Mbed TLS v3.6.1
config_adjust_psa_from_legacy.h
Go to the documentation of this file.
1 
15 /*
16  * Copyright The Mbed TLS Contributors
17  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
18  */
19 
20 #ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H
21 #define MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H
22 
23 #if !defined(MBEDTLS_CONFIG_FILES_READ)
24 #error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
25  "up to and including runtime errors such as buffer overflows. " \
26  "If you're trying to fix a complaint from check_config.h, just remove " \
27  "it from your configuration file: since Mbed TLS 3.0, it is included " \
28  "automatically at the right point."
29 #endif /* */
30 
31 /*
32  * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
33  * is not defined
34  */
35 
36 #if defined(MBEDTLS_CCM_C)
37 #define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
38 #define PSA_WANT_ALG_CCM 1
39 #if defined(MBEDTLS_CIPHER_C)
40 #define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
41 #define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
42 #endif /* MBEDTLS_CIPHER_C */
43 #endif /* MBEDTLS_CCM_C */
44 
45 #if defined(MBEDTLS_CMAC_C)
46 #define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
47 #define PSA_WANT_ALG_CMAC 1
48 #endif /* MBEDTLS_CMAC_C */
49 
50 #if defined(MBEDTLS_ECDH_C)
51 #define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
52 #define PSA_WANT_ALG_ECDH 1
53 #endif /* MBEDTLS_ECDH_C */
54 
55 #if defined(MBEDTLS_ECDSA_C)
56 #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
57 #define PSA_WANT_ALG_ECDSA 1
58 #define PSA_WANT_ALG_ECDSA_ANY 1
59 
60 // Only add in DETERMINISTIC support if ECDSA is also enabled
61 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
62 #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
63 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
64 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
65 
66 #endif /* MBEDTLS_ECDSA_C */
67 
68 #if defined(MBEDTLS_ECP_C)
69 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
70 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
71 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
72 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
73 /* Normally we wouldn't enable this because it's not implemented in ecp.c,
74  * but since it used to be available any time ECP_C was enabled, let's enable
75  * it anyway for the sake of backwards compatibility */
76 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
77 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
78 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
79 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
80 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
81 /* See comment for PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE above. */
82 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
83 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
84 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
85 #endif /* MBEDTLS_ECP_C */
86 
87 #if defined(MBEDTLS_DHM_C)
88 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
89 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
90 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
91 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
92 #define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
93 #define PSA_WANT_ALG_FFDH 1
94 #define PSA_WANT_DH_RFC7919_2048 1
95 #define PSA_WANT_DH_RFC7919_3072 1
96 #define PSA_WANT_DH_RFC7919_4096 1
97 #define PSA_WANT_DH_RFC7919_6144 1
98 #define PSA_WANT_DH_RFC7919_8192 1
99 #define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
100 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
101 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
102 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
103 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
104 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
105 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 1
106 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 1
107 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 1
108 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 1
109 #define MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 1
110 #endif /* MBEDTLS_DHM_C */
111 
112 #if defined(MBEDTLS_GCM_C)
113 #define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
114 #define PSA_WANT_ALG_GCM 1
115 #endif /* MBEDTLS_GCM_C */
116 
117 /* Enable PSA HKDF algorithm if mbedtls HKDF is supported.
118  * PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when
119  * PSA HKDF is enabled, so enable both algorithms together
120  * with PSA HKDF. */
121 #if defined(MBEDTLS_HKDF_C)
122 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
123 #define PSA_WANT_ALG_HMAC 1
124 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
125 #define PSA_WANT_ALG_HKDF 1
126 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
127 #define PSA_WANT_ALG_HKDF_EXTRACT 1
128 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
129 #define PSA_WANT_ALG_HKDF_EXPAND 1
130 #endif /* MBEDTLS_HKDF_C */
131 
132 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
133 #define PSA_WANT_ALG_HMAC 1
134 #define PSA_WANT_KEY_TYPE_HMAC 1
135 
136 #if defined(MBEDTLS_MD_C)
137 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
138 #define PSA_WANT_ALG_TLS12_PRF 1
139 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
140 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
141 #endif /* MBEDTLS_MD_C */
142 
143 #if defined(MBEDTLS_MD5_C)
144 #define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
145 #define PSA_WANT_ALG_MD5 1
146 #endif
147 
148 #if defined(MBEDTLS_ECJPAKE_C)
149 #define MBEDTLS_PSA_BUILTIN_PAKE 1
150 #define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
151 #define PSA_WANT_ALG_JPAKE 1
152 #endif
153 
154 #if defined(MBEDTLS_RIPEMD160_C)
155 #define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
156 #define PSA_WANT_ALG_RIPEMD160 1
157 #endif
158 
159 #if defined(MBEDTLS_RSA_C)
160 #if defined(MBEDTLS_PKCS1_V15)
161 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
162 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
163 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
164 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
165 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
166 #endif /* MBEDTLS_PKCS1_V15 */
167 #if defined(MBEDTLS_PKCS1_V21)
168 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
169 #define PSA_WANT_ALG_RSA_OAEP 1
170 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
171 #define PSA_WANT_ALG_RSA_PSS 1
172 #endif /* MBEDTLS_PKCS1_V21 */
173 #if defined(MBEDTLS_GENPRIME)
174 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
175 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
176 #endif /* MBEDTLS_GENPRIME */
177 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
178 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
179 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
180 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
181 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
182 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
183 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
184 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
185 #endif /* MBEDTLS_RSA_C */
186 
187 #if defined(MBEDTLS_SHA1_C)
188 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
189 #define PSA_WANT_ALG_SHA_1 1
190 #endif
191 
192 #if defined(MBEDTLS_SHA224_C)
193 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
194 #define PSA_WANT_ALG_SHA_224 1
195 #endif
196 
197 #if defined(MBEDTLS_SHA256_C)
198 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
199 #define PSA_WANT_ALG_SHA_256 1
200 #endif
201 
202 #if defined(MBEDTLS_SHA384_C)
203 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
204 #define PSA_WANT_ALG_SHA_384 1
205 #endif
206 
207 #if defined(MBEDTLS_SHA512_C)
208 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
209 #define PSA_WANT_ALG_SHA_512 1
210 #endif
211 
212 #if defined(MBEDTLS_SHA3_C)
213 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1
214 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1
215 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1
216 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1
217 #define PSA_WANT_ALG_SHA3_224 1
218 #define PSA_WANT_ALG_SHA3_256 1
219 #define PSA_WANT_ALG_SHA3_384 1
220 #define PSA_WANT_ALG_SHA3_512 1
221 #endif
222 
223 #if defined(MBEDTLS_AES_C)
224 #define PSA_WANT_KEY_TYPE_AES 1
225 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
226 #endif
227 
228 #if defined(MBEDTLS_ARIA_C)
229 #define PSA_WANT_KEY_TYPE_ARIA 1
230 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
231 #endif
232 
233 #if defined(MBEDTLS_CAMELLIA_C)
234 #define PSA_WANT_KEY_TYPE_CAMELLIA 1
235 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
236 #endif
237 
238 #if defined(MBEDTLS_DES_C)
239 #define PSA_WANT_KEY_TYPE_DES 1
240 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
241 #endif
242 
243 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
244 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
245 #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
246 #endif
247 
248 #if defined(MBEDTLS_CHACHA20_C)
249 #define PSA_WANT_KEY_TYPE_CHACHA20 1
250 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
251 /* ALG_STREAM_CIPHER requires CIPHER_C in order to be supported in PSA */
252 #if defined(MBEDTLS_CIPHER_C)
253 #define PSA_WANT_ALG_STREAM_CIPHER 1
254 #define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
255 #endif
256 #if defined(MBEDTLS_CHACHAPOLY_C)
257 #define PSA_WANT_ALG_CHACHA20_POLY1305 1
258 #define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
259 #endif
260 #endif
261 
262 #if defined(MBEDTLS_CIPHER_MODE_CBC)
263 #define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
264 #define PSA_WANT_ALG_CBC_NO_PADDING 1
265 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
266 #define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
267 #define PSA_WANT_ALG_CBC_PKCS7 1
268 #endif
269 #endif
270 
271 #if (defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
272  defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)) && \
273  defined(MBEDTLS_CIPHER_C)
274 #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
275 #define PSA_WANT_ALG_ECB_NO_PADDING 1
276 #endif
277 
278 #if defined(MBEDTLS_CIPHER_MODE_CFB)
279 #define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
280 #define PSA_WANT_ALG_CFB 1
281 #endif
282 
283 #if defined(MBEDTLS_CIPHER_MODE_CTR)
284 #define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
285 #define PSA_WANT_ALG_CTR 1
286 #endif
287 
288 #if defined(MBEDTLS_CIPHER_MODE_OFB)
289 #define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
290 #define PSA_WANT_ALG_OFB 1
291 #endif
292 
293 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
294 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
295 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
296 #endif
297 
298 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
299 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
300 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
301 #endif
302 
303 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
304 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
305 #define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
306 #endif
307 
308 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
309 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
310 #define PSA_WANT_ECC_MONTGOMERY_255 1
311 #endif
312 
313 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
314 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
315 #define PSA_WANT_ECC_MONTGOMERY_448 1
316 #endif
317 
318 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
319 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
320 #define PSA_WANT_ECC_SECP_R1_192 1
321 #endif
322 
323 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
324 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
325 #define PSA_WANT_ECC_SECP_R1_224 1
326 #endif
327 
328 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
329 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
330 #define PSA_WANT_ECC_SECP_R1_256 1
331 #endif
332 
333 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
334 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
335 #define PSA_WANT_ECC_SECP_R1_384 1
336 #endif
337 
338 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
339 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
340 #define PSA_WANT_ECC_SECP_R1_521 1
341 #endif
342 
343 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
344 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
345 #define PSA_WANT_ECC_SECP_K1_192 1
346 #endif
347 
348 /* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
349 #if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
350 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
351 #define PSA_WANT_ECC_SECP_K1_224 1
352 #endif
353 
354 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
355 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
356 #define PSA_WANT_ECC_SECP_K1_256 1
357 #endif
358 
359 #endif /* MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H */