1 /* 2 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 3 * Copyright (c) 2017 Intel Corporation. 4 * Copyright (c) 2018 Nordic Semiconductor ASA 5 * 6 * SPDX-License-Identifier: Apache-2.0 7 * 8 * Generic configuration for TLS, manageable by Kconfig. 9 */ 10 11 #ifndef MBEDTLS_CONFIG_H 12 #define MBEDTLS_CONFIG_H 13 14 /* System support */ 15 #define MBEDTLS_PLATFORM_C 16 #define MBEDTLS_PLATFORM_MEMORY 17 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C 18 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE (sizeof(void *)) 19 #define MBEDTLS_PLATFORM_EXIT_ALT 20 #define MBEDTLS_NO_PLATFORM_ENTROPY 21 22 #if defined(CONFIG_MBEDTLS_ZEROIZE_ALT) 23 #define MBEDTLS_PLATFORM_ZEROIZE_ALT 24 #endif 25 26 #if defined(CONFIG_MBEDTLS_ZEPHYR_ENTROPY) 27 #define MBEDTLS_ENTROPY_HARDWARE_ALT 28 #else 29 #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 30 #endif 31 32 #if defined(CONFIG_MBEDTLS_HAVE_ASM) 33 #define MBEDTLS_HAVE_ASM 34 #endif 35 36 #if defined(CONFIG_MBEDTLS_LMS) 37 #define MBEDTLS_LMS_C 38 #endif 39 40 #if defined(CONFIG_MBEDTLS_HAVE_TIME_DATE) 41 #define MBEDTLS_HAVE_TIME 42 #define MBEDTLS_HAVE_TIME_DATE 43 #define MBEDTLS_PLATFORM_MS_TIME_ALT 44 #endif 45 46 #if defined(CONFIG_MBEDTLS_TEST) 47 #define MBEDTLS_SELF_TEST 48 #define MBEDTLS_DEBUG_C 49 #endif 50 51 /* mbedTLS feature support */ 52 53 /* Supported TLS versions */ 54 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_0) 55 #define MBEDTLS_SSL_PROTO_TLS1 56 #endif 57 58 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_1) 59 #define MBEDTLS_SSL_PROTO_TLS1_1 60 #endif 61 62 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) 63 #define MBEDTLS_SSL_PROTO_TLS1_2 64 #endif 65 66 67 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_0) || \ 68 defined(CONFIG_MBEDTLS_TLS_VERSION_1_1) || \ 69 defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) 70 71 /* Modules required for TLS */ 72 #define MBEDTLS_SSL_TLS_C 73 #define MBEDTLS_SSL_SRV_C 74 #define MBEDTLS_SSL_CLI_C 75 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 76 77 #endif 78 79 #if defined(CONFIG_MBEDTLS_DTLS) 80 #define MBEDTLS_SSL_PROTO_DTLS 81 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 82 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 83 #define MBEDTLS_SSL_COOKIE_C 84 #endif 85 86 /* Supported key exchange methods */ 87 88 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 89 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 90 #endif 91 92 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 93 #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 94 #endif 95 96 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 97 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 98 #endif 99 100 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 101 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 102 #endif 103 104 #if defined(CONFIG_MBEDTLS_PSK_MAX_LEN) 105 #define MBEDTLS_PSK_MAX_LEN CONFIG_MBEDTLS_PSK_MAX_LEN 106 #endif 107 108 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 109 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 110 #endif 111 112 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 113 #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 114 #endif 115 116 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 117 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 118 #endif 119 120 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 121 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 122 #endif 123 124 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 125 #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 126 #endif 127 128 #if defined(CONFIG_MBEDTLS_ECDSA_DETERMINISTIC) 129 #define MBEDTLS_ECDSA_DETERMINISTIC 130 #endif 131 132 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 133 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 134 #endif 135 136 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 137 #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 138 #endif 139 140 #if defined(CONFIG_MBEDTLS_HKDF_C) 141 #define MBEDTLS_HKDF_C 142 #endif 143 144 /* Supported cipher modes */ 145 146 #if defined(CONFIG_MBEDTLS_CIPHER_AES_ENABLED) 147 #define MBEDTLS_AES_C 148 #endif 149 150 #if defined(CONFIG_MBEDTLS_AES_ROM_TABLES) 151 #define MBEDTLS_AES_ROM_TABLES 152 #endif 153 154 #if defined(CONFIG_MBEDTLS_AES_FEWER_TABLES) 155 #define MBEDTLS_AES_FEWER_TABLES 156 #endif 157 158 #if defined(CONFIG_MBEDTLS_CIPHER_CAMELLIA_ENABLED) 159 #define MBEDTLS_CAMELLIA_C 160 #endif 161 162 #if defined(CONFIG_MBEDTLS_CIPHER_DES_ENABLED) 163 #define MBEDTLS_DES_C 164 #endif 165 166 #if defined(CONFIG_MBEDTLS_CIPHER_CHACHA20_ENABLED) 167 #define MBEDTLS_CHACHA20_C 168 #endif 169 170 #if defined(CONFIG_MBEDTLS_CIPHER_CCM_ENABLED) 171 #define MBEDTLS_CCM_C 172 #endif 173 174 #if defined(CONFIG_MBEDTLS_CIPHER_GCM_ENABLED) 175 #define MBEDTLS_GCM_C 176 #endif 177 178 #if defined(CONFIG_MBEDTLS_CIPHER_MODE_XTS_ENABLED) 179 #define MBEDTLS_CIPHER_MODE_XTS 180 #endif 181 182 #if defined(CONFIG_MBEDTLS_CIPHER_MODE_CBC_ENABLED) 183 #define MBEDTLS_CIPHER_MODE_CBC 184 #endif 185 186 #if defined(CONFIG_MBEDTLS_CIPHER_MODE_CTR_ENABLED) 187 #define MBEDTLS_CIPHER_MODE_CTR 188 #endif 189 190 /* Supported elliptic curve libraries */ 191 192 #if defined(CONFIG_MBEDTLS_ECDH_C) 193 #define MBEDTLS_ECDH_C 194 #endif 195 196 #if defined(CONFIG_MBEDTLS_ECDSA_C) 197 #define MBEDTLS_ECDSA_C 198 #endif 199 200 #if defined(CONFIG_MBEDTLS_ECJPAKE_C) 201 #define MBEDTLS_ECJPAKE_C 202 #endif 203 204 #if defined(CONFIG_MBEDTLS_ECP_C) 205 #define MBEDTLS_ECP_C 206 #endif 207 208 /* Supported elliptic curves */ 209 210 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED) 211 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED 212 #endif 213 214 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED) 215 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED 216 #endif 217 218 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED) 219 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 220 #endif 221 222 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED) 223 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 224 #endif 225 226 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED) 227 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED 228 #endif 229 230 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED) 231 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED 232 #endif 233 234 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED) 235 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED 236 #endif 237 238 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED) 239 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED 240 #endif 241 242 #if defined(CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED) 243 #define MBEDTLS_ECP_DP_BP256R1_ENABLED 244 #endif 245 246 #if defined(CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED) 247 #define MBEDTLS_ECP_DP_BP384R1_ENABLED 248 #endif 249 250 #if defined(CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED) 251 #define MBEDTLS_ECP_DP_BP512R1_ENABLED 252 #endif 253 254 #if defined(CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED) 255 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED 256 #endif 257 258 #if defined(CONFIG_MBEDTLS_ECP_DP_CURVE448_ENABLED) 259 #define MBEDTLS_ECP_DP_CURVE448_ENABLED 260 #endif 261 262 #if defined(CONFIG_MBEDTLS_ECP_NIST_OPTIM) 263 #define MBEDTLS_ECP_NIST_OPTIM 264 #endif 265 266 /* Supported hash algorithms */ 267 268 #if defined(CONFIG_MBEDTLS_MD5) 269 #define MBEDTLS_MD5_C 270 #endif 271 272 #if defined(CONFIG_MBEDTLS_SHA1) 273 #define MBEDTLS_SHA1_C 274 #endif 275 276 #if defined(CONFIG_MBEDTLS_SHA224) 277 #define MBEDTLS_SHA224_C 278 #endif 279 280 #if defined(CONFIG_MBEDTLS_SHA256) 281 #define MBEDTLS_SHA256_C 282 #endif 283 284 #if defined(CONFIG_MBEDTLS_SHA256_SMALLER) 285 #define MBEDTLS_SHA256_SMALLER 286 #endif 287 288 #if defined(CONFIG_MBEDTLS_SHA384) 289 #define MBEDTLS_SHA384_C 290 #endif 291 292 #if defined(CONFIG_MBEDTLS_SHA512) 293 #define MBEDTLS_SHA512_C 294 #endif 295 296 #if defined(CONFIG_MBEDTLS_POLY1305) 297 #define MBEDTLS_POLY1305_C 298 #endif 299 300 #if defined(CONFIG_MBEDTLS_CMAC) 301 #define MBEDTLS_CMAC_C 302 #endif 303 304 /* mbedTLS modules */ 305 #if defined(CONFIG_MBEDTLS_CTR_DRBG_ENABLED) 306 #define MBEDTLS_CTR_DRBG_C 307 #endif 308 309 #if defined(CONFIG_MBEDTLS_HMAC_DRBG_ENABLED) 310 #define MBEDTLS_HMAC_DRBG_C 311 #endif 312 313 #if defined(CONFIG_MBEDTLS_DEBUG) 314 #define MBEDTLS_ERROR_C 315 #define MBEDTLS_DEBUG_C 316 #define MBEDTLS_SSL_DEBUG_ALL 317 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 318 #endif 319 320 #if defined(CONFIG_MBEDTLS_MEMORY_DEBUG) 321 #define MBEDTLS_MEMORY_DEBUG 322 #endif 323 324 #if defined(CONFIG_MBEDTLS_CHACHAPOLY_AEAD_ENABLED) 325 #define MBEDTLS_CHACHAPOLY_C 326 #endif 327 328 #if defined(CONFIG_MBEDTLS_GENPRIME_ENABLED) 329 #define MBEDTLS_GENPRIME 330 #endif 331 332 #if defined(CONFIG_MBEDTLS_ENTROPY_ENABLED) 333 #define MBEDTLS_ENTROPY_C 334 #endif 335 336 #if defined(CONFIG_MBEDTLS_SSL_EXPORT_KEYS) 337 #define MBEDTLS_SSL_EXPORT_KEYS 338 #endif 339 340 #if defined(CONFIG_MBEDTLS_SSL_ALPN) 341 #define MBEDTLS_SSL_ALPN 342 #endif 343 344 #if defined(CONFIG_MBEDTLS_CIPHER) 345 #define MBEDTLS_CIPHER_C 346 #endif 347 348 #if defined(CONFIG_MBEDTLS_MD) 349 #define MBEDTLS_MD_C 350 #endif 351 352 /* Automatic dependencies */ 353 354 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ 355 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 356 #define MBEDTLS_DHM_C 357 #endif 358 359 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 360 defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 361 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 362 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 363 #define MBEDTLS_RSA_C 364 #define MBEDTLS_PKCS1_V15 365 #define MBEDTLS_PKCS1_V21 366 #endif 367 368 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 369 defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 370 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 371 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 372 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 373 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ 374 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 375 #define MBEDTLS_X509_CRT_PARSE_C 376 #endif 377 378 #if defined(CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT) && \ 379 defined(MBEDTLS_X509_CRT_PARSE_C) 380 #define MBEDTLS_PEM_PARSE_C 381 #define MBEDTLS_BASE64_C 382 #endif 383 384 #if defined(MBEDTLS_X509_CRT_PARSE_C) 385 #define MBEDTLS_X509_USE_C 386 #endif 387 388 #if defined(MBEDTLS_DHM_C) || \ 389 defined(MBEDTLS_ECP_C) || \ 390 defined(MBEDTLS_RSA_C) || \ 391 defined(MBEDTLS_X509_USE_C) || \ 392 defined(MBEDTLS_GENPRIME) 393 #define MBEDTLS_BIGNUM_C 394 #endif 395 396 #if defined(MBEDTLS_RSA_C) || \ 397 defined(MBEDTLS_X509_USE_C) 398 #define MBEDTLS_OID_C 399 #endif 400 401 #if defined(MBEDTLS_X509_USE_C) 402 #define MBEDTLS_PK_PARSE_C 403 #endif 404 405 #if defined(CONFIG_MBEDTLS_PK_WRITE_C) 406 #define MBEDTLS_PK_WRITE_C 407 #endif 408 409 #if defined(MBEDTLS_PK_PARSE_C) || defined(MBEDTLS_PK_WRITE_C) 410 #define MBEDTLS_PK_C 411 #endif 412 413 #if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_X509_USE_C) 414 #define MBEDTLS_ASN1_PARSE_C 415 #endif 416 417 #if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_WRITE_C) 418 #define MBEDTLS_ASN1_WRITE_C 419 #endif 420 421 #if defined(CONFIG_MBEDTLS_PKCS5_C) 422 #define MBEDTLS_PKCS5_C 423 #endif 424 425 #define MBEDTLS_SSL_IN_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN 426 #define MBEDTLS_SSL_OUT_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN 427 428 /* Enable OpenThread optimizations. */ 429 #if defined(CONFIG_MBEDTLS_OPENTHREAD_OPTIMIZATIONS_ENABLED) 430 #define MBEDTLS_MPI_WINDOW_SIZE 1 /**< Maximum windows size used. */ 431 #define MBEDTLS_MPI_MAX_SIZE 32 /**< Maximum number of bytes for usable MPIs. */ 432 #define MBEDTLS_ECP_WINDOW_SIZE 2 /**< Maximum window size used */ 433 #define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */ 434 #define MBEDTLS_ENTROPY_MAX_SOURCES 1 /**< Maximum number of sources supported */ 435 #endif 436 437 #if defined(CONFIG_MBEDTLS_SERVER_NAME_INDICATION) && \ 438 defined(MBEDTLS_X509_CRT_PARSE_C) 439 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 440 #endif 441 442 #if defined(CONFIG_MBEDTLS_SSL_CACHE_C) 443 #define MBEDTLS_SSL_CACHE_C 444 #define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT CONFIG_MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 445 #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES CONFIG_MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 446 #endif 447 448 #if defined(CONFIG_MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 449 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 450 #endif 451 452 #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) 453 #define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 454 #endif 455 456 #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_C) 457 #define MBEDTLS_PSA_CRYPTO_C 458 #define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS 459 460 #if defined(CONFIG_MBEDTLS_PSA_P256M_DRIVER_ENABLED) 461 #define MBEDTLS_PSA_P256M_DRIVER_ENABLED 462 #endif 463 464 #if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_PICOLIBC) 465 #define MBEDTLS_PSA_KEY_SLOT_COUNT 64 466 #define MBEDTLS_PSA_CRYPTO_STORAGE_C 467 #define MBEDTLS_PSA_ITS_FILE_C 468 #define MBEDTLS_FS_IO 469 #endif 470 471 #endif /* CONFIG_MBEDTLS_PSA_CRYPTO_C */ 472 473 #if defined(CONFIG_MBEDTLS_USE_PSA_CRYPTO) 474 #define MBEDTLS_USE_PSA_CRYPTO 475 #endif 476 477 #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT) 478 #define MBEDTLS_PSA_CRYPTO_CLIENT 479 #define MBEDTLS_PSA_CRYPTO_CONFIG 480 #define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "config-psa.h" 481 482 #endif 483 484 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) && defined(CONFIG_MBEDTLS_PSA_CRYPTO_C) 485 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 486 #endif 487 488 #if defined(CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID) 489 #define MBEDTLS_SSL_DTLS_CONNECTION_ID 490 #endif 491 492 #if defined(CONFIG_MBEDTLS_NIST_KW_C) 493 #define MBEDTLS_NIST_KW_C 494 #endif 495 496 #if defined(CONFIG_MBEDTLS_DHM_C) 497 #define MBEDTLS_DHM_C 498 #endif 499 500 #if defined(CONFIG_MBEDTLS_X509_CRL_PARSE_C) 501 #define MBEDTLS_X509_CRL_PARSE_C 502 #endif 503 504 #if defined(CONFIG_MBEDTLS_X509_CSR_WRITE_C) 505 #define MBEDTLS_X509_CSR_WRITE_C 506 #define MBEDTLS_X509_CREATE_C 507 #endif 508 509 #if defined(CONFIG_MBEDTLS_X509_CSR_PARSE_C) 510 #define MBEDTLS_X509_CSR_PARSE_C 511 #endif 512 513 #if defined(CONFIG_MBEDTLS_USER_CONFIG_FILE) 514 #include CONFIG_MBEDTLS_USER_CONFIG_FILE 515 #endif 516 517 #endif /* MBEDTLS_CONFIG_H */ 518
