1 /*
2  *  Minimal configuration for using TLS in the bootloader
3  *
4  *  Copyright (C) 2006-2022, Arm Limited. All rights reserved.
5  *  Copyright (C) 2016, Linaro Ltd
6  *
7  *  SPDX-License-Identifier: Apache-2.0
8  *
9  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
10  *  not use this file except in compliance with the License.
11  *  You may obtain a copy of the License at
12  *
13  *  http://www.apache.org/licenses/LICENSE-2.0
14  *
15  *  Unless required by applicable law or agreed to in writing, software
16  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18  *  See the License for the specific language governing permissions and
19  *  limitations under the License.
20  *
21  *  This file is part of mbed TLS (https://tls.mbed.org)
22  */
23 
24 /*
25  * Original code taken from mcuboot project at:
26  * https://github.com/mcu-tools/mcuboot
27  * Git SHA of the original version: ac55554059147fff718015be9f4bd3108123f50a
28  */
29 
30 /*
31  * Minimal configuration for using TLS in the bootloader
32  *
33  * - RSA signature verification
34  */
35 
36 #ifndef __MCUBOOT_MBEDTLS_CFG__
37 #define __MCUBOOT_MBEDTLS_CFG__
38 
39 /* System support */
40 #define MBEDTLS_PLATFORM_C
41 #define MBEDTLS_PLATFORM_MEMORY
42 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C
43 #define MBEDTLS_NO_PLATFORM_ENTROPY
44 #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
45 
46 #define MBEDTLS_PLATFORM_EXIT_ALT
47 #define MBEDTLS_PLATFORM_PRINTF_ALT
48 
49 #define MBEDTLS_RSA_C
50 #define MBEDTLS_PKCS1_V21
51 
52 /* mbed TLS modules */
53 #define MBEDTLS_ASN1_PARSE_C
54 #define MBEDTLS_ASN1_WRITE_C
55 #define MBEDTLS_BIGNUM_C
56 #define MBEDTLS_MD_C
57 #define MBEDTLS_OID_C
58 #define MBEDTLS_SHA256_C
59 #define MBEDTLS_SHA224_C
60 #define MBEDTLS_AES_C
61 #define MBEDTLS_CIPHER_MODE_CTR
62 
63 /* Save RAM by adjusting to our exact needs */
64 #if MCUBOOT_SIGN_RSA_LEN == 3072
65 #define MBEDTLS_MPI_MAX_SIZE 384
66 #else /* RSA2048 */
67 #define MBEDTLS_MPI_MAX_SIZE 256
68 #endif
69 
70 #define MBEDTLS_SSL_MAX_CONTENT_LEN 1024
71 
72 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
73 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
74 
75 #ifdef CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING
76 #define MBEDTLS_CIPHER_C
77 #define MBEDTLS_CCM_C
78 #define MBEDTLS_ECDSA_C
79 #define MBEDTLS_ECP_C
80 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
81 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
82 #endif /* CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING */
83 
84 #ifdef CRYPTO_HW_ACCELERATOR
85 #ifndef LEGACY_DRIVER_API_ENABLED
86 /*
87  * Forcing the legacy driver API enabled all the time regardless of
88  * cmake configuration in BL2.
89  */
90 #define LEGACY_DRIVER_API_ENABLED
91 #warning "Use legacy driver API for BL2"
92 #include "mbedtls_accelerator_config.h"
93 #undef LEGACY_DRIVER_API_ENABLED
94 #else
95 #include "mbedtls_accelerator_config.h"
96 #endif /* !LEGACY_DRIVER_API_ENABLED */
97 #endif
98 
99 #endif /* __MCUBOOT_MBEDTLS_CFG__ */
100