Mbed TLS v3.6.6
config_adjust_legacy_crypto.h
Go to the documentation of this file.
1 
19 /*
20  * Copyright The Mbed TLS Contributors
21  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
22  */
23 
24 #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
25 #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
26 
27 #if !defined(MBEDTLS_CONFIG_FILES_READ)
28 #error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
29  "up to and including runtime errors such as buffer overflows. " \
30  "If you're trying to fix a complaint from check_config.h, just remove " \
31  "it from your configuration file: since Mbed TLS 3.0, it is included " \
32  "automatically at the right point."
33 #endif /* */
34 
35 /* Ideally, we'd set those as defaults in mbedtls_config.h, but
36  * putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py.
37  *
38  * So, adjust it here.
39  * Not related to crypto, but this is the bottom of the stack. */
40 #if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
41 #if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
42  !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
43 #define MBEDTLS_PLATFORM_SNPRINTF_ALT
44 #endif
45 #if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
46  !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
47 #define MBEDTLS_PLATFORM_VSNPRINTF_ALT
48 #endif
49 #endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
50 
51 /* The number of "true" entropy sources (excluding NV seed).
52  * This must be consistent with mbedtls_entropy_init() in entropy.c.
53  */
54 /* Define auxiliary macros, because in standard C, defined(xxx) is only
55  * allowed directly on an #if or #elif line, not in recursive expansion. */
56 #if defined(MBEDTLS_NO_PLATFORM_ENTROPY)
57 #define MBEDTLS_PLATFORM_ENTROPY_ENABLED 0
58 #else
59 #define MBEDTLS_PLATFORM_ENTROPY_ENABLED 1
60 #endif
61 #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
62 #define MBEDTLS_ENTROPY_HARDWARE_ALT_DEFINED 1
63 #else
64 #define MBEDTLS_ENTROPY_HARDWARE_ALT_DEFINED 0
65 #endif
66 
67 #define MBEDTLS_ENTROPY_TRUE_SOURCES ( \
68  MBEDTLS_ENTROPY_HARDWARE_ALT_DEFINED + \
69  MBEDTLS_PLATFORM_ENTROPY_ENABLED + \
70  0)
71 
72 /* Whether there is at least one entropy source for the entropy module.
73  *
74  * Note that when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, the entropy
75  * module is unused and the configuration will typically not include any
76  * entropy source, so this macro will typically remain undefined.
77  */
78 #if defined(MBEDTLS_ENTROPY_NV_SEED)
79 #define MBEDTLS_ENTROPY_HAVE_SOURCES (MBEDTLS_ENTROPY_TRUE_SOURCES + 1)
80 #elif MBEDTLS_ENTROPY_TRUE_SOURCES != 0
81 #define MBEDTLS_ENTROPY_HAVE_SOURCES MBEDTLS_ENTROPY_TRUE_SOURCES
82 #else
83 #undef MBEDTLS_ENTROPY_HAVE_SOURCES
84 #endif
85 
86 /* Test function dependencies can only check with defined(),
87  * not other preprocessor expressions. */
88 #if MBEDTLS_ENTROPY_TRUE_SOURCES > 0
89 #define MBEDTLS_ENTROPY_HAVE_TRUE_SOURCES
90 #else
91 #undef MBEDTLS_ENTROPY_HAVE_TRUE_SOURCES
92 #endif
93 
94 /* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
95  * is defined as well to include all PSA code.
96  */
97 #if defined(MBEDTLS_PSA_CRYPTO_C)
98 #define MBEDTLS_PSA_CRYPTO_CLIENT
99 #endif /* MBEDTLS_PSA_CRYPTO_C */
100 
101 /* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin
102  * in PSA. */
103 #if defined(MBEDTLS_PSA_CRYPTO_C) && \
104  (defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \
105  defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
106  defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
107  defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
108  defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
109  defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
110  defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
111  defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG) || \
112  defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC))
113 #define MBEDTLS_CIPHER_C
114 #endif
115 
116 /* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
117  * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
118  */
119 #if defined(MBEDTLS_MD_C)
120 #define MBEDTLS_MD_LIGHT
121 #endif
122 
123 /* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
124  * in a previous release, to ensure backwards compatibility.
