1 /*
2  *  Minimal configuration for using TLS in the bootloader
3  *
4  *  Copyright (C) 2006-2023, ARM Limited, All Rights Reserved
5  *  Copyright (C) 2016, Linaro Ltd
6  *  SPDX-License-Identifier: Apache-2.0
7  *
8  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
9  *  not use this file except in compliance with the License.
10  *  You may obtain a copy of the License at
11  *
12  *  http://www.apache.org/licenses/LICENSE-2.0
13  *
14  *  Unless required by applicable law or agreed to in writing, software
15  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  *  See the License for the specific language governing permissions and
18  *  limitations under the License.
19  *
20  *  This file is part of mbed TLS (https://tls.mbed.org)
21  */
22 
23 /*
24  * Minimal configuration for using TLS in the bootloader
25  *
26  * - RSA signature verification + NIST Keywrapping support
27  */
28 
29 #ifndef MCUBOOT_MBEDTLS_CONFIG_RSA_KW
30 #define MCUBOOT_MBEDTLS_CONFIG_RSA_KW
31 
32 #if defined(MCUBOOT_USE_PSA_CRYPTO)
33 #include "config-add-psa-crypto.h"
34 #endif /* defined(MCUBOOT_USE_PSA_CRYPTO) */
35 
36 #ifdef CONFIG_MCUBOOT_SERIAL
37 /* Mcuboot uses mbedts-base64 for serial protocol encoding. */
38 #define MBEDTLS_BASE64_C
39 #endif
40 
41 /* System support */
42 #define MBEDTLS_PLATFORM_C
43 #define MBEDTLS_PLATFORM_MEMORY
44 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C
45 #define MBEDTLS_NO_PLATFORM_ENTROPY
46 #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
47 
48 /* STD functions */
49 #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
50 
51 #define MBEDTLS_PLATFORM_EXIT_ALT
52 #define MBEDTLS_PLATFORM_PRINTF_ALT
53 #define MBEDTLS_PLATFORM_SNPRINTF_ALT
54 
55 #if !defined(CONFIG_ARM)
56 #define MBEDTLS_HAVE_ASM
57 #endif
58 
59 #define MBEDTLS_RSA_C
60 #define MBEDTLS_PKCS1_V21
61 
62 #define MBEDTLS_CIPHER_MODE_CTR
63 
64 /* mbed TLS modules */
65 #define MBEDTLS_ASN1_PARSE_C
66 #define MBEDTLS_BIGNUM_C
67 #define MBEDTLS_MD_C
68 #define MBEDTLS_OID_C
69 #define MBEDTLS_SHA256_C
70 #define MBEDTLS_SHA224_C
71 #define MBEDTLS_AES_C
72 #define MBEDTLS_CIPHER_C
73 #define MBEDTLS_NIST_KW_C
74 
75 /* Save RAM by adjusting to our exact needs */
76 #define MBEDTLS_ECP_MAX_BITS             2048
77 #define MBEDTLS_MPI_MAX_SIZE              256
78 
79 #define MBEDTLS_SSL_MAX_CONTENT_LEN 1024
80 
81 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
82 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
83 
84 #endif /* MCUBOOT_MBEDTLS_CONFIG_RSA_KW */
85