1a8e1175bSopenharmony_ci/** 2a8e1175bSopenharmony_ci * \file psa/crypto_config.h 3a8e1175bSopenharmony_ci * \brief PSA crypto configuration options (set of defines) 4a8e1175bSopenharmony_ci * 5a8e1175bSopenharmony_ci */ 6a8e1175bSopenharmony_ci#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) 7a8e1175bSopenharmony_ci/** 8a8e1175bSopenharmony_ci * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h, 9a8e1175bSopenharmony_ci * this file determines which cryptographic mechanisms are enabled 10a8e1175bSopenharmony_ci * through the PSA Cryptography API (\c psa_xxx() functions). 11a8e1175bSopenharmony_ci * 12a8e1175bSopenharmony_ci * To enable a cryptographic mechanism, uncomment the definition of 13a8e1175bSopenharmony_ci * the corresponding \c PSA_WANT_xxx preprocessor symbol. 14a8e1175bSopenharmony_ci * To disable a cryptographic mechanism, comment out the definition of 15a8e1175bSopenharmony_ci * the corresponding \c PSA_WANT_xxx preprocessor symbol. 16a8e1175bSopenharmony_ci * The names of cryptographic mechanisms correspond to values 17a8e1175bSopenharmony_ci * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead 18a8e1175bSopenharmony_ci * of \c PSA_. 19a8e1175bSopenharmony_ci * 20a8e1175bSopenharmony_ci * Note that many cryptographic mechanisms involve two symbols: one for 21a8e1175bSopenharmony_ci * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm 22a8e1175bSopenharmony_ci * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve 23a8e1175bSopenharmony_ci * additional symbols. 24a8e1175bSopenharmony_ci */ 25a8e1175bSopenharmony_ci#else 26a8e1175bSopenharmony_ci/** 27a8e1175bSopenharmony_ci * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h, 28a8e1175bSopenharmony_ci * this file is not used, and cryptographic mechanisms are supported 29a8e1175bSopenharmony_ci * through the PSA API if and only if they are supported through the 30a8e1175bSopenharmony_ci * mbedtls_xxx API. 31a8e1175bSopenharmony_ci */ 32a8e1175bSopenharmony_ci#endif 33a8e1175bSopenharmony_ci/* 34a8e1175bSopenharmony_ci * Copyright The Mbed TLS Contributors 35a8e1175bSopenharmony_ci * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 36a8e1175bSopenharmony_ci */ 37a8e1175bSopenharmony_ci 38a8e1175bSopenharmony_ci#ifndef PSA_CRYPTO_CONFIG_H 39a8e1175bSopenharmony_ci#define PSA_CRYPTO_CONFIG_H 40a8e1175bSopenharmony_ci 41a8e1175bSopenharmony_ci/* 42a8e1175bSopenharmony_ci * CBC-MAC is not yet supported via the PSA API in Mbed TLS. 43a8e1175bSopenharmony_ci */ 44a8e1175bSopenharmony_ci//#define PSA_WANT_ALG_CBC_MAC 1 45a8e1175bSopenharmony_ci#define PSA_WANT_ALG_CBC_NO_PADDING 1 46a8e1175bSopenharmony_ci#define PSA_WANT_ALG_CBC_PKCS7 1 47a8e1175bSopenharmony_ci#define PSA_WANT_ALG_CCM 1 48a8e1175bSopenharmony_ci#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 49a8e1175bSopenharmony_ci#define PSA_WANT_ALG_CMAC 1 50a8e1175bSopenharmony_ci#define PSA_WANT_ALG_CFB 1 51a8e1175bSopenharmony_ci#define PSA_WANT_ALG_CHACHA20_POLY1305 1 52a8e1175bSopenharmony_ci#define PSA_WANT_ALG_CTR 1 53a8e1175bSopenharmony_ci#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 54a8e1175bSopenharmony_ci#define PSA_WANT_ALG_ECB_NO_PADDING 1 55a8e1175bSopenharmony_ci#define PSA_WANT_ALG_ECDH 1 56a8e1175bSopenharmony_ci#define PSA_WANT_ALG_FFDH 1 57a8e1175bSopenharmony_ci#define PSA_WANT_ALG_ECDSA 1 58a8e1175bSopenharmony_ci#define PSA_WANT_ALG_JPAKE 1 59a8e1175bSopenharmony_ci#define PSA_WANT_ALG_GCM 1 60a8e1175bSopenharmony_ci#define PSA_WANT_ALG_HKDF 1 61a8e1175bSopenharmony_ci#define PSA_WANT_ALG_HKDF_EXTRACT 1 62a8e1175bSopenharmony_ci#define PSA_WANT_ALG_HKDF_EXPAND 1 63a8e1175bSopenharmony_ci#define PSA_WANT_ALG_HMAC 1 64a8e1175bSopenharmony_ci#define PSA_WANT_ALG_MD5 1 65a8e1175bSopenharmony_ci#define PSA_WANT_ALG_OFB 1 66a8e1175bSopenharmony_ci#define PSA_WANT_ALG_PBKDF2_HMAC 1 67a8e1175bSopenharmony_ci#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1 68a8e1175bSopenharmony_ci#define PSA_WANT_ALG_RIPEMD160 1 69a8e1175bSopenharmony_ci#define PSA_WANT_ALG_RSA_OAEP 1 70a8e1175bSopenharmony_ci#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 71a8e1175bSopenharmony_ci#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 72a8e1175bSopenharmony_ci#define PSA_WANT_ALG_RSA_PSS 1 73a8e1175bSopenharmony_ci#define PSA_WANT_ALG_SHA_1 1 74a8e1175bSopenharmony_ci#define PSA_WANT_ALG_SHA_224 1 75a8e1175bSopenharmony_ci#define PSA_WANT_ALG_SHA_256 1 76a8e1175bSopenharmony_ci#define PSA_WANT_ALG_SHA_384 1 77a8e1175bSopenharmony_ci#define PSA_WANT_ALG_SHA_512 1 78a8e1175bSopenharmony_ci#define PSA_WANT_ALG_SHA3_224 1 79a8e1175bSopenharmony_ci#define PSA_WANT_ALG_SHA3_256 1 80a8e1175bSopenharmony_ci#define PSA_WANT_ALG_SHA3_384 1 81a8e1175bSopenharmony_ci#define PSA_WANT_ALG_SHA3_512 1 82a8e1175bSopenharmony_ci#define PSA_WANT_ALG_STREAM_CIPHER 