1 /** 2 * Macros to express dependencies for code and tests that may use either the 3 * legacy API or PSA in various builds. This whole header file is currently 4 * for internal use only and both the header file and the macros it defines 5 * may change or be removed without notice. 6 */ 7 /* 8 * Copyright The Mbed TLS Contributors 9 * SPDX-License-Identifier: Apache-2.0 10 * 11 * Licensed under the Apache License, Version 2.0 (the "License"); you may 12 * not use this file except in compliance with the License. 13 * You may obtain a copy of the License at 14 * 15 * http://www.apache.org/licenses/LICENSE-2.0 16 * 17 * Unless required by applicable law or agreed to in writing, software 18 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 19 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 * See the License for the specific language governing permissions and 21 * limitations under the License. 22 */ 23 24 /* 25 * Note: applications that are targeting a specific configuration do not need 26 * to use these macros; instead they should directly use the functions they 27 * know are available in their configuration. 28 * 29 * Note: code that is purely based on PSA Crypto (psa_xxx() functions) 30 * does not need to use these macros; instead it should use the relevant 31 * PSA_WANT_xxx macros. 32 * 33 * Note: code that is purely based on the legacy crypto APIs (mbedtls_xxx()) 34 * does not need to use these macros; instead it should use the relevant 35 * MBEDTLS_xxx macros. 36 * 37 * These macros are for code that wants to use <crypto feature> and will do so 38 * using <legacy API> or PSA depending on <condition>, where: 39 * - <crypto feature> will generally be an algorithm (SHA-256, ECDH) but may 40 * also be a key type (AES, RSA, EC) or domain parameters (elliptic curve); 41 * - <legacy API> will be either: 42 * - low-level module API (aes.h, sha256.h), or 43 * - an abstraction layer (md.h, cipher.h); 44 * - <condition> will be either: 45 * - depending on what's available in the build: 46 * legacy API used if available, PSA otherwise 47 * (this is done to ensure backwards compatibility); or 48 * - depending on whether MBEDTLS_USE_PSA_CRYPTO is defined. 49 * 50 * Examples: 51 * - TLS 1.2 will compute hashes using either mbedtls_md_xxx() (and 52 * mbedtls_sha256_xxx()) or psa_aead_xxx() depending on whether 53 * MBEDTLS_USE_PSA_CRYPTO is defined; 54 * - RSA PKCS#1 v2.1 will compute hashes (for padding) using either 55 * `mbedtls_md()` if it's available, or `psa_hash_compute()` otherwise; 56 * - PEM decoding of PEM-encrypted keys will compute MD5 hashes using either 57 * `mbedtls_md5_xxx()` if it's available, or `psa_hash_xxx()` otherwise. 58 * 59 * Note: the macros are essential to express test dependencies. Inside code, 60 * we could instead just use the equivalent pre-processor condition, but 61 * that's not possible in test dependencies where we need a single macro. 62 * Hopefully, using these macros in code will also help with consistency. 63 * 64 * The naming scheme for these macros is: 65 * MBEDTLS_HAS_feature_VIA_legacy_OR_PSA(_condition) 66 * where: 67 * - feature is expressed the same way as in PSA_WANT macros, for example: 68 * KEY_TYPE_AES, ALG_SHA_256, ECC_SECP_R1_256; 69 * - legacy is either LOWLEVEL or the name of the layer: MD, CIPHER; 70 * - condition is omitted if it's based on availability, else it's 71 * BASED_ON_USE_PSA. 72 * 73 * Coming back to the examples above: 74 * - TLS 1.2 will determine if it can use SHA-256 using 75 * MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA 76 * for the purposes of negotiation, and in test dependencies; 77 * - RSA PKCS#1 v2.1 tests that used SHA-256 will depend on 78 * MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA 79 * - PEM decoding code and its associated tests will depend on 80 * MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA 81 * 82 * Note: every time it's possible to use, say SHA-256, via the MD API, then 83 * it's also possible to use it via the low-level API. So, code that wants to 84 * use SHA-256 via both APIs only needs to depend on the MD macro. Also, it 85 * just so happens that all the code choosing which API to use based on 86 * MBEDTLS_USE_PSA_CRYPTO (X.509, TLS 1.2/shared), always uses the abstraction 87 * layer (sometimes in addition to the low-level API), so we don't need the 88 * MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA_BASED_ON_USE_PSA macros. 89 * (PK, while obeying MBEDTLS_USE_PSA_CRYPTO, doesn't compute hashes itself, 90 * even less makes use of ciphers.) 91 * 92 * Note: the macros MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA are the minimal 93 * condition for being able to use <feature> at all. As such, they should be 94 * used for guarding data about <feature>, such as OIDs or size. For example, 95 * OID values related to SHA-256 are only useful when SHA-256 can be used at 96 * least in some way. 97 */ 98 99 #ifndef MBEDTLS_OR_PSA_HELPERS_H 100 #define MBEDTLS_OR_PSA_HELPERS_H 101 102 #include "mbedtls/build_info.h" 103 #if defined(MBEDTLS_PSA_CRYPTO_C) 104 #include "psa/crypto.h" 105 #endif /* MBEDTLS_PSA_CRYPTO_C */ 106 107 /* 108 * Hashes 109 */ 110 111 /* Hashes using low-level or PSA based on availability */ 112 #if defined(MBEDTLS_MD5_C) || \ 113 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) ) 114 #define MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA 115 #endif 116 #if defined(MBEDTLS_RIPEMD160_C) || \ 117 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) ) 118 #define MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA 119 #endif 120 #if defined(MBEDTLS_SHA1_C) || \ 121 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) ) 122 #define MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA 123 #endif 124 #if defined(MBEDTLS_SHA224_C) || \ 125 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) ) 126 #define MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA 127 #endif 128 #if defined(MBEDTLS_SHA256_C) || \ 129 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) ) 130 #define MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA 131 #endif 132 #if defined(MBEDTLS_SHA384_C) || \ 133 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) ) 134 #define MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA 135 #endif 136 #if defined(MBEDTLS_SHA512_C) || \ 137 ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) ) 138 #define MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA 139 #endif 140 141 /* Hashes using MD or PSA based on availability */ 142 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) || \ 143 ( !defined(MBEDTLS_MD_C) && \ 144 defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) ) 145 #define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA 146 #endif 147 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) || \ 148 ( !defined(MBEDTLS_MD_C) && \ 149 defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) ) 150 #define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA 151 #endif 152 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \ 153 ( !defined(MBEDTLS_MD_C) && \ 154 defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) ) 155 #define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA 156 #endif 157 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \ 158 ( !defined(MBEDTLS_MD_C) && \ 159 defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) ) 160 #define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA 161 #endif 162 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \ 163 ( !defined(MBEDTLS_MD_C) && \ 164 defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) ) 165 #define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA 166 #endif 167 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \ 168 ( !defined(MBEDTLS_MD_C) && \ 169 defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) ) 170 #define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA 171 #endif 172 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \ 173 ( !defined(MBEDTLS_MD_C) && \ 174 defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) ) 175 #define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA 176 #endif 177 178 /* Hashes using MD or PSA based on MBEDTLS_USE_PSA_CRYPTO */ 179 #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ 180 defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) || \ 181 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_MD5) ) 182 #define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA 183 #endif 184 #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ 185 defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) || \ 186 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_RIPEMD160) ) 187 #define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA 188 #endif 189 #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ 190 defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \ 191 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) ) 192 #define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA 193 #endif 194 #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ 195 defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \ 196 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) ) 197 #define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA 198 #endif 199 #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ 200 defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \ 201 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) ) 202 #define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA 203 #endif 204 #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ 205 defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \ 206 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) ) 207 #define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA 208 #endif 209 #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ 210 defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \ 211 ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) ) 212 #define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA 213 #endif 214 215 #endif /* MBEDTLS_OR_PSA_HELPERS_H */ 216
