1 /*
2  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
3  * Copyright (c) 2017 Intel Corporation.
4  * Copyright (c) 2018 Nordic Semiconductor ASA
5  *
6  * SPDX-License-Identifier: Apache-2.0
7  *
8  * Generic configuration for TLS, manageable by Kconfig.
9  */
10 
11 #ifndef MBEDTLS_CONFIG_H
12 #define MBEDTLS_CONFIG_H
13 
14 /* System support */
15 #define MBEDTLS_PLATFORM_C
16 #define MBEDTLS_PLATFORM_MEMORY
17 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C
18 #define MBEDTLS_PLATFORM_EXIT_ALT
19 #define MBEDTLS_NO_PLATFORM_ENTROPY
20 #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
21 
22 #if defined(CONFIG_MBEDTLS_HAVE_ASM)
23 #define MBEDTLS_HAVE_ASM
24 #endif
25 
26 #if defined(CONFIG_MBEDTLS_HAVE_TIME_DATE)
27 #define MBEDTLS_HAVE_TIME
28 #define MBEDTLS_HAVE_TIME_DATE
29 #endif
30 
31 #if defined(CONFIG_MBEDTLS_TEST)
32 #define MBEDTLS_SELF_TEST
33 #define MBEDTLS_DEBUG_C
34 #endif
35 
36 /* mbedTLS feature support */
37 
38 /* Supported TLS versions */
39 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_0)
40 #define MBEDTLS_SSL_PROTO_TLS1
41 #endif
42 
43 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_1)
44 #define MBEDTLS_SSL_PROTO_TLS1_1
45 #endif
46 
47 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_2)
48 #define MBEDTLS_SSL_PROTO_TLS1_2
49 #endif
50 
51 
52 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_0) || \
53     defined(CONFIG_MBEDTLS_TLS_VERSION_1_1) || \
54     defined(CONFIG_MBEDTLS_TLS_VERSION_1_2)
55 
56 /* Modules required for TLS */
57 #define MBEDTLS_SSL_TLS_C
58 #define MBEDTLS_SSL_SRV_C
59 #define MBEDTLS_SSL_CLI_C
60 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
61 
62 #endif
63 
64 #if defined(CONFIG_MBEDTLS_DTLS)
65 #define MBEDTLS_SSL_PROTO_DTLS
66 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
67 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
68 #define MBEDTLS_SSL_COOKIE_C
69 #endif
70 
71 /* Supported key exchange methods */
72 
73 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
74 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
75 #endif
76 
77 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
78 #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
79 #endif
80 
81 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
82 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
83 #endif
84 
85 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
86 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
87 #endif
88 
89 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
90 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
91 #endif
92 
93 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
94 #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
95 #endif
96 
97 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
98 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
99 #endif
100 
101 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
102 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
103 #endif
104 
105 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
106 #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
107 #endif
108 
109 #if defined(CONFIG_MBEDTLS_ECDSA_DETERMINISTIC)
110 #define MBEDTLS_ECDSA_DETERMINISTIC
111 #endif
112 
113 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
114 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
115 #endif
116 
117 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
118 #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
119 #endif
120 
121 /* Supported cipher modes */
122 
123 #if defined(CONFIG_MBEDTLS_CIPHER_AES_ENABLED)
124 #define MBEDTLS_AES_C
125 #endif
126 
127 #if defined(CONFIG_MBEDTLS_AES_ROM_TABLES)
128 #define MBEDTLS_AES_ROM_TABLES
129 #endif
130 
131 #if defined(CONFIG_MBEDTLS_CIPHER_CAMELLIA_ENABLED)
132 #define MBEDTLS_CAMELLIA_C
133 #endif
134 
135 #if defined(CONFIG_MBEDTLS_CIPHER_DES_ENABLED)
136 #define MBEDTLS_DES_C
137 #endif
138 
139 #if defined(CONFIG_MBEDTLS_CIPHER_ARC4_ENABLED)
140 #define MBEDTLS_ARC4_C
141 #endif
142 
143 #if defined(CONFIG_MBEDTLS_CIPHER_CHACHA20_ENABLED)
144 #define MBEDTLS_CHACHA20_C
145 #endif
146 
147 #if defined(CONFIG_MBEDTLS_CIPHER_BLOWFISH_ENABLED)
148 #define MBEDTLS_BLOWFISH_C
149 #endif
150 
151 #if defined(CONFIG_MBEDTLS_CIPHER_CCM_ENABLED)
152 #define MBEDTLS_CCM_C
153 #endif
154 
155 #if defined(CONFIG_MBEDTLS_CIPHER_GCM_ENABLED)
156 #define MBEDTLS_GCM_C
157 #endif
158 
159 #if defined(CONFIG_MBEDTLS_CIPHER_MODE_XTS_ENABLED)
160 #define MBEDTLS_CIPHER_MODE_XTS
161 #endif
162 
163 #if defined(CONFIG_MBEDTLS_CIPHER_MODE_CBC_ENABLED)
164 #define MBEDTLS_CIPHER_MODE_CBC
165 #endif
166 
167 #if defined(CONFIG_MBEDTLS_CIPHER_MODE_CTR_ENABLED)
168 #define MBEDTLS_CIPHER_MODE_CTR
169 #endif
170 
171 /* Supported elliptic curves */
172 
173 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED)
174 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED
175 #endif
176 
177 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED)
178 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED
179 #endif
180 
181 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED)
182 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
183 #endif
184 
185 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED)
186 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
187 #endif
188 
189 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED)
190 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED
191 #endif
192 
193 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED)
194 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED
195 #endif
196 
197 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED)
198 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED
199 #endif
200 
201 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED)
202 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED
203 #endif
204 
205 #if defined(CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED)
206 #define MBEDTLS_ECP_DP_BP256R1_ENABLED
207 #endif
208 
209 #if defined(CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED)
210 #define MBEDTLS_ECP_DP_BP384R1_ENABLED
211 #endif
212 
213 #if defined(CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED)
214 #define MBEDTLS_ECP_DP_BP512R1_ENABLED
215 #endif
216 
217 #if defined(CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED)
218 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
219 #endif
220 
221 #if defined(CONFIG_MBEDTLS_ECP_DP_CURVE448_ENABLED)
222 #define MBEDTLS_ECP_DP_CURVE448_ENABLED
223 #endif
224 
225 #if defined(CONFIG_MBEDTLS_ECP_NIST_OPTIM)
226 #define MBEDTLS_ECP_NIST_OPTIM
227 #endif
228 
229 /* Supported message authentication methods */
230 
231 #if defined(CONFIG_MBEDTLS_MAC_MD4_ENABLED)
232 #define MBEDTLS_MD4_C
233 #endif
234 
235 #if defined(CONFIG_MBEDTLS_MAC_MD5_ENABLED)
236 #define MBEDTLS_MD5_C
237 #endif
238 
239 #if defined(CONFIG_MBEDTLS_MAC_SHA1_ENABLED)
240 #define MBEDTLS_SHA1_C
241 #endif
242 
243 #if defined(CONFIG_MBEDTLS_MAC_SHA256_ENABLED)
244 #define MBEDTLS_SHA256_C
245 #endif
246 
247 #if defined(CONFIG_MBEDTLS_SHA256_SMALLER)
248 #define MBEDTLS_SHA256_SMALLER
249 #endif
250 
251 #if defined(CONFIG_MBEDTLS_MAC_SHA512_ENABLED)
252 #define MBEDTLS_SHA512_C
253 #endif
254 
255 #if defined(CONFIG_MBEDTLS_MAC_POLY1305_ENABLED)
256 #define MBEDTLS_POLY1305_C
257 #endif
258 
259 #if defined(CONFIG_MBEDTLS_MAC_CMAC_ENABLED)
260 #define MBEDTLS_CMAC_C
261 #endif
262 
263 /* mbedTLS modules */
264 #if defined(CONFIG_MBEDTLS_CTR_DRBG_ENABLED)
265 #define MBEDTLS_CTR_DRBG_C
266 #endif
267 
268 #if defined(CONFIG_MBEDTLS_HMAC_DRBG_ENABLED)
269 #define MBEDTLS_HMAC_DRBG_C
270 #endif
271 
272 #if defined(CONFIG_MBEDTLS_DEBUG)
273 #define MBEDTLS_ERROR_C
274 #define MBEDTLS_DEBUG_C
275 #define MBEDTLS_SSL_DEBUG_ALL
276 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES
277 #endif
278 
279 #if defined(CONFIG_MBEDTLS_MEMORY_DEBUG)
280 #define MBEDTLS_MEMORY_DEBUG
281 #endif
282 
283 #if defined(CONFIG_MBEDTLS_CHACHAPOLY_AEAD_ENABLED)
284 #define MBEDTLS_CHACHAPOLY_C
285 #endif
286 
287 #if defined(CONFIG_MBEDTLS_GENPRIME_ENABLED)
288 #define MBEDTLS_GENPRIME
289 #endif
290 
291 #if defined(CONFIG_MBEDTLS_ENTROPY_ENABLED)
292 #define MBEDTLS_ENTROPY_C
293 #endif
294 
295 #if defined(CONFIG_MBEDTLS_SSL_EXPORT_KEYS)
296 #define MBEDTLS_SSL_EXPORT_KEYS
297 #endif
298 
299 #if defined(CONFIG_MBEDTLS_SSL_ALPN)
300 #define MBEDTLS_SSL_ALPN
301 #endif
302 
303 #if defined(CONFIG_MBEDTLS_CIPHER)
304 #define MBEDTLS_CIPHER_C
305 #endif
306 
307 #if defined(CONFIG_MBEDTLS_MD)
308 #define MBEDTLS_MD_C
309 #endif
310 
311 /* Automatic dependencies */
312 
313 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
314     defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
315 #define MBEDTLS_DHM_C
316 #endif
317 
318 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
319     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
320     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
321     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
322     defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
323 #define MBEDTLS_ECDH_C
324 #endif
325 
326 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
327     defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
328     defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
329     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
330 #define MBEDTLS_RSA_C
331 #endif
332 
333 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
334     defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
335     defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
336     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
337 #define MBEDTLS_PKCS1_V15
338 #define MBEDTLS_PKCS1_V21
339 #endif
340 
341 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
342     defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
343     defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
344     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
345     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
346     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
347     defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
348 #define MBEDTLS_X509_CRT_PARSE_C
349 #endif
350 
351 #if defined (CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT) && \
352     defined(MBEDTLS_X509_CRT_PARSE_C)
353 #define MBEDTLS_PEM_PARSE_C
354 #define MBEDTLS_BASE64_C
355 #endif
356 
357 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
358 #define MBEDTLS_ECDSA_C
359 #endif
360 
361 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
362 #define MBEDTLS_ECJPAKE_C
363 #endif
364 
365 #if defined(MBEDTLS_ECDH_C) || \
366     defined(MBEDTLS_ECDSA_C) || \
367     defined(MBEDTLS_ECJPAKE_C)
368 #define MBEDTLS_ECP_C
369 #endif
370 
371 #if defined(MBEDTLS_X509_CRT_PARSE_C)
372 #define MBEDTLS_X509_USE_C
373 #endif
374 
375 #if defined(MBEDTLS_X509_USE_C) || \
376     defined(MBEDTLS_ECDSA_C)
377 #define MBEDTLS_ASN1_PARSE_C
378 #endif
379 
380 #if defined(MBEDTLS_ECDSA_C)
381 #define MBEDTLS_ASN1_WRITE_C
382 #endif
383 
384 #if defined(MBEDTLS_DHM_C) || \
385     defined(MBEDTLS_ECP_C) || \
386     defined(MBEDTLS_RSA_C) || \
387     defined(MBEDTLS_X509_USE_C) || \
388     defined(MBEDTLS_GENPRIME)
389 #define MBEDTLS_BIGNUM_C
390 #endif
391 
392 #if defined(MBEDTLS_RSA_C) || \
393     defined(MBEDTLS_X509_USE_C)
394 #define MBEDTLS_OID_C
395 #endif
396 
397 #if defined(MBEDTLS_X509_USE_C)
398 #define MBEDTLS_PK_PARSE_C
399 #endif
400 
401 #if defined(CONFIG_MBEDTLS_PK_WRITE_C)
402 #define MBEDTLS_PK_WRITE_C
403 #endif
404 
405 #if defined(MBEDTLS_PK_PARSE_C) || defined(MBEDTLS_PK_WRITE_C)
406 #define MBEDTLS_PK_C
407 #endif
408 
409 #define MBEDTLS_SSL_MAX_CONTENT_LEN  CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN
410 
411 /* Enable OpenThread optimizations. */
412 #if defined(CONFIG_MBEDTLS_OPENTHREAD_OPTIMIZATIONS_ENABLED)
413 #define MBEDTLS_MPI_WINDOW_SIZE            1 /**< Maximum windows size used. */
414 #define MBEDTLS_MPI_MAX_SIZE              32 /**< Maximum number of bytes for usable MPIs. */
415 #define MBEDTLS_ECP_MAX_BITS             256 /**< Maximum bit size of groups */
416 #define MBEDTLS_ECP_WINDOW_SIZE            2 /**< Maximum window size used */
417 #define MBEDTLS_ECP_FIXED_POINT_OPTIM      0 /**< Enable fixed-point speed-up */
418 #define MBEDTLS_ENTROPY_MAX_SOURCES        1 /**< Maximum number of sources supported */
419 #endif
420 
421 #if defined(CONFIG_MBEDTLS_SERVER_NAME_INDICATION) && \
422     defined(MBEDTLS_X509_CRT_PARSE_C)
423 #define MBEDTLS_SSL_SERVER_NAME_INDICATION
424 #endif
425 
426 /* User config file */
427 
428 #if defined(CONFIG_MBEDTLS_USER_CONFIG_FILE)
429 #include CONFIG_MBEDTLS_USER_CONFIG_FILE
430 #endif
431 
432 #include "mbedtls/check_config.h"
433 
434 #endif /* MBEDTLS_CONFIG_H */
435