132b31808SJens Wiklander /** 232b31808SJens Wiklander * \file psa/crypto_config.h 332b31808SJens Wiklander * \brief PSA crypto configuration options (set of defines) 432b31808SJens Wiklander * 532b31808SJens Wiklander */ 632b31808SJens Wiklander #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) 732b31808SJens Wiklander /** 832b31808SJens Wiklander * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h, 932b31808SJens Wiklander * this file determines which cryptographic mechanisms are enabled 1032b31808SJens Wiklander * through the PSA Cryptography API (\c psa_xxx() functions). 1132b31808SJens Wiklander * 1232b31808SJens Wiklander * To enable a cryptographic mechanism, uncomment the definition of 1332b31808SJens Wiklander * the corresponding \c PSA_WANT_xxx preprocessor symbol. 1432b31808SJens Wiklander * To disable a cryptographic mechanism, comment out the definition of 1532b31808SJens Wiklander * the corresponding \c PSA_WANT_xxx preprocessor symbol. 1632b31808SJens Wiklander * The names of cryptographic mechanisms correspond to values 1732b31808SJens Wiklander * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead 1832b31808SJens Wiklander * of \c PSA_. 1932b31808SJens Wiklander * 2032b31808SJens Wiklander * Note that many cryptographic mechanisms involve two symbols: one for 2132b31808SJens Wiklander * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm 2232b31808SJens Wiklander * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve 2332b31808SJens Wiklander * additional symbols. 2432b31808SJens Wiklander */ 2532b31808SJens Wiklander #else 2632b31808SJens Wiklander /** 2732b31808SJens Wiklander * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h, 2832b31808SJens Wiklander * this file is not used, and cryptographic mechanisms are supported 2932b31808SJens Wiklander * through the PSA API if and only if they are supported through the 3032b31808SJens Wiklander * mbedtls_xxx API. 3132b31808SJens Wiklander */ 3232b31808SJens Wiklander #endif 3332b31808SJens Wiklander /* 3432b31808SJens Wiklander * Copyright The Mbed TLS Contributors 35*b0563631STom Van Eyck * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 3632b31808SJens Wiklander */ 3732b31808SJens Wiklander 3832b31808SJens Wiklander #ifndef PSA_CRYPTO_CONFIG_H 3932b31808SJens Wiklander #define PSA_CRYPTO_CONFIG_H 4032b31808SJens Wiklander 4132b31808SJens Wiklander /* 4232b31808SJens Wiklander * CBC-MAC is not yet supported via the PSA API in Mbed TLS. 4332b31808SJens Wiklander */ 4432b31808SJens Wiklander //#define PSA_WANT_ALG_CBC_MAC 1 4532b31808SJens Wiklander #define PSA_WANT_ALG_CBC_NO_PADDING 1 4632b31808SJens Wiklander #define PSA_WANT_ALG_CBC_PKCS7 1 4732b31808SJens Wiklander #define PSA_WANT_ALG_CCM 1 4832b31808SJens Wiklander #define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 4932b31808SJens Wiklander #define PSA_WANT_ALG_CMAC 1 5032b31808SJens Wiklander #define PSA_WANT_ALG_CFB 1 5132b31808SJens Wiklander #define PSA_WANT_ALG_CHACHA20_POLY1305 1 5232b31808SJens Wiklander #define PSA_WANT_ALG_CTR 1 5332b31808SJens Wiklander #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 5432b31808SJens Wiklander #define PSA_WANT_ALG_ECB_NO_PADDING 1 5532b31808SJens Wiklander #define PSA_WANT_ALG_ECDH 1 56*b0563631STom Van Eyck #define PSA_WANT_ALG_FFDH 1 5732b31808SJens Wiklander #define PSA_WANT_ALG_ECDSA 1 5832b31808SJens Wiklander #define PSA_WANT_ALG_JPAKE 1 5932b31808SJens Wiklander #define PSA_WANT_ALG_GCM 1 6032b31808SJens Wiklander #define PSA_WANT_ALG_HKDF 1 6132b31808SJens Wiklander #define PSA_WANT_ALG_HKDF_EXTRACT 1 6232b31808SJens Wiklander #define PSA_WANT_ALG_HKDF_EXPAND 1 6332b31808SJens Wiklander #define PSA_WANT_ALG_HMAC 1 6432b31808SJens Wiklander #define PSA_WANT_ALG_MD5 1 6532b31808SJens Wiklander #define PSA_WANT_ALG_OFB 1 66*b0563631STom Van Eyck #define PSA_WANT_ALG_PBKDF2_HMAC 1 67*b0563631STom Van Eyck #define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1 6832b31808SJens Wiklander #define PSA_WANT_ALG_RIPEMD160 1 6932b31808SJens Wiklander #define PSA_WANT_ALG_RSA_OAEP 1 7032b31808SJens Wiklander #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 7132b31808SJens Wiklander #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 7232b31808SJens Wiklander #define PSA_WANT_ALG_RSA_PSS 1 7332b31808SJens Wiklander #define PSA_WANT_ALG_SHA_1 1 7432b31808SJens Wiklander #define PSA_WANT_ALG_SHA_224 1 7532b31808SJens Wiklander #define PSA_WANT_ALG_SHA_256 1 7632b31808SJens Wiklander #define PSA_WANT_ALG_SHA_384 1 7732b31808SJens Wiklander #define PSA_WANT_ALG_SHA_512 1 78*b0563631STom Van Eyck #define PSA_WANT_ALG_SHA3_224 1 79*b0563631STom Van Eyck #define PSA_WANT_ALG_SHA3_256 1 80*b0563631STom Van Eyck #define PSA_WANT_ALG_SHA3_384 1 81*b0563631STom Van Eyck #define PSA_WANT_ALG_SHA3_512 1 8232b31808SJens Wiklander #define PSA_WANT_ALG_STREAM_CIPHER 1 8332b31808SJens Wiklander #define PSA_WANT_ALG_TLS12_PRF 1 8432b31808SJens Wiklander #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 8532b31808SJens Wiklander #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 8632b31808SJens Wiklander 87*b0563631STom Van Eyck /* XTS is not yet supported via the PSA API in Mbed TLS. 8832b31808SJens Wiklander * Note: when adding support, also adjust include/mbedtls/config_psa.h */ 8932b31808SJens Wiklander //#define PSA_WANT_ALG_XTS 1 9032b31808SJens Wiklander 9132b31808SJens Wiklander #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 9232b31808SJens Wiklander #define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 9332b31808SJens Wiklander #define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 9432b31808SJens Wiklander #define PSA_WANT_ECC_MONTGOMERY_255 1 9532b31808SJens Wiklander #define PSA_WANT_ECC_MONTGOMERY_448 1 9632b31808SJens Wiklander #define PSA_WANT_ECC_SECP_K1_192 1 9732b31808SJens Wiklander /* 9832b31808SJens Wiklander * SECP224K1 is buggy via the PSA API in Mbed TLS 9932b31808SJens Wiklander * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by 10032b31808SJens Wiklander * default. 10132b31808SJens Wiklander */ 10232b31808SJens Wiklander //#define PSA_WANT_ECC_SECP_K1_224 1 10332b31808SJens Wiklander #define PSA_WANT_ECC_SECP_K1_256 1 10432b31808SJens Wiklander #define PSA_WANT_ECC_SECP_R1_192 1 10532b31808SJens Wiklander #define PSA_WANT_ECC_SECP_R1_224 1 106*b0563631STom Van Eyck /* For secp256r1, consider enabling #MBEDTLS_PSA_P256M_DRIVER_ENABLED 107*b0563631STom Van Eyck * (see the description in mbedtls/mbedtls_config.h for details). */ 10832b31808SJens Wiklander #define PSA_WANT_ECC_SECP_R1_256 1 10932b31808SJens Wiklander #define PSA_WANT_ECC_SECP_R1_384 1 11032b31808SJens Wiklander #define PSA_WANT_ECC_SECP_R1_521 1 11132b31808SJens Wiklander 112*b0563631STom Van Eyck #define PSA_WANT_DH_RFC7919_2048 1 113*b0563631STom Van Eyck #define PSA_WANT_DH_RFC7919_3072 1 114*b0563631STom Van Eyck #define PSA_WANT_DH_RFC7919_4096 1 115*b0563631STom Van Eyck #define PSA_WANT_DH_RFC7919_6144 1 116*b0563631STom Van Eyck #define PSA_WANT_DH_RFC7919_8192 1 117*b0563631STom Van Eyck 11832b31808SJens Wiklander #define PSA_WANT_KEY_TYPE_DERIVE 1 11932b31808SJens Wiklander #define PSA_WANT_KEY_TYPE_PASSWORD 1 12032b31808SJens Wiklander #define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1 12132b31808SJens Wiklander #define PSA_WANT_KEY_TYPE_HMAC 1 12232b31808SJens Wiklander #define PSA_WANT_KEY_TYPE_AES 1 12332b31808SJens Wiklander #define PSA_WANT_KEY_TYPE_ARIA 1 12432b31808SJens Wiklander #define PSA_WANT_KEY_TYPE_CAMELLIA 1 12532b31808SJens Wiklander #define PSA_WANT_KEY_TYPE_CHACHA20 1 12632b31808SJens Wiklander #define PSA_WANT_KEY_TYPE_DES 1 127*b0563631STom Van Eyck //#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */ 12832b31808SJens Wiklander #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 129*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 13032b31808SJens Wiklander #define PSA_WANT_KEY_TYPE_RAW_DATA 1 131*b0563631STom Van Eyck //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */ 13232b31808SJens Wiklander #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 13332b31808SJens Wiklander 134*b0563631STom Van Eyck /* 135*b0563631STom Van Eyck * The following symbols extend and deprecate the legacy 136*b0563631STom Van Eyck * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in 137*b0563631STom Van Eyck * the name's suffix. "_USE" is the most generic and it can be used to describe 138*b0563631STom Van Eyck * a generic suport, whereas other ones add more features on top of that and 139*b0563631STom Van Eyck * they are more specific. 140*b0563631STom Van Eyck */ 141*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 142*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 143*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 144*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 145*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 146*b0563631STom Van Eyck 147*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 148*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 149*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 150*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 151*b0563631STom Van Eyck //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */ 152*b0563631STom Van Eyck 153*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 154*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 155*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 156*b0563631STom Van Eyck #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 157*b0563631STom Van Eyck //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 /* Not supported */ 158*b0563631STom Van Eyck 15932b31808SJens Wiklander #endif /* PSA_CRYPTO_CONFIG_H */ 160