125  */
126 #if defined(MBEDTLS_ECJPAKE_C) || \
127  defined(MBEDTLS_PEM_PARSE_C) || \
128  defined(MBEDTLS_ENTROPY_C) || \
129  defined(MBEDTLS_PK_C) || \
130  defined(MBEDTLS_PKCS12_C) || \
131  defined(MBEDTLS_RSA_C) || \
132  defined(MBEDTLS_SSL_TLS_C) || \
133  defined(MBEDTLS_X509_USE_C) || \
134  defined(MBEDTLS_X509_CREATE_C)
135 #define MBEDTLS_MD_LIGHT
136 #endif
137 
138 #if defined(MBEDTLS_MD_LIGHT)
139 /*
140  * - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
141  * - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
142  * (see below).
143  * - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
144  * via PSA (see below).
145  * - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
146  * via a direct legacy call (see below).
147  *
148  * The md module performs an algorithm via PSA if there is a PSA hash
149  * accelerator and the PSA driver subsytem is initialized at the time the
150  * operation is started, and makes a direct legacy call otherwise.
151  */
152 
153 /* PSA accelerated implementations */
154 #if defined(MBEDTLS_PSA_CRYPTO_C)
155 
156 #if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
157 #define MBEDTLS_MD_CAN_MD5
158 #define MBEDTLS_MD_MD5_VIA_PSA
159 #define MBEDTLS_MD_SOME_PSA
160 #endif
161 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
162 #define MBEDTLS_MD_CAN_SHA1
163 #define MBEDTLS_MD_SHA1_VIA_PSA
164 #define MBEDTLS_MD_SOME_PSA
165 #endif
166 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
167 #define MBEDTLS_MD_CAN_SHA224
168 #define MBEDTLS_MD_SHA224_VIA_PSA
169 #define MBEDTLS_MD_SOME_PSA
170 #endif
171 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
172 #define MBEDTLS_MD_CAN_SHA256
173 #define MBEDTLS_MD_SHA256_VIA_PSA
174 #define MBEDTLS_MD_SOME_PSA
175 #endif
176 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
177 #define MBEDTLS_MD_CAN_SHA384
178 #define MBEDTLS_MD_SHA384_VIA_PSA
179 #define MBEDTLS_MD_SOME_PSA
180 #endif
181 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
182 #define MBEDTLS_MD_CAN_SHA512
183 #define MBEDTLS_MD_SHA512_VIA_PSA
184 #define MBEDTLS_MD_SOME_PSA
185 #endif
186 #if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
187 #define MBEDTLS_MD_CAN_RIPEMD160
188 #define MBEDTLS_MD_RIPEMD160_VIA_PSA
189 #define MBEDTLS_MD_SOME_PSA
190 #endif
191 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
192 #define MBEDTLS_MD_CAN_SHA3_224
193 #define MBEDTLS_MD_SHA3_224_VIA_PSA
194 #define MBEDTLS_MD_SOME_PSA
195 #endif
196 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
197 #define MBEDTLS_MD_CAN_SHA3_256
198 #define MBEDTLS_MD_SHA3_256_VIA_PSA
199 #define MBEDTLS_MD_SOME_PSA
200 #endif
201 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
202 #define MBEDTLS_MD_CAN_SHA3_384
203 #define MBEDTLS_MD_SHA3_384_VIA_PSA
204 #define MBEDTLS_MD_SOME_PSA
205 #endif
206 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
207 #define MBEDTLS_MD_CAN_SHA3_512
208 #define MBEDTLS_MD_SHA3_512_VIA_PSA
209 #define MBEDTLS_MD_SOME_PSA
210 #endif
211 
212 #elif defined(MBEDTLS_PSA_CRYPTO_CLIENT)
213 
214 #if defined(PSA_WANT_ALG_MD5)
215 #define MBEDTLS_MD_CAN_MD5
216 #define MBEDTLS_MD_MD5_VIA_PSA
217 #define MBEDTLS_MD_SOME_PSA
218 #endif
219 #if defined(PSA_WANT_ALG_SHA_1)
220 #define MBEDTLS_MD_CAN_SHA1
221 #define MBEDTLS_MD_SHA1_VIA_PSA
222 #define MBEDTLS_MD_SOME_PSA
223 #endif
224 #if defined(PSA_WANT_ALG_SHA_224)
225 #define MBEDTLS_MD_CAN_SHA224
226 #define MBEDTLS_MD_SHA224_VIA_PSA
227 #define MBEDTLS_MD_SOME_PSA
228 #endif
229 #if defined(PSA_WANT_ALG_SHA_256)
230 #define MBEDTLS_MD_CAN_SHA256
231 #define MBEDTLS_MD_SHA256_VIA_PSA
232 #define MBEDTLS_MD_SOME_PSA
233 #endif
234 #if defined(PSA_WANT_ALG_SHA_384)
235 #define MBEDTLS_MD_CAN_SHA384
236 #define MBEDTLS_MD_SHA384_VIA_PSA
237 #define MBEDTLS_MD_SOME_PSA
238 #endif
239 #if defined(PSA_WANT_ALG_SHA_512)
240 #define MBEDTLS_MD_CAN_SHA512
241 #define MBEDTLS_MD_SHA512_VIA_PSA
242 #define MBEDTLS_MD_SOME_PSA
243 #endif
244 #if defined(PSA_WANT_ALG_RIPEMD160)
245 #define MBEDTLS_MD_CAN_RIPEMD160
246 #define MBEDTLS_MD_RIPEMD160_VIA_PSA
247 #define MBEDTLS_MD_SOME_PSA
248 #endif
249 #if defined(PSA_WANT_ALG_SHA3_224)
250 #define MBEDTLS_MD_CAN_SHA3_224
251 #define MBEDTLS_MD_SHA3_224_VIA_PSA
252 #define MBEDTLS_MD_SOME_PSA
253 #endif
254 #if defined(PSA_WANT_ALG_SHA3_256)
255 #define MBEDTLS_MD_CAN_SHA3_256
256 #define MBEDTLS_MD_SHA3_256_VIA_PSA
257 #define MBEDTLS_MD_SOME_PSA
258 #endif
259 #if defined(PSA_WANT_ALG_SHA3_384)
260 #define MBEDTLS_MD_CAN_SHA3_384
261 #define MBEDTLS_MD_SHA3_384_VIA_PSA
262 #define MBEDTLS_MD_SOME_PSA
263 #endif
264 #if defined(PSA_WANT_ALG_SHA3_512)
265 #define MBEDTLS_MD_CAN_SHA3_512
266 #define MBEDTLS_MD_SHA3_512_VIA_PSA
267 #define MBEDTLS_MD_SOME_PSA
268 #endif
269 
270 #endif /* !MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
271 
272 /* Built-in implementations */
273 #if defined(MBEDTLS_MD5_C)
274 #define MBEDTLS_MD_CAN_MD5
275 #define MBEDTLS_MD_SOME_LEGACY
276 #endif
277 #if defined(MBEDTLS_SHA1_C)
278 #define MBEDTLS_MD_CAN_SHA1
279 #define MBEDTLS_MD_SOME_LEGACY
280 #endif
281 #if defined(MBEDTLS_SHA224_C)
282 #define MBEDTLS_MD_CAN_SHA224
283 #define MBEDTLS_MD_SOME_LEGACY
284 #endif
285 #if defined(MBEDTLS_SHA256_C)
286 #define MBEDTLS_MD_CAN_SHA256
287 #define MBEDTLS_MD_SOME_LEGACY
288 #endif
289 #if defined(MBEDTLS_SHA384_C)
290 #define MBEDTLS_MD_CAN_SHA384
291 #define MBEDTLS_MD_SOME_LEGACY
292 #endif
293 #if defined(MBEDTLS_SHA512_C)
294 #define MBEDTLS_MD_CAN_SHA512
295 #define MBEDTLS_MD_SOME_LEGACY
296 #endif
297 #if defined(MBEDTLS_SHA3_C)
298 #define MBEDTLS_MD_CAN_SHA3_224
299 #define MBEDTLS_MD_CAN_SHA3_256
300 #define MBEDTLS_MD_CAN_SHA3_384
301 #define MBEDTLS_MD_CAN_SHA3_512
302 #define MBEDTLS_MD_SOME_LEGACY
303 #endif
304 #if defined(MBEDTLS_RIPEMD160_C)
305 #define MBEDTLS_MD_CAN_RIPEMD160
306 #define MBEDTLS_MD_SOME_LEGACY
307 #endif
308 
309 #endif /* MBEDTLS_MD_LIGHT */
310 
311 /* BLOCK_CIPHER module can dispatch to PSA when:
312  * - PSA is enabled and drivers have been initialized
313  * - desired key type is supported on the PSA side
314  * If the above conditions are not met, but the legacy support is enabled, then
315  * BLOCK_CIPHER will dynamically fallback to it.
316  *
317  * In case BLOCK_CIPHER is defined (see below) the following symbols/helpers
318  * can be used to define its capabilities:
319  * - MBEDTLS_BLOCK_CIPHER_SOME_PSA: there is at least 1 key type between AES,
320  * ARIA and Camellia which is supported through a driver;
321  * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_PSA: xxx key type is supported through a
322  * driver;
323  * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_LEGACY: xxx key type is supported through
324  * a legacy module (i.e. MBEDTLS_xxx_C)
325  */
326 #if defined(MBEDTLS_PSA_CRYPTO_C)
327 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
328 #define MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA
329 #define MBEDTLS_BLOCK_CIPHER_SOME_PSA
330 #endif
331 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
332 #define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA
333 #define MBEDTLS_BLOCK_CIPHER_SOME_PSA
334 #endif
335 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
336 #define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA
337 #define MBEDTLS_BLOCK_CIPHER_SOME_PSA
338 #endif
339 #endif /* MBEDTLS_PSA_CRYPTO_C */
340 
341 #if defined(MBEDTLS_AES_C)
342 #define MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY
343 #endif
344 #if defined(MBEDTLS_ARIA_C)
345 #define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY
346 #endif
347 #if defined(MBEDTLS_CAMELLIA_C)
348 #define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY
349 #endif
350 
351 /* Helpers to state that BLOCK_CIPHER module supports AES, ARIA and/or Camellia
352  * block ciphers via either PSA or legacy. */
353 #if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) || \
354  defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY)
355 #define MBEDTLS_BLOCK_CIPHER_CAN_AES
356 #endif
357 #if defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA) || \
358  defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY)
359 #define MBEDTLS_BLOCK_CIPHER_CAN_ARIA
360 #endif
361 #if defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA) || \
362  defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY)
363 #define MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA
364 #endif
365 
366 /* GCM_C and CCM_C can either depend on (in order of preference) BLOCK_CIPHER_C
367  * or CIPHER_C. The former is auto-enabled when:
368  * - CIPHER_C is not defined, which is also the legacy solution;
369  * - BLOCK_CIPHER_SOME_PSA because in this case BLOCK_CIPHER can take advantage
370  * of the driver's acceleration.
371  */
372 #if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \
373  (!defined(MBEDTLS_CIPHER_C) || defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA))
374 #define MBEDTLS_BLOCK_CIPHER_C
375 #endif
376 
377 /* Helpers for GCM/CCM capabilities */
378 #if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_AES_C)) || \
379  (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_AES))
380 #define MBEDTLS_CCM_GCM_CAN_AES
381 #endif
382 
383 #if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_ARIA_C)) || \
384  (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA))
385 #define MBEDTLS_CCM_GCM_CAN_ARIA
386 #endif
387 
388 #if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_CAMELLIA_C)) || \
389  (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA))
390 #define MBEDTLS_CCM_GCM_CAN_CAMELLIA
391 #endif
392 
393 /* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
394  * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
395  * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
396  * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
397  * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
398  * these features are not supported in PSA so the only way to have them is
399  * to enable the built-in solution.
400  * Both of them are temporary dependencies:
401  * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
402  * - support for compressed points should also be added to PSA, but in this
403  * case there is no associated issue to track it yet.
404  * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
405  * still depends on ECP_LIGHT.
406  * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
407  * be fixed by #7453.
408  */
409 #if defined(MBEDTLS_ECP_C) || \
410  defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
411  defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
412  defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
413 #define MBEDTLS_ECP_LIGHT
414 #endif
415 
416 /* Backward compatibility: after #8740 the RSA module offers functions to parse
417  * and write RSA private/public keys without relying on the PK one. Of course
418  * this needs ASN1 support to do so, so we enable it here. */
419 #if defined(MBEDTLS_RSA_C)
420 #define MBEDTLS_ASN1_PARSE_C
421 #define MBEDTLS_ASN1_WRITE_C
422 #endif
423 
424 /* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while
425  * in previous version compressed points were automatically supported as long
426  * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
427  * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
428  * are met. */
429 #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
430 #define MBEDTLS_PK_PARSE_EC_COMPRESSED
431 #endif
432 
433 /* Helper symbol to state that there is support for ECDH, either through
434  * library implementation (ECDH_C) or through PSA. */
435 #if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
436  (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
437 #define MBEDTLS_CAN_ECDH
438 #endif
439 
440 /* PK module can achieve ECDSA functionalities by means of either software
441  * implementations (ECDSA_C) or through a PSA driver. The following defines
442  * are meant to list these capabilities in a general way which abstracts how
443  * they are implemented under the hood. */
444 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
445 #if defined(MBEDTLS_ECDSA_C)
446 #define MBEDTLS_PK_CAN_ECDSA_SIGN
447 #define MBEDTLS_PK_CAN_ECDSA_VERIFY
448 #endif /* MBEDTLS_ECDSA_C */
449 #else /* MBEDTLS_USE_PSA_CRYPTO */
450 #if defined(PSA_WANT_ALG_ECDSA)
451 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
452 #define MBEDTLS_PK_CAN_ECDSA_SIGN
453 #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
454 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
455 #define MBEDTLS_PK_CAN_ECDSA_VERIFY
456 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
457 #endif /* PSA_WANT_ALG_ECDSA */
458 #endif /* MBEDTLS_USE_PSA_CRYPTO */
459 
460 #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
461 #define MBEDTLS_PK_CAN_ECDSA_SOME
462 #endif
463 
464 /* Helpers to state that each key is supported either on the builtin or PSA side. */
465 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
466 #define MBEDTLS_ECP_HAVE_SECP521R1
467 #endif
468 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
469 #define MBEDTLS_ECP_HAVE_BP512R1
470 #endif
471 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
472 #define MBEDTLS_ECP_HAVE_CURVE448
473 #endif
474 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
475 #define MBEDTLS_ECP_HAVE_BP384R1
476 #endif
477 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
478 #define MBEDTLS_ECP_HAVE_SECP384R1
479 #endif
480 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
481 #define MBEDTLS_ECP_HAVE_BP256R1
482 #endif
483 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
484 #define MBEDTLS_ECP_HAVE_SECP256K1
485 #endif
486 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
487 #define MBEDTLS_ECP_HAVE_SECP256R1
488 #endif
489 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
490 #define MBEDTLS_ECP_HAVE_CURVE25519
491 #endif
492 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
493 #define MBEDTLS_ECP_HAVE_SECP224K1
494 #endif
495 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
496 #define MBEDTLS_ECP_HAVE_SECP224R1
497 #endif
498 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
499 #define MBEDTLS_ECP_HAVE_SECP192K1
500 #endif
501 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
502 #define MBEDTLS_ECP_HAVE_SECP192R1
503 #endif
504 
505 /* Helper symbol to state that the PK module has support for EC keys. This
506  * can either be provided through the legacy ECP solution or through the
507  * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
508 #if defined(MBEDTLS_ECP_C) || \
509  (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
510 #define MBEDTLS_PK_HAVE_ECC_KEYS
511 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
512 
513 /* Historically pkparse did not check the CBC padding when decrypting
514  * a key. This was a bug, which is now fixed. As a consequence, pkparse
515  * now needs PKCS7 padding support, but existing configurations might not
516  * enable it, so we enable it here. */
517 #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
518 #define MBEDTLS_CIPHER_PADDING_PKCS7
519 #endif
520 
521 /* Backwards compatibility for some macros which were renamed to reflect that
522  * they are related to Armv8, not aarch64. */
523 #if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
524  !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
525 #define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
526 #endif
527 #if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
528 #define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
529 #endif
530 
531 /* psa_util file features some ECDSA conversion functions, to convert between
532  * legacy's ASN.1 DER format and PSA's raw one. */
533 #if (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
534  (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
535 #define MBEDTLS_PSA_UTIL_HAVE_ECDSA
536 #endif
537 
538 /* Some internal helpers to determine which keys are available. */
539 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
540  (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
541 #define MBEDTLS_SSL_HAVE_AES
542 #endif
543 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \
544  (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA))
545 #define MBEDTLS_SSL_HAVE_ARIA
546 #endif
547 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \
548  (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA))
549 #define MBEDTLS_SSL_HAVE_CAMELLIA
550 #endif
551 
552 /* Some internal helpers to determine which operation modes are available. */
553 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \
554  (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING))
555 #define MBEDTLS_SSL_HAVE_CBC
556 #endif
557 
558 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \
559  (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
560 #define MBEDTLS_SSL_HAVE_GCM
561 #endif
562 
563 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \
564  (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
565 #define MBEDTLS_SSL_HAVE_CCM
566 #endif
567 
568 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \
569  (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
570 #define MBEDTLS_SSL_HAVE_CHACHAPOLY
571 #endif
572 
573 #if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \
574  defined(MBEDTLS_SSL_HAVE_CHACHAPOLY)
575 #define MBEDTLS_SSL_HAVE_AEAD
576 #endif
577 
578 #endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */
Generated on Tue Apr 28 2026 20:43:39 for Mbed TLS v3.6.6 by   doxygen 1.8.10