Mbed TLS v3.6.1
crypto_config.h
Go to the documentation of this file.
1 
6 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
25 #else
32 #endif
33 /*
34  * Copyright The Mbed TLS Contributors
35  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
36  */
37 
38 #ifndef PSA_CRYPTO_CONFIG_H
39 #define PSA_CRYPTO_CONFIG_H
40 
41 /*
42  * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
43  */
44 //#define PSA_WANT_ALG_CBC_MAC 1
45 #define PSA_WANT_ALG_CBC_NO_PADDING 1
46 #define PSA_WANT_ALG_CBC_PKCS7 1
47 #define PSA_WANT_ALG_CCM 1
48 #define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
49 #define PSA_WANT_ALG_CMAC 1
50 #define PSA_WANT_ALG_CFB 1
51 #define PSA_WANT_ALG_CHACHA20_POLY1305 1
52 #define PSA_WANT_ALG_CTR 1
53 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
54 #define PSA_WANT_ALG_ECB_NO_PADDING 1
55 #define PSA_WANT_ALG_ECDH 1
56 #define PSA_WANT_ALG_FFDH 1
57 #define PSA_WANT_ALG_ECDSA 1
58 #define PSA_WANT_ALG_JPAKE 1
59 #define PSA_WANT_ALG_GCM 1
60 #define PSA_WANT_ALG_HKDF 1
61 #define PSA_WANT_ALG_HKDF_EXTRACT 1
62 #define PSA_WANT_ALG_HKDF_EXPAND 1
63 #define PSA_WANT_ALG_HMAC 1
64 #define PSA_WANT_ALG_MD5 1
65 #define PSA_WANT_ALG_OFB 1
66 #define PSA_WANT_ALG_PBKDF2_HMAC 1
67 #define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1
68 #define PSA_WANT_ALG_RIPEMD160 1
69 #define PSA_WANT_ALG_RSA_OAEP 1
70 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
71 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
72 #define PSA_WANT_ALG_RSA_PSS 1
73 #define PSA_WANT_ALG_SHA_1 1
74 #define PSA_WANT_ALG_SHA_224 1
75 #define PSA_WANT_ALG_SHA_256 1
76 #define PSA_WANT_ALG_SHA_384 1
77 #define PSA_WANT_ALG_SHA_512 1
78 #define PSA_WANT_ALG_SHA3_224 1
79 #define PSA_WANT_ALG_SHA3_256 1
80 #define PSA_WANT_ALG_SHA3_384 1
81 #define PSA_WANT_ALG_SHA3_512 1
82 #define PSA_WANT_ALG_STREAM_CIPHER 1
83 #define PSA_WANT_ALG_TLS12_PRF 1
84 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
85 #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
86 
87 /* XTS is not yet supported via the PSA API in Mbed TLS.
88  * Note: when adding support, also adjust include/mbedtls/config_psa.h */
89 //#define PSA_WANT_ALG_XTS 1
90 
91 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
92 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
93 #define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
94 #define PSA_WANT_ECC_MONTGOMERY_255 1
95 #define PSA_WANT_ECC_MONTGOMERY_448 1
96 #define PSA_WANT_ECC_SECP_K1_192 1
97 /*
98  * SECP224K1 is buggy via the PSA API in Mbed TLS
99  * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
100  * default.
101  */
102 //#define PSA_WANT_ECC_SECP_K1_224 1
103 #define PSA_WANT_ECC_SECP_K1_256 1
104 #define PSA_WANT_ECC_SECP_R1_192 1
105 #define PSA_WANT_ECC_SECP_R1_224 1
106 /* For secp256r1, consider enabling #MBEDTLS_PSA_P256M_DRIVER_ENABLED
107  * (see the description in mbedtls/mbedtls_config.h for details). */
108 #define PSA_WANT_ECC_SECP_R1_256 1
109 #define PSA_WANT_ECC_SECP_R1_384 1
110 #define PSA_WANT_ECC_SECP_R1_521 1
111 
112 #define PSA_WANT_DH_RFC7919_2048 1
113 #define PSA_WANT_DH_RFC7919_3072 1
114 #define PSA_WANT_DH_RFC7919_4096 1
115 #define PSA_WANT_DH_RFC7919_6144 1
116 #define PSA_WANT_DH_RFC7919_8192 1
117 
118 #define PSA_WANT_KEY_TYPE_DERIVE 1
119 #define PSA_WANT_KEY_TYPE_PASSWORD 1
120 #define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
121 #define PSA_WANT_KEY_TYPE_HMAC 1
122 #define PSA_WANT_KEY_TYPE_AES 1
123 #define PSA_WANT_KEY_TYPE_ARIA 1
124 #define PSA_WANT_KEY_TYPE_CAMELLIA 1
125 #define PSA_WANT_KEY_TYPE_CHACHA20 1
126 #define PSA_WANT_KEY_TYPE_DES 1
127 //#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */
128 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
129 #define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
130 #define PSA_WANT_KEY_TYPE_RAW_DATA 1
131 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */
132 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
133 
134 /*
135  * The following symbols extend and deprecate the legacy
136  * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in
137  * the name's suffix. "_USE" is the most generic and it can be used to describe
138  * a generic suport, whereas other ones add more features on top of that and
139  * they are more specific.
140  */
141 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
142 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
143 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
144 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
145 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
146 
147 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
148 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
149 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
150 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
151 //#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */
152 
153 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
154 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
155 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
156 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
157 //#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 /* Not supported */
158 
159 #endif /* PSA_CRYPTO_CONFIG_H */