TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c0d6943b7f757dd0ba773be2b83e62d09fb6c4db / . / include / mbedtls / config_adjust_legacy_crypto.h
blob: b1ff4c2ca97d847e5e6f2f2c0a0f59d711c7adcf [file] [log] [blame]
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]1/**
2 * \file mbedtls/config_adjust_legacy_crypto.h
3 * \brief Adjust legacy configuration configuration
4 *
Gilles Peskine975e74c2024-04-26 14:18:10 +0200[diff] [blame]5 * This is an internal header. Do not include it directly.
6 *
Wenxing Houb4d03cc2024-06-19 11:04:13 +0800[diff] [blame]7 * Automatically enable certain dependencies. Generally, MBEDTLS_xxx
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]8 * configurations need to be explicitly enabled by the user: enabling
9 * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
10 * compilation error. However, we do automatically enable certain options
11 * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
12 * used to identify parts of a module that are used by other module, and we
13 * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
14 * Another case is if A didn't depend on B in earlier versions, and we
15 * want to use B in A but we need to preserve backward compatibility with
16 * configurations that explicitly activate MBEDTLS_xxx_A but not
17 * MBEDTLS_xxx_B.
18 */
19/*
20 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]21 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]22 */
23
24#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
25#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
26
Gilles Peskine0b8ece62024-05-16 14:46:09 +0200[diff] [blame]27#if !defined(MBEDTLS_CONFIG_FILES_READ)
28#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
29 "up to and including runtime errors such as buffer overflows. " \
30 "If you're trying to fix a complaint from check_config.h, just remove " \
31 "it from your configuration file: since Mbed TLS 3.0, it is included " \
Gilles Peskine9df78062024-05-29 09:33:04 +0200[diff] [blame]32 "automatically at the right point."
Gilles Peskine0b8ece62024-05-16 14:46:09 +0200[diff] [blame]33#endif /* */
34
Manuel Pégourié-Gonnard1463e492024-02-08 12:28:30 +0100[diff] [blame]35/* Ideally, we'd set those as defaults in mbedtls_config.h, but
36 * putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py.
37 *
38 * So, adjust it here.
39 * Not related to crypto, but this is the bottom of the stack. */
40#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
41#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
42 !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
43#define MBEDTLS_PLATFORM_SNPRINTF_ALT
44#endif
45#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
46 !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
47#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
48#endif
49#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
50
Valerio Setti97726422023-12-28 09:55:09 +0100[diff] [blame]51/* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin
52 * in PSA. */
53#if defined(MBEDTLS_PSA_CRYPTO_C) && \
54 (defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \
55 defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
56 defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
57 defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
58 defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
59 defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
60 defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
Valerio Settia37ea262024-05-24 14:37:05 +0200[diff] [blame]61 defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG) || \
62 defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC))
Valerio Setti97726422023-12-28 09:55:09 +0100[diff] [blame]63#define MBEDTLS_CIPHER_C
64#endif
65
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]66/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
67 * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
68 */
69#if defined(MBEDTLS_MD_C)
70#define MBEDTLS_MD_LIGHT
71#endif
72
73/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
74 * in a previous release, to ensure backwards compatibility.
75 */
76#if defined(MBEDTLS_ECJPAKE_C) || \
77 defined(MBEDTLS_PEM_PARSE_C) || \
78 defined(MBEDTLS_ENTROPY_C) || \
79 defined(MBEDTLS_PK_C) || \
80 defined(MBEDTLS_PKCS12_C) || \
81 defined(MBEDTLS_RSA_C) || \
82 defined(MBEDTLS_SSL_TLS_C) || \
83 defined(MBEDTLS_X509_USE_C) || \
84 defined(MBEDTLS_X509_CREATE_C)
85#define MBEDTLS_MD_LIGHT
86#endif
87
Valerio Setti85d2a982023-10-06 16:04:49 +0200[diff] [blame]88#if defined(MBEDTLS_MD_LIGHT)
89/*
90 * - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
91 * - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
92 * (see below).
93 * - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
94 * via PSA (see below).
95 * - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
96 * via a direct legacy call (see below).
