include/psa/crypto_config.h

0001 /**
0002  * \file psa/crypto_config.h
0003  * \brief PSA crypto configuration options (set of defines)
0004  *
0005  */
0006 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
0007 /**
0008  * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
0009  * this file determines which cryptographic mechanisms are enabled
0010  * through the PSA Cryptography API (\c psa_xxx() functions).
0011  *
0012  * To enable a cryptographic mechanism, uncomment the definition of
0013  * the corresponding \c PSA_WANT_xxx preprocessor symbol.
0014  * To disable a cryptographic mechanism, comment out the definition of
0015  * the corresponding \c PSA_WANT_xxx preprocessor symbol.
0016  * The names of cryptographic mechanisms correspond to values
0017  * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead
0018  * of \c PSA_.
0019  *
0020  * Note that many cryptographic mechanisms involve two symbols: one for
0021  * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm
0022  * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve
0023  * additional symbols.
0024  */
0025 #else
0026 /**
0027  * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h,
0028  * this file is not used, and cryptographic mechanisms are supported
0029  * through the PSA API if and only if they are supported through the
0030  * mbedtls_xxx API.
0031  */
0032 #endif
0033 /*
0034  *  Copyright The Mbed TLS Contributors
0035  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
0036  */
0037
0038 #ifndef PSA_CRYPTO_CONFIG_H
0039 #define PSA_CRYPTO_CONFIG_H
0040
0041 /*
0042  * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
0043  */
0044 //#define PSA_WANT_ALG_CBC_MAC                    1
0045 #define PSA_WANT_ALG_CBC_NO_PADDING             1
0046 #define PSA_WANT_ALG_CBC_PKCS7                  1
0047 #define PSA_WANT_ALG_CCM                        1
0048 #define PSA_WANT_ALG_CCM_STAR_NO_TAG            1
0049 #define PSA_WANT_ALG_CMAC                       1
0050 #define PSA_WANT_ALG_CFB                        1
0051 #define PSA_WANT_ALG_CHACHA20_POLY1305          1
0052 #define PSA_WANT_ALG_CTR                        1
0053 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA        1
0054 #define PSA_WANT_ALG_ECB_NO_PADDING             1
0055 #define PSA_WANT_ALG_ECDH                       1
0056 #define PSA_WANT_ALG_FFDH                       1
0057 #define PSA_WANT_ALG_ECDSA                      1
0058 #define PSA_WANT_ALG_JPAKE                      1
0059 #define PSA_WANT_ALG_GCM                        1
0060 #define PSA_WANT_ALG_HKDF                       1
0061 #define PSA_WANT_ALG_HKDF_EXTRACT               1
0062 #define PSA_WANT_ALG_HKDF_EXPAND                1
0063 #define PSA_WANT_ALG_HMAC                       1
0064 #define PSA_WANT_ALG_MD5                        1
0065 #define PSA_WANT_ALG_OFB                        1
0066 #define PSA_WANT_ALG_PBKDF2_HMAC                1
0067 #define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128    1
0068 #define PSA_WANT_ALG_RIPEMD160                  1
0069 #define PSA_WANT_ALG_RSA_OAEP                   1
0070 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT         1
0071 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN          1
0072 #define PSA_WANT_ALG_RSA_PSS                    1
0073 #define PSA_WANT_ALG_SHA_1                      1
0074 #define PSA_WANT_ALG_SHA_224                    1
0075 #define PSA_WANT_ALG_SHA_256                    1
0076 #define PSA_WANT_ALG_SHA_384                    1
0077 #define PSA_WANT_ALG_SHA_512                    1
0078 #define PSA_WANT_ALG_SHA3_224                   1
0079 #define PSA_WANT_ALG_SHA3_256                   1
0080 #define PSA_WANT_ALG_SHA3_384                   1
0081 #define PSA_WANT_ALG_SHA3_512                   1
0082 #define PSA_WANT_ALG_STREAM_CIPHER              1
0083 #define PSA_WANT_ALG_TLS12_PRF                  1
0084 #define PSA_WANT_ALG_TLS12_PSK_TO_MS            1
0085 #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS       1
0086
0087 /* XTS is not yet supported via the PSA API in Mbed TLS.
0088  * Note: when adding support, also adjust include/mbedtls/config_psa.h */
0089 //#define PSA_WANT_ALG_XTS                        1
0090
0091 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256         1
0092 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384         1
0093 #define PSA_WANT_ECC_BRAINPOOL_P_R1_512         1
0094 #define PSA_WANT_ECC_MONTGOMERY_255             1
0095 #define PSA_WANT_ECC_MONTGOMERY_448             1
0096 #define PSA_WANT_ECC_SECP_K1_192                1
0097 /*
0098  * SECP224K1 is buggy via the PSA API in Mbed TLS
0099  * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
0100  * default.
0101  */
0102 //#define PSA_WANT_ECC_SECP_K1_224                1
0103 #define PSA_WANT_ECC_SECP_K1_256                1
0104 #define PSA_WANT_ECC_SECP_R1_192                1
0105 #define PSA_WANT_ECC_SECP_R1_224                1
0106 /* For secp256r1, consider enabling #MBEDTLS_PSA_P256M_DRIVER_ENABLED
0107  * (see the description in mbedtls/mbedtls_config.h for details). */
0108 #define PSA_WANT_ECC_SECP_R1_256                1
0109 #define PSA_WANT_ECC_SECP_R1_384                1
0110 #define PSA_WANT_ECC_SECP_R1_521                1
0111
0112 #define PSA_WANT_DH_RFC7919_2048                1
0113 #define PSA_WANT_DH_RFC7919_3072                1
0114 #define PSA_WANT_DH_RFC7919_4096                1
0115 #define PSA_WANT_DH_RFC7919_6144                1
0116 #define PSA_WANT_DH_RFC7919_8192                1
0117
0118 #define PSA_WANT_KEY_TYPE_DERIVE                1
0119 #define PSA_WANT_KEY_TYPE_PASSWORD              1
0120 #define PSA_WANT_KEY_TYPE_PASSWORD_HASH         1
0121 #define PSA_WANT_KEY_TYPE_HMAC                  1
0122 #define PSA_WANT_KEY_TYPE_AES                   1
0123 #define PSA_WANT_KEY_TYPE_ARIA                  1
0124 #define PSA_WANT_KEY_TYPE_CAMELLIA              1
0125 #define PSA_WANT_KEY_TYPE_CHACHA20              1
0126 #define PSA_WANT_KEY_TYPE_DES                   1
0127 //#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR          1 /* Deprecated */
0128 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY        1
0129 #define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY         1
0130 #define PSA_WANT_KEY_TYPE_RAW_DATA              1
0131 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR          1 /* Deprecated */
0132 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY        1
0133
0134 /*
0135  * The following symbols extend and deprecate the legacy
0136  * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in
0137  * the name's suffix. "_USE" is the most generic and it can be used to describe
0138  * a generic suport, whereas other ones add more features on top of that and
0139  * they are more specific.
0140  */
0141 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC      1
0142 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT   1
0143 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT   1
0144 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
0145 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE   1
0146
0147 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC      1
0148 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT   1
0149 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT   1
0150 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
0151 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE   1 /* Not supported */
0152
0153 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC       1
0154 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT    1
0155 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT    1
0156 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE  1
0157 //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE    1 /* Not supported */
0158
0159 #endif /* PSA_CRYPTO_CONFIG_H */