TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / arthur / trustedfirmware-a / 557f7d806a62a460404f8d1bec84c9400585930b / . / include / drivers / auth / mbedtls / mbedtls_config-3.h
blob: 923fc5467f17257d5b9a9e4009bb39efae808c09 [file] [log] [blame]
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]1/*
Govindraj Raja51e06152023-01-12 15:34:12 +0000[diff] [blame]2 * Copyright (c) 2023, Arm Limited. All rights reserved.
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]3 *
dp-arm82cb2c12017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]5 */
Govindraj Raja51e06152023-01-12 15:34:12 +0000[diff] [blame]6
7/**
8 * This set of compile-time options may be used to enable
9 * or disable features selectively, and reduce the global
10 * memory footprint.
11 */
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]12
13/*
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]14 * Key algorithms currently supported on mbed TLS libraries
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]15 */
Qixiang Xu9db9c652017-08-24 15:12:20 +0800[diff] [blame]16#define TF_MBEDTLS_RSA 1
17#define TF_MBEDTLS_ECDSA 2
Qixiang Xudcbf3932017-08-24 15:26:39 +0800[diff] [blame]18#define TF_MBEDTLS_RSA_AND_ECDSA 3
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]19
Justin Chadwellaacff742019-07-29 17:13:10 +0100[diff] [blame]20#define TF_MBEDTLS_USE_RSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA \
21 || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
22#define TF_MBEDTLS_USE_ECDSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA \
23 || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
24
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]25/*
Qixiang Xu9a3088a2017-11-09 13:56:29 +0800[diff] [blame]26 * Hash algorithms currently supported on mbed TLS libraries
27 */
28#define TF_MBEDTLS_SHA256 1
29#define TF_MBEDTLS_SHA384 2
30#define TF_MBEDTLS_SHA512 3
31
32/*
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]33 * Configuration file to build mbed TLS with the required features for
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]34 * Trusted Boot
35 */
36
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]37#define MBEDTLS_PLATFORM_MEMORY
38#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
Antonio Nino Diazab1794f2017-05-19 11:37:22 +0100[diff] [blame]39/* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */
40#define MBEDTLS_PLATFORM_SNPRINTF_ALT
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]41
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]42#define MBEDTLS_PKCS1_V21
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]43
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]44#define MBEDTLS_ASN1_PARSE_C
45#define MBEDTLS_ASN1_WRITE_C
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]46
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]47#define MBEDTLS_BASE64_C
48#define MBEDTLS_BIGNUM_C
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]49
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]50#define MBEDTLS_ERROR_C
51#define MBEDTLS_MD_C
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]52
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]53#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
54#define MBEDTLS_OID_C
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]55
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]56#define MBEDTLS_PK_C
57#define MBEDTLS_PK_PARSE_C
58#define MBEDTLS_PK_WRITE_C
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]59
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]60#define MBEDTLS_PLATFORM_C
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]61
Justin Chadwellaacff742019-07-29 17:13:10 +0100[diff] [blame]62#if TF_MBEDTLS_USE_ECDSA
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]63#define MBEDTLS_ECDSA_C
64#define MBEDTLS_ECP_C
laurenw-arm557f7d82023-08-15 14:56:46 -0500[diff] [blame^]65#if TF_MBEDTLS_KEY_SIZE == 384
66#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
67#else
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]68#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
Justin Chadwellaacff742019-07-29 17:13:10 +0100[diff] [blame]69#endif
laurenw-arm557f7d82023-08-15 14:56:46 -0500[diff] [blame^]70#endif
Justin Chadwellaacff742019-07-29 17:13:10 +0100[diff] [blame]71#if TF_MBEDTLS_USE_RSA
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]72#define MBEDTLS_RSA_C
Qixiang Xu9db9c652017-08-24 15:12:20 +0800[diff] [blame]73#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]74#endif
75
Govindraj Raja51e06152023-01-12 15:34:12 +0000[diff] [blame]76/* The library does not currently support enabling SHA-256 without SHA-224. */
77#define MBEDTLS_SHA224_C
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]78#define MBEDTLS_SHA256_C
Manish V Badarkhe14db9632021-10-06 23:41:50 +0100[diff] [blame]79/*
80 * If either Trusted Boot or Measured Boot require a stronger algorithm than
Govindraj Raja51e06152023-01-12 15:34:12 +0000[diff] [blame]81 * SHA-256, pull in SHA-512 support. Library currently needs to have SHA_384
82 * support when enabling SHA-512.
Manish V Badarkhe14db9632021-10-06 23:41:50 +0100[diff] [blame]83 */
84#if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256) /* TBB hash algo */
Govindraj Raja51e06152023-01-12 15:34:12 +0000[diff] [blame]85#define MBEDTLS_SHA384_C
Manish V Badarkhe14db9632021-10-06 23:41:50 +0100[diff] [blame]86#define MBEDTLS_SHA512_C
87#else
88 /* TBB uses SHA-256, what about measured boot? */
laurenw-arm78da42a2022-05-31 16:39:09 -0500[diff] [blame]89#if defined(TF_MBEDTLS_MBOOT_USE_SHA512)
Govindraj Raja51e06152023-01-12 15:34:12 +0000[diff] [blame]90#define MBEDTLS_SHA384_C
Qixiang Xu9a3088a2017-11-09 13:56:29 +0800[diff] [blame]91#define MBEDTLS_SHA512_C
92#endif
Manish V Badarkhe14db9632021-10-06 23:41:50 +0100[diff] [blame]93#endif
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]94
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]95#define MBEDTLS_VERSION_C
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]96
Juan Castillo649dbf62015-11-05 09:24:53 +0000[diff] [blame]97#define MBEDTLS_X509_USE_C
98#define MBEDTLS_X509_CRT_PARSE_C
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]99
Sumit Garg7cda17b2019-11-15 10:43:00 +0530[diff] [blame]100#if TF_MBEDTLS_USE_AES_GCM
101#define MBEDTLS_AES_C
102#define MBEDTLS_CIPHER_C
103#define MBEDTLS_GCM_C
104#endif
105
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]106/* MPI / BIGNUM options */
Justin Chadwellaacff742019-07-29 17:13:10 +0100[diff] [blame]107#define MBEDTLS_MPI_WINDOW_SIZE 2
108
109#if TF_MBEDTLS_USE_RSA
110#if TF_MBEDTLS_KEY_SIZE <= 2048
111#define MBEDTLS_MPI_MAX_SIZE 256
112#else
113#define MBEDTLS_MPI_MAX_SIZE 512
114#endif
115#else
116#define MBEDTLS_MPI_MAX_SIZE 256
117#endif
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]118
119/* Memory buffer allocator options */
Justin Chadwellaacff742019-07-29 17:13:10 +0100[diff] [blame]120#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]121
Alexei Fedorovea14b512020-09-21 12:23:54 +0100[diff] [blame]122/*
123 * Prevent the use of 128-bit division which
124 * creates dependency on external libraries.
125 */
126#define MBEDTLS_NO_UDBL_DIVISION
127
Julius Wernerd5dfdeb2019-07-09 13:49:11 -0700[diff] [blame]128#ifndef __ASSEMBLER__
Qixiang Xu9b1eae92017-10-13 09:23:42 +0800[diff] [blame]129/* System headers required to build mbed TLS with the current configuration */
130#include <stdlib.h>
Masahiro Yamada948a0c02019-09-04 14:09:07 +0900[diff] [blame]131#include <mbedtls/check_config.h>
Qixiang Xu9b1eae92017-10-13 09:23:42 +0800[diff] [blame]132#endif
Juan Castillo7d37aa12015-04-02 15:44:20 +0100[diff] [blame]133
John Tsichritzis6d01a462018-06-07 16:31:34 +0100[diff] [blame]134/*
135 * Determine Mbed TLS heap size
136 * 13312 = 13*1024
Justin Chadwellaacff742019-07-29 17:13:10 +0100[diff] [blame]137 * 11264 = 11*1024
138 * 7168 = 7*1024
John Tsichritzis6d01a462018-06-07 16:31:34 +0100[diff] [blame]139 */
Justin Chadwellaacff742019-07-29 17:13:10 +0100[diff] [blame]140#if TF_MBEDTLS_USE_ECDSA
John Tsichritzis6d01a462018-06-07 16:31:34 +0100[diff] [blame]141#define TF_MBEDTLS_HEAP_SIZE U(13312)
Justin Chadwellaacff742019-07-29 17:13:10 +0100[diff] [blame]142#elif TF_MBEDTLS_USE_RSA
143#if TF_MBEDTLS_KEY_SIZE <= 2048
John Tsichritzis6d01a462018-06-07 16:31:34 +0100[diff] [blame]144#define TF_MBEDTLS_HEAP_SIZE U(7168)
Justin Chadwellaacff742019-07-29 17:13:10 +0100[diff] [blame]145#else
146#define TF_MBEDTLS_HEAP_SIZE U(11264)
147#endif
John Tsichritzis6d01a462018-06-07 16:31:34 +0100[diff] [blame]148#endif
149
Sandrine Bailleuxa4e485d2022-06-15 15:31:52 +0200[diff] [blame]150/*
151 * Warn if errors from certain functions are ignored.
152 *
153 * The warnings are always enabled (where supported) for critical functions
154 * where ignoring the return value is almost always a bug. This macro extends
155 * the warnings to more functions.
156 */
157#define MBEDTLS_CHECK_RETURN_WARNING