#-------------------------------------------------------------------------------
# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------

menu "Crypto component options"
    depends on TFM_PARTITION_CRYPTO

config CRYPTO_LIBRARY_ABI_COMPAT
    bool "The interfaces towards PSA Crypto in the service and towards the service are the same"
    default n
    help
      The crypto service acts as a layer between a client and towards a library that provides
      PSA Crypto APIs through the implementation of a PSA Crypto core component. With this option
      set, the crypto service assumes that the ABI of the internal interface is the same as the
      client interface. This is not the default case when using the headers provided by the Mbed
      TLS reference implementation

config CRYPTO_STACK_SIZE
    hex "Stack size"
    default 0x1B00

config CRYPTO_ENGINE_BUF_SIZE
    hex "Crypto engine buffer size"
    default 0x4000 if CRYPTO_HW_ACCELERATOR_CC312
    default 0x2080
    help
      The Mbed TLS library requires to provide a static buffer to be used as
      heap for its internal allocation CRYPTO_ENGINE_BUF_SIZE needs to be > 8KB
      for EC signing by attest module.

config CRYPTO_IOVEC_BUFFER_SIZE
    int "Default size of the internal scratch buffer"
    default 5120
    help
      The size of the buffer used as an scratch for allocating internal input
      and output vectors when MM-IOVEC is not enabled.

config CRYPTO_CONC_OPER_NUM
    int "Max number of concurrent operations"
    default 8
    help
      The max number of concurrent operations that can be active (allocated) at
      any time in Crypto.

config CRYPTO_RNG_MODULE_ENABLED
    bool "PSA Crypto random number generator module"
    default y

config CRYPTO_KEY_MODULE_ENABLED
    bool "PSA Crypto Key module"
    default y

config CRYPTO_AEAD_MODULE_ENABLED
    bool "PSA Crypto AEAD module"
    default y

config CRYPTO_MAC_MODULE_ENABLED
    bool "PSA Crypto MAC module"
    default y

config CRYPTO_HASH_MODULE_ENABLED
    bool "PSA Crypto Hash module"
    default y

config CRYPTO_CIPHER_MODULE_ENABLED
    bool "PSA Crypto Cipher module"
    default y

config CRYPTO_ASYM_SIGN_MODULE_ENABLED
    bool "PSA Crypto asymmetric key signature module"
    default y

config CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
    bool "Enable PSA Crypto asymmetric key encryption module"
    default y

config CRYPTO_KEY_DERIVATION_MODULE_ENABLED
    bool "PSA Crypto key derivation module"
    default y

config CRYPTO_NV_SEED
    bool
    default n if CRYPTO_HW_ACCELERATOR
    help
      Use stored NV seed to provide entropy

config CRYPTO_SINGLE_PART_FUNCS_DISABLED
    bool "Disable single-part operations"
    default n
    help
      Keep multi-part operations in Hash, MAC, AEAD and symmetric ciphers only,
      to optimize memory footprint in resource-constrained devices.

endmenu