quickjs-tart

tfm_mbedcrypto_config_profile_medium.h (18705B)

---

 /**
  * \file config.h
  *
  * \brief Configuration options (set of defines)
  *
  *  This set of compile-time options may be used to enable
  *  or disable features selectively, and reduce the global
  *  memory footprint.
  */
 /*
  *  Copyright (C) 2006-2023, ARM Limited, All Rights Reserved
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
  *  not use this file except in compliance with the License.
  *  You may obtain a copy of the License at
  *
  *  http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *
  *  This file is part of mbed TLS (https://tls.mbed.org)
  */
 
 #ifndef PROFILE_M_MBEDTLS_CONFIG_H
 #define PROFILE_M_MBEDTLS_CONFIG_H
 
 #include "config_tfm.h"
 
 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
 #define _CRT_SECURE_NO_DEPRECATE 1
 #endif
 
 /**
  * \name SECTION: System support
  *
  * This section sets system specific settings.
  * \{
  */
 
 /**
  * \def MBEDTLS_HAVE_ASM
  *
  * The compiler has support for asm().
  *
  * Requires support for asm() in compiler.
  *
  * Used in:
  *      library/aria.c
  *      library/timing.c
  *      include/mbedtls/bn_mul.h
  *
  * Required by:
  *      MBEDTLS_AESNI_C
  *      MBEDTLS_PADLOCK_C
  *
  * Comment to disable the use of assembly code.
  */
 #define MBEDTLS_HAVE_ASM
 
 /**
  * \def MBEDTLS_PLATFORM_MEMORY
  *
  * Enable the memory allocation layer.
  *
  * By default mbed TLS uses the system-provided calloc() and free().
  * This allows different allocators (self-implemented or provided) to be
  * provided to the platform abstraction layer.
  *
  * Enabling MBEDTLS_PLATFORM_MEMORY without the
  * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
  * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
  * free() function pointer at runtime.
  *
  * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
  * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
  * alternate function at compile time.
  *
  * Requires: MBEDTLS_PLATFORM_C
  *
  * Enable this layer to allow use of alternative memory allocators.
  */
 #define MBEDTLS_PLATFORM_MEMORY
 
 /* \} name SECTION: System support */
 
 /**
  * \name SECTION: mbed TLS feature support
  *
  * This section sets support for features that are or are not needed
  * within the modules that are enabled.
  * \{
  */
 
 /**
  * \def MBEDTLS_AES_ROM_TABLES
  *
  * Use precomputed AES tables stored in ROM.
  *
  * Uncomment this macro to use precomputed AES tables stored in ROM.
  * Comment this macro to generate AES tables in RAM at runtime.
  *
  * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
  * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
  * initialization time before the first AES operation can be performed.
  * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
  * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
  * performance if ROM access is slower than RAM access.
  *
  * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
  *
  */
 #define MBEDTLS_AES_ROM_TABLES
 
 /**
  * \def MBEDTLS_AES_FEWER_TABLES
  *
  * Use less ROM/RAM for AES tables.
  *
  * Uncommenting this macro omits 75% of the AES tables from
  * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
  * by computing their values on the fly during operations
  * (the tables are entry-wise rotations of one another).
  *
  * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
  * by ~6kb but at the cost of more arithmetic operations during
  * runtime. Specifically, one has to compare 4 accesses within
  * different tables to 4 accesses with additional arithmetic
  * operations within the same table. The performance gain/loss
  * depends on the system and memory details.
  *
  * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
  *
  */
 #define MBEDTLS_AES_FEWER_TABLES
 
 /**
  * \def MBEDTLS_ECP_NIST_OPTIM
  *
  * Enable specific 'modulo p' routines for each NIST prime.
  * Depending on the prime and architecture, makes operations 4 to 8 times
  * faster on the corresponding curve.
  *
  * Comment this macro to disable NIST curves optimisation.
  */
 #define MBEDTLS_ECP_NIST_OPTIM
 
