Mayank Gupta / Mbed OS pelion-example-frdm

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependencies:   FXAS21002 FXOS8700Q

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers mbedTLSConfig_SXOS_SW_TRNG.h Source File

mbedTLSConfig_SXOS_SW_TRNG.h

00001 // ----------------------------------------------------------------------------
00002 // Copyright 2018-2019 ARM Ltd.
00003 //
00004 // SPDX-License-Identifier: Apache-2.0
00005 //
00006 // Licensed under the Apache License, Version 2.0 (the "License");
00007 // you may not use this file except in compliance with the License.
00008 // You may obtain a copy of the License at
00009 //
00010 //     http://www.apache.org/licenses/LICENSE-2.0
00011 //
00012 // Unless required by applicable law or agreed to in writing, software
00013 // distributed under the License is distributed on an "AS IS" BASIS,
00014 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00015 // See the License for the specific language governing permissions and
00016 // limitations under the License.
00017 // ----------------------------------------------------------------------------
00018 
00019 #ifndef PAL_MBEDTLS_USER_CONFIG_H
00020 #define PAL_MBEDTLS_USER_CONFIG_H
00021 
00022 /*
00023  * This config is based on configuration mbedTLSConfig_mbedOS_SW_TRNG.h
00024  */
00025 
00026 /*! All of the following definitions are mandatory requirements for correct
00027 *   functionality of PAL TLS and Crypto components.
00028 *   Please do not disable them.
00029 */
00030 
00031 /* Platform has time function to provide time for certificates verifications */
00032 #ifndef MBEDTLS_HAVE_TIME
00033     #define MBEDTLS_HAVE_TIME
00034 #endif //MBEDTLS_HAVE_TIME
00035 
00036 #ifndef MBEDTLS_HAVE_TIME_DATE
00037     #define MBEDTLS_HAVE_TIME_DATE
00038 #endif //MBEDTLS_HAVE_TIME_DATE
00039 
00040 #ifndef MBEDTLS_PLATFORM_TIME_ALT
00041     #define MBEDTLS_PLATFORM_TIME_ALT
00042 #endif //MBEDTLS_PLATFORM_TIME_ALT
00043 
00044 /* mbed TLS feature support */
00045 #ifndef MBEDTLS_ECP_DP_SECP256R1_ENABLED
00046     #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
00047 #endif //MBEDTLS_ECP_DP_SECP256R1_ENABLED
00048 
00049 #ifndef MBEDTLS_ECP_NIST_OPTIM
00050     #define MBEDTLS_ECP_NIST_OPTIM
00051 #endif //MBEDTLS_ECP_NIST_OPTIM
00052 
00053 #ifndef MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
00054     #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
00055 #endif //MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
00056 
00057 #ifndef MBEDTLS_SSL_PROTO_TLS1_2
00058     #define MBEDTLS_SSL_PROTO_TLS1_2
00059 #endif //MBEDTLS_SSL_PROTO_TLS1_2
00060 
00061 #ifndef MBEDTLS_SSL_PROTO_DTLS
00062     #define MBEDTLS_SSL_PROTO_DTLS
00063 #endif //MBEDTLS_SSL_PROTO_DTLS
00064 
00065 #ifndef MBEDTLS_SSL_DTLS_ANTI_REPLAY
00066     #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
00067 #endif //MBEDTLS_SSL_DTLS_ANTI_REPLAY
00068 
00069 #ifndef MBEDTLS_SSL_DTLS_HELLO_VERIFY
00070     #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
00071 #endif //MBEDTLS_SSL_DTLS_HELLO_VERIFY
00072 
00073 #ifndef MBEDTLS_SSL_EXPORT_KEYS
00074     #define MBEDTLS_SSL_EXPORT_KEYS
00075 #endif //MBEDTLS_SSL_EXPORT_KEYS
00076 
00077 /* mbed TLS modules */
00078 #ifndef MBEDTLS_AES_C
00079     #define MBEDTLS_AES_C
00080 #endif //MBEDTLS_AES_C
00081 
00082 /* Disable some of the speed optimizations on AES code to save
00083  * ~6200 bytes of ROM. According to comments on the mbedtls PR 394,
00084  * the speed on Cortex M4 is not even reduced by this. */
00085 #ifndef MBEDTLS_AES_FEWER_TABLES
00086     #define MBEDTLS_AES_FEWER_TABLES
00087 #endif // MBEDTLS_AES_FEWER_TABLES
00088 
00089 #ifndef MBEDTLS_ASN1_PARSE_C
00090     #define MBEDTLS_ASN1_PARSE_C
00091 #endif //MBEDTLS_ASN1_PARSE_C
00092 
00093 #ifndef MBEDTLS_ASN1_WRITE_C
00094     #define MBEDTLS_ASN1_WRITE_C
00095 #endif //MBEDTLS_ASN1_WRITE_C
00096 
00097 #ifndef MBEDTLS_BIGNUM_C
00098     #define MBEDTLS_BIGNUM_C
00099 #endif //MBEDTLS_BIGNUM_C
00100 
00101 #ifndef MBEDTLS_CIPHER_C
00102     #define MBEDTLS_CIPHER_C
00103 #endif //MBEDTLS_CIPHER_C
00104 
00105 #ifndef MBEDTLS_CTR_DRBG_C
00106     #define MBEDTLS_CTR_DRBG_C
00107 #endif //MBEDTLS_CTR_DRBG_C
00108 
00109 #ifndef MBEDTLS_ECP_C
00110     #define MBEDTLS_ECP_C
00111 #endif //MBEDTLS_ECP_C
00112 
00113 #ifndef MBEDTLS_ENTROPY_NV_SEED
00114     #define MBEDTLS_ENTROPY_NV_SEED
00115 #endif //MBEDTLS_ENTROPY_NV_SEED
00116 
00117 #ifndef MBEDTLS_NO_PLATFORM_ENTROPY
00118     #define MBEDTLS_NO_PLATFORM_ENTROPY
00119 #endif //MBEDTLS_NO_PLATFORM_ENTROPY
00120 
00121 #ifndef MBEDTLS_ENTROPY_C
00122     #define MBEDTLS_ENTROPY_C
00123 #endif //MBEDTLS_ENTROPY_C
00124 
00125 #ifndef MBEDTLS_MD_C
00126     #define MBEDTLS_MD_C
00127 #endif //MBEDTLS_MD_C
00128 
00129 #ifndef MBEDTLS_OID_C
00130     #define MBEDTLS_OID_C
00131 #endif //MBEDTLS_OID_C
00132 
00133 #ifndef MBEDTLS_PK_C
00134     #define MBEDTLS_PK_C
00135 #endif //MBEDTLS_PK_C
00136 
00137 #ifndef MBEDTLS_PK_PARSE_C
00138     #define MBEDTLS_PK_PARSE_C
00139 #endif //MBEDTLS_PK_PARSE_C
00140 
00141 #ifndef MBEDTLS_SHA256_C
00142     #define MBEDTLS_SHA256_C
00143 #endif //MBEDTLS_SHA256_C
00144 
00145 // Disable the speed optimizations of SHA256, makes binary size smaller
00146 // on Cortex-M by 1800B with ARMCC5 and 1384B with GCC 6.3.
00147 #ifndef MBEDTLS_SHA256_SMALLER
00148     #define MBEDTLS_SHA256_SMALLER
00149 #endif // MBEDTLS_SHA256_SMALLER
00150 
00151 #ifndef MBEDTLS_SSL_COOKIE_C
00152     #define MBEDTLS_SSL_COOKIE_C
00153 #endif //MBEDTLS_SSL_COOKIE_C
00154 
00155 #ifndef MBEDTLS_SSL_CLI_C
00156     #define MBEDTLS_SSL_CLI_C
00157 #endif //MBEDTLS_SSL_CLI_C
00158 
00159 #ifndef MBEDTLS_SSL_TLS_C
00160     #define MBEDTLS_SSL_TLS_C
00161 #endif //MBEDTLS_SSL_TLS_C
00162 // XXX mbedclient needs these: mbedtls_x509_crt_free, mbedtls_x509_crt_init, mbedtls_x509_crt_parse
00163 #ifndef MBEDTLS_X509_USE_C
00164     #define MBEDTLS_X509_USE_C
00165 #endif //MBEDTLS_X509_USE_C
00166 
00167 #ifndef MBEDTLS_X509_CRT_PARSE_C
00168     #define MBEDTLS_X509_CRT_PARSE_C
00169 #endif //MBEDTLS_X509_CRT_PARSE_C
00170 // a bit wrong way to get mbedtls_ssl_conf_psk:
00171 #ifndef MBEDTLS_CMAC_C
00172     #define MBEDTLS_CMAC_C
00173 #endif //MBEDTLS_CMAC_C
00174 
00175 #ifndef MBEDTLS_ECDH_C
00176     #define MBEDTLS_ECDH_C
00177 #endif //MBEDTLS_ECDH_C
00178 
00179 #ifndef MBEDTLS_ECDSA_C
00180     #define MBEDTLS_ECDSA_C
00181 #endif //MBEDTLS_ECDSA_C
00182 
00183 #ifndef MBEDTLS_GCM_C
00184     #define MBEDTLS_GCM_C
00185 #endif //MBEDTLS_GCM_C
00186 
00187 #ifndef MBEDTLS_X509_CSR_PARSE_C
00188     #define MBEDTLS_X509_CSR_PARSE_C
00189 #endif //MBEDTLS_X509_CSR_PARSE_C
00190 
00191 #ifndef MBEDTLS_X509_CREATE_C
00192     #define MBEDTLS_X509_CREATE_C
00193 #endif //MBEDTLS_X509_CREATE_C
00194 
00195 #ifndef MBEDTLS_X509_CSR_WRITE_C
00196     #define MBEDTLS_X509_CSR_WRITE_C
00197 #endif //MBEDTLS_X509_CSR_WRITE_C
00198 
00199 #ifndef MBEDTLS_CTR_DRBG_MAX_REQUEST
00200     #define MBEDTLS_CTR_DRBG_MAX_REQUEST 2048
00201 #endif //MBEDTLS_CTR_DRBG_MAX_REQUEST
00202 
00203 // Needed by update
00204 #ifndef MBEDTLS_CIPHER_MODE_CTR
00205     #define MBEDTLS_CIPHER_MODE_CTR
00206 #endif //MBEDTLS_CIPHER_MODE_CTR
00207 
00208 // Save ROM and a few bytes of RAM by specifying our own ciphersuite list
00209 #ifndef MBEDTLS_SSL_CIPHERSUITES
00210     #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, \
00211                                      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \
00212                                      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \
00213                                      MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, \
00214                                      MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \
00215                                      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
00216 #endif //MBEDTLS_SSL_CIPHERSUITES
00217 
00218 /*! All of the following definitions are optimizations (reduce mbedTLS memory usage and size),
00219 *   changing them is on the user responsibility since they can enlarge
00220 *   the binary footprint and the memory usage
00221 */
00222 
00223 // define to save 8KB RAM at the expense of ROM
00224 #ifndef MBEDTLS_AES_ROM_TABLES
00225     #define MBEDTLS_AES_ROM_TABLES
00226 #endif //MBEDTLS_AES_ROM_TABLES
00227 
00228 // Reduce IO buffer to save RAM, default is 16KB
00229 #ifndef MBEDTLS_SSL_MAX_CONTENT_LEN
00230     #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096
00231 #endif //MBEDTLS_SSL_MAX_CONTENT_LEN
00232 
00233 // needed for Base64 encoding Opaque data for
00234 // registration payload, adds 500 bytes to flash.
