1 /** 2 * \file psa/crypto_config.h 3 * \brief PSA crypto configuration options (set of defines) 4 * 5 */ 6 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) 7 /** 8 * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h, 9 * this file determines which cryptographic mechanisms are enabled 10 * through the PSA Cryptography API (\c psa_xxx() functions). 11 * 12 * To enable a cryptographic mechanism, uncomment the definition of 13 * the corresponding \c PSA_WANT_xxx preprocessor symbol. 14 * To disable a cryptographic mechanism, comment out the definition of 15 * the corresponding \c PSA_WANT_xxx preprocessor symbol. 16 * The names of cryptographic mechanisms correspond to values 17 * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead 18 * of \c PSA_. 19 * 20 * Note that many cryptographic mechanisms involve two symbols: one for 21 * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm 22 * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve 23 * additional symbols. 24 */ 25 #else 26 /** 27 * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h, 28 * this file is not used, and cryptographic mechanisms are supported 29 * through the PSA API if and only if they are supported through the 30 * mbedtls_xxx API. 31 */ 32 #endif 33 /* 34 * Copyright The Mbed TLS Contributors 35 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 36 */ 37 38 #ifndef PSA_CRYPTO_CONFIG_H 39 #define PSA_CRYPTO_CONFIG_H 40 41 /* 42 * CBC-MAC is not yet supported via the PSA API in Mbed TLS. 43 */ 44 //#define PSA_WANT_ALG_CBC_MAC 1 45 #define PSA_WANT_ALG_CBC_NO_PADDING 1 46 #define PSA_WANT_ALG_CBC_PKCS7 1 47 #define PSA_WANT_ALG_CCM 1 48 #define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 49 #define PSA_WANT_ALG_CMAC 1 50 #define PSA_WANT_ALG_CFB 1 51 #define PSA_WANT_ALG_CHACHA20_POLY1305 1 52 #define PSA_WANT_ALG_CTR 1 53 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 54 #define PSA_WANT_ALG_ECB_NO_PADDING 1 55 #define PSA_WANT_ALG_ECDH 1 56 #define PSA_WANT_ALG_FFDH 1 57 #define PSA_WANT_ALG_ECDSA 1 58 #define PSA_WANT_ALG_JPAKE 1 59 #define PSA_WANT_ALG_GCM 1 60 #define PSA_WANT_ALG_HKDF 1 61 #define PSA_WANT_ALG_HKDF_EXTRACT 1 62 #define PSA_WANT_ALG_HKDF_EXPAND 1 63 #define PSA_WANT_ALG_HMAC 1 64 #define PSA_WANT_ALG_MD5 1 65 #define PSA_WANT_ALG_OFB 1 66 #define PSA_WANT_ALG_PBKDF2_HMAC 1 67 #define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1 68 #define PSA_WANT_ALG_RIPEMD160 1 69 #define PSA_WANT_ALG_RSA_OAEP 1 70 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 71 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 72 #define PSA_WANT_ALG_RSA_PSS 1 73 #define PSA_WANT_ALG_SHA_1 1 74 #define PSA_WANT_ALG_SHA_224 1 75 #define PSA_WANT_ALG_SHA_256 1 76 #define PSA_WANT_ALG_SHA_384 1 77 #define PSA_WANT_ALG_SHA_512 1 78 #define PSA_WANT_ALG_SHA3_224 1 79 #define PSA_WANT_ALG_SHA3_256 1 80 #define PSA_WANT_ALG_SHA3_384 1 81 #define PSA_WANT_ALG_SHA3_512 1 82 #define PSA_WANT_ALG_STREAM_CIPHER 1 83 #define PSA_WANT_ALG_TLS12_PRF 1 84 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 85 #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 86 87 /* XTS is not yet supported via the PSA API in Mbed TLS. 88 * Note: when adding support, also adjust include/mbedtls/config_psa.h */ 89 //#define PSA_WANT_ALG_XTS 1 90 91 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 92 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 93 #define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 94 #define PSA_WANT_ECC_MONTGOMERY_255 1 95 #define PSA_WANT_ECC_MONTGOMERY_448 1 96 #define PSA_WANT_ECC_SECP_K1_192 1 97 /* 98 * SECP224K1 is buggy via the PSA API in Mbed TLS 99 * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by 100 * default. 101 */ 102 //#define PSA_WANT_ECC_SECP_K1_224 1 103 #define PSA_WANT_ECC_SECP_K1_256 1 104 #define PSA_WANT_ECC_SECP_R1_192 1 105 #define PSA_WANT_ECC_SECP_R1_224 1 106 /* For secp256r1, consider enabling #MBEDTLS_PSA_P256M_DRIVER_ENABLED 107 * (see the description in mbedtls/mbedtls_config.h for details). */ 108 #define PSA_WANT_ECC_SECP_R1_256 1 109 #define PSA_WANT_ECC_SECP_R1_384 1 110 #define PSA_WANT_ECC_SECP_R1_521 1 111 112 #define PSA_WANT_KEY_TYPE_DERIVE 1 113 #define PSA_WANT_KEY_TYPE_PASSWORD 1 114 #define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1 115 #define PSA_WANT_KEY_TYPE_HMAC 1 116 #define PSA_WANT_KEY_TYPE_AES 1 117 #define PSA_WANT_KEY_TYPE_ARIA 1 118 #define PSA_WANT_KEY_TYPE_CAMELLIA 1 119 #define PSA_WANT_KEY_TYPE_CHACHA20 1 120 #define PSA_WANT_KEY_TYPE_DES 1 121 //#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */ 122 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 123 #define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 124 #define PSA_WANT_KEY_TYPE_RAW_DATA 1 125 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */ 126 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 127 128 /* 129 * The following symbols extend and deprecate the legacy 130 * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in 131 * the name's suffix. "_USE" is the most generic and it can be used to describe 132 * a generic suport, whereas other ones add more features on top of that and 133 * they are more specific. 134 */ 135 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 136 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 137 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 138 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 139 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 140 141 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 142 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 143 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 144 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 145 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */ 146 147 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 148 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 149 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 150 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 151 //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 /* Not supported */ 152 153 #endif /* PSA_CRYPTO_CONFIG_H */ 154