40fa684c18
Keep module compatibility with mbedtls 2.x (old LTS branch). A patch has been added to allow compiling after removing all the `psa_*` files from the library folder (will look into upstreaming it). Note: mbedTLS 3.6 finally enabled TLSv1.3 by default, but it requires some module changes, and to enable PSA crypto (new "standard" API specification), so it might be best done in a separate commit/PR.
458 lines
17 KiB
C++
458 lines
17 KiB
C++
/**
|
|
* \file mbedtls/config_adjust_legacy_crypto.h
|
|
* \brief Adjust legacy configuration configuration
|
|
*
|
|
* Automatically enable certain dependencies. Generally, MBEDLTS_xxx
|
|
* configurations need to be explicitly enabled by the user: enabling
|
|
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
|
|
* compilation error. However, we do automatically enable certain options
|
|
* in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
|
|
* used to identify parts of a module that are used by other module, and we
|
|
* don't want to make the symbol MBEDTLS_xxx_B part of the public API.
|
|
* Another case is if A didn't depend on B in earlier versions, and we
|
|
* want to use B in A but we need to preserve backward compatibility with
|
|
* configurations that explicitly activate MBEDTLS_xxx_A but not
|
|
* MBEDTLS_xxx_B.
|
|
*/
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
*/
|
|
|
|
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
|
|
#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
|
|
|
|
/* Ideally, we'd set those as defaults in mbedtls_config.h, but
|
|
* putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py.
|
|
*
|
|
* So, adjust it here.
|
|
* Not related to crypto, but this is the bottom of the stack. */
|
|
#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
|
|
#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
|
|
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
|
|
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
|
|
#endif
|
|
#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
|
|
!defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
|
|
#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
|
|
#endif
|
|
#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
|
|
|
|
/* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin
|
|
* in PSA. */
|
|
#if defined(MBEDTLS_PSA_CRYPTO_C) && \
|
|
(defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG))
|
|
#define MBEDTLS_CIPHER_C
|
|
#endif
|
|
|
|
/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
|
|
* This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
|
|
*/
|
|
#if defined(MBEDTLS_MD_C)
|
|
#define MBEDTLS_MD_LIGHT
|
|
#endif
|
|
|
|
/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
|
|
* in a previous release, to ensure backwards compatibility.
|
|
*/
|
|
#if defined(MBEDTLS_ECJPAKE_C) || \
|
|
defined(MBEDTLS_PEM_PARSE_C) || \
|
|
defined(MBEDTLS_ENTROPY_C) || \
|
|
defined(MBEDTLS_PK_C) || \
|
|
defined(MBEDTLS_PKCS12_C) || \
|
|
defined(MBEDTLS_RSA_C) || \
|
|
defined(MBEDTLS_SSL_TLS_C) || \
|
|
defined(MBEDTLS_X509_USE_C) || \
|
|
defined(MBEDTLS_X509_CREATE_C)
|
|
#define MBEDTLS_MD_LIGHT
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_MD_LIGHT)
|
|
/*
|
|
* - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
|
|
* - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
|
|
* (see below).
|
|
* - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
|
|
* via PSA (see below).
|
|
* - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
|
|
* via a direct legacy call (see below).
|
|
*
|
|
* The md module performs an algorithm via PSA if there is a PSA hash
|
|
* accelerator and the PSA driver subsytem is initialized at the time the
|
|
* operation is started, and makes a direct legacy call otherwise.
|
|
*/
|
|
|
|
/* PSA accelerated implementations */
|
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
|
|
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
|
|
#define MBEDTLS_MD_CAN_MD5
|
|
#define MBEDTLS_MD_MD5_VIA_PSA
|
|
#define MBEDTLS_MD_SOME_PSA
|
|
#endif
|
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
|
|
#define MBEDTLS_MD_CAN_SHA1
|
|
#define MBEDTLS_MD_SHA1_VIA_PSA
|
|
#define MBEDTLS_MD_SOME_PSA
|
|
#endif
|
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
|
|
#define MBEDTLS_MD_CAN_SHA224
|
|
#define MBEDTLS_MD_SHA224_VIA_PSA
|
|
#define MBEDTLS_MD_SOME_PSA
|
|
#endif
|
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
|
|
#define MBEDTLS_MD_CAN_SHA256
|
|
#define MBEDTLS_MD_SHA256_VIA_PSA
|
|
#define MBEDTLS_MD_SOME_PSA
|
|
#endif
|
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
|
|
#define MBEDTLS_MD_CAN_SHA384
|
|
#define MBEDTLS_MD_SHA384_VIA_PSA
|
|
#define MBEDTLS_MD_SOME_PSA
|
|
#endif
|
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
|
|
#define MBEDTLS_MD_CAN_SHA512
|
|
#define MBEDTLS_MD_SHA512_VIA_PSA
|
|
#define MBEDTLS_MD_SOME_PSA
|
|
#endif
|
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
|
|
#define MBEDTLS_MD_CAN_RIPEMD160
|
|
#define MBEDTLS_MD_RIPEMD160_VIA_PSA
|
|
#define MBEDTLS_MD_SOME_PSA
|
|
#endif
|
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
|
|
#define MBEDTLS_MD_CAN_SHA3_224
|
|
#define MBEDTLS_MD_SHA3_224_VIA_PSA
|
|
#define MBEDTLS_MD_SOME_PSA
|
|
#endif
|
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
|
|
#define MBEDTLS_MD_CAN_SHA3_256
|
|
#define MBEDTLS_MD_SHA3_256_VIA_PSA
|
|
#define MBEDTLS_MD_SOME_PSA
|
|
#endif
|
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
|
|
#define MBEDTLS_MD_CAN_SHA3_384
|
|
#define MBEDTLS_MD_SHA3_384_VIA_PSA
|
|
#define MBEDTLS_MD_SOME_PSA
|
|
#endif
|
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
|
|
#define MBEDTLS_MD_CAN_SHA3_512
|
|
#define MBEDTLS_MD_SHA3_512_VIA_PSA
|
|
#define MBEDTLS_MD_SOME_PSA
|
|
#endif
|
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
|
|
|
/* Built-in implementations */
|
|
#if defined(MBEDTLS_MD5_C)
|
|
#define MBEDTLS_MD_CAN_MD5
|
|
#define MBEDTLS_MD_SOME_LEGACY
|
|
#endif
|
|
#if defined(MBEDTLS_SHA1_C)
|
|
#define MBEDTLS_MD_CAN_SHA1
|
|
#define MBEDTLS_MD_SOME_LEGACY
|
|
#endif
|
|
#if defined(MBEDTLS_SHA224_C)
|
|
#define MBEDTLS_MD_CAN_SHA224
|
|
#define MBEDTLS_MD_SOME_LEGACY
|
|
#endif
|
|
#if defined(MBEDTLS_SHA256_C)
|
|
#define MBEDTLS_MD_CAN_SHA256
|
|
#define MBEDTLS_MD_SOME_LEGACY
|
|
#endif
|
|
#if defined(MBEDTLS_SHA384_C)
|
|
#define MBEDTLS_MD_CAN_SHA384
|
|
#define MBEDTLS_MD_SOME_LEGACY
|
|
#endif
|
|
#if defined(MBEDTLS_SHA512_C)
|
|
#define MBEDTLS_MD_CAN_SHA512
|
|
#define MBEDTLS_MD_SOME_LEGACY
|
|
#endif
|
|
#if defined(MBEDTLS_SHA3_C)
|
|
#define MBEDTLS_MD_CAN_SHA3_224
|
|
#define MBEDTLS_MD_CAN_SHA3_256
|
|
#define MBEDTLS_MD_CAN_SHA3_384
|
|
#define MBEDTLS_MD_CAN_SHA3_512
|
|
#define MBEDTLS_MD_SOME_LEGACY
|
|
#endif
|
|
#if defined(MBEDTLS_RIPEMD160_C)
|
|
#define MBEDTLS_MD_CAN_RIPEMD160
|
|
#define MBEDTLS_MD_SOME_LEGACY
|
|
#endif
|
|
|
|
#endif /* MBEDTLS_MD_LIGHT */
|
|
|
|
/* BLOCK_CIPHER module can dispatch to PSA when:
|
|
* - PSA is enabled and drivers have been initialized
|
|
* - desired key type is supported on the PSA side
|
|
* If the above conditions are not met, but the legacy support is enabled, then
|
|
* BLOCK_CIPHER will dynamically fallback to it.
|
|
*
|
|
* In case BLOCK_CIPHER is defined (see below) the following symbols/helpers
|
|
* can be used to define its capabilities:
|
|
* - MBEDTLS_BLOCK_CIPHER_SOME_PSA: there is at least 1 key type between AES,
|
|
* ARIA and Camellia which is supported through a driver;
|
|
* - MBEDTLS_BLOCK_CIPHER_xxx_VIA_PSA: xxx key type is supported through a
|
|
* driver;
|
|
* - MBEDTLS_BLOCK_CIPHER_xxx_VIA_LEGACY: xxx key type is supported through
|
|
* a legacy module (i.e. MBEDTLS_xxx_C)
|
|
*/
|
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
|
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
|
|
#define MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA
|
|
#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
|
|
#endif
|
|
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
|
|
#define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA
|
|
#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
|
|
#endif
|
|
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
|
|
#define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA
|
|
#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
|
|
#endif
|
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
|
|
|
#if defined(MBEDTLS_AES_C)
|
|
#define MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY
|
|
#endif
|
|
#if defined(MBEDTLS_ARIA_C)
|
|
#define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY
|
|
#endif
|
|
#if defined(MBEDTLS_CAMELLIA_C)
|
|
#define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY
|
|
#endif
|
|
|
|
/* Helpers to state that BLOCK_CIPHER module supports AES, ARIA and/or Camellia
|
|
* block ciphers via either PSA or legacy. */
|
|
#if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) || \
|
|
defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY)
|
|
#define MBEDTLS_BLOCK_CIPHER_CAN_AES
|
|
#endif
|
|
#if defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA) || \
|
|
defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY)
|
|
#define MBEDTLS_BLOCK_CIPHER_CAN_ARIA
|
|
#endif
|
|
#if defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA) || \
|
|
defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY)
|
|
#define MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA
|
|
#endif
|
|
|
|
/* GCM_C and CCM_C can either depend on (in order of preference) BLOCK_CIPHER_C
|
|
* or CIPHER_C. The former is auto-enabled when:
|
|
* - CIPHER_C is not defined, which is also the legacy solution;
|
|
* - BLOCK_CIPHER_SOME_PSA because in this case BLOCK_CIPHER can take advantage
|
|
* of the driver's acceleration.
|
|
*/
|
|
#if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \
|
|
(!defined(MBEDTLS_CIPHER_C) || defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA))
|
|
#define MBEDTLS_BLOCK_CIPHER_C
|
|
#endif
|
|
|
|
/* Helpers for GCM/CCM capabilities */
|
|
#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_AES_C)) || \
|
|
(defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_AES))
|
|
#define MBEDTLS_CCM_GCM_CAN_AES
|
|
#endif
|
|
|
|
#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_ARIA_C)) || \
|
|
(defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA))
|
|
#define MBEDTLS_CCM_GCM_CAN_ARIA
|
|
#endif
|
|
|
|
#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_CAMELLIA_C)) || \
|
|
(defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA))
|
|
#define MBEDTLS_CCM_GCM_CAN_CAMELLIA
|
|
#endif
|
|
|
|
/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
|
|
* - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
|
|
* for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
|
|
* some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
|
|
* - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
|
|
* these features are not supported in PSA so the only way to have them is
|
|
* to enable the built-in solution.
|
|
* Both of them are temporary dependencies:
|
|
* - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
|
|
* - support for compressed points should also be added to PSA, but in this
|
|
* case there is no associated issue to track it yet.
|
|
* - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
|
|
* still depends on ECP_LIGHT.
|
|
* - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
|
|
* be fixed by #7453.
|
|
*/
|
|
#if defined(MBEDTLS_ECP_C) || \
|
|
defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
|
|
defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
|
|
#define MBEDTLS_ECP_LIGHT
|
|
#endif
|
|
|
|
/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while
|
|
* in previous version compressed points were automatically supported as long
|
|
* as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
|
|
* compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
|
|
* are met. */
|
|
#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
|
|
#define MBEDTLS_PK_PARSE_EC_COMPRESSED
|
|
#endif
|
|
|
|
/* Helper symbol to state that there is support for ECDH, either through
|
|
* library implementation (ECDH_C) or through PSA. */
|
|
#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
|
|
(!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
|
|
#define MBEDTLS_CAN_ECDH
|
|
#endif
|
|
|
|
/* PK module can achieve ECDSA functionalities by means of either software
|
|
* implementations (ECDSA_C) or through a PSA driver. The following defines
|
|
* are meant to list these capabilities in a general way which abstracts how
|
|
* they are implemented under the hood. */
|
|
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
#if defined(MBEDTLS_ECDSA_C)
|
|
#define MBEDTLS_PK_CAN_ECDSA_SIGN
|
|
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
|
|
#endif /* MBEDTLS_ECDSA_C */
|
|
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
|
#if defined(PSA_WANT_ALG_ECDSA)
|
|
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
|
#define MBEDTLS_PK_CAN_ECDSA_SIGN
|
|
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
|
|
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
|
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
|
|
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
|
|
#endif /* PSA_WANT_ALG_ECDSA */
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
|
|
#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
|
#define MBEDTLS_PK_CAN_ECDSA_SOME
|
|
#endif
|
|
|
|
/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
|
|
* is defined as well to include all PSA code.
|
|
*/
|
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
|
#define MBEDTLS_PSA_CRYPTO_CLIENT
|
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
|
|
|
/* Helpers to state that each key is supported either on the builtin or PSA side. */
|
|
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
|
|
#define MBEDTLS_ECP_HAVE_SECP521R1
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
|
#define MBEDTLS_ECP_HAVE_BP512R1
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
|
|
#define MBEDTLS_ECP_HAVE_CURVE448
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
|
#define MBEDTLS_ECP_HAVE_BP384R1
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
|
|
#define MBEDTLS_ECP_HAVE_SECP384R1
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
|
#define MBEDTLS_ECP_HAVE_BP256R1
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
|
|
#define MBEDTLS_ECP_HAVE_SECP256K1
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
|
|
#define MBEDTLS_ECP_HAVE_SECP256R1
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
|
|
#define MBEDTLS_ECP_HAVE_CURVE25519
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
|
|
#define MBEDTLS_ECP_HAVE_SECP224K1
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
|
|
#define MBEDTLS_ECP_HAVE_SECP224R1
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
|
|
#define MBEDTLS_ECP_HAVE_SECP192K1
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
|
|
#define MBEDTLS_ECP_HAVE_SECP192R1
|
|
#endif
|
|
|
|
/* Helper symbol to state that the PK module has support for EC keys. This
|
|
* can either be provided through the legacy ECP solution or through the
|
|
* PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
|
|
#if defined(MBEDTLS_ECP_C) || \
|
|
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
|
|
#define MBEDTLS_PK_HAVE_ECC_KEYS
|
|
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
|
|
|
|
/* Historically pkparse did not check the CBC padding when decrypting
|
|
* a key. This was a bug, which is now fixed. As a consequence, pkparse
|
|
* now needs PKCS7 padding support, but existing configurations might not
|
|
* enable it, so we enable it here. */
|
|
#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
|
|
#define MBEDTLS_CIPHER_PADDING_PKCS7
|
|
#endif
|
|
|
|
/* Backwards compatibility for some macros which were renamed to reflect that
|
|
* they are related to Armv8, not aarch64. */
|
|
#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
|
|
!defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
|
|
#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
|
|
#endif
|
|
#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
|
|
#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
|
|
#endif
|
|
|
|
/* psa_util file features some ECDSA conversion functions, to convert between
|
|
* legacy's ASN.1 DER format and PSA's raw one. */
|
|
#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \
|
|
(defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
|
|
#define MBEDTLS_PSA_UTIL_HAVE_ECDSA
|
|
#endif
|
|
|
|
/* Some internal helpers to determine which keys are availble. */
|
|
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
|
|
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
|
|
#define MBEDTLS_SSL_HAVE_AES
|
|
#endif
|
|
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \
|
|
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA))
|
|
#define MBEDTLS_SSL_HAVE_ARIA
|
|
#endif
|
|
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \
|
|
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA))
|
|
#define MBEDTLS_SSL_HAVE_CAMELLIA
|
|
#endif
|
|
|
|
/* Some internal helpers to determine which operation modes are availble. */
|
|
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \
|
|
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING))
|
|
#define MBEDTLS_SSL_HAVE_CBC
|
|
#endif
|
|
|
|
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \
|
|
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
|
|
#define MBEDTLS_SSL_HAVE_GCM
|
|
#endif
|
|
|
|
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \
|
|
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
|
|
#define MBEDTLS_SSL_HAVE_CCM
|
|
#endif
|
|
|
|
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \
|
|
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
|
|
#define MBEDTLS_SSL_HAVE_CHACHAPOLY
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \
|
|
defined(MBEDTLS_SSL_HAVE_CHACHAPOLY)
|
|
#define MBEDTLS_SSL_HAVE_AEAD
|
|
#endif
|
|
|
|
#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */
|