1 /*
2  * Copyright (c) 2021-2024, The TrustedFirmware-M Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #ifndef CC3XX_CONFIG_H
9 #define CC3XX_CONFIG_H
10 
11 #ifndef CC3XX_CONFIG_BASE_ADDRESS
12 #include "platform_base_address.h"
13 #define CC3XX_CONFIG_BASE_ADDRESS (CC3XX_BASE_S)
14 #endif /* CC3XX_CONFIG_BASE_ADDRESS */
15 
16 /* Whether the SHA256 hash support is enabled */
17 #define CC3XX_CONFIG_HASH_SHA256_ENABLE
18 
19 /* Whether the SHA224 hash support is enabled */
20 /* #define CC3XX_CONFIG_HASH_SHA224_ENABLE */
21 
22 /* Whether the SHA1 hash support is enabled */
23 /* #define CC3XX_CONFIG_HASH_SHA1_ENABLE */
24 
25 /* Whether the AES CTR support is enabled */
26 #define CC3XX_CONFIG_AES_CTR_ENABLE
27 
28 /* Whether the AES ECB support is enabled */
29 #define CC3XX_CONFIG_AES_ECB_ENABLE
30 
31 /* Whether the AES CBC support is enabled */
32 /* #define CC3XX_CONFIG_AES_CBC_ENABLE */
33 
34 /* Whether the AES GCM support is enabled */
35 /* #define CC3XX_CONFIG_AES_GCM_ENABLE */
36 /* #define CC3XX_CONFIG_AES_GCM_VARIABLE_IV_ENABLE */
37 
38 /* Whether the AES CMAC support is enabled */
39 #define CC3XX_CONFIG_AES_CMAC_ENABLE
40 
41 /* Whether the AES CCM support is enabled */
42 /* #define CC3XX_CONFIG_AES_CCM_ENABLE */
43 
44 /* Whether the AES tunnelling support is enabled. Without this, running CCM mode
45  * AES will instead only run the CBC_MAC operation with the CCM IVs, with the
46  * CTR decryption having to be done seperately. */
47 #define CC3XX_CONFIG_AES_TUNNELLING_ENABLE
48 
49 /* Whether CHACHA is enabled */
50 /* #define CC3XX_CONFIG_CHACHA_ENABLE */
51 
52 /* Whether CHACHA_POLY1305 is enabled */
53 /* #define CC3XX_CONFIG_CHACHA_POLY1305_ENABLE */
54 
55 /* Whether DMA remapping is enabled */
56 #define CC3XX_CONFIG_DMA_REMAP_ENABLE
57 
58 /* Whether DMA supports working on cached memories */
59 /* #define CC3XX_CONFIG_DMA_CACHE_FLUSH_ENABLE */
60 
61 /* Whether CC will WFI instead of busy-wait looping while waiting for crypto
62  * operations to complete.
63  */
64 /* #define CC3XX_CONFIG_DMA_WFI_WAIT_ENABLE */
65 
66 /* How many DMA remap regions are available */
67 #ifndef CC3XX_CONFIG_DMA_REMAP_REGION_AM
68 #define CC3XX_CONFIG_DMA_REMAP_REGION_AM 4
69 #endif /* CC3XX_CONFIG_DMA_REMAP_REGION_AM */
70 
71 /* Whether RNG is enabled */
72 #define CC3XX_CONFIG_RNG_ENABLE
73 
74 /* Whether an external TRNG should be used in place of the standard CC3XX TRNG */
75 /* #define CC3XX_CONFIG_RNG_EXTERNAL_TRNG */
76 
77 /* The number of times the TRNG will be re-read when it fails a statical test
78  * before an error is returned.
79  */
80 #ifndef CC3XX_CONFIG_RNG_MAX_ATTEMPTS
81 #define CC3XX_CONFIG_RNG_MAX_ATTEMPTS 16
82 #endif /* CC3XX_CONFIG_RNG_MAX_ATTEMPTS */
83 
84 /* This is the number of cycles between consecutive samples of the oscillator
85  * output. It needs to be set to a _reasonably_ large number, though It's
86  * unclear exactly what sort of number is reasonable. In general, if the
87  * statistical tests keep failing then increase it, if the RNG is too slow then
88  * decrease it.  A sensible default is set here, and has worked correctly with a
89  * variety of cc3xx implementations.
90  */
91 #ifndef CC3XX_CONFIG_RNG_SUBSAMPLING_RATE
92 #define CC3XX_CONFIG_RNG_SUBSAMPLING_RATE 0x1337
93 #endif /* !CC_RNG_SUBSAMPLING_RATE */
94 
95 /* Between 0 and 3 inclusive. 0 should be the fastest oscillator ring */
96 #ifndef CC3XX_CONFIG_RNG_RING_OSCILLATOR_ID
97 #define CC3XX_CONFIG_RNG_RING_OSCILLATOR_ID 0
98 #endif /* !CC_RNG_RING_OSCILLATOR_ID */
99 
100 /* How many virtual registers can be allocated in the PKA engine */
101 #ifndef CC3XX_CONFIG_PKA_MAX_VIRT_REG_AMOUNT
102 #define CC3XX_CONFIG_PKA_MAX_VIRT_REG_AMOUNT 64
103 #endif /* CC3XX_CONFIG_PKA_MAX_VIRT_REG_AMOUNT */
104 
105 /* Whether barrett tags will be calculated if they are not known. Note that
106  * barrett tags are required for modular reduction. If disabled, this may
107  * decrease code size.
108  */
109 #define CC3XX_CONFIG_PKA_CALC_NP_ENABLE
110 
111 /* Whether PKA operations will be inlined to increase performance at the cost of
112  * code size
113  */
114 #define CC3XX_CONFIG_PKA_INLINE_FOR_PERFORMANCE
115 
116 /* Whether PKA variables will be aligned to word-size to increase performance at
117  * the cost of code size
118  */
119 #define CC3XX_CONFIG_PKA_ALIGN_FOR_PERFORMANCE
120 
121 /* Whether various EC curve types are enabled */
122 #define CC3XX_CONFIG_EC_CURVE_TYPE_WEIERSTRASS_ENABLE
123 /* #define CC3XX_CONFIG_EC_CURVE_TYPE_MONTGOMERY_ENABLE */
124 /* #define CC3XX_CONFIG_EC_CURVE_TYPE_TWISTED_EDWARDS_ENABLE */
125 
126 /* Whether various EC curves are enabled */
127 #define CC3XX_CONFIG_EC_CURVE_SECP_192_R1_ENABLE
128 #define CC3XX_CONFIG_EC_CURVE_SECP_224_R1_ENABLE
129 #define CC3XX_CONFIG_EC_CURVE_SECP_256_R1_ENABLE
130 #define CC3XX_CONFIG_EC_CURVE_SECP_384_R1_ENABLE
131 #define CC3XX_CONFIG_EC_CURVE_SECP_521_R1_ENABLE
132 #define CC3XX_CONFIG_EC_CURVE_SECP_192_K1_ENABLE
133 #define CC3XX_CONFIG_EC_CURVE_SECP_224_K1_ENABLE
134 #define CC3XX_CONFIG_EC_CURVE_SECP_256_K1_ENABLE
135 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_192_R1_ENABLE
136 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_224_R1_ENABLE
137 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_256_R1_ENABLE
138 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_320_R1_ENABLE
139 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_384_R1_ENABLE
140 #define CC3XX_CONFIG_EC_CURVE_BRAINPOOLP_512_R1_ENABLE
141 #define CC3XX_CONFIG_EC_CURVE_FRP_256_V1_ENABLE
142 
143 /* #define CC3XX_CONFIG_EC_CURVE_25519_ENABLE */
144 /* #define CC3XX_CONFIG_EC_CURVE_448_ENABLE */
145 
146 /* #define CC3XX_CONFIG_EC_CURVE_ED25519_ENABLE */
147 /* #define CC3XX_CONFIG_EC_CURVE_ED448_ENABLE */
148 
149 /* What the maximum DPA countermeasure blinding multiple is for EC point-scalar
150  * multiplication.
151  */
152 #define CC3XX_CONFIG_EC_DPA_MAX_BLIND_MULTIPLE 32
153 
154 /* Whether the Shamir trick will be used to improve performance of point-scalar
155  * multiplication on non-secret data. Has a code-size penalty.
156  */
157 #define CC3XX_CONFIG_EC_SHAMIR_TRICK_ENABLE
158 
159 /* Whether various ECDSA features are enabled */
160 #define CC3XX_CONFIG_ECDSA_SIGN_ENABLE
161 #define CC3XX_CONFIG_ECDSA_VERIFY_ENABLE
162 #define CC3XX_CONFIG_ECDSA_KEYGEN_ENABLE
163 
164 /* Whether DPA mitigations are enabled. Has a code-size and performance cost */
165 #define CC3XX_CONFIG_DPA_MITIGATIONS_ENABLE
166 
167 /* Whether DFA mitigations are enabled. Has a code-size and performance cost */
168 #define CC3XX_CONFIG_DFA_MITIGATIONS_ENABLE
169 
170 /* Whether an external secure word copying function (for copying keys etc) will
171  * be provided by the platform
172  */
173 #define CC3XX_CONFIG_STDLIB_EXTERNAL_SECURE_WORD_COPY
174 
175 #ifndef CC3XX_CONFIG_STDLIB_LFSR_MAX_ATTEMPTS
176 #define CC3XX_CONFIG_STDLIB_LFSR_MAX_ATTEMPTS 128
177 #endif /* CC3XX_CONFIG_STDLIB_LFSR_MAX_ATTEMPTS */
178 
179 #endif /* CC3XX_CONFIG_H */
180