1 /*
2  * Copyright (c) 2021-2024, The TrustedFirmware-M Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #ifndef CC3XX_CONFIG_H
9 #define CC3XX_CONFIG_H
10 
11 #ifndef CC3XX_CONFIG_BASE_ADDRESS
12 #include "platform_base_address.h"
13 #define CC3XX_CONFIG_BASE_ADDRESS (CC3XX_BASE_S)
14 #endif /* CC3XX_CONFIG_BASE_ADDRESS */
15 
16 /* Whether the SHA256 hash support is enabled */
17 #define CC3XX_CONFIG_HASH_SHA256_ENABLE
18 
19 /* Whether the SHA224 hash support is enabled */
20 /* #define CC3XX_CONFIG_HASH_SHA224_ENABLE */
21 
22 /* Whether the SHA1 hash support is enabled */
23 /* #define CC3XX_CONFIG_HASH_SHA1_ENABLE */
24 
25 /* Whether the AES CTR support is enabled */
26 #define CC3XX_CONFIG_AES_CTR_ENABLE
27 
28 /* Whether the AES ECB support is enabled */
29 #define CC3XX_CONFIG_AES_ECB_ENABLE
30 
31 /* Whether the AES CBC support is enabled */
32 /* #define CC3XX_CONFIG_AES_CBC_ENABLE */
33 
34 /* Whether the AES GCM support is enabled */
35 /* #define CC3XX_CONFIG_AES_GCM_ENABLE */
36 /* #define CC3XX_CONFIG_AES_GCM_VARIABLE_IV_ENABLE */
37 
38 /* Whether the AES CMAC support is enabled */
39 #define CC3XX_CONFIG_AES_CMAC_ENABLE
40 
41 /* Whether the AES CCM support is enabled */
42 #define CC3XX_CONFIG_AES_CCM_ENABLE
43 
44 /* Whether the AES tunnelling support is enabled. Without this, running CCM mode
45  * AES will instead only run the CBC_MAC operation with the CCM IVs, with the
46  * CTR decryption having to be done seperately. */
47 #define CC3XX_CONFIG_AES_TUNNELLING_ENABLE
48 
49 /* Whether an external key-loader should be invoked instead of the standard AES
50  * hardware key loading mechanism
51  */
52 #define CC3XX_CONFIG_AES_EXTERNAL_KEY_LOADER
53 
54 /* Whether CHACHA is enabled */
55 /* #define CC3XX_CONFIG_CHACHA_ENABLE */
56 
57 /* Whether CHACHA_POLY1305 is enabled */
58 /* #define CC3XX_CONFIG_CHACHA_POLY1305_ENABLE */
59 
60 /* Whether DMA remapping is enabled */
61 #define CC3XX_CONFIG_DMA_REMAP_ENABLE
62 
63 /* Whether DMA supports working on cached memories */
64 #define CC3XX_CONFIG_DMA_CACHE_FLUSH_ENABLE
65 
66 /* Whether CC will WFI instead of busy-wait looping while waiting for crypto
67  * operations to complete.
68  */
69 /* #define CC3XX_CONFIG_DMA_WFI_WAIT_ENABLE */
70 
71 /* How many DMA remap regions are available */
72 #ifndef CC3XX_CONFIG_DMA_REMAP_REGION_AM
73 #define CC3XX_CONFIG_DMA_REMAP_REGION_AM 4
74 #endif /* CC3XX_CONFIG_DMA_REMAP_REGION_AM */
75 
76 /* Whether RNG is enabled */
77 #define CC3XX_CONFIG_RNG_ENABLE
78 
79 /* Whether the CTR_DRBG is enabled through the generic interface */
80 #define CC3XX_CONFIG_DRBG_CTR_ENABLE
81 /* Whether the HMAC_DRBG is enabled through the generic interface */
82 #define CC3XX_CONFIG_DRBG_HMAC_ENABLE
83 /* Whether the HASH_DRBG is enabled through the generic interface */
84 #define CC3XX_CONFIG_DRBG_HASH_ENABLE
85 
86 /* Whether an external TRNG should be used in place of the standard CC3XX TRNG */
87 #ifdef RSE_OTP_TRNG
88 #define CC3XX_CONFIG_RNG_EXTERNAL_TRNG
89 #endif /* RSE_OTP_TRNG */
90 
91 /* The number of times the TRNG will be re-read when it fails a statical test
92  * before an error is returned.
93  */
94 #ifndef CC3XX_CONFIG_RNG_MAX_ATTEMPTS
95 #define CC3XX_CONFIG_RNG_MAX_ATTEMPTS 16
96 #endif /* CC3XX_CONFIG_RNG_MAX_ATTEMPTS */
97 
98 /* This is the number of cycles between consecutive samples of the oscillator
99  * output. It needs to be set to a _reasonably_ large number, though It's
100  * unclear exactly what sort of number is reasonable. In general, if the
101  * statistical tests keep failing then increase it, if the RNG is too slow then
102  * decrease it.  A sensible default is set here, and has worked correctly with a
103  * variety of cc3xx implementations.
