1/**
2 * \file check_crypto_config.h
3 *
4 * \brief Consistency checks for PSA configuration options
5 */
6/*
7 *  Copyright The Mbed TLS Contributors
8 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 */
10
11/*
12 * It is recommended to include this file from your crypto_config.h
13 * in order to catch dependency issues early.
14 */
15
16#ifndef MBEDTLS_CHECK_CRYPTO_CONFIG_H
17#define MBEDTLS_CHECK_CRYPTO_CONFIG_H
18
19#if defined(PSA_WANT_ALG_CCM) && \
20    !(defined(PSA_WANT_KEY_TYPE_AES) || \
21    defined(PSA_WANT_KEY_TYPE_CAMELLIA))
22#error "PSA_WANT_ALG_CCM defined, but not all prerequisites"
23#endif
24
25#if defined(PSA_WANT_ALG_CMAC) && \
26    !(defined(PSA_WANT_KEY_TYPE_AES) || \
27    defined(PSA_WANT_KEY_TYPE_CAMELLIA) || \
28    defined(PSA_WANT_KEY_TYPE_DES))
29#error "PSA_WANT_ALG_CMAC defined, but not all prerequisites"
30#endif
31
32#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \
33    !(defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
34    defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
35#error "PSA_WANT_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites"
36#endif
37
38#if defined(PSA_WANT_ALG_ECDSA) && \
39    !(defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
40    defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
41#error "PSA_WANT_ALG_ECDSA defined, but not all prerequisites"
42#endif
43
44#if defined(PSA_WANT_ALG_GCM) && \
45    !(defined(PSA_WANT_KEY_TYPE_AES) || \
46    defined(PSA_WANT_KEY_TYPE_CAMELLIA))
47#error "PSA_WANT_ALG_GCM defined, but not all prerequisites"
48#endif
49
50#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) && \
51    !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
52    defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
53#error "PSA_WANT_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites"
54#endif
55
56#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) && \
57    !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
58    defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
59#error "PSA_WANT_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites"
60#endif
61
62#if defined(PSA_WANT_ALG_RSA_OAEP) && \
63    !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
64    defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
65#error "PSA_WANT_ALG_RSA_OAEP defined, but not all prerequisites"
66#endif
67
68#if defined(PSA_WANT_ALG_RSA_PSS) && \
69    !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
70    defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
71#error "PSA_WANT_ALG_RSA_PSS defined, but not all prerequisites"
72#endif
73
74#if (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
75    defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
76    defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
77    defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) || \
78    defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)) && \
79    !defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
80#error "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx defined, but not all prerequisites"
81#endif
82
83#if (defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
84    defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
85    defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
86    defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)) && \
87    !defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
88#error "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx defined, but not all prerequisites"
89#endif
90
91#if (defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) || \
92    defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \
93    defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) || \
94    defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)) && \
95    !defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
96#error "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_xxx defined, but not all prerequisites"
97#endif
98
99#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
100#if defined(MBEDTLS_DEPRECATED_REMOVED)
101#error "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR is deprecated and will be removed in a \
102    future version of Mbed TLS. Please switch to new PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx \
103    symbols, where xxx can be: USE, IMPORT, EXPORT, GENERATE, DERIVE"
104#elif defined(MBEDTLS_DEPRECATED_WARNING)
105#warning "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR is deprecated and will be removed in a \
106    future version of Mbed TLS. Please switch to new PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx \
107    symbols, where xxx can be: USE, IMPORT, EXPORT, GENERATE, DERIVE"
108#endif /* MBEDTLS_DEPRECATED_WARNING */
109#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
110
111#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
112#if defined(MBEDTLS_DEPRECATED_REMOVED)
113#error "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR is deprecated and will be removed in a \
114    future version of Mbed TLS. Please switch to new PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx \
115    symbols, where xxx can be: USE, IMPORT, EXPORT, GENERATE, DERIVE"
116#elif defined(MBEDTLS_DEPRECATED_WARNING)
117#warning "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR is deprecated and will be removed in a \
118    future version of Mbed TLS. Please switch to new PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx \
119    symbols, where xxx can be: USE, IMPORT, EXPORT, GENERATE, DERIVE"
120#endif /* MBEDTLS_DEPRECATED_WARNING */
121#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
122
123#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE)
124#error "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE defined, but feature is not supported"
125#endif
126
127#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE)
128#error "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE defined, but feature is not supported"
129#endif
130
131#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_USE_PSA_CRYPTO) && \
132    !(defined(PSA_WANT_ALG_SHA_1) || defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_512))
133#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
134#endif
135
136#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) && \
137    !defined(PSA_WANT_ALG_SHA_256)
138#error "PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS defined, but not all prerequisites"
139#endif
140
141#endif /* MBEDTLS_CHECK_CRYPTO_CONFIG_H */
142