TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 4edcf693e7d96ef4b6678f7d8b27529f8090d1dd / . / configs / ext / crypto_config_profile_medium.h
blob: 63ed4701deea3185437d3b48e9c9bd924cb5dd86 [file] [log] [blame]
Aditya Deshpande16a62e32023-04-11 16:25:02 +0100[diff] [blame]1/**
2 * \file psa/crypto_config.h
3 * \brief PSA crypto configuration options (set of defines)
4 *
5 */
Dave Rodgmanaeaf1d792023-11-03 11:40:56 +0000[diff] [blame]6/*
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 */
10
Aditya Deshpande16a62e32023-04-11 16:25:02 +0100[diff] [blame]11#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
12/**
13 * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
14 * this file determines which cryptographic mechanisms are enabled
15 * through the PSA Cryptography API (\c psa_xxx() functions).
16 *
17 * To enable a cryptographic mechanism, uncomment the definition of
18 * the corresponding \c PSA_WANT_xxx preprocessor symbol.
19 * To disable a cryptographic mechanism, comment out the definition of
20 * the corresponding \c PSA_WANT_xxx preprocessor symbol.
21 * The names of cryptographic mechanisms correspond to values
22 * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead
23 * of \c PSA_.
24 *
25 * Note that many cryptographic mechanisms involve two symbols: one for
26 * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm
27 * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve
28 * additional symbols.
29 */
30#else
31/**
32 * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h,
33 * this file is not used, and cryptographic mechanisms are supported
34 * through the PSA API if and only if they are supported through the
35 * mbedtls_xxx API.
36 */
37#endif
38
39#ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H
40#define PROFILE_M_PSA_CRYPTO_CONFIG_H
41
42/*
43 * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
44 */
45//#define PSA_WANT_ALG_CBC_MAC 1
46//#define PSA_WANT_ALG_CBC_NO_PADDING 1
47//#define PSA_WANT_ALG_CBC_PKCS7 1
48#define PSA_WANT_ALG_CCM 1
49//#define PSA_WANT_ALG_CMAC 1
50//#define PSA_WANT_ALG_CFB 1
51//#define PSA_WANT_ALG_CHACHA20_POLY1305 1
52//#define PSA_WANT_ALG_CTR 1
Dave Rodgman4edcf692023-11-15 12:23:29 +0000[diff] [blame^]53//#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
Aditya Deshpande16a62e32023-04-11 16:25:02 +0100[diff] [blame]54//#define PSA_WANT_ALG_ECB_NO_PADDING 1
55#define PSA_WANT_ALG_ECDH 1
56#define PSA_WANT_ALG_ECDSA 1
57//#define PSA_WANT_ALG_GCM 1
58#define PSA_WANT_ALG_HKDF 1
59#define PSA_WANT_ALG_HMAC 1
60//#define PSA_WANT_ALG_MD5 1
61//#define PSA_WANT_ALG_OFB 1
62/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
63 * Note: when adding support, also adjust include/mbedtls/config_psa.h */
64//#define PSA_WANT_ALG_PBKDF2_HMAC 1
65//#define PSA_WANT_ALG_RIPEMD160 1
66//#define PSA_WANT_ALG_RSA_OAEP 1
67//#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
68//#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
69//#define PSA_WANT_ALG_RSA_PSS 1
70//#define PSA_WANT_ALG_SHA_1 1
71#define PSA_WANT_ALG_SHA_224 1
72#define PSA_WANT_ALG_SHA_256 1
73//#define PSA_WANT_ALG_SHA_384 1
74//#define PSA_WANT_ALG_SHA_512 1
75//#define PSA_WANT_ALG_STREAM_CIPHER 1
76#define PSA_WANT_ALG_TLS12_PRF 1
77#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
78/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
79 * Note: when adding support, also adjust include/mbedtls/config_psa.h */
80//#define PSA_WANT_ALG_XTS 1
81
82//#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
83//#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
84//#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
85//#define PSA_WANT_ECC_MONTGOMERY_255 1
86//#define PSA_WANT_ECC_MONTGOMERY_448 1
87//#define PSA_WANT_ECC_SECP_K1_192 1
88/*
89 * SECP224K1 is buggy via the PSA API in Mbed TLS
90 * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
91 * default.
92 */
93//#define PSA_WANT_ECC_SECP_K1_224 1
94//#define PSA_WANT_ECC_SECP_K1_256 1
95//#define PSA_WANT_ECC_SECP_R1_192 1
96//#define PSA_WANT_ECC_SECP_R1_224 1
97#define PSA_WANT_ECC_SECP_R1_256 1
98//#define PSA_WANT_ECC_SECP_R1_384 1
99//#define PSA_WANT_ECC_SECP_R1_521 1
100
101#define PSA_WANT_KEY_TYPE_DERIVE 1
102#define PSA_WANT_KEY_TYPE_HMAC 1
103#define PSA_WANT_KEY_TYPE_AES 1
104//#define PSA_WANT_KEY_TYPE_ARIA 1
105//#define PSA_WANT_KEY_TYPE_CAMELLIA 1
106//#define PSA_WANT_KEY_TYPE_CHACHA20 1
107//#define PSA_WANT_KEY_TYPE_DES 1
Dave Rodgman4edcf692023-11-15 12:23:29 +0000[diff] [blame^]108//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */
109#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
110#define PSA_WANT_KEY_TYPE_RAW_DATA 1
111//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */
112//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
113
114/*
115 * The following symbols extend and deprecate the legacy
116 * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in
117 * the name's suffix. "_USE" is the most generic and it can be used to describe
118 * a generic suport, whereas other ones add more features on top of that and
119 * they are more specific.
120 */
121#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
Valerio Settiae064432023-06-26 12:13:38 +0200[diff] [blame]122#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
123#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
124#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
Dave Rodgman4edcf692023-11-15 12:23:29 +0000[diff] [blame^]125//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
Aditya Deshpande16a62e32023-04-11 16:25:02 +0100[diff] [blame]126
Dave Rodgman4edcf692023-11-15 12:23:29 +0000[diff] [blame^]127#ifdef CRYPTO_HW_ACCELERATOR
128#include "crypto_accelerator_config.h"
129#endif
Valerio Setti52e0fb42023-08-02 09:55:21 +0200[diff] [blame]130
Aditya Deshpande16a62e32023-04-11 16:25:02 +0100[diff] [blame]131#endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */