1 /**
2  * \file mbedtls/config_adjust_psa_superset_legacy.h
3  * \brief Adjust PSA configuration: automatic enablement from legacy
4  *
5  * To simplify some edge cases, we automatically enable certain cryptographic
6  * mechanisms in the PSA API if they are enabled in the legacy API. The general
7  * idea is that if legacy module M uses mechanism A internally, and A has
8  * both a legacy and a PSA implementation, we enable A through PSA whenever
9  * it's enabled through legacy. This facilitates the transition to PSA
10  * implementations of A for users of M.
11  */
12 /*
13  *  Copyright The Mbed TLS Contributors
14  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
15  */
16 
17 #ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
18 #define MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
19 
20 /****************************************************************/
21 /* Hashes that are built in are also enabled in PSA.
22  * This simplifies dependency declarations especially
23  * for modules that obey MBEDTLS_USE_PSA_CRYPTO. */
24 /****************************************************************/
25 
26 #if defined(MBEDTLS_MD5_C)
27 #define PSA_WANT_ALG_MD5 1
28 #endif
29 
30 #if defined(MBEDTLS_RIPEMD160_C)
31 #define PSA_WANT_ALG_RIPEMD160 1
32 #endif
33 
34 #if defined(MBEDTLS_SHA1_C)
35 #define PSA_WANT_ALG_SHA_1 1
36 #endif
37 
38 #if defined(MBEDTLS_SHA224_C)
39 #define PSA_WANT_ALG_SHA_224 1
40 #endif
41 
42 #if defined(MBEDTLS_SHA256_C)
43 #define PSA_WANT_ALG_SHA_256 1
44 #endif
45 
46 #if defined(MBEDTLS_SHA384_C)
47 #define PSA_WANT_ALG_SHA_384 1
48 #endif
49 
50 #if defined(MBEDTLS_SHA512_C)
51 #define PSA_WANT_ALG_SHA_512 1
52 #endif
53 
54 #if defined(MBEDTLS_SHA3_C)
55 #define PSA_WANT_ALG_SHA3_224 1
56 #define PSA_WANT_ALG_SHA3_256 1
57 #define PSA_WANT_ALG_SHA3_384 1
58 #define PSA_WANT_ALG_SHA3_512 1
59 #endif
60 
61 /* Ensure that the PSA's supported curves (PSA_WANT_ECC_xxx) are always a
62  * superset of the builtin ones (MBEDTLS_ECP_DP_xxx). */
63 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
64 #if !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
65 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
66 #endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
67 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
68 
69 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
70 #if !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
71 #define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
72 #endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
73 #endif /*MBEDTLS_ECP_DP_BP384R1_ENABLED  */
74 
75 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
76 #if !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
77 #define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
78 #endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
79 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
80 
81 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
82 #if !defined(PSA_WANT_ECC_MONTGOMERY_255)
83 #define PSA_WANT_ECC_MONTGOMERY_255 1
84 #endif /* PSA_WANT_ECC_MONTGOMERY_255 */
85 #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
86 
87 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
88 #if !defined(PSA_WANT_ECC_MONTGOMERY_448)
89 #define PSA_WANT_ECC_MONTGOMERY_448 1
90 #endif /* PSA_WANT_ECC_MONTGOMERY_448 */
91 #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
92 
93 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
94 #if !defined(PSA_WANT_ECC_SECP_R1_192)
95 #define PSA_WANT_ECC_SECP_R1_192 1
96 #endif /* PSA_WANT_ECC_SECP_R1_192 */
97 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
98 
99 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
100 #if !defined(PSA_WANT_ECC_SECP_R1_224)
101 #define PSA_WANT_ECC_SECP_R1_224 1
102 #endif /* PSA_WANT_ECC_SECP_R1_224 */
103 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
104 
105 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
106 #if !defined(PSA_WANT_ECC_SECP_R1_256)
107 #define PSA_WANT_ECC_SECP_R1_256 1
108 #endif /* PSA_WANT_ECC_SECP_R1_256 */
109 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
110 
111 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
112 #if !defined(PSA_WANT_ECC_SECP_R1_384)
113 #define PSA_WANT_ECC_SECP_R1_384 1
114 #endif /* PSA_WANT_ECC_SECP_R1_384 */
115 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
116 
117 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
118 #if !defined(PSA_WANT_ECC_SECP_R1_521)
119 #define PSA_WANT_ECC_SECP_R1_521 1
120 #endif /* PSA_WANT_ECC_SECP_R1_521 */
121 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
122 
123 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
124 #if !defined(PSA_WANT_ECC_SECP_K1_192)
125 #define PSA_WANT_ECC_SECP_K1_192 1
126 #endif /* PSA_WANT_ECC_SECP_K1_192 */
127 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
128 
129 /* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
130 #if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
131 #if !defined(PSA_WANT_ECC_SECP_K1_224)
132 #define PSA_WANT_ECC_SECP_K1_224 1
133 #endif /* PSA_WANT_ECC_SECP_K1_224 */
134 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
135 
136 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
137 #if !defined(PSA_WANT_ECC_SECP_K1_256)
138 #define PSA_WANT_ECC_SECP_K1_256 1
139 #endif /* PSA_WANT_ECC_SECP_K1_256 */
140 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
141 
142 #endif /* MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H */
143