Merge pull request #8159 from gilles-peskine-arm/split-config_psa-split
Split out configuration adjustments from build_info.h and config_psa.h
This commit is contained in:
Gilles Peskine
GitHub
commit
d1ce030de2
11 changed files with 1432 additions and 1162 deletions
|
|
@ -120,165 +120,11 @@
|
|||
#include "mbedtls/config_psa.h"
|
||||
#endif
|
||||
|
||||
/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
|
||||
* This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
|
||||
*/
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
#define MBEDTLS_MD_LIGHT
|
||||
#endif
|
||||
#include "mbedtls/config_adjust_legacy_crypto.h"
|
||||
|
||||
/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
|
||||
* in a previous release, to ensure backwards compatibility.
|
||||
*/
|
||||
#if defined(MBEDTLS_ECJPAKE_C) || \
|
||||
defined(MBEDTLS_PEM_PARSE_C) || \
|
||||
defined(MBEDTLS_ENTROPY_C) || \
|
||||
defined(MBEDTLS_PK_C) || \
|
||||
defined(MBEDTLS_PKCS12_C) || \
|
||||
defined(MBEDTLS_RSA_C) || \
|
||||
defined(MBEDTLS_SSL_TLS_C) || \
|
||||
defined(MBEDTLS_X509_USE_C) || \
|
||||
defined(MBEDTLS_X509_CREATE_C)
|
||||
#define MBEDTLS_MD_LIGHT
|
||||
#endif
|
||||
#include "mbedtls/config_adjust_x509.h"
|
||||
|
||||
/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
|
||||
* - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
|
||||
* for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
|
||||
* some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
|
||||
* - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
|
||||
* these features are not supported in PSA so the only way to have them is
|
||||
* to enable the built-in solution.
|
||||
* Both of them are temporary dependencies:
|
||||
* - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
|
||||
* - support for compressed points should also be added to PSA, but in this
|
||||
* case there is no associated issue to track it yet.
|
||||
* - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
|
||||
* still depends on ECP_LIGHT.
|
||||
* - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
|
||||
* be fixed by #7453.
|
||||
*/
|
||||
#if defined(MBEDTLS_ECP_C) || \
|
||||
defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
|
||||
defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
|
||||
#define MBEDTLS_ECP_LIGHT
|
||||
#endif
|
||||
|
||||
/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in MbedTLS version 3.5, while
|
||||
* in previous version compressed points were automatically supported as long
|
||||
* as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
|
||||
* compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
|
||||
* are met. */
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
|
||||
#define MBEDTLS_PK_PARSE_EC_COMPRESSED
|
||||
#endif
|
||||
|
||||
/* Helper symbol to state that there is support for ECDH, either through
|
||||
* library implementation (ECDH_C) or through PSA. */
|
||||
#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
|
||||
(!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
|
||||
#define MBEDTLS_CAN_ECDH
|
||||
#endif
|
||||
|
||||
/* PK module can achieve ECDSA functionalities by means of either software
|
||||
* implementations (ECDSA_C) or through a PSA driver. The following defines
|
||||
* are meant to list these capabilities in a general way which abstracts how
|
||||
* they are implemented under the hood. */
|
||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
|
||||
#endif /* MBEDTLS_ECDSA_C */
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(PSA_WANT_ALG_ECDSA)
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||
#endif /* PSA_WANT_ALG_ECDSA */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
#endif
|
||||
|
||||
/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
|
||||
* is defined as well to include all PSA code.
|
||||
*/
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#define MBEDTLS_PSA_CRYPTO_CLIENT
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
/* The PK wrappers need pk_write functions to format RSA key objects
|
||||
* when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO,
|
||||
* and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C)
|
||||
#define MBEDTLS_PK_C
|
||||
#define MBEDTLS_PK_WRITE_C
|
||||
#define MBEDTLS_PK_PARSE_C
|
||||
#endif
|
||||
|
||||
/* Helper symbol to state that the PK module has support for EC keys. This
|
||||
* can either be provided through the legacy ECP solution or through the
|
||||
* PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
|
||||
#if defined(MBEDTLS_ECP_C) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
|
||||
#define MBEDTLS_PK_HAVE_ECC_KEYS
|
||||
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
|
||||
|
||||
/* The following blocks make it easier to disable all of TLS,
|
||||
* or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
|
||||
* key exchanges, options and extensions related to them. */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_TLS_C)
|
||||
#undef MBEDTLS_SSL_CLI_C
|
||||
#undef MBEDTLS_SSL_SRV_C
|
||||
#undef MBEDTLS_SSL_PROTO_TLS1_3
|
||||
#undef MBEDTLS_SSL_PROTO_TLS1_2
|
||||
#undef MBEDTLS_SSL_PROTO_DTLS
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
||||
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
||||
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
||||
#undef MBEDTLS_SSL_DTLS_SRTP
|
||||
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
||||
#undef MBEDTLS_SSL_RENEGOTIATION
|
||||
#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
||||
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
#undef MBEDTLS_SSL_EARLY_DATA
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
(defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
|
||||
#define MBEDTLS_SSL_TLS1_2_SOME_ECC
|
||||
#endif
|
||||
#include "mbedtls/config_adjust_ssl.h"
|
||||
|
||||
/* Make sure all configuration symbols are set before including check_config.h,
|
||||
* even the ones that are calculated programmatically. */
|
||||
|
|
|
|||
146
include/mbedtls/config_adjust_legacy_crypto.h
Normal file
146
include/mbedtls/config_adjust_legacy_crypto.h
Normal file
|
|
@ -0,0 +1,146 @@
|
|||
/**
|
||||
* \file mbedtls/config_adjust_legacy_crypto.h
|
||||
* \brief Adjust legacy configuration configuration
|
||||
*
|
||||
* Automatically enable certain dependencies. Generally, MBEDLTS_xxx
|
||||
* configurations need to be explicitly enabled by the user: enabling
|
||||
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
|
||||
* compilation error. However, we do automatically enable certain options
|
||||
* in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
|
||||
* used to identify parts of a module that are used by other module, and we
|
||||
* don't want to make the symbol MBEDTLS_xxx_B part of the public API.
|
||||
* Another case is if A didn't depend on B in earlier versions, and we
|
||||
* want to use B in A but we need to preserve backward compatibility with
|
||||
* configurations that explicitly activate MBEDTLS_xxx_A but not
|
||||
* MBEDTLS_xxx_B.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
|
||||
#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
|
||||
|
||||
/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
|
||||
* This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
|
||||
*/
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
#define MBEDTLS_MD_LIGHT
|
||||
#endif
|
||||
|
||||
/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
|
||||
* in a previous release, to ensure backwards compatibility.
|
||||
*/
|
||||
#if defined(MBEDTLS_ECJPAKE_C) || \
|
||||
defined(MBEDTLS_PEM_PARSE_C) || \
|
||||
defined(MBEDTLS_ENTROPY_C) || \
|
||||
defined(MBEDTLS_PK_C) || \
|
||||
defined(MBEDTLS_PKCS12_C) || \
|
||||
defined(MBEDTLS_RSA_C) || \
|
||||
defined(MBEDTLS_SSL_TLS_C) || \
|
||||
defined(MBEDTLS_X509_USE_C) || \
|
||||
defined(MBEDTLS_X509_CREATE_C)
|
||||
#define MBEDTLS_MD_LIGHT
|
||||
#endif
|
||||
|
||||
/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
|
||||
* - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
|
||||
* for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
|
||||
* some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
|
||||
* - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
|
||||
* these features are not supported in PSA so the only way to have them is
|
||||
* to enable the built-in solution.
|
||||
* Both of them are temporary dependencies:
|
||||
* - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
|
||||
* - support for compressed points should also be added to PSA, but in this
|
||||
* case there is no associated issue to track it yet.
|
||||
* - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
|
||||
* still depends on ECP_LIGHT.
|
||||
* - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
|
||||
* be fixed by #7453.
|
||||
*/
|
||||
#if defined(MBEDTLS_ECP_C) || \
|
||||
defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
|
||||
defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
|
||||
#define MBEDTLS_ECP_LIGHT
|
||||
#endif
|
||||
|
||||
/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in MbedTLS version 3.5, while
|
||||
* in previous version compressed points were automatically supported as long
|
||||
* as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
|
||||
* compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
|
||||
* are met. */
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
|
||||
#define MBEDTLS_PK_PARSE_EC_COMPRESSED
|
||||
#endif
|
||||
|
||||
/* Helper symbol to state that there is support for ECDH, either through
|
||||
* library implementation (ECDH_C) or through PSA. */
|
||||
#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
|
||||
(!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
|
||||
#define MBEDTLS_CAN_ECDH
|
||||
#endif
|
||||
|
||||
/* PK module can achieve ECDSA functionalities by means of either software
|
||||
* implementations (ECDSA_C) or through a PSA driver. The following defines
|
||||
* are meant to list these capabilities in a general way which abstracts how
|
||||
* they are implemented under the hood. */
|
||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
|
||||
#endif /* MBEDTLS_ECDSA_C */
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(PSA_WANT_ALG_ECDSA)
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||
#endif /* PSA_WANT_ALG_ECDSA */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
#endif
|
||||
|
||||
/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
|
||||
* is defined as well to include all PSA code.
|
||||
*/
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#define MBEDTLS_PSA_CRYPTO_CLIENT
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
/* The PK wrappers need pk_write functions to format RSA key objects
|
||||
* when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO,
|
||||
* and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C)
|
||||
#define MBEDTLS_PK_C
|
||||
#define MBEDTLS_PK_WRITE_C
|
||||
#define MBEDTLS_PK_PARSE_C
|
||||
#endif
|
||||
|
||||
/* Helper symbol to state that the PK module has support for EC keys. This
|
||||
* can either be provided through the legacy ECP solution or through the
|
||||
* PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
|
||||
#if defined(MBEDTLS_ECP_C) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
|
||||
#define MBEDTLS_PK_HAVE_ECC_KEYS
|
||||
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */
|
||||
641
include/mbedtls/config_adjust_legacy_from_psa.h
Normal file
641
include/mbedtls/config_adjust_legacy_from_psa.h
Normal file
|
|
@ -0,0 +1,641 @@
|
|||
/**
|
||||
* \file mbedtls/config_adjust_legacy_from_psa.h
|
||||
* \brief Adjust PSA configuration: activate legacy implementations
|
||||
*
|
||||
* When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, activate legacy implementations
|
||||
* of cryptographic mechanisms as needed to fulfill the needs of the PSA
|
||||
* configuration. Generally speaking, we activate a legacy mechanism if
|
||||
* it's needed for a requested PSA mechanism and there is no PSA driver
|
||||
* for it.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
|
||||
#define MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
|
||||
|
||||
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
|
||||
#define MBEDTLS_ECDSA_DETERMINISTIC
|
||||
#define MBEDTLS_ECDSA_C
|
||||
#define MBEDTLS_HMAC_DRBG_C
|
||||
#define MBEDTLS_MD_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
|
||||
#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDH)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
|
||||
#define MBEDTLS_ECDH_C
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
|
||||
#endif /* PSA_WANT_ALG_ECDH */
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDSA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
|
||||
#define MBEDTLS_ECDSA_C
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_ASN1_PARSE_C
|
||||
#define MBEDTLS_ASN1_WRITE_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
|
||||
#endif /* PSA_WANT_ALG_ECDSA */
|
||||
|
||||
#if defined(PSA_WANT_ALG_FFDH)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_FFDH */
|
||||
#endif /* PSA_WANT_ALG_FFDH */
|
||||
|
||||
#if defined(PSA_WANT_ALG_HKDF)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
|
||||
#endif /* PSA_WANT_ALG_HKDF */
|
||||
|
||||
#if defined(PSA_WANT_ALG_HKDF_EXTRACT)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */
|
||||
#endif /* PSA_WANT_ALG_HKDF_EXTRACT */
|
||||
|
||||
#if defined(PSA_WANT_ALG_HKDF_EXPAND)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */
|
||||
#endif /* PSA_WANT_ALG_HKDF_EXPAND */
|
||||
|
||||
#if defined(PSA_WANT_ALG_HMAC)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
|
||||
#endif /* PSA_WANT_ALG_HMAC */
|
||||
|
||||
#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
|
||||
#define MBEDTLS_MD5_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_JPAKE)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
|
||||
#define MBEDTLS_PSA_BUILTIN_PAKE 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
|
||||
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_ECJPAKE_C
|
||||
#endif /* MBEDTLS_PSA_ACCEL_ALG_JPAKE */
|
||||
#endif /* PSA_WANT_ALG_JPAKE */
|
||||
|
||||
#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
|
||||
#define MBEDTLS_RIPEMD160_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_OAEP)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
|
||||
#define MBEDTLS_RSA_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PKCS1_V21
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
|
||||
#endif /* PSA_WANT_ALG_RSA_OAEP */
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
|
||||
#define MBEDTLS_RSA_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PKCS1_V15
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */
|
||||
#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
|
||||
#define MBEDTLS_RSA_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PKCS1_V15
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
|
||||
#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_PSS)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
