1 /*
2  * Copyright (c) 2015-2020, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 #ifndef MBEDTLS_CONFIG_H
7 #define MBEDTLS_CONFIG_H
8 
9 /*
10  * Key algorithms currently supported on mbed TLS libraries
11  */
12 #define TF_MBEDTLS_RSA			1
13 #define TF_MBEDTLS_ECDSA		2
14 #define TF_MBEDTLS_RSA_AND_ECDSA	3
15 
16 #define TF_MBEDTLS_USE_RSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA \
17 		|| TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
18 #define TF_MBEDTLS_USE_ECDSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA \
19 		|| TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
20 
21 /*
22  * Hash algorithms currently supported on mbed TLS libraries
23  */
24 #define TF_MBEDTLS_SHA256		1
25 #define TF_MBEDTLS_SHA384		2
26 #define TF_MBEDTLS_SHA512		3
27 
28 /*
29  * Configuration file to build mbed TLS with the required features for
30  * Trusted Boot
31  */
32 
33 #define MBEDTLS_PLATFORM_MEMORY
34 #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
35 /* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */
36 #define MBEDTLS_PLATFORM_SNPRINTF_ALT
37 
38 #define MBEDTLS_PKCS1_V21
39 
40 #define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
41 #define MBEDTLS_X509_CHECK_KEY_USAGE
42 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
43 
44 #define MBEDTLS_ASN1_PARSE_C
45 #define MBEDTLS_ASN1_WRITE_C
46 
47 #define MBEDTLS_BASE64_C
48 #define MBEDTLS_BIGNUM_C
49 
50 #define MBEDTLS_ERROR_C
51 #define MBEDTLS_MD_C
52 
53 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C
54 #define MBEDTLS_OID_C
55 
56 #define MBEDTLS_PK_C
57 #define MBEDTLS_PK_PARSE_C
58 #define MBEDTLS_PK_WRITE_C
59 
60 #define MBEDTLS_PLATFORM_C
61 
62 #if TF_MBEDTLS_USE_ECDSA
63 #define MBEDTLS_ECDSA_C
64 #define MBEDTLS_ECP_C
65 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
66 #define MBEDTLS_ECP_NO_INTERNAL_RNG
67 #endif
68 #if TF_MBEDTLS_USE_RSA
69 #define MBEDTLS_RSA_C
70 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
71 #endif
72 
73 #define MBEDTLS_SHA256_C
74 #if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256)
75 #define MBEDTLS_SHA512_C
76 #endif
77 
78 #define MBEDTLS_VERSION_C
79 
80 #define MBEDTLS_X509_USE_C
81 #define MBEDTLS_X509_CRT_PARSE_C
82 
83 #if TF_MBEDTLS_USE_AES_GCM
84 #define MBEDTLS_AES_C
85 #define MBEDTLS_CIPHER_C
86 #define MBEDTLS_GCM_C
87 #endif
88 
89 /* MPI / BIGNUM options */
90 #define MBEDTLS_MPI_WINDOW_SIZE			2
91 
92 #if TF_MBEDTLS_USE_RSA
93 #if TF_MBEDTLS_KEY_SIZE <= 2048
94 #define MBEDTLS_MPI_MAX_SIZE			256
95 #else
96 #define MBEDTLS_MPI_MAX_SIZE			512
97 #endif
98 #else
99 #define MBEDTLS_MPI_MAX_SIZE			256
100 #endif
101 
102 /* Memory buffer allocator options */
103 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE		8
104 
105 /*
106  * Prevent the use of 128-bit division which
107  * creates dependency on external libraries.
108  */
109 #define MBEDTLS_NO_UDBL_DIVISION
110 
111 #ifndef __ASSEMBLER__
112 /* System headers required to build mbed TLS with the current configuration */
113 #include <stdlib.h>
114 #include <mbedtls/check_config.h>
115 #endif
116 
117 /*
118  * Determine Mbed TLS heap size
119  * 13312 = 13*1024
120  * 11264 = 11*1024
121  * 7168  = 7*1024
122  */
123 #if TF_MBEDTLS_USE_ECDSA
124 #define TF_MBEDTLS_HEAP_SIZE		U(13312)
125 #elif TF_MBEDTLS_USE_RSA
126 #if TF_MBEDTLS_KEY_SIZE <= 2048
127 #define TF_MBEDTLS_HEAP_SIZE		U(7168)
128 #else
129 #define TF_MBEDTLS_HEAP_SIZE		U(11264)
130 #endif
131 #endif
132 
133 #endif /* MBEDTLS_CONFIG_H */
134