1 /* 2 * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites 3 * 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 5 * SPDX-License-Identifier: Apache-2.0 6 * 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 * not use this file except in compliance with the License. 9 * You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, software 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 * See the License for the specific language governing permissions and 17 * limitations under the License. 18 * 19 * This file is part of mbed TLS (https://tls.mbed.org) 20 */ 21 /* 22 * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites 23 * Distinguishing features: 24 * - no bignum, no PK, no X509 25 * - fully modern and secure (provided the pre-shared keys have high entropy) 26 * - very low record overhead with CCM-8 27 * - optimized for low RAM usage 28 * 29 * See README.txt for usage instructions. 30 */ 31 #ifndef MBEDTLS_CONFIG_H 32 #define MBEDTLS_CONFIG_H 33 34 /* System support */ 35 //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ 36 /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ 37 38 /* mbed TLS feature support */ 39 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 40 #define MBEDTLS_SSL_PROTO_TLS1_2 41 42 /* mbed TLS modules */ 43 #define MBEDTLS_AES_C 44 #define MBEDTLS_CCM_C 45 #define MBEDTLS_CIPHER_C 46 #define MBEDTLS_CTR_DRBG_C 47 #define MBEDTLS_ENTROPY_C 48 #define MBEDTLS_MD_C 49 #define MBEDTLS_NET_C 50 #define MBEDTLS_SHA256_C 51 #define MBEDTLS_SSL_CLI_C 52 #define MBEDTLS_SSL_SRV_C 53 #define MBEDTLS_SSL_TLS_C 54 55 /* Save RAM at the expense of ROM */ 56 #define MBEDTLS_AES_ROM_TABLES 57 58 /* Save some RAM by adjusting to your exact needs */ 59 #define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ 60 61 /* 62 * You should adjust this to the exact number of sources you're using: default 63 * is the "platform_entropy_poll" source, but you may want to add other ones 64 * Minimum is 2 for the entropy test suite. 65 */ 66 #define MBEDTLS_ENTROPY_MAX_SOURCES 2 67 68 /* 69 * Use only CCM_8 ciphersuites, and 70 * save ROM and a few bytes of RAM by specifying our own ciphersuite list 71 */ 72 #define MBEDTLS_SSL_CIPHERSUITES \ 73 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ 74 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 75 76 /* 77 * Save RAM at the expense of interoperability: do this only if you control 78 * both ends of the connection! (See comments in "mbedtls/ssl.h".) 79 * The optimal size here depends on the typical size of records. 80 */ 81 #define MBEDTLS_SSL_MAX_CONTENT_LEN 512 82 83 #include "mbedtls/check_config.h" 84 85 #endif /* MBEDTLS_CONFIG_H */ 86
