config-suite-b.h

00001 /*
00002  * Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
00003  *
00004  * Distinguishing features:
00005  * - no RSA or classic DH, fully based on ECC
00006  * - optimized for low RAM usage
00007  *
00008  * Possible improvements:
00009  * - if 128-bit security is enough, disable secp384r1 and SHA-512
00010  * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C
00011  *
00012  * See README.txt for usage instructions.
00013  */
00014 
00015 #ifndef POLARSSL_CONFIG_H
00016 #define POLARSSL_CONFIG_H
00017 
00018 /* System support */
00019 #define POLARSSL_HAVE_ASM
00020 #define POLARSSL_HAVE_TIME
00021 #define POLARSSL_HAVE_IPV6
00022 
00023 /* mbed TLS feature support */
00024 #define POLARSSL_ECP_DP_SECP256R1_ENABLED
00025 #define POLARSSL_ECP_DP_SECP384R1_ENABLED
00026 #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
00027 #define POLARSSL_SSL_PROTO_TLS1_2
00028 #define POLARSSL_SSL_DISABLE_RENEGOTIATION
00029 
00030 /* mbed TLS modules */
00031 #define POLARSSL_AES_C
00032 #define POLARSSL_ASN1_PARSE_C
00033 #define POLARSSL_ASN1_WRITE_C
00034 #define POLARSSL_BIGNUM_C
00035 #define POLARSSL_CIPHER_C
00036 #define POLARSSL_CTR_DRBG_C
00037 #define POLARSSL_ECDH_C
00038 #define POLARSSL_ECDSA_C
00039 #define POLARSSL_ECP_C
00040 #define POLARSSL_ENTROPY_C
00041 #define POLARSSL_GCM_C
00042 #define POLARSSL_MD_C
00043 #define POLARSSL_NET_C
00044 #define POLARSSL_OID_C
00045 #define POLARSSL_PK_C
00046 #define POLARSSL_PK_PARSE_C
00047 #define POLARSSL_SHA256_C
00048 #define POLARSSL_SHA512_C
00049 #define POLARSSL_SSL_CLI_C
00050 #define POLARSSL_SSL_SRV_C
00051 #define POLARSSL_SSL_TLS_C
00052 #define POLARSSL_X509_CRT_PARSE_C
00053 #define POLARSSL_X509_USE_C
00054 
00055 /* For test certificates */
00056 #define POLARSSL_BASE64_C
00057 #define POLARSSL_CERTS_C
00058 #define POLARSSL_PEM_PARSE_C
00059 
00060 /* Save RAM at the expense of ROM */
00061 #define POLARSSL_AES_ROM_TABLES
00062 
00063 /* Save RAM by adjusting to our exact needs */
00064 #define POLARSSL_ECP_MAX_BITS   384
00065 #define POLARSSL_MPI_MAX_SIZE    48 // 384 bits is 48 bytes
00066 
00067 /* Save RAM at the expense of speed, see ecp.h */
00068 #define POLARSSL_ECP_WINDOW_SIZE        2
00069 #define POLARSSL_ECP_FIXED_POINT_OPTIM  0
00070 
00071 /* Significant speed benefit at the expense of some ROM */
00072 #define POLARSSL_ECP_NIST_OPTIM
00073 
00074 /*
00075  * You should adjust this to the exact number of sources you're using: default
00076  * is the "platform_entropy_poll" source, but you may want to add other ones.
00077  * Minimum is 2 for the entropy test suite.
00078  */
00079 #define ENTROPY_MAX_SOURCES 2
00080 
00081 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
00082 #define SSL_CIPHERSUITES                        \
00083     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,    \
00084     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
00085 
00086 /*
00087  * Save RAM at the expense of interoperability: do this only if you control
00088  * both ends of the connection!  (See coments in "polarssl/ssl.h".)
00089  * The minimum size here depends on the certificate chain used as well as the
00090  * typical size of records.
00091  */
00092 #define SSL_MAX_CONTENT_LEN             1024
00093 
00094 #include "polarssl/check_config.h"
00095 
00096 #endif /* POLARSSL_CONFIG_H */
00097