1 /** 2 * \file mbedtls/config_psa.h 3 * \brief PSA crypto configuration options (set of defines) 4 * 5 * This set of compile-time options takes settings defined in 6 * include/mbedtls/mbedtls_config.h and include/psa/crypto_config.h and uses 7 * those definitions to define symbols used in the library code. 8 * 9 * Users and integrators should not edit this file, please edit 10 * include/mbedtls/mbedtls_config.h for MBETLS_XXX settings or 11 * include/psa/crypto_config.h for PSA_WANT_XXX settings. 12 */ 13 /* 14 * Copyright The Mbed TLS Contributors 15 * SPDX-License-Identifier: Apache-2.0 16 * 17 * Licensed under the Apache License, Version 2.0 (the "License"); you may 18 * not use this file except in compliance with the License. 19 * You may obtain a copy of the License at 20 * 21 * http://www.apache.org/licenses/LICENSE-2.0 22 * 23 * Unless required by applicable law or agreed to in writing, software 24 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 25 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 26 * See the License for the specific language governing permissions and 27 * limitations under the License. 28 */ 29 30 #ifndef MBEDTLS_CONFIG_PSA_H 31 #define MBEDTLS_CONFIG_PSA_H 32 33 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) 34 #include "psa/crypto_config.h" 35 #endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */ 36 37 #ifdef __cplusplus 38 extern "C" { 39 #endif 40 41 42 43 /****************************************************************/ 44 /* De facto synonyms */ 45 /****************************************************************/ 46 47 #if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA) 48 #define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY 49 #elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA) 50 #define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA 51 #endif 52 53 #if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) 54 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 55 #elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) 56 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN 57 #endif 58 59 #if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS) 60 #define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT 61 #elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS) 62 #define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS 63 #endif 64 65 66 67 /****************************************************************/ 68 /* Require built-in implementations based on PSA requirements */ 69 /****************************************************************/ 70 71 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) 72 73 #if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) 74 #if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) 75 #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 76 #define MBEDTLS_ECDSA_DETERMINISTIC 77 #define MBEDTLS_ECDSA_C 78 #define MBEDTLS_HMAC_DRBG_C 79 #define MBEDTLS_MD_C 80 #endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */ 81 #endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */ 82 83 #if defined(PSA_WANT_ALG_ECDH) 84 #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) 85 #define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 86 #define MBEDTLS_ECDH_C 87 #define MBEDTLS_ECP_C 88 #define MBEDTLS_BIGNUM_C 89 #endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */ 90 #endif /* PSA_WANT_ALG_ECDH */ 91 92 #if defined(PSA_WANT_ALG_ECDSA) 93 #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) 94 #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 95 #define MBEDTLS_ECDSA_C 96 #endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */ 97 #endif /* PSA_WANT_ALG_ECDSA */ 98 99 #if defined(PSA_WANT_ALG_HKDF) 100 #if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) 101 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 102 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 103 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ 104 #endif /* PSA_WANT_ALG_HKDF */ 105 106 #if defined(PSA_WANT_ALG_HMAC) 107 #if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) 108 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 109 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ 110 #endif /* PSA_WANT_ALG_HMAC */ 111 112 #if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5) 113 #define MBEDTLS_PSA_BUILTIN_ALG_MD5 1 114 #define MBEDTLS_MD5_C 115 #endif 116 117 #if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) 118 #define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1 119 #define MBEDTLS_RIPEMD160_C 120 #endif 121 122 #if defined(PSA_WANT_ALG_RSA_OAEP) 123 #if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) 124 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 125 #define MBEDTLS_RSA_C 126 #define MBEDTLS_BIGNUM_C 127 #define MBEDTLS_OID_C 128 #define MBEDTLS_PKCS1_V21 129 #define MBEDTLS_MD_C 130 #endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */ 131 #endif /* PSA_WANT_ALG_RSA_OAEP */ 132 133 #if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) 134 #if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT) 135 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 136 #define MBEDTLS_RSA_C 137 #define MBEDTLS_BIGNUM_C 138 #define MBEDTLS_OID_C 139 #define MBEDTLS_PKCS1_V15 140 #endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */ 141 #endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */ 142 143 #if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) 144 #if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) 145 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 146 #define MBEDTLS_RSA_C 147 #define MBEDTLS_BIGNUM_C 148 #define MBEDTLS_OID_C 149 #define MBEDTLS_PKCS1_V15 150 #define MBEDTLS_MD_C 151 #endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */ 152 #endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ 153 154 #if defined(PSA_WANT_ALG_RSA_PSS) 155 #if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) 156 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 157 #define MBEDTLS_RSA_C 158 #define MBEDTLS_BIGNUM_C 159 #define MBEDTLS_OID_C 160 #define MBEDTLS_PKCS1_V21 161 #define MBEDTLS_MD_C 162 #endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */ 163 #endif /* PSA_WANT_ALG_RSA_PSS */ 164 165 #if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) 166 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1 167 #define MBEDTLS_SHA1_C 168 #endif 169 170 #if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) 171 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1 172 #define MBEDTLS_SHA224_C 173 #endif 174 175 #if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) 176 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 177 #define MBEDTLS_SHA256_C 178 #endif 179 180 #if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) 181 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1 182 #define MBEDTLS_SHA384_C 183 #endif 184 185 #if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) 186 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1 187 #define MBEDTLS_SHA512_C 188 #endif 189 190 #if defined(PSA_WANT_ALG_TLS12_PRF) 191 #if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) 192 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 193 #endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */ 194 #endif /* PSA_WANT_ALG_TLS12_PRF */ 195 196 #if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) 197 #if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS) 198 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 199 #endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */ 200 #endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */ 201 202 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) 203 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) 204 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 205 #define MBEDTLS_ECP_C 206 #define MBEDTLS_BIGNUM_C 207 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */ 208 #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */ 209 210 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) 211 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) 212 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 213 #define MBEDTLS_ECP_C 214 #define MBEDTLS_BIGNUM_C 215 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ 216 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ 217 218 #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) 219 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) 220 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1 221 #define MBEDTLS_RSA_C 222 #define MBEDTLS_BIGNUM_C 223 #define MBEDTLS_OID_C 224 #define MBEDTLS_GENPRIME 225 #define MBEDTLS_PK_PARSE_C 226 #define MBEDTLS_PK_WRITE_C 227 #define MBEDTLS_PK_C 228 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */ 229 #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */ 230 231 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) 232 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) 233 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 234 #define MBEDTLS_RSA_C 235 #define MBEDTLS_BIGNUM_C 236 #define MBEDTLS_OID_C 237 #define MBEDTLS_PK_PARSE_C 238 #define MBEDTLS_PK_WRITE_C 239 #define MBEDTLS_PK_C 240 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */ 241 #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ 242 243 /* If any of the block modes are requested that don't have an 244 * associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking 245 * in the block cipher key types. */ 246 #if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \ 247 (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \ 248 (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \ 249 (defined(PSA_WANT_ALG_XTS) && !defined(MBEDTLS_PSA_ACCEL_ALG_XTS)) || \ 250 defined(PSA_WANT_ALG_ECB_NO_PADDING) || \ 251 (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ 252 !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \ 253 (defined(PSA_WANT_ALG_CBC_PKCS7) && \ 254 !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \ 255 (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)) 256 #define PSA_HAVE_SOFT_BLOCK_MODE 1 257 #endif 258 259 #if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \ 260 (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM)) 261 #define PSA_HAVE_SOFT_BLOCK_AEAD 1 262 #endif 263 264 #if defined(PSA_WANT_KEY_TYPE_AES) 265 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) 266 #define PSA_HAVE_SOFT_KEY_TYPE_AES 1 267 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ 268 #if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ 269 defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ 270 defined(PSA_HAVE_SOFT_BLOCK_AEAD) 271 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 272 #define MBEDTLS_AES_C 273 #endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */ 274 #endif /* PSA_WANT_KEY_TYPE_AES */ 275 276 #if defined(PSA_WANT_KEY_TYPE_ARIA) 277 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA) 278 #define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1 279 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */ 280 #if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ 281 defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ 282 defined(PSA_HAVE_SOFT_BLOCK_AEAD) 283 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1 284 #define MBEDTLS_ARIA_C 285 #endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */ 286 #endif /* PSA_WANT_KEY_TYPE_ARIA */ 287 288 #if defined(PSA_WANT_KEY_TYPE_CAMELLIA) 289 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA) 290 #define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1 291 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */ 292 #if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \ 293 defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ 294 defined(PSA_HAVE_SOFT_BLOCK_AEAD) 295 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 296 #define MBEDTLS_CAMELLIA_C 297 #endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */ 298 #endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ 299 300 #if defined(PSA_WANT_KEY_TYPE_DES) 301 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) 302 #define PSA_HAVE_SOFT_KEY_TYPE_DES 1 303 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */ 304 #if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \ 305 defined(PSA_HAVE_SOFT_BLOCK_MODE) 306 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1 307 #define MBEDTLS_DES_C 308 #endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */ 309 #endif /* PSA_WANT_KEY_TYPE_DES */ 310 311 #if defined(PSA_WANT_KEY_TYPE_CHACHA20) 312 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) 313 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1 314 #define MBEDTLS_CHACHA20_C 315 #endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */ 316 #endif /* PSA_WANT_KEY_TYPE_CHACHA20 */ 317 318 /* If any of the software block ciphers are selected, define 319 * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these 320 * situations. */ 321 #if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ 322 defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ 323 defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \ 324 defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) 325 #define PSA_HAVE_SOFT_BLOCK_CIPHER 1 326 #endif 327 328 #if defined(PSA_WANT_ALG_STREAM_CIPHER) 329 #define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1 330 #endif /* PSA_WANT_ALG_STREAM_CIPHER */ 331 332 #if defined(PSA_WANT_ALG_CBC_MAC) 333 #if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC) 334 #error "CBC-MAC is not yet supported via the PSA API in Mbed TLS." 335 #define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1 336 #endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */ 337 #endif /* PSA_WANT_ALG_CBC_MAC */ 338 339 #if defined(PSA_WANT_ALG_CMAC) 340 #if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \ 341 defined(PSA_HAVE_SOFT_BLOCK_CIPHER) 342 #define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 343 #define MBEDTLS_CMAC_C 344 #endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ 345 #endif /* PSA_WANT_ALG_CMAC */ 346 347 #if defined(PSA_WANT_ALG_CTR) 348 #if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \ 349 defined(PSA_HAVE_SOFT_BLOCK_CIPHER) 350 #define MBEDTLS_PSA_BUILTIN_ALG_CTR 1 351 #define MBEDTLS_CIPHER_MODE_CTR 352 #endif 353 #endif /* PSA_WANT_ALG_CTR */ 354 355 #if defined(PSA_WANT_ALG_CFB) 356 #if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \ 357 defined(PSA_HAVE_SOFT_BLOCK_CIPHER) 358 #define MBEDTLS_PSA_BUILTIN_ALG_CFB 1 359 #define MBEDTLS_CIPHER_MODE_CFB 360 #endif 361 #endif /* PSA_WANT_ALG_CFB */ 362 363 #if defined(PSA_WANT_ALG_OFB) 364 #if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \ 365 defined(PSA_HAVE_SOFT_BLOCK_CIPHER) 366 #define MBEDTLS_PSA_BUILTIN_ALG_OFB 1 367 #define MBEDTLS_CIPHER_MODE_OFB 368 #endif 369 #endif /* PSA_WANT_ALG_OFB */ 370 371 #if defined(PSA_WANT_ALG_XTS) 372 #if !defined(MBEDTLS_PSA_ACCEL_ALG_XTS) || \ 373 defined(PSA_HAVE_SOFT_BLOCK_CIPHER) 374 #define MBEDTLS_PSA_BUILTIN_ALG_XTS 1 375 #define MBEDTLS_CIPHER_MODE_XTS 376 #endif 377 #endif /* PSA_WANT_ALG_XTS */ 378 379 #if defined(PSA_WANT_ALG_ECB_NO_PADDING) 380 #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 381 #endif 382 383 #if defined(PSA_WANT_ALG_CBC_NO_PADDING) 384 #if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \ 385 defined(PSA_HAVE_SOFT_BLOCK_CIPHER) 386 #define MBEDTLS_CIPHER_MODE_CBC 387 #define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1 388 #endif 389 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */ 390 391 #if defined(PSA_WANT_ALG_CBC_PKCS7) 392 #if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \ 393 defined(PSA_HAVE_SOFT_BLOCK_CIPHER) 394 #define MBEDTLS_CIPHER_MODE_CBC 395 #define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1 396 #define MBEDTLS_CIPHER_PADDING_PKCS7 397 #endif 398 #endif /* PSA_WANT_ALG_CBC_PKCS7 */ 399 400 #if defined(PSA_WANT_ALG_CCM) 401 #if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \ 402 defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ 403 defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ 404 defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) 405 #define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 406 #define MBEDTLS_CCM_C 407 #endif 408 #endif /* PSA_WANT_ALG_CCM */ 409 410 #if defined(PSA_WANT_ALG_GCM) 411 #if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \ 412 defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ 413 defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ 414 defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) 415 #define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 416 #define MBEDTLS_GCM_C 417 #endif 418 #endif /* PSA_WANT_ALG_GCM */ 419 420 #if defined(PSA_WANT_ALG_CHACHA20_POLY1305) 421 #if defined(PSA_WANT_KEY_TYPE_CHACHA20) 422 #define MBEDTLS_CHACHAPOLY_C 423 #define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1 424 #endif /* PSA_WANT_KEY_TYPE_CHACHA20 */ 425 #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ 426 427 #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) 428 #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) 429 #define MBEDTLS_ECP_DP_BP256R1_ENABLED 430 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 431 #endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */ 432 #endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */ 433 434 #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) 435 #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) 436 #define MBEDTLS_ECP_DP_BP384R1_ENABLED 437 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 438 #endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */ 439 #endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */ 440 441 #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) 442 #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) 443 #define MBEDTLS_ECP_DP_BP512R1_ENABLED 444 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 445 #endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */ 446 #endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */ 447 448 #if defined(PSA_WANT_ECC_MONTGOMERY_255) 449 #if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) 450 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED 451 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 452 #endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */ 453 #endif /* PSA_WANT_ECC_MONTGOMERY_255 */ 454 455 #if defined(PSA_WANT_ECC_MONTGOMERY_448) 456 #if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) 457 #define MBEDTLS_ECP_DP_CURVE448_ENABLED 458 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 459 #endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */ 460 #endif /* PSA_WANT_ECC_MONTGOMERY_448 */ 461 462 #if defined(PSA_WANT_ECC_SECP_R1_192) 463 #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) 464 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED 465 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 466 #endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */ 467 #endif /* PSA_WANT_ECC_SECP_R1_192 */ 468 469 #if defined(PSA_WANT_ECC_SECP_R1_224) 470 #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) 471 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED 472 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 473 #endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */ 474 #endif /* PSA_WANT_ECC_SECP_R1_224 */ 475 476 #if defined(PSA_WANT_ECC_SECP_R1_256) 477 #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) 478 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 479 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 480 #endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */ 481 #endif /* PSA_WANT_ECC_SECP_R1_256 */ 482 483 #if defined(PSA_WANT_ECC_SECP_R1_384) 484 #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) 485 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 486 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 487 #endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */ 488 #endif /* PSA_WANT_ECC_SECP_R1_384 */ 489 490 #if defined(PSA_WANT_ECC_SECP_R1_521) 491 #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) 492 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED 493 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 494 #endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */ 495 #endif /* PSA_WANT_ECC_SECP_R1_521 */ 496 497 #if defined(PSA_WANT_ECC_SECP_K1_192) 498 #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) 499 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED 500 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 501 #endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */ 502 #endif /* PSA_WANT_ECC_SECP_K1_192 */ 503 504 #if defined(PSA_WANT_ECC_SECP_K1_224) 505 #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) 506 /* 507 * SECP224K1 is buggy via the PSA API in Mbed TLS 508 * (https://github.com/ARMmbed/mbedtls/issues/3541). 509 */ 510 #error "SECP224K1 is buggy via the PSA API in Mbed TLS." 511 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED 512 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 513 #endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */ 514 #endif /* PSA_WANT_ECC_SECP_K1_224 */ 515 516 #if defined(PSA_WANT_ECC_SECP_K1_256) 517 #if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) 518 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED 519 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 520 #endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */ 521 #endif /* PSA_WANT_ECC_SECP_K1_256 */ 522 523 524 525 /****************************************************************/ 526 /* Infer PSA requirements from Mbed TLS capabilities */ 527 /****************************************************************/ 528 529 #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ 530 531 /* 532 * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG 533 * is not defined 534 */ 535 536 #if defined(MBEDTLS_CCM_C) 537 #define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 538 #define PSA_WANT_ALG_CCM 1 539 #endif /* MBEDTLS_CCM_C */ 540 541 #if defined(MBEDTLS_CMAC_C) 542 #define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 543 #define PSA_WANT_ALG_CMAC 1 544 #endif /* MBEDTLS_CMAC_C */ 545 546 #if defined(MBEDTLS_ECDH_C) 547 #define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 548 #define PSA_WANT_ALG_ECDH 1 549 #endif /* MBEDTLS_ECDH_C */ 550 551 #if defined(MBEDTLS_ECDSA_C) 552 #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 553 #define PSA_WANT_ALG_ECDSA 1 554 #define PSA_WANT_ALG_ECDSA_ANY 1 555 556 // Only add in DETERMINISTIC support if ECDSA is also enabled 557 #if defined(MBEDTLS_ECDSA_DETERMINISTIC) 558 #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 559 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 560 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ 561 562 #endif /* MBEDTLS_ECDSA_C */ 563 564 #if defined(MBEDTLS_ECP_C) 565 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 566 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 567 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 568 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 569 #endif /* MBEDTLS_ECP_C */ 570 571 #if defined(MBEDTLS_GCM_C) 572 #define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 573 #define PSA_WANT_ALG_GCM 1 574 #endif /* MBEDTLS_GCM_C */ 575 576 #if defined(MBEDTLS_HKDF_C) 577 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 578 #define PSA_WANT_ALG_HMAC 1 579 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 580 #define PSA_WANT_ALG_HKDF 1 581 #endif /* MBEDTLS_HKDF_C */ 582 583 #if defined(MBEDTLS_MD_C) 584 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 585 #define PSA_WANT_ALG_HMAC 1 586 #define PSA_WANT_KEY_TYPE_HMAC 587 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 588 #define PSA_WANT_ALG_TLS12_PRF 1 589 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 590 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 591 #endif /* MBEDTLS_MD_C */ 592 593 #if defined(MBEDTLS_MD5_C) 594 #define MBEDTLS_PSA_BUILTIN_ALG_MD5 1 595 #define PSA_WANT_ALG_MD5 1 596 #endif 597 598 #if defined(MBEDTLS_RIPEMD160_C) 599 #define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1 600 #define PSA_WANT_ALG_RIPEMD160 1 601 #endif 602 603 #if defined(MBEDTLS_RSA_C) 604 #if defined(MBEDTLS_PKCS1_V15) 605 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 606 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 607 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 608 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 609 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1 610 #endif /* MBEDTLS_PKCS1_V15 */ 611 #if defined(MBEDTLS_PKCS1_V21) 612 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 613 #define PSA_WANT_ALG_RSA_OAEP 1 614 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 615 #define PSA_WANT_ALG_RSA_PSS 1 616 #endif /* MBEDTLS_PKCS1_V21 */ 617 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1 618 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 619 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 620 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 621 #endif /* MBEDTLS_RSA_C */ 622 623 #if defined(MBEDTLS_SHA1_C) 624 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1 625 #define PSA_WANT_ALG_SHA_1 1 626 #endif 627 628 #if defined(MBEDTLS_SHA224_C) 629 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1 630 #define PSA_WANT_ALG_SHA_224 1 631 #endif 632 633 #if defined(MBEDTLS_SHA256_C) 634 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 635 #define PSA_WANT_ALG_SHA_256 1 636 #endif 637 638 #if defined(MBEDTLS_SHA384_C) 639 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1 640 #define PSA_WANT_ALG_SHA_384 1 641 #endif 642 643 #if defined(MBEDTLS_SHA512_C) 644 #define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1 645 #define PSA_WANT_ALG_SHA_512 1 646 #endif 647 648 #if defined(MBEDTLS_AES_C) 649 #define PSA_WANT_KEY_TYPE_AES 1 650 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 651 #endif 652 653 #if defined(MBEDTLS_ARIA_C) 654 #define PSA_WANT_KEY_TYPE_ARIA 1 655 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1 656 #endif 657 658 #if defined(MBEDTLS_CAMELLIA_C) 659 #define PSA_WANT_KEY_TYPE_CAMELLIA 1 660 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 661 #endif 662 663 #if defined(MBEDTLS_DES_C) 664 #define PSA_WANT_KEY_TYPE_DES 1 665 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1 666 #endif 667 668 #if defined(MBEDTLS_CHACHA20_C) 669 #define PSA_WANT_KEY_TYPE_CHACHA20 1 670 #define PSA_WANT_ALG_STREAM_CIPHER 1 671 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1 672 #define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1 673 #if defined(MBEDTLS_CHACHAPOLY_C) 674 #define PSA_WANT_ALG_CHACHA20_POLY1305 1 675 #define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1 676 #endif 677 #endif 678 679 #if defined(MBEDTLS_CIPHER_MODE_CBC) 680 #define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1 681 #define PSA_WANT_ALG_CBC_NO_PADDING 1 682 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) 683 #define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1 684 #define PSA_WANT_ALG_CBC_PKCS7 1 685 #endif 686 #endif 687 688 #if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \ 689 defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C) 690 #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 691 #define PSA_WANT_ALG_ECB_NO_PADDING 1 692 #endif 693 694 #if defined(MBEDTLS_CIPHER_MODE_CFB) 695 #define MBEDTLS_PSA_BUILTIN_ALG_CFB 1 696 #define PSA_WANT_ALG_CFB 1 697 #endif 698 699 #if defined(MBEDTLS_CIPHER_MODE_CTR) 700 #define MBEDTLS_PSA_BUILTIN_ALG_CTR 1 701 #define PSA_WANT_ALG_CTR 1 702 #endif 703 704 #if defined(MBEDTLS_CIPHER_MODE_OFB) 705 #define MBEDTLS_PSA_BUILTIN_ALG_OFB 1 706 #define PSA_WANT_ALG_OFB 1 707 #endif 708 709 #if defined(MBEDTLS_CIPHER_MODE_XTS) 710 #define MBEDTLS_PSA_BUILTIN_ALG_XTS 1 711 #define PSA_WANT_ALG_XTS 1 712 #endif 713 714 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) 715 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 716 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 717 #endif 718 719 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) 720 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 721 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384 722 #endif 723 724 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) 725 #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 726 #define PSA_WANT_ECC_BRAINPOOL_P_R1_512 727 #endif 728 729 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) 730 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 731 #define PSA_WANT_ECC_MONTGOMERY_255 732 #endif 733 734 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) 735 #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 736 #define PSA_WANT_ECC_MONTGOMERY_448 737 #endif 738 739 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) 740 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 741 #define PSA_WANT_ECC_SECP_R1_192 742 #endif 743 744 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) 745 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 746 #define PSA_WANT_ECC_SECP_R1_224 747 #endif 748 749 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) 750 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 751 #define PSA_WANT_ECC_SECP_R1_256 752 #endif 753 754 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) 755 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 756 #define PSA_WANT_ECC_SECP_R1_384 757 #endif 758 759 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) 760 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 761 #define PSA_WANT_ECC_SECP_R1_521 762 #endif 763 764 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) 765 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 766 #define PSA_WANT_ECC_SECP_K1_192 767 #endif 768 769 /* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */ 770 #if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) 771 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 772 #define PSA_WANT_ECC_SECP_K1_224 773 #endif 774 775 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) 776 #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 777 #define PSA_WANT_ECC_SECP_K1_256 778 #endif 779 780 #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ 781 782 /* These features are always enabled. */ 783 #define PSA_WANT_KEY_TYPE_DERIVE 1 784 #define PSA_WANT_KEY_TYPE_RAW_DATA 1 785 786 #ifdef __cplusplus 787 } 788 #endif 789 790 #endif /* MBEDTLS_CONFIG_PSA_H */ 791