Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 118fd33a37478562d83f3d0da8ae41ece2fa369f / . / include / drivers / auth / mbedtls / default_mbedtls_config.h
blob: 12a5fe1ce93247d6d46c8fc42db7a48890ccd2d3 [file] [log] [blame]
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]1/*
Jimmy Brisson640d9912024-04-10 10:20:13 -0500[diff] [blame]2 * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]5 */
Govindraj Rajadee8b6f2023-01-12 15:34:12 +0000[diff] [blame]6
7/**
8 * This set of compile-time options may be used to enable
9 * or disable features selectively, and reduce the global
10 * memory footprint.
11 */
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]12
13/*
Ryan Everett118fd332024-12-09 16:00:38 +0000[diff] [blame^]14 * This file is compatible with versions >= 3.6.2
15 */
16#define MBEDTLS_CONFIG_VERSION 0x03060200
17
18/*
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]19 * Key algorithms currently supported on mbed TLS libraries
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]20 */
Qixiang Xu1c2aef12017-08-24 15:12:20 +0800[diff] [blame]21#define TF_MBEDTLS_RSA 1
22#define TF_MBEDTLS_ECDSA 2
Qixiang Xuaa05eea2017-08-24 15:26:39 +0800[diff] [blame]23#define TF_MBEDTLS_RSA_AND_ECDSA 3
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]24
Justin Chadwellf9b32c12019-07-29 17:13:10 +0100[diff] [blame]25#define TF_MBEDTLS_USE_RSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA \
26 || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
27#define TF_MBEDTLS_USE_ECDSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA \
28 || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
29
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]30/*
Qixiang Xu1a1f2912017-11-09 13:56:29 +0800[diff] [blame]31 * Hash algorithms currently supported on mbed TLS libraries
32 */
33#define TF_MBEDTLS_SHA256 1
34#define TF_MBEDTLS_SHA384 2
35#define TF_MBEDTLS_SHA512 3
36
37/*
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]38 * Configuration file to build mbed TLS with the required features for
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]39 * Trusted Boot
40 */
41
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]42#define MBEDTLS_PLATFORM_MEMORY
43#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
Antonio Nino Diaz6b90f5e2017-05-19 11:37:22 +0100[diff] [blame]44/* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */
45#define MBEDTLS_PLATFORM_SNPRINTF_ALT
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]46
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]47#define MBEDTLS_PKCS1_V21
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]48
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]49#define MBEDTLS_ASN1_PARSE_C
50#define MBEDTLS_ASN1_WRITE_C
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]51
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]52#define MBEDTLS_BASE64_C
53#define MBEDTLS_BIGNUM_C
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]54
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]55#define MBEDTLS_ERROR_C
56#define MBEDTLS_MD_C
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]57
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]58#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
59#define MBEDTLS_OID_C
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]60
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]61#define MBEDTLS_PK_C
62#define MBEDTLS_PK_PARSE_C
63#define MBEDTLS_PK_WRITE_C
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]64
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]65#define MBEDTLS_PLATFORM_C
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]66
Justin Chadwellf9b32c12019-07-29 17:13:10 +0100[diff] [blame]67#if TF_MBEDTLS_USE_ECDSA
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]68#define MBEDTLS_ECDSA_C
69#define MBEDTLS_ECP_C
laurenw-armf709c272023-08-15 14:56:46 -0500[diff] [blame]70#if TF_MBEDTLS_KEY_SIZE == 384
71#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
72#else
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]73#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
Justin Chadwellf9b32c12019-07-29 17:13:10 +0100[diff] [blame]74#endif
