Mayank Gupta / Mbed OS pelion-example-frdm

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependencies:   FXAS21002 FXOS8700Q

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers mbedTLSConfig_mbedOS.h Source File

mbedTLSConfig_mbedOS.h

00001 // ----------------------------------------------------------------------------
00002 // Copyright 2016-2019 ARM Ltd.
00003 //
00004 // SPDX-License-Identifier: Apache-2.0
00005 //
00006 // Licensed under the Apache License, Version 2.0 (the "License");
00007 // you may not use this file except in compliance with the License.
00008 // You may obtain a copy of the License at
00009 //
00010 //     http://www.apache.org/licenses/LICENSE-2.0
00011 //
00012 // Unless required by applicable law or agreed to in writing, software
00013 // distributed under the License is distributed on an "AS IS" BASIS,
00014 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00015 // See the License for the specific language governing permissions and
00016 // limitations under the License.
00017 // ----------------------------------------------------------------------------
00018 
00019 #ifndef PAL_MBEDTLS_USER_CONFIG_H
00020 #define PAL_MBEDTLS_USER_CONFIG_H
00021 
00022 
00023 /*! All of the following definitions are mandatory requirements for correct 
00024 *   functionality of PAL TLS and Crypto components.
00025 *   Please do not disable them.
00026 */
00027 
00028 /* Platform has time function to provide time for certificates verifications */
00029 #if 1 //Please set to 1 if you are using secure time
00030 #ifndef MBEDTLS_HAVE_TIME
00031     #define MBEDTLS_HAVE_TIME
00032 #endif //MBEDTLS_HAVE_TIME
00033 
00034 #ifndef MBEDTLS_HAVE_TIME_DATE
00035     #define MBEDTLS_HAVE_TIME_DATE
00036 #endif //MBEDTLS_HAVE_TIME_DATE
00037 
00038 #ifndef MBEDTLS_PLATFORM_TIME_ALT
00039     #define MBEDTLS_PLATFORM_TIME_ALT
00040 #endif //MBEDTLS_PLATFORM_TIME_ALT
00041 
00042 /* System support */
00043 #ifndef MBEDTLS_HAVE_ASM
00044     #define MBEDTLS_HAVE_ASM
00045 #endif //MBEDTLS_HAVE_ASM
00046 #endif
00047 /* mbed TLS feature support */
00048 #ifndef MBEDTLS_ECP_DP_SECP256R1_ENABLED
00049     #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
00050 #endif //MBEDTLS_ECP_DP_SECP256R1_ENABLED
00051 
00052 #ifndef MBEDTLS_ECP_NIST_OPTIM
00053     #define MBEDTLS_ECP_NIST_OPTIM
00054 #endif //MBEDTLS_ECP_NIST_OPTIM
00055 
00056 #ifndef MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
00057     #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
00058 #endif //MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
