mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-09 19:14:02 +00:00
bc3f917fb3
Don't list mechanisms that are not implemented in `include/psa/crypto_config.h`, even commented out. Uncommenting them wouldn't help anyway: they don't work. Having them listed, even commented out, causes `find_dependencies_not_implemented()` in `psa_test_case.py` to consider those mechanisms to be implemented, and thus causes `generate_psa_tests.py` to generate test cases that cannot be executed. The affected mechanisms are: * `PSA_ALG_CBC_MAC` (`PSA_WANT_ALG_CBC_MAC`) * `PSA_ALG_XTS` (`PSA_WANT_ALG_XTS`) * `PSA_ECC_FAMILY_SECP_K1` 224-bit (`PSA_WANT_ECC_SECP_K1_224`) Also remove the affected mechanisms from configuration adjustment files, since that is code that can never be triggered. There were already no generated test cases for SECP224K1 because `PSA_WANT_ECC_SECP_K1_224` was already detected as a dependency that cannot be implemented, because that is not a valid size: PSA defines SECP224K1 as 225-bit, and `crypto_knowledge.py` follows suite, so `generate_psa_tests.py` saw `PSA_WANT_ECC_SECP_K1_225` in its enumeration but skipped it because it was never mentioned in `crypto_config.h`. This causes generated PSA tests to no longer include positive test cases for `PSA_ALG_CBC_MAC` and `PSA_ALG_XTS`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
146 lines
6.3 KiB
C
146 lines
6.3 KiB
C
/**
|
|
* \file psa/crypto_config.h
|
|
* \brief PSA crypto configuration options (set of defines)
|
|
*
|
|
*/
|
|
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
|
/**
|
|
* When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
|
|
* this file determines which cryptographic mechanisms are enabled
|
|
* through the PSA Cryptography API (\c psa_xxx() functions).
|
|
*
|
|
* To enable a cryptographic mechanism, uncomment the definition of
|
|
* the corresponding \c PSA_WANT_xxx preprocessor symbol.
|
|
* To disable a cryptographic mechanism, comment out the definition of
|
|
* the corresponding \c PSA_WANT_xxx preprocessor symbol.
|
|
* The names of cryptographic mechanisms correspond to values
|
|
* defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead
|
|
* of \c PSA_.
|
|
*
|
|
* Note that many cryptographic mechanisms involve two symbols: one for
|
|
* the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm
|
|
* (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve
|
|
* additional symbols.
|
|
*/
|
|
#else
|
|
/**
|
|
* When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h,
|
|
* this file is not used, and cryptographic mechanisms are supported
|
|
* through the PSA API if and only if they are supported through the
|
|
* mbedtls_xxx API.
|
|
*/
|
|
#endif
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
*/
|
|
|
|
#ifndef PSA_CRYPTO_CONFIG_H
|
|
#define PSA_CRYPTO_CONFIG_H
|
|
|
|
#define PSA_WANT_ALG_CBC_NO_PADDING 1
|
|
#define PSA_WANT_ALG_CBC_PKCS7 1
|
|
#define PSA_WANT_ALG_CCM 1
|
|
#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
|
|
#define PSA_WANT_ALG_CMAC 1
|
|
#define PSA_WANT_ALG_CFB 1
|
|
#define PSA_WANT_ALG_CHACHA20_POLY1305 1
|
|
#define PSA_WANT_ALG_CTR 1
|
|
#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
|
|
#define PSA_WANT_ALG_ECB_NO_PADDING 1
|
|
#define PSA_WANT_ALG_ECDH 1
|
|
#define PSA_WANT_ALG_FFDH 1
|
|
#define PSA_WANT_ALG_ECDSA 1
|
|
#define PSA_WANT_ALG_JPAKE 1
|
|
#define PSA_WANT_ALG_GCM 1
|
|
#define PSA_WANT_ALG_HKDF 1
|
|
#define PSA_WANT_ALG_HKDF_EXTRACT 1
|
|
#define PSA_WANT_ALG_HKDF_EXPAND 1
|
|
#define PSA_WANT_ALG_HMAC 1
|
|
#define PSA_WANT_ALG_MD5 1
|
|
#define PSA_WANT_ALG_OFB 1
|
|
#define PSA_WANT_ALG_PBKDF2_HMAC 1
|
|
#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1
|
|
#define PSA_WANT_ALG_RIPEMD160 1
|
|
#define PSA_WANT_ALG_RSA_OAEP 1
|
|
#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
|
|
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
|
|
#define PSA_WANT_ALG_RSA_PSS 1
|
|
#define PSA_WANT_ALG_SHA_1 1
|
|
#define PSA_WANT_ALG_SHA_224 1
|
|
#define PSA_WANT_ALG_SHA_256 1
|
|
#define PSA_WANT_ALG_SHA_384 1
|
|
#define PSA_WANT_ALG_SHA_512 1
|
|
#define PSA_WANT_ALG_SHA3_224 1
|
|
#define PSA_WANT_ALG_SHA3_256 1
|
|
#define PSA_WANT_ALG_SHA3_384 1
|
|
#define PSA_WANT_ALG_SHA3_512 1
|
|
#define PSA_WANT_ALG_STREAM_CIPHER 1
|
|
#define PSA_WANT_ALG_TLS12_PRF 1
|
|
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
|
|
#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
|
|
|
|
#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
|
|
#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
|
|
#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
|
|
#define PSA_WANT_ECC_MONTGOMERY_255 1
|
|
#define PSA_WANT_ECC_MONTGOMERY_448 1
|
|
#define PSA_WANT_ECC_SECP_K1_192 1
|
|
#define PSA_WANT_ECC_SECP_K1_256 1
|
|
#define PSA_WANT_ECC_SECP_R1_192 1
|
|
#define PSA_WANT_ECC_SECP_R1_224 1
|
|
/* For secp256r1, consider enabling #MBEDTLS_PSA_P256M_DRIVER_ENABLED
|
|
* (see the description in mbedtls/mbedtls_config.h for details). */
|
|
#define PSA_WANT_ECC_SECP_R1_256 1
|
|
#define PSA_WANT_ECC_SECP_R1_384 1
|
|
#define PSA_WANT_ECC_SECP_R1_521 1
|
|
|
|
#define PSA_WANT_DH_RFC7919_2048 1
|
|
#define PSA_WANT_DH_RFC7919_3072 1
|
|
#define PSA_WANT_DH_RFC7919_4096 1
|
|
#define PSA_WANT_DH_RFC7919_6144 1
|
|
#define PSA_WANT_DH_RFC7919_8192 1
|
|
|
|
#define PSA_WANT_KEY_TYPE_DERIVE 1
|
|
#define PSA_WANT_KEY_TYPE_PASSWORD 1
|
|
#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
|
|
#define PSA_WANT_KEY_TYPE_HMAC 1
|
|
#define PSA_WANT_KEY_TYPE_AES 1
|
|
#define PSA_WANT_KEY_TYPE_ARIA 1
|
|
#define PSA_WANT_KEY_TYPE_CAMELLIA 1
|
|
#define PSA_WANT_KEY_TYPE_CHACHA20 1
|
|
#define PSA_WANT_KEY_TYPE_DES 1
|
|
//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */
|
|
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
|
#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
|
|
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
|
|
//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */
|
|
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
|
|
|
|
/*
|
|
* The following symbols extend and deprecate the legacy
|
|
* PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in
|
|
* the name's suffix. "_USE" is the most generic and it can be used to describe
|
|
* a generic suport, whereas other ones add more features on top of that and
|
|
* they are more specific.
|
|
*/
|
|
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
|
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
|
|
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
|
|
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
|
|
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
|
|
|
|
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
|
|
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
|
|
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
|
|
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
|
|
//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */
|
|
|
|
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
|
|
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
|
|
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
|
|
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
|
|
//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 /* Not supported */
|
|
|
|
#endif /* PSA_CRYPTO_CONFIG_H */
|