Mbed TLS v2.28.9
Loading...
Searching...
No Matches
config_psa.h
Go to the documentation of this file.
1
13/*
14 * Copyright The Mbed TLS Contributors
15 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
16 */
17
18#ifndef MBEDTLS_CONFIG_PSA_H
19#define MBEDTLS_CONFIG_PSA_H
20
21#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
22#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
23#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
24#else
25#include "psa/crypto_config.h"
26#endif
27#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
28
29#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
30#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
31#endif
32
33#ifdef __cplusplus
34extern "C" {
35#endif
36
37
38
39/****************************************************************/
40/* De facto synonyms */
41/****************************************************************/
42
43#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
44#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
45#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
46#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
47#endif
48
49#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
50#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
51#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
52#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
53#endif
54
55#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS)
56#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT
57#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS)
58#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS
59#endif
60
61
62
63/****************************************************************/
64/* Require built-in implementations based on PSA requirements */
65/****************************************************************/
66
67#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
68
69#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
70#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
71#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
72#define MBEDTLS_ECDSA_DETERMINISTIC
73#define MBEDTLS_ECDSA_C
74#define MBEDTLS_HMAC_DRBG_C
75#define MBEDTLS_MD_C
76#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
77#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
78
79#if defined(PSA_WANT_ALG_ECDH)
80#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
81#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
82#define MBEDTLS_ECDH_C
83#define MBEDTLS_ECP_C
84#define MBEDTLS_BIGNUM_C
85#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
86#endif /* PSA_WANT_ALG_ECDH */
87
88#if defined(PSA_WANT_ALG_ECDSA)
89#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
90#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
91#define MBEDTLS_ECDSA_C
92#define MBEDTLS_ECP_C
93#define MBEDTLS_BIGNUM_C
94#define MBEDTLS_ASN1_PARSE_C
95#define MBEDTLS_ASN1_WRITE_C
96#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
97#endif /* PSA_WANT_ALG_ECDSA */
98
99#if defined(PSA_WANT_ALG_HKDF)
100#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
101/*
102 * The PSA implementation has its own implementation of HKDF, separate from
103 * hkdf.c. No need to enable MBEDTLS_HKDF_C here.
104 */
105#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
106#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
107#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
108#endif /* PSA_WANT_ALG_HKDF */
109
110#if defined(PSA_WANT_ALG_HMAC)
111#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
112#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
113#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
114#endif /* PSA_WANT_ALG_HMAC */
115
116#if defined(PSA_WANT_ALG_MD2) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD2)
117#define MBEDTLS_PSA_BUILTIN_ALG_MD2 1
118#define MBEDTLS_MD2_C
119#endif
120
121#if defined(PSA_WANT_ALG_MD4) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD4)
122#define MBEDTLS_PSA_BUILTIN_ALG_MD4 1
123#define MBEDTLS_MD4_C
124#endif
125
126#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
127#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
128#define MBEDTLS_MD5_C
129#endif
130
131#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
132#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
133#define MBEDTLS_RIPEMD160_C
134#endif
135
136#if defined(PSA_WANT_ALG_RSA_OAEP)
137#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
138#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
139#define MBEDTLS_RSA_C
140#define MBEDTLS_BIGNUM_C
141#define MBEDTLS_OID_C
142#define MBEDTLS_PKCS1_V21
143#define MBEDTLS_MD_C
144#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
145#endif /* PSA_WANT_ALG_RSA_OAEP */
146
147#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
148#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
149#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
150#define MBEDTLS_RSA_C
151#define MBEDTLS_BIGNUM_C
152#define MBEDTLS_OID_C
153#define MBEDTLS_PKCS1_V15
154#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */
155#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
156
157#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
158#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
159#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
160#define MBEDTLS_RSA_C
161#define MBEDTLS_BIGNUM_C
162#define MBEDTLS_OID_C
163#define MBEDTLS_PKCS1_V15
164#define MBEDTLS_MD_C
165#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
166#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
167
168#if defined(PSA_WANT_ALG_RSA_PSS)
169#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
170#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
171#define MBEDTLS_RSA_C
172#define MBEDTLS_BIGNUM_C
173#define MBEDTLS_OID_C
174#define MBEDTLS_PKCS1_V21
175#define MBEDTLS_MD_C
176#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
177#endif /* PSA_WANT_ALG_RSA_PSS */
178
179#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
180#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
181#define MBEDTLS_SHA1_C
182#endif
183
184#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
185#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
186#define MBEDTLS_SHA256_C
187#endif
188
189#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
190#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
191#define MBEDTLS_SHA256_C
192#endif
193
194#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
195#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
196#define MBEDTLS_SHA512_C
197#endif
198
199#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
200#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
201#define MBEDTLS_SHA512_C
202#endif
203
204#if defined(PSA_WANT_ALG_TLS12_PRF)
205#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
206#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
207#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
208#endif /* PSA_WANT_ALG_TLS12_PRF */
