2020-09-17 21:15:13 -07:00
|
|
|
/**
|
|
|
|
* \file psa/crypto_config.h
|
|
|
|
* \brief PSA crypto configuration options (set of defines)
|
|
|
|
*
|
2020-10-12 21:56:26 -07:00
|
|
|
*/
|
2020-10-12 21:42:03 -07:00
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
|
|
|
/**
|
2021-05-28 09:42:25 +02:00
|
|
|
* When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
|
2020-10-12 21:42:03 -07:00
|
|
|
* this file determines which cryptographic mechanisms are enabled
|
|
|
|
* through the PSA Cryptography API (\c psa_xxx() functions).
|
|
|
|
*
|
|
|
|
* To enable a cryptographic mechanism, uncomment the definition of
|
|
|
|
* the corresponding \c PSA_WANT_xxx preprocessor symbol.
|
|
|
|
* To disable a cryptographic mechanism, comment out the definition of
|
|
|
|
* the corresponding \c PSA_WANT_xxx preprocessor symbol.
|
|
|
|
* The names of cryptographic mechanisms correspond to values
|
|
|
|
* defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead
|
|
|
|
* of \c PSA_.
|
|
|
|
*
|
|
|
|
* Note that many cryptographic mechanisms involve two symbols: one for
|
|
|
|
* the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm
|
|
|
|
* (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve
|
|
|
|
* additional symbols.
|
2020-09-17 21:15:13 -07:00
|
|
|
*/
|
2020-10-12 21:42:03 -07:00
|
|
|
#else
|
|
|
|
/**
|
2021-05-28 09:42:25 +02:00
|
|
|
* When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h,
|
2020-10-12 21:42:03 -07:00
|
|
|
* this file is not used, and cryptographic mechanisms are supported
|
|
|
|
* through the PSA API if and only if they are supported through the
|
|
|
|
* mbedtls_xxx API.
|
|
|
|
*/
|
|
|
|
#endif
|
2020-09-17 21:15:13 -07:00
|
|
|
/*
|
|
|
|
* Copyright The Mbed TLS Contributors
|
2023-11-02 19:47:20 +00:00
|
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
2020-09-17 21:15:13 -07:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef PSA_CRYPTO_CONFIG_H
|
|
|
|
#define PSA_CRYPTO_CONFIG_H
|
|
|
|
|
2021-03-25 15:32:32 +01:00
|
|
|
/*
|
|
|
|
* CBC-MAC is not yet supported via the PSA API in Mbed TLS.
|
|
|
|
*/
|
|
|
|
//#define PSA_WANT_ALG_CBC_MAC 1
|
2021-01-15 11:40:25 -07:00
|
|
|
#define PSA_WANT_ALG_CBC_NO_PADDING 1
|
|
|
|
#define PSA_WANT_ALG_CBC_PKCS7 1
|
2021-03-18 13:40:31 +01:00
|
|
|
#define PSA_WANT_ALG_CCM 1
|
2022-12-15 22:16:00 +01:00
|
|
|
#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
|
2021-03-22 15:09:44 +01:00
|
|
|
#define PSA_WANT_ALG_CMAC 1
|
2021-01-15 11:40:25 -07:00
|
|
|
#define PSA_WANT_ALG_CFB 1
|
2021-02-16 12:57:27 -07:00
|
|
|
#define PSA_WANT_ALG_CHACHA20_POLY1305 1
|
|
|
|
#define PSA_WANT_ALG_CTR 1
|
2020-10-13 19:58:20 -07:00
|
|
|
#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
|
2021-01-15 11:40:25 -07:00
|
|
|
#define PSA_WANT_ALG_ECB_NO_PADDING 1
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-29 21:37:36 -07:00
|
|
|
#define PSA_WANT_ALG_ECDH 1
|
2023-04-28 13:20:16 +02:00
|
|
|
#define PSA_WANT_ALG_FFDH 1
|
2020-11-16 22:08:34 -08:00
|
|
|
#define PSA_WANT_ALG_ECDSA 1
|
2022-06-10 08:58:32 +02:00
|
|
|
#define PSA_WANT_ALG_JPAKE 1
|
2021-03-18 13:40:31 +01:00
|
|
|
#define PSA_WANT_ALG_GCM 1
|
Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.
For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.
The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-29 21:37:36 -07:00
|
|
|
#define PSA_WANT_ALG_HKDF 1
|
2022-06-03 14:05:07 +02:00
|
|
|
#define PSA_WANT_ALG_HKDF_EXTRACT 1
|
|
|
|
#define PSA_WANT_ALG_HKDF_EXPAND 1
|
2020-11-16 22:08:34 -08:00
|
|
|
#define PSA_WANT_ALG_HMAC 1
|
2020-11-27 08:43:28 -08:00
|
|
|
#define PSA_WANT_ALG_MD5 1
|
2021-01-15 11:40:25 -07:00
|
|
|
#define PSA_WANT_ALG_OFB 1
|
2023-05-03 11:35:50 +05:30
|
|
|
#define PSA_WANT_ALG_PBKDF2_HMAC 1
|
2023-06-27 10:39:47 +05:30
|
|
|
#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1
|
2020-11-27 08:43:28 -08:00
|
|
|
#define PSA_WANT_ALG_RIPEMD160 1
|
2020-11-16 22:08:34 -08:00
|
|
|
#define PSA_WANT_ALG_RSA_OAEP 1
|
2020-11-03 19:05:36 -08:00
|
|
|
#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
|
|
|
|
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
|
|
|
|
#define PSA_WANT_ALG_RSA_PSS 1
|
2020-11-27 08:43:28 -08:00
|
|
|
#define PSA_WANT_ALG_SHA_1 1
|
|
|
|
#define PSA_WANT_ALG_SHA_224 1
|
|
|
|
#define PSA_WANT_ALG_SHA_256 1
|
|
|
|
#define PSA_WANT_ALG_SHA_384 1
|
|
|
|
#define PSA_WANT_ALG_SHA_512 1
|
2023-06-26 11:11:23 +01:00
|
|
|
#define PSA_WANT_ALG_SHA3_224 1
|
2023-06-26 11:02:12 +01:00
|
|
|
#define PSA_WANT_ALG_SHA3_256 1
|
2023-06-26 11:11:23 +01:00
|
|
|
#define PSA_WANT_ALG_SHA3_384 1
|
|
|
|
#define PSA_WANT_ALG_SHA3_512 1
|
2021-01-15 11:40:25 -07:00
|
|
|
#define PSA_WANT_ALG_STREAM_CIPHER 1
|
2020-11-16 22:08:34 -08:00
|
|
|
#define PSA_WANT_ALG_TLS12_PRF 1
|
|
|
|
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
|
2022-07-29 10:00:16 -04:00
|
|
|
#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
|
|
|
|
|
2023-05-22 12:18:08 +02:00
|
|
|
/* XTS is not yet supported via the PSA API in Mbed TLS.
|
|
|
|
* Note: when adding support, also adjust include/mbedtls/config_psa.h */
|
2022-03-19 10:56:13 +01:00
|
|
|
//#define PSA_WANT_ALG_XTS 1
|
2021-02-16 14:06:50 +01:00
|
|
|
|
2021-03-16 10:44:22 -06:00
|
|
|
#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
|
|
|
|
#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
|
|
|
|
#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
|
2021-03-02 18:36:35 -07:00
|
|
|
#define PSA_WANT_ECC_MONTGOMERY_255 1
|
2021-06-08 11:40:10 +05:30
|
|
|
#define PSA_WANT_ECC_MONTGOMERY_448 1
|
2021-03-02 18:36:35 -07:00
|
|
|
#define PSA_WANT_ECC_SECP_K1_192 1
|
2021-03-25 15:09:47 +01:00
|
|
|
/*
|
|
|
|
* SECP224K1 is buggy via the PSA API in Mbed TLS
|
2022-03-31 14:07:01 +01:00
|
|
|
* (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
|
2021-03-25 15:09:47 +01:00
|
|
|
* default.
|
|
|
|
*/
|
2021-03-23 12:06:45 +01:00
|
|
|
//#define PSA_WANT_ECC_SECP_K1_224 1
|
2021-03-02 18:36:35 -07:00
|
|
|
#define PSA_WANT_ECC_SECP_K1_256 1
|
|
|
|
#define PSA_WANT_ECC_SECP_R1_192 1
|
|
|
|
#define PSA_WANT_ECC_SECP_R1_224 1
|
2023-09-20 20:54:50 +02:00
|
|
|
/* For secp256r1, consider enabling #MBEDTLS_PSA_P256M_DRIVER_ENABLED
|
|
|
|
* (see the description in mbedtls/mbedtls_config.h for details). */
|
2021-03-02 18:36:35 -07:00
|
|
|
#define PSA_WANT_ECC_SECP_R1_256 1
|
|
|
|
#define PSA_WANT_ECC_SECP_R1_384 1
|
|
|
|
#define PSA_WANT_ECC_SECP_R1_521 1
|
2021-02-19 14:12:27 -07:00
|
|
|
|
2021-01-12 00:01:16 +01:00
|
|
|
#define PSA_WANT_KEY_TYPE_DERIVE 1
|
2022-12-15 23:25:17 +01:00
|
|
|
#define PSA_WANT_KEY_TYPE_PASSWORD 1
|
|
|
|
#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
|
2021-01-12 00:00:15 +01:00
|
|
|
#define PSA_WANT_KEY_TYPE_HMAC 1
|
2021-01-15 11:40:25 -07:00
|
|
|
#define PSA_WANT_KEY_TYPE_AES 1
|
2021-10-08 15:48:16 +02:00
|
|
|
#define PSA_WANT_KEY_TYPE_ARIA 1
|
2021-01-15 11:40:25 -07:00
|
|
|
#define PSA_WANT_KEY_TYPE_CAMELLIA 1
|
2021-02-16 12:57:27 -07:00
|
|
|
#define PSA_WANT_KEY_TYPE_CHACHA20 1
|
2021-01-15 11:40:25 -07:00
|
|
|
#define PSA_WANT_KEY_TYPE_DES 1
|
2023-05-26 13:37:26 +02:00
|
|
|
//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */
|
2020-11-16 22:08:34 -08:00
|
|
|
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
2023-04-28 13:20:16 +02:00
|
|
|
#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
|
2021-02-16 14:06:50 +01:00
|
|
|
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
|
2023-05-26 13:37:26 +02:00
|
|
|
//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */
|
2020-11-03 19:05:36 -08:00
|
|
|
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
|
2020-09-17 21:15:13 -07:00
|
|
|
|
2023-05-26 13:37:26 +02:00
|
|
|
/*
|
|
|
|
* The following symbols extend and deprecate the legacy
|
|
|
|
* PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in
|
|
|
|
* the name's suffix. "_USE" is the most generic and it can be used to describe
|
|
|
|
* a generic suport, whereas other ones add more features on top of that and
|
|
|
|
* they are more specific.
|
|
|
|
*/
|
2023-06-15 11:53:08 +02:00
|
|
|
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
2023-05-26 13:37:26 +02:00
|
|
|
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
|
|
|
|
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
|
|
|
|
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
|
|
|
|
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
|
|
|
|
|
2023-06-15 11:53:08 +02:00
|
|
|
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
2023-05-26 13:37:26 +02:00
|
|
|
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
|
|
|
|
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
|
|
|
|
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
|
|
|
|
//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */
|
|
|
|
|
2023-06-15 11:53:08 +02:00
|
|
|
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
|
2023-05-26 13:37:26 +02:00
|
|
|
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
|
|
|
|
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
|
|
|
|
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
|
2023-06-06 14:10:15 +02:00
|
|
|
//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 /* Not supported */
|
2023-05-26 13:37:26 +02:00
|
|
|
|
2020-09-17 21:15:13 -07:00
|
|
|
#endif /* PSA_CRYPTO_CONFIG_H */
|