2023-04-11 17:25:02 +02:00
|
|
|
/**
|
|
|
|
* \file config.h
|
|
|
|
*
|
|
|
|
* \brief Configuration options (set of defines)
|
|
|
|
*
|
|
|
|
* This set of compile-time options may be used to enable
|
|
|
|
* or disable features selectively, and reduce the global
|
|
|
|
* memory footprint.
|
|
|
|
*/
|
|
|
|
/*
|
|
|
|
* Copyright (C) 2006-2022, ARM Limited, All Rights Reserved
|
2023-11-02 20:47:20 +01:00
|
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
2023-04-11 17:25:02 +02:00
|
|
|
*
|
|
|
|
* This file is part of mbed TLS (https://tls.mbed.org)
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef PROFILE_M_MBEDTLS_CONFIG_H
|
|
|
|
#define PROFILE_M_MBEDTLS_CONFIG_H
|
|
|
|
|
|
|
|
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
|
|
|
|
#define _CRT_SECURE_NO_DEPRECATE 1
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \name SECTION: System support
|
|
|
|
*
|
|
|
|
* This section sets system specific settings.
|
|
|
|
* \{
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_HAVE_ASM
|
|
|
|
*
|
|
|
|
* The compiler has support for asm().
|
|
|
|
*
|
|
|
|
* Requires support for asm() in compiler.
|
|
|
|
*
|
|
|
|
* Used in:
|
|
|
|
* library/aria.c
|
|
|
|
* library/timing.c
|
|
|
|
* include/mbedtls/bn_mul.h
|
|
|
|
*
|
|
|
|
* Required by:
|
|
|
|
* MBEDTLS_AESNI_C
|
|
|
|
* MBEDTLS_PADLOCK_C
|
|
|
|
*
|
|
|
|
* Comment to disable the use of assembly code.
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_HAVE_ASM
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_PLATFORM_MEMORY
|
|
|
|
*
|
|
|
|
* Enable the memory allocation layer.
|
|
|
|
*
|
|
|
|
* By default mbed TLS uses the system-provided calloc() and free().
|
|
|
|
* This allows different allocators (self-implemented or provided) to be
|
|
|
|
* provided to the platform abstraction layer.
|
|
|
|
*
|
|
|
|
* Enabling MBEDTLS_PLATFORM_MEMORY without the
|
|
|
|
* MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
|
|
|
|
* "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
|
|
|
|
* free() function pointer at runtime.
|
|
|
|
*
|
|
|
|
* Enabling MBEDTLS_PLATFORM_MEMORY and specifying
|
|
|
|
* MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
|
|
|
|
* alternate function at compile time.
|
|
|
|
*
|
|
|
|
* Requires: MBEDTLS_PLATFORM_C
|
|
|
|
*
|
|
|
|
* Enable this layer to allow use of alternative memory allocators.
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_PLATFORM_MEMORY
|
|
|
|
|
|
|
|
/* \} name SECTION: System support */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \name SECTION: mbed TLS feature support
|
|
|
|
*
|
|
|
|
* This section sets support for features that are or are not needed
|
|
|
|
* within the modules that are enabled.
|
|
|
|
* \{
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_MD2_PROCESS_ALT
|
|
|
|
*
|
|
|
|
* MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
|
|
|
|
* alternate core implementation of symmetric crypto or hash function. Keep in
|
|
|
|
* mind that function prototypes should remain the same.
|
|
|
|
*
|
|
|
|
* This replaces only one function. The header file from mbed TLS is still
|
|
|
|
* used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
|
|
|
|
*
|
|
|
|
* Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
|
|
|
|
* no longer provide the mbedtls_sha1_process() function, but it will still provide
|
|
|
|
* the other function (using your mbedtls_sha1_process() function) and the definition
|
|
|
|
* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
|
|
|
|
* with this definition.
|
|
|
|
*
|
|
|
|
* \note Because of a signature change, the core AES encryption and decryption routines are
|
|
|
|
* currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
|
|
|
|
* respectively. When setting up alternative implementations, these functions should
|
|
|
|
* be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
|
|
|
|
* must stay untouched.
