TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c50bf9549bab963c75dd54d5c34fe444c48e2761 / . / include / mbedtls / config_adjust_legacy_crypto.h
blob: 9b060412282f0bd72ac74e4e40cfbd2cb3b2925e [file] [log] [blame]
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]1/**
2 * \file mbedtls/config_adjust_legacy_crypto.h
3 * \brief Adjust legacy configuration configuration
4 *
5 * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
6 * configurations need to be explicitly enabled by the user: enabling
7 * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
8 * compilation error. However, we do automatically enable certain options
9 * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
10 * used to identify parts of a module that are used by other module, and we
11 * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
12 * Another case is if A didn't depend on B in earlier versions, and we
13 * want to use B in A but we need to preserve backward compatibility with
14 * configurations that explicitly activate MBEDTLS_xxx_A but not
15 * MBEDTLS_xxx_B.
16 */
17/*
18 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]19 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]20 */
21
22#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
23#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
24
Manuel Pégourié-Gonnard1463e492024-02-08 12:28:30 +0100[diff] [blame]25/* Ideally, we'd set those as defaults in mbedtls_config.h, but
26 * putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py.
27 *
28 * So, adjust it here.
29 * Not related to crypto, but this is the bottom of the stack. */
30#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
31#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
32 !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
33#define MBEDTLS_PLATFORM_SNPRINTF_ALT
34#endif
35#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
36 !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
37#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
38#endif
39#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
40
Valerio Setti97726422023-12-28 09:55:09 +0100[diff] [blame]41/* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin
42 * in PSA. */
43#if defined(MBEDTLS_PSA_CRYPTO_C) && \
44 (defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \
45 defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
46 defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
47 defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
48 defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
49 defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
50 defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
51 defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG))
52#define MBEDTLS_CIPHER_C
53#endif
54
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]55/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
56 * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
57 */
58#if defined(MBEDTLS_MD_C)
59#define MBEDTLS_MD_LIGHT
60#endif
61
62/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
63 * in a previous release, to ensure backwards compatibility.
64 */
65#if defined(MBEDTLS_ECJPAKE_C) || \
66 defined(MBEDTLS_PEM_PARSE_C) || \
67 defined(MBEDTLS_ENTROPY_C) || \
68 defined(MBEDTLS_PK_C) || \
69 defined(MBEDTLS_PKCS12_C) || \
70 defined(MBEDTLS_RSA_C) || \
71 defined(MBEDTLS_SSL_TLS_C) || \
72 defined(MBEDTLS_X509_USE_C) || \
73 defined(MBEDTLS_X509_CREATE_C)
74#define MBEDTLS_MD_LIGHT
75#endif
76
Valerio Setti85d2a982023-10-06 16:04:49 +0200[diff] [blame]77#if defined(MBEDTLS_MD_LIGHT)
78/*
79 * - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
80 * - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
81 * (see below).
82 * - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
83 * via PSA (see below).
84 * - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
85 * via a direct legacy call (see below).
86 *
87 * The md module performs an algorithm via PSA if there is a PSA hash
88 * accelerator and the PSA driver subsytem is initialized at the time the
89 * operation is started, and makes a direct legacy call otherwise.
90 */
91
92/* PSA accelerated implementations */
93#if defined(MBEDTLS_PSA_CRYPTO_C)
94
95#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
96#define MBEDTLS_MD_CAN_MD5
97#define MBEDTLS_MD_MD5_VIA_PSA
98#define MBEDTLS_MD_SOME_PSA
99#endif
100#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
101#define MBEDTLS_MD_CAN_SHA1
102#define MBEDTLS_MD_SHA1_VIA_PSA
103#define MBEDTLS_MD_SOME_PSA
104#endif
105#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
106#define MBEDTLS_MD_CAN_SHA224
107#define MBEDTLS_MD_SHA224_VIA_PSA
108#define MBEDTLS_MD_SOME_PSA
109#endif
110#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
111#define MBEDTLS_MD_CAN_SHA256
112#define MBEDTLS_MD_SHA256_VIA_PSA
113#define MBEDTLS_MD_SOME_PSA
114#endif
115#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
116#define MBEDTLS_MD_CAN_SHA384
117#define MBEDTLS_MD_SHA384_VIA_PSA
118#define MBEDTLS_MD_SOME_PSA
119#endif
120#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
121#define MBEDTLS_MD_CAN_SHA512
122#define MBEDTLS_MD_SHA512_VIA_PSA
123#define MBEDTLS_MD_SOME_PSA
124#endif
125#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
126#define MBEDTLS_MD_CAN_RIPEMD160
127#define MBEDTLS_MD_RIPEMD160_VIA_PSA
128#define MBEDTLS_MD_SOME_PSA
129#endif
130#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
131#define MBEDTLS_MD_CAN_SHA3_224
132#define MBEDTLS_MD_SHA3_224_VIA_PSA
133#define MBEDTLS_MD_SOME_PSA
134#endif
135#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
136#define MBEDTLS_MD_CAN_SHA3_256
137#define MBEDTLS_MD_SHA3_256_VIA_PSA
138#define MBEDTLS_MD_SOME_PSA
139#endif
140#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
141#define MBEDTLS_MD_CAN_SHA3_384
142#define MBEDTLS_MD_SHA3_384_VIA_PSA
143#define MBEDTLS_MD_SOME_PSA
144#endif
145#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
146#define MBEDTLS_MD_CAN_SHA3_512
147#define MBEDTLS_MD_SHA3_512_VIA_PSA
148#define MBEDTLS_MD_SOME_PSA
149#endif
150#endif /* MBEDTLS_PSA_CRYPTO_C */
151
152/* Built-in implementations */
153#if defined(MBEDTLS_MD5_C)
154#define MBEDTLS_MD_CAN_MD5
155#define MBEDTLS_MD_SOME_LEGACY
156#endif
157#if defined(MBEDTLS_SHA1_C)
158#define MBEDTLS_MD_CAN_SHA1
159#define MBEDTLS_MD_SOME_LEGACY
160#endif
161#if defined(MBEDTLS_SHA224_C)
162#define MBEDTLS_MD_CAN_SHA224
163#define MBEDTLS_MD_SOME_LEGACY
164#endif
165#if defined(MBEDTLS_SHA256_C)
166#define MBEDTLS_MD_CAN_SHA256
167#define MBEDTLS_MD_SOME_LEGACY
168#endif
169#if defined(MBEDTLS_SHA384_C)
170#define MBEDTLS_MD_CAN_SHA384
171#define MBEDTLS_MD_SOME_LEGACY
172#endif
173#if defined(MBEDTLS_SHA512_C)
174#define MBEDTLS_MD_CAN_SHA512
175#define MBEDTLS_MD_SOME_LEGACY
176#endif
177#if defined(MBEDTLS_SHA3_C)
178#define MBEDTLS_MD_CAN_SHA3_224
179#define MBEDTLS_MD_CAN_SHA3_256
180#define MBEDTLS_MD_CAN_SHA3_384
181#define MBEDTLS_MD_CAN_SHA3_512
182#define MBEDTLS_MD_SOME_LEGACY
183#endif
184#if defined(MBEDTLS_RIPEMD160_C)
185#define MBEDTLS_MD_CAN_RIPEMD160
186#define MBEDTLS_MD_SOME_LEGACY
187#endif
188
189#endif /* MBEDTLS_MD_LIGHT */
190
Valerio Setti8bba0872023-12-12 11:49:02 +0100[diff] [blame]191/* BLOCK_CIPHER module can dispatch to PSA when:
192 * - PSA is enabled and drivers have been initialized
193 * - desired key type is supported on the PSA side
194 * If the above conditions are not met, but the legacy support is enabled, then
Valerio Setti2684e3f2023-12-13 16:53:02 +0100[diff] [blame]195 * BLOCK_CIPHER will dynamically fallback to it.
Valerio Setti4a5d57d2023-12-14 09:34:15 +0100[diff] [blame]196 *
197 * In case BLOCK_CIPHER is defined (see below) the following symbols/helpers
198 * can be used to define its capabilities:
199 * - MBEDTLS_BLOCK_CIPHER_SOME_PSA: there is at least 1 key type between AES,
200 * ARIA and Camellia which is supported through a driver;
201 * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_PSA: xxx key type is supported through a
202 * driver;
203 * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_LEGACY: xxx key type is supported through
204 * a legacy module (i.e. MBEDTLS_xxx_C)
Valerio Setti8bba0872023-12-12 11:49:02 +0100[diff] [blame]205 */
Valerio Setti8bba0872023-12-12 11:49:02 +0100[diff] [blame]206#if defined(MBEDTLS_PSA_CRYPTO_C)
207#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
208#define MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA
209#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
210#endif
211#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
212#define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA
213#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
214#endif
215#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
216#define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA
217#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
218#endif
219#endif /* MBEDTLS_PSA_CRYPTO_C */
220
221#if defined(MBEDTLS_AES_C)
222#define MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY
223#endif
224#if defined(MBEDTLS_ARIA_C)
225#define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY
226#endif
227#if defined(MBEDTLS_CAMELLIA_C)
228#define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY
229#endif
230
Valerio Setti4a5d57d2023-12-14 09:34:15 +0100[diff] [blame]231/* Helpers to state that BLOCK_CIPHER module supports AES, ARIA and/or Camellia
232 * block ciphers via either PSA or legacy. */
Valerio Setti8bba0872023-12-12 11:49:02 +0100[diff] [blame]233#if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) || \
234 defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY)
235#define MBEDTLS_BLOCK_CIPHER_CAN_AES
236#endif
237#if defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA) || \
238 defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY)
239#define MBEDTLS_BLOCK_CIPHER_CAN_ARIA
240#endif
241#if defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA) || \
242 defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY)
243#define MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA
244#endif
245
Valerio Setti4a5d57d2023-12-14 09:34:15 +0100[diff] [blame]246/* GCM_C and CCM_C can either depend on (in order of preference) BLOCK_CIPHER_C
247 * or CIPHER_C. The former is auto-enabled when:
248 * - CIPHER_C is not defined, which is also the legacy solution;
249 * - BLOCK_CIPHER_SOME_PSA because in this case BLOCK_CIPHER can take advantage
250 * of the driver's acceleration.
251 */
252#if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \
253 (!defined(MBEDTLS_CIPHER_C) || defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA))
254#define MBEDTLS_BLOCK_CIPHER_C
255#endif
256
Valerio Settibfa675f2023-12-20 09:52:08 +0100[diff] [blame]257/* Helpers for GCM/CCM capabilities */
258#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_AES_C)) || \
259 (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_AES))
260#define MBEDTLS_CCM_GCM_CAN_AES
261#endif
262
263#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_ARIA_C)) || \
264 (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA))
265#define MBEDTLS_CCM_GCM_CAN_ARIA
266#endif
267
268#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_CAMELLIA_C)) || \
269 (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA))
270#define MBEDTLS_CCM_GCM_CAN_CAMELLIA
271#endif
272
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]273/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
274 * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
275 * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
276 * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
277 * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
278 * these features are not supported in PSA so the only way to have them is
279 * to enable the built-in solution.
280 * Both of them are temporary dependencies:
281 * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
282 * - support for compressed points should also be added to PSA, but in this
283 * case there is no associated issue to track it yet.
284 * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
285 * still depends on ECP_LIGHT.
286 * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
287 * be fixed by #7453.
288 */
289#if defined(MBEDTLS_ECP_C) || \
290 defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
291 defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
292 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
293#define MBEDTLS_ECP_LIGHT
294#endif
295
Thomas Daubney540324c2023-10-06 17:07:24 +0100[diff] [blame]296/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]297 * in previous version compressed points were automatically supported as long
298 * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
299 * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
300 * are met. */
301#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
302#define MBEDTLS_PK_PARSE_EC_COMPRESSED
303#endif
304
305/* Helper symbol to state that there is support for ECDH, either through
306 * library implementation (ECDH_C) or through PSA. */
307#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
308 (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
309#define MBEDTLS_CAN_ECDH
310#endif
311
312/* PK module can achieve ECDSA functionalities by means of either software
313 * implementations (ECDSA_C) or through a PSA driver. The following defines
314 * are meant to list these capabilities in a general way which abstracts how
315 * they are implemented under the hood. */
316#if !defined(MBEDTLS_USE_PSA_CRYPTO)
317#if defined(MBEDTLS_ECDSA_C)
318#define MBEDTLS_PK_CAN_ECDSA_SIGN
319#define MBEDTLS_PK_CAN_ECDSA_VERIFY
320#endif /* MBEDTLS_ECDSA_C */
321#else /* MBEDTLS_USE_PSA_CRYPTO */
322#if defined(PSA_WANT_ALG_ECDSA)
323#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
324#define MBEDTLS_PK_CAN_ECDSA_SIGN
325#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
326#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
327#define MBEDTLS_PK_CAN_ECDSA_VERIFY
328#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
329#endif /* PSA_WANT_ALG_ECDSA */
330#endif /* MBEDTLS_USE_PSA_CRYPTO */
331
332#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
333#define MBEDTLS_PK_CAN_ECDSA_SOME
334#endif
335
336/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
337 * is defined as well to include all PSA code.
338 */
339#if defined(MBEDTLS_PSA_CRYPTO_C)
340#define MBEDTLS_PSA_CRYPTO_CLIENT
341#endif /* MBEDTLS_PSA_CRYPTO_C */
342
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]343/* Helpers to state that each key is supported either on the builtin or PSA side. */
344#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
Valerio Settidb6b4db2023-09-01 09:20:51 +0200[diff] [blame]345#define MBEDTLS_ECP_HAVE_SECP521R1
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]346#endif
347#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
Valerio Settidb6b4db2023-09-01 09:20:51 +0200[diff] [blame]348#define MBEDTLS_ECP_HAVE_BP512R1
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]349#endif
350#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
Valerio Settidb6b4db2023-09-01 09:20:51 +0200[diff] [blame]351#define MBEDTLS_ECP_HAVE_CURVE448
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]352#endif
353#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
Valerio Settidb6b4db2023-09-01 09:20:51 +0200[diff] [blame]354#define MBEDTLS_ECP_HAVE_BP384R1
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]355#endif
356#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
Valerio Settidb6b4db2023-09-01 09:20:51 +0200[diff] [blame]357#define MBEDTLS_ECP_HAVE_SECP384R1
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]358#endif
359#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
Valerio Settidb6b4db2023-09-01 09:20:51 +0200[diff] [blame]360#define MBEDTLS_ECP_HAVE_BP256R1
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]361#endif
362#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
Valerio Settidb6b4db2023-09-01 09:20:51 +0200[diff] [blame]363#define MBEDTLS_ECP_HAVE_SECP256K1
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]364#endif
365#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
Valerio Settidb6b4db2023-09-01 09:20:51 +0200[diff] [blame]366#define MBEDTLS_ECP_HAVE_SECP256R1
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]367#endif
368#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
Valerio Settidb6b4db2023-09-01 09:20:51 +0200[diff] [blame]369#define MBEDTLS_ECP_HAVE_CURVE25519
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]370#endif
371#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
Valerio Settidb6b4db2023-09-01 09:20:51 +0200[diff] [blame]372#define MBEDTLS_ECP_HAVE_SECP224K1
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]373#endif
374#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
Valerio Settidb6b4db2023-09-01 09:20:51 +0200[diff] [blame]375#define MBEDTLS_ECP_HAVE_SECP224R1
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]376#endif
377#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
Valerio Settidb6b4db2023-09-01 09:20:51 +0200[diff] [blame]378#define MBEDTLS_ECP_HAVE_SECP192K1
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]379#endif
380#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
Valerio Settidb6b4db2023-09-01 09:20:51 +0200[diff] [blame]381#define MBEDTLS_ECP_HAVE_SECP192R1
Valerio Setti67d82e72023-08-16 17:11:53 +0200[diff] [blame]382#endif
383
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]384/* Helper symbol to state that the PK module has support for EC keys. This
385 * can either be provided through the legacy ECP solution or through the
386 * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
387#if defined(MBEDTLS_ECP_C) || \
388 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
389#define MBEDTLS_PK_HAVE_ECC_KEYS
390#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
391
Gilles Peskineca1e6052023-09-25 16:16:26 +0200[diff] [blame]392/* Historically pkparse did not check the CBC padding when decrypting
393 * a key. This was a bug, which is now fixed. As a consequence, pkparse
394 * now needs PKCS7 padding support, but existing configurations might not
395 * enable it, so we enable it here. */
396#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
397#define MBEDTLS_CIPHER_PADDING_PKCS7
398#endif
399
Dave Rodgman94a634d2023-10-10 12:59:29 +0100[diff] [blame]400/* Backwards compatibility for some macros which were renamed to reflect that
401 * they are related to Armv8, not aarch64. */
Dave Rodgmanc5861d52023-10-10 14:01:54 +0100[diff] [blame]402#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
Dave Rodgman5b89c552023-10-10 14:59:02 +0100[diff] [blame]403 !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
404#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
Dave Rodgman94a634d2023-10-10 12:59:29 +0100[diff] [blame]405#endif
Dave Rodgman5b89c552023-10-10 14:59:02 +0100[diff] [blame]406#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
407#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
Dave Rodgman94a634d2023-10-10 12:59:29 +0100[diff] [blame]408#endif
Dave Rodgman94a634d2023-10-10 12:59:29 +0100[diff] [blame]409
Valerio Settif4d2dc22024-01-16 10:57:48 +0100[diff] [blame]410/* psa_util file features some ECDSA conversion functions, to convert between
411 * legacy's ASN.1 DER format and PSA's raw one. */
Valerio Settibcf0fc52024-01-26 14:53:28 +0100[diff] [blame]412#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \
413 (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
Valerio Settif4d2dc22024-01-16 10:57:48 +0100[diff] [blame]414#define MBEDTLS_PSA_UTIL_HAVE_ECDSA
415#endif
416
Yanray Wang4ed86912023-11-16 15:20:56 +0800[diff] [blame]417/* Some internal helpers to determine which keys are availble. */
418#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
419 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
420#define MBEDTLS_SSL_HAVE_AES
421#endif
422#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \
423 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA))
424#define MBEDTLS_SSL_HAVE_ARIA
425#endif
426#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \
427 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA))
428#define MBEDTLS_SSL_HAVE_CAMELLIA
429#endif
430
431/* Some internal helpers to determine which operation modes are availble. */
432#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \
433 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING))
434#define MBEDTLS_SSL_HAVE_CBC
435#endif
436
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]437#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \
438 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
439#define MBEDTLS_SSL_HAVE_GCM
440#endif
441
442#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \
443 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
444#define MBEDTLS_SSL_HAVE_CCM
445#endif
446
447#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \
448 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
449#define MBEDTLS_SSL_HAVE_CHACHAPOLY
450#endif
451
452#if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \
453 defined(MBEDTLS_SSL_HAVE_CHACHAPOLY)
454#define MBEDTLS_SSL_HAVE_AEAD
455#endif
456
Gilles Peskine9d6a63b2023-09-04 17:49:07 +0200[diff] [blame]457#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */