1 /*
2  * Copyright (c) 2021-2024, The TrustedFirmware-M Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #ifndef CC3XX_CONFIG_H
9 #define CC3XX_CONFIG_H
10 
11 #ifndef CC3XX_CONFIG_BASE_ADDRESS
12 #include "platform_base_address.h"
13 #define CC3XX_CONFIG_BASE_ADDRESS (CC3XX_BASE_S)
14 #endif /* CC3XX_CONFIG_BASE_ADDRESS */
15 
16 /* Whether the SHA256 hash support is enabled */
17 #define CC3XX_CONFIG_HASH_SHA256_ENABLE
18 
19 /* Whether the SHA224 hash support is enabled */
20 /* #define CC3XX_CONFIG_HASH_SHA224_ENABLE */
21 
22 /* Whether the SHA1 hash support is enabled */
23 /* #define CC3XX_CONFIG_HASH_SHA1_ENABLE */
24 
25 /* Whether the AES CTR support is enabled */
26 #define CC3XX_CONFIG_AES_CTR_ENABLE
27 
28 /* Whether the AES ECB support is enabled */
29 #define CC3XX_CONFIG_AES_ECB_ENABLE
30 
31 /* Whether the AES CBC support is enabled */
32 #define CC3XX_CONFIG_AES_CBC_ENABLE
33 
34 /* Whether the AES GCM support is enabled */
35 #define CC3XX_CONFIG_AES_GCM_ENABLE
36 /* #define CC3XX_CONFIG_AES_GCM_VARIABLE_IV_ENABLE */
37 
38 /* Whether the AES CMAC support is enabled */
39 #define CC3XX_CONFIG_AES_CMAC_ENABLE
40 
41 /* Whether the AES CCM support is enabled */
42 #define CC3XX_CONFIG_AES_CCM_ENABLE
43 
44 /* Whether the AES tunnelling support is enabled. Without this, running CCM mode
45  * AES will instead only run the CBC_MAC operation with the CCM IVs, with the
46  * CTR decryption having to be done seperately. */
47 #define CC3XX_CONFIG_AES_TUNNELLING_ENABLE
48 
49 /* Whether an external key-loader should be invoked instead of the standard AES
50  * hardware key loading mechanism
51  */
52 /* #define CC3XX_CONFIG_AES_EXTERNAL_KEY_LOADER */
53 
54 /* Whether CHACHA is enabled */
55 /* #define CC3XX_CONFIG_CHACHA_ENABLE */
56 
57 /* Whether CHACHA_POLY1305 is enabled */
58 /* #define CC3XX_CONFIG_CHACHA_POLY1305_ENABLE */
59 
60 /* Whether DMA remapping is enabled */
61 /* #define CC3XX_CONFIG_DMA_REMAP_ENABLE */
62 
63 /* Whether DMA supports working on cached memories */
64 /* #define CC3XX_CONFIG_DMA_CACHE_FLUSH_ENABLE */
65 
66 /* Whether CC will WFI instead of busy-wait looping while waiting for crypto
67  * operations to complete.
68  */
69 /* #define CC3XX_CONFIG_DMA_WFI_WAIT_ENABLE */
70 
71 /* How many DMA remap regions are available */
72 #ifndef CC3XX_CONFIG_DMA_REMAP_REGION_AM
73 #define CC3XX_CONFIG_DMA_REMAP_REGION_AM 4
74 #endif /* CC3XX_CONFIG_DMA_REMAP_REGION_AM */
75 
76 /* Whether RNG is enabled */
77 #define CC3XX_CONFIG_RNG_ENABLE
78 
79 /* Whether the CTR_DRBG is enabled through the generic interface */
80 #define CC3XX_CONFIG_DRBG_CTR_ENABLE
81 /* Whether the HMAC_DRBG is enabled through the generic interface */
82 #define CC3XX_CONFIG_DRBG_HMAC_ENABLE
83 /* Whether the HASH_DRBG is enabled through the generic interface */
84 #define CC3XX_CONFIG_DRBG_HASH_ENABLE
85 
86 /* Whether an external TRNG should be used in place of the standard CC3XX TRNG */
87 /* #define CC3XX_CONFIG_RNG_EXTERNAL_TRNG */
88 
89 /* The number of times the TRNG will be re-read when it fails a statical test
90  * before an error is returned.
91  */
92 #ifndef CC3XX_CONFIG_RNG_MAX_ATTEMPTS
93 #define CC3XX_CONFIG_RNG_MAX_ATTEMPTS 16
94 #endif /* CC3XX_CONFIG_RNG_MAX_ATTEMPTS */
95 
96 /* This is the number of cycles between consecutive samples of the oscillator
97  * output. It needs to be set to a _reasonably_ large number, though It's
98  * unclear exactly what sort of number is reasonable. In general, if the
99  * statistical tests keep failing then increase it, if the RNG is too slow then
100  * decrease it.  A sensible default is set here, and has worked correctly with a
101  * variety of cc3xx implementations.