|
|
|
|
*
|
|
|
|
* \note If you use the AES_xxx_ALT macros, then is is recommended to also set
|
|
|
|
* MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
|
|
|
|
* tables.
|
|
|
|
*
|
|
|
|
* Uncomment a macro to enable alternate implementation of the corresponding
|
|
|
|
* function.
|
|
|
|
*
|
|
|
|
* \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
|
|
|
|
* constitutes a security risk. If possible, we recommend avoiding
|
|
|
|
* dependencies on them, and considering stronger message digests
|
|
|
|
* and ciphers instead.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_AES_SETKEY_DEC_ALT
|
|
|
|
#define MBEDTLS_AES_DECRYPT_ALT
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_AES_ROM_TABLES
|
|
|
|
*
|
|
|
|
* Use precomputed AES tables stored in ROM.
|
|
|
|
*
|
|
|
|
* Uncomment this macro to use precomputed AES tables stored in ROM.
|
|
|
|
* Comment this macro to generate AES tables in RAM at runtime.
|
|
|
|
*
|
|
|
|
* Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
|
|
|
|
* (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
|
|
|
|
* initialization time before the first AES operation can be performed.
|
|
|
|
* It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
|
|
|
|
* MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
|
|
|
|
* performance if ROM access is slower than RAM access.
|
|
|
|
*
|
|
|
|
* This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_AES_ROM_TABLES
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_AES_FEWER_TABLES
|
|
|
|
*
|
|
|
|
* Use less ROM/RAM for AES tables.
|
|
|
|
*
|
|
|
|
* Uncommenting this macro omits 75% of the AES tables from
|
|
|
|
* ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
|
|
|
|
* by computing their values on the fly during operations
|
|
|
|
* (the tables are entry-wise rotations of one another).
|
|
|
|
*
|
|
|
|
* Tradeoff: Uncommenting this reduces the RAM / ROM footprint
|
|
|
|
* by ~6kb but at the cost of more arithmetic operations during
|
|
|
|
* runtime. Specifically, one has to compare 4 accesses within
|
|
|
|
* different tables to 4 accesses with additional arithmetic
|
|
|
|
* operations within the same table. The performance gain/loss
|
|
|
|
* depends on the system and memory details.
|
|
|
|
*
|
|
|
|
* This option is independent of \c MBEDTLS_AES_ROM_TABLES.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_AES_FEWER_TABLES
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_ECP_NIST_OPTIM
|
|
|
|
*
|
|
|
|
* Enable specific 'modulo p' routines for each NIST prime.
|
|
|
|
* Depending on the prime and architecture, makes operations 4 to 8 times
|
|
|
|
* faster on the corresponding curve.
|
|
|
|
*
|
|
|
|
* Comment this macro to disable NIST curves optimisation.
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_ECP_NIST_OPTIM
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_ERROR_STRERROR_DUMMY
|
|
|
|
*
|
|
|
|
* Enable a dummy error function to make use of mbedtls_strerror() in
|
|
|
|
* third party libraries easier when MBEDTLS_ERROR_C is disabled
|
|
|
|
* (no effect when MBEDTLS_ERROR_C is enabled).
|
|
|
|
*
|
|
|
|
* You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
|
|
|
|
* not using mbedtls_strerror() or error_strerror() in your application.
|
|
|
|
*
|
|
|
|
* Disable if you run into name conflicts and want to really remove the
|
|
|
|
* mbedtls_strerror()
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_ERROR_STRERROR_DUMMY
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_NO_PLATFORM_ENTROPY
|
|
|
|
*
|
|
|
|
* Do not use built-in platform entropy functions.
|
|
|
|
* This is useful if your platform does not support
|
|
|
|
* standards like the /dev/urandom or Windows CryptoAPI.
|
|
|
|
*
|
|
|
|
* Uncomment this macro to disable the built-in platform entropy functions.
