1 /* 2 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 3 * Copyright (c) 2017 Intel Corporation. 4 * Copyright (c) 2018 Nordic Semiconductor ASA 5 * 6 * SPDX-License-Identifier: Apache-2.0 7 * 8 * Generic configuration for TLS, manageable by Kconfig. 9 */ 10 11 #ifndef MBEDTLS_CONFIG_H 12 #define MBEDTLS_CONFIG_H 13 14 /* System support */ 15 #define MBEDTLS_PLATFORM_C 16 #define MBEDTLS_PLATFORM_MEMORY 17 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C 18 #define MBEDTLS_PLATFORM_EXIT_ALT 19 #define MBEDTLS_NO_PLATFORM_ENTROPY 20 #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 21 22 #if defined(CONFIG_MBEDTLS_HAVE_ASM) 23 #define MBEDTLS_HAVE_ASM 24 #endif 25 26 #if defined(CONFIG_MBEDTLS_HAVE_TIME_DATE) 27 #define MBEDTLS_HAVE_TIME 28 #define MBEDTLS_HAVE_TIME_DATE 29 #endif 30 31 #if defined(CONFIG_MBEDTLS_TEST) 32 #define MBEDTLS_SELF_TEST 33 #define MBEDTLS_DEBUG_C 34 #endif 35 36 /* mbedTLS feature support */ 37 38 /* Supported TLS versions */ 39 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_0) 40 #define MBEDTLS_SSL_PROTO_TLS1 41 #endif 42 43 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_1) 44 #define MBEDTLS_SSL_PROTO_TLS1_1 45 #endif 46 47 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) 48 #define MBEDTLS_SSL_PROTO_TLS1_2 49 #endif 50 51 52 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_0) || \ 53 defined(CONFIG_MBEDTLS_TLS_VERSION_1_1) || \ 54 defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) 55 56 /* Modules required for TLS */ 57 #define MBEDTLS_SSL_TLS_C 58 #define MBEDTLS_SSL_SRV_C 59 #define MBEDTLS_SSL_CLI_C 60 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 61 62 #endif 63 64 #if defined(CONFIG_MBEDTLS_DTLS) 65 #define MBEDTLS_SSL_PROTO_DTLS 66 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 67 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 68 #define MBEDTLS_SSL_COOKIE_C 69 #endif 70 71 /* Supported key exchange methods */ 72 73 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 74 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 75 #endif 76 77 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 78 #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 79 #endif 80 81 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 82 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 83 #endif 84 85 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 86 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 87 #endif 88 89 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 90 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 91 #endif 92 93 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 94 #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 95 #endif 96 97 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 98 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 99 #endif 100 101 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 102 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 103 #endif 104 105 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 106 #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 107 #endif 108 109 #if defined(CONFIG_MBEDTLS_ECDSA_DETERMINISTIC) 110 #define MBEDTLS_ECDSA_DETERMINISTIC 111 #endif 112 113 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 114 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 115 #endif 116 117 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 118 #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 119 #endif 120 121 /* Supported cipher modes */ 122 123 #if defined(CONFIG_MBEDTLS_CIPHER_AES_ENABLED) 124 #define MBEDTLS_AES_C 125 #endif 126 127 #if defined(CONFIG_MBEDTLS_AES_ROM_TABLES) 128 #define MBEDTLS_AES_ROM_TABLES 129 #endif 130 131 #if defined(CONFIG_MBEDTLS_CIPHER_CAMELLIA_ENABLED) 132 #define MBEDTLS_CAMELLIA_C 133 #endif 134 135 #if defined(CONFIG_MBEDTLS_CIPHER_DES_ENABLED) 136 #define MBEDTLS_DES_C 137 #endif 138 139 #if defined(CONFIG_MBEDTLS_CIPHER_ARC4_ENABLED) 140 #define MBEDTLS_ARC4_C 141 #endif 142 143 #if defined(CONFIG_MBEDTLS_CIPHER_CHACHA20_ENABLED) 144 #define MBEDTLS_CHACHA20_C 145 #endif 146 147 #if defined(CONFIG_MBEDTLS_CIPHER_BLOWFISH_ENABLED) 148 #define MBEDTLS_BLOWFISH_C 149 #endif 150 151 #if defined(CONFIG_MBEDTLS_CIPHER_CCM_ENABLED) 152 #define MBEDTLS_CCM_C 153 #endif 154 155 #if defined(CONFIG_MBEDTLS_CIPHER_GCM_ENABLED) 156 #define MBEDTLS_GCM_C 157 #endif 158 159 #if defined(CONFIG_MBEDTLS_CIPHER_MODE_XTS_ENABLED) 160 #define MBEDTLS_CIPHER_MODE_XTS 161 #endif 162 163 #if defined(CONFIG_MBEDTLS_CIPHER_MODE_CBC_ENABLED) 164 #define MBEDTLS_CIPHER_MODE_CBC 165 #endif 166 167 #if defined(CONFIG_MBEDTLS_CIPHER_MODE_CTR_ENABLED) 168 #define MBEDTLS_CIPHER_MODE_CTR 169 #endif 170 171 /* Supported elliptic curves */ 172 173 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED) 174 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED 175 #endif 176 177 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED) 178 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED 179 #endif 180 181 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED) 182 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 183 #endif 184 185 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED) 186 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 187 #endif 188 189 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED) 190 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED 191 #endif 192 193 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED) 194 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED 195 #endif 196 197 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED) 198 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED 199 #endif 200 201 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED) 202 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED 203 #endif 204 205 #if defined(CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED) 206 #define MBEDTLS_ECP_DP_BP256R1_ENABLED 207 #endif 208 209 #if defined(CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED) 210 #define MBEDTLS_ECP_DP_BP384R1_ENABLED 211 #endif 212 213 #if defined(CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED) 214 #define MBEDTLS_ECP_DP_BP512R1_ENABLED 215 #endif 216 217 #if defined(CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED) 218 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED 219 #endif 220 221 #if defined(CONFIG_MBEDTLS_ECP_DP_CURVE448_ENABLED) 222 #define MBEDTLS_ECP_DP_CURVE448_ENABLED 223 #endif 224 225 #if defined(CONFIG_MBEDTLS_ECP_NIST_OPTIM) 226 #define MBEDTLS_ECP_NIST_OPTIM 227 #endif 228 229 /* Supported message authentication methods */ 230 231 #if defined(CONFIG_MBEDTLS_MAC_MD4_ENABLED) 232 #define MBEDTLS_MD4_C 233 #endif 234 235 #if defined(CONFIG_MBEDTLS_MAC_MD5_ENABLED) 236 #define MBEDTLS_MD5_C 237 #endif 238 239 #if defined(CONFIG_MBEDTLS_MAC_SHA1_ENABLED) 240 #define MBEDTLS_SHA1_C 241 #endif 242 243 #if defined(CONFIG_MBEDTLS_MAC_SHA256_ENABLED) 244 #define MBEDTLS_SHA256_C 245 #endif 246 247 #if defined(CONFIG_MBEDTLS_SHA256_SMALLER) 248 #define MBEDTLS_SHA256_SMALLER 249 #endif 250 251 #if defined(CONFIG_MBEDTLS_MAC_SHA512_ENABLED) 252 #define MBEDTLS_SHA512_C 253 #endif 254 255 #if defined(CONFIG_MBEDTLS_MAC_POLY1305_ENABLED) 256 #define MBEDTLS_POLY1305_C 257 #endif 258 259 #if defined(CONFIG_MBEDTLS_MAC_CMAC_ENABLED) 260 #define MBEDTLS_CMAC_C 261 #endif 262 263 /* mbedTLS modules */ 264 #if defined(CONFIG_MBEDTLS_CTR_DRBG_ENABLED) 265 #define MBEDTLS_CTR_DRBG_C 266 #endif 267 268 #if defined(CONFIG_MBEDTLS_HMAC_DRBG_ENABLED) 269 #define MBEDTLS_HMAC_DRBG_C 270 #endif 271 272 #if defined(CONFIG_MBEDTLS_DEBUG) 273 #define MBEDTLS_ERROR_C 274 #define MBEDTLS_DEBUG_C 275 #define MBEDTLS_SSL_DEBUG_ALL 276 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 277 #endif 278 279 #if defined(CONFIG_MBEDTLS_MEMORY_DEBUG) 280 #define MBEDTLS_MEMORY_DEBUG 281 #endif 282 283 #if defined(CONFIG_MBEDTLS_CHACHAPOLY_AEAD_ENABLED) 284 #define MBEDTLS_CHACHAPOLY_C 285 #endif 286 287 #if defined(CONFIG_MBEDTLS_GENPRIME_ENABLED) 288 #define MBEDTLS_GENPRIME 289 #endif 290 291 #if defined(CONFIG_MBEDTLS_ENTROPY_ENABLED) 292 #define MBEDTLS_ENTROPY_C 293 #endif 294 295 #if defined(CONFIG_MBEDTLS_SSL_EXPORT_KEYS) 296 #define MBEDTLS_SSL_EXPORT_KEYS 297 #endif 298 299 #if defined(CONFIG_MBEDTLS_SSL_ALPN) 300 #define MBEDTLS_SSL_ALPN 301 #endif 302 303 #if defined(CONFIG_MBEDTLS_CIPHER) 304 #define MBEDTLS_CIPHER_C 305 #endif 306 307 #if defined(CONFIG_MBEDTLS_MD) 308 #define MBEDTLS_MD_C 309 #endif 310 311 /* Automatic dependencies */ 312 313 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ 314 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 315 #define MBEDTLS_DHM_C 316 #endif 317 318 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ 319 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 320 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 321 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ 322 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 323 #define MBEDTLS_ECDH_C 324 #endif 325 326 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 327 defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 328 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 329 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 330 #define MBEDTLS_RSA_C 331 #endif 332 333 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 334 defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 335 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 336 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 337 #define MBEDTLS_PKCS1_V15 338 #define MBEDTLS_PKCS1_V21 339 #endif 340 341 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 342 defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 343 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 344 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 345 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 346 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ 347 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 348 #define MBEDTLS_X509_CRT_PARSE_C 349 #endif 350 351 #if defined (CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT) && \ 352 defined(MBEDTLS_X509_CRT_PARSE_C) 353 #define MBEDTLS_PEM_PARSE_C 354 #define MBEDTLS_BASE64_C 355 #endif 356 357 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 358 #define MBEDTLS_ECDSA_C 359 #endif 360 361 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 362 #define MBEDTLS_ECJPAKE_C 363 #endif 364 365 #if defined(MBEDTLS_ECDH_C) || \ 366 defined(MBEDTLS_ECDSA_C) || \ 367 defined(MBEDTLS_ECJPAKE_C) 368 #define MBEDTLS_ECP_C 369 #endif 370 371 #if defined(MBEDTLS_X509_CRT_PARSE_C) 372 #define MBEDTLS_X509_USE_C 373 #endif 374 375 #if defined(MBEDTLS_X509_USE_C) || \ 376 defined(MBEDTLS_ECDSA_C) 377 #define MBEDTLS_ASN1_PARSE_C 378 #endif 379 380 #if defined(MBEDTLS_ECDSA_C) 381 #define MBEDTLS_ASN1_WRITE_C 382 #endif 383 384 #if defined(MBEDTLS_DHM_C) || \ 385 defined(MBEDTLS_ECP_C) || \ 386 defined(MBEDTLS_RSA_C) || \ 387 defined(MBEDTLS_X509_USE_C) || \ 388 defined(MBEDTLS_GENPRIME) 389 #define MBEDTLS_BIGNUM_C 390 #endif 391 392 #if defined(MBEDTLS_RSA_C) || \ 393 defined(MBEDTLS_X509_USE_C) 394 #define MBEDTLS_OID_C 395 #endif 396 397 #if defined(MBEDTLS_X509_USE_C) 398 #define MBEDTLS_PK_PARSE_C 399 #endif 400 401 #if defined(CONFIG_MBEDTLS_PK_WRITE_C) 402 #define MBEDTLS_PK_WRITE_C 403 #endif 404 405 #if defined(MBEDTLS_PK_PARSE_C) || defined(MBEDTLS_PK_WRITE_C) 406 #define MBEDTLS_PK_C 407 #endif 408 409 #define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN 410 411 /* Enable OpenThread optimizations. */ 412 #if defined(CONFIG_MBEDTLS_OPENTHREAD_OPTIMIZATIONS_ENABLED) 413 #define MBEDTLS_MPI_WINDOW_SIZE 1 /**< Maximum windows size used. */ 414 #define MBEDTLS_MPI_MAX_SIZE 32 /**< Maximum number of bytes for usable MPIs. */ 415 #define MBEDTLS_ECP_MAX_BITS 256 /**< Maximum bit size of groups */ 416 #define MBEDTLS_ECP_WINDOW_SIZE 2 /**< Maximum window size used */ 417 #define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */ 418 #define MBEDTLS_ENTROPY_MAX_SOURCES 1 /**< Maximum number of sources supported */ 419 #endif 420 421 #if defined(CONFIG_MBEDTLS_SERVER_NAME_INDICATION) && \ 422 defined(MBEDTLS_X509_CRT_PARSE_C) 423 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 424 #endif 425 426 /* User config file */ 427 428 #if defined(CONFIG_MBEDTLS_USER_CONFIG_FILE) 429 #include CONFIG_MBEDTLS_USER_CONFIG_FILE 430 #endif 431 432 #include "mbedtls/check_config.h" 433 434 #endif /* MBEDTLS_CONFIG_H */ 435
