/** * Internal macros to express dependencies for code and tests * that may use either the legacy API or PSA in various builds. * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* * These macros are for code that wants to use and will do so * using or PSA depending on , where: * - will generally be an algorithm (SHA-256, ECDH) but may * also be a key type (AES, RSA, EC) or domain parameters (elliptic curve); * - will be either: * - low-level module API (aes.h, sha256.h), or * - an abstraction layer (md.h, cipher.h); * - will be either: * - depending on what's available in the build, or * - depending on whether MBEDTLS_USE_PSA_CRYPTO is defined. * * Examples: * - TLS 1.2 will compute hashes using either mbedtls_md_xxx() (and * mbedtls_sha256_xxx()) or psa_aead_xxx() depending on whether * MBEDTLS_USE_PSA_CRYPTO is defined; * - RSA PKCS#1 v2.1 will, in the near future*, compute hashes (for padding) * using either `mbedtls_md()` if it's available, or `psa_hash_compute()` * otherwise; * - PEM decoding of PEM-encrypted keys will, in the near future*, compute MD5 * hashes using either `mbedtls_md5_xxx()` if it's available, or * `psa_hash_xxx()` otherwise. * *See docs/architecture/psa-migration/strategy.md, section "Supporting * builds with drivers without the software implementation", strategy for step * 1 (libmbedcrypto except the RNG subsystem). * * Note: the macros are essential to express test dependencies. Inside code, * we could instead just use the equivalent pre-processor condition, but * that's not possible in test dependencies where we need a single macro. * Hopefully, using these macros in code will also help with consistency. * * The naming scheme for these macros is: * MBEDTLS_HAS_feature_VIA_legacy_OR_PSA(_condition) * where: * - feature is expressed the same way as in PSA_WANT macros, for example: * KEY_TYPE_AES, ALG_SHA_256, ECC_SECP_R1_256; * - legacy is either LOWLEVEL or the name of the layer: MD, CIPHER; * - condition is omitted if it's based on availability, else it's * BASED_ON_USE_PSA. * * Coming back to the examples above: * - TLS 1.2 will determine if it can use SHA-256 using * MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA * for the purposes of negotiation, and in test dependencies; * - RSA PKCS#1 v2.1 tests that used SHA-256 will depend on * MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA * - PEM decoding code and its associated tests will depend on * MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA * * Note: every time it's possible to use, say SHA-256, via the MD API, then * it's also possible to used it via the low-level API. So, code that wants to * use SHA-256 via both APIs only needs to depend on the MD macro. Also, it * just so happens that all the choosing which API to use based on * MBEDTLS_USE_PSA_CRYPTO (X.509, TLS 1.2/shared), always uses the abstraction * layer (sometimes in addition to the low-level API), so we don't need the * MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA_BASED_ON_USE_PSA macros. * (PK, while obeying MBEDTLS_USE_PSA_CRYPTO, doesn't compute hashes itself, * even less makes use of ciphers.) * * Note: the macros MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA are the minimal * condition for being able to use at all. As such, they should be * used for guarding data about , such as OIDs or size. For example, * OID values related to SHA-256 are only useful when SHA-256 can be used at * least in some way. */ #ifndef MBEDTLS_OR_PSA_HELPERS_H #define MBEDTLS_OR_PSA_HELPERS_H #include "common.h" /* * Hashes */ /* Hashes using low-level or PSA based on availability */ #if defined(MBEDTLS_MD5_C) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) ) #define MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA #endif #if defined(MBEDTLS_RIPEMD160_C) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) ) #define MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA #endif #if defined(MBEDTLS_SHA1_C) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) ) #define MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA #endif #if defined(MBEDTLS_SHA224_C) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) ) #define MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA #endif #if defined(MBEDTLS_SHA256_C) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) ) #define MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA #endif #if defined(MBEDTLS_SHA384_C) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) ) #define MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA #endif #if defined(MBEDTLS_SHA512_C) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) ) #define MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA #endif /* Hashes using MD or PSA based on availability */ #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) ) #define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA #endif #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) ) #define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA #endif #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) ) #define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA #endif #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) ) #define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA #endif #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) ) #define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA #endif #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) ) #define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA #endif #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \ ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) ) #define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA #endif /* Hashes using MD or PSA based on MBEDTLS_USE_PSA_CRYPTO */ #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) || \ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_MD5) ) #define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA #endif #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) || \ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_RIPEMD160) ) #define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA #endif #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) ) #define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA #endif #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) ) #define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA #endif #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) ) #define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA #endif #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) ) #define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA #endif #if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) ) #define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA #endif #endif /* MBEDTLS_OR_PSA_HELPERS_H */