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_NO_PLATFORM_ENTROPY
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_ENTROPY_NV_SEED
|
|
|
|
*
|
|
|
|
* Enable the non-volatile (NV) seed file-based entropy source.
|
|
|
|
* (Also enables the NV seed read/write functions in the platform layer)
|
|
|
|
*
|
|
|
|
* This is crucial (if not required) on systems that do not have a
|
|
|
|
* cryptographic entropy source (in hardware or kernel) available.
|
|
|
|
*
|
|
|
|
* Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
|
|
|
|
*
|
|
|
|
* \note The read/write functions that are used by the entropy source are
|
|
|
|
* determined in the platform layer, and can be modified at runtime and/or
|
|
|
|
* compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
|
|
|
|
*
|
|
|
|
* \note If you use the default implementation functions that read a seedfile
|
|
|
|
* with regular fopen(), please make sure you make a seedfile with the
|
|
|
|
* proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
|
|
|
|
* least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
|
|
|
|
* and written to or you will get an entropy source error! The default
|
|
|
|
* implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
|
|
|
|
* bytes from the file.
|
|
|
|
*
|
|
|
|
* \note The entropy collector will write to the seed file before entropy is
|
|
|
|
* given to an external source, to update it.
|
|
|
|
*/
|
2023-04-11 17:43:08 +02:00
|
|
|
// This macro is enabled in TFM Medium but is disabled here because it is
|
|
|
|
// incompatible with baremetal builds in Mbed TLS.
|
|
|
|
//#define MBEDTLS_ENTROPY_NV_SEED
|
2023-04-11 17:25:02 +02:00
|
|
|
|
|
|
|
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
|
|
|
|
*
|
|
|
|
* Enable key identifiers that encode a key owner identifier.
|
|
|
|
*
|
|
|
|
* This is only meaningful when building the library as part of a
|
|
|
|
* multi-client service. When you activate this option, you must provide an
|
|
|
|
* implementation of the type mbedtls_key_owner_id_t and a translation from
|
|
|
|
* mbedtls_svc_key_id_t to file name in all the storage backends that you
|
|
|
|
* you wish to support.
|
|
|
|
*
|
2023-04-11 17:43:08 +02:00
|
|
|
* Note that while this define has been removed from TF-M's copy of this config
|
|
|
|
* file, TF-M still passes this option to Mbed TLS during the build via CMake.
|
|
|
|
* Therefore we keep it in our copy. See discussion on PR #7426 for more info.
|
|
|
|
*
|
2023-04-11 17:25:02 +02:00
|
|
|
*/
|
|
|
|
#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_PSA_CRYPTO_SPM
|
|
|
|
*
|
|
|
|
* When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
|
|
|
|
* Partition Manager) integration which separates the code into two parts: a
|
|
|
|
* NSPE (Non-Secure Process Environment) and an SPE (Secure Process
|
|
|
|
* Environment).
|
|
|
|
*
|
|
|
|
* Module: library/psa_crypto.c
|
|
|
|
* Requires: MBEDTLS_PSA_CRYPTO_C
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_PSA_CRYPTO_SPM
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_SHA256_SMALLER
|
|
|
|
*
|
|
|
|
* Enable an implementation of SHA-256 that has lower ROM footprint but also
|
|
|
|
* lower performance.
|
|
|
|
*
|
|
|
|
* The default implementation is meant to be a reasonnable compromise between
|
|
|
|
* performance and size. This version optimizes more aggressively for size at
|
|
|
|
* the expense of performance. Eg on Cortex-M4 it reduces the size of
|
|
|
|
* mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
|
|
|
|
* 30%.
|
|
|
|
*
|
|
|
|
* Uncomment to enable the smaller implementation of SHA256.
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_SHA256_SMALLER
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
*
|
|
|
|
* This setting allows support for cryptographic mechanisms through the PSA
|
|
|
|
* API to be configured separately from support through the mbedtls API.
|
|
|
|
*
|
|
|
|
* When this option is disabled, the PSA API exposes the cryptographic
|
|
|
|
* mechanisms that can be implemented on top of the `mbedtls_xxx` API
|
|
|
|
* configured with `MBEDTLS_XXX` symbols.
|
|
|
|
*
|
|
|
|
* When this option is enabled, the PSA API exposes the cryptographic
|
|
|
|
* mechanisms requested by the `PSA_WANT_XXX` symbols defined in
|
|
|
|
* include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
|
|
|
|
* automatically enabled if required (i.e. if no PSA driver provides the
|
|
|
|
* mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
|
|
|
|
* in mbedtls_config.h.
|
|
|
|
*
|
|
|
|
* If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
|
|
|
|
* an alternative header to include instead of include/psa/crypto_config.h.
|
|
|
|
*
|
|
|
|
* This feature is still experimental and is not ready for production since
|
|
|
|
* it is not completed.