104  */
105 #ifndef CC3XX_CONFIG_RNG_SUBSAMPLING_RATE
106 #define CC3XX_CONFIG_RNG_SUBSAMPLING_RATE 0x1337
107 #endif /* !CC_RNG_SUBSAMPLING_RATE */
108 
109 /* Between 0 and 3 inclusive. 0 should be the fastest oscillator ring */
110 #ifndef CC3XX_CONFIG_RNG_RING_OSCILLATOR_ID
111 #define CC3XX_CONFIG_RNG_RING_OSCILLATOR_ID 0
112 #endif /* !CC_RNG_RING_OSCILLATOR_ID */
113 
114 /* How many virtual registers can be allocated in the PKA engine */
115 #ifndef CC3XX_CONFIG_PKA_MAX_VIRT_REG_AMOUNT
116 #define CC3XX_CONFIG_PKA_MAX_VIRT_REG_AMOUNT 64
117 #endif /* CC3XX_CONFIG_PKA_MAX_VIRT_REG_AMOUNT */
118 
119 /* Whether barrett tags will be calculated if they are not known. Note that
120  * barrett tags are required for modular reduction. If disabled, this may
121  * decrease code size.
122  */
123 #define CC3XX_CONFIG_PKA_CALC_NP_ENABLE
124 
125 /* Whether PKA operations will be inlined to increase performance at the cost of
126  * code size
127  */
128 #define CC3XX_CONFIG_PKA_INLINE_FOR_PERFORMANCE
129 
130 /* Whether PKA variables will be aligned to word-size to increase performance at
131  * the cost of code size
132  */
133 #define CC3XX_CONFIG_PKA_ALIGN_FOR_PERFORMANCE
134 
135 /* Whether various EC curve types are enabled */
136 #define CC3XX_CONFIG_EC_CURVE_TYPE_WEIERSTRASS_ENABLE
137 /* #define CC3XX_CONFIG_EC_CURVE_TYPE_MONTGOMERY_ENABLE */
138 /* #define CC3XX_CONFIG_EC_CURVE_TYPE_TWISTED_EDWARDS_ENABLE */
139 
140 /* Whether various EC curves are enabled */
141 #define CC3XX_CONFIG_EC_CURVE_SECP_192_R1_ENABLE
142 #define CC3XX_CONFIG_EC_CURVE_SECP_224_R1_ENABLE
143 #define CC3XX_CONFIG_EC_CURVE_SECP_256_R1_ENABLE
144 #define CC3XX_CONFIG_EC_CURVE_SECP_384_R1_ENABLE
145 #define CC3XX_CONFIG_EC_CURVE_SECP_521_R1_ENABLE
146 #define CC3XX_CONFIG_EC_CURVE_SECP_192_K1_ENABLE
147 #define CC3XX_CONFIG_EC_CURVE_SECP_224_K1_ENABLE
148 #define CC3XX_CONFIG_EC_CURVE_SECP_256_K1_ENABLE
149 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_192_R1_ENABLE
150 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_224_R1_ENABLE
151 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_256_R1_ENABLE
152 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_320_R1_ENABLE
153 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_384_R1_ENABLE
154 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_512_R1_ENABLE
155 #define CC3XX_CONFIG_EC_CURVE_FRP_256_V1_ENABLE
156 
157 /* #define CC3XX_CONFIG_EC_CURVE_25519_ENABLE */
158 /* #define CC3XX_CONFIG_EC_CURVE_448_ENABLE */
159 
160 /* #define CC3XX_CONFIG_EC_CURVE_ED25519_ENABLE */
161 /* #define CC3XX_CONFIG_EC_CURVE_ED448_ENABLE */
162 
163 /* What the maximum DPA countermeasure blinding multiple is for EC point-scalar
164  * multiplication.
165  */
166 #define CC3XX_CONFIG_EC_DPA_MAX_BLIND_MULTIPLE 32
167 
168 /* Whether the Shamir trick will be used to improve performance of point-scalar
169  * multiplication on non-secret data. Has a code-size penalty.
170  */
171 #define CC3XX_CONFIG_EC_SHAMIR_TRICK_ENABLE
172 
173 /* Whether various ECDSA features are enabled */
174 #define CC3XX_CONFIG_ECDSA_SIGN_ENABLE
175 #define CC3XX_CONFIG_ECDSA_VERIFY_ENABLE
176 #define CC3XX_CONFIG_ECDSA_KEYGEN_ENABLE
177 
178 /* Whether DPA mitigations are enabled. Has a code-size and performance cost */
179 #define CC3XX_CONFIG_DPA_MITIGATIONS_ENABLE
180 
181 /* Whether DFA mitigations are enabled. Has a code-size and performance cost */
182 #define CC3XX_CONFIG_DFA_MITIGATIONS_ENABLE
183 
184 /* Whether an external secure word copying function (for copying keys etc) will
185  * be provided by the platform
186  */
187 #define CC3XX_CONFIG_STDLIB_EXTERNAL_SECURE_WORD_COPY
188 
189 #ifndef CC3XX_CONFIG_STDLIB_LFSR_MAX_ATTEMPTS
190 #define CC3XX_CONFIG_STDLIB_LFSR_MAX_ATTEMPTS 128
191 #endif /* CC3XX_CONFIG_STDLIB_LFSR_MAX_ATTEMPTS */
192 
193 #endif /* CC3XX_CONFIG_H */
194