samples: set mbedTLS buffers for cert-based auth in samples/common/

Set bigger mbedTLS buffers for cert-based authentication in samples/common/Kconfig.defconfig. This allows to propagate those settings to other samples if required. This also propagates values to nRF9160 (NCS based) platform by setting MBEDTLS_SSL_{IN,OUT}_CONTENT_LEN. Remove references to those (automatically set) default values in README. Remove overlay-auth-cert.conf since the only option that is required to use cert-based authentication is CONFIG_GOLIOTH_AUTH_METHOD_CERT=y. Provide that directly in samples.yaml for build tests. Signed-off-by: Marcin Niestroj <[email protected]>
golioth · May 25, 2023 · be0018c · be0018c
1 parent 9f33611
commit be0018c
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 9 deletions.
diff --git a/samples/common/Kconfig.defconfig b/samples/common/Kconfig.defconfig
@@ -21,12 +21,18 @@ if MBEDTLS
 config MBEDTLS_ENABLE_HEAP
 	default y
 
+if MBEDTLS_ENABLE_HEAP
+
 config MBEDTLS_HEAP_SIZE
-	default 10240 if MBEDTLS_ENABLE_HEAP
+	default 32768 if GOLIOTH_AUTH_METHOD_CERT
+	default 10240
+
+endif # MBEDTLS_ENABLE_HEAP
 
 if MBEDTLS_BUILTIN
 
 config MBEDTLS_SSL_MAX_CONTENT_LEN
+	default 4096 if GOLIOTH_AUTH_METHOD_CERT
 	default 2048
 
 endif # MBEDTLS_BUILTIN
@@ -35,10 +41,12 @@ if NRF_SECURITY
 
 config MBEDTLS_SSL_IN_CONTENT_LEN
 	int
+	default 4096 if GOLIOTH_AUTH_METHOD_CERT
 	default 2048
 
 config MBEDTLS_SSL_OUT_CONTENT_LEN
 	int
+	default 4096 if GOLIOTH_AUTH_METHOD_CERT
 	default 2048
 
 endif # NRF_SECURITY

diff --git a/samples/hello/README.rst b/samples/hello/README.rst
@@ -42,8 +42,6 @@ Configure the following Kconfig options based on your Golioth credentials:
 - CONFIG_GOLIOTH_AUTH_METHOD_CERT        - use certificate-based authentication
 - CONFIG_GOLIOTH_SYSTEM_CLIENT_CRT_PATH  - device certificate
 - CONFIG_GOLIOTH_SYSTEM_CLIENT_KEY_PATH  - device private key
-- CONFIG_MBEDTLS_HEAP_SIZE               - increased mbedTLS heap size is needed
-- CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN     - increased mbedTLS maximum content length is needed
 
 by adding these lines to configuration file (e.g. ``prj.conf``):
 
@@ -52,8 +50,6 @@ by adding these lines to configuration file (e.g. ``prj.conf``):
    CONFIG_GOLIOTH_AUTH_METHOD_CERT=y
    CONFIG_GOLIOTH_SYSTEM_CLIENT_CRT_PATH='"keys/device.crt.der"'
    CONFIG_GOLIOTH_SYSTEM_CLIENT_KEY_PATH='"keys/device.key.der"'
-   CONFIG_MBEDTLS_HEAP_SIZE=32768
-   CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=4096
 
 Platform specific configuration
 ===============================

diff --git a/samples/hello/overlay-auth-cert.conf b/samples/hello/overlay-auth-cert.conf
diff --git a/samples/hello/sample.yaml b/samples/hello/sample.yaml
@@ -61,8 +61,8 @@ tests:
     timeout: 120
   sample.golioth.hello.cert:
     build_only: true
-    extra_args: OVERLAY_CONFIG="overlay-auth-cert.conf"
     extra_configs:
+      - CONFIG_GOLIOTH_AUTH_METHOD_CERT=y
       # Make it build by providing path that can be resolved
       - CONFIG_GOLIOTH_SYSTEM_CLIENT_CA_PATH="prj.conf"
       - CONFIG_GOLIOTH_SYSTEM_CLIENT_CRT_PATH="prj.conf"