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_PSA_CRYPTO_CONFIG
|
|
|
|
|
|
|
|
/* \} name SECTION: mbed TLS feature support */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \name SECTION: mbed TLS modules
|
|
|
|
*
|
|
|
|
* This section enables or disables entire modules in mbed TLS
|
|
|
|
* \{
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_AES_C
|
|
|
|
*
|
|
|
|
* Enable the AES block cipher.
|
|
|
|
*
|
|
|
|
* Module: library/aes.c
|
|
|
|
* Caller: library/cipher.c
|
|
|
|
* library/pem.c
|
|
|
|
* library/ctr_drbg.c
|
|
|
|
*
|
|
|
|
* This module is required to support the TLS ciphersuites that use the AES
|
|
|
|
* cipher.
|
|
|
|
*
|
|
|
|
* PEM_PARSE uses AES for decrypting encrypted keys.
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_AES_C
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_CIPHER_C
|
|
|
|
*
|
|
|
|
* Enable the generic cipher layer.
|
|
|
|
*
|
|
|
|
* Module: library/cipher.c
|
|
|
|
*
|
|
|
|
* Uncomment to enable generic cipher wrappers.
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_CIPHER_C
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_CTR_DRBG_C
|
|
|
|
*
|
|
|
|
* Enable the CTR_DRBG AES-based random generator.
|
|
|
|
* The CTR_DRBG generator uses AES-256 by default.
|
|
|
|
* To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
|
|
|
|
*
|
|
|
|
* Module: library/ctr_drbg.c
|
|
|
|
* Caller:
|
|
|
|
*
|
|
|
|
* Requires: MBEDTLS_AES_C
|
|
|
|
*
|
|
|
|
* This module provides the CTR_DRBG AES random number generator.
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_CTR_DRBG_C
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_ENTROPY_C
|
|
|
|
*
|
|
|
|
* Enable the platform-specific entropy code.
|
|
|
|
*
|
|
|
|
* Module: library/entropy.c
|
|
|
|
* Caller:
|
|
|
|
*
|
|
|
|
* Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
|
|
|
|
*
|
|
|
|
* This module provides a generic entropy pool
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_ENTROPY_C
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_ERROR_C
|
|
|
|
*
|
|
|
|
* Enable error code to error string conversion.
|
|
|
|
*
|
|
|
|
* Module: library/error.c
|
|
|
|
* Caller:
|
|
|
|
*
|
|
|
|
* This module enables mbedtls_strerror().
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_ERROR_C
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_HKDF_C
|
|
|
|
*
|
|
|
|
* Enable the HKDF algorithm (RFC 5869).
|
|
|
|
*
|
|
|
|
* Module: library/hkdf.c
|
|
|
|
* Caller:
|
|
|
|
*
|
|
|
|
* Requires: MBEDTLS_MD_C
|
|
|
|
*
|
|
|
|
* This module adds support for the Hashed Message Authentication Code
|
|
|
|
* (HMAC)-based key derivation function (HKDF).
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_HKDF_C /* Used for HUK deriviation */
|
|
|
|
|
2023-09-22 18:40:18 +02:00
|
|
|
/**
|
|
|
|
* \def MBEDTLS_MD_C
|
|
|
|
*
|
|
|
|
* Enable the generic layer for message digest (hashing) and HMAC.
|
|
|
|
*
|
|
|
|
* Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C,
|
|
|
|
* MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C,
|
|
|
|
* MBEDTLS_SHA512_C, or MBEDTLS_PSA_CRYPTO_C with at least
|
|
|
|
* one hash.