00059 
00060 #ifndef MBEDTLS_SSL_PROTO_TLS1_2
00061     #define MBEDTLS_SSL_PROTO_TLS1_2
00062 #endif //MBEDTLS_SSL_PROTO_TLS1_2
00063 
00064 #ifndef MBEDTLS_SSL_PROTO_DTLS
00065     #define MBEDTLS_SSL_PROTO_DTLS
00066 #endif //MBEDTLS_SSL_PROTO_DTLS
00067 
00068 #ifndef MBEDTLS_SSL_DTLS_ANTI_REPLAY
00069     #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
00070 #endif //MBEDTLS_SSL_DTLS_ANTI_REPLAY
00071 
00072 #ifndef MBEDTLS_SSL_DTLS_HELLO_VERIFY
00073     #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
00074 #endif //MBEDTLS_SSL_DTLS_HELLO_VERIFY
00075 
00076 #ifndef MBEDTLS_SSL_EXPORT_KEYS
00077     #define MBEDTLS_SSL_EXPORT_KEYS
00078 #endif //MBEDTLS_SSL_EXPORT_KEYS
00079 
00080 /* mbed TLS modules */
00081 #ifndef MBEDTLS_AES_C
00082     #define MBEDTLS_AES_C
00083 #endif //MBEDTLS_AES_C
00084 
00085 /* Disable some of the speed optimizations on AES code to save
00086  * ~6200 bytes of ROM. According to comments on the mbedtls PR 394,
00087  * the speed on Cortex M4 is not even reduced by this. */
00088 #ifndef MBEDTLS_AES_FEWER_TABLES
00089     #define MBEDTLS_AES_FEWER_TABLES
00090 #endif // MBEDTLS_AES_FEWER_TABLES
00091 
00092 #ifndef MBEDTLS_ASN1_PARSE_C
00093     #define MBEDTLS_ASN1_PARSE_C
00094 #endif //MBEDTLS_ASN1_PARSE_C
00095 
00096 #ifndef MBEDTLS_ASN1_WRITE_C
00097     #define MBEDTLS_ASN1_WRITE_C
00098 #endif //MBEDTLS_ASN1_WRITE_C
00099 
00100 #ifndef MBEDTLS_BIGNUM_C
00101     #define MBEDTLS_BIGNUM_C
00102 #endif //MBEDTLS_BIGNUM_C
00103 
00104 #ifndef MBEDTLS_CIPHER_C
00105     #define MBEDTLS_CIPHER_C
00106 #endif //MBEDTLS_CIPHER_C
00107 
00108 #ifndef MBEDTLS_CTR_DRBG_C
00109     #define MBEDTLS_CTR_DRBG_C
00110 #endif //MBEDTLS_CTR_DRBG_C
00111 
00112 #ifndef MBEDTLS_ECP_C
00113     #define MBEDTLS_ECP_C
00114 #endif //MBEDTLS_ECP_C
00115 
00116 #ifndef MBEDTLS_ENTROPY_C
00117     #define MBEDTLS_ENTROPY_C
00118 #endif //MBEDTLS_ENTROPY_C
00119 
00120 #ifndef MBEDTLS_MD_C
00121     #define MBEDTLS_MD_C
00122 #endif //MBEDTLS_MD_C
00123 
00124 #ifndef MBEDTLS_OID_C
00125     #define MBEDTLS_OID_C
00126 #endif //MBEDTLS_OID_C
00127 
00128 #ifndef MBEDTLS_PK_C
00129     #define MBEDTLS_PK_C
00130 #endif //MBEDTLS_PK_C
00131 
00132 #ifndef MBEDTLS_PK_PARSE_C
00133     #define MBEDTLS_PK_PARSE_C
00134 #endif //MBEDTLS_PK_PARSE_C
00135 
00136 #ifndef MBEDTLS_SHA256_C
00137     #define MBEDTLS_SHA256_C
00138 #endif //MBEDTLS_SHA256_C
00139 
00140 // Disable the speed optimizations of SHA256, makes binary size smaller
00141 // on Cortex-M by 1800B with ARMCC5 and 1384B with GCC 6.3.
