1 /** 2 * \file config-ccm-psk-tls1_2.h 3 * 4 * \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 * 10 * This file is provided under the Apache License 2.0, or the 11 * GNU General Public License v2.0 or later. 12 * 13 * ********** 14 * Apache License 2.0: 15 * 16 * Licensed under the Apache License, Version 2.0 (the "License"); you may 17 * not use this file except in compliance with the License. 18 * You may obtain a copy of the License at 19 * 20 * http://www.apache.org/licenses/LICENSE-2.0 21 * 22 * Unless required by applicable law or agreed to in writing, software 23 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 24 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 25 * See the License for the specific language governing permissions and 26 * limitations under the License. 27 * 28 * ********** 29 * 30 * ********** 31 * GNU General Public License v2.0 or later: 32 * 33 * This program is free software; you can redistribute it and/or modify 34 * it under the terms of the GNU General Public License as published by 35 * the Free Software Foundation; either version 2 of the License, or 36 * (at your option) any later version. 37 * 38 * This program is distributed in the hope that it will be useful, 39 * but WITHOUT ANY WARRANTY; without even the implied warranty of 40 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 41 * GNU General Public License for more details. 42 * 43 * You should have received a copy of the GNU General Public License along 44 * with this program; if not, write to the Free Software Foundation, Inc., 45 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 46 * 47 * ********** 48 */ 49 /* 50 * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites 51 * Distinguishing features: 52 * - no bignum, no PK, no X509 53 * - fully modern and secure (provided the pre-shared keys have high entropy) 54 * - very low record overhead with CCM-8 55 * - optimized for low RAM usage 56 * 57 * See README.txt for usage instructions. 58 */ 59 #ifndef MBEDTLS_CONFIG_H 60 #define MBEDTLS_CONFIG_H 61 62 /* System support */ 63 //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ 64 /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ 65 66 /* mbed TLS feature support */ 67 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 68 #define MBEDTLS_SSL_PROTO_TLS1_2 69 70 /* mbed TLS modules */ 71 #define MBEDTLS_AES_C 72 #define MBEDTLS_CCM_C 73 #define MBEDTLS_CIPHER_C 74 #define MBEDTLS_CTR_DRBG_C 75 #define MBEDTLS_ENTROPY_C 76 #define MBEDTLS_MD_C 77 #define MBEDTLS_NET_C 78 #define MBEDTLS_SHA224_C 79 #define MBEDTLS_SHA256_C 80 #define MBEDTLS_SSL_CLI_C 81 #define MBEDTLS_SSL_SRV_C 82 #define MBEDTLS_SSL_TLS_C 83 84 /* Save RAM at the expense of ROM */ 85 #define MBEDTLS_AES_ROM_TABLES 86 87 /* Save some RAM by adjusting to your exact needs */ 88 #define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ 89 90 /* 91 * You should adjust this to the exact number of sources you're using: default 92 * is the "platform_entropy_poll" source, but you may want to add other ones 93 * Minimum is 2 for the entropy test suite. 94 */ 95 #define MBEDTLS_ENTROPY_MAX_SOURCES 2 96 97 /* 98 * Use only CCM_8 ciphersuites, and 99 * save ROM and a few bytes of RAM by specifying our own ciphersuite list 100 */ 101 #define MBEDTLS_SSL_CIPHERSUITES \ 102 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ 103 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 104 105 /* 106 * Save RAM at the expense of interoperability: do this only if you control 107 * both ends of the connection! (See comments in "mbedtls/ssl.h".) 108 * The optimal size here depends on the typical size of records. 109 */ 110 #define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 111 112 #include "mbedtls/check_config.h" 113 114 #endif /* MBEDTLS_CONFIG_H */ 115
