2020-09-18 06:15:13 +02:00
|
|
|
/**
|
|
|
|
|
* \file psa/crypto_config.h
|
|
|
|
|
* \brief PSA crypto configuration options (set of defines)
|
|
|
|
|
*
|
2020-10-13 06:56:26 +02:00
|
|
|
*/
|
2020-10-13 06:42:03 +02:00
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
|
|
|
|
/**
|
2021-05-28 09:42:25 +02:00
|
|
|
* When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
|
2020-10-13 06:42:03 +02:00
|
|
|
* this file determines which cryptographic mechanisms are enabled
|
|
|
|
|
* through the PSA Cryptography API (\c psa_xxx() functions).
|
|
|
|
|
*
|
|
|
|
|
* To enable a cryptographic mechanism, uncomment the definition of
|
|
|
|
|
* the corresponding \c PSA_WANT_xxx preprocessor symbol.
|
|
|
|
|
* To disable a cryptographic mechanism, comment out the definition of
|
|
|
|
|
* the corresponding \c PSA_WANT_xxx preprocessor symbol.
|
|
|
|
|
* The names of cryptographic mechanisms correspond to values
|
|
|
|
|
* defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead
|
|
|
|
|
* of \c PSA_.
|
|
|
|
|
*
|
|
|
|
|
* Note that many cryptographic mechanisms involve two symbols: one for
|
|
|
|
|
* the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm
|
|
|
|
|
* (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve
|
|
|
|
|
* additional symbols.
|
2020-09-18 06:15:13 +02:00
|
|
|
*/
|
2020-10-13 06:42:03 +02:00
|
|
|
#else
|
|
|
|
|
/**
|
2021-05-28 09:42:25 +02:00
|
|
|
* When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h,
|
2020-10-13 06:42:03 +02:00
|
|
|
* this file is not used, and cryptographic mechanisms are supported
|
|
|
|
|
* through the PSA API if and only if they are supported through the
|
|
|
|
|
* mbedtls_xxx API.
|
|
|
|
|
*/
|
|
|
|
|
#endif
|
2020-09-18 06:15:13 +02:00
|
|
|
/*
|
|
|
|
|
* Copyright The Mbed TLS Contributors
|
|
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
|
* not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef PSA_CRYPTO_CONFIG_H
|
|
|
|
|
#define PSA_CRYPTO_CONFIG_H
|
|
|
|
|
|
2021-03-25 15:32:32 +01:00
|
|
|
/*
|
|
|
|
|
* CBC-MAC is not yet supported via the PSA API in Mbed TLS.
|
|
|
|
|
*/
|
|
|
|
|
//#define PSA_WANT_ALG_CBC_MAC 1
|
2021-01-15 19:40:25 +01:00
|
|
|
#define PSA_WANT_ALG_CBC_NO_PADDING 1
|
|
|
|
|
#define PSA_WANT_ALG_CBC_PKCS7 1
|
2021-03-18 13:40:31 +01:00
|
|
|
#define PSA_WANT_ALG_CCM 1
|
2021-03-22 15:09:44 +01:00
|
|
|
#define PSA_WANT_ALG_CMAC 1
|
2021-01-15 19:40:25 +01:00
|
|
|
#define PSA_WANT_ALG_CFB 1
|
2021-02-16 20:57:27 +01:00
|
|
|
#define PSA_WANT_ALG_CHACHA20_POLY1305 1
|
|
|
|
|
#define PSA_WANT_ALG_CTR 1
|
2020-10-14 04:58:20 +02:00
|
|
|
#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
|
2021-01-15 19:40:25 +01:00
|
|
|
#define PSA_WANT_ALG_ECB_NO_PADDING 1
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
#define PSA_WANT_ALG_ECDH 1
|
2020-11-17 07:08:34 +01:00
|
|
|
#define PSA_WANT_ALG_ECDSA 1
|
2021-03-18 13:40:31 +01:00
|
|
|
#define PSA_WANT_ALG_GCM 1
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-30 05:37:36 +01:00
|
|
|
#define PSA_WANT_ALG_HKDF 1
|
2022-06-03 14:05:07 +02:00
|
|
|
#define PSA_WANT_ALG_HKDF_EXTRACT 1
|
|
|
|
|
#define PSA_WANT_ALG_HKDF_EXPAND 1
|
2020-11-17 07:08:34 +01:00
|
|
|
#define PSA_WANT_ALG_HMAC 1
|
2020-11-27 17:43:28 +01:00
|
|
|
#define PSA_WANT_ALG_MD5 1
|
2021-01-15 19:40:25 +01:00
|
|