 /**
  * \def MBEDTLS_NO_PLATFORM_ENTROPY
  *
  * Do not use built-in platform entropy functions.
  * This is useful if your platform does not support
  * standards like the /dev/urandom or Windows CryptoAPI.
  *
  * Uncomment this macro to disable the built-in platform entropy functions.
  */
 #define MBEDTLS_NO_PLATFORM_ENTROPY
 
 /**
  * \def MBEDTLS_ENTROPY_NV_SEED
  *
  * Enable the non-volatile (NV) seed file-based entropy source.
  * (Also enables the NV seed read/write functions in the platform layer)
  *
  * This is crucial (if not required) on systems that do not have a
  * cryptographic entropy source (in hardware or kernel) available.
  *
  * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
  *
  * \note The read/write functions that are used by the entropy source are
  *       determined in the platform layer, and can be modified at runtime and/or
  *       compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
  *
  * \note If you use the default implementation functions that read a seedfile
  *       with regular fopen(), please make sure you make a seedfile with the
  *       proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
  *       least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
  *       and written to or you will get an entropy source error! The default
  *       implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
  *       bytes from the file.
  *
  * \note The entropy collector will write to the seed file before entropy is
  *       given to an external source, to update it.
  */
 #define MBEDTLS_ENTROPY_NV_SEED
 
 /**
  * \def MBEDTLS_PSA_CRYPTO_SPM
  *
  * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
  * Partition Manager) integration which separates the code into two parts: a
  * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
  * Environment).
  *
  * Module:  library/psa_crypto.c
  * Requires: MBEDTLS_PSA_CRYPTO_C
  *
  */
 #define MBEDTLS_PSA_CRYPTO_SPM
 
 /**
  * \def MBEDTLS_SHA256_SMALLER
  *
  * Enable an implementation of SHA-256 that has lower ROM footprint but also
  * lower performance.
  *
  * The default implementation is meant to be a reasonnable compromise between
  * performance and size. This version optimizes more aggressively for size at
  * the expense of performance. Eg on Cortex-M4 it reduces the size of
  * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
  * 30%.
  *
  * Uncomment to enable the smaller implementation of SHA256.
  */
 #define MBEDTLS_SHA256_SMALLER
 
 /**
  * \def MBEDTLS_PSA_CRYPTO_CONFIG
  *
  * This setting allows support for cryptographic mechanisms through the PSA
  * API to be configured separately from support through the mbedtls API.
  *
  * When this option is disabled, the PSA API exposes the cryptographic
  * mechanisms that can be implemented on top of the `mbedtls_xxx` API
  * configured with `MBEDTLS_XXX` symbols.
  *
  * When this option is enabled, the PSA API exposes the cryptographic
  * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
  * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
  * automatically enabled if required (i.e. if no PSA driver provides the
  * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
  * in mbedtls_config.h.
  *
  * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
  * an alternative header to include instead of include/psa/crypto_config.h.
  *
  * This feature is still experimental and is not ready for production since
  * it is not completed.
  */
 #define MBEDTLS_PSA_CRYPTO_CONFIG
 
 /* \} name SECTION: mbed TLS feature support */
 
 /**
  * \name SECTION: mbed TLS modules
  *
  * This section enables or disables entire modules in mbed TLS
  * \{
  */
 
 /**
  * \def MBEDTLS_AES_C
  *
  * Enable the AES block cipher.
  *
  * Module:  library/aes.c
  * Caller:  library/cipher.c
  *          library/pem.c
  *          library/ctr_drbg.c
  *
  * This module is required to support the TLS ciphersuites that use the AES
  * cipher.
  *
  * PEM_PARSE uses AES for decrypting encrypted keys.
  */
 #define MBEDTLS_AES_C
 
 /**
  * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
  *
  * Use only 128-bit keys in AES operations to save ROM.
  *
  * Uncomment this macro to remove support for AES operations that use 192-
  * or 256-bit keys.
  *
  * Uncommenting this macro reduces the size of AES code by ~300 bytes
  * on v8-M/Thumb2.
  *
  * Module:  library/aes.c
  *
  * Requires: MBEDTLS_AES_C
  */
 #define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 
 /**
  * \def MBEDTLS_CIPHER_C
  *
  * Enable the generic cipher layer.
  *
  * Module:  library/cipher.c
  *
  * Uncomment to enable generic cipher wrappers.
  */
 #define MBEDTLS_CIPHER_C
 
 /**
  * \def MBEDTLS_CTR_DRBG_C
  *
  * Enable the CTR_DRBG AES-based random generator.
  * The CTR_DRBG generator uses AES-256 by default.
  * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
  *
  * Module:  library/ctr_drbg.c
  * Caller:
  *
  * Requires: MBEDTLS_AES_C
  *
  * This module provides the CTR_DRBG AES random number generator.
  */
 #define MBEDTLS_CTR_DRBG_C
 
 /**
  * \def MBEDTLS_ENTROPY_C
  *
  * Enable the platform-specific entropy code.
  *
  * Module:  library/entropy.c
  * Caller:
  *
  * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
  *
  * This module provides a generic entropy pool
  */
 #define MBEDTLS_ENTROPY_C
 
 /**
  * \def MBEDTLS_HKDF_C
  *
  * Enable the HKDF algorithm (RFC 5869).
  *
  * Module:  library/hkdf.c
  * Caller:
  *
  * Requires: MBEDTLS_MD_C
  *
  * This module adds support for the Hashed Message Authentication Code
  * (HMAC)-based key derivation function (HKDF).
  */
 //#define MBEDTLS_HKDF_C /* Used for HUK deriviation */
 
 /**
  * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
  *
  * Enable the buffer allocator implementation that makes use of a (stack)
  * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
  * calls)
  *
  * Module:  library/memory_buffer_alloc.c
  *
  * Requires: MBEDTLS_PLATFORM_C
  *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
  *
  * Enable this module to enable the buffer memory allocator.
  */
 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C
 
 /**
  * \def MBEDTLS_PLATFORM_C
  *
  * Enable the platform abstraction layer that allows you to re-assign
  * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
  *
  * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
  * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
  * above to be specified at runtime or compile time respectively.
  *
  * \note This abstraction layer must be enabled on Windows (including MSYS2)
  * as other module rely on it for a fixed snprintf implementation.
  *
  * Module:  library/platform.c
  * Caller:  Most other .c files
  *
  * This module enables abstraction of common (libc) functions.
  */
 #define MBEDTLS_PLATFORM_C
 
 #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
 #define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h>
 
 #include <stdio.h>
 
 #define MBEDTLS_PLATFORM_SNPRINTF_MACRO      snprintf
 #define MBEDTLS_PLATFORM_PRINTF_ALT
 #define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS  EXIT_SUCCESS
 #define MBEDTLS_PLATFORM_STD_EXIT_FAILURE  EXIT_FAILURE
 
 /**
  * \def MBEDTLS_PSA_CRYPTO_C
  *
  * Enable the Platform Security Architecture cryptography API.
  *
  * Module:  library/psa_crypto.c
  *
  * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
  *
  */
 #define MBEDTLS_PSA_CRYPTO_C
 
 /**
  * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
  *
  * Enable the Platform Security Architecture persistent key storage.
  *
  * Module:  library/psa_crypto_storage.c
  *
  * Requires: MBEDTLS_PSA_CRYPTO_C,
  *           either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
  *           the PSA ITS interface
  */
 #define MBEDTLS_PSA_CRYPTO_STORAGE_C
 
 /* \} name SECTION: mbed TLS modules */
 
 /**
  * \name SECTION: General configuration options
  *
  * This section contains Mbed TLS build settings that are not associated
  * with a particular module.
  *
  * \{
  */
 
 /**
  * \def MBEDTLS_CONFIG_FILE
  *
  * If defined, this is a header which will be included instead of
  * `"mbedtls/mbedtls_config.h"`.
  * This header file specifies the compile-time configuration of Mbed TLS.
  * Unlike other configuration options, this one must be defined on the
  * compiler command line: a definition in `mbedtls_config.h` would have
  * no effect.
  *
  * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
  * non-standard feature of the C language, so this feature is only available
  * with compilers that perform macro expansion on an <tt>\#include</tt> line.
  *
  * The value of this symbol is typically a path in double quotes, either
  * absolute or relative to a directory on the include search path.
  */
 //#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h"
 
 /**
  * \def MBEDTLS_USER_CONFIG_FILE
  *
  * If defined, this is a header which will be included after
  * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE.
  * This allows you to modify the default configuration, including the ability
  * to undefine options that are enabled by default.
  *
  * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
  * non-standard feature of the C language, so this feature is only available
  * with compilers that perform macro expansion on an <tt>\#include</tt> line.
  *
  * The value of this symbol is typically a path in double quotes, either
  * absolute or relative to a directory on the include search path.
  */
 //#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
 
 /**
  * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
  *
  * If defined, this is a header which will be included instead of
  * `"psa/crypto_config.h"`.
  * This header file specifies which cryptographic mechanisms are available
  * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
  * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
  *
  * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
  * non-standard feature of the C language, so this feature is only available
  * with compilers that perform macro expansion on an <tt>\#include</tt> line.
  *
  * The value of this symbol is typically a path in double quotes, either
  * absolute or relative to a directory on the include search path.
  */
 //#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
 
 /**
  * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
  *
  * If defined, this is a header which will be included after
  * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
  * This allows you to modify the default configuration, including the ability
  * to undefine options that are enabled by default.
  *
  * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
  * non-standard feature of the C language, so this feature is only available
  * with compilers that perform macro expansion on an <tt>\#include</tt> line.
  *
  * The value of this symbol is typically a path in double quotes, either
  * absolute or relative to a directory on the include search path.
  */
 //#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
 
 /** \} name SECTION: General configuration options */
 
 /**
  * \name SECTION: Module configuration options
  *
  * This section allows for the setting of module specific sizes and
  * configuration options. The default values are already present in the
  * relevant header files and should suffice for the regular use cases.
  *
  * Our advice is to enable options and change their values here
  * only if you have a good reason and know the consequences.
  *
  * Please check the respective header file for documentation on these
  * parameters (to prevent duplicate documentation).
  * \{
  */
 
 /* ECP options */
 #define MBEDTLS_ECP_FIXED_POINT_OPTIM        0 /**< Disable fixed-point speed-up */
 
 /**
  * Uncomment to enable p256-m. This is an alternative implementation of
  * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1.
  * Compared to the default implementation:
  *
  * - p256-m has a much smaller code size and RAM footprint.
  * - p256-m is only available via the PSA API. This includes the pk module
  *   when #MBEDTLS_USE_PSA_CRYPTO is enabled.
  * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols
  *   over the core arithmetic, or deterministic derivation of keys.
  *
  * We recommend enabling this option if your application uses the PSA API
  * and the only elliptic curve support it needs is ECDH and ECDSA over
  * SECP256R1.
  *
  * If you enable this option, you do not need to enable any ECC-related
  * MBEDTLS_xxx option. You do need to separately request support for the
  * cryptographic mechanisms through the PSA API:
  * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based
  *   configuration;
  * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS;
  * - #PSA_WANT_ECC_SECP_R1_256;
  * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed;
  * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC,
  *   #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT,
  *   #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or
  *   #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed.
  *
  * \note To benefit from the smaller code size of p256-m, make sure that you
  *       do not enable any ECC-related option not supported by p256-m: this
  *       would cause the built-in ECC implementation to be built as well, in
  *       order to provide the required option.
  *       Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and
  *       #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than
  *       SECP256R1 are disabled as they are not supported by this driver.
  *       Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or
  *       #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of
  *       the built-in ECC implementation, see docs/driver-only-builds.md.
  */
 #define MBEDTLS_PSA_P256M_DRIVER_ENABLED
 
 /* \} name SECTION: Customisation configuration options */
 
 #if CRYPTO_NV_SEED
 #include "tfm_mbedcrypto_config_extra_nv_seed.h"
 #endif /* CRYPTO_NV_SEED */
 
 #if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED)
 #include "mbedtls_entropy_nv_seed_config.h"
 #endif
 
 #ifdef CRYPTO_HW_ACCELERATOR
 #include "mbedtls_accelerator_config.h"
 #endif
 
 #endif /* PROFILE_M_MBEDTLS_CONFIG_H */