laurenw-armf709c272023-08-15 14:56:46 -0500[diff] [blame]75#endif
Justin Chadwellf9b32c12019-07-29 17:13:10 +0100[diff] [blame]76#if TF_MBEDTLS_USE_RSA
Qixiang Xuaa05eea2017-08-24 15:26:39 +0800[diff] [blame]77#define MBEDTLS_RSA_C
78#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]79#endif
80
Jimmy Brisson9ce5eb42024-07-11 10:10:55 -0500[diff] [blame]81/* Enable hash algorithms based on TBB or Measured Boot */
82#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256) || defined(TF_MBEDTLS_MBOOT_USE_SHA256)
83 #define MBEDTLS_SHA256_C
Qixiang Xu1a1f2912017-11-09 13:56:29 +0800[diff] [blame]84#endif
Jimmy Brisson9ce5eb42024-07-11 10:10:55 -0500[diff] [blame]85
86#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384) || defined(TF_MBEDTLS_MBOOT_USE_SHA384)
87 #define MBEDTLS_SHA384_C
88#endif
89
90#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512) || defined(TF_MBEDTLS_MBOOT_USE_SHA512)
91 #define MBEDTLS_SHA512_C
Manish V Badarkhee112a5a2021-10-06 23:41:50 +0100[diff] [blame]92#endif
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]93
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]94#define MBEDTLS_VERSION_C
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]95
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]96#define MBEDTLS_X509_USE_C
97#define MBEDTLS_X509_CRT_PARSE_C
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]98
Sumit Garg392e4df2019-11-15 10:43:00 +0530[diff] [blame]99#if TF_MBEDTLS_USE_AES_GCM
100#define MBEDTLS_AES_C
101#define MBEDTLS_CIPHER_C
102#define MBEDTLS_GCM_C
103#endif
104
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]105/* MPI / BIGNUM options */
Jimmy Brisson9ce5eb42024-07-11 10:10:55 -0500[diff] [blame]106
107/* Note: Lower numbers trade longer execution time for less RAM allocation */
108#define MBEDTLS_MPI_WINDOW_SIZE 1
Justin Chadwellf9b32c12019-07-29 17:13:10 +0100[diff] [blame]109
110#if TF_MBEDTLS_USE_RSA
111#if TF_MBEDTLS_KEY_SIZE <= 2048
112#define MBEDTLS_MPI_MAX_SIZE 256
113#else
114#define MBEDTLS_MPI_MAX_SIZE 512
115#endif
116#else
117#define MBEDTLS_MPI_MAX_SIZE 256
118#endif
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]119
120/* Memory buffer allocator options */
Justin Chadwellf9b32c12019-07-29 17:13:10 +0100[diff] [blame]121#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]122
Alexei Fedorov42cb1aa2020-09-21 12:23:54 +0100[diff] [blame]123/*
124 * Prevent the use of 128-bit division which
125 * creates dependency on external libraries.
126 */
127#define MBEDTLS_NO_UDBL_DIVISION
128
Julius Werner53456fc2019-07-09 13:49:11 -0700[diff] [blame]129#ifndef __ASSEMBLER__
Qixiang Xude431b12017-10-13 09:23:42 +0800[diff] [blame]130/* System headers required to build mbed TLS with the current configuration */
131#include <stdlib.h>
Qixiang Xude431b12017-10-13 09:23:42 +0800[diff] [blame]132#endif
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]133
John Tsichritzis30f89642018-06-07 16:31:34 +0100[diff] [blame]134/*
135 * Determine Mbed TLS heap size
136 * 13312 = 13*1024
Justin Chadwellf9b32c12019-07-29 17:13:10 +0100[diff] [blame]137 * 11264 = 11*1024
138 * 7168 = 7*1024
John Tsichritzis30f89642018-06-07 16:31:34 +0100[diff] [blame]139 */
Justin Chadwellf9b32c12019-07-29 17:13:10 +0100[diff] [blame]140#if TF_MBEDTLS_USE_ECDSA
John Tsichritzis30f89642018-06-07 16:31:34 +0100[diff] [blame]141#define TF_MBEDTLS_HEAP_SIZE U(13312)
Justin Chadwellf9b32c12019-07-29 17:13:10 +0100[diff] [blame]142#elif TF_MBEDTLS_USE_RSA
143#if TF_MBEDTLS_KEY_SIZE <= 2048
John Tsichritzis30f89642018-06-07 16:31:34 +0100[diff] [blame]144#define TF_MBEDTLS_HEAP_SIZE U(7168)
Justin Chadwellf9b32c12019-07-29 17:13:10 +0100[diff] [blame]145#else
146#define TF_MBEDTLS_HEAP_SIZE U(11264)
147#endif
John Tsichritzis30f89642018-06-07 16:31:34 +0100[diff] [blame]148#endif
149
Sandrine Bailleuxa8143572022-06-15 15:31:52 +0200[diff] [blame]150/*
151 * Warn if errors from certain functions are ignored.
152 *
153 * The warnings are always enabled (where supported) for critical functions
154 * where ignoring the return value is almost always a bug. This macro extends
155 * the warnings to more functions.
156 */
157#define MBEDTLS_CHECK_RETURN_WARNING