|
#define PSA_WANT_ALG_OFB 1
|
2021-04-30 10:41:07 +02:00
|
|
|
/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
|
2021-04-20 13:23:03 +02:00
|
|
|
* Note: when adding support, also adjust include/mbedtls/config_psa.h */
|
|
|
|
|
//#define PSA_WANT_ALG_PBKDF2_HMAC 1
|
2020-11-27 17:43:28 +01:00
|
|
|
#define PSA_WANT_ALG_RIPEMD160 1
|
2020-11-17 07:08:34 +01:00
|
|
|
#define PSA_WANT_ALG_RSA_OAEP 1
|
2020-11-04 04:05:36 +01:00
|
|
|
#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
|
|
|
|
|
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
|
|
|
|
|
#define PSA_WANT_ALG_RSA_PSS 1
|
2020-11-27 17:43:28 +01:00
|
|
|
#define PSA_WANT_ALG_SHA_1 1
|
|
|
|
|
#define PSA_WANT_ALG_SHA_224 1
|
|
|
|
|
#define PSA_WANT_ALG_SHA_256 1
|
|
|
|
|
#define PSA_WANT_ALG_SHA_384 1
|
|
|
|
|
#define PSA_WANT_ALG_SHA_512 1
|
2021-01-15 19:40:25 +01:00
|
|
|
#define PSA_WANT_ALG_STREAM_CIPHER 1
|
2020-11-17 07:08:34 +01:00
|
|
|
#define PSA_WANT_ALG_TLS12_PRF 1
|
|
|
|
|
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
|
2022-03-19 10:56:13 +01:00
|
|
|
/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
|
|
|
|
|
* Note: when adding support, also adjust include/mbedtls/config_psa.h */
|
|
|
|
|
//#define PSA_WANT_ALG_XTS 1
|
2021-02-16 14:06:50 +01:00
|
|
|
|
2021-03-16 17:44:22 +01:00
|
|
|
#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
|
|
|
|
|
#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
|
|
|
|
|
#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
|
2021-03-03 02:36:35 +01:00
|
|
|
#define PSA_WANT_ECC_MONTGOMERY_255 1
|
2021-06-08 08:10:10 +02:00
|
|
|
#define PSA_WANT_ECC_MONTGOMERY_448 1
|
2021-03-03 02:36:35 +01:00
|
|
|
#define PSA_WANT_ECC_SECP_K1_192 1
|
2021-03-25 15:09:47 +01:00
|
|
|
/*
|
|
|
|
|
* SECP224K1 is buggy via the PSA API in Mbed TLS
|
2022-03-31 15:07:01 +02:00
|
|
|
* (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
|
2021-03-25 15:09:47 +01:00
|
|
|
* default.
|
|
|
|
|
*/
|
2021-03-23 12:06:45 +01:00
|
|
|
//#define PSA_WANT_ECC_SECP_K1_224 1
|
2021-03-03 02:36:35 +01:00
|
|
|
#define PSA_WANT_ECC_SECP_K1_256 1
|
|
|
|
|
#define PSA_WANT_ECC_SECP_R1_192 1
|
|
|
|
|
#define PSA_WANT_ECC_SECP_R1_224 1
|
|
|
|
|
#define PSA_WANT_ECC_SECP_R1_256 1
|
|
|
|
|
#define PSA_WANT_ECC_SECP_R1_384 1
|
|
|
|
|
#define PSA_WANT_ECC_SECP_R1_521 1
|
2021-02-19 22:12:27 +01:00
|
|
|
|
2021-01-12 00:01:16 +01:00
|
|
|
#define PSA_WANT_KEY_TYPE_DERIVE 1
|
2021-01-12 00:00:15 +01:00
|
|
|
#define PSA_WANT_KEY_TYPE_HMAC 1
|
2021-01-15 19:40:25 +01:00
|
|
|
#define PSA_WANT_KEY_TYPE_AES 1
|
2021-10-08 15:48:16 +02:00
|
|
|
#define PSA_WANT_KEY_TYPE_ARIA 1
|
2021-01-15 19:40:25 +01:00
|
|
|
#define PSA_WANT_KEY_TYPE_CAMELLIA 1
|
2021-02-16 20:57:27 +01:00
|
|
|
#define PSA_WANT_KEY_TYPE_CHACHA20 1
|
2021-01-15 19:40:25 +01:00
|
|
|
#define PSA_WANT_KEY_TYPE_DES 1
|
2020-11-17 07:08:34 +01:00
|
|
|
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
|
|
|
|
|
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
2021-02-16 14:06:50 +01:00
|
|
|
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
|
2020-11-04 04:05:36 +01:00
|
|
|
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
|
|
|
|
|
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
|
2020-09-18 06:15:13 +02:00
|
|
|
|
|
|
|
|
#endif /* PSA_CRYPTO_CONFIG_H */
|
