mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-25 02:55:35 +00:00
a771160799
For now the option has no effect. Adapted existing example config files. The fact that I needed to do this highlights that this is a slightly incompatible change: existing users need to update their existing custom configs (if standalone as opposed to based on the default config) in order to still get the same behaviour. The alternative would be to have a negative config option (eg NO_TLS or DTLS_ONLY) but this doesn't fit as nicely with the existing options, so hopefully the minor incompatibility is acceptable. I don't think it's worth adding a new component to all.sh: - builds with both DTLS and TLS are done in the default (and full) config - TLS-only builds are done with eg config-suite-b.h in test-ref-configs - a DTLS-only build is done with config-thread.h in test-ref-configs - builds with none of them (and SSL_TLS_C enabled) are forbidden
96 lines
2.6 KiB
C
96 lines
2.6 KiB
C
/**
|
|
* \file config-thread.h
|
|
*
|
|
* \brief Minimal configuration for using TLS as part of Thread
|
|
*/
|
|
/*
|
|
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
* This file is part of mbed TLS (https://tls.mbed.org)
|
|
*/
|
|
|
|
/*
|
|
* Minimal configuration for using TLS a part of Thread
|
|
* http://threadgroup.org/
|
|
*
|
|
* Distinguishing features:
|
|
* - no RSA or classic DH, fully based on ECC
|
|
* - no X.509
|
|
* - no TLS, only DTLS
|
|
* - support for experimental EC J-PAKE key exchange
|
|
*
|
|
* See README.txt for usage instructions.
|
|
*/
|
|
|
|
#ifndef MBEDTLS_CONFIG_H
|
|
#define MBEDTLS_CONFIG_H
|
|
|
|
/* System support */
|
|
#define MBEDTLS_HAVE_ASM
|
|
|
|
/* mbed TLS feature support */
|
|
#define MBEDTLS_AES_ROM_TABLES
|
|
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
|
#define MBEDTLS_ECP_NIST_OPTIM
|
|
#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
|
#define MBEDTLS_SSL_PROTO_TLS1_2
|
|
#define MBEDTLS_SSL_PROTO_DTLS
|
|
#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
|
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
|
#define MBEDTLS_SSL_EXPORT_KEYS
|
|
|
|
/* mbed TLS modules */
|
|
#define MBEDTLS_AES_C
|
|
#define MBEDTLS_ASN1_PARSE_C
|
|
#define MBEDTLS_ASN1_WRITE_C
|
|
#define MBEDTLS_BIGNUM_C
|
|
#define MBEDTLS_CCM_C
|
|
#define MBEDTLS_CIPHER_C
|
|
#define MBEDTLS_CTR_DRBG_C
|
|
#define MBEDTLS_CMAC_C
|
|
#define MBEDTLS_ECJPAKE_C
|
|
#define MBEDTLS_ECP_C
|
|
#define MBEDTLS_ENTROPY_C
|
|
#define MBEDTLS_HMAC_DRBG_C
|
|
#define MBEDTLS_MD_C
|
|
#define MBEDTLS_OID_C
|
|
#define MBEDTLS_PK_C
|
|
#define MBEDTLS_PK_PARSE_C
|
|
#define MBEDTLS_SHA256_C
|
|
#define MBEDTLS_SSL_COOKIE_C
|
|
#define MBEDTLS_SSL_CLI_C
|
|
#define MBEDTLS_SSL_SRV_C
|
|
#define MBEDTLS_SSL_TLS_C
|
|
|
|
/* For tests using ssl-opt.sh */
|
|
#define MBEDTLS_NET_C
|
|
#define MBEDTLS_TIMING_C
|
|
|
|
/* Save RAM at the expense of ROM */
|
|
#define MBEDTLS_AES_ROM_TABLES
|
|
|
|
/* Save RAM by adjusting to our exact needs */
|
|
#define MBEDTLS_ECP_MAX_BITS 256
|
|
#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes
|
|
|
|
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
|
|
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
|
|
|
|
#include "mbedtls/check_config.h"
|
|
|
|
#endif /* MBEDTLS_CONFIG_H */
|