xref: /rk3399_ARM-atf/include/drivers/auth/mbedtls/default_mbedtls_config.h (revision b8c362bc3e5078c85c87f7a3dc682f1b92a82604) 
1640ba634SRyan Everett /*
208f8c0a5SLauren Wehrmeister  * Copyright (c) 2023-2025, Arm Limited. All rights reserved.
3640ba634SRyan Everett  *
4640ba634SRyan Everett  * SPDX-License-Identifier: BSD-3-Clause
5640ba634SRyan Everett  */
6640ba634SRyan Everett 
7640ba634SRyan Everett /**
8640ba634SRyan Everett  *  This set of compile-time options may be used to enable
9640ba634SRyan Everett  *  or disable features selectively, and reduce the global
10640ba634SRyan Everett  *  memory footprint.
11640ba634SRyan Everett  */
12640ba634SRyan Everett 
13640ba634SRyan Everett /*
14*5affb6a7SSlava Andrianov  * This file is compatible with versions >= 3.6.5
15c307efceSRyan Everett  */
16*5affb6a7SSlava Andrianov #define MBEDTLS_CONFIG_VERSION         0x03060500
17c307efceSRyan Everett 
18c307efceSRyan Everett /*
19640ba634SRyan Everett  * Key algorithms currently supported on mbed TLS libraries
20640ba634SRyan Everett  */
21640ba634SRyan Everett #define TF_MBEDTLS_RSA			1
22640ba634SRyan Everett #define TF_MBEDTLS_ECDSA		2
23640ba634SRyan Everett #define TF_MBEDTLS_RSA_AND_ECDSA	3
24640ba634SRyan Everett 
25640ba634SRyan Everett #define TF_MBEDTLS_USE_RSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA \
26640ba634SRyan Everett 		|| TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
27640ba634SRyan Everett #define TF_MBEDTLS_USE_ECDSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA \
28640ba634SRyan Everett 		|| TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
29640ba634SRyan Everett 
30640ba634SRyan Everett /*
31640ba634SRyan Everett  * Hash algorithms currently supported on mbed TLS libraries
32640ba634SRyan Everett  */
33640ba634SRyan Everett #define TF_MBEDTLS_SHA256		1
34640ba634SRyan Everett #define TF_MBEDTLS_SHA384		2
35640ba634SRyan Everett #define TF_MBEDTLS_SHA512		3
36640ba634SRyan Everett 
37640ba634SRyan Everett /*
38640ba634SRyan Everett  * Configuration file to build mbed TLS with the required features for
39640ba634SRyan Everett  * Trusted Boot
40640ba634SRyan Everett  */
41640ba634SRyan Everett 
42640ba634SRyan Everett #define MBEDTLS_PLATFORM_MEMORY
43640ba634SRyan Everett #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
44640ba634SRyan Everett /* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */
45640ba634SRyan Everett #define MBEDTLS_PLATFORM_SNPRINTF_ALT
46640ba634SRyan Everett 
47640ba634SRyan Everett #define MBEDTLS_PKCS1_V21
48640ba634SRyan Everett 
49640ba634SRyan Everett #define MBEDTLS_ASN1_PARSE_C
50640ba634SRyan Everett #define MBEDTLS_ASN1_WRITE_C
51640ba634SRyan Everett 
52640ba634SRyan Everett #define MBEDTLS_BASE64_C
53640ba634SRyan Everett #define MBEDTLS_BIGNUM_C
54640ba634SRyan Everett 
55640ba634SRyan Everett #define MBEDTLS_ERROR_C
56640ba634SRyan Everett #define MBEDTLS_MD_C
57640ba634SRyan Everett 
58640ba634SRyan Everett #define MBEDTLS_MEMORY_BUFFER_ALLOC_C
59640ba634SRyan Everett #define MBEDTLS_OID_C
60640ba634SRyan Everett 
61640ba634SRyan Everett #define MBEDTLS_PK_C
62640ba634SRyan Everett #define MBEDTLS_PK_PARSE_C
63640ba634SRyan Everett #define MBEDTLS_PK_WRITE_C
64640ba634SRyan Everett 
65640ba634SRyan Everett #define MBEDTLS_PLATFORM_C
66640ba634SRyan Everett 
67640ba634SRyan Everett #if TF_MBEDTLS_USE_ECDSA
68640ba634SRyan Everett #define MBEDTLS_ECDSA_C
69640ba634SRyan Everett #define MBEDTLS_ECP_C
70640ba634SRyan Everett #if TF_MBEDTLS_KEY_SIZE == 384
71640ba634SRyan Everett #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
72640ba634SRyan Everett #else
73640ba634SRyan Everett #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
74640ba634SRyan Everett #endif
75640ba634SRyan Everett #endif
76640ba634SRyan Everett #if TF_MBEDTLS_USE_RSA
77640ba634SRyan Everett #define MBEDTLS_RSA_C
78640ba634SRyan Everett #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
79640ba634SRyan Everett #endif
80640ba634SRyan Everett 