209
210#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
211#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
212#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
213#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
214#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
215
216#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
217#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
218#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
219#define MBEDTLS_ECP_C
220#define MBEDTLS_BIGNUM_C
221#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */
222#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
223
224#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
225#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
226#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
227#define MBEDTLS_ECP_C
228#define MBEDTLS_BIGNUM_C
229#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
230#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
231
232#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
233#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
234#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
235#define MBEDTLS_RSA_C
236#define MBEDTLS_BIGNUM_C
237#define MBEDTLS_OID_C
238#define MBEDTLS_GENPRIME
239#define MBEDTLS_PK_PARSE_C
240#define MBEDTLS_PK_WRITE_C
241#define MBEDTLS_PK_C
242#define MBEDTLS_ASN1_PARSE_C
243#define MBEDTLS_ASN1_WRITE_C
244#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */
245#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
246
247#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
248#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
249#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
250#define MBEDTLS_RSA_C
251#define MBEDTLS_BIGNUM_C
252#define MBEDTLS_OID_C
253#define MBEDTLS_PK_PARSE_C
254#define MBEDTLS_PK_WRITE_C
255#define MBEDTLS_PK_C
256#define MBEDTLS_ASN1_PARSE_C
257#define MBEDTLS_ASN1_WRITE_C
258#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
259#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
260
261/* If any of the block modes are requested that don't have an
262 * associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking
263 * in the block cipher key types. */
264#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
265 (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
266 (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
267 defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
268 (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
269 !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
270 (defined(PSA_WANT_ALG_CBC_PKCS7) && \
271 !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
272 (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
273#define PSA_HAVE_SOFT_BLOCK_MODE 1
274#endif
275
276#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
277 (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
278#define PSA_HAVE_SOFT_BLOCK_AEAD 1
279#endif
280
281#if defined(PSA_WANT_KEY_TYPE_AES)
282#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
283#define PSA_HAVE_SOFT_KEY_TYPE_AES 1
284#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
285#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
286 defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
287 defined(PSA_HAVE_SOFT_BLOCK_AEAD)
288#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
289#define MBEDTLS_AES_C
290#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
291#endif /* PSA_WANT_KEY_TYPE_AES */
292
293#if defined(PSA_WANT_KEY_TYPE_ARC4)
294#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4)
295#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4 1
296#define MBEDTLS_ARC4_C
297#endif
298#endif /* PSA_WANT_KEY_TYPE_ARC4 */
299
300#if defined(PSA_WANT_KEY_TYPE_ARIA)
301#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
302#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1
303#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */
304#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
305 defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
306 defined(PSA_HAVE_SOFT_BLOCK_AEAD)
307#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
308#define MBEDTLS_ARIA_C
309#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */
310#endif /* PSA_WANT_KEY_TYPE_ARIA */
311
312#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
313#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
314#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
315#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
316#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
317 defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
318 defined(PSA_HAVE_SOFT_BLOCK_AEAD)
319#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
320#define MBEDTLS_CAMELLIA_C
321#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */
322#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
323
324#if defined(PSA_WANT_KEY_TYPE_DES)
325#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
326#define PSA_HAVE_SOFT_KEY_TYPE_DES 1
327#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
328#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
329 defined(PSA_HAVE_SOFT_BLOCK_MODE)
330#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
331#define MBEDTLS_DES_C
332#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
333#endif /* PSA_WANT_KEY_TYPE_DES */
334
335#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
336#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
337#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
338#define MBEDTLS_CHACHA20_C
339#endif
340#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
341
342/* If any of the software block ciphers are selected, define
343 * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
344 * situations. */
345#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
346 defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
347 defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
348 defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
349#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
350#endif
351
352#if defined(PSA_WANT_ALG_STREAM_CIPHER)
353#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
354#endif /* PSA_WANT_ALG_STREAM_CIPHER */
355
356#if defined(PSA_WANT_ALG_CBC_MAC)
357#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
358#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
359#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
360#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
361#endif /* PSA_WANT_ALG_CBC_MAC */
362
363#if defined(PSA_WANT_ALG_CMAC)
364#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
365 defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
366#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
367#define MBEDTLS_CMAC_C
368#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
369#endif /* PSA_WANT_ALG_CMAC */
370
371#if defined(PSA_WANT_ALG_CTR)
372#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
373 defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
374#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
375#define MBEDTLS_CIPHER_MODE_CTR
376#endif
377#endif /* PSA_WANT_ALG_CTR */
378
379#if defined(PSA_WANT_ALG_CFB)
380#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
381 defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
382#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
383#define MBEDTLS_CIPHER_MODE_CFB
384#endif
385#endif /* PSA_WANT_ALG_CFB */
386
387#if defined(PSA_WANT_ALG_OFB)
388#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
389 defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
390#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
391#define MBEDTLS_CIPHER_MODE_OFB
392#endif
393#endif /* PSA_WANT_ALG_OFB */
394
395#if defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
396 !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
397#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
398#endif
399
400#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
401#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
402 defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
403#define MBEDTLS_CIPHER_MODE_CBC
404#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
405#endif
406#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
407
408#if defined(PSA_WANT_ALG_CBC_PKCS7)
409#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
410 defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
411#define MBEDTLS_CIPHER_MODE_CBC
412#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
413#define MBEDTLS_CIPHER_PADDING_PKCS7
414#endif
415#endif /* PSA_WANT_ALG_CBC_PKCS7 */
416
417#if defined(PSA_WANT_ALG_CCM)
418#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
419 defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
420 defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
421 defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
422#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
423#define MBEDTLS_CCM_C
424#endif
425#endif /* PSA_WANT_ALG_CCM */
426
427#if defined(PSA_WANT_ALG_GCM)
428#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
429 defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
430 defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
431 defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
432#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
433#define MBEDTLS_GCM_C
434#endif
435#endif /* PSA_WANT_ALG_GCM */
436
437#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
438#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
439#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
440#define MBEDTLS_CHACHAPOLY_C
441#define MBEDTLS_CHACHA20_C
442#define MBEDTLS_POLY1305_C
443#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
444#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
445#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
446#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
447
448#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
449#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
450#define MBEDTLS_ECP_DP_BP256R1_ENABLED
451#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
452#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
453#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
454
455#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
456#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
457#define MBEDTLS_ECP_DP_BP384R1_ENABLED
458#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
459#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
460#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
461
462#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
463#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
464#define MBEDTLS_ECP_DP_BP512R1_ENABLED
465#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
466#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
467#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
468
469#if defined(PSA_WANT_ECC_MONTGOMERY_255)
470#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
471#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
472#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
473#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
474#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
475
476#if defined(PSA_WANT_ECC_MONTGOMERY_448)
477#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
478/*
479 * Curve448 is not yet supported via the PSA API in Mbed TLS
480 * (https://github.com/Mbed-TLS/mbedtls/issues/4249).
481 */
482#error "Curve448 is not yet supported via the PSA API in Mbed TLS."
483#define MBEDTLS_ECP_DP_CURVE448_ENABLED
484#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
485#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
486#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
487
488#if defined(PSA_WANT_ECC_SECP_R1_192)
489#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
490#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
491#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
492#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
493#endif /* PSA_WANT_ECC_SECP_R1_192 */
494
495#if defined(PSA_WANT_ECC_SECP_R1_224)
496#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
497#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
498#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
499#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
500#endif /* PSA_WANT_ECC_SECP_R1_224 */
501
502#if defined(PSA_WANT_ECC_SECP_R1_256)
503#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
504#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
505#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
506#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
507#endif /* PSA_WANT_ECC_SECP_R1_256 */
508
509#if defined(PSA_WANT_ECC_SECP_R1_384)
510#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
511#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
512#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
513#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
514#endif /* PSA_WANT_ECC_SECP_R1_384 */
515
516#if defined(PSA_WANT_ECC_SECP_R1_521)
517#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
518#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
519#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
520#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
521#endif /* PSA_WANT_ECC_SECP_R1_521 */
522
523#if defined(PSA_WANT_ECC_SECP_K1_192)
524#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
525#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
526#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
527#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
528#endif /* PSA_WANT_ECC_SECP_K1_192 */
529
530#if defined(PSA_WANT_ECC_SECP_K1_224)
531#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
532/*
533 * SECP224K1 is buggy via the PSA API in Mbed TLS
534 * (https://github.com/Mbed-TLS/mbedtls/issues/3541).
535 */
536#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
537#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
538#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
539#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
540#endif /* PSA_WANT_ECC_SECP_K1_224 */
541
542#if defined(PSA_WANT_ECC_SECP_K1_256)
543#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
544#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
545#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
546#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
547#endif /* PSA_WANT_ECC_SECP_K1_256 */
548
549
550
551/****************************************************************/
552/* Infer PSA requirements from Mbed TLS capabilities */
553/****************************************************************/
554
555#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
556
557/*
558 * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
559 * is not defined
560 */
561
562#if defined(MBEDTLS_CCM_C)
563#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
564#define PSA_WANT_ALG_CCM 1
565#endif /* MBEDTLS_CCM_C */
566
567#if defined(MBEDTLS_CMAC_C)
568#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
569#define PSA_WANT_ALG_CMAC 1
570#endif /* MBEDTLS_CMAC_C */
571
572#if defined(MBEDTLS_ECDH_C)
573#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
574#define PSA_WANT_ALG_ECDH 1
575#endif /* MBEDTLS_ECDH_C */
576
577#if defined(MBEDTLS_ECDSA_C)
578#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
579#define PSA_WANT_ALG_ECDSA 1
580#define PSA_WANT_ALG_ECDSA_ANY 1
581
582// Only add in DETERMINISTIC support if ECDSA is also enabled
583#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
584#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
585#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
586#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
587
588#endif /* MBEDTLS_ECDSA_C */
589
590#if defined(MBEDTLS_ECP_C)
591#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
592#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
593#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
594#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
595#endif /* MBEDTLS_ECP_C */
596
597#if defined(MBEDTLS_GCM_C)
598#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
599#define PSA_WANT_ALG_GCM 1
600#endif /* MBEDTLS_GCM_C */
601
602#if defined(MBEDTLS_HKDF_C)
603#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
604#define PSA_WANT_ALG_HMAC 1
605#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
606#define PSA_WANT_ALG_HKDF 1
607#endif /* MBEDTLS_HKDF_C */
608
609#if defined(MBEDTLS_MD_C)
610#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
611#define PSA_WANT_ALG_HMAC 1
612#define PSA_WANT_KEY_TYPE_HMAC 1
613#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
614#define PSA_WANT_ALG_TLS12_PRF 1
615#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
616#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
617#endif /* MBEDTLS_MD_C */
618
619#if defined(MBEDTLS_MD2_C)
620#define MBEDTLS_PSA_BUILTIN_ALG_MD2 1
621#define PSA_WANT_ALG_MD2 1
622#endif
623
624#if defined(MBEDTLS_MD4_C)
625#define MBEDTLS_PSA_BUILTIN_ALG_MD4 1
626#define PSA_WANT_ALG_MD4 1
627#endif
628
629#if defined(MBEDTLS_MD5_C)
630#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
631#define PSA_WANT_ALG_MD5 1
632#endif
633
634#if defined(MBEDTLS_RIPEMD160_C)
635#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
636#define PSA_WANT_ALG_RIPEMD160 1
637#endif
638
639#if defined(MBEDTLS_RSA_C)
640#if defined(MBEDTLS_PKCS1_V15)
641#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
642#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
643#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
644#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
645#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
646#endif /* MBEDTLS_PKCS1_V15 */
647#if defined(MBEDTLS_PKCS1_V21)
648#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
649#define PSA_WANT_ALG_RSA_OAEP 1
650#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
651#define PSA_WANT_ALG_RSA_PSS 1
652#endif /* MBEDTLS_PKCS1_V21 */
653#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
654#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
655#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
656#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
657#endif /* MBEDTLS_RSA_C */
658
659#if defined(MBEDTLS_SHA1_C)
660#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
661#define PSA_WANT_ALG_SHA_1 1
662#endif
663
664#if defined(MBEDTLS_SHA256_C)
665#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
666#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
667#define PSA_WANT_ALG_SHA_224 1
668#define PSA_WANT_ALG_SHA_256 1
669#endif
670
671#if defined(MBEDTLS_SHA512_C)
672#if !defined(MBEDTLS_SHA512_NO_SHA384)
673#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
674#define PSA_WANT_ALG_SHA_384 1
675#endif
676#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
677#define PSA_WANT_ALG_SHA_512 1
678#endif
679
680#if defined(MBEDTLS_AES_C)
681#define PSA_WANT_KEY_TYPE_AES 1
682#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
683#endif
684
685#if defined(MBEDTLS_ARC4_C)
686#define PSA_WANT_KEY_TYPE_ARC4 1
687#define PSA_WANT_ALG_STREAM_CIPHER 1
688#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4 1
689#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
690#endif
691
692#if defined(MBEDTLS_ARIA_C)
693#define PSA_WANT_KEY_TYPE_ARIA 1
694#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
695#endif
696
697#if defined(MBEDTLS_CAMELLIA_C)
698#define PSA_WANT_KEY_TYPE_CAMELLIA 1
699#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
700#endif
701
702#if defined(MBEDTLS_DES_C)
703#define PSA_WANT_KEY_TYPE_DES 1
704#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
705#endif
706
707#if defined(MBEDTLS_CHACHA20_C)
708#define PSA_WANT_KEY_TYPE_CHACHA20 1
709#define PSA_WANT_ALG_STREAM_CIPHER 1
710#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
711#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
712#if defined(MBEDTLS_CHACHAPOLY_C)
713#define PSA_WANT_ALG_CHACHA20_POLY1305 1
714#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
715#endif
716#endif
717
718#if defined(MBEDTLS_CIPHER_MODE_CBC)
719#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
720#define PSA_WANT_ALG_CBC_NO_PADDING 1
721#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
722#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
723#define PSA_WANT_ALG_CBC_PKCS7 1
724#endif
725#endif
726
727#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
728 defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
729#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
730#define PSA_WANT_ALG_ECB_NO_PADDING 1
731#endif
732
733#if defined(MBEDTLS_CIPHER_MODE_CFB)
734#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
735#define PSA_WANT_ALG_CFB 1
736#endif
737
738#if defined(MBEDTLS_CIPHER_MODE_CTR)
739#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
740#define PSA_WANT_ALG_CTR 1
741#endif
742
743#if defined(MBEDTLS_CIPHER_MODE_OFB)
744#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
745#define PSA_WANT_ALG_OFB 1
746#endif
747
748#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
749#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
750#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
751#endif
752
753#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
754#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
755#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
756#endif
757
758#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
759#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
760#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
761#endif
762
763#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
764#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
765#define PSA_WANT_ECC_MONTGOMERY_255 1
766#endif
767
768/* Curve448 is not yet supported via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/4249) */
769#if 0 && defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
770#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
771#define PSA_WANT_ECC_MONTGOMERY_448 1
772#endif
773
774#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
775#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
776#define PSA_WANT_ECC_SECP_R1_192 1
777#endif
778
779#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
780#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
781#define PSA_WANT_ECC_SECP_R1_224 1
782#endif
783
784#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
785#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
786#define PSA_WANT_ECC_SECP_R1_256 1
787#endif
788
789#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
790#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
791#define PSA_WANT_ECC_SECP_R1_384 1
792#endif
793
794#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
795#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
796#define PSA_WANT_ECC_SECP_R1_521 1
797#endif
798
799#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
800#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
801#define PSA_WANT_ECC_SECP_K1_192 1
802#endif
803
804/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
805#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
806#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
807#define PSA_WANT_ECC_SECP_K1_224 1
808#endif
809
810#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
811#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
812#define PSA_WANT_ECC_SECP_K1_256 1
813#endif
814
815#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
816
817/* These features are always enabled. */
818#define PSA_WANT_KEY_TYPE_DERIVE 1
819#define PSA_WANT_KEY_TYPE_RAW_DATA 1
820
821#ifdef __cplusplus
822}
823#endif
824
825#endif /* MBEDTLS_CONFIG_PSA_H */
PSA crypto configuration options (set of defines)