|
||||
#define MBEDTLS_RSA_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PKCS1_V21
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
|
||||
#endif /* PSA_WANT_ALG_RSA_PSS */
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
|
||||
#define MBEDTLS_SHA1_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
|
||||
#define MBEDTLS_SHA224_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
|
||||
#define MBEDTLS_SHA256_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
|
||||
#define MBEDTLS_SHA384_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
|
||||
#define MBEDTLS_SHA512_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA3_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1
|
||||
#define MBEDTLS_SHA3_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA3_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1
|
||||
#define MBEDTLS_SHA3_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA3_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1
|
||||
#define MBEDTLS_SHA3_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA3_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1
|
||||
#define MBEDTLS_SHA3_C
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_PBKDF2_HMAC)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1
|
||||
#define PSA_HAVE_SOFT_PBKDF2_HMAC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
|
||||
#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
|
||||
#endif /* PSA_WANT_ALG_PBKDF2_HMAC */
|
||||
|
||||
#if defined(PSA_WANT_ALG_TLS12_PRF)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
|
||||
#endif /* PSA_WANT_ALG_TLS12_PRF */
|
||||
|
||||
#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
|
||||
#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
|
||||
|
||||
#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS */
|
||||
#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
|
||||
#define MBEDTLS_GENPRIME
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */
|
||||
#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */
|
||||
#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
|
||||
#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */
|
||||
#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */
|
||||
#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
|
||||
#define MBEDTLS_RSA_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PK_PARSE_C
|
||||
#define MBEDTLS_PK_WRITE_C
|
||||
#define MBEDTLS_PK_C
|
||||
#define MBEDTLS_ASN1_PARSE_C
|
||||
#define MBEDTLS_ASN1_WRITE_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
|
||||
|
||||
/* If any of the block modes are requested that don't have an
|
||||
* associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking
|
||||
* in the block cipher key types. */
|
||||
#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
|
||||
(defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
|
||||
(defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
|
||||
defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
|
||||
(defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
|
||||
(defined(PSA_WANT_ALG_CBC_PKCS7) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
|
||||
(defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
|
||||
#define PSA_HAVE_SOFT_BLOCK_MODE 1
|
||||
#endif
|
||||
|
||||
#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
|
||||
(defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
|
||||
#define PSA_HAVE_SOFT_BLOCK_AEAD 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1
|
||||
#define PSA_HAVE_SOFT_PBKDF2_CMAC 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */
|
||||
#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_AES)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
|
||||
#define PSA_HAVE_SOFT_KEY_TYPE_AES 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
|
||||
#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_AEAD) || \
|
||||
defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
|
||||
#define MBEDTLS_AES_C
|
||||
#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_AES */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ARIA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
|
||||
#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */
|
||||
#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_AEAD)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
|
||||
#define MBEDTLS_ARIA_C
|
||||
#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ARIA */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
|
||||
#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
|
||||
#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_AEAD)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
|
||||
#define MBEDTLS_CAMELLIA_C
|
||||
#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DES)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
|
||||
#define PSA_HAVE_SOFT_KEY_TYPE_DES 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
|
||||
#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_MODE)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
|
||||
#define MBEDTLS_DES_C
|
||||
#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_DES */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
|
||||
#define MBEDTLS_CHACHA20_C
|
||||
#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
|
||||
#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
|
||||
|
||||
/* If any of the software block ciphers are selected, define
|
||||
* PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
|
||||
* situations. */
|
||||
#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
|
||||
#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_STREAM_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
|
||||
#endif /* PSA_WANT_ALG_STREAM_CIPHER */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CBC_MAC)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
|
||||
#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
|
||||
#endif /* PSA_WANT_ALG_CBC_MAC */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CMAC)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || \
|
||||
defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
|
||||
#define MBEDTLS_CMAC_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
|
||||
#endif /* PSA_WANT_ALG_CMAC */
|
||||
|
||||