00235 #ifndef MBEDTLS_BASE64_C
00236     #define MBEDTLS_BASE64_C
00237 #endif // MBEDTLS_BASE64_C
00238 
00239 // Needed by provisioning
00240 #undef MBEDTLS_PEM_WRITE_C
00241 
00242 // Remove RSA, save 20KB at total
00243 #undef MBEDTLS_PK_RSA_ALT_SUPPORT
00244 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
00245 #undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
00246 #undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
00247 
00248 // Remove error messages, save 10KB of ROM
00249 #undef MBEDTLS_ERROR_C
00250 
00251 // Remove selftesting and save 11KB of ROM
00252 #undef MBEDTLS_SELF_TEST
00253 
00254 #undef MBEDTLS_CERTS_C
00255 
00256 // Reduces ROM size by 30 kB
00257 #undef MBEDTLS_ERROR_STRERROR_DUMMY
00258 
00259 #undef MBEDTLS_VERSION_FEATURES
00260 
00261 #undef MBEDTLS_DEBUG_C
00262 
00263 // needed for parsing the certificates
00264 #undef MBEDTLS_PEM_PARSE_C
00265 
00266 #undef MBEDTLS_SHA512_C
00267 
00268 #undef MBEDTLS_SSL_SRV_C
00269 
00270 #undef MBEDTLS_ECP_DP_SECP192R1_ENABLED
00271 #undef MBEDTLS_ECP_DP_SECP224R1_ENABLED
00272 #undef MBEDTLS_ECP_DP_SECP384R1_ENABLED
00273 #undef MBEDTLS_ECP_DP_SECP521R1_ENABLED
00274 #undef MBEDTLS_ECP_DP_SECP192K1_ENABLED
00275 #undef MBEDTLS_ECP_DP_SECP224K1_ENABLED
00276 #undef MBEDTLS_ECP_DP_SECP256K1_ENABLED
00277 #undef MBEDTLS_ECP_DP_BP256R1_ENABLED
00278 #undef MBEDTLS_ECP_DP_BP384R1_ENABLED
00279 #undef MBEDTLS_ECP_DP_BP512R1_ENABLED
00280 #undef MBEDTLS_ECP_DP_CURVE25519_ENABLED
00281 
00282 // Reduces size particularly in case PSA crypto is used
00283 #undef MBEDTLS_CHACHA20_C
00284 #undef MBEDTLS_CHACHAPOLY_C
00285 #undef MBEDTLS_POLY1305_C
00286 
00287 /**
00288  * \def MBEDTLS_SSL_RENEGOTIATION
00289  *
00290  * Enable support for TLS renegotiation.
00291  *
00292  * The two main uses of renegotiation are (1) refresh keys on long-lived
00293  * connections and (2) client authentication after the initial handshake.
00294  * If you don't need renegotiation, it's probably better to disable it, since
00295  * it has been associated with security issues in the past and is easy to
00296  * misuse/misunderstand.
00297  *
00298  * Comment this to disable support for renegotiation.
00299  *
00300  * \note   Even if this option is disabled, both client and server are aware
00301  *         of the Renegotiation Indication Extension (RFC 5746) used to
00302  *         prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
00303  *         (See \c mbedtls_ssl_conf_legacy_renegotiation for the
00304  *          configuration of this extension).
00305  *
00306  * \note   This feature is required by Device Management Client for Client-side
00307  *         certificate expiration verification. Disabling it will also require
00308  *         setting PAL_USE_SECURE_TIME to 0.
00309  *
00310  */
00311 #define MBEDTLS_SSL_RENEGOTIATION
00312 
00313 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
00314 
00315 #include "mbedtls/check_config.h"
00316 
00317 #endif /* PAL_MBEDTLS_USER_CONFIG_H */