1*91f16700Schasinglulu /* 2*91f16700Schasinglulu * Copyright (c) 2022-2023, STMicroelectronics - All Rights Reserved 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu */ 6*91f16700Schasinglulu #ifndef MBEDTLS_CONFIG_H 7*91f16700Schasinglulu #define MBEDTLS_CONFIG_H 8*91f16700Schasinglulu 9*91f16700Schasinglulu /* 10*91f16700Schasinglulu * Key algorithms currently supported on mbed TLS libraries 11*91f16700Schasinglulu */ 12*91f16700Schasinglulu #define TF_MBEDTLS_USE_RSA 0 13*91f16700Schasinglulu #define TF_MBEDTLS_USE_ECDSA 1 14*91f16700Schasinglulu 15*91f16700Schasinglulu /* 16*91f16700Schasinglulu * Hash algorithms currently supported on mbed TLS libraries 17*91f16700Schasinglulu */ 18*91f16700Schasinglulu #define TF_MBEDTLS_SHA256 1 19*91f16700Schasinglulu #define TF_MBEDTLS_SHA384 2 20*91f16700Schasinglulu #define TF_MBEDTLS_SHA512 3 21*91f16700Schasinglulu 22*91f16700Schasinglulu /* 23*91f16700Schasinglulu * Configuration file to build mbed TLS with the required features for 24*91f16700Schasinglulu * Trusted Boot 25*91f16700Schasinglulu */ 26*91f16700Schasinglulu 27*91f16700Schasinglulu #define MBEDTLS_PLATFORM_MEMORY 28*91f16700Schasinglulu #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 29*91f16700Schasinglulu /* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */ 30*91f16700Schasinglulu #define MBEDTLS_PLATFORM_SNPRINTF_ALT 31*91f16700Schasinglulu 32*91f16700Schasinglulu #define MBEDTLS_PKCS1_V21 33*91f16700Schasinglulu 34*91f16700Schasinglulu #define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 35*91f16700Schasinglulu #define MBEDTLS_X509_CHECK_KEY_USAGE 36*91f16700Schasinglulu #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 37*91f16700Schasinglulu 38*91f16700Schasinglulu #define MBEDTLS_ASN1_PARSE_C 39*91f16700Schasinglulu #define MBEDTLS_ASN1_WRITE_C 40*91f16700Schasinglulu 41*91f16700Schasinglulu #define MBEDTLS_BASE64_C 42*91f16700Schasinglulu #define MBEDTLS_BIGNUM_C 43*91f16700Schasinglulu 44*91f16700Schasinglulu #define MBEDTLS_ERROR_C 45*91f16700Schasinglulu #define MBEDTLS_MD_C 46*91f16700Schasinglulu 47*91f16700Schasinglulu #define MBEDTLS_MEMORY_BUFFER_ALLOC_C 48*91f16700Schasinglulu #define MBEDTLS_OID_C 49*91f16700Schasinglulu 50*91f16700Schasinglulu #define MBEDTLS_PK_C 51*91f16700Schasinglulu #define MBEDTLS_PK_PARSE_C 52*91f16700Schasinglulu #define MBEDTLS_PK_WRITE_C 53*91f16700Schasinglulu 54*91f16700Schasinglulu #define MBEDTLS_PLATFORM_C 55*91f16700Schasinglulu 56*91f16700Schasinglulu #if TF_MBEDTLS_USE_ECDSA 57*91f16700Schasinglulu #define MBEDTLS_ECDSA_C 58*91f16700Schasinglulu #define MBEDTLS_ECP_C 59*91f16700Schasinglulu #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 60*91f16700Schasinglulu #define MBEDTLS_ECP_NO_INTERNAL_RNG 61*91f16700Schasinglulu #endif 62*91f16700Schasinglulu #if TF_MBEDTLS_USE_RSA 63*91f16700Schasinglulu #define MBEDTLS_RSA_C 64*91f16700Schasinglulu #define MBEDTLS_X509_RSASSA_PSS_SUPPORT 65*91f16700Schasinglulu #endif 66*91f16700Schasinglulu 67*91f16700Schasinglulu #define MBEDTLS_SHA256_C 68*91f16700Schasinglulu #if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256) 69*91f16700Schasinglulu #define MBEDTLS_SHA512_C 70*91f16700Schasinglulu #endif 71*91f16700Schasinglulu 72*91f16700Schasinglulu #define MBEDTLS_VERSION_C 73*91f16700Schasinglulu 74*91f16700Schasinglulu #define MBEDTLS_X509_USE_C 75*91f16700Schasinglulu #define MBEDTLS_X509_CRT_PARSE_C 76*91f16700Schasinglulu 77*91f16700Schasinglulu #if TF_MBEDTLS_USE_AES_GCM 78*91f16700Schasinglulu #define MBEDTLS_AES_C 79*91f16700Schasinglulu #define MBEDTLS_CIPHER_C 80*91f16700Schasinglulu #define MBEDTLS_GCM_C 81*91f16700Schasinglulu #endif 82*91f16700Schasinglulu 83*91f16700Schasinglulu /* MPI / BIGNUM options */ 84*91f16700Schasinglulu #define MBEDTLS_MPI_WINDOW_SIZE 2 85*91f16700Schasinglulu 86*91f16700Schasinglulu #if TF_MBEDTLS_USE_RSA 87*91f16700Schasinglulu #if TF_MBEDTLS_KEY_SIZE <= 2048 88*91f16700Schasinglulu #define MBEDTLS_MPI_MAX_SIZE 256 89*91f16700Schasinglulu #else 90*91f16700Schasinglulu #define MBEDTLS_MPI_MAX_SIZE 512 91*91f16700Schasinglulu #endif 92*91f16700Schasinglulu #else 93*91f16700Schasinglulu #define MBEDTLS_MPI_MAX_SIZE 256 94*91f16700Schasinglulu #endif 95*91f16700Schasinglulu 96*91f16700Schasinglulu /* Memory buffer allocator options */ 97*91f16700Schasinglulu #define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8 98*91f16700Schasinglulu 99*91f16700Schasinglulu /* 100*91f16700Schasinglulu * Prevent the use of 128-bit division which 101*91f16700Schasinglulu * creates dependency on external libraries. 102*91f16700Schasinglulu */ 103*91f16700Schasinglulu #define MBEDTLS_NO_UDBL_DIVISION 104*91f16700Schasinglulu 105*91f16700Schasinglulu #ifndef __ASSEMBLER__ 106*91f16700Schasinglulu /* System headers required to build mbed TLS with the current configuration */ 107*91f16700Schasinglulu #include <stdlib.h> 108*91f16700Schasinglulu #include <mbedtls/check_config.h> 109*91f16700Schasinglulu #endif 110*91f16700Schasinglulu 111*91f16700Schasinglulu /* 112*91f16700Schasinglulu * Mbed TLS heap size is smal as we only use the asn1 113*91f16700Schasinglulu * parsing functions 114*91f16700Schasinglulu * digest, signature and crypto algorithm are done by 115*91f16700Schasinglulu * other library. 116*91f16700Schasinglulu */ 117*91f16700Schasinglulu 118*91f16700Schasinglulu #define TF_MBEDTLS_HEAP_SIZE U(5120) 119*91f16700Schasinglulu #endif /* MBEDTLS_CONFIG_H */ 120