|
|
|
|
* Module: library/md.c
|
|
|
|
* Caller: library/constant_time.c
|
|
|
|
* library/ecdsa.c
|
|
|
|
* library/ecjpake.c
|
|
|
|
* library/hkdf.c
|
|
|
|
* library/hmac_drbg.c
|
|
|
|
* library/pk.c
|
|
|
|
* library/pkcs5.c
|
|
|
|
* library/pkcs12.c
|
|
|
|
* library/psa_crypto_ecp.c
|
|
|
|
* library/psa_crypto_rsa.c
|
|
|
|
* library/rsa.c
|
|
|
|
* library/ssl_cookie.c
|
|
|
|
* library/ssl_msg.c
|
|
|
|
* library/ssl_tls.c
|
|
|
|
* library/x509.c
|
|
|
|
* library/x509_crt.c
|
|
|
|
* library/x509write_crt.c
|
|
|
|
* library/x509write_csr.c
|
|
|
|
*
|
|
|
|
* Uncomment to enable generic message digest wrappers.
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_MD_C
|
|
|
|
|
2023-04-11 17:25:02 +02:00
|
|
|
/**
|
|
|
|
* \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
*
|
|
|
|
* Enable the buffer allocator implementation that makes use of a (stack)
|
|
|
|
* based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
|
|
|
|
* calls)
|
|
|
|
*
|
|
|
|
* Module: library/memory_buffer_alloc.c
|
|
|
|
*
|
|
|
|
* Requires: MBEDTLS_PLATFORM_C
|
|
|
|
* MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
|
|
|
|
*
|
|
|
|
* Enable this module to enable the buffer memory allocator.
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_PLATFORM_C
|
|
|
|
*
|
|
|
|
* Enable the platform abstraction layer that allows you to re-assign
|
|
|
|
* functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
|
|
|
|
*
|
|
|
|
* Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
|
|
|
|
* or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
|
|
|
|
* above to be specified at runtime or compile time respectively.
|
|
|
|
*
|
|
|
|
* \note This abstraction layer must be enabled on Windows (including MSYS2)
|
|
|
|
* as other module rely on it for a fixed snprintf implementation.
|
|
|
|
*
|
|
|
|
* Module: library/platform.c
|
|
|
|
* Caller: Most other .c files
|
|
|
|
*
|
|
|
|
* This module enables abstraction of common (libc) functions.
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_PLATFORM_C
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_PSA_CRYPTO_C
|
|
|
|
*
|
|
|
|
* Enable the Platform Security Architecture cryptography API.
|
|
|
|
*
|
|
|
|
* Module: library/psa_crypto.c
|
|
|
|
*
|
|
|
|
* Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
#define MBEDTLS_PSA_CRYPTO_C
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_PSA_CRYPTO_STORAGE_C
|
|
|
|
*
|
|
|
|
* Enable the Platform Security Architecture persistent key storage.
|
|
|
|
*
|
|
|
|
* Module: library/psa_crypto_storage.c
|
|
|
|
*
|
|
|
|
* Requires: MBEDTLS_PSA_CRYPTO_C,
|
|
|
|
* either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
|
|
|
|
* the PSA ITS interface
|
|
|
|
*/
|
2023-04-11 17:43:08 +02:00
|
|
|
// This macro is enabled in TFM Medium but is disabled here because it is
|
|
|
|
// incompatible with baremetal builds in Mbed TLS.
|
|
|
|
//#define MBEDTLS_PSA_CRYPTO_STORAGE_C
|
2023-04-11 17:25:02 +02:00
|
|
|
|
|
|
|
/* \} name SECTION: mbed TLS modules */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \name SECTION: General configuration options
|
|
|
|
*
|
|
|
|
* This section contains Mbed TLS build settings that are not associated
|
|
|
|
* with a particular module.
|
|
|
|
*
|
|
|
|
* \{
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_CONFIG_FILE
|
|
|
|
*
|
|
|
|
* If defined, this is a header which will be included instead of
|
|
|
|
* `"mbedtls/mbedtls_config.h"`.
|
|
|
|
* This header file specifies the compile-time configuration of Mbed TLS.