00142 #ifndef MBEDTLS_SHA256_SMALLER
00143     #define MBEDTLS_SHA256_SMALLER
00144 #endif // MBEDTLS_SHA256_SMALLER
00145 
00146 #ifndef MBEDTLS_SSL_COOKIE_C
00147     #define MBEDTLS_SSL_COOKIE_C
00148 #endif //MBEDTLS_SSL_COOKIE_C
00149 
00150 #ifndef MBEDTLS_SSL_CLI_C
00151     #define MBEDTLS_SSL_CLI_C
00152 #endif //MBEDTLS_SSL_CLI_C
00153 
00154 #ifndef MBEDTLS_SSL_TLS_C
00155     #define MBEDTLS_SSL_TLS_C
00156 #endif //MBEDTLS_SSL_TLS_C
00157 // XXX mbedclient needs these: mbedtls_x509_crt_free, mbedtls_x509_crt_init, mbedtls_x509_crt_parse
00158 #ifndef MBEDTLS_X509_USE_C
00159     #define MBEDTLS_X509_USE_C
00160 #endif //MBEDTLS_X509_USE_C
00161 
00162 #ifndef MBEDTLS_X509_CRT_PARSE_C
00163     #define MBEDTLS_X509_CRT_PARSE_C
00164 #endif //MBEDTLS_X509_CRT_PARSE_C
00165 // a bit wrong way to get mbedtls_ssl_conf_psk:
00166 #ifndef MBEDTLS_CMAC_C
00167     #define MBEDTLS_CMAC_C
00168 #endif //MBEDTLS_CMAC_C
00169 
00170 #ifndef MBEDTLS_ECDH_C
00171     #define MBEDTLS_ECDH_C
00172 #endif //MBEDTLS_ECDH_C
00173 
00174 #ifndef MBEDTLS_ECDSA_C
00175     #define MBEDTLS_ECDSA_C
00176 #endif //MBEDTLS_ECDSA_C
00177 
00178 #ifndef MBEDTLS_GCM_C
00179     #define MBEDTLS_GCM_C
00180 #endif //MBEDTLS_GCM_C
00181 
00182 #ifndef MBEDTLS_X509_CRT_PARSE_C
00183     #define MBEDTLS_X509_CRT_PARSE_C
00184 #endif //MBEDTLS_X509_CRT_PARSE_C
00185 
00186 #ifndef MBEDTLS_X509_CSR_PARSE_C
00187     #define MBEDTLS_X509_CSR_PARSE_C
00188 #endif //MBEDTLS_X509_CSR_PARSE_C
00189 
00190 #ifndef MBEDTLS_X509_CREATE_C
00191     #define MBEDTLS_X509_CREATE_C
00192 #endif //MBEDTLS_X509_CREATE_C
00193 
00194 #ifndef MBEDTLS_X509_CSR_WRITE_C
00195     #define MBEDTLS_X509_CSR_WRITE_C
00196 #endif //MBEDTLS_X509_CSR_WRITE_C
00197 
00198 #ifndef MBEDTLS_CTR_DRBG_MAX_REQUEST
00199     #define MBEDTLS_CTR_DRBG_MAX_REQUEST 2048
00200 #endif //MBEDTLS_CTR_DRBG_MAX_REQUEST
00201 
00202 // Needed by update
00203 #ifndef MBEDTLS_CIPHER_MODE_CTR
00204     #define MBEDTLS_CIPHER_MODE_CTR
00205 #endif //MBEDTLS_CIPHER_MODE_CTR
00206 
00207 // Save ROM and a few bytes of RAM by specifying our own ciphersuite list
00208 #ifndef MBEDTLS_SSL_CIPHERSUITES
00209     #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, \
00210                                      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \
00211                                      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \
00212                                      MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, \
00213                                      MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8
00214 #endif //MBEDTLS_SSL_CIPHERSUITES
00215 
00216 /*! All of the following definitions are optimizations (reduce mbedTLS memory usage and size),
00217 *   changing them is on the user responsibility since they can enlarge
00218 *   the binary footprint and the memory usage
00219 */
00220 
00221 // define to save 8KB RAM at the expense of ROM
00222 #ifndef MBEDTLS_AES_ROM_TABLES
00223     #define MBEDTLS_AES_ROM_TABLES
00224 #endif //MBEDTLS_AES_ROM_TABLES
00225 
00226 // Reduce IO buffer to save RAM, default is 16KB
00227 #ifndef MBEDTLS_SSL_MAX_CONTENT_LEN
00228     #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096
00229 #endif //MBEDTLS_SSL_MAX_CONTENT_LEN
00230 
00231 // needed for Base64 encoding Opaque data for
00232 // registration payload, adds 500 bytes to flash.
