1 /**
2  * \file mbedtls/config_adjust_psa_superset_legacy.h
3  * \brief Adjust PSA configuration: automatic enablement from legacy
4  *
5  * This is an internal header. Do not include it directly.
6  *
7  * To simplify some edge cases, we automatically enable certain cryptographic
8  * mechanisms in the PSA API if they are enabled in the legacy API. The general
9  * idea is that if legacy module M uses mechanism A internally, and A has
10  * both a legacy and a PSA implementation, we enable A through PSA whenever
11  * it's enabled through legacy. This facilitates the transition to PSA
12  * implementations of A for users of M.
13  */
14 /*
15  *  Copyright The Mbed TLS Contributors
16  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
17  */
18 
19 #ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
20 #define MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
21 
22 #if !defined(MBEDTLS_CONFIG_FILES_READ)
23 #error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
24     "up to and including runtime errors such as buffer overflows. " \
25     "If you're trying to fix a complaint from check_config.h, just remove " \
26     "it from your configuration file: since Mbed TLS 3.0, it is included " \
27     "automatically at the right point."
28 #endif /* */
29 
30 /****************************************************************/
31 /* Hashes that are built in are also enabled in PSA.
32  * This simplifies dependency declarations especially
33  * for modules that obey MBEDTLS_USE_PSA_CRYPTO. */
34 /****************************************************************/
35 
36 #if defined(MBEDTLS_MD5_C)
37 #define PSA_WANT_ALG_MD5 1
38 #endif
39 
40 #if defined(MBEDTLS_RIPEMD160_C)
41 #define PSA_WANT_ALG_RIPEMD160 1
42 #endif
43 
44 #if defined(MBEDTLS_SHA1_C)
45 #define PSA_WANT_ALG_SHA_1 1
46 #endif
47 
48 #if defined(MBEDTLS_SHA224_C)
49 #define PSA_WANT_ALG_SHA_224 1
50 #endif
51 
52 #if defined(MBEDTLS_SHA256_C)
53 #define PSA_WANT_ALG_SHA_256 1
54 #endif
55 
56 #if defined(MBEDTLS_SHA384_C)
57 #define PSA_WANT_ALG_SHA_384 1
58 #endif
59 
60 #if defined(MBEDTLS_SHA512_C)
61 #define PSA_WANT_ALG_SHA_512 1
62 #endif
63 
64 #if defined(MBEDTLS_SHA3_C)
65 #define PSA_WANT_ALG_SHA3_224 1
66 #define PSA_WANT_ALG_SHA3_256 1
67 #define PSA_WANT_ALG_SHA3_384 1
68 #define PSA_WANT_ALG_SHA3_512 1
69 #endif
70 
71 /* Ensure that the PSA's supported curves (PSA_WANT_ECC_xxx) are always a
72  * superset of the builtin ones (MBEDTLS_ECP_DP_xxx). */
73 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
74 #if !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
75 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
76 #endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
77 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
78 
79 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
80 #if !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
81 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
82 #endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
83 #endif /*MBEDTLS_ECP_DP_BP384R1_ENABLED  */
84 
85 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
86 #if !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
87 #define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
88 #endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
89 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
90 
91 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
92 #if !defined(PSA_WANT_ECC_MONTGOMERY_255)
93 #define PSA_WANT_ECC_MONTGOMERY_255 1
94 #endif /* PSA_WANT_ECC_MONTGOMERY_255 */
95 #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
96 
97 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
98 #if !defined(PSA_WANT_ECC_MONTGOMERY_448)
99 #define PSA_WANT_ECC_MONTGOMERY_448 1
100 #endif /* PSA_WANT_ECC_MONTGOMERY_448 */
101 #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
102 
103 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
104 #if !defined(PSA_WANT_ECC_SECP_R1_192)
105 #define PSA_WANT_ECC_SECP_R1_192 1
106 #endif /* PSA_WANT_ECC_SECP_R1_192 */
107 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
108 
109 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
110 #if !defined(PSA_WANT_ECC_SECP_R1_224)
111 #define PSA_WANT_ECC_SECP_R1_224 1
112 #endif /* PSA_WANT_ECC_SECP_R1_224 */
113 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
114 
115 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
116 #if !defined(PSA_WANT_ECC_SECP_R1_256)
117 #define PSA_WANT_ECC_SECP_R1_256 1
118 #endif /* PSA_WANT_ECC_SECP_R1_256 */
119 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
120 
121 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
122 #if !defined(PSA_WANT_ECC_SECP_R1_384)
123 #define PSA_WANT_ECC_SECP_R1_384 1
124 #endif /* PSA_WANT_ECC_SECP_R1_384 */
125 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
126 
127 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
128 #if !defined(PSA_WANT_ECC_SECP_R1_521)
129 #define PSA_WANT_ECC_SECP_R1_521 1
130 #endif /* PSA_WANT_ECC_SECP_R1_521 */
131 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
132 
133 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
134 #if !defined(PSA_WANT_ECC_SECP_K1_192)
135 #define PSA_WANT_ECC_SECP_K1_192 1
136 #endif /* PSA_WANT_ECC_SECP_K1_192 */
137 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
138 
139 /* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
140 #if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
141 #if !defined(PSA_WANT_ECC_SECP_K1_224)
142 #define PSA_WANT_ECC_SECP_K1_224 1
143 #endif /* PSA_WANT_ECC_SECP_K1_224 */
144 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
145 
146 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
147 #if !defined(PSA_WANT_ECC_SECP_K1_256)
148 #define PSA_WANT_ECC_SECP_K1_256 1
149 #endif /* PSA_WANT_ECC_SECP_K1_256 */
150 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
151 
152 #endif /* MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H */
153