97 *
98 * The md module performs an algorithm via PSA if there is a PSA hash
99 * accelerator and the PSA driver subsytem is initialized at the time the
100 * operation is started, and makes a direct legacy call otherwise.
101 */
102
103/* PSA accelerated implementations */
104#if defined(MBEDTLS_PSA_CRYPTO_C)
105
106#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
107#define MBEDTLS_MD_CAN_MD5
108#define MBEDTLS_MD_MD5_VIA_PSA
109#define MBEDTLS_MD_SOME_PSA
110#endif
111#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
Valerio Setti85d2a982023-10-06 16:04:49 +0200[diff] [blame]112#define MBEDTLS_MD_SHA1_VIA_PSA
113#define MBEDTLS_MD_SOME_PSA
114#endif
115#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
116#define MBEDTLS_MD_CAN_SHA224
117#define MBEDTLS_MD_SHA224_VIA_PSA
118#define MBEDTLS_MD_SOME_PSA
119#endif
120#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
121#define MBEDTLS_MD_CAN_SHA256
122#define MBEDTLS_MD_SHA256_VIA_PSA
123#define MBEDTLS_MD_SOME_PSA
124#endif
125#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
126#define MBEDTLS_MD_CAN_SHA384
127#define MBEDTLS_MD_SHA384_VIA_PSA
128#define MBEDTLS_MD_SOME_PSA
129#endif
130#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
131#define MBEDTLS_MD_CAN_SHA512
132#define MBEDTLS_MD_SHA512_VIA_PSA
133#define MBEDTLS_MD_SOME_PSA
134#endif
135#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
136#define MBEDTLS_MD_CAN_RIPEMD160
137#define MBEDTLS_MD_RIPEMD160_VIA_PSA
138#define MBEDTLS_MD_SOME_PSA
139#endif
140#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
141#define MBEDTLS_MD_CAN_SHA3_224
142#define MBEDTLS_MD_SHA3_224_VIA_PSA
143#define MBEDTLS_MD_SOME_PSA
144#endif
145#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
146#define MBEDTLS_MD_CAN_SHA3_256
147#define MBEDTLS_MD_SHA3_256_VIA_PSA
148#define MBEDTLS_MD_SOME_PSA
149#endif
150#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
151#define MBEDTLS_MD_CAN_SHA3_384
152#define MBEDTLS_MD_SHA3_384_VIA_PSA
153#define MBEDTLS_MD_SOME_PSA
154#endif
155#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
156#define MBEDTLS_MD_CAN_SHA3_512
157#define MBEDTLS_MD_SHA3_512_VIA_PSA
158#define MBEDTLS_MD_SOME_PSA
159#endif
160#endif /* MBEDTLS_PSA_CRYPTO_C */
161
162/* Built-in implementations */
163#if defined(MBEDTLS_MD5_C)
164#define MBEDTLS_MD_CAN_MD5
165#define MBEDTLS_MD_SOME_LEGACY
166#endif
167#if defined(MBEDTLS_SHA1_C)
Valerio Setti85d2a982023-10-06 16:04:49 +0200[diff] [blame]168#define MBEDTLS_MD_SOME_LEGACY
169#endif
170#if defined(MBEDTLS_SHA224_C)
171#define MBEDTLS_MD_CAN_SHA224
172#define MBEDTLS_MD_SOME_LEGACY
173#endif
174#if defined(MBEDTLS_SHA256_C)
175#define MBEDTLS_MD_CAN_SHA256
176#define MBEDTLS_MD_SOME_LEGACY
177#endif
178#if defined(MBEDTLS_SHA384_C)
179#define MBEDTLS_MD_CAN_SHA384
180#define MBEDTLS_MD_SOME_LEGACY
181#endif
182#if defined(MBEDTLS_SHA512_C)
183#define MBEDTLS_MD_CAN_SHA512
184#define MBEDTLS_MD_SOME_LEGACY
185#endif
186#if defined(MBEDTLS_SHA3_C)
187#define MBEDTLS_MD_CAN_SHA3_224
188#define MBEDTLS_MD_CAN_SHA3_256
189#define MBEDTLS_MD_CAN_SHA3_384
190#define MBEDTLS_MD_CAN_SHA3_512
191#define MBEDTLS_MD_SOME_LEGACY
192#endif
193#if defined(MBEDTLS_RIPEMD160_C)
194#define MBEDTLS_MD_CAN_RIPEMD160
195#define MBEDTLS_MD_SOME_LEGACY
196#endif
197
198#endif /* MBEDTLS_MD_LIGHT */
199
Valerio Setti8bba0872023-12-12 11:49:02 +0100[diff] [blame]200/* BLOCK_CIPHER module can dispatch to PSA when:
201 * - PSA is enabled and drivers have been initialized
202 * - desired key type is supported on the PSA side
203 * If the above conditions are not met, but the legacy support is enabled, then
Valerio Setti2684e3f2023-12-13 16:53:02 +0100[diff] [blame]204 * BLOCK_CIPHER will dynamically fallback to it.
Valerio Setti4a5d57d2023-12-14 09:34:15 +0100[diff] [blame]205 *
206 * In case BLOCK_CIPHER is defined (see below) the following symbols/helpers
207 * can be used to define its capabilities:
208 * - MBEDTLS_BLOCK_CIPHER_SOME_PSA: there is at least 1 key type between AES,
209 * ARIA and Camellia which is supported through a driver;
210 * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_PSA: xxx key type is supported through a
211 * driver;
212 * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_LEGACY: xxx key type is supported through
213 * a legacy module (i.e. MBEDTLS_xxx_C)
Valerio Setti8bba0872023-12-12 11:49:02 +0100[diff] [blame]214 */
Valerio Setti8bba0872023-12-12 11:49:02 +0100[diff] [blame]215#if defined(MBEDTLS_PSA_CRYPTO_C)
216#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
217#define MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA
218#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
219#endif
220#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
221#define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA
222#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
223#endif
224#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
225#define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA
226#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
227#endif
228#endif /* MBEDTLS_PSA_CRYPTO_C */
229
230#if defined(MBEDTLS_AES_C)
231#define MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY
232#endif
233#if defined(MBEDTLS_ARIA_C)
234#define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY
235#endif
236#if defined(MBEDTLS_CAMELLIA_C)
237#define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY
238#endif
239
Valerio Setti4a5d57d2023-12-14 09:34:15 +0100[diff] [blame]240/* Helpers to state that BLOCK_CIPHER module supports AES, ARIA and/or Camellia
241 * block ciphers via either PSA or legacy. */
Valerio Setti8bba0872023-12-12 11:49:02 +0100[diff] [blame]242#if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) || \
243 defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY)
244#define MBEDTLS_BLOCK_CIPHER_CAN_AES
245#endif
246#if defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA) || \
247 defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY)
248#define MBEDTLS_BLOCK_CIPHER_CAN_ARIA
249#endif
250#if defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA) || \
251 defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY)
252#define MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA
253#endif
254
Valerio Setti4a5d57d2023-12-14 09:34:15 +0100[diff] [blame]255/* GCM_C and CCM_C can either depend on (in order of preference) BLOCK_CIPHER_C
256 * or CIPHER_C. The former is auto-enabled when:
257 * - CIPHER_C is not defined, which is also the legacy solution;
258 * - BLOCK_CIPHER_SOME_PSA because in this case BLOCK_CIPHER can take advantage
259 * of the driver's acceleration.
260 */
261#if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \
262 (!defined(MBEDTLS_CIPHER_C) || defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA))
263#define MBEDTLS_BLOCK_CIPHER_C
264#endif
265
Valerio Settibfa675f2023-12-20 09:52:08 +0100[diff] [blame]266/* Helpers for GCM/CCM capabilities */
267#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_AES_C)) || \
268 (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_AES))
269#define MBEDTLS_CCM_GCM_CAN_AES
270#endif
271
272#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_ARIA_C)) || \
273 (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA))
274#define MBEDTLS_CCM_GCM_CAN_ARIA
275#endif
276
277#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_CAMELLIA_C)) || \
278 (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA))
279#define MBEDTLS_CCM_GCM_CAN_CAMELLIA
280#endif
281
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]282/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
283 * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
284 * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
285 * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
286 * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
287 * these features are not supported in PSA so the only way to have them is
288 * to enable the built-in solution.
