From 1eccc71cc2edff3cf2a043f00428d91dc80f9fc0 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Fri, 7 May 2021 18:53:05 +0200 Subject: [PATCH] modules: mbedtls: move the configs into the main tree Move the mbedtls configs directory in the main tree. Signed-off-by: Ioannis Glaropoulos --- modules/mbedtls/CMakeLists.txt | 2 +- .../mbedtls/configs/config-ccm-psk-tls1_2.h | 113 +++++ modules/mbedtls/configs/config-coap.h | 102 ++++ modules/mbedtls/configs/config-mini-dtls1_2.h | 83 ++++ modules/mbedtls/configs/config-mini-tls1_1.h | 103 ++++ modules/mbedtls/configs/config-mini-tls1_2.h | 80 ++++ modules/mbedtls/configs/config-no-entropy.h | 117 +++++ modules/mbedtls/configs/config-suite-b.h | 142 ++++++ modules/mbedtls/configs/config-thread.h | 119 +++++ modules/mbedtls/configs/config-threadnet.h | 107 +++++ modules/mbedtls/configs/config-tls-generic.h | 438 ++++++++++++++++++ 11 files changed, 1405 insertions(+), 1 deletion(-) create mode 100644 modules/mbedtls/configs/config-ccm-psk-tls1_2.h create mode 100644 modules/mbedtls/configs/config-coap.h create mode 100644 modules/mbedtls/configs/config-mini-dtls1_2.h create mode 100644 modules/mbedtls/configs/config-mini-tls1_1.h create mode 100644 modules/mbedtls/configs/config-mini-tls1_2.h create mode 100644 modules/mbedtls/configs/config-no-entropy.h create mode 100644 modules/mbedtls/configs/config-suite-b.h create mode 100644 modules/mbedtls/configs/config-thread.h create mode 100644 modules/mbedtls/configs/config-threadnet.h create mode 100644 modules/mbedtls/configs/config-tls-generic.h diff --git a/modules/mbedtls/CMakeLists.txt b/modules/mbedtls/CMakeLists.txt index 452433d5115..f2f5d705fa7 100644 --- a/modules/mbedtls/CMakeLists.txt +++ b/modules/mbedtls/CMakeLists.txt @@ -8,7 +8,7 @@ if(CONFIG_MBEDTLS_BUILTIN) target_include_directories(mbedTLS INTERFACE ${ZEPHYR_CURRENT_MODULE_DIR}/include - ${ZEPHYR_CURRENT_MODULE_DIR}/configs + configs ) zephyr_library() diff --git a/modules/mbedtls/configs/config-ccm-psk-tls1_2.h b/modules/mbedtls/configs/config-ccm-psk-tls1_2.h new file mode 100644 index 00000000000..f3929aef092 --- /dev/null +++ b/modules/mbedtls/configs/config-ccm-psk-tls1_2.h @@ -0,0 +1,113 @@ +/** + * \file config-ccm-psk-tls1_2.h + * + * \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** + */ +/* + * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites + * Distinguishing features: + * - no bignum, no PK, no X509 + * - fully modern and secure (provided the pre-shared keys have high entropy) + * - very low record overhead with CCM-8 + * - optimized for low RAM usage + * + * See README.txt for usage instructions. + */ +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ +/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ + +/* mbed TLS feature support */ +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_SSL_PROTO_TLS1_2 + +/* mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_CCM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_MD_C +#define MBEDTLS_NET_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C + +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES + +/* Save some RAM by adjusting to your exact needs */ +#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ + +/* + * You should adjust this to the exact number of sources you're using: default + * is the "platform_entropy_poll" source, but you may want to add other ones + * Minimum is 2 for the entropy test suite. + */ +#define MBEDTLS_ENTROPY_MAX_SOURCES 2 + +/* + * Use only CCM_8 ciphersuites, and + * save ROM and a few bytes of RAM by specifying our own ciphersuite list + */ +#define MBEDTLS_SSL_CIPHERSUITES \ + MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ + MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 + +/* + * Save RAM at the expense of interoperability: do this only if you control + * both ends of the connection! (See comments in "mbedtls/ssl.h".) + * The optimal size here depends on the typical size of records. + */ +#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 + +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-coap.h b/modules/mbedtls/configs/config-coap.h new file mode 100644 index 00000000000..efd923ecc59 --- /dev/null +++ b/modules/mbedtls/configs/config-coap.h @@ -0,0 +1,102 @@ +/* + * Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +/* + * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites + * Distinguishing features: + * - no bignum, no PK, no X509 + * - fully modern and secure (provided the pre-shared keys have high entropy) + * - very low record overhead with CCM-8 + * - optimized for low RAM usage + * + * See README.txt for usage instructions. + */ +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +#define MBEDTLS_PLATFORM_C +#define MBEDTLS_PLATFORM_MEMORY +#define MBEDTLS_MEMORY_BUFFER_ALLOC_C +#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#define MBEDTLS_PLATFORM_EXIT_ALT +#define MBEDTLS_NO_PLATFORM_ENTROPY +#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +#define MBEDTLS_PLATFORM_PRINTF_ALT + +#if defined(CONFIG_MBEDTLS_TEST) +#define MBEDTLS_SELF_TEST +#define MBEDTLS_DEBUG_C +#else +#define MBEDTLS_ENTROPY_C +#endif + + +/* mbed TLS feature support */ +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +#define MBEDTLS_SSL_PROTO_TLS1_2 +#define MBEDTLS_SSL_PROTO_DTLS +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY + + +/* mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_CCM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_MD_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SSL_COOKIE_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C + +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES + +/* Save some RAM by adjusting to your exact needs */ +#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ + +/* + * You should adjust this to the exact number of sources you're using: default + * is the "platform_entropy_poll" source, but you may want to add other ones + * Minimum is 2 for the entropy test suite. + */ +#define MBEDTLS_ENTROPY_MAX_SOURCES 2 + +/* + * Use only CCM_8 ciphersuites, and + * save ROM and a few bytes of RAM by specifying our own ciphersuite list + */ +#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 + +/* + * Allow to save RAM at the expense of interoperability: do this only if you + * control both ends of the connection! (See comments in "mbedtls/ssl.h".) + * The optimal size here depends on the typical size of records. + */ +#define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN + +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-mini-dtls1_2.h b/modules/mbedtls/configs/config-mini-dtls1_2.h new file mode 100644 index 00000000000..b9f8390ef33 --- /dev/null +++ b/modules/mbedtls/configs/config-mini-dtls1_2.h @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (c) 2017 Intel Corporation. + * + * SPDX-License-Identifier: Apache-2.0 + * + * Minimal configuration for DTLS 1.2 for Zephyr with PSK and AES-CCM + * ciphersuites. + * + * See README.txt for usage instructions. + */ +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +#define MBEDTLS_PLATFORM_C +#define MBEDTLS_PLATFORM_MEMORY +#define MBEDTLS_MEMORY_BUFFER_ALLOC_C +#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#define MBEDTLS_PLATFORM_EXIT_ALT +#define MBEDTLS_NO_PLATFORM_ENTROPY +#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +#define MBEDTLS_PLATFORM_PRINTF_ALT + +#if defined(CONFIG_MBEDTLS_TEST) +#define MBEDTLS_SELF_TEST +#define MBEDTLS_DEBUG_C +#else +#define MBEDTLS_ENTROPY_C +#endif + +/* mbed TLS feature support */ +#define MBEDTLS_CIPHER_MODE_CBC +#define MBEDTLS_PKCS1_V15 +#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +#define MBEDTLS_SSL_PROTO_TLS1_2 +#define MBEDTLS_SSL_PROTO_DTLS +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY + +/* mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_DES_C +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_MD_C +#define MBEDTLS_MD5_C +#define MBEDTLS_OID_C +#define MBEDTLS_RSA_C +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_SHA1_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C +#define MBEDTLS_X509_CRT_PARSE_C +#define MBEDTLS_X509_USE_C +#define MBEDTLS_CCM_C +#define MBEDTLS_SSL_COOKIE_C + +/* For test certificates */ +#define MBEDTLS_BASE64_C +#define MBEDTLS_CERTS_C + +#if defined(CONFIG_MBEDTLS_DEBUG) +#define MBEDTLS_ERROR_C +#define MBEDTLS_DEBUG_C +#define MBEDTLS_SSL_DEBUG_ALL +#define MBEDTLS_SSL_ALL_ALERT_MESSAGES +#endif + +#define MBEDTLS_SSL_MAX_CONTENT_LEN 1500 + +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-mini-tls1_1.h b/modules/mbedtls/configs/config-mini-tls1_1.h new file mode 100644 index 00000000000..c235e3c04d9 --- /dev/null +++ b/modules/mbedtls/configs/config-mini-tls1_1.h @@ -0,0 +1,103 @@ +/** + * \file config-mini-tls1_1.h + * + * \brief Minimal configuration for TLS 1.1 (RFC 4346) + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** + */ +/* + * Minimal configuration for TLS 1.1 (RFC 4346), implementing only the + * required ciphersuite: MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA + * + * See README.txt for usage instructions. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +#define MBEDTLS_HAVE_ASM +#define MBEDTLS_HAVE_TIME + +/* mbed TLS feature support */ +#define MBEDTLS_CIPHER_MODE_CBC +#define MBEDTLS_PKCS1_V15 +#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +#define MBEDTLS_SSL_PROTO_TLS1_1 + +/* mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_DES_C +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_MD_C +#define MBEDTLS_MD5_C +#define MBEDTLS_NET_C +#define MBEDTLS_OID_C +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_RSA_C +#define MBEDTLS_SHA1_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C +#define MBEDTLS_X509_CRT_PARSE_C +#define MBEDTLS_X509_USE_C + +/* For test certificates */ +#define MBEDTLS_BASE64_C +#define MBEDTLS_CERTS_C +#define MBEDTLS_PEM_PARSE_C + +/* For testing with compat.sh */ +#define MBEDTLS_FS_IO + +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-mini-tls1_2.h b/modules/mbedtls/configs/config-mini-tls1_2.h new file mode 100644 index 00000000000..70682eecdcd --- /dev/null +++ b/modules/mbedtls/configs/config-mini-tls1_2.h @@ -0,0 +1,80 @@ +/* + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (c) 2017 Intel Corporation. + * + * SPDX-License-Identifier: Apache-2.0 + * + * Minimal configuration for TLS 1.2 (RFC 5246) for Zephyr, implementing only + * a few of the most popular ciphersuites. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +#define MBEDTLS_PLATFORM_C +#define MBEDTLS_PLATFORM_MEMORY +#define MBEDTLS_MEMORY_BUFFER_ALLOC_C +#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#define MBEDTLS_PLATFORM_EXIT_ALT +#define MBEDTLS_NO_PLATFORM_ENTROPY +#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +#define MBEDTLS_PLATFORM_PRINTF_ALT +#define MBEDTLS_PLATFORM_SNPRINTF_ALT + +#if !defined(CONFIG_ARM) +#define MBEDTLS_HAVE_ASM +#endif + +#if defined(CONFIG_MBEDTLS_TEST) +#define MBEDTLS_SELF_TEST +#define MBEDTLS_DEBUG_C +#else +#define MBEDTLS_ENTROPY_C +#endif + +/* mbed TLS feature support */ +#define MBEDTLS_CIPHER_MODE_CBC +#define MBEDTLS_PKCS1_V15 +#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +#define MBEDTLS_SSL_PROTO_TLS1_2 + +/* mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_DES_C +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_MD_C +#define MBEDTLS_MD5_C +#define MBEDTLS_OID_C +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_RSA_C +#define MBEDTLS_SHA1_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C +#define MBEDTLS_X509_CRT_PARSE_C +#define MBEDTLS_X509_USE_C + +/* For test certificates */ +#define MBEDTLS_BASE64_C +#define MBEDTLS_CERTS_C + +#if defined(CONFIG_MBEDTLS_DEBUG) +#define MBEDTLS_ERROR_C +#define MBEDTLS_DEBUG_C +#define MBEDTLS_SSL_DEBUG_ALL +#define MBEDTLS_SSL_ALL_ALERT_MESSAGES +#endif + +#define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN + +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-no-entropy.h b/modules/mbedtls/configs/config-no-entropy.h new file mode 100644 index 00000000000..54e2f6c134d --- /dev/null +++ b/modules/mbedtls/configs/config-no-entropy.h @@ -0,0 +1,117 @@ +/** + * \file config-no-entropy.h + * + * \brief Minimal configuration of features that do not require an entropy source + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** + */ +/* + * Minimal configuration of features that do not require an entropy source + * Distinguishing reatures: + * - no entropy module + * - no TLS protocol implementation available due to absence of an entropy + * source + * + * See README.txt for usage instructions. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +#define MBEDTLS_HAVE_ASM +#define MBEDTLS_HAVE_TIME + +/* mbed TLS feature support */ +#define MBEDTLS_CIPHER_MODE_CBC +#define MBEDTLS_CIPHER_PADDING_PKCS7 +#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +#define MBEDTLS_ECP_NIST_OPTIM +#define MBEDTLS_ECDSA_DETERMINISTIC +#define MBEDTLS_PK_RSA_ALT_SUPPORT +#define MBEDTLS_PKCS1_V15 +#define MBEDTLS_PKCS1_V21 +#define MBEDTLS_SELF_TEST +#define MBEDTLS_VERSION_FEATURES +#define MBEDTLS_X509_CHECK_KEY_USAGE +#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE + +/* mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#define MBEDTLS_BASE64_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CCM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_ECDSA_C +#define MBEDTLS_ECP_C +#define MBEDTLS_ERROR_C +#define MBEDTLS_GCM_C +#define MBEDTLS_HMAC_DRBG_C +#define MBEDTLS_MD_C +#define MBEDTLS_OID_C +#define MBEDTLS_PEM_PARSE_C +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PK_WRITE_C +#define MBEDTLS_PLATFORM_C +#define MBEDTLS_RSA_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SHA512_C +#define MBEDTLS_VERSION_C +#define MBEDTLS_X509_USE_C +#define MBEDTLS_X509_CRT_PARSE_C +#define MBEDTLS_X509_CRL_PARSE_C +//#define MBEDTLS_CMAC_C + +/* Miscellaneous options */ +#define MBEDTLS_AES_ROM_TABLES + +#include "check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-suite-b.h b/modules/mbedtls/configs/config-suite-b.h new file mode 100644 index 00000000000..897c4d633b4 --- /dev/null +++ b/modules/mbedtls/configs/config-suite-b.h @@ -0,0 +1,142 @@ +/** + * \file config-suite-b.h + * + * \brief Minimal configuration for TLS NSA Suite B Profile (RFC 6460) + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** + */ +/* + * Minimal configuration for TLS NSA Suite B Profile (RFC 6460) + * + * Distinguishing features: + * - no RSA or classic DH, fully based on ECC + * - optimized for low RAM usage + * + * Possible improvements: + * - if 128-bit security is enough, disable secp384r1 and SHA-512 + * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C + * + * See README.txt for usage instructions. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +#define MBEDTLS_HAVE_ASM +#define MBEDTLS_HAVE_TIME + +/* mbed TLS feature support */ +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#define MBEDTLS_SSL_PROTO_TLS1_2 + +/* mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ECDH_C +#define MBEDTLS_ECDSA_C +#define MBEDTLS_ECP_C +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_GCM_C +#define MBEDTLS_MD_C +#define MBEDTLS_NET_C +#define MBEDTLS_OID_C +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SHA512_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C +#define MBEDTLS_X509_CRT_PARSE_C +#define MBEDTLS_X509_USE_C + +/* For test certificates */ +#define MBEDTLS_BASE64_C +#define MBEDTLS_CERTS_C +#define MBEDTLS_PEM_PARSE_C + +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES + +/* Save RAM by adjusting to our exact needs */ +#define MBEDTLS_ECP_MAX_BITS 384 +#define MBEDTLS_MPI_MAX_SIZE 48 // 384 bits is 48 bytes + +/* Save RAM at the expense of speed, see ecp.h */ +#define MBEDTLS_ECP_WINDOW_SIZE 2 +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 + +/* Significant speed benefit at the expense of some ROM */ +#define MBEDTLS_ECP_NIST_OPTIM + +/* + * You should adjust this to the exact number of sources you're using: default + * is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones. + * Minimum is 2 for the entropy test suite. + */ +#define MBEDTLS_ENTROPY_MAX_SOURCES 2 + +/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ +#define MBEDTLS_SSL_CIPHERSUITES \ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + +/* + * Save RAM at the expense of interoperability: do this only if you control + * both ends of the connection! (See coments in "mbedtls/ssl.h".) + * The minimum size here depends on the certificate chain used as well as the + * typical size of records. + */ +#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 + +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-thread.h b/modules/mbedtls/configs/config-thread.h new file mode 100644 index 00000000000..4c18f6a169a --- /dev/null +++ b/modules/mbedtls/configs/config-thread.h @@ -0,0 +1,119 @@ +/** + * \file config-thread.h + * + * \brief Minimal configuration for using TLS as part of Thread + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** + */ + +/* + * Minimal configuration for using TLS a part of Thread + * http://threadgroup.org/ + * + * Distinguishing features: + * - no RSA or classic DH, fully based on ECC + * - no X.509 + * - support for experimental EC J-PAKE key exchange + * + * See README.txt for usage instructions. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +#define MBEDTLS_HAVE_ASM + +/* mbed TLS feature support */ +#define MBEDTLS_AES_ROM_TABLES +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_NIST_OPTIM +#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +#define MBEDTLS_SSL_PROTO_TLS1_2 +#define MBEDTLS_SSL_PROTO_DTLS +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +#define MBEDTLS_SSL_EXPORT_KEYS + +/* mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CCM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_CMAC_C +#define MBEDTLS_ECJPAKE_C +#define MBEDTLS_ECP_C +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_HMAC_DRBG_C +#define MBEDTLS_MD_C +#define MBEDTLS_OID_C +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SSL_COOKIE_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C + +/* For tests using ssl-opt.sh */ +#define MBEDTLS_NET_C +#define MBEDTLS_TIMING_C + +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES + +/* Save RAM by adjusting to our exact needs */ +#define MBEDTLS_ECP_MAX_BITS 256 +#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes + +/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ +#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 + +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-threadnet.h b/modules/mbedtls/configs/config-threadnet.h new file mode 100644 index 00000000000..41bd7a6581f --- /dev/null +++ b/modules/mbedtls/configs/config-threadnet.h @@ -0,0 +1,107 @@ +/* + * Minimal configuration for using TLS as part of Thread + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +/* + * Minimal configuration for using TLS a part of Thread + * http://threadgroup.org/ + * + * Distinguishing features: + * - no RSA or classic DH, fully based on ECC + * - no X.509 + * - support for experimental EC J-PAKE key exchange + * + * See README.txt for usage instructions. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +#define MBEDTLS_PLATFORM_C +#define MBEDTLS_PLATFORM_MEMORY +#define MBEDTLS_MEMORY_BUFFER_ALLOC_C +#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#define MBEDTLS_PLATFORM_EXIT_ALT +#define MBEDTLS_NO_PLATFORM_ENTROPY +#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +#define MBEDTLS_PLATFORM_PRINTF_ALT + +#if !defined(CONFIG_ARM) +#define MBEDTLS_HAVE_ASM +#endif + +#if defined(CONFIG_MBEDTLS_TEST) +#define MBEDTLS_SELF_TEST +#define MBEDTLS_DEBUG_C +#else +#define MBEDTLS_ENTROPY_C +#endif + +/* mbed TLS feature support */ +#define MBEDTLS_AES_ROM_TABLES +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_NIST_OPTIM +#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +#define MBEDTLS_SSL_PROTO_TLS1_2 +#define MBEDTLS_SSL_PROTO_DTLS +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +#define MBEDTLS_SSL_EXPORT_KEYS + +/* mbed TLS modules */ +#define MBEDTLS_AES_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CCM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_CMAC_C +#define MBEDTLS_ECJPAKE_C +#define MBEDTLS_ECP_C +#define MBEDTLS_HMAC_DRBG_C +#define MBEDTLS_MD_C +#define MBEDTLS_OID_C +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SSL_COOKIE_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C + + +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES + +/* Save RAM by adjusting to our exact needs */ +#define MBEDTLS_ECP_MAX_BITS 256 +#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes + +#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 + +/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ +#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 + +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h new file mode 100644 index 00000000000..3efc0c39023 --- /dev/null +++ b/modules/mbedtls/configs/config-tls-generic.h @@ -0,0 +1,438 @@ +/* + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (c) 2017 Intel Corporation. + * Copyright (c) 2018 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: Apache-2.0 + * + * Generic configuration for TLS, manageable by Kconfig. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +#define MBEDTLS_PLATFORM_C +#define MBEDTLS_PLATFORM_MEMORY +#define MBEDTLS_MEMORY_BUFFER_ALLOC_C +#define MBEDTLS_PLATFORM_EXIT_ALT +#define MBEDTLS_NO_PLATFORM_ENTROPY +#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES + +#if defined(CONFIG_MBEDTLS_HAVE_ASM) +#define MBEDTLS_HAVE_ASM +#endif + +/* If we build with POSIX API, automatically use time(), etc. */ +#if defined(CONFIG_POSIX_API) +#define MBEDTLS_HAVE_TIME +#define MBEDTLS_HAVE_TIME_DATE +#endif + +#if defined(CONFIG_MBEDTLS_TEST) +#define MBEDTLS_SELF_TEST +#define MBEDTLS_DEBUG_C +#endif + +/* mbedTLS feature support */ + +/* Supported TLS versions */ +#if defined(CONFIG_MBEDTLS_TLS_VERSION_1_0) +#define MBEDTLS_SSL_PROTO_TLS1 +#endif + +#if defined(CONFIG_MBEDTLS_TLS_VERSION_1_1) +#define MBEDTLS_SSL_PROTO_TLS1_1 +#endif + +#if defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) +#define MBEDTLS_SSL_PROTO_TLS1_2 +#endif + + +#if defined(CONFIG_MBEDTLS_TLS_VERSION_1_0) || \ + defined(CONFIG_MBEDTLS_TLS_VERSION_1_1) || \ + defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) + +/* Modules required for TLS */ +#define MBEDTLS_SSL_TLS_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + +#endif + +#if defined(CONFIG_MBEDTLS_DTLS) +#define MBEDTLS_SSL_PROTO_DTLS +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +#define MBEDTLS_SSL_COOKIE_C +#endif + +/* Supported key exchange methods */ + +#if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECDSA_DETERMINISTIC) +#define MBEDTLS_ECDSA_DETERMINISTIC +#endif + +#if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +#endif + +/* Supported cipher modes */ + +#if defined(CONFIG_MBEDTLS_CIPHER_AES_ENABLED) +#define MBEDTLS_AES_C +#endif + +#if defined(CONFIG_MBEDTLS_AES_ROM_TABLES) +#define MBEDTLS_AES_ROM_TABLES +#endif + +#if defined(CONFIG_MBEDTLS_CIPHER_CAMELLIA_ENABLED) +#define MBEDTLS_CAMELLIA_C +#endif + +#if defined(CONFIG_MBEDTLS_CIPHER_DES_ENABLED) +#define MBEDTLS_DES_C +#endif + +#if defined(CONFIG_MBEDTLS_CIPHER_ARC4_ENABLED) +#define MBEDTLS_ARC4_C +#endif + +#if defined(CONFIG_MBEDTLS_CIPHER_CHACHA20_ENABLED) +#define MBEDTLS_CHACHA20_C +#endif + +#if defined(CONFIG_MBEDTLS_CIPHER_BLOWFISH_ENABLED) +#define MBEDTLS_BLOWFISH_C +#endif + +#if defined(CONFIG_MBEDTLS_CIPHER_CCM_ENABLED) +#define MBEDTLS_CCM_C +#endif + +#if defined(CONFIG_MBEDTLS_CIPHER_GCM_ENABLED) +#define MBEDTLS_GCM_C +#endif + +#if defined(CONFIG_MBEDTLS_CIPHER_MODE_XTS_ENABLED) +#define MBEDTLS_CIPHER_MODE_XTS +#endif + +#if defined(CONFIG_MBEDTLS_CIPHER_MODE_CBC_ENABLED) +#define MBEDTLS_CIPHER_MODE_CBC +#endif + +#if defined(CONFIG_MBEDTLS_CIPHER_MODE_CTR_ENABLED) +#define MBEDTLS_CIPHER_MODE_CTR +#endif + +/* Supported elliptic curves */ + +#if defined(CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED) +#define MBEDTLS_ECP_DP_SECP192R1_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED) +#define MBEDTLS_ECP_DP_SECP224R1_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED) +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED) +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED) +#define MBEDTLS_ECP_DP_SECP521R1_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED) +#define MBEDTLS_ECP_DP_SECP192K1_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED) +#define MBEDTLS_ECP_DP_SECP224K1_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED) +#define MBEDTLS_ECP_DP_SECP256K1_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED) +#define MBEDTLS_ECP_DP_BP256R1_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED) +#define MBEDTLS_ECP_DP_BP384R1_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED) +#define MBEDTLS_ECP_DP_BP512R1_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED) +#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECP_DP_CURVE448_ENABLED) +#define MBEDTLS_ECP_DP_CURVE448_ENABLED +#endif + +#if defined(CONFIG_MBEDTLS_ECP_NIST_OPTIM) +#define MBEDTLS_ECP_NIST_OPTIM +#endif + +/* Supported message authentication methods */ + +#if defined(CONFIG_MBEDTLS_MAC_MD4_ENABLED) +#define MBEDTLS_MD4_C +#endif + +#if defined(CONFIG_MBEDTLS_MAC_MD5_ENABLED) +#define MBEDTLS_MD5_C +#endif + +#if defined(CONFIG_MBEDTLS_MAC_SHA1_ENABLED) +#define MBEDTLS_SHA1_C +#endif + +#if defined(CONFIG_MBEDTLS_MAC_SHA256_ENABLED) +#define MBEDTLS_SHA256_C +#endif + +#if defined(CONFIG_MBEDTLS_SHA256_SMALLER) +#define MBEDTLS_SHA256_SMALLER +#endif + +#if defined(CONFIG_MBEDTLS_MAC_SHA512_ENABLED) +#define MBEDTLS_SHA512_C +#endif + +#if defined(CONFIG_MBEDTLS_MAC_POLY1305_ENABLED) +#define MBEDTLS_POLY1305_C +#endif + +#if defined(CONFIG_MBEDTLS_MAC_CMAC_ENABLED) +#define MBEDTLS_CMAC_C +#endif + +/* mbedTLS modules */ +#if defined(CONFIG_MBEDTLS_CTR_DRBG_ENABLED) +#define MBEDTLS_CTR_DRBG_C +#endif + +#if defined(CONFIG_MBEDTLS_HMAC_DRBG_ENABLED) +#define MBEDTLS_HMAC_DRBG_C +#endif + +#if defined(CONFIG_MBEDTLS_DEBUG) +#define MBEDTLS_ERROR_C +#define MBEDTLS_DEBUG_C +#define MBEDTLS_SSL_DEBUG_ALL +#define MBEDTLS_SSL_ALL_ALERT_MESSAGES +#endif + +#if defined(CONFIG_MBEDTLS_MEMORY_DEBUG) +#define MBEDTLS_MEMORY_DEBUG +#endif + +#if defined(CONFIG_MBEDTLS_CHACHAPOLY_AEAD_ENABLED) +#define MBEDTLS_CHACHAPOLY_C +#endif + +#if defined(CONFIG_MBEDTLS_GENPRIME_ENABLED) +#define MBEDTLS_GENPRIME +#endif + +#if defined(CONFIG_MBEDTLS_ENTROPY_ENABLED) +#define MBEDTLS_ENTROPY_C +#endif + +#if defined(CONFIG_MBEDTLS_SSL_EXPORT_KEYS) +#define MBEDTLS_SSL_EXPORT_KEYS +#endif + +#if defined(CONFIG_MBEDTLS_SSL_ALPN) +#define MBEDTLS_SSL_ALPN +#endif + +#if defined(CONFIG_MBEDTLS_CIPHER) +#define MBEDTLS_CIPHER_C +#endif + +#if defined(CONFIG_MBEDTLS_PKCS1_V21_ENABLED) +#define MBEDTLS_PKCS1_V21 +#endif + +#if defined(CONFIG_MBEDTLS_MD) +#define MBEDTLS_MD_C +#endif + +/* Automatic dependencies */ + +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) +#define MBEDTLS_DHM_C +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) +#define MBEDTLS_ECDH_C +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) +#define MBEDTLS_RSA_C +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) +#define MBEDTLS_PKCS1_V15 +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) +#define MBEDTLS_X509_CRT_PARSE_C +#endif + +#if defined (CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT) && \ + defined(MBEDTLS_X509_CRT_PARSE_C) +#define MBEDTLS_PEM_PARSE_C +#define MBEDTLS_BASE64_C +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#define MBEDTLS_ECDSA_C +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#define MBEDTLS_ECJPAKE_C +#endif + +#if defined(MBEDTLS_ECDH_C) || \ + defined(MBEDTLS_ECDSA_C) || \ + defined(MBEDTLS_ECJPAKE_C) +#define MBEDTLS_ECP_C +#endif + +#if defined(MBEDTLS_X509_CRT_PARSE_C) +#define MBEDTLS_X509_USE_C +#endif + +#if defined(MBEDTLS_X509_USE_C) || \ + defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_ASN1_PARSE_C +#endif + +#if defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_ASN1_WRITE_C +#endif + +#if defined(MBEDTLS_DHM_C) || \ + defined(MBEDTLS_ECP_C) || \ + defined(MBEDTLS_RSA_C) || \ + defined(MBEDTLS_X509_USE_C) || \ + defined(MBEDTLS_GENPRIME) +#define MBEDTLS_BIGNUM_C +#endif + +#if defined(MBEDTLS_RSA_C) || \ + defined(MBEDTLS_X509_USE_C) +#define MBEDTLS_OID_C +#endif + +#if defined(MBEDTLS_X509_USE_C) +#define MBEDTLS_PK_PARSE_C +#endif + +#if defined(CONFIG_MBEDTLS_PK_WRITE_C) +#define MBEDTLS_PK_WRITE_C +#endif + +#if defined(MBEDTLS_PK_PARSE_C) || defined(MBEDTLS_PK_WRITE_C) +#define MBEDTLS_PK_C +#endif + +#define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN + +/* Enable OpenThread optimizations. */ +#if defined(CONFIG_MBEDTLS_OPENTHREAD_OPTIMIZATIONS_ENABLED) +#define MBEDTLS_MPI_WINDOW_SIZE 1 /**< Maximum windows size used. */ +#define MBEDTLS_MPI_MAX_SIZE 32 /**< Maximum number of bytes for usable MPIs. */ +#define MBEDTLS_ECP_MAX_BITS 256 /**< Maximum bit size of groups */ +#define MBEDTLS_ECP_WINDOW_SIZE 2 /**< Maximum window size used */ +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */ +#define MBEDTLS_ENTROPY_MAX_SOURCES 1 /**< Maximum number of sources supported */ +#endif + +#if defined(CONFIG_MBEDTLS_SERVER_NAME_INDICATION) && \ + defined(MBEDTLS_X509_CRT_PARSE_C) +#define MBEDTLS_SSL_SERVER_NAME_INDICATION +#endif + +/* User config file */ + +#if defined(CONFIG_MBEDTLS_USER_CONFIG_ENABLE) +#include CONFIG_MBEDTLS_USER_CONFIG_FILE +#endif + +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */