| Lionel Debieve | 13a668d | 2022-10-05 16:47:03 +0200 | [diff] [blame] | 1 | /* |
| Yann Gautier | d8c1a3b | 2023-03-06 13:01:10 +0100 | [diff] [blame] | 2 | * Copyright (c) 2022-2023, STMicroelectronics - All Rights Reserved |
| Lionel Debieve | 13a668d | 2022-10-05 16:47:03 +0200 | [diff] [blame] | 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | */ |
| 6 | #ifndef MBEDTLS_CONFIG_H |
| 7 | #define MBEDTLS_CONFIG_H |
| 8 | |
| 9 | /* |
| 10 | * Key algorithms currently supported on mbed TLS libraries |
| 11 | */ |
| 12 | #define TF_MBEDTLS_USE_RSA 0 |
| 13 | #define TF_MBEDTLS_USE_ECDSA 1 |
| 14 | |
| 15 | /* |
| 16 | * Hash algorithms currently supported on mbed TLS libraries |
| 17 | */ |
| 18 | #define TF_MBEDTLS_SHA256 1 |
| 19 | #define TF_MBEDTLS_SHA384 2 |
| 20 | #define TF_MBEDTLS_SHA512 3 |
| 21 | |
| 22 | /* |
| 23 | * Configuration file to build mbed TLS with the required features for |
| 24 | * Trusted Boot |
| 25 | */ |
| 26 | |
| 27 | #define MBEDTLS_PLATFORM_MEMORY |
| 28 | #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS |
| 29 | /* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */ |
| 30 | #define MBEDTLS_PLATFORM_SNPRINTF_ALT |
| 31 | |
| 32 | #define MBEDTLS_PKCS1_V21 |
| 33 | |
| 34 | #define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION |
| 35 | #define MBEDTLS_X509_CHECK_KEY_USAGE |
| 36 | #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE |
| 37 | |
| 38 | #define MBEDTLS_ASN1_PARSE_C |
| 39 | #define MBEDTLS_ASN1_WRITE_C |
| 40 | |
| 41 | #define MBEDTLS_BASE64_C |
| 42 | #define MBEDTLS_BIGNUM_C |
| 43 | |
| 44 | #define MBEDTLS_ERROR_C |
| 45 | #define MBEDTLS_MD_C |
| 46 | |
| 47 | #define MBEDTLS_MEMORY_BUFFER_ALLOC_C |
| 48 | #define MBEDTLS_OID_C |
| 49 | |
| 50 | #define MBEDTLS_PK_C |
| 51 | #define MBEDTLS_PK_PARSE_C |
| 52 | #define MBEDTLS_PK_WRITE_C |
| 53 | |
| 54 | #define MBEDTLS_PLATFORM_C |
| 55 | |
| 56 | #if TF_MBEDTLS_USE_ECDSA |
| 57 | #define MBEDTLS_ECDSA_C |
| 58 | #define MBEDTLS_ECP_C |
| 59 | #define MBEDTLS_ECP_DP_SECP256R1_ENABLED |
| 60 | #define MBEDTLS_ECP_NO_INTERNAL_RNG |
| 61 | #endif |
| 62 | #if TF_MBEDTLS_USE_RSA |
| 63 | #define MBEDTLS_RSA_C |
| 64 | #define MBEDTLS_X509_RSASSA_PSS_SUPPORT |
| 65 | #endif |
| 66 | |
| 67 | #define MBEDTLS_SHA256_C |
| 68 | #if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256) |
| 69 | #define MBEDTLS_SHA512_C |
| 70 | #endif |
| 71 | |
| 72 | #define MBEDTLS_VERSION_C |
| 73 | |
| 74 | #define MBEDTLS_X509_USE_C |
| 75 | #define MBEDTLS_X509_CRT_PARSE_C |
| 76 | |
| 77 | #if TF_MBEDTLS_USE_AES_GCM |
| 78 | #define MBEDTLS_AES_C |
| 79 | #define MBEDTLS_CIPHER_C |
| 80 | #define MBEDTLS_GCM_C |
| 81 | #endif |
| 82 | |
| 83 | /* MPI / BIGNUM options */ |
| 84 | #define MBEDTLS_MPI_WINDOW_SIZE 2 |
| 85 | |
| 86 | #if TF_MBEDTLS_USE_RSA |
| 87 | #if TF_MBEDTLS_KEY_SIZE <= 2048 |
| 88 | #define MBEDTLS_MPI_MAX_SIZE 256 |
| 89 | #else |
| 90 | #define MBEDTLS_MPI_MAX_SIZE 512 |
| 91 | #endif |
| 92 | #else |
| 93 | #define MBEDTLS_MPI_MAX_SIZE 256 |
| 94 | #endif |
| 95 | |
| 96 | /* Memory buffer allocator options */ |
| 97 | #define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8 |
| 98 | |
| 99 | /* |
| 100 | * Prevent the use of 128-bit division which |
| 101 | * creates dependency on external libraries. |
| 102 | */ |
| 103 | #define MBEDTLS_NO_UDBL_DIVISION |
| 104 | |
| 105 | #ifndef __ASSEMBLER__ |
| 106 | /* System headers required to build mbed TLS with the current configuration */ |
| 107 | #include <stdlib.h> |
| 108 | #include <mbedtls/check_config.h> |
| 109 | #endif |
| 110 | |
| 111 | /* |
| 112 | * Mbed TLS heap size is smal as we only use the asn1 |
| 113 | * parsing functions |
| 114 | * digest, signature and crypto algorithm are done by |
| 115 | * other library. |
| 116 | */ |
| 117 | |
| 118 | #define TF_MBEDTLS_HEAP_SIZE U(5120) |
| 119 | #endif /* MBEDTLS_CONFIG_H */ |