1 /*
2  *  Copyright (c) 2018, The OpenThread Authors.
3  *  All rights reserved.
4  *
5  *  Redistribution and use in source and binary forms, with or without
6  *  modification, are permitted provided that the following conditions are met:
7  *  1. Redistributions of source code must retain the above copyright
8  *     notice, this list of conditions and the following disclaimer.
9  *  2. Redistributions in binary form must reproduce the above copyright
10  *     notice, this list of conditions and the following disclaimer in the
11  *     documentation and/or other materials provided with the distribution.
12  *  3. Neither the name of the copyright holder nor the
13  *     names of its contributors may be used to endorse or promote products
14  *     derived from this software without specific prior written permission.
15  *
16  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20  *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23  *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24  *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25  *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26  *  POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 // Spans multiple lines to avoid being processed by unifdef
30 #ifndef \
31     MBEDTLS_CONFIG_H
32 #define MBEDTLS_CONFIG_H
33 
34 #include "openthread-core-config.h"
35 
36 #include <stdio.h>
37 #include <stdlib.h>
38 
39 #include <openthread/config.h>
40 #include <openthread/platform/logging.h>
41 #include <openthread/platform/memory.h>
42 
43 #define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf
44 
45 #define MBEDTLS_AES_C
46 #if (MBEDTLS_VERSION_NUMBER >= 0x03050000)
47 #define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
48 #endif
49 #define MBEDTLS_AES_ROM_TABLES
50 #define MBEDTLS_ASN1_PARSE_C
51 #define MBEDTLS_ASN1_WRITE_C
52 #define MBEDTLS_BIGNUM_C
53 #if (MBEDTLS_VERSION_NUMBER >= 0x03050000)
54 #define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
55 #endif
56 #define MBEDTLS_CCM_C
57 #define MBEDTLS_CIPHER_C
58 #define MBEDTLS_CMAC_C
59 #define MBEDTLS_CTR_DRBG_C
60 #define MBEDTLS_DEPRECATED_REMOVED
61 #define MBEDTLS_DEPRECATED_WARNING
62 #define MBEDTLS_ECJPAKE_C
63 #define MBEDTLS_ECP_C
64 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
65 #define MBEDTLS_ECP_NIST_OPTIM
66 #define MBEDTLS_ENTROPY_C
67 #define MBEDTLS_HAVE_ASM
68 #define MBEDTLS_HMAC_DRBG_C
69 #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
70 #define MBEDTLS_MD_C
71 #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
72 #define MBEDTLS_NO_PLATFORM_ENTROPY
73 #define MBEDTLS_OID_C
74 #define MBEDTLS_PK_C
75 #define MBEDTLS_PK_PARSE_C
76 #define MBEDTLS_PLATFORM_C
77 #define MBEDTLS_PLATFORM_MEMORY
78 #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
79 #define MBEDTLS_SHA224_C
80 #define MBEDTLS_SHA256_C
81 #define MBEDTLS_SHA256_SMALLER
82 #define MBEDTLS_SSL_CLI_C
83 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
84 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
85 #define MBEDTLS_SSL_EXPORT_KEYS
86 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
87 #define MBEDTLS_SSL_PROTO_TLS1_2
88 #define MBEDTLS_SSL_PROTO_DTLS
89 #define MBEDTLS_SSL_TLS_C
90 
91 #if OPENTHREAD_CONFIG_BORDER_AGENT_ENABLE || OPENTHREAD_CONFIG_COMMISSIONER_ENABLE || OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE
92 #define MBEDTLS_SSL_COOKIE_C
93 #define MBEDTLS_SSL_SRV_C
94 #endif
95 
96 #if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE
97 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
98 #endif
99 
100 #if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE || OPENTHREAD_CONFIG_TLS_ENABLE
101 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
102 #endif
103 
104 #if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE
105 #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
106 #define MBEDTLS_GCM_C
107 #endif
108 
109 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
110 #define MBEDTLS_BASE64_C
111 #define MBEDTLS_ECDH_C
112 #define MBEDTLS_ECDSA_C
113 #define MBEDTLS_PEM_PARSE_C
114 #define MBEDTLS_X509_USE_C
115 #define MBEDTLS_X509_CRT_PARSE_C
116 #endif
117 
118 #if OPENTHREAD_CONFIG_ECDSA_ENABLE
119 #define MBEDTLS_BASE64_C
120 #define MBEDTLS_ECDH_C
121 #define MBEDTLS_ECDSA_C
122 #if OPENTHREAD_CONFIG_DETERMINISTIC_ECDSA_ENABLE
123 #define MBEDTLS_ECDSA_DETERMINISTIC
124 #endif
125 #define MBEDTLS_PEM_PARSE_C
126 #define MBEDTLS_PK_WRITE_C
127 #endif
128 
129 #define MBEDTLS_MPI_WINDOW_SIZE            1 /**< Maximum windows size used. */
130 #define MBEDTLS_MPI_MAX_SIZE              32 /**< Maximum number of bytes for usable MPIs. */
131 #define MBEDTLS_ECP_MAX_BITS             256 /**< Maximum bit size of groups */
132 #define MBEDTLS_ECP_WINDOW_SIZE            2 /**< Maximum window size used */
133 #define MBEDTLS_ECP_FIXED_POINT_OPTIM      0 /**< Enable fixed-point speed-up */
134 #define MBEDTLS_ENTROPY_MAX_SOURCES        1 /**< Maximum number of sources supported */
135 
136 #if OPENTHREAD_CONFIG_HEAP_EXTERNAL_ENABLE
137 #define MBEDTLS_PLATFORM_STD_CALLOC      otPlatCAlloc /**< Default allocator to use, can be undefined */
138 #define MBEDTLS_PLATFORM_STD_FREE        otPlatFree /**< Default free to use, can be undefined */
139 #else
140 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C
141 #endif
142 
143 #if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE
144 #define MBEDTLS_SSL_MAX_CONTENT_LEN      2000 /**< Maxium fragment length in bytes */
145 #elif OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE
146 #define MBEDTLS_SSL_MAX_CONTENT_LEN      900 /**< Maxium fragment length in bytes */
147 #else
148 #define MBEDTLS_SSL_MAX_CONTENT_LEN      768 /**< Maxium fragment length in bytes */
149 #endif
150 
151 #define MBEDTLS_SSL_IN_CONTENT_LEN       MBEDTLS_SSL_MAX_CONTENT_LEN
152 #define MBEDTLS_SSL_OUT_CONTENT_LEN      MBEDTLS_SSL_MAX_CONTENT_LEN
153 #define MBEDTLS_SSL_CIPHERSUITES         MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
154 
155 // Spans multiple lines to avoid being processed by unifdef
156 #if defined(\
157     MBEDTLS_USER_CONFIG_FILE)
158 #include MBEDTLS_USER_CONFIG_FILE
159 #endif
160 
161 #include "mbedtls/version.h"
162 #if (MBEDTLS_VERSION_NUMBER < 0x03000000)
163     // Configuration sanity check. Done automatically in Mbed TLS >= 3.0.
164     #include "mbedtls/check_config.h"
165 #endif
166 
167 #endif /* MBEDTLS_CONFIG_H */
168