00233 #ifndef MBEDTLS_BASE64_C
00234     #define MBEDTLS_BASE64_C
00235 #endif // MBEDTLS_BASE64_C
00236 
00237 /**
00238  * \def MBEDTLS_SSL_RENEGOTIATION
00239  *
00240  * Enable support for TLS renegotiation.
00241  *
00242  * The two main uses of renegotiation are (1) refresh keys on long-lived
00243  * connections and (2) client authentication after the initial handshake.
00244  * If you don't need renegotiation, it's probably better to disable it, since
00245  * it has been associated with security issues in the past and is easy to
00246  * misuse/misunderstand.
00247  *
00248  * Comment this to disable support for renegotiation.
00249  *
00250  * \note   Even if this option is disabled, both client and server are aware
00251  *         of the Renegotiation Indication Extension (RFC 5746) used to
00252  *         prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
00253  *         (See \c mbedtls_ssl_conf_legacy_renegotiation for the
00254  *          configuration of this extension).
00255  *
00256  * \note   This feature is required by Device Management Client for Client-side
00257  *         certificate expiration verification. Disabling it will also require
00258  *         setting PAL_USE_SECURE_TIME to 0.
00259  *
00260  */
00261 #define MBEDTLS_SSL_RENEGOTIATION
00262 
00263 // Needed by provisioning
00264 #undef MBEDTLS_PEM_WRITE_C
00265 
00266 // Remove RSA, save 20KB at total
00267 #if !MBED_CONF_MBED_CLIENT_PAL_RSA_REQUIRED
00268     #undef MBEDTLS_RSA_C
00269     #undef MBEDTLS_PK_RSA_ALT_SUPPORT
00270     #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
00271     #undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
00272     #undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
00273 #endif // MBED_CONF_MBED_CLIENT_PAL_RSA_REQUIRED
00274 
00275 // Remove error messages, save 10KB of ROM
00276 #undef MBEDTLS_ERROR_C
00277 
00278 // Remove selftesting and save 11KB of ROM
00279 #undef MBEDTLS_SELF_TEST
00280 
00281 #undef MBEDTLS_CERTS_C
00282 
00283 // Reduces ROM size by 30 kB
00284 #undef MBEDTLS_ERROR_STRERROR_DUMMY
00285 
00286 #undef MBEDTLS_VERSION_FEATURES
00287 
00288 #undef MBEDTLS_DEBUG_C
00289 
00290 // needed for parsing the certificates
00291 #undef MBEDTLS_PEM_PARSE_C
00292 
00293 #undef MBEDTLS_SHA512_C
00294 
00295 #undef MBEDTLS_SSL_SRV_C
00296 
00297 #undef MBEDTLS_ECP_DP_SECP192R1_ENABLED
00298 #undef MBEDTLS_ECP_DP_SECP224R1_ENABLED
00299 #undef MBEDTLS_ECP_DP_SECP384R1_ENABLED
00300 #undef MBEDTLS_ECP_DP_SECP521R1_ENABLED
00301 #undef MBEDTLS_ECP_DP_SECP192K1_ENABLED
00302 #undef MBEDTLS_ECP_DP_SECP224K1_ENABLED
00303 #undef MBEDTLS_ECP_DP_SECP256K1_ENABLED
00304 #undef MBEDTLS_ECP_DP_BP256R1_ENABLED
00305 #undef MBEDTLS_ECP_DP_BP384R1_ENABLED
00306 #undef MBEDTLS_ECP_DP_BP512R1_ENABLED
00307 #undef MBEDTLS_ECP_DP_CURVE25519_ENABLED
00308 
00309 // Reduces size particularly in case PSA crypto is used
00310 #undef MBEDTLS_CHACHA20_C
00311 #undef MBEDTLS_CHACHAPOLY_C
00312 #undef MBEDTLS_POLY1305_C
00313 
00314 #include "mbedtls/check_config.h"
00315 
00316 #endif /* PAL_MBEDTLS_USER_CONFIG_H */