1 /**
2  * \file config-thread.h
3  *
4  * \brief Minimal configuration for using TLS as part of Thread
5  */
6 /*
7  *  Copyright The Mbed TLS Contributors
8  *  SPDX-License-Identifier: Apache-2.0
9  *
10  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
11  *  not use this file except in compliance with the License.
12  *  You may obtain a copy of the License at
13  *
14  *  http://www.apache.org/licenses/LICENSE-2.0
15  *
16  *  Unless required by applicable law or agreed to in writing, software
17  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  *  See the License for the specific language governing permissions and
20  *  limitations under the License.
21  */
22 
23 /*
24  * Minimal configuration for using TLS a part of Thread
25  * http://threadgroup.org/
26  *
27  * Distinguishing features:
28  * - no RSA or classic DH, fully based on ECC
29  * - no X.509
30  * - support for experimental EC J-PAKE key exchange
31  *
32  * See README.txt for usage instructions.
33  */
34 
35 /* System support */
36 #define MBEDTLS_HAVE_ASM
37 
38 /* mbed TLS feature support */
39 #define MBEDTLS_AES_ROM_TABLES
40 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
41 #define MBEDTLS_ECP_NIST_OPTIM
42 #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
43 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
44 #define MBEDTLS_SSL_PROTO_TLS1_2
45 #define MBEDTLS_SSL_PROTO_DTLS
46 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
47 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
48 
49 /* mbed TLS modules */
50 #define MBEDTLS_AES_C
51 #define MBEDTLS_ASN1_PARSE_C
52 #define MBEDTLS_ASN1_WRITE_C
53 #define MBEDTLS_BIGNUM_C
54 #define MBEDTLS_CCM_C
55 #define MBEDTLS_CIPHER_C
56 #define MBEDTLS_CTR_DRBG_C
57 #define MBEDTLS_CMAC_C
58 #define MBEDTLS_ECJPAKE_C
59 #define MBEDTLS_ECP_C
60 #define MBEDTLS_ENTROPY_C
61 #define MBEDTLS_HMAC_DRBG_C
62 #define MBEDTLS_MD_C
63 #define MBEDTLS_OID_C
64 #define MBEDTLS_PK_C
65 #define MBEDTLS_PK_PARSE_C
66 /* The library does not currently support enabling SHA-224 without SHA-256.
67  * A future version of the library will have this option disabled
68  * by default. */
69 #define MBEDTLS_SHA224_C
70 #define MBEDTLS_SHA256_C
71 #define MBEDTLS_SSL_COOKIE_C
72 #define MBEDTLS_SSL_CLI_C
73 #define MBEDTLS_SSL_SRV_C
74 #define MBEDTLS_SSL_TLS_C
75 
76 /* For tests using ssl-opt.sh */
77 #define MBEDTLS_NET_C
78 #define MBEDTLS_TIMING_C
79 
80 /* Save RAM at the expense of ROM */
81 #define MBEDTLS_AES_ROM_TABLES
82 
83 /* Save RAM by adjusting to our exact needs */
84 #define MBEDTLS_MPI_MAX_SIZE              32 // 256-bit EC curve = 32 bytes
85 
86 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
87 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
88 
89 /* These defines are present so that the config modifying scripts can enable
90  * them during tests/scripts/test-ref-configs.pl */
91 //#define MBEDTLS_USE_PSA_CRYPTO
92 //#define MBEDTLS_PSA_CRYPTO_C
93