81640ba634SRyan Everett /* Enable hash algorithms based on TBB or Measured Boot */
82640ba634SRyan Everett #if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256) || defined(TF_MBEDTLS_MBOOT_USE_SHA256)
83640ba634SRyan Everett     #define MBEDTLS_SHA256_C
84640ba634SRyan Everett #endif
85640ba634SRyan Everett 
86640ba634SRyan Everett #if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384) || defined(TF_MBEDTLS_MBOOT_USE_SHA384)
87640ba634SRyan Everett     #define MBEDTLS_SHA384_C
88640ba634SRyan Everett #endif
89640ba634SRyan Everett 
90640ba634SRyan Everett #if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512) || defined(TF_MBEDTLS_MBOOT_USE_SHA512)
91640ba634SRyan Everett     #define MBEDTLS_SHA512_C
92640ba634SRyan Everett #endif
93640ba634SRyan Everett 
94640ba634SRyan Everett #define MBEDTLS_VERSION_C
95640ba634SRyan Everett 
96640ba634SRyan Everett #define MBEDTLS_X509_USE_C
97640ba634SRyan Everett #define MBEDTLS_X509_CRT_PARSE_C
98640ba634SRyan Everett 
99640ba634SRyan Everett #if TF_MBEDTLS_USE_AES_GCM
100640ba634SRyan Everett #define MBEDTLS_AES_C
101640ba634SRyan Everett #define MBEDTLS_CIPHER_C
102640ba634SRyan Everett #define MBEDTLS_GCM_C
103640ba634SRyan Everett #endif
104640ba634SRyan Everett 
105640ba634SRyan Everett /* MPI / BIGNUM options */
106640ba634SRyan Everett 
107640ba634SRyan Everett /* Note: Lower numbers trade longer execution time for less RAM allocation */
108640ba634SRyan Everett #define MBEDTLS_MPI_WINDOW_SIZE			1
109640ba634SRyan Everett 
110640ba634SRyan Everett #if TF_MBEDTLS_USE_RSA
111640ba634SRyan Everett #if TF_MBEDTLS_KEY_SIZE <= 2048
112640ba634SRyan Everett #define MBEDTLS_MPI_MAX_SIZE			256
113640ba634SRyan Everett #else
114640ba634SRyan Everett #define MBEDTLS_MPI_MAX_SIZE			512
115640ba634SRyan Everett #endif
116640ba634SRyan Everett #else
117640ba634SRyan Everett #define MBEDTLS_MPI_MAX_SIZE			256
118640ba634SRyan Everett #endif
119640ba634SRyan Everett 
120640ba634SRyan Everett /* Memory buffer allocator options */
121640ba634SRyan Everett #define MBEDTLS_MEMORY_ALIGN_MULTIPLE		8
122640ba634SRyan Everett 
123640ba634SRyan Everett /*
124640ba634SRyan Everett  * Prevent the use of 128-bit division which
125640ba634SRyan Everett  * creates dependency on external libraries.
126640ba634SRyan Everett  */
127640ba634SRyan Everett #define MBEDTLS_NO_UDBL_DIVISION
128640ba634SRyan Everett 
129640ba634SRyan Everett #ifndef __ASSEMBLER__
130640ba634SRyan Everett /* System headers required to build mbed TLS with the current configuration */
131640ba634SRyan Everett #include <stdlib.h>
132640ba634SRyan Everett #endif
133640ba634SRyan Everett 
134640ba634SRyan Everett /*
13552d29345SRyan Everett  * Determine Mbed TLS heap size.
136640ba634SRyan Everett  */
137640ba634SRyan Everett #if TF_MBEDTLS_USE_ECDSA
13852d29345SRyan Everett #define TF_MBEDTLS_HEAP_SIZE		U(13 * 1024)
139640ba634SRyan Everett #elif TF_MBEDTLS_USE_RSA
140640ba634SRyan Everett #if TF_MBEDTLS_KEY_SIZE <= 2048
14152d29345SRyan Everett #define TF_MBEDTLS_HEAP_SIZE		U(7 * 1024)
142640ba634SRyan Everett #else
14352d29345SRyan Everett #define TF_MBEDTLS_HEAP_SIZE		U(11 * 1024)
144640ba634SRyan Everett #endif
145640ba634SRyan Everett #endif
146640ba634SRyan Everett 
147640ba634SRyan Everett /*
148640ba634SRyan Everett  * Warn if errors from certain functions are ignored.
149640ba634SRyan Everett  *
150640ba634SRyan Everett  * The warnings are always enabled (where supported) for critical functions
151640ba634SRyan Everett  * where ignoring the return value is almost always a bug. This macro extends
152640ba634SRyan Everett  * the warnings to more functions.
153640ba634SRyan Everett  */
154640ba634SRyan Everett #define MBEDTLS_CHECK_RETURN_WARNING
155b57468b3SManish V Badarkhe 
156b57468b3SManish V Badarkhe /*
157b57468b3SManish V Badarkhe  * Use an implementation of SHA-256 with a smaller memory footprint but reduced
158b57468b3SManish V Badarkhe  * speed.
159b57468b3SManish V Badarkhe  */
160b57468b3SManish V Badarkhe #define MBEDTLS_SHA256_SMALLER
161