TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 56595f4f7b6ba3d0ec4933dd11cb518b8988d893 / . / configs / baremetal.h
blob: aadbd09d50c4442ddcbf0e42f096ab2510ce8407 [file] [log] [blame]
Hanno Beckerabc22b72019-03-18 12:39:49 +0000[diff] [blame]1/**
2 * \file baremetal.h
3 *
4 * \brief Test configuration for minimal baremetal Mbed TLS builds
5 * based on the following primitives:
6 * - ECDHE-ECDSA only
7 * - Elliptic curve SECP256R1 only
8 * - SHA-256 only
9 * - AES-CCM-8 only
10 *
11 * The library compiles in this configuration, but the example
12 * programs `ssl_client2` and `ssl_server2` require the
13 * modifications from `baremetal_test.h`.
14 */
15/*
16 * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
17 * SPDX-License-Identifier: Apache-2.0
18 *
19 * Licensed under the Apache License, Version 2.0 (the "License"); you may
20 * not use this file except in compliance with the License.
21 * You may obtain a copy of the License at
22 *
23 * http://www.apache.org/licenses/LICENSE-2.0
24 *
25 * Unless required by applicable law or agreed to in writing, software
26 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
27 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
28 * See the License for the specific language governing permissions and
29 * limitations under the License.
30 *
31 * This file is part of mbed TLS (https://tls.mbed.org)
32 */
33
34#ifndef MBEDTLS_BAREMETAL_CONFIG_H
35#define MBEDTLS_BAREMETAL_CONFIG_H
36
Hanno Beckerabc22b72019-03-18 12:39:49 +0000[diff] [blame]37/* Symmetric crypto: AES-CCM only */
38#define MBEDTLS_CIPHER_C
39#define MBEDTLS_AES_C
40#define MBEDTLS_AES_ROM_TABLES
41#define MBEDTLS_AES_FEWER_TABLES
42#define MBEDTLS_CCM_C
43
44/* Asymmetric crypto: Single-curve ECC only. */
45#define MBEDTLS_BIGNUM_C
46#define MBEDTLS_PK_C
47#define MBEDTLS_PK_PARSE_C
48#define MBEDTLS_PK_WRITE_C
49#define MBEDTLS_ECDH_C
50#define MBEDTLS_ECDSA_C
51#define MBEDTLS_ECP_C
52#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
53#define MBEDTLS_ECP_NIST_OPTIM
54#define MBEDTLS_ECDSA_DETERMINISTIC
Hanno Becker085ab562019-04-03 11:31:31 +0100[diff] [blame]55#define MBEDTLS_ECP_WINDOW_SIZE 2
56#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0
57#define MBEDTLS_ECP_MAX_BITS 256
58#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes
Hanno Beckerabc22b72019-03-18 12:39:49 +0000[diff] [blame]59
Hanno Beckerc1096e72019-06-19 12:30:41 +0100[diff] [blame]60#define MBEDTLS_SSL_CONF_SINGLE_EC
61#define MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
62#define MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
Hanno Becker56595f42019-06-19 16:31:38 +0100[diff] [blame^]63#define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH
64#define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_MD_ID MBEDTLS_MD_SHA256
65#define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_TLS_ID MBEDTLS_SSL_HASH_SHA256
Hanno Beckerc1096e72019-06-19 12:30:41 +0100[diff] [blame]66
Hanno Beckerabc22b72019-03-18 12:39:49 +0000[diff] [blame]67/* Key exchanges */
68#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Hanno Becker224eb0c2019-04-10 12:24:10 +0100[diff] [blame]69#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
Hanno Becker73f4cb12019-06-27 13:51:07 +0100[diff] [blame]70#define MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
Hanno Beckerabc22b72019-03-18 12:39:49 +0000[diff] [blame]71
72/* Digests - just SHA-256 */
73#define MBEDTLS_MD_C
74#define MBEDTLS_SHA256_C
75#define MBEDTLS_SHA256_SMALLER
76
77/* TLS options */
78#define MBEDTLS_SSL_CLI_C
79#define MBEDTLS_SSL_TLS_C
80#define MBEDTLS_SSL_PROTO_TLS1_2
81#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
Jarno Lamsa29f2dd02019-06-20 15:31:52 +0300[diff] [blame]82#define MBEDTLS_SSL_NO_SESSION_CACHE
83#define MBEDTLS_SSL_NO_SESSION_RESUMPTION
Hanno Beckerabc22b72019-03-18 12:39:49 +0000[diff] [blame]84#define MBEDTLS_SSL_COOKIE_C
Hanno Becker275e5bf2019-04-03 13:39:31 +0100[diff] [blame]85#define MBEDTLS_SSL_PROTO_DTLS
Manuel Pégourié-Gonnard19e81322019-06-18 10:54:25 +0200[diff] [blame]86#define MBEDTLS_SSL_PROTO_NO_TLS
