|
40 | 40 | #include <openthread/platform/logging.h> |
41 | 41 | #include <openthread/platform/memory.h> |
42 | 42 |
|
43 | | -#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf |
| 43 | +// ============================================================================== |
| 44 | +// Cryptographic configuration |
| 45 | +// ============================================================================== |
44 | 46 |
|
45 | 47 | #define MBEDTLS_AES_C |
46 | 48 | #if (MBEDTLS_VERSION_NUMBER >= 0x03050000) |
|
66 | 68 | #define MBEDTLS_ENTROPY_C |
67 | 69 | #define MBEDTLS_HAVE_ASM |
68 | 70 | #define MBEDTLS_HMAC_DRBG_C |
69 | | -#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED |
70 | 71 | #define MBEDTLS_MD_C |
71 | | -#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES |
72 | | -#define MBEDTLS_NO_PLATFORM_ENTROPY |
73 | | -#define MBEDTLS_OID_C |
74 | | -#define MBEDTLS_PK_C |
75 | | -#define MBEDTLS_PK_PARSE_C |
76 | | -#define MBEDTLS_PLATFORM_C |
77 | | -#define MBEDTLS_PLATFORM_MEMORY |
78 | | -#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS |
79 | 72 | #define MBEDTLS_SHA224_C |
80 | 73 | #define MBEDTLS_SHA256_C |
81 | 74 | #define MBEDTLS_SHA256_SMALLER |
| 75 | + |
| 76 | +#if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE || \ |
| 77 | + OPENTHREAD_CONFIG_TLS_ENABLE || \ |
| 78 | + OPENTHREAD_CONFIG_ECDSA_ENABLE |
| 79 | +#define MBEDTLS_ECDH_C |
| 80 | +#define MBEDTLS_ECDSA_C |
| 81 | +#endif |
| 82 | + |
| 83 | +#if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE |
| 84 | +#define MBEDTLS_GCM_C |
| 85 | +#endif |
| 86 | + |
| 87 | +#if OPENTHREAD_CONFIG_ECDSA_ENABLE |
| 88 | +#if OPENTHREAD_CONFIG_DETERMINISTIC_ECDSA_ENABLE |
| 89 | +#define MBEDTLS_ECDSA_DETERMINISTIC |
| 90 | +#endif |
| 91 | +#endif |
| 92 | + |
| 93 | +// ============================================================================== |
| 94 | +// SSL configuration |
| 95 | +// ============================================================================== |
| 96 | + |
82 | 97 | #define MBEDTLS_SSL_CLI_C |
83 | 98 | #define MBEDTLS_SSL_DTLS_ANTI_REPLAY |
84 | 99 | #define MBEDTLS_SSL_DTLS_HELLO_VERIFY |
|
93 | 108 | #define MBEDTLS_SSL_SRV_C |
94 | 109 | #endif |
95 | 110 |
|
| 111 | +#if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE |
| 112 | +#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE |
| 113 | +#endif |
| 114 | + |
| 115 | +#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED |
| 116 | + |
96 | 117 | #if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE |
97 | 118 | #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED |
98 | 119 | #endif |
|
102 | 123 | #endif |
103 | 124 |
|
104 | 125 | #if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE |
105 | | -#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE |
106 | | -#define MBEDTLS_GCM_C |
| 126 | +#define MBEDTLS_SSL_MAX_CONTENT_LEN 2000 /**< Maximum fragment length in bytes */ |
| 127 | +#elif OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE |
| 128 | +#define MBEDTLS_SSL_MAX_CONTENT_LEN 900 /**< Maximum fragment length in bytes */ |
| 129 | +#else |
| 130 | +#define MBEDTLS_SSL_MAX_CONTENT_LEN 768 /**< Maximum fragment length in bytes */ |
107 | 131 | #endif |
108 | 132 |
|
109 | | -#ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
| 133 | +#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
| 134 | +#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
| 135 | +#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 |
| 136 | + |
| 137 | +// ============================================================================== |
| 138 | +// x509 & PK configuration |
| 139 | +// ============================================================================== |
| 140 | + |
| 141 | +#define MBEDTLS_OID_C |
| 142 | +#define MBEDTLS_PK_C |
| 143 | +#define MBEDTLS_PK_PARSE_C |
| 144 | + |
| 145 | +#if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE || \ |
| 146 | + OPENTHREAD_CONFIG_TLS_ENABLE || \ |
| 147 | + OPENTHREAD_CONFIG_ECDSA_ENABLE |
110 | 148 | #define MBEDTLS_BASE64_C |
111 | | -#define MBEDTLS_ECDH_C |
112 | | -#define MBEDTLS_ECDSA_C |
113 | 149 | #define MBEDTLS_PEM_PARSE_C |
| 150 | +#endif |
| 151 | + |
| 152 | +#if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE || OPENTHREAD_CONFIG_TLS_ENABLE |
114 | 153 | #define MBEDTLS_X509_USE_C |
115 | 154 | #define MBEDTLS_X509_CRT_PARSE_C |
116 | 155 | #endif |
117 | 156 |
|
118 | 157 | #if OPENTHREAD_CONFIG_ECDSA_ENABLE |
119 | | -#define MBEDTLS_BASE64_C |
120 | | -#define MBEDTLS_ECDH_C |
121 | | -#define MBEDTLS_ECDSA_C |
122 | | -#if OPENTHREAD_CONFIG_DETERMINISTIC_ECDSA_ENABLE |
123 | | -#define MBEDTLS_ECDSA_DETERMINISTIC |
124 | | -#endif |
125 | | -#define MBEDTLS_PEM_PARSE_C |
126 | 158 | #define MBEDTLS_PK_WRITE_C |
127 | 159 | #endif |
128 | 160 |
|
| 161 | +// ============================================================================== |
| 162 | +// MPI configuration |
| 163 | +// ============================================================================== |
| 164 | + |
129 | 165 | #define MBEDTLS_MPI_WINDOW_SIZE 1 /**< Maximum windows size used. */ |
130 | 166 | #define MBEDTLS_MPI_MAX_SIZE 32 /**< Maximum number of bytes for usable MPIs. */ |
| 167 | + |
| 168 | +// ============================================================================== |
| 169 | +// ECP configuration |
| 170 | +// ============================================================================== |
| 171 | + |
| 172 | +#if (MBEDTLS_VERSION_NUMBER < 0x03000000) |
131 | 173 | #define MBEDTLS_ECP_MAX_BITS 256 /**< Maximum bit size of groups */ |
| 174 | +#endif |
132 | 175 | #define MBEDTLS_ECP_WINDOW_SIZE 2 /**< Maximum window size used */ |
133 | 176 | #define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */ |
134 | | -#define MBEDTLS_ENTROPY_MAX_SOURCES 1 /**< Maximum number of sources supported */ |
| 177 | + |
| 178 | +// ============================================================================== |
| 179 | +// Platform configuration |
| 180 | +// ============================================================================== |
| 181 | + |
| 182 | +#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf |
135 | 183 |
|
136 | 184 | #if OPENTHREAD_CONFIG_HEAP_EXTERNAL_ENABLE |
137 | | -#define MBEDTLS_PLATFORM_STD_CALLOC otPlatCAlloc /**< Default allocator to use, can be undefined */ |
138 | | -#define MBEDTLS_PLATFORM_STD_FREE otPlatFree /**< Default free to use, can be undefined */ |
| 185 | +#define MBEDTLS_PLATFORM_STD_CALLOC otPlatCAlloc /**< Default allocator to use, can be undefined */ |
| 186 | +#define MBEDTLS_PLATFORM_STD_FREE otPlatFree /**< Default free to use, can be undefined */ |
139 | 187 | #else |
140 | 188 | #define MBEDTLS_MEMORY_BUFFER_ALLOC_C |
141 | 189 | #endif |
142 | 190 |
|
143 | | -#if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE |
144 | | -#define MBEDTLS_SSL_MAX_CONTENT_LEN 2000 /**< Maxium fragment length in bytes */ |
145 | | -#elif OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE |
146 | | -#define MBEDTLS_SSL_MAX_CONTENT_LEN 900 /**< Maxium fragment length in bytes */ |
147 | | -#else |
148 | | -#define MBEDTLS_SSL_MAX_CONTENT_LEN 768 /**< Maxium fragment length in bytes */ |
149 | | -#endif |
150 | | - |
151 | | -#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
152 | | -#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
153 | | -#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 |
| 191 | +#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES |
| 192 | +#define MBEDTLS_NO_PLATFORM_ENTROPY |
| 193 | +#define MBEDTLS_PLATFORM_C |
| 194 | +#define MBEDTLS_PLATFORM_MEMORY |
| 195 | +#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS |
| 196 | +#define MBEDTLS_ENTROPY_MAX_SOURCES 1 |
154 | 197 |
|
155 | 198 | // Spans multiple lines to avoid being processed by unifdef |
156 | 199 | #if defined(\ |
|
0 commit comments