TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7d5271608b785779e5b475e72d7834422318ef57 / . / library / legacy_or_psa.h
blob: e645c2431fb29ec592dd54e573471d6361359252 [file] [log] [blame]
Manuel Pégourié-Gonnard73692b72022-07-21 10:40:13 +0200[diff] [blame]1/**
2 * Internal macros to express dependencies for code and tests
3 * that may use either the legacy API or PSA in various builds.
4 *
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21/*
22 * These macros are for code that wants to use <crypto feature> and will do so
23 * using <legacy API> or PSA depending on <condition>, where:
24 * - <crypto feature> will generally be an algorithm (SHA-256, ECDH) but may
25 * also be a key type (AES, RSA, EC) or domain parameters (elliptic curve);
26 * - <legacy API> will be either:
27 * - low-level module API (aes.h, sha256.h), or
28 * - an abstraction layer (md.h, cipher.h);
29 * - <condition> will be either:
30 * - depending on what's available in the build, or
31 * - depending on whether MBEDTLS_USE_PSA_CRYPTO is defined.
32 *
33 * Examples:
34 * - TLS 1.2 will compute hashes using either mbedtls_md_xxx() (and
35 * mbedtls_sha256_xxx()) or psa_aead_xxx() depending on whether
36 * MBEDTLS_USE_PSA_CRYPTO is defined;
37 * - RSA PKCS#1 v2.1 will, in the near future*, compute hashes (for padding)
38 * using either `mbedtls_md()` if it's available, or `psa_hash_compute()`
39 * otherwise;
40 * - PEM decoding of PEM-encrypted keys will, in the near future*, compute MD5
41 * hashes using either `mbedtls_md5_xxx()` if it's available, or
42 * `psa_hash_xxx()` otherwise.
43 * *See docs/architecture/psa-migration/strategy.md, section "Supporting
44 * builds with drivers without the software implementation", strategy for step
45 * 1 (libmbedcrypto except the RNG subsystem).
46 *
47 * Note: the macros are essential to express test dependencies. Inside code,
48 * we could instead just use the equivalent pre-processor condition, but
49 * that's not possible in test dependencies where we need a single macro.
50 * Hopefully, using these macros in code will also help with consistency.
51 *
52 * The naming scheme for these macros is:
53 * MBEDTLS_HAS_feature_VIA_legacy_OR_PSA(_condition)
54 * where:
55 * - feature is expressed the same way as in PSA_WANT macros, for example:
56 * KEY_TYPE_AES, ALG_SHA_256, ECC_SECP_R1_256;
57 * - legacy is either LOWLEVEL or the name of the layer: MD, CIPHER;
Manuel Pégourié-Gonnard68429fc2022-07-27 20:37:12 +0200[diff] [blame]58 * - condition is omitted if it's based on availability, else it's
Manuel Pégourié-Gonnard73692b72022-07-21 10:40:13 +0200[diff] [blame]59 * BASED_ON_USE_PSA.
60 *
61 * Coming back to the examples above:
62 * - TLS 1.2 will determine if it can use SHA-256 using
63 * MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
64 * for the purposes of negotiation, and in test dependencies;
65 * - RSA PKCS#1 v2.1 tests that used SHA-256 will depend on
66 * MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
67 * - PEM decoding code and its associated tests will depend on
68 * MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
69 *
70 * Note: every time it's possible to use, say SHA-256, via the MD API, then
71 * it's also possible to used it via the low-level API. So, code that wants to
72 * use SHA-256 via both APIs only needs to depend on the MD macro. Also, it
73 * just so happens that all the choosing which API to use based on
74 * MBEDTLS_USE_PSA_CRYPTO (X.509, TLS 1.2/shared), always uses the abstraction
75 * layer (sometimes in addition to the low-level API), so we don't need the
76 * MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA_BASED_ON_USE_PSA macros.
77 * (PK, while obeying MBEDTLS_USE_PSA_CRYPTO, doesn't compute hashes itself,
78 * even less makes use of ciphers.)
79 *
80 * Note: the macros MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA are the minimal
81 * condition for being able to use <feature> at all. As such, they should be
82 * used for guarding data about <feature>, such as OIDs or size. For example,
83 * OID values related to SHA-256 are only useful when SHA-256 can be used at
84 * least in some way.
85 */
86
87#ifndef MBEDTLS_OR_PSA_HELPERS_H
88#define MBEDTLS_OR_PSA_HELPERS_H
89
90#include "common.h"
91
92/*
93 * Hashes
94 */
95
96/* Hashes using low-level or PSA based on availability */
97#if defined(MBEDTLS_MD5_C) || \
98 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) )
99#define MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
100#endif
101#if defined(MBEDTLS_RIPEMD160_C) || \
102 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) )
103#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA
104#endif
105#if defined(MBEDTLS_SHA1_C) || \
106 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
107#define MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA
108#endif
109#if defined(MBEDTLS_SHA224_C) || \
110 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) )
111#define MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA
112#endif
113#if defined(MBEDTLS_SHA256_C) || \
114 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
115#define MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA
116#endif
117#if defined(MBEDTLS_SHA384_C) || \
118 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) )
119#define MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA
120#endif
121#if defined(MBEDTLS_SHA512_C) || \
122 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) )
123#define MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA
124#endif
125
126/* Hashes using MD or PSA based on availability */
127#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) || \
128 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) )
129#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
130#endif
131#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) || \
132 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) )
133#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA
134#endif
135#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \
136 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
137#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
138#endif
139#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \
140 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) )
141#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA
142#endif
143#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \
144 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
145#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
146#endif
147#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \
148 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) )
149#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
150#endif
151#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \
152 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) )
153#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA
154#endif
155
156/* Hashes using MD or PSA based on MBEDTLS_USE_PSA_CRYPTO */
157#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
158 defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) || \
159 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_MD5) )
160#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
161#endif
162#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
163 defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) || \
164 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_RIPEMD160) )
165#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA
166#endif
167#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
168 defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \
169 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) )
170#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
171#endif
172#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
173 defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \
174 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) )
175#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
176#endif
177#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
178 defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \
179 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) )
180#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
181#endif
182#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
183 defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \
184 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) )
185#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA
186#endif
187#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
188 defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \
189 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) )
190#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA
191#endif
192
193#endif /* MBEDTLS_OR_PSA_HELPERS_H */