|
|
|
|
* Unlike other configuration options, this one must be defined on the
|
|
|
|
* compiler command line: a definition in `mbedtls_config.h` would have
|
|
|
|
* no effect.
|
|
|
|
*
|
|
|
|
* This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
|
|
|
|
* non-standard feature of the C language, so this feature is only available
|
|
|
|
* with compilers that perform macro expansion on an <tt>\#include</tt> line.
|
|
|
|
*
|
|
|
|
* The value of this symbol is typically a path in double quotes, either
|
|
|
|
* absolute or relative to a directory on the include search path.
|
|
|
|
*/
|
|
|
|
//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h"
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_USER_CONFIG_FILE
|
|
|
|
*
|
|
|
|
* If defined, this is a header which will be included after
|
|
|
|
* `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE.
|
|
|
|
* This allows you to modify the default configuration, including the ability
|
|
|
|
* to undefine options that are enabled by default.
|
|
|
|
*
|
|
|
|
* This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
|
|
|
|
* non-standard feature of the C language, so this feature is only available
|
|
|
|
* with compilers that perform macro expansion on an <tt>\#include</tt> line.
|
|
|
|
*
|
|
|
|
* The value of this symbol is typically a path in double quotes, either
|
|
|
|
* absolute or relative to a directory on the include search path.
|
|
|
|
*/
|
|
|
|
//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
|
|
|
|
*
|
|
|
|
* If defined, this is a header which will be included instead of
|
|
|
|
* `"psa/crypto_config.h"`.
|
|
|
|
* This header file specifies which cryptographic mechanisms are available
|
|
|
|
* through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
|
|
|
|
* is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
|
|
|
|
*
|
|
|
|
* This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
|
|
|
|
* non-standard feature of the C language, so this feature is only available
|
|
|
|
* with compilers that perform macro expansion on an <tt>\#include</tt> line.
|
|
|
|
*
|
|
|
|
* The value of this symbol is typically a path in double quotes, either
|
|
|
|
* absolute or relative to a directory on the include search path.
|
|
|
|
*/
|
|
|
|
//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
|
|
|
|
*
|
|
|
|
* If defined, this is a header which will be included after
|
|
|
|
* `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
|
|
|
|
* This allows you to modify the default configuration, including the ability
|
|
|
|
* to undefine options that are enabled by default.
|
|
|
|
*
|
|
|
|
* This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
|
|
|
|
* non-standard feature of the C language, so this feature is only available
|
|
|
|
* with compilers that perform macro expansion on an <tt>\#include</tt> line.
|
|
|
|
*
|
|
|
|
* The value of this symbol is typically a path in double quotes, either
|
|
|
|
* absolute or relative to a directory on the include search path.
|
|
|
|
*/
|
|
|
|
//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
|
|
|
|
|
|
|
|
/** \} name SECTION: General configuration options */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \name SECTION: Module configuration options
|
|
|
|
*
|
|
|
|
* This section allows for the setting of module specific sizes and
|
|
|
|
* configuration options. The default values are already present in the
|
|
|
|
* relevant header files and should suffice for the regular use cases.
|
|
|
|
*
|
|
|
|
* Our advice is to enable options and change their values here
|
|
|
|
* only if you have a good reason and know the consequences.
|
|
|
|
*
|
|
|
|
* Please check the respective header file for documentation on these
|
|
|
|
* parameters (to prevent duplicate documentation).
|
|
|
|
* \{
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* ECP options */
|
|
|
|
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Disable fixed-point speed-up */
|
|
|
|
|
|
|
|
/* \} name SECTION: Customisation configuration options */
|
|
|
|
|
|
|
|
#if CRYPTO_NV_SEED
|
|
|
|
#include "tfm_mbedcrypto_config_extra_nv_seed.h"
|
|
|
|
#endif /* CRYPTO_NV_SEED */
|
|
|
|
|
|
|
|
#if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED)
|
|
|
|
#include "mbedtls_entropy_nv_seed_config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef CRYPTO_HW_ACCELERATOR
|
|
|
|
#include "mbedtls_accelerator_config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#endif /* PROFILE_M_MBEDTLS_CONFIG_H */
|