102  */
103 #ifndef CC3XX_CONFIG_RNG_SUBSAMPLING_RATE
104 #define CC3XX_CONFIG_RNG_SUBSAMPLING_RATE 0x1337
105 #endif /* !CC_RNG_SUBSAMPLING_RATE */
106 
107 /* Between 0 and 3 inclusive. 0 should be the fastest oscillator ring */
108 #ifndef CC3XX_CONFIG_RNG_RING_OSCILLATOR_ID
109 #define CC3XX_CONFIG_RNG_RING_OSCILLATOR_ID 0
110 #endif /* !CC_RNG_RING_OSCILLATOR_ID */
111 
112 /* How many virtual registers can be allocated in the PKA engine */
113 #ifndef CC3XX_CONFIG_PKA_MAX_VIRT_REG_AMOUNT
114 #define CC3XX_CONFIG_PKA_MAX_VIRT_REG_AMOUNT 64
115 #endif /* CC3XX_CONFIG_PKA_MAX_VIRT_REG_AMOUNT */
116 
117 /* Whether barrett tags will be calculated if they are not known. Note that
118  * barrett tags are required for modular reduction. If disabled, this may
119  * decrease code size.
120  */
121 #define CC3XX_CONFIG_PKA_CALC_NP_ENABLE
122 
123 /* Whether PKA operations will be inlined to increase performance at the cost of
124  * code size
125  */
126 #define CC3XX_CONFIG_PKA_INLINE_FOR_PERFORMANCE
127 
128 /* Whether PKA variables will be aligned to word-size to increase performance at
129  * the cost of code size
130  */
131 #define CC3XX_CONFIG_PKA_ALIGN_FOR_PERFORMANCE
132 
133 /* Whether various EC curve types are enabled */
134 #define CC3XX_CONFIG_EC_CURVE_TYPE_WEIERSTRASS_ENABLE
135 /* #define CC3XX_CONFIG_EC_CURVE_TYPE_MONTGOMERY_ENABLE */
136 /* #define CC3XX_CONFIG_EC_CURVE_TYPE_TWISTED_EDWARDS_ENABLE */
137 
138 /* Whether various EC curves are enabled */
139 #define CC3XX_CONFIG_EC_CURVE_SECP_192_R1_ENABLE
140 #define CC3XX_CONFIG_EC_CURVE_SECP_224_R1_ENABLE
141 #define CC3XX_CONFIG_EC_CURVE_SECP_256_R1_ENABLE
142 #define CC3XX_CONFIG_EC_CURVE_SECP_384_R1_ENABLE
143 #define CC3XX_CONFIG_EC_CURVE_SECP_521_R1_ENABLE
144 #define CC3XX_CONFIG_EC_CURVE_SECP_192_K1_ENABLE
145 #define CC3XX_CONFIG_EC_CURVE_SECP_224_K1_ENABLE
146 #define CC3XX_CONFIG_EC_CURVE_SECP_256_K1_ENABLE
147 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_192_R1_ENABLE
148 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_224_R1_ENABLE
149 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_256_R1_ENABLE
150 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_320_R1_ENABLE
151 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_384_R1_ENABLE
152 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_512_R1_ENABLE
153 #define CC3XX_CONFIG_EC_CURVE_FRP_256_V1_ENABLE
154 
155 /* #define CC3XX_CONFIG_EC_CURVE_25519_ENABLE */
156 /* #define CC3XX_CONFIG_EC_CURVE_448_ENABLE */
157 
158 /* #define CC3XX_CONFIG_EC_CURVE_ED25519_ENABLE */
159 /* #define CC3XX_CONFIG_EC_CURVE_ED448_ENABLE */
160 
161 /* What the maximum DPA countermeasure blinding multiple is for EC point-scalar
162  * multiplication.
163  */
164 #define CC3XX_CONFIG_EC_DPA_MAX_BLIND_MULTIPLE 32
165 
166 /* Whether the Shamir trick will be used to improve performance of point-scalar
167  * multiplication on non-secret data. Has a code-size penalty.
168  */
169 #define CC3XX_CONFIG_EC_SHAMIR_TRICK_ENABLE
170 
171 /* Whether various ECDSA features are enabled */
172 #define CC3XX_CONFIG_ECDSA_SIGN_ENABLE
173 #define CC3XX_CONFIG_ECDSA_VERIFY_ENABLE
174 #define CC3XX_CONFIG_ECDSA_KEYGEN_ENABLE
175 
176 /* Whether ECDH feature is enabled */
177 #define CC3XX_CONFIG_ECDH_ENABLE
178 
179 /* Whether DPA mitigations are enabled. Has a code-size and performance cost */
180 /* #define CC3XX_CONFIG_DPA_MITIGATIONS_ENABLE */
181 
182 /* Whether DFA mitigations are enabled. Has a code-size and performance cost */
183 /* #define CC3XX_CONFIG_DFA_MITIGATIONS_ENABLE */
184 
185 /* Whether an external secure word copying function (for copying keys etc) will
186  * be provided by the platform
187  */
188 #define CC3XX_CONFIG_STDLIB_EXTERNAL_SECURE_WORD_COPY
189 
190 #ifndef CC3XX_CONFIG_STDLIB_LFSR_MAX_ATTEMPTS
191 #define CC3XX_CONFIG_STDLIB_LFSR_MAX_ATTEMPTS 128
192 #endif /* CC3XX_CONFIG_STDLIB_LFSR_MAX_ATTEMPTS */
193 
194 #endif /* CC3XX_CONFIG_H */
195