Blame - library/legacy_or_psa.h - mirror/mbed-tls

blob: be0f33f82e537cf10a98b23edf4b063fa367433d [file] [log] [blame]

Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	1	/**
				2	* Internal macros to express dependencies for code and tests
				3	* that may use either the legacy API or PSA in various builds.
				4	*
				5	* Copyright The Mbed TLS Contributors
				6	* SPDX-License-Identifier: Apache-2.0
				7	*
				8	* Licensed under the Apache License, Version 2.0 (the "License"); you may
				9	* not use this file except in compliance with the License.
				10	* You may obtain a copy of the License at
				11	*
				12	* http://www.apache.org/licenses/LICENSE-2.0
				13	*
				14	* Unless required by applicable law or agreed to in writing, software
				15	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				16	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				17	* See the License for the specific language governing permissions and
				18	* limitations under the License.
				19	*/
				20
				21	/*
				22	* These macros are for code that wants to use <crypto feature> and will do so
				23	* using <legacy API> or PSA depending on <condition>, where:
				24	* - <crypto feature> will generally be an algorithm (SHA-256, ECDH) but may
				25	* also be a key type (AES, RSA, EC) or domain parameters (elliptic curve);
				26	* - <legacy API> will be either:
				27	* - low-level module API (aes.h, sha256.h), or
				28	* - an abstraction layer (md.h, cipher.h);
				29	* - <condition> will be either:
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	30	* - depending on what's available in the build:
				31	* legacy API used if available, PSA otherwise
				32	* (this is done to ensure backwards compatibility); or
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	33	* - depending on whether MBEDTLS_USE_PSA_CRYPTO is defined.
				34	*
				35	* Examples:
				36	* - TLS 1.2 will compute hashes using either mbedtls_md_xxx() (and
				37	* mbedtls_sha256_xxx()) or psa_aead_xxx() depending on whether
				38	* MBEDTLS_USE_PSA_CRYPTO is defined;
				39	* - RSA PKCS#1 v2.1 will, in the near future*, compute hashes (for padding)
				40	* using either `mbedtls_md()` if it's available, or `psa_hash_compute()`
				41	* otherwise;
				42	* - PEM decoding of PEM-encrypted keys will, in the near future*, compute MD5
				43	* hashes using either `mbedtls_md5_xxx()` if it's available, or
				44	* `psa_hash_xxx()` otherwise.
				45	* *See docs/architecture/psa-migration/strategy.md, section "Supporting
				46	* builds with drivers without the software implementation", strategy for step
				47	* 1 (libmbedcrypto except the RNG subsystem).
				48	*
				49	* Note: the macros are essential to express test dependencies. Inside code,
				50	* we could instead just use the equivalent pre-processor condition, but
				51	* that's not possible in test dependencies where we need a single macro.
				52	* Hopefully, using these macros in code will also help with consistency.
				53	*
				54	* The naming scheme for these macros is:
				55	* MBEDTLS_HAS_feature_VIA_legacy_OR_PSA(_condition)
				56	* where:
				57	* - feature is expressed the same way as in PSA_WANT macros, for example:
				58	* KEY_TYPE_AES, ALG_SHA_256, ECC_SECP_R1_256;
				59	* - legacy is either LOWLEVEL or the name of the layer: MD, CIPHER;
Manuel Pégourié-Gonnard	68429fc	2022-07-27 20:37:12 +0200	[diff] [blame]	60	* - condition is omitted if it's based on availability, else it's
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	61	* BASED_ON_USE_PSA.
				62	*
				63	* Coming back to the examples above:
				64	* - TLS 1.2 will determine if it can use SHA-256 using
				65	* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				66	* for the purposes of negotiation, and in test dependencies;
				67	* - RSA PKCS#1 v2.1 tests that used SHA-256 will depend on
				68	* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
				69	* - PEM decoding code and its associated tests will depend on
				70	* MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
				71	*
				72	* Note: every time it's possible to use, say SHA-256, via the MD API, then
				73	* it's also possible to used it via the low-level API. So, code that wants to
				74	* use SHA-256 via both APIs only needs to depend on the MD macro. Also, it
				75	* just so happens that all the choosing which API to use based on
				76	* MBEDTLS_USE_PSA_CRYPTO (X.509, TLS 1.2/shared), always uses the abstraction
				77	* layer (sometimes in addition to the low-level API), so we don't need the
				78	* MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA_BASED_ON_USE_PSA macros.
