TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2bc3bdf37a0ab1f6250609d9ea707f98bc40243d / . / configs / crypto_config_profile_medium.h
blob: f9b2c2fddcc264b6df470501577b9b8b5554037e [file] [log] [blame]
Aditya Deshpande16a62e32023-04-11 16:25:02 +0100[diff] [blame]1/*
Dave Rodgmana9b6c642023-11-03 12:24:58 +0000[diff] [blame]2 * Copyright The Mbed TLS Contributors
3 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Aditya Deshpande16a62e32023-04-11 16:25:02 +0100[diff] [blame]4 */
5/**
6 * \file psa/crypto_config.h
7 * \brief PSA crypto configuration options (set of defines)
8 *
9 */
10#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
11/**
12 * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
13 * this file determines which cryptographic mechanisms are enabled
14 * through the PSA Cryptography API (\c psa_xxx() functions).
15 *
16 * To enable a cryptographic mechanism, uncomment the definition of
17 * the corresponding \c PSA_WANT_xxx preprocessor symbol.
18 * To disable a cryptographic mechanism, comment out the definition of
19 * the corresponding \c PSA_WANT_xxx preprocessor symbol.
20 * The names of cryptographic mechanisms correspond to values
21 * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead
22 * of \c PSA_.
23 *
24 * Note that many cryptographic mechanisms involve two symbols: one for
25 * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm
26 * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve
27 * additional symbols.
28 */
29#else
30/**
31 * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h,
32 * this file is not used, and cryptographic mechanisms are supported
33 * through the PSA API if and only if they are supported through the
34 * mbedtls_xxx API.
35 */
36#endif
37
38#ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H
39#define PROFILE_M_PSA_CRYPTO_CONFIG_H
40
41/*
42 * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
43 */
44//#define PSA_WANT_ALG_CBC_MAC 1
45//#define PSA_WANT_ALG_CBC_NO_PADDING 1
46//#define PSA_WANT_ALG_CBC_PKCS7 1
47#define PSA_WANT_ALG_CCM 1
48//#define PSA_WANT_ALG_CMAC 1
49//#define PSA_WANT_ALG_CFB 1
50//#define PSA_WANT_ALG_CHACHA20_POLY1305 1
51//#define PSA_WANT_ALG_CTR 1
52#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
53//#define PSA_WANT_ALG_ECB_NO_PADDING 1
54#define PSA_WANT_ALG_ECDH 1
55#define PSA_WANT_ALG_ECDSA 1
56//#define PSA_WANT_ALG_GCM 1
57#define PSA_WANT_ALG_HKDF 1
58#define PSA_WANT_ALG_HMAC 1
59//#define PSA_WANT_ALG_MD5 1
60//#define PSA_WANT_ALG_OFB 1
61/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
62 * Note: when adding support, also adjust include/mbedtls/config_psa.h */
63//#define PSA_WANT_ALG_PBKDF2_HMAC 1
64//#define PSA_WANT_ALG_RIPEMD160 1
65//#define PSA_WANT_ALG_RSA_OAEP 1
66//#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
67//#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
68//#define PSA_WANT_ALG_RSA_PSS 1
69//#define PSA_WANT_ALG_SHA_1 1
70#define PSA_WANT_ALG_SHA_224 1
71#define PSA_WANT_ALG_SHA_256 1
72//#define PSA_WANT_ALG_SHA_384 1
73//#define PSA_WANT_ALG_SHA_512 1
74//#define PSA_WANT_ALG_STREAM_CIPHER 1
75#define PSA_WANT_ALG_TLS12_PRF 1
76#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
77/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
78 * Note: when adding support, also adjust include/mbedtls/config_psa.h */
79//#define PSA_WANT_ALG_XTS 1
80
81//#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
82//#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
83//#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
84//#define PSA_WANT_ECC_MONTGOMERY_255 1
85//#define PSA_WANT_ECC_MONTGOMERY_448 1
86//#define PSA_WANT_ECC_SECP_K1_192 1
87/*
88 * SECP224K1 is buggy via the PSA API in Mbed TLS
89 * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
90 * default.
91 */
92//#define PSA_WANT_ECC_SECP_K1_224 1
93//#define PSA_WANT_ECC_SECP_K1_256 1
94//#define PSA_WANT_ECC_SECP_R1_192 1
95//#define PSA_WANT_ECC_SECP_R1_224 1
96#define PSA_WANT_ECC_SECP_R1_256 1
97//#define PSA_WANT_ECC_SECP_R1_384 1
98//#define PSA_WANT_ECC_SECP_R1_521 1
99
100#define PSA_WANT_KEY_TYPE_DERIVE 1
101#define PSA_WANT_KEY_TYPE_HMAC 1
102#define PSA_WANT_KEY_TYPE_AES 1
103//#define PSA_WANT_KEY_TYPE_ARIA 1
104//#define PSA_WANT_KEY_TYPE_CAMELLIA 1
105//#define PSA_WANT_KEY_TYPE_CHACHA20 1
106//#define PSA_WANT_KEY_TYPE_DES 1
Valerio Settiae064432023-06-26 12:13:38 +0200[diff] [blame]107#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
108#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
109#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
110#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
111#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
Aditya Deshpande16a62e32023-04-11 16:25:02 +0100[diff] [blame]112#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
113#define PSA_WANT_KEY_TYPE_RAW_DATA 1
114//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
115//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
116
Valerio Setti52e0fb42023-08-02 09:55:21 +0200[diff] [blame]117/***********************************************************************
118 * Local edits below this delimiter
119 **********************************************************************/
120
121/* Between Mbed TLS 3.4 and 3.5, the PSA_WANT_KEY_TYPE_RSA_KEY_PAIR macro
122 * (commented-out above) has been replaced with the following new macros: */
123//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
124//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
125//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
126//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
127//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */
128
129/* Between Mbed TLS 3.4 and 3.5, the following macros have been added: */
130//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
131//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
132//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
133//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
134//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 // Not supported
135
Aditya Deshpande16a62e32023-04-11 16:25:02 +0100[diff] [blame]136#endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */