1 /** 2 * \file mbedtls/config_adjust_psa_from_legacy.h 3 * \brief Adjust PSA configuration: construct PSA configuration from legacy 4 * 5 * When MBEDTLS_PSA_CRYPTO_CONFIG is disabled, we automatically enable 6 * cryptographic mechanisms through the PSA interface when the corresponding 7 * legacy mechanism is enabled. In many cases, this just enables the PSA 8 * wrapper code around the legacy implementation, but we also do this for 9 * some mechanisms where PSA has its own independent implementation so 10 * that high-level modules that can use either cryptographic API have the 11 * same feature set in both cases. 12 */ 13 /* 14 * Copyright The Mbed TLS Contributors 15 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 16 */ 17 18 #ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H 19 #define MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H 20 21 /* 22 * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG 23 * is not defined 24 */ 25 26 #if defined(MBEDTLS_CCM_C) 27 #define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 28 #define PSA_WANT_ALG_CCM 1 29 #if defined(MBEDTLS_CIPHER_C) 30 #define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1 31 #define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 32 #endif /* MBEDTLS_CIPHER_C */ 33 #endif /* MBEDTLS_CCM_C */ 34 35 #if defined(MBEDTLS_CMAC_C) 36 #define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 37 #define PSA_WANT_ALG_CMAC 1 38 #endif /* MBEDTLS_CMAC_C */ 39 40 #if defined(MBEDTLS_ECDH_C) 41 #define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 42 #define PSA_WANT_ALG_ECDH 1 43 #endif /* MBEDTLS_ECDH_C */ 44 45 #if defined(MBEDTLS_ECDSA_C) 46 #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 47 #define PSA_WANT_ALG_ECDSA 1 48 #define PSA_WANT_ALG_ECDSA_ANY 1 49 50 // Only add in DETERMINISTIC support if ECDSA is also enabled 51 #if defined(MBEDTLS_ECDSA_DETERMINISTIC) 52 #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 53 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 54 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ 55 56 #endif /* MBEDTLS_ECDSA_C */ 57 58 #if defined(MBEDTLS_ECP_C) 59 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 60 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 61 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 62 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 63 /* Normally we wouldn't enable this because it's not implemented in ecp.c, 64 * but since it used to be available any time ECP_C was enabled, let's enable 65 * it anyway for the sake of backwards compatibility */ 66 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 67 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 68 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 69 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 70 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 71 /* See comment for PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE above. */ 72 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 73 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 74 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 75 #endif /* MBEDTLS_ECP_C */ 76 77 #if defined(MBEDTLS_DHM_C) 78 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 79 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 80 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 81 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 82 #define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 83 #define PSA_WANT_ALG_FFDH 1 84 #define PSA_WANT_DH_RFC7919_2048 1 85 #define PSA_WANT_DH_RFC7919_3072 1 86 #define PSA_WANT_DH_RFC7919_4096 1 87 #define PSA_WANT_DH_RFC7919_6144 1 88 #define PSA_WANT_DH_RFC7919_8192 1 89 #define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 90 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1 91 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 92 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 93 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 94 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 95 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 1 96 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 1 97 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 1 98 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 1 99 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 1 100 #endif /* MBEDTLS_DHM_C */ 101 102 #if defined(MBEDTLS_GCM_C) 103 #define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 104 #define PSA_WANT_ALG_GCM 1 105 #endif /* MBEDTLS_GCM_C */ 106 107 /* Enable PSA HKDF algorithm if mbedtls HKDF is supported. 108 * PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when 109 * PSA HKDF is enabled, so enable both algorithms together 110 * with PSA HKDF. */ 111 #if defined(MBEDTLS_HKDF_C) 112 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 113 #define PSA_WANT_ALG_HMAC 1 114 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 115 #define PSA_WANT_ALG_HKDF 1 116 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 117 #define PSA_WANT_ALG_HKDF_EXTRACT 1 118 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 119 #define PSA_WANT_ALG_HKDF_EXPAND 1 120 #endif /* MBEDTLS_HKDF_C */ 121 122 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 123 #define PSA_WANT_ALG_HMAC 1 124 #define PSA_WANT_KEY_TYPE_HMAC 1 125 126 #if defined(MBEDTLS_MD_C) 127 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 128 #define PSA_WANT_ALG_TLS12_PRF 1 129 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 130 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 131 #endif /* MBEDTLS_MD_C */ 132 133 #if defined(MBEDTLS_MD5_C) 134 #define MBEDTLS_PSA_BUILTIN_ALG_MD5 1 135 #define PSA_WANT_ALG_MD5 1 136 #endif 137 138 #if defined(MBEDTLS_ECJPAKE_C) 139 #define MBEDTLS_PSA_BUILTIN_PAKE 1 140 #define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1 141 #define PSA_WANT_ALG_JPAKE 1 142 #endif 143 144 #if defined(MBEDTLS_RIPEMD160_C) 145 #define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1 146 #define PSA_WANT_ALG_RIPEMD160 1 147 #endif 148 149 #if defined(MBEDTLS_RSA_C) 150 #if defined(MBEDTLS_PKCS1_V15) 151 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 152 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 153 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 154 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 155 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1 156 #endif /* MBEDTLS_PKCS1_V15 */ 157 #if defined(MBEDTLS_PKCS1_V21) 158 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 159 #define PSA_WANT_ALG_RSA_OAEP 1 160 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 161 #define PSA_WANT_ALG_RSA_PSS 1 162 #endif /* MBEDTLS_PKCS1_V21 */ 163 #if defined(MBEDTLS_GENPRIME) 164 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 165 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 166 #endif /* MBEDTLS_GENPRIME */ 167 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 168 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 169 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 170 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 171 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 172 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 173 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 174 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 175 #endif /* MBEDTLS_RSA_C */ 176 177 #if defined(MBEDTLS_SHA1_C) 178 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1 179 #define PSA_WANT_ALG_SHA_1 1 180 #endif 181 182 #if defined(MBEDTLS_SHA224_C) 183 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1 184 #define PSA_WANT_ALG_SHA_224 1 185 #endif 186 187 #if defined(MBEDTLS_SHA256_C) 188 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 189 #define PSA_WANT_ALG_SHA_256 1 190 #endif 191 192 #if defined(MBEDTLS_SHA384_C) 193 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1 194 #define PSA_WANT_ALG_SHA_384 1 195 #endif 196 197 #if defined(MBEDTLS_SHA512_C) 198 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1 199 #define PSA_WANT_ALG_SHA_512 1 200 #endif 201 202 #if defined(MBEDTLS_SHA3_C) 203 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1 204 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1 205 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1 206 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1 207 #define PSA_WANT_ALG_SHA3_224 1 208 #define PSA_WANT_ALG_SHA3_256 1 209 #define PSA_WANT_ALG_SHA3_384 1 210 #define PSA_WANT_ALG_SHA3_512 1 211 #endif 212 213 #if defined(MBEDTLS_AES_C) 214 #define PSA_WANT_KEY_TYPE_AES 1 215 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 216 #endif 217 218 #if defined(MBEDTLS_ARIA_C) 219 #define PSA_WANT_KEY_TYPE_ARIA 1 220 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1 221 #endif 222 223 #if defined(MBEDTLS_CAMELLIA_C) 224 #define PSA_WANT_KEY_TYPE_CAMELLIA 1 225 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 226 #endif 227 228 #if defined(MBEDTLS_DES_C) 229 #define PSA_WANT_KEY_TYPE_DES 1 230 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1 231 #endif 232 233 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) 234 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1 235 #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 236 #endif 237 238 #if defined(MBEDTLS_CHACHA20_C) 239 #define PSA_WANT_KEY_TYPE_CHACHA20 1 240 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1 241 /* ALG_STREAM_CIPHER requires CIPHER_C in order to be supported in PSA */ 242 #if defined(MBEDTLS_CIPHER_C) 243 #define PSA_WANT_ALG_STREAM_CIPHER 1 244 #define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1 245 #endif 246 #if defined(MBEDTLS_CHACHAPOLY_C) 247 #define PSA_WANT_ALG_CHACHA20_POLY1305 1 248 #define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1 249 #endif 250 #endif 251 252 #if defined(MBEDTLS_CIPHER_MODE_CBC) 253 #define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1 254 #define PSA_WANT_ALG_CBC_NO_PADDING 1 255 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) 256 #define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1 257 #define PSA_WANT_ALG_CBC_PKCS7 1 258 #endif 259 #endif 260 261 #if (defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \ 262 defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)) && \ 263 defined(MBEDTLS_CIPHER_C) 264 #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 265 #define PSA_WANT_ALG_ECB_NO_PADDING 1 266 #endif 267 268 #if defined(MBEDTLS_CIPHER_MODE_CFB) 269 #define MBEDTLS_PSA_BUILTIN_ALG_CFB 1 270 #define PSA_WANT_ALG_CFB 1 271 #endif 272 273 #if defined(MBEDTLS_CIPHER_MODE_CTR) 274 #define MBEDTLS_PSA_BUILTIN_ALG_CTR 1 275 #define PSA_WANT_ALG_CTR 1 276 #endif 277 278 #if defined(MBEDTLS_CIPHER_MODE_OFB) 279 #define MBEDTLS_PSA_BUILTIN_ALG_OFB 1 280 #define PSA_WANT_ALG_OFB 1 281 #endif 282 283 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) 284 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 285 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 286 #endif 287 288 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) 289 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 290 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 291 #endif 292 293 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) 294 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 295 #define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 296 #endif 297 298 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) 299 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 300 #define PSA_WANT_ECC_MONTGOMERY_255 1 301 #endif 302 303 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) 304 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 305 #define PSA_WANT_ECC_MONTGOMERY_448 1 306 #endif 307 308 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) 309 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 310 #define PSA_WANT_ECC_SECP_R1_192 1 311 #endif 312 313 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) 314 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 315 #define PSA_WANT_ECC_SECP_R1_224 1 316 #endif 317 318 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) 319 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 320 #define PSA_WANT_ECC_SECP_R1_256 1 321 #endif 322 323 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) 324 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 325 #define PSA_WANT_ECC_SECP_R1_384 1 326 #endif 327 328 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) 329 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 330 #define PSA_WANT_ECC_SECP_R1_521 1 331 #endif 332 333 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) 334 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 335 #define PSA_WANT_ECC_SECP_K1_192 1 336 #endif 337 338 /* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */ 339 #if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) 340 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 341 #define PSA_WANT_ECC_SECP_K1_224 1 342 #endif 343 344 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) 345 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 346 #define PSA_WANT_ECC_SECP_K1_256 1 347 #endif 348 349 #endif /* MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H */ 350
