TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / a326eb990d086e344660aea23928c6dd98c7020c / . / configs / ext / crypto_config_profile_medium.h
blob: 682835a064bcf0bf09271ac6786e135d63740173 [file] [log] [blame]
Aditya Deshpande16a62e32023-04-11 16:25:02 +0100[diff] [blame]1/**
2 * \file psa/crypto_config.h
3 * \brief PSA crypto configuration options (set of defines)
4 *
5 */
Dave Rodgmanaeaf1d792023-11-03 11:40:56 +0000[diff] [blame]6/*
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 */
10
Aditya Deshpande16a62e32023-04-11 16:25:02 +0100[diff] [blame]11#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
12/**
13 * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
14 * this file determines which cryptographic mechanisms are enabled
15 * through the PSA Cryptography API (\c psa_xxx() functions).
16 *
17 * To enable a cryptographic mechanism, uncomment the definition of
18 * the corresponding \c PSA_WANT_xxx preprocessor symbol.
19 * To disable a cryptographic mechanism, comment out the definition of
20 * the corresponding \c PSA_WANT_xxx preprocessor symbol.
21 * The names of cryptographic mechanisms correspond to values
22 * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead
23 * of \c PSA_.
24 *
25 * Note that many cryptographic mechanisms involve two symbols: one for
26 * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm
27 * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve
28 * additional symbols.
29 */
30#else
31/**
32 * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h,
33 * this file is not used, and cryptographic mechanisms are supported
34 * through the PSA API if and only if they are supported through the
35 * mbedtls_xxx API.
36 */
37#endif
38
39#ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H
40#define PROFILE_M_PSA_CRYPTO_CONFIG_H
41
42/*
43 * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
44 */
45//#define PSA_WANT_ALG_CBC_MAC 1
46//#define PSA_WANT_ALG_CBC_NO_PADDING 1
47//#define PSA_WANT_ALG_CBC_PKCS7 1
48#define PSA_WANT_ALG_CCM 1
49//#define PSA_WANT_ALG_CMAC 1
50//#define PSA_WANT_ALG_CFB 1
51//#define PSA_WANT_ALG_CHACHA20_POLY1305 1
52//#define PSA_WANT_ALG_CTR 1
53#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
54//#define PSA_WANT_ALG_ECB_NO_PADDING 1
55#define PSA_WANT_ALG_ECDH 1
56#define PSA_WANT_ALG_ECDSA 1
57//#define PSA_WANT_ALG_GCM 1
58#define PSA_WANT_ALG_HKDF 1
59#define PSA_WANT_ALG_HMAC 1
60//#define PSA_WANT_ALG_MD5 1
61//#define PSA_WANT_ALG_OFB 1
62/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
63 * Note: when adding support, also adjust include/mbedtls/config_psa.h */
64//#define PSA_WANT_ALG_PBKDF2_HMAC 1
65//#define PSA_WANT_ALG_RIPEMD160 1
66//#define PSA_WANT_ALG_RSA_OAEP 1
67//#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
68//#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
69//#define PSA_WANT_ALG_RSA_PSS 1
70//#define PSA_WANT_ALG_SHA_1 1
71#define PSA_WANT_ALG_SHA_224 1
72#define PSA_WANT_ALG_SHA_256 1
73//#define PSA_WANT_ALG_SHA_384 1
74//#define PSA_WANT_ALG_SHA_512 1
75//#define PSA_WANT_ALG_STREAM_CIPHER 1
76#define PSA_WANT_ALG_TLS12_PRF 1
77#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
78/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
79 * Note: when adding support, also adjust include/mbedtls/config_psa.h */
80//#define PSA_WANT_ALG_XTS 1
81
82//#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
83//#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
84//#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
85//#define PSA_WANT_ECC_MONTGOMERY_255 1
86//#define PSA_WANT_ECC_MONTGOMERY_448 1
87//#define PSA_WANT_ECC_SECP_K1_192 1
88/*
89 * SECP224K1 is buggy via the PSA API in Mbed TLS
90 * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
91 * default.
92 */
93//#define PSA_WANT_ECC_SECP_K1_224 1
94//#define PSA_WANT_ECC_SECP_K1_256 1
95//#define PSA_WANT_ECC_SECP_R1_192 1
96//#define PSA_WANT_ECC_SECP_R1_224 1
97#define PSA_WANT_ECC_SECP_R1_256 1
98//#define PSA_WANT_ECC_SECP_R1_384 1
99//#define PSA_WANT_ECC_SECP_R1_521 1
100
101#define PSA_WANT_KEY_TYPE_DERIVE 1
102#define PSA_WANT_KEY_TYPE_HMAC 1
103#define PSA_WANT_KEY_TYPE_AES 1
104//#define PSA_WANT_KEY_TYPE_ARIA 1
105//#define PSA_WANT_KEY_TYPE_CAMELLIA 1
106//#define PSA_WANT_KEY_TYPE_CHACHA20 1
107//#define PSA_WANT_KEY_TYPE_DES 1
Valerio Settiae064432023-06-26 12:13:38 +0200[diff] [blame]108#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
109#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
110#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
111#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
112#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
Aditya Deshpande16a62e32023-04-11 16:25:02 +0100[diff] [blame]113#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
114#define PSA_WANT_KEY_TYPE_RAW_DATA 1
115//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
116//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
117
Valerio Setti52e0fb42023-08-02 09:55:21 +0200[diff] [blame]118/***********************************************************************
119 * Local edits below this delimiter
120 **********************************************************************/
121
122/* Between Mbed TLS 3.4 and 3.5, the PSA_WANT_KEY_TYPE_RSA_KEY_PAIR macro
123 * (commented-out above) has been replaced with the following new macros: */
124//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
125//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
126//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
127//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
128//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */
129
130/* Between Mbed TLS 3.4 and 3.5, the following macros have been added: */
131//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
132//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
133//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
134//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
135//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 // Not supported
136
Aditya Deshpande16a62e32023-04-11 16:25:02 +0100[diff] [blame]137#endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */