2022-07-21 10:40:13 +02:00
|
|
|
/**
|
|
|
|
* Internal macros to express dependencies for code and tests
|
|
|
|
* that may use either the legacy API or PSA in various builds.
|
|
|
|
*
|
|
|
|
* Copyright The Mbed TLS Contributors
|
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
* not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* These macros are for code that wants to use <crypto feature> and will do so
|
|
|
|
* using <legacy API> or PSA depending on <condition>, where:
|
|
|
|
* - <crypto feature> will generally be an algorithm (SHA-256, ECDH) but may
|
|
|
|
* also be a key type (AES, RSA, EC) or domain parameters (elliptic curve);
|
|
|
|
* - <legacy API> will be either:
|
|
|
|
* - low-level module API (aes.h, sha256.h), or
|
|
|
|
* - an abstraction layer (md.h, cipher.h);
|
|
|
|
* - <condition> will be either:
|
|
|
|
* - depending on what's available in the build, or
|
|
|
|
* - depending on whether MBEDTLS_USE_PSA_CRYPTO is defined.
|
|
|
|
*
|
|
|
|
* Examples:
|
|
|
|
* - TLS 1.2 will compute hashes using either mbedtls_md_xxx() (and
|
|
|
|
* mbedtls_sha256_xxx()) or psa_aead_xxx() depending on whether
|
|
|
|
* MBEDTLS_USE_PSA_CRYPTO is defined;
|
|
|
|
* - RSA PKCS#1 v2.1 will, in the near future*, compute hashes (for padding)
|
|
|
|
* using either `mbedtls_md()` if it's available, or `psa_hash_compute()`
|
|
|
|
* otherwise;
|
|
|
|
* - PEM decoding of PEM-encrypted keys will, in the near future*, compute MD5
|
|
|
|
* hashes using either `mbedtls_md5_xxx()` if it's available, or
|
|
|
|
* `psa_hash_xxx()` otherwise.
|
|
|
|
* *See docs/architecture/psa-migration/strategy.md, section "Supporting
|
|
|
|
* builds with drivers without the software implementation", strategy for step
|
|
|
|
* 1 (libmbedcrypto except the RNG subsystem).
|
|
|
|
*
|
|
|
|
* Note: the macros are essential to express test dependencies. Inside code,
|
|
|
|
* we could instead just use the equivalent pre-processor condition, but
|
|
|
|
* that's not possible in test dependencies where we need a single macro.
|
|
|
|
* Hopefully, using these macros in code will also help with consistency.
|
|
|
|
*
|
|
|
|
* The naming scheme for these macros is:
|
|
|
|
* MBEDTLS_HAS_feature_VIA_legacy_OR_PSA(_condition)
|
|
|
|
* where:
|
|
|
|
* - feature is expressed the same way as in PSA_WANT macros, for example:
|
|
|
|
* KEY_TYPE_AES, ALG_SHA_256, ECC_SECP_R1_256;
|
|
|
|
* - legacy is either LOWLEVEL or the name of the layer: MD, CIPHER;
|
2022-07-27 20:37:12 +02:00
|
|
|
* - condition is omitted if it's based on availability, else it's
|
2022-07-21 10:40:13 +02:00
|
|
|
* BASED_ON_USE_PSA.
|
|
|
|
*
|
|
|
|
* Coming back to the examples above:
|
|
|
|
* - TLS 1.2 will determine if it can use SHA-256 using
|
|
|
|
* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
|
|
|
* for the purposes of negotiation, and in test dependencies;
|
|
|
|
* - RSA PKCS#1 v2.1 tests that used SHA-256 will depend on
|
|
|
|
* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
|
|
|
|
* - PEM decoding code and its associated tests will depend on
|
|
|
|
* MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
|
|
|
|
*
|
|
|
|
* Note: every time it's possible to use, say SHA-256, via the MD API, then
|
|
|
|
* it's also possible to used it via the low-level API. So, code that wants to
|
|
|
|
* use SHA-256 via both APIs only needs to depend on the MD macro. Also, it
|
|
|
|
* just so happens that all the choosing which API to use based on
|
|
|
|
* MBEDTLS_USE_PSA_CRYPTO (X.509, TLS 1.2/shared), always uses the abstraction
|
|
|
|
* layer (sometimes in addition to the low-level API), so we don't need the
|
|
|
|
* MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA_BASED_ON_USE_PSA macros.
|
|
|
|
* (PK, while obeying MBEDTLS_USE_PSA_CRYPTO, doesn't compute hashes itself,
|
|
|
|
* even less makes use of ciphers.)
|
|
|
|
*
|
|
|
|
* Note: the macros MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA are the minimal
|
|
|
|
* condition for being able to use <feature> at all. As such, they should be
|
|
|
|
* used for guarding data about <feature>, such as OIDs or size. For example,
|
|
|
|
* OID values related to SHA-256 are only useful when SHA-256 can be used at
|
|
|
|
* least in some way.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef MBEDTLS_OR_PSA_HELPERS_H
|
|
|
|
#define MBEDTLS_OR_PSA_HELPERS_H
|
|
|
|
|
|
|
|
#include "common.h"
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Hashes
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* Hashes using low-level or PSA based on availability */
|
|
|
|
#if defined(MBEDTLS_MD5_C) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) )
|
|
|
|
#define MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
|
|
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_RIPEMD160_C) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) )
|
|
|
|
#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA
|
|
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_SHA1_C) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA
|
|
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_SHA224_C) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA
|
|
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_SHA256_C) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA
|
|
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_SHA384_C) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA
|
|
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_SHA512_C) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* Hashes using MD or PSA based on availability */
|
|
|
|
#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) )
|
|
|
|
#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
|
|
|
|
#endif
|
|
|
|
#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) )
|
|
|
|
#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA
|
|
|
|
#endif
|
|
|
|
#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
|
|
|
|
#endif
|
|
|
|
#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA
|
|
|
|
#endif
|
|
|
|
#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
|
|
|
|
#endif
|
|
|
|
#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
|
|
|
|
#endif
|
|
|
|
#if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \
|
|
|
|
( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* Hashes using MD or PSA based on MBEDTLS_USE_PSA_CRYPTO */
|
|
|
|
#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
|
|
|
defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) || \
|
|
|
|
( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_MD5) )
|
|
|
|
#define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
|
|
|
#endif
|
|
|
|
#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
|
|
|
defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) || \
|
|
|
|
( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_RIPEMD160) )
|
|
|
|
#define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
|
|
|
#endif
|
|
|
|
#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
|
|
|
defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \
|
|
|
|
( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
|
|
|
#endif
|
|
|
|
#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
|
|
|
defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \
|
|
|
|
( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
|
|
|
#endif
|
|
|
|
#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
|
|
|
defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \
|
|
|
|
( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
|
|
|
#endif
|
|
|
|
#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
|
|
|
defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \
|
|
|
|
( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
|
|
|
#endif
|
|
|
|
#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
|
|
|
defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \
|
|
|
|
( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) )
|
|
|
|
#define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#endif /* MBEDTLS_OR_PSA_HELPERS_H */
|