#if defined(PSA_HAVE_SOFT_PBKDF2_HMAC) || \
|
||||
defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
|
||||
#define PSA_HAVE_SOFT_PBKDF2 1
|
||||
#endif /* PSA_HAVE_SOFT_PBKDF2_HMAC || PSA_HAVE_SOFT_PBKDF2_CMAC */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CTR)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
|
||||
#define MBEDTLS_CIPHER_MODE_CTR
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_CTR */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CFB)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
|
||||
#define MBEDTLS_CIPHER_MODE_CFB
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_CFB */
|
||||
|
||||
#if defined(PSA_WANT_ALG_OFB)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
|
||||
#define MBEDTLS_CIPHER_MODE_OFB
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_OFB */
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_CIPHER_MODE_CBC
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CBC_PKCS7)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_CIPHER_MODE_CBC
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
|
||||
#define MBEDTLS_CIPHER_PADDING_PKCS7
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_CBC_PKCS7 */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CCM)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
|
||||
#define MBEDTLS_CCM_C
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_CCM */
|
||||
|
||||
#if defined(PSA_WANT_ALG_GCM)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
|
||||
#define MBEDTLS_GCM_C
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_GCM */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
|
||||
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
|
||||
#define MBEDTLS_CHACHAPOLY_C
|
||||
#define MBEDTLS_CHACHA20_C
|
||||
#define MBEDTLS_POLY1305_C
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
|
||||
#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
|
||||
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
|
||||
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
|
||||
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
|
||||
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
|
||||
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
|
||||
#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
|
||||
#define MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
|
||||
#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
|
||||
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_192 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
|
||||
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_224 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
|
||||
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_256 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
|
||||
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_384 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
|
||||
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_521 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
|
||||
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_192 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
|
||||
/*
|
||||
* SECP224K1 is buggy via the PSA API in Mbed TLS
|
||||
* (https://github.com/Mbed-TLS/mbedtls/issues/3541).
|
||||
*/
|
||||
#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
|
||||
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_224 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
|
||||
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_256 */
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H */
|
||||
346
include/mbedtls/config_adjust_psa_from_legacy.h
Normal file
346
include/mbedtls/config_adjust_psa_from_legacy.h
Normal file
|
|
@ -0,0 +1,346 @@
|
|||
/**
|
||||
* \file mbedtls/config_adjust_psa_from_legacy.h
|
||||
* \brief Adjust PSA configuration: construct PSA configuration from legacy
|
||||
*
|
||||
* When MBEDTLS_PSA_CRYPTO_CONFIG is disabled, we automatically enable
|
||||
* cryptographic mechanisms through the PSA interface when the corresponding
|
||||
* legacy mechanism is enabled. In many cases, this just enables the PSA
|
||||
* wrapper code around the legacy implementation, but we also do this for
|
||||
* some mechanisms where PSA has its own independent implementation so
|
||||
* that high-level modules that can use either cryptographic API have the
|
||||
* same feature set in both cases.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H
|
||||
#define MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H
|
||||
|
||||
/*
|
||||
* Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
* is not defined
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
|
||||
#define PSA_WANT_ALG_CCM 1
|
||||
#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
|
||||
#define PSA_WANT_ALG_CMAC 1
|
||||
#endif /* MBEDTLS_CMAC_C */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
|
||||
#define PSA_WANT_ALG_ECDH 1
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
|
||||
#define PSA_WANT_ALG_ECDSA 1
|
||||
#define PSA_WANT_ALG_ECDSA_ANY 1
|
||||
|
||||
// Only add in DETERMINISTIC support if ECDSA is also enabled
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
|
||||
#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
|
||||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||
|
||||
#endif /* MBEDTLS_ECDSA_C */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
|
||||
/* Normally we wouldn't enable this because it's not implemented in ecp.c,
|
||||
* but since it used to be available any time ECP_C was enabled, let's enable
|
||||
* it anyway for the sake of backwards compatibility */
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
|
||||
/* See comment for PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE above. */
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
|
||||
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
|
||||
#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
|
||||
#define PSA_WANT_ALG_FFDH 1
|
||||
#define PSA_WANT_DH_FAMILY_RFC7919 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
|
||||
#endif /* MBEDTLS_DHM_C */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
|
||||
#define PSA_WANT_ALG_GCM 1
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
|
||||
/* Enable PSA HKDF algorithm if mbedtls HKDF is supported.
|
||||
* PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when
|
||||
* PSA HKDF is enabled, so enable both algorithms together
|
||||
* with PSA HKDF. */
|
||||
#if defined(MBEDTLS_HKDF_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define PSA_WANT_ALG_HMAC 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
|
||||
#define PSA_WANT_ALG_HKDF 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
|
||||
#define PSA_WANT_ALG_HKDF_EXTRACT 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
|
||||
#define PSA_WANT_ALG_HKDF_EXPAND 1
|
||||
#endif /* MBEDTLS_HKDF_C */
|
||||
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define PSA_WANT_ALG_HMAC 1
|
||||
#define PSA_WANT_KEY_TYPE_HMAC 1
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
|
||||
#define PSA_WANT_ALG_TLS12_PRF 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
|
||||
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
|
||||
#define PSA_WANT_ALG_MD5 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_PAKE 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
|
||||
#define PSA_WANT_ALG_JPAKE 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
|
||||
#define PSA_WANT_ALG_RIPEMD160 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
|
||||
#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
|
||||
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
|
||||
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
|
||||
#endif /* MBEDTLS_PKCS1_V15 */
|
||||
#if defined(MBEDTLS_PKCS1_V21)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
|
||||
#define PSA_WANT_ALG_RSA_OAEP 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
|
||||
#define PSA_WANT_ALG_RSA_PSS 1
|
||||
#endif /* MBEDTLS_PKCS1_V21 */
|
||||
#if defined(MBEDTLS_GENPRIME)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
|
||||
#endif /* MBEDTLS_GENPRIME */
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
|
||||
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
|
||||
#define PSA_WANT_ALG_SHA_1 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
|
||||
#define PSA_WANT_ALG_SHA_224 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
|
||||
#define PSA_WANT_ALG_SHA_256 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
|
||||
#define PSA_WANT_ALG_SHA_384 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
|
||||
#define PSA_WANT_ALG_SHA_512 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA3_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1
|
||||
#define PSA_WANT_ALG_SHA3_224 1
|
||||
#define PSA_WANT_ALG_SHA3_256 1
|
||||
#define PSA_WANT_ALG_SHA3_384 1
|
||||
#define PSA_WANT_ALG_SHA3_512 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#define PSA_WANT_KEY_TYPE_AES 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
#define PSA_WANT_KEY_TYPE_ARIA 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
#define PSA_WANT_KEY_TYPE_CAMELLIA 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
#define PSA_WANT_KEY_TYPE_DES 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
|
||||
#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHACHA20_C)
|
||||
#define PSA_WANT_KEY_TYPE_CHACHA20 1
|
||||
#define PSA_WANT_ALG_STREAM_CIPHER 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
#define PSA_WANT_ALG_CHACHA20_POLY1305 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
|
||||
#define PSA_WANT_ALG_CBC_NO_PADDING 1
|
||||
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
|
||||
#define PSA_WANT_ALG_CBC_PKCS7 1
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
|
||||
defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
|
||||
#define PSA_WANT_ALG_ECB_NO_PADDING 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
|
||||
#define PSA_WANT_ALG_CFB 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
|
||||
#define PSA_WANT_ALG_CTR 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_OFB)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
|
||||
#define PSA_WANT_ALG_OFB 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
|
||||
#define PSA_WANT_ECC_MONTGOMERY_255 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
|
||||
#define PSA_WANT_ECC_MONTGOMERY_448 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
|
||||
#define PSA_WANT_ECC_SECP_R1_192 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
|
||||
#define PSA_WANT_ECC_SECP_R1_224 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
|
||||
#define PSA_WANT_ECC_SECP_R1_256 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
|
||||
#define PSA_WANT_ECC_SECP_R1_384 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
|
||||
#define PSA_WANT_ECC_SECP_R1_521 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
|
||||
#define PSA_WANT_ECC_SECP_K1_192 1
|
||||
#endif
|
||||
|
||||
/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
|
||||
#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
|
||||
#define PSA_WANT_ECC_SECP_K1_224 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
|
||||
#define PSA_WANT_ECC_SECP_K1_256 1
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H */
|
||||
73
include/mbedtls/config_adjust_psa_superset_legacy.h
Normal file
73
include/mbedtls/config_adjust_psa_superset_legacy.h
Normal file
|
|
@ -0,0 +1,73 @@
|
|||
/**
|
||||
* \file mbedtls/config_adjust_psa_superset_legacy.h
|
||||
* \brief Adjust PSA configuration: automatic enablement from legacy
|
||||
*
|
||||
* To simplify some edge cases, we automatically enable certain cryptographic
|
||||
* mechanisms in the PSA API if they are enabled in the legacy API. The general
|
||||
* idea is that if legacy module M uses mechanism A internally, and A has
|
||||
* both a legacy and a PSA implementation, we enable A through PSA whenever
|
||||
* it's enabled through legacy. This facilitates the transition to PSA
|
||||
* implementations of A for users of M.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
|
||||
#define MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
|
||||
|
||||
/****************************************************************/
|
||||
/* Hashes that are built in are also enabled in PSA.
|
||||
* This simplifies dependency declarations especially
|
||||
* for modules that obey MBEDTLS_USE_PSA_CRYPTO. */
|
||||
/****************************************************************/
|
||||
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
#define PSA_WANT_ALG_MD5 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
#define PSA_WANT_ALG_RIPEMD160 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
#define PSA_WANT_ALG_SHA_1 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
#define PSA_WANT_ALG_SHA_224 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#define PSA_WANT_ALG_SHA_256 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
#define PSA_WANT_ALG_SHA_384 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#define PSA_WANT_ALG_SHA_512 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA3_C)
|
||||
#define PSA_WANT_ALG_SHA3_224 1
|
||||
#define PSA_WANT_ALG_SHA3_256 1
|
||||
#define PSA_WANT_ALG_SHA3_384 1
|
||||
#define PSA_WANT_ALG_SHA3_512 1
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H */
|
||||
88
include/mbedtls/config_adjust_ssl.h
Normal file
88
include/mbedtls/config_adjust_ssl.h
Normal file
|
|
@ -0,0 +1,88 @@
|
|||
/**
|
||||
* \file mbedtls/config_adjust_ssl.h
|
||||
* \brief Adjust TLS configuration
|
||||
*
|
||||
* Automatically enable certain dependencies. Generally, MBEDLTS_xxx
|
||||
* configurations need to be explicitly enabled by the user: enabling
|
||||
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
|
||||
* compilation error. However, we do automatically enable certain options
|
||||
* in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
|
||||
* used to identify parts of a module that are used by other module, and we
|
||||
* don't want to make the symbol MBEDTLS_xxx_B part of the public API.
|
||||
* Another case is if A didn't depend on B in earlier versions, and we
|
||||
* want to use B in A but we need to preserve backward compatibility with
|
||||
* configurations that explicitly activate MBEDTLS_xxx_A but not
|
||||
* MBEDTLS_xxx_B.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_ADJUST_SSL_H
|
||||
#define MBEDTLS_CONFIG_ADJUST_SSL_H
|
||||
|
||||
/* The following blocks make it easier to disable all of TLS,
|
||||
* or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
|
||||
* key exchanges, options and extensions related to them. */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_TLS_C)
|
||||
#undef MBEDTLS_SSL_CLI_C
|
||||
#undef MBEDTLS_SSL_SRV_C
|
||||
#undef MBEDTLS_SSL_PROTO_TLS1_3
|
||||
#undef MBEDTLS_SSL_PROTO_TLS1_2
|
||||
#undef MBEDTLS_SSL_PROTO_DTLS
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
||||
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
||||
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
||||
#undef MBEDTLS_SSL_DTLS_SRTP
|
||||
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
||||
#undef MBEDTLS_SSL_RENEGOTIATION
|
||||
#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
||||
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
#undef MBEDTLS_SSL_EARLY_DATA
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
(defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
|
||||
#define MBEDTLS_SSL_TLS1_2_SOME_ECC
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */
|
||||
37
include/mbedtls/config_adjust_x509.h
Normal file
37
include/mbedtls/config_adjust_x509.h
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
/**
|
||||
* \file mbedtls/config_adjust_x509.h
|
||||
* \brief Adjust X.509 configuration
|
||||
*
|
||||
* Automatically enable certain dependencies. Generally, MBEDLTS_xxx
|
||||
* configurations need to be explicitly enabled by the user: enabling
|
||||
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
|
||||
* compilation error. However, we do automatically enable certain options
|
||||
* in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
|
||||
* used to identify parts of a module that are used by other module, and we
|
||||
* don't want to make the symbol MBEDTLS_xxx_B part of the public API.
|
||||
* Another case is if A didn't depend on B in earlier versions, and we
|
||||
* want to use B in A but we need to preserve backward compatibility with
|
||||
* configurations that explicitly activate MBEDTLS_xxx_A but not
|
||||
* MBEDTLS_xxx_B.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_ADJUST_X509_H
|
||||
#define MBEDTLS_CONFIG_ADJUST_X509_H
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_ADJUST_X509_H */
|
||||
File diff suppressed because it is too large
Load diff
33
include/psa/crypto_adjust_auto_enabled.h
Normal file
33
include/psa/crypto_adjust_auto_enabled.h
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
/**
|
||||
* \file psa/crypto_adjust_auto_enabled.h
|
||||
* \brief Adjust PSA configuration: enable always-on features
|
||||
*
|
||||
* Always enable certain features which require a negligible amount of code
|
||||
* to implement, to avoid some edge cases in the configuration combinatorics.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
|
||||
#define PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
|
||||
|
||||
#define PSA_WANT_KEY_TYPE_DERIVE 1
|
||||
#define PSA_WANT_KEY_TYPE_PASSWORD 1
|
||||
#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
|
||||
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
|
||||
|
||||
#endif /* PSA_CRYPTO_ADJUST_AUTO_ENABLED_H */
|
||||
57
include/psa/crypto_adjust_config_synonyms.h
Normal file
57
include/psa/crypto_adjust_config_synonyms.h
Normal file
|
|
@ -0,0 +1,57 @@
|
|||
/**
|
||||
* \file psa/crypto_adjust_config_synonyms.h
|
||||
* \brief Adjust PSA configuration: enable quasi-synonyms
|
||||
*
|
||||
* When two features require almost the same code, we automatically enable
|
||||
* both when either one is requested, to reduce the combinatorics of
|
||||
* possible configurations.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
|
||||
#define PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
|
||||
|
||||
/****************************************************************/
|
||||
/* De facto synonyms */
|
||||
/****************************************************************/
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
|
||||
#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
|
||||
#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
|
||||
#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && !defined(PSA_WANT_ALG_CCM)
|
||||
#define PSA_WANT_ALG_CCM PSA_WANT_ALG_CCM_STAR_NO_TAG
|
||||
#elif !defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && defined(PSA_WANT_ALG_CCM)
|
||||
#define PSA_WANT_ALG_CCM_STAR_NO_TAG PSA_WANT_ALG_CCM
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
|
||||
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
|
||||
#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
|
||||
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS)
|
||||
#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT
|
||||
#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS)
|
||||
#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS
|
||||
#endif
|
||||
|
||||
#endif /* PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H */
|
||||
|
|
@ -65,6 +65,7 @@ EOF
|
|||
mbedtls/mbedtls_config.h) :;; # not meant for direct inclusion
|
||||
mbedtls/config_*.h) :;; # not meant for direct inclusion
|
||||
psa/crypto_config.h) :;; # not meant for direct inclusion
|
||||
psa/crypto_ajdust_config*.h) :;; # not meant for direct inclusion
|
||||
# Some of the psa/crypto_*.h headers are not meant to be included
|
||||
# directly. They do have include guards that make them no-ops if
|
||||
# psa/crypto.h has been included before. Since psa/crypto.h comes
|
||||
|
|
|
|||
Loading…
Reference in a new issue