1 /** 2 * \file mbedtls/config_adjust_psa_from_legacy.h 3 * \brief Adjust PSA configuration: construct PSA configuration from legacy 4 * 5 * When MBEDTLS_PSA_CRYPTO_CONFIG is disabled, we automatically enable 6 * cryptographic mechanisms through the PSA interface when the corresponding 7 * legacy mechanism is enabled. In many cases, this just enables the PSA 8 * wrapper code around the legacy implementation, but we also do this for 9 * some mechanisms where PSA has its own independent implementation so 10 * that high-level modules that can use either cryptographic API have the 11 * same feature set in both cases. 12 */ 13 /* 14 * Copyright The Mbed TLS Contributors 15 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 16 */ 17 18 #ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H 19 #define MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H 20 21 /* 22 * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG 23 * is not defined 24 */ 25 26 #if defined(MBEDTLS_CCM_C) 27 #define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 28 #define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1 29 #define PSA_WANT_ALG_CCM 1 30 #define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 31 #endif /* MBEDTLS_CCM_C */ 32 33 #if defined(MBEDTLS_CMAC_C) 34 #define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 35 #define PSA_WANT_ALG_CMAC 1 36 #endif /* MBEDTLS_CMAC_C */ 37 38 #if defined(MBEDTLS_ECDH_C) 39 #define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 40 #define PSA_WANT_ALG_ECDH 1 41 #endif /* MBEDTLS_ECDH_C */ 42 43 #if defined(MBEDTLS_ECDSA_C) 44 #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 45 #define PSA_WANT_ALG_ECDSA 1 46 #define PSA_WANT_ALG_ECDSA_ANY 1 47 48 // Only add in DETERMINISTIC support if ECDSA is also enabled 49 #if defined(MBEDTLS_ECDSA_DETERMINISTIC) 50 #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 51 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 52 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ 53 54 #endif /* MBEDTLS_ECDSA_C */ 55 56 #if defined(MBEDTLS_ECP_C) 57 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 58 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 59 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 60 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 61 /* Normally we wouldn't enable this because it's not implemented in ecp.c, 62 * but since it used to be available any time ECP_C was enabled, let's enable 63 * it anyway for the sake of backwards compatibility */ 64 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 65 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 66 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 67 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 68 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 69 /* See comment for PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE above. */ 70 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 71 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 72 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 73 #endif /* MBEDTLS_ECP_C */ 74 75 #if defined(MBEDTLS_DHM_C) 76 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 77 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 78 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 79 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 80 #define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 81 #define PSA_WANT_ALG_FFDH 1 82 #define PSA_WANT_DH_FAMILY_RFC7919 1 83 #define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 84 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1 85 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 86 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 87 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 88 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 89 #endif /* MBEDTLS_DHM_C */ 90 91 #if defined(MBEDTLS_GCM_C) 92 #define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 93 #define PSA_WANT_ALG_GCM 1 94 #endif /* MBEDTLS_GCM_C */ 95 96 /* Enable PSA HKDF algorithm if mbedtls HKDF is supported. 97 * PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when 98 * PSA HKDF is enabled, so enable both algorithms together 99 * with PSA HKDF. */ 100 #if defined(MBEDTLS_HKDF_C) 101 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 102 #define PSA_WANT_ALG_HMAC 1 103 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 104 #define PSA_WANT_ALG_HKDF 1 105 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 106 #define PSA_WANT_ALG_HKDF_EXTRACT 1 107 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 108 #define PSA_WANT_ALG_HKDF_EXPAND 1 109 #endif /* MBEDTLS_HKDF_C */ 110 111 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 112 #define PSA_WANT_ALG_HMAC 1 113 #define PSA_WANT_KEY_TYPE_HMAC 1 114 115 #if defined(MBEDTLS_MD_C) 116 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 117 #define PSA_WANT_ALG_TLS12_PRF 1 118 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 119 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 120 #endif /* MBEDTLS_MD_C */ 121 122 #if defined(MBEDTLS_MD5_C) 123 #define MBEDTLS_PSA_BUILTIN_ALG_MD5 1 124 #define PSA_WANT_ALG_MD5 1 125 #endif 126 127 #if defined(MBEDTLS_ECJPAKE_C) 128 #define MBEDTLS_PSA_BUILTIN_PAKE 1 129 #define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1 130 #define PSA_WANT_ALG_JPAKE 1 131 #endif 132 133 #if defined(MBEDTLS_RIPEMD160_C) 134 #define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1 135 #define PSA_WANT_ALG_RIPEMD160 1 136 #endif 137 138 #if defined(MBEDTLS_RSA_C) 139 #if defined(MBEDTLS_PKCS1_V15) 140 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 141 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 142 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 143 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 144 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1 145 #endif /* MBEDTLS_PKCS1_V15 */ 146 #if defined(MBEDTLS_PKCS1_V21) 147 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 148 #define PSA_WANT_ALG_RSA_OAEP 1 149 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 150 #define PSA_WANT_ALG_RSA_PSS 1 151 #endif /* MBEDTLS_PKCS1_V21 */ 152 #if defined(MBEDTLS_GENPRIME) 153 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 154 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 155 #endif /* MBEDTLS_GENPRIME */ 156 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 157 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 158 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 159 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 160 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 161 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 162 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 163 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 164 #endif /* MBEDTLS_RSA_C */ 165 166 #if defined(MBEDTLS_SHA1_C) 167 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1 168 #define PSA_WANT_ALG_SHA_1 1 169 #endif 170 171 #if defined(MBEDTLS_SHA224_C) 172 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1 173 #define PSA_WANT_ALG_SHA_224 1 174 #endif 175 176 #if defined(MBEDTLS_SHA256_C) 177 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 178 #define PSA_WANT_ALG_SHA_256 1 179 #endif 180 181 #if defined(MBEDTLS_SHA384_C) 182 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1 183 #define PSA_WANT_ALG_SHA_384 1 184 #endif 185 186 #if defined(MBEDTLS_SHA512_C) 187 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1 188 #define PSA_WANT_ALG_SHA_512 1 189 #endif 190 191 #if defined(MBEDTLS_SHA3_C) 192 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1 193 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1 194 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1 195 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1 196 #define PSA_WANT_ALG_SHA3_224 1 197 #define PSA_WANT_ALG_SHA3_256 1 198 #define PSA_WANT_ALG_SHA3_384 1 199 #define PSA_WANT_ALG_SHA3_512 1 200 #endif 201 202 #if defined(MBEDTLS_AES_C) 203 #define PSA_WANT_KEY_TYPE_AES 1 204 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 205 #endif 206 207 #if defined(MBEDTLS_ARIA_C) 208 #define PSA_WANT_KEY_TYPE_ARIA 1 209 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1 210 #endif 211 212 #if defined(MBEDTLS_CAMELLIA_C) 213 #define PSA_WANT_KEY_TYPE_CAMELLIA 1 214 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 215 #endif 216 217 #if defined(MBEDTLS_DES_C) 218 #define PSA_WANT_KEY_TYPE_DES 1 219 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1 220 #endif 221 222 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) 223 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1 224 #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 225 #endif 226 227 #if defined(MBEDTLS_CHACHA20_C) 228 #define PSA_WANT_KEY_TYPE_CHACHA20 1 229 #define PSA_WANT_ALG_STREAM_CIPHER 1 230 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1 231 #define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1 232 #if defined(MBEDTLS_CHACHAPOLY_C) 233 #define PSA_WANT_ALG_CHACHA20_POLY1305 1 234 #define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1 235 #endif 236 #endif 237 238 #if defined(MBEDTLS_CIPHER_MODE_CBC) 239 #define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1 240 #define PSA_WANT_ALG_CBC_NO_PADDING 1 241 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) 242 #define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1 243 #define PSA_WANT_ALG_CBC_PKCS7 1 244 #endif 245 #endif 246 247 #if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \ 248 defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C) 249 #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 250 #define PSA_WANT_ALG_ECB_NO_PADDING 1 251 #endif 252 253 #if defined(MBEDTLS_CIPHER_MODE_CFB) 254 #define MBEDTLS_PSA_BUILTIN_ALG_CFB 1 255 #define PSA_WANT_ALG_CFB 1 256 #endif 257 258 #if defined(MBEDTLS_CIPHER_MODE_CTR) 259 #define MBEDTLS_PSA_BUILTIN_ALG_CTR 1 260 #define PSA_WANT_ALG_CTR 1 261 #endif 262 263 #if defined(MBEDTLS_CIPHER_MODE_OFB) 264 #define MBEDTLS_PSA_BUILTIN_ALG_OFB 1 265 #define PSA_WANT_ALG_OFB 1 266 #endif 267 268 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) 269 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 270 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 271 #endif 272 273 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) 274 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 275 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 276 #endif 277 278 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) 279 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 280 #define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 281 #endif 282 283 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) 284 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 285 #define PSA_WANT_ECC_MONTGOMERY_255 1 286 #endif 287 288 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) 289 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 290 #define PSA_WANT_ECC_MONTGOMERY_448 1 291 #endif 292 293 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) 294 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 295 #define PSA_WANT_ECC_SECP_R1_192 1 296 #endif 297 298 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) 299 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 300 #define PSA_WANT_ECC_SECP_R1_224 1 301 #endif 302 303 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) 304 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 305 #define PSA_WANT_ECC_SECP_R1_256 1 306 #endif 307 308 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) 309 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 310 #define PSA_WANT_ECC_SECP_R1_384 1 311 #endif 312 313 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) 314 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 315 #define PSA_WANT_ECC_SECP_R1_521 1 316 #endif 317 318 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) 319 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 320 #define PSA_WANT_ECC_SECP_K1_192 1 321 #endif 322 323 /* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */ 324 #if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) 325 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 326 #define PSA_WANT_ECC_SECP_K1_224 1 327 #endif 328 329 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) 330 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 331 #define PSA_WANT_ECC_SECP_K1_256 1 332 #endif 333 334 #endif /* MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H */ 335
