Blame - library/legacy_or_psa.h - mirror/mbed-tls

blob: 84fc20659177ec171646da65b0a8c1d500784359 [file] [log] [blame]

Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	1	/**
				2	* Internal macros to express dependencies for code and tests
				3	* that may use either the legacy API or PSA in various builds.
				4	*
				5	* Copyright The Mbed TLS Contributors
				6	* SPDX-License-Identifier: Apache-2.0
				7	*
				8	* Licensed under the Apache License, Version 2.0 (the "License"); you may
				9	* not use this file except in compliance with the License.
				10	* You may obtain a copy of the License at
				11	*
				12	* http://www.apache.org/licenses/LICENSE-2.0
				13	*
				14	* Unless required by applicable law or agreed to in writing, software
				15	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				16	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				17	* See the License for the specific language governing permissions and
				18	* limitations under the License.
				19	*/
				20
				21	/*
				22	* These macros are for code that wants to use <crypto feature> and will do so
				23	* using <legacy API> or PSA depending on <condition>, where:
				24	* - <crypto feature> will generally be an algorithm (SHA-256, ECDH) but may
				25	* also be a key type (AES, RSA, EC) or domain parameters (elliptic curve);
				26	* - <legacy API> will be either:
				27	* - low-level module API (aes.h, sha256.h), or
				28	* - an abstraction layer (md.h, cipher.h);
				29	* - <condition> will be either:
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	30	* - depending on what's available in the build:
				31	* legacy API used if available, PSA otherwise
				32	* (this is done to ensure backwards compatibility); or
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	33	* - depending on whether MBEDTLS_USE_PSA_CRYPTO is defined.
				34	*
				35	* Examples:
				36	* - TLS 1.2 will compute hashes using either mbedtls_md_xxx() (and
				37	* mbedtls_sha256_xxx()) or psa_aead_xxx() depending on whether
				38	* MBEDTLS_USE_PSA_CRYPTO is defined;
				39	* - RSA PKCS#1 v2.1 will, in the near future*, compute hashes (for padding)
				40	* using either `mbedtls_md()` if it's available, or `psa_hash_compute()`
				41	* otherwise;
				42	* - PEM decoding of PEM-encrypted keys will, in the near future*, compute MD5
				43	* hashes using either `mbedtls_md5_xxx()` if it's available, or
				44	* `psa_hash_xxx()` otherwise.
				45	* *See docs/architecture/psa-migration/strategy.md, section "Supporting
				46	* builds with drivers without the software implementation", strategy for step
				47	* 1 (libmbedcrypto except the RNG subsystem).
				48	*
				49	* Note: the macros are essential to express test dependencies. Inside code,
				50	* we could instead just use the equivalent pre-processor condition, but
				51	* that's not possible in test dependencies where we need a single macro.
				52	* Hopefully, using these macros in code will also help with consistency.
				53	*
				54	* The naming scheme for these macros is:
				55	* MBEDTLS_HAS_feature_VIA_legacy_OR_PSA(_condition)
				56	* where:
				57	* - feature is expressed the same way as in PSA_WANT macros, for example:
				58	* KEY_TYPE_AES, ALG_SHA_256, ECC_SECP_R1_256;
				59	* - legacy is either LOWLEVEL or the name of the layer: MD, CIPHER;
Manuel Pégourié-Gonnard	68429fc	2022-07-27 20:37:12 +0200	[diff] [blame]	60	* - condition is omitted if it's based on availability, else it's
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	61	* BASED_ON_USE_PSA.
				62	*
				63	* Coming back to the examples above:
				64	* - TLS 1.2 will determine if it can use SHA-256 using
				65	* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				66	* for the purposes of negotiation, and in test dependencies;
				67	* - RSA PKCS#1 v2.1 tests that used SHA-256 will depend on
				68	* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
				69	* - PEM decoding code and its associated tests will depend on
				70	* MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
				71	*
				72	* Note: every time it's possible to use, say SHA-256, via the MD API, then
				73	* it's also possible to used it via the low-level API. So, code that wants to
				74	* use SHA-256 via both APIs only needs to depend on the MD macro. Also, it
				75	* just so happens that all the choosing which API to use based on
				76	* MBEDTLS_USE_PSA_CRYPTO (X.509, TLS 1.2/shared), always uses the abstraction
				77	* layer (sometimes in addition to the low-level API), so we don't need the
				78	* MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA_BASED_ON_USE_PSA macros.
