1 /** 2 * \file config-thread.h 3 * 4 * \brief Minimal configuration for using TLS as part of Thread 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 9 * 10 * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 * not use this file except in compliance with the License. 12 * You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, software 17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 * See the License for the specific language governing permissions and 20 * limitations under the License. 21 */ 22 23 /* 24 * Minimal configuration for using TLS a part of Thread 25 * http://threadgroup.org/ 26 * 27 * Distinguishing features: 28 * - no RSA or classic DH, fully based on ECC 29 * - no X.509 30 * - support for experimental EC J-PAKE key exchange 31 * 32 * See README.txt for usage instructions. 33 */ 34 35 /* System support */ 36 #define MBEDTLS_HAVE_ASM 37 38 /* mbed TLS feature support */ 39 #define MBEDTLS_AES_ROM_TABLES 40 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 41 #define MBEDTLS_ECP_NIST_OPTIM 42 #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 43 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 44 #define MBEDTLS_SSL_PROTO_TLS1_2 45 #define MBEDTLS_SSL_PROTO_DTLS 46 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 47 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 48 49 /* mbed TLS modules */ 50 #define MBEDTLS_AES_C 51 #define MBEDTLS_ASN1_PARSE_C 52 #define MBEDTLS_ASN1_WRITE_C 53 #define MBEDTLS_BIGNUM_C 54 #define MBEDTLS_CCM_C 55 #define MBEDTLS_CIPHER_C 56 #define MBEDTLS_CTR_DRBG_C 57 #define MBEDTLS_CMAC_C 58 #define MBEDTLS_ECJPAKE_C 59 #define MBEDTLS_ECP_C 60 #define MBEDTLS_ENTROPY_C 61 #define MBEDTLS_HMAC_DRBG_C 62 #define MBEDTLS_MD_C 63 #define MBEDTLS_OID_C 64 #define MBEDTLS_PK_C 65 #define MBEDTLS_PK_PARSE_C 66 /* The library does not currently support enabling SHA-224 without SHA-256. 67 * A future version of the library will have this option disabled 68 * by default. */ 69 #define MBEDTLS_SHA224_C 70 #define MBEDTLS_SHA256_C 71 #define MBEDTLS_SSL_COOKIE_C 72 #define MBEDTLS_SSL_CLI_C 73 #define MBEDTLS_SSL_SRV_C 74 #define MBEDTLS_SSL_TLS_C 75 76 /* For tests using ssl-opt.sh */ 77 #define MBEDTLS_NET_C 78 #define MBEDTLS_TIMING_C 79 80 /* Save RAM at the expense of ROM */ 81 #define MBEDTLS_AES_ROM_TABLES 82 83 /* Save RAM by adjusting to our exact needs */ 84 #define MBEDTLS_MPI_MAX_SIZE 32 // 256-bit EC curve = 32 bytes 85 86 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ 87 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 88 89 /* These defines are present so that the config modifying scripts can enable 90 * them during tests/scripts/test-ref-configs.pl */ 91 //#define MBEDTLS_USE_PSA_CRYPTO 92 //#define MBEDTLS_PSA_CRYPTO_C 93