Mbed TLS v3.5.0
crypto_config.h
Go to the documentation of this file.
1
6#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
25#else
32#endif
33/*
34 * Copyright The Mbed TLS Contributors
35 * SPDX-License-Identifier: Apache-2.0
36 *
37 * Licensed under the Apache License, Version 2.0 (the "License"); you may
38 * not use this file except in compliance with the License.
39 * You may obtain a copy of the License at
40 *
41 * http://www.apache.org/licenses/LICENSE-2.0
42 *
43 * Unless required by applicable law or agreed to in writing, software
44 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
45 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
46 * See the License for the specific language governing permissions and
47 * limitations under the License.
48 */
49
50#ifndef PSA_CRYPTO_CONFIG_H
51#define PSA_CRYPTO_CONFIG_H
52
53/*
54 * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
55 */
56//#define PSA_WANT_ALG_CBC_MAC 1
57#define PSA_WANT_ALG_CBC_NO_PADDING 1
58#define PSA_WANT_ALG_CBC_PKCS7 1
59#define PSA_WANT_ALG_CCM 1
60#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
61#define PSA_WANT_ALG_CMAC 1
62#define PSA_WANT_ALG_CFB 1
63#define PSA_WANT_ALG_CHACHA20_POLY1305 1
64#define PSA_WANT_ALG_CTR 1
65#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
66#define PSA_WANT_ALG_ECB_NO_PADDING 1
67#define PSA_WANT_ALG_ECDH 1
68#define PSA_WANT_ALG_FFDH 1
69#define PSA_WANT_ALG_ECDSA 1
70#define PSA_WANT_ALG_JPAKE 1
71#define PSA_WANT_ALG_GCM 1
72#define PSA_WANT_ALG_HKDF 1
73#define PSA_WANT_ALG_HKDF_EXTRACT 1
74#define PSA_WANT_ALG_HKDF_EXPAND 1
75#define PSA_WANT_ALG_HMAC 1
76#define PSA_WANT_ALG_MD5 1
77#define PSA_WANT_ALG_OFB 1
78#define PSA_WANT_ALG_PBKDF2_HMAC 1
79#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1
80#define PSA_WANT_ALG_RIPEMD160 1
81#define PSA_WANT_ALG_RSA_OAEP 1
82#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
83#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
84#define PSA_WANT_ALG_RSA_PSS 1
85#define PSA_WANT_ALG_SHA_1 1
86#define PSA_WANT_ALG_SHA_224 1
87#define PSA_WANT_ALG_SHA_256 1
88#define PSA_WANT_ALG_SHA_384 1
89#define PSA_WANT_ALG_SHA_512 1
90#define PSA_WANT_ALG_SHA3_224 1
91#define PSA_WANT_ALG_SHA3_256 1
92#define PSA_WANT_ALG_SHA3_384 1
93#define PSA_WANT_ALG_SHA3_512 1
94#define PSA_WANT_ALG_STREAM_CIPHER 1
95#define PSA_WANT_ALG_TLS12_PRF 1
96#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
97#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
98
99/* XTS is not yet supported via the PSA API in Mbed TLS.
100 * Note: when adding support, also adjust include/mbedtls/config_psa.h */
101//#define PSA_WANT_ALG_XTS 1
102
103#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
104#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
105#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
106#define PSA_WANT_ECC_MONTGOMERY_255 1
107#define PSA_WANT_ECC_MONTGOMERY_448 1
108#define PSA_WANT_ECC_SECP_K1_192 1
109/*
110 * SECP224K1 is buggy via the PSA API in Mbed TLS
111 * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
112 * default.
113 */
114//#define PSA_WANT_ECC_SECP_K1_224 1
115#define PSA_WANT_ECC_SECP_K1_256 1
116#define PSA_WANT_ECC_SECP_R1_192 1
117#define PSA_WANT_ECC_SECP_R1_224 1
118/* For secp256r1, consider enabling #MBEDTLS_PSA_P256M_DRIVER_ENABLED
119 * (see the description in mbedtls/mbedtls_config.h for details). */
120#define PSA_WANT_ECC_SECP_R1_256 1
121#define PSA_WANT_ECC_SECP_R1_384 1
122#define PSA_WANT_ECC_SECP_R1_521 1
123
124#define PSA_WANT_KEY_TYPE_DERIVE 1
125#define PSA_WANT_KEY_TYPE_PASSWORD 1
126#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
127#define PSA_WANT_KEY_TYPE_HMAC 1
128#define PSA_WANT_KEY_TYPE_AES 1
129#define PSA_WANT_KEY_TYPE_ARIA 1
130#define PSA_WANT_KEY_TYPE_CAMELLIA 1
131#define PSA_WANT_KEY_TYPE_CHACHA20 1
132#define PSA_WANT_KEY_TYPE_DES 1
133//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */
134#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
135#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
136#define PSA_WANT_KEY_TYPE_RAW_DATA 1
137//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */
138#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
139
140/*
141 * The following symbols extend and deprecate the legacy
142 * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in
143 * the name's suffix. "_USE" is the most generic and it can be used to describe
144 * a generic suport, whereas other ones add more features on top of that and
145 * they are more specific.
146 */
147#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
148#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
149#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
150#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
151#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
152
153#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
154#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
155#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
156#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
157//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */
158
159#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
160#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
161#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
162#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
163//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 /* Not supported */
164
165#endif /* PSA_CRYPTO_CONFIG_H */