Doug Anson / mbedTLSLibrary

mbed TLS library

Dependents:   HTTPClient-SSL WS_SERVER

configs/config-suite-b.h@0:137634ff4186, 2015-06-11 (annotated)

Committer:
ansond
Date:
Thu Jun 11 03:27:03 2015 +0000
Revision:
0:137634ff4186
initial commit

Who changed what in which revision?

UserRevisionLine numberNew contents of line
ansond 0:137634ff4186 1 /*
ansond 0:137634ff4186 2 * Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
ansond 0:137634ff4186 3 *
ansond 0:137634ff4186 4 * Distinguishing features:
ansond 0:137634ff4186 5 * - no RSA or classic DH, fully based on ECC
ansond 0:137634ff4186 6 * - optimized for low RAM usage
ansond 0:137634ff4186 7 *
ansond 0:137634ff4186 8 * Possible improvements:
ansond 0:137634ff4186 9 * - if 128-bit security is enough, disable secp384r1 and SHA-512
ansond 0:137634ff4186 10 * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C
ansond 0:137634ff4186 11 *
ansond 0:137634ff4186 12 * See README.txt for usage instructions.
ansond 0:137634ff4186 13 */
ansond 0:137634ff4186 14
ansond 0:137634ff4186 15 #ifndef POLARSSL_CONFIG_H
ansond 0:137634ff4186 16 #define POLARSSL_CONFIG_H
ansond 0:137634ff4186 17
ansond 0:137634ff4186 18 /* System support */
ansond 0:137634ff4186 19 #define POLARSSL_HAVE_ASM
ansond 0:137634ff4186 20 #define POLARSSL_HAVE_TIME
ansond 0:137634ff4186 21 #define POLARSSL_HAVE_IPV6
ansond 0:137634ff4186 22
ansond 0:137634ff4186 23 /* mbed TLS feature support */
ansond 0:137634ff4186 24 #define POLARSSL_ECP_DP_SECP256R1_ENABLED
ansond 0:137634ff4186 25 #define POLARSSL_ECP_DP_SECP384R1_ENABLED
ansond 0:137634ff4186 26 #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
ansond 0:137634ff4186 27 #define POLARSSL_SSL_PROTO_TLS1_2
ansond 0:137634ff4186 28 #define POLARSSL_SSL_DISABLE_RENEGOTIATION
ansond 0:137634ff4186 29
ansond 0:137634ff4186 30 /* mbed TLS modules */
ansond 0:137634ff4186 31 #define POLARSSL_AES_C
ansond 0:137634ff4186 32 #define POLARSSL_ASN1_PARSE_C
ansond 0:137634ff4186 33 #define POLARSSL_ASN1_WRITE_C
ansond 0:137634ff4186 34 #define POLARSSL_BIGNUM_C
ansond 0:137634ff4186 35 #define POLARSSL_CIPHER_C
ansond 0:137634ff4186 36 #define POLARSSL_CTR_DRBG_C
ansond 0:137634ff4186 37 #define POLARSSL_ECDH_C
ansond 0:137634ff4186 38 #define POLARSSL_ECDSA_C
ansond 0:137634ff4186 39 #define POLARSSL_ECP_C
ansond 0:137634ff4186 40 #define POLARSSL_ENTROPY_C
ansond 0:137634ff4186 41 #define POLARSSL_GCM_C
ansond 0:137634ff4186 42 #define POLARSSL_MD_C
ansond 0:137634ff4186 43 #define POLARSSL_NET_C
ansond 0:137634ff4186 44 #define POLARSSL_OID_C
ansond 0:137634ff4186 45 #define POLARSSL_PK_C
ansond 0:137634ff4186 46 #define POLARSSL_PK_PARSE_C
ansond 0:137634ff4186 47 #define POLARSSL_SHA256_C
ansond 0:137634ff4186 48 #define POLARSSL_SHA512_C
ansond 0:137634ff4186 49 #define POLARSSL_SSL_CLI_C
ansond 0:137634ff4186 50 #define POLARSSL_SSL_SRV_C
ansond 0:137634ff4186 51 #define POLARSSL_SSL_TLS_C
ansond 0:137634ff4186 52 #define POLARSSL_X509_CRT_PARSE_C
ansond 0:137634ff4186 53 #define POLARSSL_X509_USE_C
ansond 0:137634ff4186 54
ansond 0:137634ff4186 55 /* For test certificates */
ansond 0:137634ff4186 56 #define POLARSSL_BASE64_C
ansond 0:137634ff4186 57 #define POLARSSL_CERTS_C
ansond 0:137634ff4186 58 #define POLARSSL_PEM_PARSE_C
ansond 0:137634ff4186 59
ansond 0:137634ff4186 60 /* Save RAM at the expense of ROM */
ansond 0:137634ff4186 61 #define POLARSSL_AES_ROM_TABLES
ansond 0:137634ff4186 62
ansond 0:137634ff4186 63 /* Save RAM by adjusting to our exact needs */
ansond 0:137634ff4186 64 #define POLARSSL_ECP_MAX_BITS 384
ansond 0:137634ff4186 65 #define POLARSSL_MPI_MAX_SIZE 48 // 384 bits is 48 bytes
ansond 0:137634ff4186 66
ansond 0:137634ff4186 67 /* Save RAM at the expense of speed, see ecp.h */
ansond 0:137634ff4186 68 #define POLARSSL_ECP_WINDOW_SIZE 2
ansond 0:137634ff4186 69 #define POLARSSL_ECP_FIXED_POINT_OPTIM 0
ansond 0:137634ff4186 70
ansond 0:137634ff4186 71 /* Significant speed benefit at the expense of some ROM */
ansond 0:137634ff4186 72 #define POLARSSL_ECP_NIST_OPTIM
ansond 0:137634ff4186 73
ansond 0:137634ff4186 74 /*
ansond 0:137634ff4186 75 * You should adjust this to the exact number of sources you're using: default
ansond 0:137634ff4186 76 * is the "platform_entropy_poll" source, but you may want to add other ones.
ansond 0:137634ff4186 77 * Minimum is 2 for the entropy test suite.
ansond 0:137634ff4186 78 */
ansond 0:137634ff4186 79 #define ENTROPY_MAX_SOURCES 2
ansond 0:137634ff4186 80
ansond 0:137634ff4186 81 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
ansond 0:137634ff4186 82 #define SSL_CIPHERSUITES \
ansond 0:137634ff4186 83 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \
ansond 0:137634ff4186 84 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ansond 0:137634ff4186 85
ansond 0:137634ff4186 86 /*
ansond 0:137634ff4186 87 * Save RAM at the expense of interoperability: do this only if you control
ansond 0:137634ff4186 88 * both ends of the connection! (See coments in "polarssl/ssl.h".)
ansond 0:137634ff4186 89 * The minimum size here depends on the certificate chain used as well as the
ansond 0:137634ff4186 90 * typical size of records.
ansond 0:137634ff4186 91 */
ansond 0:137634ff4186 92 #define SSL_MAX_CONTENT_LEN 1024
ansond 0:137634ff4186 93
ansond 0:137634ff4186 94 #include "polarssl/check_config.h"
ansond 0:137634ff4186 95
ansond 0:137634ff4186 96 #endif /* POLARSSL_CONFIG_H */
ansond 0:137634ff4186 97