1 /* 2 * Copyright (c) 2022-2023, STMicroelectronics - All Rights Reserved 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 #ifndef MBEDTLS_CONFIG_H 7 #define MBEDTLS_CONFIG_H 8 9 /* 10 * Key algorithms currently supported on mbed TLS libraries 11 */ 12 #define TF_MBEDTLS_USE_RSA 0 13 #define TF_MBEDTLS_USE_ECDSA 1 14 15 /* 16 * Hash algorithms currently supported on mbed TLS libraries 17 */ 18 #define TF_MBEDTLS_SHA256 1 19 #define TF_MBEDTLS_SHA384 2 20 #define TF_MBEDTLS_SHA512 3 21 22 /* 23 * Configuration file to build mbed TLS with the required features for 24 * Trusted Boot 25 */ 26 27 #define MBEDTLS_PLATFORM_MEMORY 28 #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 29 /* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */ 30 #define MBEDTLS_PLATFORM_SNPRINTF_ALT 31 32 #define MBEDTLS_PKCS1_V21 33 34 #define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 35 #define MBEDTLS_X509_CHECK_KEY_USAGE 36 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 37 38 #define MBEDTLS_ASN1_PARSE_C 39 #define MBEDTLS_ASN1_WRITE_C 40 41 #define MBEDTLS_BASE64_C 42 #define MBEDTLS_BIGNUM_C 43 44 #define MBEDTLS_ERROR_C 45 #define MBEDTLS_MD_C 46 47 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C 48 #define MBEDTLS_OID_C 49 50 #define MBEDTLS_PK_C 51 #define MBEDTLS_PK_PARSE_C 52 #define MBEDTLS_PK_WRITE_C 53 54 #define MBEDTLS_PLATFORM_C 55 56 #if TF_MBEDTLS_USE_ECDSA 57 #define MBEDTLS_ECDSA_C 58 #define MBEDTLS_ECP_C 59 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 60 #define MBEDTLS_ECP_NO_INTERNAL_RNG 61 #endif 62 #if TF_MBEDTLS_USE_RSA 63 #define MBEDTLS_RSA_C 64 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT 65 #endif 66 67 #define MBEDTLS_SHA256_C 68 #if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256) 69 #define MBEDTLS_SHA512_C 70 #endif 71 72 #define MBEDTLS_VERSION_C 73 74 #define MBEDTLS_X509_USE_C 75 #define MBEDTLS_X509_CRT_PARSE_C 76 77 #if TF_MBEDTLS_USE_AES_GCM 78 #define MBEDTLS_AES_C 79 #define MBEDTLS_CIPHER_C 80 #define MBEDTLS_GCM_C 81 #endif 82 83 /* MPI / BIGNUM options */ 84 #define MBEDTLS_MPI_WINDOW_SIZE 2 85 86 #if TF_MBEDTLS_USE_RSA 87 #if TF_MBEDTLS_KEY_SIZE <= 2048 88 #define MBEDTLS_MPI_MAX_SIZE 256 89 #else 90 #define MBEDTLS_MPI_MAX_SIZE 512 91 #endif 92 #else 93 #define MBEDTLS_MPI_MAX_SIZE 256 94 #endif 95 96 /* Memory buffer allocator options */ 97 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8 98 99 /* 100 * Prevent the use of 128-bit division which 101 * creates dependency on external libraries. 102 */ 103 #define MBEDTLS_NO_UDBL_DIVISION 104 105 #ifndef __ASSEMBLER__ 106 /* System headers required to build mbed TLS with the current configuration */ 107 #include <stdlib.h> 108 #include <mbedtls/check_config.h> 109 #endif 110 111 /* 112 * Mbed TLS heap size is smal as we only use the asn1 113 * parsing functions 114 * digest, signature and crypto algorithm are done by 115 * other library. 116 */ 117 118 #define TF_MBEDTLS_HEAP_SIZE U(5120) 119 #endif /* MBEDTLS_CONFIG_H */ 120