1 /*
2  * Copyright (c) 2022-2024, STMicroelectronics - All Rights Reserved
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 /*
8  * Key algorithms currently supported on mbed TLS libraries
9  */
10 #define TF_MBEDTLS_USE_RSA	0
11 #define TF_MBEDTLS_USE_ECDSA	1
12 
13 /*
14  * Hash algorithms currently supported on mbed TLS libraries
15  */
16 #define TF_MBEDTLS_SHA256		1
17 #define TF_MBEDTLS_SHA384		2
18 #define TF_MBEDTLS_SHA512		3
19 
20 /*
21  * Configuration file to build mbed TLS with the required features for
22  * Trusted Boot
23  */
24 
25 #define MBEDTLS_PLATFORM_MEMORY
26 #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
27 /* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */
28 #define MBEDTLS_PLATFORM_SNPRINTF_ALT
29 
30 #define MBEDTLS_PKCS1_V21
31 
32 #define MBEDTLS_ASN1_PARSE_C
33 #define MBEDTLS_ASN1_WRITE_C
34 
35 #define MBEDTLS_BASE64_C
36 #define MBEDTLS_BIGNUM_C
37 
38 #define MBEDTLS_ERROR_C
39 #define MBEDTLS_MD_C
40 
41 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C
42 #define MBEDTLS_OID_C
43 
44 #define MBEDTLS_PK_C
45 #define MBEDTLS_PK_PARSE_C
46 #define MBEDTLS_PK_WRITE_C
47 
48 #define MBEDTLS_PLATFORM_C
49 
50 #if TF_MBEDTLS_USE_ECDSA
51 #define MBEDTLS_ECDSA_C
52 #define MBEDTLS_ECP_C
53 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
54 #endif
55 #if TF_MBEDTLS_USE_RSA
56 #define MBEDTLS_RSA_C
57 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
58 #endif
59 
60 /* The library does not currently support enabling SHA-256 without SHA-224. */
61 #define MBEDTLS_SHA224_C
62 #define MBEDTLS_SHA256_C
63 
64 #if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256)
65 #define MBEDTLS_SHA384_C
66 #define MBEDTLS_SHA512_C
67 #endif
68 
69 #define MBEDTLS_VERSION_C
70 
71 #define MBEDTLS_X509_USE_C
72 #define MBEDTLS_X509_CRT_PARSE_C
73 
74 #if TF_MBEDTLS_USE_AES_GCM
75 #define MBEDTLS_AES_C
76 #define MBEDTLS_CIPHER_C
77 #define MBEDTLS_GCM_C
78 #endif
79 
80 /* MPI / BIGNUM options */
81 #define MBEDTLS_MPI_WINDOW_SIZE			2
82 
83 #if TF_MBEDTLS_USE_RSA
84 #if TF_MBEDTLS_KEY_SIZE <= 2048
85 #define MBEDTLS_MPI_MAX_SIZE			256
86 #else
87 #define MBEDTLS_MPI_MAX_SIZE			512
88 #endif
89 #else
90 #define MBEDTLS_MPI_MAX_SIZE			256
91 #endif
92 
93 /* Memory buffer allocator options */
94 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE		8
95 
96 /*
97  * Prevent the use of 128-bit division which
98  * creates dependency on external libraries.
99  */
100 #define MBEDTLS_NO_UDBL_DIVISION
101 
102 #ifndef __ASSEMBLER__
103 /* System headers required to build mbed TLS with the current configuration */
104 #include <stdlib.h>
105 #endif
106 
107 /*
108  * Mbed TLS heap size is smal as we only use the asn1
109  * parsing functions
110  * digest, signature and crypto algorithm are done by
111  * other library.
112  */
113 
114 #define TF_MBEDTLS_HEAP_SIZE           U(5120)
115