1 /** 2 * \file mbedtls/config_adjust_psa_from_legacy.h 3 * \brief Adjust PSA configuration: construct PSA configuration from legacy 4 * 5 * This is an internal header. Do not include it directly. 6 * 7 * When MBEDTLS_PSA_CRYPTO_CONFIG is disabled, we automatically enable 8 * cryptographic mechanisms through the PSA interface when the corresponding 9 * legacy mechanism is enabled. In many cases, this just enables the PSA 10 * wrapper code around the legacy implementation, but we also do this for 11 * some mechanisms where PSA has its own independent implementation so 12 * that high-level modules that can use either cryptographic API have the 13 * same feature set in both cases. 14 */ 15 /* 16 * Copyright The Mbed TLS Contributors 17 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 18 */ 19 20 #ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H 21 #define MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H 22 23 #if !defined(MBEDTLS_CONFIG_FILES_READ) 24 #error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ 25 "up to and including runtime errors such as buffer overflows. " \ 26 "If you're trying to fix a complaint from check_config.h, just remove " \ 27 "it from your configuration file: since Mbed TLS 3.0, it is included " \ 28 "automatically at the right point." 29 #endif /* */ 30 31 /* 32 * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG 33 * is not defined 34 */ 35 36 #if defined(MBEDTLS_CCM_C) 37 #define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 38 #define PSA_WANT_ALG_CCM 1 39 #if defined(MBEDTLS_CIPHER_C) 40 #define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1 41 #define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 42 #endif /* MBEDTLS_CIPHER_C */ 43 #endif /* MBEDTLS_CCM_C */ 44 45 #if defined(MBEDTLS_CMAC_C) 46 #define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 47 #define PSA_WANT_ALG_CMAC 1 48 #endif /* MBEDTLS_CMAC_C */ 49 50 #if defined(MBEDTLS_ECDH_C) 51 #define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 52 #define PSA_WANT_ALG_ECDH 1 53 #endif /* MBEDTLS_ECDH_C */ 54 55 #if defined(MBEDTLS_ECDSA_C) 56 #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 57 #define PSA_WANT_ALG_ECDSA 1 58 #define PSA_WANT_ALG_ECDSA_ANY 1 59 60 // Only add in DETERMINISTIC support if ECDSA is also enabled 61 #if defined(MBEDTLS_ECDSA_DETERMINISTIC) 62 #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 63 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 64 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ 65 66 #endif /* MBEDTLS_ECDSA_C */ 67 68 #if defined(MBEDTLS_ECP_C) 69 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 70 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 71 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 72 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 73 /* Normally we wouldn't enable this because it's not implemented in ecp.c, 74 * but since it used to be available any time ECP_C was enabled, let's enable 75 * it anyway for the sake of backwards compatibility */ 76 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 77 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 78 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 79 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 80 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 81 /* See comment for PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE above. */ 82 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 83 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 84 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 85 #endif /* MBEDTLS_ECP_C */ 86 87 #if defined(MBEDTLS_DHM_C) 88 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 89 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 90 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 91 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 92 #define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 93 #define PSA_WANT_ALG_FFDH 1 94 #define PSA_WANT_DH_RFC7919_2048 1 95 #define PSA_WANT_DH_RFC7919_3072 1 96 #define PSA_WANT_DH_RFC7919_4096 1 97 #define PSA_WANT_DH_RFC7919_6144 1 98 #define PSA_WANT_DH_RFC7919_8192 1 99 #define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 100 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1 101 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 102 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 103 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 104 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 105 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 1 106 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 1 107 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 1 108 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 1 109 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 1 110 #endif /* MBEDTLS_DHM_C */ 111 112 #if defined(MBEDTLS_GCM_C) 113 #define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 114 #define PSA_WANT_ALG_GCM 1 115 #endif /* MBEDTLS_GCM_C */ 116 117 /* Enable PSA HKDF algorithm if mbedtls HKDF is supported. 118 * PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when 119 * PSA HKDF is enabled, so enable both algorithms together 120 * with PSA HKDF. */ 121 #if defined(MBEDTLS_HKDF_C) 122 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 123 #define PSA_WANT_ALG_HMAC 1 124 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 125 #define PSA_WANT_ALG_HKDF 1 126 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 127 #define PSA_WANT_ALG_HKDF_EXTRACT 1 128 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 129 #define PSA_WANT_ALG_HKDF_EXPAND 1 130 #endif /* MBEDTLS_HKDF_C */ 131 132 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 133 #define PSA_WANT_ALG_HMAC 1 134 #define PSA_WANT_KEY_TYPE_HMAC 1 135 136 #if defined(MBEDTLS_MD_C) 137 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 138 #define PSA_WANT_ALG_TLS12_PRF 1 139 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 140 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 141 #endif /* MBEDTLS_MD_C */ 142 143 #if defined(MBEDTLS_MD5_C) 144 #define MBEDTLS_PSA_BUILTIN_ALG_MD5 1 145 #define PSA_WANT_ALG_MD5 1 146 #endif 147 148 #if defined(MBEDTLS_ECJPAKE_C) 149 #define MBEDTLS_PSA_BUILTIN_PAKE 1 150 #define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1 151 #define PSA_WANT_ALG_JPAKE 1 152 #endif 153 154 #if defined(MBEDTLS_RIPEMD160_C) 155 #define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1 156 #define PSA_WANT_ALG_RIPEMD160 1 157 #endif 158 159 #if defined(MBEDTLS_RSA_C) 160 #if defined(MBEDTLS_PKCS1_V15) 161 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 162 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 163 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 164 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 165 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1 166 #endif /* MBEDTLS_PKCS1_V15 */ 167 #if defined(MBEDTLS_PKCS1_V21) 168 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 169 #define PSA_WANT_ALG_RSA_OAEP 1 170 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 171 #define PSA_WANT_ALG_RSA_PSS 1 172 #endif /* MBEDTLS_PKCS1_V21 */ 173 #if defined(MBEDTLS_GENPRIME) 174 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 175 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 176 #endif /* MBEDTLS_GENPRIME */ 177 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 178 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 179 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 180 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 181 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 182 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 183 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 184 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 185 #endif /* MBEDTLS_RSA_C */ 186 187 #if defined(MBEDTLS_SHA1_C) 188 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1 189 #define PSA_WANT_ALG_SHA_1 1 190 #endif 191 192 #if defined(MBEDTLS_SHA224_C) 193 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1 194 #define PSA_WANT_ALG_SHA_224 1 195 #endif 196 197 #if defined(MBEDTLS_SHA256_C) 198 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 199 #define PSA_WANT_ALG_SHA_256 1 200 #endif 201 202 #if defined(MBEDTLS_SHA384_C) 203 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1 204 #define PSA_WANT_ALG_SHA_384 1 205 #endif 206 207 #if defined(MBEDTLS_SHA512_C) 208 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1 209 #define PSA_WANT_ALG_SHA_512 1 210 #endif 211 212 #if defined(MBEDTLS_SHA3_C) 213 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1 214 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1 215 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1 216 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1 217 #define PSA_WANT_ALG_SHA3_224 1 218 #define PSA_WANT_ALG_SHA3_256 1 219 #define PSA_WANT_ALG_SHA3_384 1 220 #define PSA_WANT_ALG_SHA3_512 1 221 #endif 222 223 #if defined(MBEDTLS_AES_C) 224 #define PSA_WANT_KEY_TYPE_AES 1 225 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 226 #endif 227 228 #if defined(MBEDTLS_ARIA_C) 229 #define PSA_WANT_KEY_TYPE_ARIA 1 230 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1 231 #endif 232 233 #if defined(MBEDTLS_CAMELLIA_C) 234 #define PSA_WANT_KEY_TYPE_CAMELLIA 1 235 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 236 #endif 237 238 #if defined(MBEDTLS_DES_C) 239 #define PSA_WANT_KEY_TYPE_DES 1 240 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1 241 #endif 242 243 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) 244 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1 245 #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 246 #endif 247 248 #if defined(MBEDTLS_CHACHA20_C) 249 #define PSA_WANT_KEY_TYPE_CHACHA20 1 250 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1 251 /* ALG_STREAM_CIPHER requires CIPHER_C in order to be supported in PSA */ 252 #if defined(MBEDTLS_CIPHER_C) 253 #define PSA_WANT_ALG_STREAM_CIPHER 1 254 #define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1 255 #endif 256 #if defined(MBEDTLS_CHACHAPOLY_C) 257 #define PSA_WANT_ALG_CHACHA20_POLY1305 1 258 #define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1 259 #endif 260 #endif 261 262 #if defined(MBEDTLS_CIPHER_MODE_CBC) 263 #define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1 264 #define PSA_WANT_ALG_CBC_NO_PADDING 1 265 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) 266 #define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1 267 #define PSA_WANT_ALG_CBC_PKCS7 1 268 #endif 269 #endif 270 271 #if (defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \ 272 defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)) && \ 273 defined(MBEDTLS_CIPHER_C) 274 #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 275 #define PSA_WANT_ALG_ECB_NO_PADDING 1 276 #endif 277 278 #if defined(MBEDTLS_CIPHER_MODE_CFB) 279 #define MBEDTLS_PSA_BUILTIN_ALG_CFB 1 280 #define PSA_WANT_ALG_CFB 1 281 #endif 282 283 #if defined(MBEDTLS_CIPHER_MODE_CTR) 284 #define MBEDTLS_PSA_BUILTIN_ALG_CTR 1 285 #define PSA_WANT_ALG_CTR 1 286 #endif 287 288 #if defined(MBEDTLS_CIPHER_MODE_OFB) 289 #define MBEDTLS_PSA_BUILTIN_ALG_OFB 1 290 #define PSA_WANT_ALG_OFB 1 291 #endif 292 293 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) 294 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 295 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 296 #endif 297 298 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) 299 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 300 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 301 #endif 302 303 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) 304 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 305 #define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 306 #endif 307 308 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) 309 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 310 #define PSA_WANT_ECC_MONTGOMERY_255 1 311 #endif 312 313 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) 314 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 315 #define PSA_WANT_ECC_MONTGOMERY_448 1 316 #endif 317 318 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) 319 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 320 #define PSA_WANT_ECC_SECP_R1_192 1 321 #endif 322 323 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) 324 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 325 #define PSA_WANT_ECC_SECP_R1_224 1 326 #endif 327 328 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) 329 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 330 #define PSA_WANT_ECC_SECP_R1_256 1 331 #endif 332 333 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) 334 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 335 #define PSA_WANT_ECC_SECP_R1_384 1 336 #endif 337 338 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) 339 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 340 #define PSA_WANT_ECC_SECP_R1_521 1 341 #endif 342 343 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) 344 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 345 #define PSA_WANT_ECC_SECP_K1_192 1 346 #endif 347 348 /* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */ 349 #if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) 350 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 351 #define PSA_WANT_ECC_SECP_K1_224 1 352 #endif 353 354 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) 355 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 356 #define PSA_WANT_ECC_SECP_K1_256 1 357 #endif 358 359 #endif /* MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H */ 360