Hanno Beckerabc22b72019-03-18 12:39:49 +0000[diff] [blame]87#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
88#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
89#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
Hanno Beckera5a2b082019-05-15 14:03:01 +0100[diff] [blame]90#define MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Beckerabc22b72019-03-18 12:39:49 +0000[diff] [blame]91
Hanno Beckeraabbb582019-06-11 13:43:27 +0100[diff] [blame]92/* Compile-time fixed parts of the SSL configuration */
Hanno Beckerf3400da2019-06-13 12:36:31 +0100[diff] [blame]93#define MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
Hanno Becker1f835fa2019-06-13 10:14:59 +0100[diff] [blame]94#define MBEDTLS_SSL_CONF_READ_TIMEOUT 0
95#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN 1000
96#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX 16000
Hanno Becker3b876ac2019-06-21 15:51:19 +0100[diff] [blame]97#define MBEDTLS_SSL_CONF_CID_LEN 2
Hanno Beckere0200da2019-06-13 09:23:43 +0100[diff] [blame]98#define MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID MBEDTLS_SSL_UNEXPECTED_CID_IGNORE
Hanno Beckerb0b2b672019-06-12 16:58:10 +0100[diff] [blame]99#define MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION \
100 MBEDTLS_SSL_SECURE_RENEGOTIATION
Hanno Beckeracd4fc02019-06-12 16:40:50 +0100[diff] [blame]101#define MBEDTLS_SSL_CONF_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED
Hanno Beckerde671542019-06-12 16:30:46 +0100[diff] [blame]102#define MBEDTLS_SSL_CONF_BADMAC_LIMIT 0
Hanno Becker7f376f42019-06-12 16:20:48 +0100[diff] [blame]103#define MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED
Hanno Becker0ae6b242019-06-13 16:45:36 +0100[diff] [blame]104#define MBEDTLS_SSL_CONF_GET_TIMER mbedtls_timing_get_delay
105#define MBEDTLS_SSL_CONF_SET_TIMER mbedtls_timing_set_delay
Hanno Beckera58a8962019-06-13 16:11:15 +0100[diff] [blame]106#define MBEDTLS_SSL_CONF_RECV mbedtls_net_recv
107#define MBEDTLS_SSL_CONF_SEND mbedtls_net_send
108#define MBEDTLS_SSL_CONF_RECV_TIMEOUT mbedtls_net_recv_timeout
Hanno Beckerece325c2019-06-13 15:39:27 +0100[diff] [blame]109#define MBEDTLS_SSL_CONF_RNG mbedtls_hmac_drbg_random
Hanno Beckere965bd32019-06-12 14:04:34 +0100[diff] [blame]110#define MBEDTLS_SSL_CONF_MIN_MINOR_VER MBEDTLS_SSL_MINOR_VERSION_3
111#define MBEDTLS_SSL_CONF_MAX_MINOR_VER MBEDTLS_SSL_MINOR_VERSION_3
112#define MBEDTLS_SSL_CONF_MIN_MAJOR_VER MBEDTLS_SSL_MAJOR_VERSION_3
113#define MBEDTLS_SSL_CONF_MAX_MAJOR_VER MBEDTLS_SSL_MAJOR_VERSION_3
Hanno Beckeraabbb582019-06-11 13:43:27 +0100[diff] [blame]114#define MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET \
115 MBEDTLS_SSL_EXTENDED_MS_ENABLED
116#define MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET \
117 MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED
118
Hanno Beckerabc22b72019-03-18 12:39:49 +0000[diff] [blame]119/* X.509 CRT parsing */
120#define MBEDTLS_X509_USE_C
121#define MBEDTLS_X509_CRT_PARSE_C
122#define MBEDTLS_X509_CHECK_KEY_USAGE
123#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
Hanno Becker02a21932019-06-10 15:08:43 +0100[diff] [blame]124#define MBEDTLS_X509_REMOVE_INFO
Hanno Becker938a8052019-06-05 18:07:00 +0100[diff] [blame]125#define MBEDTLS_X509_ON_DEMAND_PARSING
126#define MBEDTLS_X509_ALWAYS_FLUSH
Hanno Beckerabc22b72019-03-18 12:39:49 +0000[diff] [blame]127#define MBEDTLS_ASN1_PARSE_C
128
129/* X.509 CSR writing */
130#define MBEDTLS_X509_CSR_WRITE_C
131#define MBEDTLS_X509_CREATE_C
132#define MBEDTLS_ASN1_WRITE_C
133
134/* RNG and PRNG */
135#define MBEDTLS_NO_PLATFORM_ENTROPY
136#define MBEDTLS_ENTROPY_C
137#define MBEDTLS_HMAC_DRBG_C
138
139#define MBEDTLS_OID_C
140#define MBEDTLS_PLATFORM_C
141
142/* I/O buffer configuration */
143#define MBEDTLS_SSL_MAX_CONTENT_LEN 2048
144
145/* Server-side only */
146#define MBEDTLS_SSL_TICKET_C
147#define MBEDTLS_SSL_SRV_C
148
149#if defined(MBEDTLS_USER_CONFIG_FILE)
150#include MBEDTLS_USER_CONFIG_FILE
151#endif
152
153#include <mbedtls/check_config.h>
154
155#endif /* MBEDTLS_BAREMETAL_CONFIG_H */