1 /*
2  * Copyright (c) 2022-2023, STMicroelectronics - All Rights Reserved
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 #ifndef MBEDTLS_CONFIG_H
7 #define MBEDTLS_CONFIG_H
8 
9 /*
10  * Key algorithms currently supported on mbed TLS libraries
11  */
12 #define TF_MBEDTLS_USE_RSA	0
13 #define TF_MBEDTLS_USE_ECDSA	1
14 
15 /*
16  * Hash algorithms currently supported on mbed TLS libraries
17  */
18 #define TF_MBEDTLS_SHA256		1
19 #define TF_MBEDTLS_SHA384		2
20 #define TF_MBEDTLS_SHA512		3
21 
22 /*
23  * Configuration file to build mbed TLS with the required features for
24  * Trusted Boot
25  */
26 
27 #define MBEDTLS_PLATFORM_MEMORY
28 #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
29 /* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */
30 #define MBEDTLS_PLATFORM_SNPRINTF_ALT
31 
32 #define MBEDTLS_PKCS1_V21
33 
34 #define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
35 #define MBEDTLS_X509_CHECK_KEY_USAGE
36 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
37 
38 #define MBEDTLS_ASN1_PARSE_C
39 #define MBEDTLS_ASN1_WRITE_C
40 
41 #define MBEDTLS_BASE64_C
42 #define MBEDTLS_BIGNUM_C
43 
44 #define MBEDTLS_ERROR_C
45 #define MBEDTLS_MD_C
46 
47 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C
48 #define MBEDTLS_OID_C
49 
50 #define MBEDTLS_PK_C
51 #define MBEDTLS_PK_PARSE_C
52 #define MBEDTLS_PK_WRITE_C
53 
54 #define MBEDTLS_PLATFORM_C
55 
56 #if TF_MBEDTLS_USE_ECDSA
57 #define MBEDTLS_ECDSA_C
58 #define MBEDTLS_ECP_C
59 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
60 #define MBEDTLS_ECP_NO_INTERNAL_RNG
61 #endif
62 #if TF_MBEDTLS_USE_RSA
63 #define MBEDTLS_RSA_C
64 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
65 #endif
66 
67 #define MBEDTLS_SHA256_C
68 #if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256)
69 #define MBEDTLS_SHA512_C
70 #endif
71 
72 #define MBEDTLS_VERSION_C
73 
74 #define MBEDTLS_X509_USE_C
75 #define MBEDTLS_X509_CRT_PARSE_C
76 
77 #if TF_MBEDTLS_USE_AES_GCM
78 #define MBEDTLS_AES_C
79 #define MBEDTLS_CIPHER_C
80 #define MBEDTLS_GCM_C
81 #endif
82 
83 /* MPI / BIGNUM options */
84 #define MBEDTLS_MPI_WINDOW_SIZE			2
85 
86 #if TF_MBEDTLS_USE_RSA
87 #if TF_MBEDTLS_KEY_SIZE <= 2048
88 #define MBEDTLS_MPI_MAX_SIZE			256
89 #else
90 #define MBEDTLS_MPI_MAX_SIZE			512
91 #endif
92 #else
93 #define MBEDTLS_MPI_MAX_SIZE			256
94 #endif
95 
96 /* Memory buffer allocator options */
97 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE		8
98 
99 /*
100  * Prevent the use of 128-bit division which
101  * creates dependency on external libraries.
102  */
103 #define MBEDTLS_NO_UDBL_DIVISION
104 
105 #ifndef __ASSEMBLER__
106 /* System headers required to build mbed TLS with the current configuration */
107 #include <stdlib.h>
108 #include <mbedtls/check_config.h>
109 #endif
110 
111 /*
112  * Mbed TLS heap size is smal as we only use the asn1
113  * parsing functions
114  * digest, signature and crypto algorithm are done by
115  * other library.
116  */
117 
118 #define TF_MBEDTLS_HEAP_SIZE           U(5120)
119 #endif /* MBEDTLS_CONFIG_H */
120