|  | /* | 
|  | * Copyright (c) 2018-2022, Arm Limited. All rights reserved. | 
|  | * | 
|  | * SPDX-License-Identifier: BSD-3-Clause | 
|  | * | 
|  | */ | 
|  | /** | 
|  | * \file psa/crypto_config.h | 
|  | * \brief PSA crypto configuration options (set of defines) | 
|  | * | 
|  | */ | 
|  | #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) | 
|  | /** | 
|  | * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h, | 
|  | * this file determines which cryptographic mechanisms are enabled | 
|  | * through the PSA Cryptography API (\c psa_xxx() functions). | 
|  | * | 
|  | * To enable a cryptographic mechanism, uncomment the definition of | 
|  | * the corresponding \c PSA_WANT_xxx preprocessor symbol. | 
|  | * To disable a cryptographic mechanism, comment out the definition of | 
|  | * the corresponding \c PSA_WANT_xxx preprocessor symbol. | 
|  | * The names of cryptographic mechanisms correspond to values | 
|  | * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead | 
|  | * of \c PSA_. | 
|  | * | 
|  | * Note that many cryptographic mechanisms involve two symbols: one for | 
|  | * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm | 
|  | * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve | 
|  | * additional symbols. | 
|  | */ | 
|  | #else | 
|  | /** | 
|  | * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h, | 
|  | * this file is not used, and cryptographic mechanisms are supported | 
|  | * through the PSA API if and only if they are supported through the | 
|  | * mbedtls_xxx API. | 
|  | */ | 
|  | #endif | 
|  |  | 
|  | #ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H | 
|  | #define PROFILE_M_PSA_CRYPTO_CONFIG_H | 
|  |  | 
|  | /* | 
|  | * CBC-MAC is not yet supported via the PSA API in Mbed TLS. | 
|  | */ | 
|  | //#define PSA_WANT_ALG_CBC_MAC                    1 | 
|  | //#define PSA_WANT_ALG_CBC_NO_PADDING             1 | 
|  | //#define PSA_WANT_ALG_CBC_PKCS7                  1 | 
|  | #define PSA_WANT_ALG_CCM                        1 | 
|  | //#define PSA_WANT_ALG_CMAC                       1 | 
|  | //#define PSA_WANT_ALG_CFB                        1 | 
|  | //#define PSA_WANT_ALG_CHACHA20_POLY1305          1 | 
|  | //#define PSA_WANT_ALG_CTR                        1 | 
|  | #define PSA_WANT_ALG_DETERMINISTIC_ECDSA        1 | 
|  | //#define PSA_WANT_ALG_ECB_NO_PADDING             1 | 
|  | #define PSA_WANT_ALG_ECDH                       1 | 
|  | #define PSA_WANT_ALG_ECDSA                      1 | 
|  | //#define PSA_WANT_ALG_GCM                        1 | 
|  | #define PSA_WANT_ALG_HKDF                       1 | 
|  | #define PSA_WANT_ALG_HMAC                       1 | 
|  | //#define PSA_WANT_ALG_MD5                        1 | 
|  | //#define PSA_WANT_ALG_OFB                        1 | 
|  | /* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. | 
|  | * Note: when adding support, also adjust include/mbedtls/config_psa.h */ | 
|  | //#define PSA_WANT_ALG_PBKDF2_HMAC                1 | 
|  | //#define PSA_WANT_ALG_RIPEMD160                  1 | 
|  | //#define PSA_WANT_ALG_RSA_OAEP                   1 | 
|  | //#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT         1 | 
|  | //#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN          1 | 
|  | //#define PSA_WANT_ALG_RSA_PSS                    1 | 
|  | //#define PSA_WANT_ALG_SHA_1                      1 | 
|  | #define PSA_WANT_ALG_SHA_224                    1 | 
|  | #define PSA_WANT_ALG_SHA_256                    1 | 
|  | //#define PSA_WANT_ALG_SHA_384                    1 | 
|  | //#define PSA_WANT_ALG_SHA_512                    1 | 
|  | //#define PSA_WANT_ALG_STREAM_CIPHER              1 | 
|  | #define PSA_WANT_ALG_TLS12_PRF                  1 | 
|  | #define PSA_WANT_ALG_TLS12_PSK_TO_MS            1 | 
|  | /* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. | 
|  | * Note: when adding support, also adjust include/mbedtls/config_psa.h */ | 
|  | //#define PSA_WANT_ALG_XTS                        1 | 
|  |  | 
|  | //#define PSA_WANT_ECC_BRAINPOOL_P_R1_256         1 | 
|  | //#define PSA_WANT_ECC_BRAINPOOL_P_R1_384         1 | 
|  | //#define PSA_WANT_ECC_BRAINPOOL_P_R1_512         1 | 
|  | //#define PSA_WANT_ECC_MONTGOMERY_255             1 | 
|  | //#define PSA_WANT_ECC_MONTGOMERY_448             1 | 
|  | //#define PSA_WANT_ECC_SECP_K1_192                1 | 
|  | /* | 
|  | * SECP224K1 is buggy via the PSA API in Mbed TLS | 
|  | * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by | 
|  | * default. | 
|  | */ | 
|  | //#define PSA_WANT_ECC_SECP_K1_224                1 | 
|  | //#define PSA_WANT_ECC_SECP_K1_256                1 | 
|  | //#define PSA_WANT_ECC_SECP_R1_192                1 | 
|  | //#define PSA_WANT_ECC_SECP_R1_224                1 | 
|  | #define PSA_WANT_ECC_SECP_R1_256                1 | 
|  | //#define PSA_WANT_ECC_SECP_R1_384                1 | 
|  | //#define PSA_WANT_ECC_SECP_R1_521                1 | 
|  |  | 
|  | #define PSA_WANT_KEY_TYPE_DERIVE                1 | 
|  | #define PSA_WANT_KEY_TYPE_HMAC                  1 | 
|  | #define PSA_WANT_KEY_TYPE_AES                   1 | 
|  | //#define PSA_WANT_KEY_TYPE_ARIA                  1 | 
|  | //#define PSA_WANT_KEY_TYPE_CAMELLIA              1 | 
|  | //#define PSA_WANT_KEY_TYPE_CHACHA20              1 | 
|  | //#define PSA_WANT_KEY_TYPE_DES                   1 | 
|  | #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC    1 | 
|  | #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT   1 | 
|  | #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT   1 | 
|  | #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 | 
|  | #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE   1 | 
|  | #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY        1 | 
|  | #define PSA_WANT_KEY_TYPE_RAW_DATA              1 | 
|  | //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR          1 | 
|  | //#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY        1 | 
|  |  | 
|  | /*********************************************************************** | 
|  | * Local edits below this delimiter | 
|  | **********************************************************************/ | 
|  |  | 
|  | /* Between Mbed TLS 3.4 and 3.5, the PSA_WANT_KEY_TYPE_RSA_KEY_PAIR macro | 
|  | * (commented-out above) has been replaced with the following new macros: */ | 
|  | //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC      1 | 
|  | //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT     1 | 
|  | //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT     1 | 
|  | //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE   1 | 
|  | //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE     1 /* Not supported */ | 
|  |  | 
|  | /* Between Mbed TLS 3.4 and 3.5, the following macros have been added: */ | 
|  | //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC       1 | 
|  | //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT    1 | 
|  | //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT    1 | 
|  | //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE  1 | 
|  | //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE    1 // Not supported | 
|  |  | 
|  | #endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */ |