1 /* 2 * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 #ifndef MBEDTLS_CONFIG_H 7 #define MBEDTLS_CONFIG_H 8 9 /* 10 * Key algorithms currently supported on mbed TLS libraries 11 */ 12 #define TF_MBEDTLS_RSA 1 13 #define TF_MBEDTLS_ECDSA 2 14 #define TF_MBEDTLS_RSA_AND_ECDSA 3 15 16 #define TF_MBEDTLS_USE_RSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA \ 17 || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA) 18 #define TF_MBEDTLS_USE_ECDSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA \ 19 || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA) 20 21 /* 22 * Hash algorithms currently supported on mbed TLS libraries 23 */ 24 #define TF_MBEDTLS_SHA256 1 25 #define TF_MBEDTLS_SHA384 2 26 #define TF_MBEDTLS_SHA512 3 27 28 /* 29 * Configuration file to build mbed TLS with the required features for 30 * Trusted Boot 31 */ 32 33 #define MBEDTLS_PLATFORM_MEMORY 34 #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 35 /* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */ 36 #define MBEDTLS_PLATFORM_SNPRINTF_ALT 37 38 #define MBEDTLS_PKCS1_V21 39 40 #define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 41 #define MBEDTLS_X509_CHECK_KEY_USAGE 42 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 43 44 #define MBEDTLS_ASN1_PARSE_C 45 #define MBEDTLS_ASN1_WRITE_C 46 47 #define MBEDTLS_BASE64_C 48 #define MBEDTLS_BIGNUM_C 49 50 #define MBEDTLS_ERROR_C 51 #define MBEDTLS_MD_C 52 53 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C 54 #define MBEDTLS_OID_C 55 56 #define MBEDTLS_PK_C 57 #define MBEDTLS_PK_PARSE_C 58 #define MBEDTLS_PK_WRITE_C 59 60 #define MBEDTLS_PLATFORM_C 61 62 #if TF_MBEDTLS_USE_ECDSA 63 #define MBEDTLS_ECDSA_C 64 #define MBEDTLS_ECP_C 65 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 66 #endif 67 #if TF_MBEDTLS_USE_RSA 68 #define MBEDTLS_RSA_C 69 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT 70 #endif 71 72 #define MBEDTLS_SHA256_C 73 #if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256) 74 #define MBEDTLS_SHA512_C 75 #endif 76 77 #define MBEDTLS_VERSION_C 78 79 #define MBEDTLS_X509_USE_C 80 #define MBEDTLS_X509_CRT_PARSE_C 81 82 /* MPI / BIGNUM options */ 83 #define MBEDTLS_MPI_WINDOW_SIZE 2 84 85 #if TF_MBEDTLS_USE_RSA 86 #if TF_MBEDTLS_KEY_SIZE <= 2048 87 #define MBEDTLS_MPI_MAX_SIZE 256 88 #else 89 #define MBEDTLS_MPI_MAX_SIZE 512 90 #endif 91 #else 92 #define MBEDTLS_MPI_MAX_SIZE 256 93 #endif 94 95 /* Memory buffer allocator options */ 96 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8 97 98 #ifndef __ASSEMBLER__ 99 /* System headers required to build mbed TLS with the current configuration */ 100 #include <stdlib.h> 101 #include <mbedtls/check_config.h> 102 #endif 103 104 /* 105 * Determine Mbed TLS heap size 106 * 13312 = 13*1024 107 * 11264 = 11*1024 108 * 7168 = 7*1024 109 */ 110 #if TF_MBEDTLS_USE_ECDSA 111 #define TF_MBEDTLS_HEAP_SIZE U(13312) 112 #elif TF_MBEDTLS_USE_RSA 113 #if TF_MBEDTLS_KEY_SIZE <= 2048 114 #define TF_MBEDTLS_HEAP_SIZE U(7168) 115 #else 116 #define TF_MBEDTLS_HEAP_SIZE U(11264) 117 #endif 118 #endif 119 120 #endif /* MBEDTLS_CONFIG_H */ 121