Mayank Gupta
/
pelion-example-frdm
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependencies: FXAS21002 FXOS8700Q
Embed:
(wiki syntax)
Show/hide line numbers
mbedTLSConfig_mbedOS_SW_TRNG_PSA.h
00001 // ---------------------------------------------------------------------------- 00002 // Copyright 2019 ARM Ltd. 00003 // 00004 // SPDX-License-Identifier: Apache-2.0 00005 // 00006 // Licensed under the Apache License, Version 2.0 (the "License"); 00007 // you may not use this file except in compliance with the License. 00008 // You may obtain a copy of the License at 00009 // 00010 // http://www.apache.org/licenses/LICENSE-2.0 00011 // 00012 // Unless required by applicable law or agreed to in writing, software 00013 // distributed under the License is distributed on an "AS IS" BASIS, 00014 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00015 // See the License for the specific language governing permissions and 00016 // limitations under the License. 00017 // ---------------------------------------------------------------------------- 00018 00019 #ifndef PAL_MBEDTLS_USER_CONFIG_H 00020 #define PAL_MBEDTLS_USER_CONFIG_H 00021 00022 00023 /*! All of the following definitions are mandatory requirements for correct 00024 * functionality of PAL TLS and Crypto components. 00025 * Please do not disable them. 00026 */ 00027 00028 /* Platform has time function to provide time for certificates verifications */ 00029 #ifndef MBEDTLS_HAVE_TIME 00030 #define MBEDTLS_HAVE_TIME 00031 #endif //MBEDTLS_HAVE_TIME 00032 00033 #ifndef MBEDTLS_HAVE_TIME_DATE 00034 #define MBEDTLS_HAVE_TIME_DATE 00035 #endif //MBEDTLS_HAVE_TIME_DATE 00036 00037 #ifndef MBEDTLS_PLATFORM_TIME_ALT 00038 #define MBEDTLS_PLATFORM_TIME_ALT 00039 #endif //MBEDTLS_PLATFORM_TIME_ALT 00040 00041 /* System support */ 00042 #ifndef MBEDTLS_HAVE_ASM 00043 #define MBEDTLS_HAVE_ASM 00044 #endif //MBEDTLS_HAVE_ASM 00045 00046 /* mbed TLS feature support */ 00047 #ifndef MBEDTLS_ECP_DP_SECP256R1_ENABLED 00048 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00049 #endif //MBEDTLS_ECP_DP_SECP256R1_ENABLED 00050 00051 #ifndef MBEDTLS_ECP_NIST_OPTIM 00052 #define MBEDTLS_ECP_NIST_OPTIM 00053 #endif //MBEDTLS_ECP_NIST_OPTIM 00054 00055 #ifndef MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 00056 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 00057 #endif //MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 00058 00059 #ifndef MBEDTLS_SSL_PROTO_TLS1_2 00060 #define MBEDTLS_SSL_PROTO_TLS1_2 00061 #endif //MBEDTLS_SSL_PROTO_TLS1_2 00062 00063 #ifndef MBEDTLS_SSL_PROTO_DTLS 00064 #define MBEDTLS_SSL_PROTO_DTLS 00065 #endif //MBEDTLS_SSL_PROTO_DTLS 00066 00067 #ifndef MBEDTLS_SSL_DTLS_ANTI_REPLAY 00068 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 00069 #endif //MBEDTLS_SSL_DTLS_ANTI_REPLAY 00070 00071 #ifndef MBEDTLS_SSL_DTLS_HELLO_VERIFY 00072 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 00073 #endif //MBEDTLS_SSL_DTLS_HELLO_VERIFY 00074 00075 #ifndef MBEDTLS_SSL_EXPORT_KEYS 00076 #define MBEDTLS_SSL_EXPORT_KEYS 00077 #endif //MBEDTLS_SSL_EXPORT_KEYS 00078 00079 /* mbed TLS modules */ 00080 #ifndef MBEDTLS_AES_C 00081 #define MBEDTLS_AES_C 00082 #endif //MBEDTLS_AES_C 00083 00084 /* Disable some of the speed optimizations on AES code to save 00085 * ~6200 bytes of ROM. According to comments on the mbedtls PR 394, 00086 * the speed on Cortex M4 is not even reduced by this. */ 00087 #ifndef MBEDTLS_AES_FEWER_TABLES 00088 #define MBEDTLS_AES_FEWER_TABLES 00089 #endif // MBEDTLS_AES_FEWER_TABLES 00090 00091 #ifndef MBEDTLS_ASN1_PARSE_C 00092 #define MBEDTLS_ASN1_PARSE_C 00093 #endif //MBEDTLS_ASN1_PARSE_C 00094 00095 #ifndef MBEDTLS_ASN1_WRITE_C 00096 #define MBEDTLS_ASN1_WRITE_C 00097 #endif //MBEDTLS_ASN1_WRITE_C 00098 00099 #ifndef MBEDTLS_BIGNUM_C 00100 #define MBEDTLS_BIGNUM_C 00101 #endif //MBEDTLS_BIGNUM_C 00102 00103 #ifndef MBEDTLS_CIPHER_C 00104 #define MBEDTLS_CIPHER_C 00105 #endif //MBEDTLS_CIPHER_C 00106 00107 #ifndef MBEDTLS_CTR_DRBG_C 00108 #define MBEDTLS_CTR_DRBG_C 00109 #endif //MBEDTLS_CTR_DRBG_C 00110 00111 #ifndef MBEDTLS_ECP_C 00112 #define MBEDTLS_ECP_C 00113 #endif //MBEDTLS_ECP_C 00114 00115 #ifndef MBEDTLS_NO_PLATFORM_ENTROPY 00116 #define MBEDTLS_NO_PLATFORM_ENTROPY 00117 #endif //MBEDTLS_NO_PLATFORM_ENTROPY 00118 00119 #ifndef MBEDTLS_ENTROPY_C 00120 #define MBEDTLS_ENTROPY_C 00121 #endif //MBEDTLS_ENTROPY_C 00122 00123 #ifndef MBEDTLS_MD_C 00124 #define MBEDTLS_MD_C 00125 #endif //MBEDTLS_MD_C 00126 00127 #ifndef MBEDTLS_OID_C 00128 #define MBEDTLS_OID_C 00129 #endif //MBEDTLS_OID_C 00130 00131 #ifndef MBEDTLS_PK_C 00132 #define MBEDTLS_PK_C 00133 #endif //MBEDTLS_PK_C 00134 00135 #ifndef MBEDTLS_PK_PARSE_C 00136 #define MBEDTLS_PK_PARSE_C 00137 #endif //MBEDTLS_PK_PARSE_C 00138 00139 #ifndef MBEDTLS_SHA256_C 00140 #define MBEDTLS_SHA256_C 00141 #endif //MBEDTLS_SHA256_C 00142 00143 // Disable the speed optimizations of SHA256, makes binary size smaller 00144 // on Cortex-M by 1800B with ARMCC5 and 1384B with GCC 6.3. 00145 #ifndef MBEDTLS_SHA256_SMALLER 00146 #define MBEDTLS_SHA256_SMALLER 00147 #endif // MBEDTLS_SHA256_SMALLER 00148 00149 #ifndef MBEDTLS_SSL_COOKIE_C 00150 #define MBEDTLS_SSL_COOKIE_C 00151 #endif //MBEDTLS_SSL_COOKIE_C 00152 00153 #ifndef MBEDTLS_SSL_CLI_C 00154 #define MBEDTLS_SSL_CLI_C 00155 #endif //MBEDTLS_SSL_CLI_C 00156 00157 #ifndef MBEDTLS_SSL_TLS_C 00158 #define MBEDTLS_SSL_TLS_C 00159 #endif //MBEDTLS_SSL_TLS_C 00160 // XXX mbedclient needs these: mbedtls_x509_crt_free, mbedtls_x509_crt_init, mbedtls_x509_crt_parse 00161 #ifndef MBEDTLS_X509_USE_C 00162 #define MBEDTLS_X509_USE_C 00163 #endif //MBEDTLS_X509_USE_C 00164 00165 #ifndef MBEDTLS_X509_CRT_PARSE_C 00166 #define MBEDTLS_X509_CRT_PARSE_C 00167 #endif //MBEDTLS_X509_CRT_PARSE_C 00168 // a bit wrong way to get mbedtls_ssl_conf_psk: 00169 #ifndef MBEDTLS_CMAC_C 00170 #define MBEDTLS_CMAC_C 00171 #endif //MBEDTLS_CMAC_C 00172 00173 #ifndef MBEDTLS_ECDH_C 00174 #define MBEDTLS_ECDH_C 00175 #endif //MBEDTLS_ECDH_C 00176 00177 #ifndef MBEDTLS_ECDSA_C 00178 #define MBEDTLS_ECDSA_C 00179 #endif //MBEDTLS_ECDSA_C 00180 00181 #ifndef MBEDTLS_GCM_C 00182 #define MBEDTLS_GCM_C 00183 #endif //MBEDTLS_GCM_C 00184 00185 #ifndef MBEDTLS_X509_CRT_PARSE_C 00186 #define MBEDTLS_X509_CRT_PARSE_C 00187 #endif //MBEDTLS_X509_CRT_PARSE_C 00188 00189 #ifndef MBEDTLS_X509_CSR_PARSE_C 00190 #define MBEDTLS_X509_CSR_PARSE_C 00191 #endif //MBEDTLS_X509_CSR_PARSE_C 00192 00193 #ifndef MBEDTLS_X509_CREATE_C 00194 #define MBEDTLS_X509_CREATE_C 00195 #endif //MBEDTLS_X509_CREATE_C 00196 00197 #ifndef MBEDTLS_X509_CSR_WRITE_C 00198 #define MBEDTLS_X509_CSR_WRITE_C 00199 #endif //MBEDTLS_X509_CSR_WRITE_C 00200 00201 #ifndef MBEDTLS_CTR_DRBG_MAX_REQUEST 00202 #define MBEDTLS_CTR_DRBG_MAX_REQUEST 2048 00203 #endif //MBEDTLS_CTR_DRBG_MAX_REQUEST 00204 00205 // Needed by update 00206 #ifndef MBEDTLS_CIPHER_MODE_CTR 00207 #define MBEDTLS_CIPHER_MODE_CTR 00208 #endif //MBEDTLS_CIPHER_MODE_CTR 00209 00210 // Save ROM and a few bytes of RAM by specifying our own ciphersuite list 00211 #ifndef MBEDTLS_SSL_CIPHERSUITES 00212 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, \ 00213 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \ 00214 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ 00215 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, \ 00216 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ 00217 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00218 #endif //MBEDTLS_SSL_CIPHERSUITES 00219 00220 /*! All of the following definitions are optimizations (reduce mbedTLS memory usage and size), 00221 * changing them is on the user responsibility since they can enlarge 00222 * the binary footprint and the memory usage 00223 */ 00224 00225 // define to save 8KB RAM at the expense of ROM 00226 #ifndef MBEDTLS_AES_ROM_TABLES 00227 #define MBEDTLS_AES_ROM_TABLES 00228 #endif //MBEDTLS_AES_ROM_TABLES 00229 00230 // Reduce IO buffer to save RAM, default is 16KB 00231 #ifndef MBEDTLS_SSL_MAX_CONTENT_LEN 00232 #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096 00233 #endif //MBEDTLS_SSL_MAX_CONTENT_LEN 00234 00235 // needed for Base64 encoding Opaque data for 00236 // registration payload, adds 500 bytes to flash. 00237 #ifndef MBEDTLS_BASE64_C 00238 #define MBEDTLS_BASE64_C 00239 #endif // MBEDTLS_BASE64_C 00240 00241 // Enable non-volatile entropy feature 00242 #ifndef MBEDTLS_ENTROPY_NV_SEED 00243 #define MBEDTLS_ENTROPY_NV_SEED 00244 #endif 00245 00246 // Non-volatile entropy source callback functions - PSA 00247 #ifndef MBEDTLS_PLATFORM_NV_SEED_READ_MACRO 00248 #define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbed_default_seed_read 00249 #endif 00250 #ifndef MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO 00251 #define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbed_default_seed_write 00252 #endif 00253 00254 // Needed by provisioning 00255 #undef MBEDTLS_PEM_WRITE_C 00256 00257 // Remove RSA, save 20KB at total 00258 #undef MBEDTLS_RSA_C 00259 00260 #undef MBEDTLS_PK_RSA_ALT_SUPPORT 00261 00262 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00263 00264 #undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00265 00266 #undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00267 00268 //#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00269 00270 // Remove error messages, save 10KB of ROM 00271 #undef MBEDTLS_ERROR_C 00272 00273 // Remove selftesting and save 11KB of ROM 00274 #undef MBEDTLS_SELF_TEST 00275 00276 #undef MBEDTLS_CERTS_C 00277 00278 // Reduces ROM size by 30 kB 00279 #undef MBEDTLS_ERROR_STRERROR_DUMMY 00280 00281 #undef MBEDTLS_VERSION_FEATURES 00282 00283 #undef MBEDTLS_DEBUG_C 00284 00285 // needed for parsing the certificates 00286 #undef MBEDTLS_PEM_PARSE_C 00287 00288 #undef MBEDTLS_SHA512_C 00289 00290 #undef MBEDTLS_SSL_SRV_C 00291 00292 #undef MBEDTLS_ECP_DP_SECP192R1_ENABLED 00293 #undef MBEDTLS_ECP_DP_SECP224R1_ENABLED 00294 #undef MBEDTLS_ECP_DP_SECP384R1_ENABLED 00295 #undef MBEDTLS_ECP_DP_SECP521R1_ENABLED 00296 #undef MBEDTLS_ECP_DP_SECP192K1_ENABLED 00297 #undef MBEDTLS_ECP_DP_SECP224K1_ENABLED 00298 #undef MBEDTLS_ECP_DP_SECP256K1_ENABLED 00299 #undef MBEDTLS_ECP_DP_BP256R1_ENABLED 00300 #undef MBEDTLS_ECP_DP_BP384R1_ENABLED 00301 #undef MBEDTLS_ECP_DP_BP512R1_ENABLED 00302 #undef MBEDTLS_ECP_DP_CURVE25519_ENABLED 00303 00304 #define MBEDTLS_PLATFORM_TIME_ALT 00305 00306 /** 00307 * \def MBEDTLS_SSL_RENEGOTIATION 00308 * 00309 * Enable support for TLS renegotiation. 00310 * 00311 * The two main uses of renegotiation are (1) refresh keys on long-lived 00312 * connections and (2) client authentication after the initial handshake. 00313 * If you don't need renegotiation, it's probably better to disable it, since 00314 * it has been associated with security issues in the past and is easy to 00315 * misuse/misunderstand. 00316 * 00317 * Comment this to disable support for renegotiation. 00318 * 00319 * \note Even if this option is disabled, both client and server are aware 00320 * of the Renegotiation Indication Extension (RFC 5746) used to 00321 * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). 00322 * (See \c mbedtls_ssl_conf_legacy_renegotiation for the 00323 * configuration of this extension). 00324 * 00325 * \note This feature is required by Device Management Client for Client-side 00326 * certificate expiration verification. Disabling it will also require 00327 * setting PAL_USE_SECURE_TIME to 0. 00328 * 00329 */ 00330 #define MBEDTLS_SSL_RENEGOTIATION 00331 00332 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00333 00334 #include "mbedtls/check_config.h" 00335 00336 #endif /* PAL_MBEDTLS_USER_CONFIG_H */
Generated on Tue Jul 12 2022 20:21:01 by
1.7.2