@@ -33,13 +33,32 @@ extern "C" {
3333#endif
3434
3535/* If the size of static key slots is not explicitly defined by the user, then
36- * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and
37- * PSA_CIPHER_MAX_KEY_LENGTH.
38- * See mbedtls_config.h for the definition. */
36+ * try to guess it based on some of the most common the key types enabled in the build.
37+ * See mbedtls_config.h for the definition of MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. */
3938#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE )
40- #define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \
41- ((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \
42- PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH)
39+
40+ #define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 1
41+
42+ #if PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
43+ #undef MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
44+ #define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE
45+ #endif
46+
47+ /* This covers ciphers, AEADs and CMAC. */
48+ #if PSA_CIPHER_MAX_KEY_LENGTH > MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
49+ #undef MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
50+ #define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE PSA_CIPHER_MAX_KEY_LENGTH
51+ #endif
52+
53+ /* For HMAC, it's typical but not mandatory to use a key size that is equal to
54+ * the hash size. */
55+ #if defined(PSA_WANT_ALG_HMAC )
56+ #if PSA_HASH_MAX_SIZE > MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
57+ #undef MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
58+ #define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE PSA_HASH_MAX_SIZE
59+ #endif
60+ #endif /* PSA_WANT_ALG_HMAC */
61+
4362#endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/
4463
4564/** \addtogroup attributes
0 commit comments