1*91f16700Schasinglulu /* 2*91f16700Schasinglulu * Copyright (c) 2022-2023, STMicroelectronics - All Rights Reserved 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu */ 6*91f16700Schasinglulu 7*91f16700Schasinglulu /* 8*91f16700Schasinglulu * Key algorithms currently supported on mbed TLS libraries 9*91f16700Schasinglulu */ 10*91f16700Schasinglulu #define TF_MBEDTLS_USE_RSA 0 11*91f16700Schasinglulu #define TF_MBEDTLS_USE_ECDSA 1 12*91f16700Schasinglulu 13*91f16700Schasinglulu /* 14*91f16700Schasinglulu * Hash algorithms currently supported on mbed TLS libraries 15*91f16700Schasinglulu */ 16*91f16700Schasinglulu #define TF_MBEDTLS_SHA256 1 17*91f16700Schasinglulu #define TF_MBEDTLS_SHA384 2 18*91f16700Schasinglulu #define TF_MBEDTLS_SHA512 3 19*91f16700Schasinglulu 20*91f16700Schasinglulu /* 21*91f16700Schasinglulu * Configuration file to build mbed TLS with the required features for 22*91f16700Schasinglulu * Trusted Boot 23*91f16700Schasinglulu */ 24*91f16700Schasinglulu 25*91f16700Schasinglulu #define MBEDTLS_PLATFORM_MEMORY 26*91f16700Schasinglulu #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 27*91f16700Schasinglulu /* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */ 28*91f16700Schasinglulu #define MBEDTLS_PLATFORM_SNPRINTF_ALT 29*91f16700Schasinglulu 30*91f16700Schasinglulu #define MBEDTLS_PKCS1_V21 31*91f16700Schasinglulu 32*91f16700Schasinglulu #define MBEDTLS_ASN1_PARSE_C 33*91f16700Schasinglulu #define MBEDTLS_ASN1_WRITE_C 34*91f16700Schasinglulu 35*91f16700Schasinglulu #define MBEDTLS_BASE64_C 36*91f16700Schasinglulu #define MBEDTLS_BIGNUM_C 37*91f16700Schasinglulu 38*91f16700Schasinglulu #define MBEDTLS_ERROR_C 39*91f16700Schasinglulu #define MBEDTLS_MD_C 40*91f16700Schasinglulu 41*91f16700Schasinglulu #define MBEDTLS_MEMORY_BUFFER_ALLOC_C 42*91f16700Schasinglulu #define MBEDTLS_OID_C 43*91f16700Schasinglulu 44*91f16700Schasinglulu #define MBEDTLS_PK_C 45*91f16700Schasinglulu #define MBEDTLS_PK_PARSE_C 46*91f16700Schasinglulu #define MBEDTLS_PK_WRITE_C 47*91f16700Schasinglulu 48*91f16700Schasinglulu #define MBEDTLS_PLATFORM_C 49*91f16700Schasinglulu 50*91f16700Schasinglulu #if TF_MBEDTLS_USE_ECDSA 51*91f16700Schasinglulu #define MBEDTLS_ECDSA_C 52*91f16700Schasinglulu #define MBEDTLS_ECP_C 53*91f16700Schasinglulu #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 54*91f16700Schasinglulu #endif 55*91f16700Schasinglulu #if TF_MBEDTLS_USE_RSA 56*91f16700Schasinglulu #define MBEDTLS_RSA_C 57*91f16700Schasinglulu #define MBEDTLS_X509_RSASSA_PSS_SUPPORT 58*91f16700Schasinglulu #endif 59*91f16700Schasinglulu 60*91f16700Schasinglulu /* The library does not currently support enabling SHA-256 without SHA-224. */ 61*91f16700Schasinglulu #define MBEDTLS_SHA224_C 62*91f16700Schasinglulu #define MBEDTLS_SHA256_C 63*91f16700Schasinglulu 64*91f16700Schasinglulu #if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256) 65*91f16700Schasinglulu #define MBEDTLS_SHA384_C 66*91f16700Schasinglulu #define MBEDTLS_SHA512_C 67*91f16700Schasinglulu #endif 68*91f16700Schasinglulu 69*91f16700Schasinglulu #define MBEDTLS_VERSION_C 70*91f16700Schasinglulu 71*91f16700Schasinglulu #define MBEDTLS_X509_USE_C 72*91f16700Schasinglulu #define MBEDTLS_X509_CRT_PARSE_C 73*91f16700Schasinglulu 74*91f16700Schasinglulu #if TF_MBEDTLS_USE_AES_GCM 75*91f16700Schasinglulu #define MBEDTLS_AES_C 76*91f16700Schasinglulu #define MBEDTLS_CIPHER_C 77*91f16700Schasinglulu #define MBEDTLS_GCM_C 78*91f16700Schasinglulu #endif 79*91f16700Schasinglulu 80*91f16700Schasinglulu /* MPI / BIGNUM options */ 81*91f16700Schasinglulu #define MBEDTLS_MPI_WINDOW_SIZE 2 82*91f16700Schasinglulu 83*91f16700Schasinglulu #if TF_MBEDTLS_USE_RSA 84*91f16700Schasinglulu #if TF_MBEDTLS_KEY_SIZE <= 2048 85*91f16700Schasinglulu #define MBEDTLS_MPI_MAX_SIZE 256 86*91f16700Schasinglulu #else 87*91f16700Schasinglulu #define MBEDTLS_MPI_MAX_SIZE 512 88*91f16700Schasinglulu #endif 89*91f16700Schasinglulu #else 90*91f16700Schasinglulu #define MBEDTLS_MPI_MAX_SIZE 256 91*91f16700Schasinglulu #endif 92*91f16700Schasinglulu 93*91f16700Schasinglulu /* Memory buffer allocator options */ 94*91f16700Schasinglulu #define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8 95*91f16700Schasinglulu 96*91f16700Schasinglulu /* 97*91f16700Schasinglulu * Prevent the use of 128-bit division which 98*91f16700Schasinglulu * creates dependency on external libraries. 99*91f16700Schasinglulu */ 100*91f16700Schasinglulu #define MBEDTLS_NO_UDBL_DIVISION 101*91f16700Schasinglulu 102*91f16700Schasinglulu #ifndef __ASSEMBLER__ 103*91f16700Schasinglulu /* System headers required to build mbed TLS with the current configuration */ 104*91f16700Schasinglulu #include <stdlib.h> 105*91f16700Schasinglulu #include <mbedtls/check_config.h> 106*91f16700Schasinglulu #endif 107*91f16700Schasinglulu 108*91f16700Schasinglulu /* 109*91f16700Schasinglulu * Mbed TLS heap size is smal as we only use the asn1 110*91f16700Schasinglulu * parsing functions 111*91f16700Schasinglulu * digest, signature and crypto algorithm are done by 112*91f16700Schasinglulu * other library. 113*91f16700Schasinglulu */ 114*91f16700Schasinglulu 115*91f16700Schasinglulu #define TF_MBEDTLS_HEAP_SIZE U(5120) 116