD160
-	bool "PSA_WANT_ALG_RIPEMD160" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
 
 config PSA_WANT_ALG_RSA_OAEP
 	bool "PSA_WANT_ALG_RSA_OAEP" if !MBEDTLS_PROMPTLESS
@@ -228,26 +214,6 @@ config PSA_WANT_ECC_SECP_R1_521
 	bool "PSA_WANT_ECC_SECP_R1_521" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
 
-config PSA_WANT_DH_RFC7919_2048
-	bool "PSA_WANT_DH_RFC7919_2048" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
-config PSA_WANT_DH_RFC7919_3072
-	bool "PSA_WANT_DH_RFC7919_3072" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
-config PSA_WANT_DH_RFC7919_4096
-	bool "PSA_WANT_DH_RFC7919_4096" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
-config PSA_WANT_DH_RFC7919_6144
-	bool "PSA_WANT_DH_RFC7919_6144" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
-config PSA_WANT_DH_RFC7919_8192
-	bool "PSA_WANT_DH_RFC7919_8192" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
 config PSA_WANT_KEY_TYPE_DERIVE
 	bool "PSA_WANT_KEY_TYPE_DERIVE" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
@@ -268,30 +234,15 @@ config PSA_WANT_KEY_TYPE_AES
 	bool "PSA_WANT_KEY_TYPE_AES" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
 
-config PSA_WANT_KEY_TYPE_ARIA
-	bool "PSA_WANT_KEY_TYPE_ARIA" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
-config PSA_WANT_KEY_TYPE_CAMELLIA
-	bool "PSA_WANT_KEY_TYPE_CAMELLIA" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
 config PSA_WANT_KEY_TYPE_CHACHA20
 	bool "PSA_WANT_KEY_TYPE_CHACHA20" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
 
-config PSA_WANT_KEY_TYPE_DES
-	bool "PSA_WANT_KEY_TYPE_DES" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
 
 config PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
 	bool "PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
 
-config PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
-	bool "PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
 config PSA_WANT_KEY_TYPE_RAW_DATA
 	bool "PSA_WANT_KEY_TYPE_RAW_DATA" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
@@ -336,20 +287,4 @@ config PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
 	bool "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
 
-config PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC
-	bool "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
-config PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
-	bool "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
-config PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
-	bool "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
-config PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
-	bool "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE" if !MBEDTLS_PROMPTLESS
-	default y if PSA_CRYPTO_ENABLE_ALL
-
 endif # PSA_CRYPTO_CLIENT