1 /*
2  * Copyright (c) 2018-2023, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 /**
8  * \file psa/crypto_config.h
9  * \brief PSA crypto configuration options (set of defines)
10  *
11  */
12 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
13 /**
14  * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
15  * this file determines which cryptographic mechanisms are enabled
16  * through the PSA Cryptography API (\c psa_xxx() functions).
17  *
18  * To enable a cryptographic mechanism, uncomment the definition of
19  * the corresponding \c PSA_WANT_xxx preprocessor symbol.
20  * To disable a cryptographic mechanism, comment out the definition of
21  * the corresponding \c PSA_WANT_xxx preprocessor symbol.
22  * The names of cryptographic mechanisms correspond to values
23  * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead
24  * of \c PSA_.
25  *
26  * Note that many cryptographic mechanisms involve two symbols: one for
27  * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm
28  * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve
29  * additional symbols.
30  */
31 #else
32 /**
33  * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h,
34  * this file is not used, and cryptographic mechanisms are supported
35  * through the PSA API if and only if they are supported through the
36  * mbedtls_xxx API.
37  */
38 #endif
39 
40 #ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H
41 #define PROFILE_M_PSA_CRYPTO_CONFIG_H
42 
43 /*
44  * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
45  */
46 //#define PSA_WANT_ALG_CBC_MAC                    1
47 //#define PSA_WANT_ALG_CBC_NO_PADDING             1
48 //#define PSA_WANT_ALG_CBC_PKCS7                  1
49 #define PSA_WANT_ALG_CCM                        1
50 //#define PSA_WANT_ALG_CMAC                       1
51 //#define PSA_WANT_ALG_CFB                        1
52 //#define PSA_WANT_ALG_CHACHA20_POLY1305          1
53 //#define PSA_WANT_ALG_CTR                        1
54 //#define PSA_WANT_ALG_DETERMINISTIC_ECDSA        1
55 //#define PSA_WANT_ALG_ECB_NO_PADDING             1
56 #define PSA_WANT_ALG_ECDH                       1
57 #define PSA_WANT_ALG_ECDSA                      1
58 //#define PSA_WANT_ALG_GCM                        1
59 #define PSA_WANT_ALG_HKDF                       1
60 #define PSA_WANT_ALG_HMAC                       1
61 //#define PSA_WANT_ALG_MD5                        1
62 //#define PSA_WANT_ALG_OFB                        1
63 /* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
64  * Note: when adding support, also adjust include/mbedtls/config_psa.h */
65 //#define PSA_WANT_ALG_PBKDF2_HMAC                1
66 //#define PSA_WANT_ALG_RIPEMD160                  1
67 //#define PSA_WANT_ALG_RSA_OAEP                   1
68 //#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT         1
69 //#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN          1
70 //#define PSA_WANT_ALG_RSA_PSS                    1
71 //#define PSA_WANT_ALG_SHA_1                      1
72 #define PSA_WANT_ALG_SHA_224                    1
73 #define PSA_WANT_ALG_SHA_256                    1
74 //#define PSA_WANT_ALG_SHA_384                    1
75 //#define PSA_WANT_ALG_SHA_512                    1
76 //#define PSA_WANT_ALG_STREAM_CIPHER              1
77 #define PSA_WANT_ALG_TLS12_PRF                  1
78 #define PSA_WANT_ALG_TLS12_PSK_TO_MS            1
79 /* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
80  * Note: when adding support, also adjust include/mbedtls/config_psa.h */
81 //#define PSA_WANT_ALG_XTS                        1
82 
83 //#define PSA_WANT_ECC_BRAINPOOL_P_R1_256         1
84 //#define PSA_WANT_ECC_BRAINPOOL_P_R1_384         1
85 //#define PSA_WANT_ECC_BRAINPOOL_P_R1_512         1
86 //#define PSA_WANT_ECC_MONTGOMERY_255             1
87 //#define PSA_WANT_ECC_MONTGOMERY_448             1
88 //#define PSA_WANT_ECC_SECP_K1_192                1
89 /*
90  * SECP224K1 is buggy via the PSA API in Mbed TLS
91  * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
92  * default.
93  */
94 //#define PSA_WANT_ECC_SECP_K1_224                1
95 //#define PSA_WANT_ECC_SECP_K1_256                1
96 //#define PSA_WANT_ECC_SECP_R1_192                1
97 //#define PSA_WANT_ECC_SECP_R1_224                1
98 #define PSA_WANT_ECC_SECP_R1_256                1
99 //#define PSA_WANT_ECC_SECP_R1_384                1
100 //#define PSA_WANT_ECC_SECP_R1_521                1
101 
102 #define PSA_WANT_KEY_TYPE_DERIVE                1
103 #define PSA_WANT_KEY_TYPE_HMAC                  1
104 #define PSA_WANT_KEY_TYPE_AES                   1
105 //#define PSA_WANT_KEY_TYPE_ARIA                  1
106 //#define PSA_WANT_KEY_TYPE_CAMELLIA              1
107 //#define PSA_WANT_KEY_TYPE_CHACHA20              1
108 //#define PSA_WANT_KEY_TYPE_DES                   1
109 //#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR          1 /* Deprecated */
110 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY        1
111 #define PSA_WANT_KEY_TYPE_RAW_DATA              1
112 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR          1 /* Deprecated */
113 //#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY        1
114 
115 /*
116  * The following symbols extend and deprecate the legacy
117  * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in
118  * the name's suffix. "_USE" is the most generic and it can be used to describe
119  * a generic suport, whereas other ones add more features on top of that and
120  * they are more specific.
121  */
122 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC      1
123 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT   1
124 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT   1
125 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
126 //#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE   1
127 
128 #ifdef CRYPTO_HW_ACCELERATOR
129 #include "crypto_accelerator_config.h"
130 #endif
131 
132 #endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */
133