1 /* 2 * Copyright The Mbed TLS Contributors 3 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 4 */ 5 /** 6 * \file psa/crypto_config.h 7 * \brief PSA crypto configuration options (set of defines) 8 * 9 */ 10 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) 11 /** 12 * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h, 13 * this file determines which cryptographic mechanisms are enabled 14 * through the PSA Cryptography API (\c psa_xxx() functions). 15 * 16 * To enable a cryptographic mechanism, uncomment the definition of 17 * the corresponding \c PSA_WANT_xxx preprocessor symbol. 18 * To disable a cryptographic mechanism, comment out the definition of 19 * the corresponding \c PSA_WANT_xxx preprocessor symbol. 20 * The names of cryptographic mechanisms correspond to values 21 * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead 22 * of \c PSA_. 23 * 24 * Note that many cryptographic mechanisms involve two symbols: one for 25 * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm 26 * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve 27 * additional symbols. 28 */ 29 #else 30 /** 31 * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h, 32 * this file is not used, and cryptographic mechanisms are supported 33 * through the PSA API if and only if they are supported through the 34 * mbedtls_xxx API. 35 */ 36 #endif 37 38 #ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H 39 #define PROFILE_M_PSA_CRYPTO_CONFIG_H 40 41 /* 42 * CBC-MAC is not yet supported via the PSA API in Mbed TLS. 43 */ 44 //#define PSA_WANT_ALG_CBC_MAC 1 45 //#define PSA_WANT_ALG_CBC_NO_PADDING 1 46 //#define PSA_WANT_ALG_CBC_PKCS7 1 47 #define PSA_WANT_ALG_CCM 1 48 //#define PSA_WANT_ALG_CMAC 1 49 //#define PSA_WANT_ALG_CFB 1 50 //#define PSA_WANT_ALG_CHACHA20_POLY1305 1 51 //#define PSA_WANT_ALG_CTR 1 52 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 53 //#define PSA_WANT_ALG_ECB_NO_PADDING 1 54 #define PSA_WANT_ALG_ECDH 1 55 #define PSA_WANT_ALG_ECDSA 1 56 //#define PSA_WANT_ALG_GCM 1 57 #define PSA_WANT_ALG_HKDF 1 58 #define PSA_WANT_ALG_HMAC 1 59 //#define PSA_WANT_ALG_MD5 1 60 //#define PSA_WANT_ALG_OFB 1 61 /* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. 62 * Note: when adding support, also adjust include/mbedtls/config_psa.h */ 63 //#define PSA_WANT_ALG_PBKDF2_HMAC 1 64 //#define PSA_WANT_ALG_RIPEMD160 1 65 //#define PSA_WANT_ALG_RSA_OAEP 1 66 //#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 67 //#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 68 //#define PSA_WANT_ALG_RSA_PSS 1 69 //#define PSA_WANT_ALG_SHA_1 1 70 #define PSA_WANT_ALG_SHA_224 1 71 #define PSA_WANT_ALG_SHA_256 1 72 //#define PSA_WANT_ALG_SHA_384 1 73 //#define PSA_WANT_ALG_SHA_512 1 74 //#define PSA_WANT_ALG_STREAM_CIPHER 1 75 #define PSA_WANT_ALG_TLS12_PRF 1 76 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 77 /* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. 78 * Note: when adding support, also adjust include/mbedtls/config_psa.h */ 79 //#define PSA_WANT_ALG_XTS 1 80 81 //#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 82 //#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 83 //#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 84 //#define PSA_WANT_ECC_MONTGOMERY_255 1 85 //#define PSA_WANT_ECC_MONTGOMERY_448 1 86 //#define PSA_WANT_ECC_SECP_K1_192 1 87 /* 88 * SECP224K1 is buggy via the PSA API in Mbed TLS 89 * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by 90 * default. 91 */ 92 //#define PSA_WANT_ECC_SECP_K1_224 1 93 //#define PSA_WANT_ECC_SECP_K1_256 1 94 //#define PSA_WANT_ECC_SECP_R1_192 1 95 //#define PSA_WANT_ECC_SECP_R1_224 1 96 #define PSA_WANT_ECC_SECP_R1_256 1 97 //#define PSA_WANT_ECC_SECP_R1_384 1 98 //#define PSA_WANT_ECC_SECP_R1_521 1 99 100 #define PSA_WANT_KEY_TYPE_DERIVE 1 101 #define PSA_WANT_KEY_TYPE_HMAC 1 102 #define PSA_WANT_KEY_TYPE_AES 1 103 //#define PSA_WANT_KEY_TYPE_ARIA 1 104 //#define PSA_WANT_KEY_TYPE_CAMELLIA 1 105 //#define PSA_WANT_KEY_TYPE_CHACHA20 1 106 //#define PSA_WANT_KEY_TYPE_DES 1 107 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 108 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 109 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 110 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 111 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 112 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 113 #define PSA_WANT_KEY_TYPE_RAW_DATA 1 114 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 115 //#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 116 117 /*********************************************************************** 118 * Local edits below this delimiter 119 **********************************************************************/ 120 121 /* Between Mbed TLS 3.4 and 3.5, the PSA_WANT_KEY_TYPE_RSA_KEY_PAIR macro 122 * (commented-out above) has been replaced with the following new macros: */ 123 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 124 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 125 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 126 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 127 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */ 128 129 /* Between Mbed TLS 3.4 and 3.5, the following macros have been added: */ 130 //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 131 //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 132 //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 133 //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 134 //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 // Not supported 135 136 #endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */ 137