				79	* (PK, while obeying MBEDTLS_USE_PSA_CRYPTO, doesn't compute hashes itself,
				80	* even less makes use of ciphers.)
				81	*
				82	* Note: the macros MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA are the minimal
				83	* condition for being able to use <feature> at all. As such, they should be
				84	* used for guarding data about <feature>, such as OIDs or size. For example,
				85	* OID values related to SHA-256 are only useful when SHA-256 can be used at
				86	* least in some way.
				87	*/
				88
				89	#ifndef MBEDTLS_OR_PSA_HELPERS_H
				90	#define MBEDTLS_OR_PSA_HELPERS_H
				91
				92	#include "common.h"
				93
				94	/*
				95	* Hashes
				96	*/
				97
				98	/* Hashes using low-level or PSA based on availability */
				99	#if defined(MBEDTLS_MD5_C) \|\| \
				100	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) )
				101	#define MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
				102	#endif
				103	#if defined(MBEDTLS_RIPEMD160_C) \|\| \
				104	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) )
				105	#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA
				106	#endif
				107	#if defined(MBEDTLS_SHA1_C) \|\| \
				108	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
				109	#define MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA
				110	#endif
				111	#if defined(MBEDTLS_SHA224_C) \|\| \
				112	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) )
				113	#define MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA
				114	#endif
				115	#if defined(MBEDTLS_SHA256_C) \|\| \
				116	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
				117	#define MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA
				118	#endif
				119	#if defined(MBEDTLS_SHA384_C) \|\| \
				120	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) )
				121	#define MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA
				122	#endif
				123	#if defined(MBEDTLS_SHA512_C) \|\| \
				124	( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) )
				125	#define MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA
				126	#endif
				127
				128	/* Hashes using MD or PSA based on availability */
				129	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	130	( !defined(MBEDTLS_MD_C) && \
				131	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	132	#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
				133	#endif
				134	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	135	( !defined(MBEDTLS_MD_C) && \
				136	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	137	#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA
				138	#endif
				139	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	140	( !defined(MBEDTLS_MD_C) && \
				141	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	142	#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
				143	#endif
				144	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	145	( !defined(MBEDTLS_MD_C) && \
				146	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	147	#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA
				148	#endif
				149	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	150	( !defined(MBEDTLS_MD_C) && \
				151	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	152	#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
				153	#endif
				154	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	155	( !defined(MBEDTLS_MD_C) && \
				156	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	157	#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
				158	#endif
				159	#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) \|\| \
Manuel Pégourié-Gonnard	79b99f4	2022-07-27 23:04:21 +0200	[diff] [blame]	160	( !defined(MBEDTLS_MD_C) && \
				161	defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) )
Manuel Pégourié-Gonnard	73692b7	2022-07-21 10:40:13 +0200	[diff] [blame]	162	#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA
				163	#endif
				164
				165	/* Hashes using MD or PSA based on MBEDTLS_USE_PSA_CRYPTO */
				166	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				167	defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) \|\| \
				168	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_MD5) )
				169	#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				170	#endif
				171	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				172	defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) \|\| \
				173	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_RIPEMD160) )
				174	#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				175	#endif
				176	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				177	defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) \|\| \
				178	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) )
				179	#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				180	#endif
				181	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				182	defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) \|\| \
				183	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) )
				184	#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				185	#endif
				186	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				187	defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) \|\| \
				188	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) )
				189	#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				190	#endif
				191	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				192	defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) \|\| \
				193	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) )
				194	#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				195	#endif
				196	#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
				197	defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) \|\| \
				198	( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) )
				199	#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA
				200	#endif
				201
				202	#endif /* MBEDTLS_OR_PSA_HELPERS_H */