				79	* (PK, while obeying MBEDTLS_USE_PSA_CRYPTO, doesn't compute hashes itself,
				80	* even less makes use of ciphers.)
				81	*
				82	* Note: the macros MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA are the minimal
				83	* condition for being able to use <feature> at all. As such, they should be
				84	* used for guarding data about <feature>, such as OIDs or size. For example,
				85	* OID values related to SHA-256 are only useful when SHA-256 can be used at
				86	* least in some way.
				87	*/
				88
				89	#ifndef MBEDTLS_OR_PSA_HELPERS_H
				90	#define MBEDTLS_OR_PSA_HELPERS_H
				91
				92	#include "common.h"
Przemek Stekiel	c410ccc	2022-08-18 10:51:31 +0200	[diff] [blame]	93	#if defined(MBEDTLS_PSA_CRYPTO_C)
				94	#include "psa/crypto.h"
				95	#endif /* MBEDTLS_PSA_CRYPTO_C */
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	96
				97	/*
				98	* Hashes
				99	*/
				100
				101	/* Hashes using low-level or PSA based on availability */
				102	#if defined(MBEDTLS_MD5_C) \|\| \
				103	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) )
				104	#define MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
				105	#endif
				106	#if defined(MBEDTLS_RIPEMD160_C) \|\| \
				107	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) )
				108	#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA
				109	#endif
				110	#if defined(MBEDTLS_SHA1_C) \|\| \
				111	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
				112	#define MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA
				113	#endif
				114	#if defined(MBEDTLS_SHA224_C) \|\| \
				115	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) )
				116	#define MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA
				117	#endif
				118	#if defined(MBEDTLS_SHA256_C) \|\| \
				119	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
				120	#define MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA
				121	#endif
				122	#if defined(MBEDTLS_SHA384_C) \|\| \
				123	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) )
				124	#define MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA
				125	#endif
				126	#if defined(MBEDTLS_SHA512_C) \|\| \
				127	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) )
				128	#define MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA
				129	#endif
				130
				131	/* Hashes using MD or PSA based on availability */
				132	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	133	( !defined(MBEDTLS_MD_C) && \
				134	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	135	#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
				136	#endif
				137	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	138	( !defined(MBEDTLS_MD_C) && \
				139	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	140	#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA
				141	#endif
				142	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	143	( !defined(MBEDTLS_MD_C) && \
				144	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	145	#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
				146	#endif
				147	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	148	( !defined(MBEDTLS_MD_C) && \
				149	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	150	#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA
				151	#endif
				152	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	153	( !defined(MBEDTLS_MD_C) && \
				154	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	155	#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
				156	#endif
				157	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	158	( !defined(MBEDTLS_MD_C) && \
				159	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	160	#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
				161	#endif
				162	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	163	( !defined(MBEDTLS_MD_C) && \
				164	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	165	#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA
				166	#endif
				167
				168	/* Hashes using MD or PSA based on MBEDTLS_USE_PSA_CRYPTO */
				169	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				170	defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) \|\| \
				171	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_MD5) )
				172	#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				173	#endif
				174	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				175	defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) \|\| \
				176	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_RIPEMD160) )
				177	#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				178	#endif
				179	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				180	defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) \|\| \
				181	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) )
				182	#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				183	#endif
				184	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				185	defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) \|\| \
				186	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) )
				187	#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				188	#endif
				189	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				190	defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) \|\| \
				191	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) )
				192	#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				193	#endif
				194	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				195	defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) \|\| \
				196	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) )
				197	#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				198	#endif
				199	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				200	defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) \|\| \
				201	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) )
				202	#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				203	#endif
				204
				205	#endif /* MBEDTLS_OR_PSA_HELPERS_H */