Mbed TLS v3.6.7
Toggle main menu visibility
Loading...
Searching...
No Matches
config_adjust_legacy_crypto.h
Go to the documentation of this file.
1
19
/*
20
* Copyright The Mbed TLS Contributors
21
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
22
*/
23
24
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
25
#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
26
27
#if !defined(MBEDTLS_CONFIG_FILES_READ)
28
#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
29
"up to and including runtime errors such as buffer overflows. " \
30
"If you're trying to fix a complaint from check_config.h, just remove " \
31
"it from your configuration file: since Mbed TLS 3.0, it is included " \
32
"automatically at the right point."
33
#endif
/* */
34
35
/* Ideally, we'd set those as defaults in mbedtls_config.h, but
36
* putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py.
37
*
38
* So, adjust it here.
39
* Not related to crypto, but this is the bottom of the stack. */
40
#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
41
#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
42
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
43
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
44
#endif
45
#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
46
!defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
47
#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
48
#endif
49
#endif
/* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
50
51
/* The number of "true" entropy sources (excluding NV seed).
52
* This must be consistent with mbedtls_entropy_init() in entropy.c.
53
*/
54
/* Define auxiliary macros, because in standard C, defined(xxx) is only
55
* allowed directly on an #if or #elif line, not in recursive expansion. */
56
#if defined(MBEDTLS_NO_PLATFORM_ENTROPY)
57
#define MBEDTLS_PLATFORM_ENTROPY_ENABLED 0
58
#else
59
#define MBEDTLS_PLATFORM_ENTROPY_ENABLED 1
60
#endif
61
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
62
#define MBEDTLS_ENTROPY_HARDWARE_ALT_DEFINED 1
63
#else
64
#define MBEDTLS_ENTROPY_HARDWARE_ALT_DEFINED 0
65
#endif
66
67
#define MBEDTLS_ENTROPY_TRUE_SOURCES ( \
68
MBEDTLS_ENTROPY_HARDWARE_ALT_DEFINED + \
69
MBEDTLS_PLATFORM_ENTROPY_ENABLED + \
70
0)
71
72
/* Whether there is at least one entropy source for the entropy module.
73
*
74
* Note that when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, the entropy
75
* module is unused and the configuration will typically not include any
76
* entropy source, so this macro will typically remain undefined.
77
*/
78
#if defined(MBEDTLS_ENTROPY_NV_SEED)
79
#define MBEDTLS_ENTROPY_HAVE_SOURCES (MBEDTLS_ENTROPY_TRUE_SOURCES + 1)
80
#elif MBEDTLS_ENTROPY_TRUE_SOURCES != 0
81
#define MBEDTLS_ENTROPY_HAVE_SOURCES MBEDTLS_ENTROPY_TRUE_SOURCES
82
#else
83
#undef MBEDTLS_ENTROPY_HAVE_SOURCES
84
#endif
85
86
/* Test function dependencies can only check with defined(),
87
* not other preprocessor expressions. */
88
#if MBEDTLS_ENTROPY_TRUE_SOURCES > 0
89
#define MBEDTLS_ENTROPY_HAVE_TRUE_SOURCES
90
#else
91
#undef MBEDTLS_ENTROPY_HAVE_TRUE_SOURCES
92
#endif
93
94
/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
95
* is defined as well to include all PSA code.
96
*/
97
#if defined(MBEDTLS_PSA_CRYPTO_C)
98
#define MBEDTLS_PSA_CRYPTO_CLIENT
99
#endif
/* MBEDTLS_PSA_CRYPTO_C */
100
101
/* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin
102
* in PSA. */
103
#if defined(MBEDTLS_PSA_CRYPTO_C) && \
104
(defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \
105
defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
106
defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
107
defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
108
defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
109
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
110
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
111
defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG) || \
112
defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC))
113
#define MBEDTLS_CIPHER_C
114
#endif
115
116
/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
117
* This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
118
*/
119
#if defined(MBEDTLS_MD_C)
120
#define MBEDTLS_MD_LIGHT
121
#endif
122
123
/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
124
* in a previous release, to ensure backwards compatibility.
125
*/
126
#if defined(MBEDTLS_ECJPAKE_C) || \
127
defined(MBEDTLS_PEM_PARSE_C) || \
128
defined(MBEDTLS_ENTROPY_C) || \
129
defined(MBEDTLS_PK_C) || \
130
defined(MBEDTLS_PKCS12_C) || \
131
defined(MBEDTLS_RSA_C) || \
132
defined(MBEDTLS_SSL_TLS_C) || \
133
defined(MBEDTLS_X509_USE_C) || \
134
defined(MBEDTLS_X509_CREATE_C)
135
#define MBEDTLS_MD_LIGHT
136
#endif
137
138
#if defined(MBEDTLS_MD_LIGHT)
139
/*
140
* - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
141
* - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
142
* (see below).
143
* - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
144
* via PSA (see below).
145
* - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
146
* via a direct legacy call (see below).
147
*
148
* The md module performs an algorithm via PSA if there is a PSA hash
149
* accelerator and the PSA driver subsytem is initialized at the time the
150
* operation is started, and makes a direct legacy call otherwise.
151
*/
152
153
/* PSA accelerated implementations */
154
#if defined(MBEDTLS_PSA_CRYPTO_C)
155
156
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
157
#define MBEDTLS_MD_CAN_MD5
158
#define MBEDTLS_MD_MD5_VIA_PSA
159
#define MBEDTLS_MD_SOME_PSA
160
#endif
161
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
162
#define MBEDTLS_MD_CAN_SHA1
163
#define MBEDTLS_MD_SHA1_VIA_PSA
164
#define MBEDTLS_MD_SOME_PSA
165
#endif
166
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
167
#define MBEDTLS_MD_CAN_SHA224
168
#define MBEDTLS_MD_SHA224_VIA_PSA
169
#define MBEDTLS_MD_SOME_PSA
170
#endif
171
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
172
#define MBEDTLS_MD_CAN_SHA256
173
#define MBEDTLS_MD_SHA256_VIA_PSA
174
#define MBEDTLS_MD_SOME_PSA
175
#endif
176
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
177
#define MBEDTLS_MD_CAN_SHA384
178
#define MBEDTLS_MD_SHA384_VIA_PSA
179
#define MBEDTLS_MD_SOME_PSA
180
#endif
181
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
182
#define MBEDTLS_MD_CAN_SHA512
183
#define MBEDTLS_MD_SHA512_VIA_PSA
184
#define MBEDTLS_MD_SOME_PSA
185
#endif
186
#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
187
#define MBEDTLS_MD_CAN_RIPEMD160
188
#define MBEDTLS_MD_RIPEMD160_VIA_PSA
189
#define MBEDTLS_MD_SOME_PSA
190
#endif
191
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
192
#define MBEDTLS_MD_CAN_SHA3_224
193
#define MBEDTLS_MD_SHA3_224_VIA_PSA
194
#define MBEDTLS_MD_SOME_PSA
195
#endif
196
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
197
#define MBEDTLS_MD_CAN_SHA3_256
198
#define MBEDTLS_MD_SHA3_256_VIA_PSA
199
#define MBEDTLS_MD_SOME_PSA
200
#endif
201
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
202
#define MBEDTLS_MD_CAN_SHA3_384
203
#define MBEDTLS_MD_SHA3_384_VIA_PSA
204
#define MBEDTLS_MD_SOME_PSA
205
#endif
206
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
207
#define MBEDTLS_MD_CAN_SHA3_512
208
#define MBEDTLS_MD_SHA3_512_VIA_PSA
209
#define MBEDTLS_MD_SOME_PSA
210
#endif
211
212
#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT)
213
214
#if defined(PSA_WANT_ALG_MD5)
215
#define MBEDTLS_MD_CAN_MD5
216
#define MBEDTLS_MD_MD5_VIA_PSA
217
#define MBEDTLS_MD_SOME_PSA
218
#endif
219
#if defined(PSA_WANT_ALG_SHA_1)
220
#define MBEDTLS_MD_CAN_SHA1
221
#define MBEDTLS_MD_SHA1_VIA_PSA
222
#define MBEDTLS_MD_SOME_PSA
223
#endif
224
#if defined(PSA_WANT_ALG_SHA_224)
225
#define MBEDTLS_MD_CAN_SHA224
226
#define MBEDTLS_MD_SHA224_VIA_PSA
227
#define MBEDTLS_MD_SOME_PSA
228
#endif
229
#if defined(PSA_WANT_ALG_SHA_256)
230
#define MBEDTLS_MD_CAN_SHA256
231
#define MBEDTLS_MD_SHA256_VIA_PSA
232
#define MBEDTLS_MD_SOME_PSA
233
#endif
234
#if defined(PSA_WANT_ALG_SHA_384)
235
#define MBEDTLS_MD_CAN_SHA384
236
#define MBEDTLS_MD_SHA384_VIA_PSA
237
#define MBEDTLS_MD_SOME_PSA
238
#endif
239
#if defined(PSA_WANT_ALG_SHA_512)
240
#define MBEDTLS_MD_CAN_SHA512
241
#define MBEDTLS_MD_SHA512_VIA_PSA
242
#define MBEDTLS_MD_SOME_PSA
243
#endif
244
#if defined(PSA_WANT_ALG_RIPEMD160)
245
#define MBEDTLS_MD_CAN_RIPEMD160
246
#define MBEDTLS_MD_RIPEMD160_VIA_PSA
247
#define MBEDTLS_MD_SOME_PSA
248
#endif
249
#if defined(PSA_WANT_ALG_SHA3_224)
250
#define MBEDTLS_MD_CAN_SHA3_224
251
#define MBEDTLS_MD_SHA3_224_VIA_PSA
252
#define MBEDTLS_MD_SOME_PSA
253
#endif
254
#if defined(PSA_WANT_ALG_SHA3_256)
255
#define MBEDTLS_MD_CAN_SHA3_256
256
#define MBEDTLS_MD_SHA3_256_VIA_PSA
257
#define MBEDTLS_MD_SOME_PSA
258
#endif
259
#if defined(PSA_WANT_ALG_SHA3_384)
260
#define MBEDTLS_MD_CAN_SHA3_384
261
#define MBEDTLS_MD_SHA3_384_VIA_PSA
262
#define MBEDTLS_MD_SOME_PSA
263
#endif
264
#if defined(PSA_WANT_ALG_SHA3_512)
265
#define MBEDTLS_MD_CAN_SHA3_512
266
#define MBEDTLS_MD_SHA3_512_VIA_PSA
267
#define MBEDTLS_MD_SOME_PSA
268
#endif
269
270
#endif
/* !MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
271
272
/* Built-in implementations */
273
#if defined(MBEDTLS_MD5_C)
274
#define MBEDTLS_MD_CAN_MD5
275
#define MBEDTLS_MD_SOME_LEGACY
276
#endif
277
#if defined(MBEDTLS_SHA1_C)
278
#define MBEDTLS_MD_CAN_SHA1
279
#define MBEDTLS_MD_SOME_LEGACY
280
#endif
281
#if defined(MBEDTLS_SHA224_C)
282
#define MBEDTLS_MD_CAN_SHA224
283
#define MBEDTLS_MD_SOME_LEGACY
284
#endif
285
#if defined(MBEDTLS_SHA256_C)
286
#define MBEDTLS_MD_CAN_SHA256
287
#define MBEDTLS_MD_SOME_LEGACY
288
#endif
289
#if defined(MBEDTLS_SHA384_C)
290
#define MBEDTLS_MD_CAN_SHA384
291
#define MBEDTLS_MD_SOME_LEGACY
292
#endif
293
#if defined(MBEDTLS_SHA512_C)
294
#define MBEDTLS_MD_CAN_SHA512
295
#define MBEDTLS_MD_SOME_LEGACY
296
#endif
297
#if defined(MBEDTLS_SHA3_C)
298
#define MBEDTLS_MD_CAN_SHA3_224
299
#define MBEDTLS_MD_CAN_SHA3_256
300
#define MBEDTLS_MD_CAN_SHA3_384
301
#define MBEDTLS_MD_CAN_SHA3_512
302
#define MBEDTLS_MD_SOME_LEGACY
303
#endif
304
#if defined(MBEDTLS_RIPEMD160_C)
305
#define MBEDTLS_MD_CAN_RIPEMD160
306
#define MBEDTLS_MD_SOME_LEGACY
307
#endif
308
309
#endif
/* MBEDTLS_MD_LIGHT */
310
311
/* BLOCK_CIPHER module can dispatch to PSA when:
312
* - PSA is enabled and drivers have been initialized
313
* - desired key type is supported on the PSA side
314
* If the above conditions are not met, but the legacy support is enabled, then
315
* BLOCK_CIPHER will dynamically fallback to it.
316
*
317
* In case BLOCK_CIPHER is defined (see below) the following symbols/helpers
318
* can be used to define its capabilities:
319
* - MBEDTLS_BLOCK_CIPHER_SOME_PSA: there is at least 1 key type between AES,
320
* ARIA and Camellia which is supported through a driver;
321
* - MBEDTLS_BLOCK_CIPHER_xxx_VIA_PSA: xxx key type is supported through a
322
* driver;
323
* - MBEDTLS_BLOCK_CIPHER_xxx_VIA_LEGACY: xxx key type is supported through
324
* a legacy module (i.e. MBEDTLS_xxx_C)
325
*/
326
#if defined(MBEDTLS_PSA_CRYPTO_C)
327
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
328
#define MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA
329
#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
330
#endif
331
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
332
#define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA
333
#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
334
#endif
335
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
336
#define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA
337
#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
338
#endif
339
#endif
/* MBEDTLS_PSA_CRYPTO_C */
340
341
#if defined(MBEDTLS_AES_C)
342
#define MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY
343
#endif
344
#if defined(MBEDTLS_ARIA_C)
345
#define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY
346
#endif
347
#if defined(MBEDTLS_CAMELLIA_C)
348
#define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY
349
#endif
350
351
/* Helpers to state that BLOCK_CIPHER module supports AES, ARIA and/or Camellia
352
* block ciphers via either PSA or legacy. */
353
#if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) || \
354
defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY)
355
#define MBEDTLS_BLOCK_CIPHER_CAN_AES
356
#endif
357
#if defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA) || \
358
defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY)
359
#define MBEDTLS_BLOCK_CIPHER_CAN_ARIA
360
#endif
361
#if defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA) || \
362
defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY)
363
#define MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA
364
#endif
365
366
/* GCM_C and CCM_C can either depend on (in order of preference) BLOCK_CIPHER_C
367
* or CIPHER_C. The former is auto-enabled when:
368
* - CIPHER_C is not defined, which is also the legacy solution;
369
* - BLOCK_CIPHER_SOME_PSA because in this case BLOCK_CIPHER can take advantage
370
* of the driver's acceleration.
371
*/
372
#if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \
373
(!defined(MBEDTLS_CIPHER_C) || defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA))
374
#define MBEDTLS_BLOCK_CIPHER_C
375
#endif
376
377
/* Helpers for GCM/CCM capabilities */
378
#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_AES_C)) || \
379
(defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_AES))
380
#define MBEDTLS_CCM_GCM_CAN_AES
381
#endif
382
383
#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_ARIA_C)) || \
384
(defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA))
385
#define MBEDTLS_CCM_GCM_CAN_ARIA
386
#endif
387
388
#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_CAMELLIA_C)) || \
389
(defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA))
390
#define MBEDTLS_CCM_GCM_CAN_CAMELLIA
391
#endif
392
393
/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
394
* - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
395
* for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
396
* some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
397
* - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
398
* these features are not supported in PSA so the only way to have them is
399
* to enable the built-in solution.
400
* Both of them are temporary dependencies:
401
* - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
402
* - support for compressed points should also be added to PSA, but in this
403
* case there is no associated issue to track it yet.
404
* - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
405
* still depends on ECP_LIGHT.
406
* - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
407
* be fixed by #7453.
408
*/
409
#if defined(MBEDTLS_ECP_C) || \
410
defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
411
defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
412
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
413
#define MBEDTLS_ECP_LIGHT
414
#endif
415
416
/* Backward compatibility: after #8740 the RSA module offers functions to parse
417
* and write RSA private/public keys without relying on the PK one. Of course
418
* this needs ASN1 support to do so, so we enable it here. */
419
#if defined(MBEDTLS_RSA_C)
420
#define MBEDTLS_ASN1_PARSE_C
421
#define MBEDTLS_ASN1_WRITE_C
422
#endif
423
424
/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while
425
* in previous version compressed points were automatically supported as long
426
* as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
427
* compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
428
* are met. */
429
#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
430
#define MBEDTLS_PK_PARSE_EC_COMPRESSED
431
#endif
432
433
/* Helper symbol to state that there is support for ECDH, either through
434
* library implementation (ECDH_C) or through PSA. */
435
#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
436
(!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
437
#define MBEDTLS_CAN_ECDH
438
#endif
439
440
/* PK module can achieve ECDSA functionalities by means of either software
441
* implementations (ECDSA_C) or through a PSA driver. The following defines
442
* are meant to list these capabilities in a general way which abstracts how
443
* they are implemented under the hood. */
444
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
445
#if defined(MBEDTLS_ECDSA_C)
446
#define MBEDTLS_PK_CAN_ECDSA_SIGN
447
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
448
#endif
/* MBEDTLS_ECDSA_C */
449
#else
/* MBEDTLS_USE_PSA_CRYPTO */
450
#if defined(PSA_WANT_ALG_ECDSA)
451
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
452
#define MBEDTLS_PK_CAN_ECDSA_SIGN
453
#endif
/* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
454
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
455
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
456
#endif
/* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
457
#endif
/* PSA_WANT_ALG_ECDSA */
458
#endif
/* MBEDTLS_USE_PSA_CRYPTO */
459
460
#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
461
#define MBEDTLS_PK_CAN_ECDSA_SOME
462
#endif
463
464
/* Helpers to state that each key is supported either on the builtin or PSA side. */
465
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
466
#define MBEDTLS_ECP_HAVE_SECP521R1
467
#endif
468
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
469
#define MBEDTLS_ECP_HAVE_BP512R1
470
#endif
471
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
472
#define MBEDTLS_ECP_HAVE_CURVE448
473
#endif
474
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
475
#define MBEDTLS_ECP_HAVE_BP384R1
476
#endif
477
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
478
#define MBEDTLS_ECP_HAVE_SECP384R1
479
#endif
480
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
481
#define MBEDTLS_ECP_HAVE_BP256R1
482
#endif
483
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
484
#define MBEDTLS_ECP_HAVE_SECP256K1
485
#endif
486
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
487
#define MBEDTLS_ECP_HAVE_SECP256R1
488
#endif
489
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
490
#define MBEDTLS_ECP_HAVE_CURVE25519
491
#endif
492
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
493
#define MBEDTLS_ECP_HAVE_SECP224K1
494
#endif
495
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
496
#define MBEDTLS_ECP_HAVE_SECP224R1
497
#endif
498
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
499
#define MBEDTLS_ECP_HAVE_SECP192K1
500
#endif
501
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
502
#define MBEDTLS_ECP_HAVE_SECP192R1
503
#endif
504
505
/* Helper symbol to state that the PK module has support for EC keys. This
506
* can either be provided through the legacy ECP solution or through the
507
* PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
508
#if defined(MBEDTLS_ECP_C) || \
509
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
510
#define MBEDTLS_PK_HAVE_ECC_KEYS
511
#endif
/* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
512
513
/* Historically pkparse did not check the CBC padding when decrypting
514
* a key. This was a bug, which is now fixed. As a consequence, pkparse
515
* now needs PKCS7 padding support, but existing configurations might not
516
* enable it, so we enable it here. */
517
#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
518
#define MBEDTLS_CIPHER_PADDING_PKCS7
519
#endif
520
521
/* Backwards compatibility for some macros which were renamed to reflect that
522
* they are related to Armv8, not aarch64. */
523
#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
524
!defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
525
#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
526
#endif
527
#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
528
#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
529
#endif
530
531
/* psa_util file features some ECDSA conversion functions, to convert between
532
* legacy's ASN.1 DER format and PSA's raw one. */
533
#if (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
534
(defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
535
#define MBEDTLS_PSA_UTIL_HAVE_ECDSA
536
#endif
537
538
/* Some internal helpers to determine which keys are available. */
539
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
540
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
541
#define MBEDTLS_SSL_HAVE_AES
542
#endif
543
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \
544
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA))
545
#define MBEDTLS_SSL_HAVE_ARIA
546
#endif
547
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \
548
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA))
549
#define MBEDTLS_SSL_HAVE_CAMELLIA
550
#endif
551
552
/* Some internal helpers to determine which operation modes are available. */
553
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \
554
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING))
555
#define MBEDTLS_SSL_HAVE_CBC
556
#endif
557
558
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \
559
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
560
#define MBEDTLS_SSL_HAVE_GCM
561
#endif
562
563
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \
564
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
565
#define MBEDTLS_SSL_HAVE_CCM
566
#endif
567
568
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \
569
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
570
#define MBEDTLS_SSL_HAVE_CHACHAPOLY
571
#endif
572
573
#if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \
574
defined(MBEDTLS_SSL_HAVE_CHACHAPOLY)
575
#define MBEDTLS_SSL_HAVE_AEAD
576
#endif
577
578
#endif
/* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */
include
mbedtls
config_adjust_legacy_crypto.h
Generated on
for Mbed TLS v3.6.7 by
1.17.0