1 /* 2 * Copyright (c) 2018-2023, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 */ 7 /** 8 * \file psa/crypto_config.h 9 * \brief PSA crypto configuration options (set of defines) 10 * 11 */ 12 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) 13 /** 14 * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h, 15 * this file determines which cryptographic mechanisms are enabled 16 * through the PSA Cryptography API (\c psa_xxx() functions). 17 * 18 * To enable a cryptographic mechanism, uncomment the definition of 19 * the corresponding \c PSA_WANT_xxx preprocessor symbol. 20 * To disable a cryptographic mechanism, comment out the definition of 21 * the corresponding \c PSA_WANT_xxx preprocessor symbol. 22 * The names of cryptographic mechanisms correspond to values 23 * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead 24 * of \c PSA_. 25 * 26 * Note that many cryptographic mechanisms involve two symbols: one for 27 * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm 28 * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve 29 * additional symbols. 30 */ 31 #else 32 /** 33 * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h, 34 * this file is not used, and cryptographic mechanisms are supported 35 * through the PSA API if and only if they are supported through the 36 * mbedtls_xxx API. 37 */ 38 #endif 39 40 #ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H 41 #define PROFILE_M_PSA_CRYPTO_CONFIG_H 42 43 /* 44 * CBC-MAC is not yet supported via the PSA API in Mbed TLS. 45 */ 46 //#define PSA_WANT_ALG_CBC_MAC 1 47 //#define PSA_WANT_ALG_CBC_NO_PADDING 1 48 //#define PSA_WANT_ALG_CBC_PKCS7 1 49 #define PSA_WANT_ALG_CCM 1 50 //#define PSA_WANT_ALG_CMAC 1 51 //#define PSA_WANT_ALG_CFB 1 52 //#define PSA_WANT_ALG_CHACHA20_POLY1305 1 53 //#define PSA_WANT_ALG_CTR 1 54 //#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 55 //#define PSA_WANT_ALG_ECB_NO_PADDING 1 56 #define PSA_WANT_ALG_ECDH 1 57 #define PSA_WANT_ALG_ECDSA 1 58 //#define PSA_WANT_ALG_GCM 1 59 #define PSA_WANT_ALG_HKDF 1 60 #define PSA_WANT_ALG_HMAC 1 61 //#define PSA_WANT_ALG_MD5 1 62 //#define PSA_WANT_ALG_OFB 1 63 /* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. 64 * Note: when adding support, also adjust include/mbedtls/config_psa.h */ 65 //#define PSA_WANT_ALG_PBKDF2_HMAC 1 66 //#define PSA_WANT_ALG_RIPEMD160 1 67 //#define PSA_WANT_ALG_RSA_OAEP 1 68 //#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 69 //#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 70 //#define PSA_WANT_ALG_RSA_PSS 1 71 //#define PSA_WANT_ALG_SHA_1 1 72 #define PSA_WANT_ALG_SHA_224 1 73 #define PSA_WANT_ALG_SHA_256 1 74 //#define PSA_WANT_ALG_SHA_384 1 75 //#define PSA_WANT_ALG_SHA_512 1 76 //#define PSA_WANT_ALG_STREAM_CIPHER 1 77 #define PSA_WANT_ALG_TLS12_PRF 1 78 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 79 /* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. 80 * Note: when adding support, also adjust include/mbedtls/config_psa.h */ 81 //#define PSA_WANT_ALG_XTS 1 82 83 //#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 84 //#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 85 //#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 86 //#define PSA_WANT_ECC_MONTGOMERY_255 1 87 //#define PSA_WANT_ECC_MONTGOMERY_448 1 88 //#define PSA_WANT_ECC_SECP_K1_192 1 89 /* 90 * SECP224K1 is buggy via the PSA API in Mbed TLS 91 * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by 92 * default. 93 */ 94 //#define PSA_WANT_ECC_SECP_K1_224 1 95 //#define PSA_WANT_ECC_SECP_K1_256 1 96 //#define PSA_WANT_ECC_SECP_R1_192 1 97 //#define PSA_WANT_ECC_SECP_R1_224 1 98 #define PSA_WANT_ECC_SECP_R1_256 1 99 //#define PSA_WANT_ECC_SECP_R1_384 1 100 //#define PSA_WANT_ECC_SECP_R1_521 1 101 102 #define PSA_WANT_KEY_TYPE_DERIVE 1 103 #define PSA_WANT_KEY_TYPE_HMAC 1 104 #define PSA_WANT_KEY_TYPE_AES 1 105 //#define PSA_WANT_KEY_TYPE_ARIA 1 106 //#define PSA_WANT_KEY_TYPE_CAMELLIA 1 107 //#define PSA_WANT_KEY_TYPE_CHACHA20 1 108 //#define PSA_WANT_KEY_TYPE_DES 1 109 //#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */ 110 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 111 #define PSA_WANT_KEY_TYPE_RAW_DATA 1 112 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */ 113 //#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 114 115 /* 116 * The following symbols extend and deprecate the legacy 117 * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in 118 * the name's suffix. "_USE" is the most generic and it can be used to describe 119 * a generic suport, whereas other ones add more features on top of that and 120 * they are more specific. 121 */ 122 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 123 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 124 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 125 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 126 //#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 127 128 #ifdef CRYPTO_HW_ACCELERATOR 129 #include "crypto_accelerator_config.h" 130 #endif 131 132 #endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */ 133