1 83a8e1175bSopenharmony_ci#define PSA_WANT_ALG_TLS12_PRF 1 84a8e1175bSopenharmony_ci#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 85a8e1175bSopenharmony_ci#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 86a8e1175bSopenharmony_ci 87a8e1175bSopenharmony_ci/* XTS is not yet supported via the PSA API in Mbed TLS. 88a8e1175bSopenharmony_ci * Note: when adding support, also adjust include/mbedtls/config_psa.h */ 89a8e1175bSopenharmony_ci//#define PSA_WANT_ALG_XTS 1 90a8e1175bSopenharmony_ci 91a8e1175bSopenharmony_ci#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 92a8e1175bSopenharmony_ci#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 93a8e1175bSopenharmony_ci#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 94a8e1175bSopenharmony_ci#define PSA_WANT_ECC_MONTGOMERY_255 1 95a8e1175bSopenharmony_ci#define PSA_WANT_ECC_MONTGOMERY_448 1 96a8e1175bSopenharmony_ci#define PSA_WANT_ECC_SECP_K1_192 1 97a8e1175bSopenharmony_ci/* 98a8e1175bSopenharmony_ci * SECP224K1 is buggy via the PSA API in Mbed TLS 99a8e1175bSopenharmony_ci * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by 100a8e1175bSopenharmony_ci * default. 101a8e1175bSopenharmony_ci */ 102a8e1175bSopenharmony_ci//#define PSA_WANT_ECC_SECP_K1_224 1 103a8e1175bSopenharmony_ci#define PSA_WANT_ECC_SECP_K1_256 1 104a8e1175bSopenharmony_ci#define PSA_WANT_ECC_SECP_R1_192 1 105a8e1175bSopenharmony_ci#define PSA_WANT_ECC_SECP_R1_224 1 106a8e1175bSopenharmony_ci/* For secp256r1, consider enabling #MBEDTLS_PSA_P256M_DRIVER_ENABLED 107a8e1175bSopenharmony_ci * (see the description in mbedtls/mbedtls_config.h for details). */ 108a8e1175bSopenharmony_ci#define PSA_WANT_ECC_SECP_R1_256 1 109a8e1175bSopenharmony_ci#define PSA_WANT_ECC_SECP_R1_384 1 110a8e1175bSopenharmony_ci#define PSA_WANT_ECC_SECP_R1_521 1 111a8e1175bSopenharmony_ci 112a8e1175bSopenharmony_ci#define PSA_WANT_DH_RFC7919_2048 1 113a8e1175bSopenharmony_ci#define PSA_WANT_DH_RFC7919_3072 1 114a8e1175bSopenharmony_ci#define PSA_WANT_DH_RFC7919_4096 1 115a8e1175bSopenharmony_ci#define PSA_WANT_DH_RFC7919_6144 1 116a8e1175bSopenharmony_ci#define PSA_WANT_DH_RFC7919_8192 1 117a8e1175bSopenharmony_ci 118a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_DERIVE 1 119a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_PASSWORD 1 120a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1 121a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_HMAC 1 122a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_AES 1 123a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_ARIA 1 124a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_CAMELLIA 1 125a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_CHACHA20 1 126a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_DES 1 127a8e1175bSopenharmony_ci//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */ 128a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 129a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 130a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_RAW_DATA 1 131a8e1175bSopenharmony_ci//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */ 132a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 133a8e1175bSopenharmony_ci 134a8e1175bSopenharmony_ci/* 135a8e1175bSopenharmony_ci * The following symbols extend and deprecate the legacy 136a8e1175bSopenharmony_ci * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in 137a8e1175bSopenharmony_ci * the name's suffix. "_USE" is the most generic and it can be used to describe 138a8e1175bSopenharmony_ci * a generic suport, whereas other ones add more features on top of that and 139a8e1175bSopenharmony_ci * they are more specific. 140a8e1175bSopenharmony_ci */ 141a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 142a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 143a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 144a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 145a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 146a8e1175bSopenharmony_ci 147a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 148a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 149a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 150a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 151a8e1175bSopenharmony_ci//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */ 152a8e1175bSopenharmony_ci 153a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 154a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 155a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 156a8e1175bSopenharmony_ci#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 157a8e1175bSopenharmony_ci//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 /* Not supported */ 158a8e1175bSopenharmony_ci 159a8e1175bSopenharmony_ci#endif /* PSA_CRYPTO_CONFIG_H */ 160