289 * Both of them are temporary dependencies:
290 * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
291 * - support for compressed points should also be added to PSA, but in this
292 * case there is no associated issue to track it yet.
293 * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
294 * still depends on ECP_LIGHT.
295 * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
296 * be fixed by #7453.
297 */
298#if defined(MBEDTLS_ECP_C) || \
299 defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
300 defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
301 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
302#define MBEDTLS_ECP_LIGHT
303#endif
304
Valerio Setti89f5af82024-04-18 06:54:32 +0200[diff] [blame]305/* Backward compatibility: after #8740 the RSA module offers functions to parse
306 * and write RSA private/public keys without relying on the PK one. Of course
307 * this needs ASN1 support to do so, so we enable it here. */
308#if defined(MBEDTLS_RSA_C)
309#define MBEDTLS_ASN1_PARSE_C
310#define MBEDTLS_ASN1_WRITE_C
311#endif
312
Thomas Daubney540324c2023-10-06 17:07:24 +0100[diff] [blame]313/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]314 * in previous version compressed points were automatically supported as long
315 * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
316 * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
317 * are met. */
318#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
319#define MBEDTLS_PK_PARSE_EC_COMPRESSED
320#endif
321
322/* Helper symbol to state that there is support for ECDH, either through
323 * library implementation (ECDH_C) or through PSA. */
324#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
325 (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
326#define MBEDTLS_CAN_ECDH
327#endif
328
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]329/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
330 * is defined as well to include all PSA code.
331 */
332#if defined(MBEDTLS_PSA_CRYPTO_C)
333#define MBEDTLS_PSA_CRYPTO_CLIENT
334#endif /* MBEDTLS_PSA_CRYPTO_C */
335
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]336/* Helper symbol to state that the PK module has support for EC keys. This
337 * can either be provided through the legacy ECP solution or through the
338 * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
339#if defined(MBEDTLS_ECP_C) || \
340 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
341#define MBEDTLS_PK_HAVE_ECC_KEYS
342#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
343
Gilles Peskineca1e6052023-09-25 16:16:26 +0200[diff] [blame]344/* Historically pkparse did not check the CBC padding when decrypting
345 * a key. This was a bug, which is now fixed. As a consequence, pkparse
346 * now needs PKCS7 padding support, but existing configurations might not
347 * enable it, so we enable it here. */
348#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
349#define MBEDTLS_CIPHER_PADDING_PKCS7
350#endif
351
Dave Rodgman94a634d2023-10-10 12:59:29 +0100[diff] [blame]352/* Backwards compatibility for some macros which were renamed to reflect that
353 * they are related to Armv8, not aarch64. */
Dave Rodgmanc5861d52023-10-10 14:01:54 +0100[diff] [blame]354#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
Dave Rodgman5b89c552023-10-10 14:59:02 +0100[diff] [blame]355 !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
356#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
Dave Rodgman94a634d2023-10-10 12:59:29 +0100[diff] [blame]357#endif
Dave Rodgman5b89c552023-10-10 14:59:02 +0100[diff] [blame]358#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
359#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
Dave Rodgman94a634d2023-10-10 12:59:29 +0100[diff] [blame]360#endif
Dave Rodgman94a634d2023-10-10 12:59:29 +0100[diff] [blame]361
Wenxing Houb4d03cc2024-06-19 11:04:13 +0800[diff] [blame]362/* Some internal helpers to determine which operation modes are available. */
Yanray Wang4ed86912023-11-16 15:20:56 +0800[diff] [blame]363
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]364#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \
365 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
366#define MBEDTLS_SSL_HAVE_GCM
367#endif
368
369#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \
370 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
371#define MBEDTLS_SSL_HAVE_CCM
372#endif
373
374#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \
375 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
376#define MBEDTLS_SSL_HAVE_CHACHAPOLY
377#endif
378
Elena Uziunaitec0d69432024-08-20 14:53:19 +0100[diff] [blame^]379#if defined(PSA_WANT_ALG_GCM) || defined(PSA_WANT_ALG_CCM) || \
380 defined(PSA_WANT_ALG_CHACHA20_POLY1305)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]381#define MBEDTLS_SSL_HAVE_AEAD
382#endif
383
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]384#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */