1 /* 2 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 3 * Copyright (c) 2017 Intel Corporation. 4 * Copyright (c) 2018 Nordic Semiconductor ASA 5 * 6 * SPDX-License-Identifier: Apache-2.0 7 * 8 * Generic configuration for TLS, manageable by Kconfig. 9 */ 10 11 #ifndef MBEDTLS_CONFIG_H 12 #define MBEDTLS_CONFIG_H 13 14 /* System support */ 15 #define MBEDTLS_PLATFORM_C 16 #define MBEDTLS_PLATFORM_MEMORY 17 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C 18 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE (sizeof(void *)) 19 #define MBEDTLS_PLATFORM_EXIT_ALT 20 #define MBEDTLS_NO_PLATFORM_ENTROPY 21 22 #if defined(CONFIG_MBEDTLS_ZEPHYR_ENTROPY) 23 #define MBEDTLS_ENTROPY_HARDWARE_ALT 24 #else 25 #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 26 #endif 27 28 #if defined(CONFIG_MBEDTLS_HAVE_ASM) 29 #define MBEDTLS_HAVE_ASM 30 #endif 31 32 #if defined(CONFIG_MBEDTLS_LMS) 33 #define MBEDTLS_LMS_C 34 #define PSA_WANT_ALG_SHA_256 1 35 #endif 36 37 #if defined(CONFIG_MBEDTLS_HAVE_TIME_DATE) 38 #define MBEDTLS_HAVE_TIME 39 #define MBEDTLS_HAVE_TIME_DATE 40 #endif 41 42 #if defined(CONFIG_MBEDTLS_TEST) 43 #define MBEDTLS_SELF_TEST 44 #define MBEDTLS_DEBUG_C 45 #endif 46 47 /* mbedTLS feature support */ 48 49 /* Supported TLS versions */ 50 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_0) 51 #define MBEDTLS_SSL_PROTO_TLS1 52 #endif 53 54 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_1) 55 #define MBEDTLS_SSL_PROTO_TLS1_1 56 #endif 57 58 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) 59 #define MBEDTLS_SSL_PROTO_TLS1_2 60 #endif 61 62 63 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_0) || \ 64 defined(CONFIG_MBEDTLS_TLS_VERSION_1_1) || \ 65 defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) 66 67 /* Modules required for TLS */ 68 #define MBEDTLS_SSL_TLS_C 69 #define MBEDTLS_SSL_SRV_C 70 #define MBEDTLS_SSL_CLI_C 71 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 72 73 #endif 74 75 #if defined(CONFIG_MBEDTLS_DTLS) 76 #define MBEDTLS_SSL_PROTO_DTLS 77 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 78 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 79 #define MBEDTLS_SSL_COOKIE_C 80 #endif 81 82 /* Supported key exchange methods */ 83 84 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 85 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 86 #endif 87 88 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 89 #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 90 #endif 91 92 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 93 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 94 #endif 95 96 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 97 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 98 #endif 99 100 #if defined(CONFIG_MBEDTLS_PSK_MAX_LEN) 101 #define MBEDTLS_PSK_MAX_LEN CONFIG_MBEDTLS_PSK_MAX_LEN 102 #endif 103 104 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 105 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 106 #endif 107 108 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 109 #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 110 #endif 111 112 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 113 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 114 #endif 115 116 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 117 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 118 #endif 119 120 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 121 #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 122 #endif 123 124 #if defined(CONFIG_MBEDTLS_ECDSA_DETERMINISTIC) 125 #define MBEDTLS_ECDSA_DETERMINISTIC 126 #endif 127 128 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 129 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 130 #endif 131 132 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 133 #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 134 #endif 135 136 /* Supported cipher modes */ 137 138 #if defined(CONFIG_MBEDTLS_CIPHER_AES_ENABLED) 139 #define MBEDTLS_AES_C 140 #endif 141 142 #if defined(CONFIG_MBEDTLS_AES_ROM_TABLES) 143 #define MBEDTLS_AES_ROM_TABLES 144 #endif 145 146 #if defined(CONFIG_MBEDTLS_AES_FEWER_TABLES) 147 #define MBEDTLS_AES_FEWER_TABLES 148 #endif 149 150 #if defined(CONFIG_MBEDTLS_CIPHER_CAMELLIA_ENABLED) 151 #define MBEDTLS_CAMELLIA_C 152 #endif 153 154 #if defined(CONFIG_MBEDTLS_CIPHER_DES_ENABLED) 155 #define MBEDTLS_DES_C 156 #endif 157 158 #if defined(CONFIG_MBEDTLS_CIPHER_ARC4_ENABLED) 159 #define MBEDTLS_ARC4_C 160 #endif 161 162 #if defined(CONFIG_MBEDTLS_CIPHER_CHACHA20_ENABLED) 163 #define MBEDTLS_CHACHA20_C 164 #endif 165 166 #if defined(CONFIG_MBEDTLS_CIPHER_BLOWFISH_ENABLED) 167 #define MBEDTLS_BLOWFISH_C 168 #endif 169 170 #if defined(CONFIG_MBEDTLS_CIPHER_CCM_ENABLED) 171 #define MBEDTLS_CCM_C 172 #endif 173 174 #if defined(CONFIG_MBEDTLS_CIPHER_GCM_ENABLED) 175 #define MBEDTLS_GCM_C 176 #endif 177 178 #if defined(CONFIG_MBEDTLS_CIPHER_MODE_XTS_ENABLED) 179 #define MBEDTLS_CIPHER_MODE_XTS 180 #endif 181 182 #if defined(CONFIG_MBEDTLS_CIPHER_MODE_CBC_ENABLED) 183 #define MBEDTLS_CIPHER_MODE_CBC 184 #endif 185 186 #if defined(CONFIG_MBEDTLS_CIPHER_MODE_CTR_ENABLED) 187 #define MBEDTLS_CIPHER_MODE_CTR 188 #endif 189 190 /* Supported elliptic curve libraries */ 191 192 #if defined(CONFIG_MBEDTLS_ECDH_C) 193 #define MBEDTLS_ECDH_C 194 #endif 195 196 #if defined(CONFIG_MBEDTLS_ECDSA_C) 197 #define MBEDTLS_ECDSA_C 198 #endif 199 200 #if defined(CONFIG_MBEDTLS_ECJPAKE_C) 201 #define MBEDTLS_ECJPAKE_C 202 #endif 203 204 #if defined(CONFIG_MBEDTLS_ECP_C) 205 #define MBEDTLS_ECP_C 206 #endif 207 208 /* Supported elliptic curves */ 209 210 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED) 211 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED 212 #endif 213 214 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED) 215 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED 216 #endif 217 218 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED) 219 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 220 #endif 221 222 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED) 223 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 224 #endif 225 226 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED) 227 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED 228 #endif 229 230 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED) 231 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED 232 #endif 233 234 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED) 235 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED 236 #endif 237 238 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED) 239 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED 240 #endif 241 242 #if defined(CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED) 243 #define MBEDTLS_ECP_DP_BP256R1_ENABLED 244 #endif 245 246 #if defined(CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED) 247 #define MBEDTLS_ECP_DP_BP384R1_ENABLED 248 #endif 249 250 #if defined(CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED) 251 #define MBEDTLS_ECP_DP_BP512R1_ENABLED 252 #endif 253 254 #if defined(CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED) 255 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED 256 #endif 257 258 #if defined(CONFIG_MBEDTLS_ECP_DP_CURVE448_ENABLED) 259 #define MBEDTLS_ECP_DP_CURVE448_ENABLED 260 #endif 261 262 #if defined(CONFIG_MBEDTLS_ECP_NIST_OPTIM) 263 #define MBEDTLS_ECP_NIST_OPTIM 264 #endif 265 266 /* Supported message authentication methods */ 267 268 #if defined(CONFIG_MBEDTLS_MAC_MD4_ENABLED) 269 #define MBEDTLS_MD4_C 270 #endif 271 272 #if defined(CONFIG_MBEDTLS_MAC_MD5_ENABLED) 273 #define MBEDTLS_MD5_C 274 #endif 275 276 #if defined(CONFIG_MBEDTLS_MAC_SHA1_ENABLED) 277 #define MBEDTLS_SHA1_C 278 #endif 279 280 #if defined(CONFIG_MBEDTLS_MAC_SHA256_ENABLED) || \ 281 defined(CONFIG_MBEDTLS_HASH_SHA256_ENABLED) 282 #define MBEDTLS_SHA224_C 283 #define MBEDTLS_SHA256_C 284 #endif 285 286 #if defined(CONFIG_MBEDTLS_SHA256_SMALLER) 287 #define MBEDTLS_SHA256_SMALLER 288 #endif 289 290 #if defined(CONFIG_MBEDTLS_MAC_SHA384_ENABLED) || \ 291 defined(CONFIG_MBEDTLS_HASH_SHA384_ENABLED) 292 #define MBEDTLS_SHA384_C 293 #endif 294 295 #if defined(CONFIG_MBEDTLS_MAC_SHA512_ENABLED) || \ 296 defined(CONFIG_MBEDTLS_HASH_SHA512_ENABLED) 297 #define MBEDTLS_SHA512_C 298 #endif 299 300 #if defined(CONFIG_MBEDTLS_MAC_POLY1305_ENABLED) 301 #define MBEDTLS_POLY1305_C 302 #endif 303 304 #if defined(CONFIG_MBEDTLS_MAC_CMAC_ENABLED) 305 #define MBEDTLS_CMAC_C 306 #endif 307 308 /* mbedTLS modules */ 309 #if defined(CONFIG_MBEDTLS_CTR_DRBG_ENABLED) 310 #define MBEDTLS_CTR_DRBG_C 311 #endif 312 313 #if defined(CONFIG_MBEDTLS_HMAC_DRBG_ENABLED) 314 #define MBEDTLS_HMAC_DRBG_C 315 #endif 316 317 #if defined(CONFIG_MBEDTLS_DEBUG) 318 #define MBEDTLS_ERROR_C 319 #define MBEDTLS_DEBUG_C 320 #define MBEDTLS_SSL_DEBUG_ALL 321 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 322 #endif 323 324 #if defined(CONFIG_MBEDTLS_MEMORY_DEBUG) 325 #define MBEDTLS_MEMORY_DEBUG 326 #endif 327 328 #if defined(CONFIG_MBEDTLS_CHACHAPOLY_AEAD_ENABLED) 329 #define MBEDTLS_CHACHAPOLY_C 330 #endif 331 332 #if defined(CONFIG_MBEDTLS_GENPRIME_ENABLED) 333 #define MBEDTLS_GENPRIME 334 #endif 335 336 #if defined(CONFIG_MBEDTLS_ENTROPY_ENABLED) 337 #define MBEDTLS_ENTROPY_C 338 #endif 339 340 #if defined(CONFIG_MBEDTLS_SSL_EXPORT_KEYS) 341 #define MBEDTLS_SSL_EXPORT_KEYS 342 #endif 343 344 #if defined(CONFIG_MBEDTLS_SSL_ALPN) 345 #define MBEDTLS_SSL_ALPN 346 #endif 347 348 #if defined(CONFIG_MBEDTLS_CIPHER) 349 #define MBEDTLS_CIPHER_C 350 #endif 351 352 #if defined(CONFIG_MBEDTLS_MD) 353 #define MBEDTLS_MD_C 354 #endif 355 356 /* Automatic dependencies */ 357 358 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ 359 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 360 #define MBEDTLS_DHM_C 361 #endif 362 363 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 364 defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 365 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 366 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 367 #define MBEDTLS_RSA_C 368 #endif 369 370 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 371 defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 372 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 373 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 374 #define MBEDTLS_PKCS1_V15 375 #define MBEDTLS_PKCS1_V21 376 #endif 377 378 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 379 defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 380 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 381 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 382 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 383 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ 384 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 385 #define MBEDTLS_X509_CRT_PARSE_C 386 #endif 387 388 #if defined (CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT) && \ 389 defined(MBEDTLS_X509_CRT_PARSE_C) 390 #define MBEDTLS_PEM_PARSE_C 391 #define MBEDTLS_BASE64_C 392 #endif 393 394 #if defined(MBEDTLS_X509_CRT_PARSE_C) 395 #define MBEDTLS_X509_USE_C 396 #endif 397 398 #if defined(MBEDTLS_DHM_C) || \ 399 defined(MBEDTLS_ECP_C) || \ 400 defined(MBEDTLS_RSA_C) || \ 401 defined(MBEDTLS_X509_USE_C) || \ 402 defined(MBEDTLS_GENPRIME) 403 #define MBEDTLS_BIGNUM_C 404 #endif 405 406 #if defined(MBEDTLS_RSA_C) || \ 407 defined(MBEDTLS_X509_USE_C) 408 #define MBEDTLS_OID_C 409 #endif 410 411 #if defined(MBEDTLS_X509_USE_C) 412 #define MBEDTLS_PK_PARSE_C 413 #endif 414 415 #if defined(CONFIG_MBEDTLS_PK_WRITE_C) 416 #define MBEDTLS_PK_WRITE_C 417 #endif 418 419 #if defined(MBEDTLS_PK_PARSE_C) || defined(MBEDTLS_PK_WRITE_C) 420 #define MBEDTLS_PK_C 421 #endif 422 423 #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_ECDSA_C) 424 #define MBEDTLS_ASN1_PARSE_C 425 #endif 426 427 #if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_PK_WRITE_C) 428 #define MBEDTLS_ASN1_WRITE_C 429 #endif 430 431 #if defined(CONFIG_MBEDTLS_PKCS5_C) 432 #define MBEDTLS_PKCS5_C 433 #endif 434 435 #define MBEDTLS_SSL_IN_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN 436 #define MBEDTLS_SSL_OUT_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN 437 438 /* Enable OpenThread optimizations. */ 439 #if defined(CONFIG_MBEDTLS_OPENTHREAD_OPTIMIZATIONS_ENABLED) 440 #define MBEDTLS_MPI_WINDOW_SIZE 1 /**< Maximum windows size used. */ 441 #define MBEDTLS_MPI_MAX_SIZE 32 /**< Maximum number of bytes for usable MPIs. */ 442 #define MBEDTLS_ECP_WINDOW_SIZE 2 /**< Maximum window size used */ 443 #define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */ 444 #define MBEDTLS_ENTROPY_MAX_SOURCES 1 /**< Maximum number of sources supported */ 445 #endif 446 447 #if defined(CONFIG_MBEDTLS_SERVER_NAME_INDICATION) && \ 448 defined(MBEDTLS_X509_CRT_PARSE_C) 449 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 450 #endif 451 452 #if defined(CONFIG_MBEDTLS_SSL_CACHE_C) 453 #define MBEDTLS_SSL_CACHE_C 454 #define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT CONFIG_MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 455 #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES CONFIG_MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 456 #endif 457 458 #if defined(CONFIG_MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 459 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 460 #endif 461 462 #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_C) 463 #define MBEDTLS_PSA_CRYPTO_C 464 #define MBEDTLS_USE_PSA_CRYPTO 465 466 #if defined(CONFIG_ARCH_POSIX) 467 #define MBEDTLS_PSA_KEY_SLOT_COUNT 64 468 #define MBEDTLS_PSA_CRYPTO_STORAGE_C 469 #define MBEDTLS_PSA_ITS_FILE_C 470 #define MBEDTLS_FS_IO 471 #endif 472 473 #endif 474 475 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) && defined(CONFIG_MBEDTLS_PSA_CRYPTO_C) 476 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 477 #endif 478 479 #if defined(CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID) 480 #define MBEDTLS_SSL_DTLS_CONNECTION_ID 481 #endif 482 483 /* User config file */ 484 485 #if defined(CONFIG_MBEDTLS_USER_CONFIG_FILE) 486 #include CONFIG_MBEDTLS_USER_CONFIG_FILE 487 #endif 488 489 #if !defined(CONFIG_MBEDTLS_PSA_CRYPTO_C) 490 /* When PSA API is used the checking header is included over the chain: 491 * |-psa/crypto.h 492 * |-psa/crypto_platform.h 493 * |-mbedtls/build_info.h 494 * |-mbedtls/check_config.h 495 * If include this header here then PSA API will be in semiconfigured state 496 * without considering dependencies from mbedtls/config_psa.h. 497 * mbedtls/config_psa.h should be included right after config-tls-generic.h before checking. 498 * Formally, all settings are correct but mbedtls library cannot be built. 499 * The behavior was introduced after adding mbedTLS 3.4.0 500 */ 501 #include "mbedtls/check_config.h" 502 #endif 503 504 #endif /* MBEDTLS_CONFIG_H */ 505
