|
40 | 40 | #include <openthread/platform/logging.h> |
41 | 41 | #include <openthread/platform/memory.h> |
42 | 42 |
|
43 | | -#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf |
| 43 | +// ============================================================================== |
| 44 | +// Cryptographic configuration |
| 45 | +// ============================================================================== |
44 | 46 |
|
45 | 47 | #define MBEDTLS_AES_C |
46 | 48 | #if (MBEDTLS_VERSION_NUMBER >= 0x03050000) |
|
66 | 68 | #define MBEDTLS_ENTROPY_C |
67 | 69 | #define MBEDTLS_HAVE_ASM |
68 | 70 | #define MBEDTLS_HMAC_DRBG_C |
69 | | -#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED |
70 | 71 | #define MBEDTLS_MD_C |
71 | | -#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES |
72 | | -#define MBEDTLS_NO_PLATFORM_ENTROPY |
73 | | -#define MBEDTLS_OID_C |
74 | | -#define MBEDTLS_PK_C |
75 | | -#define MBEDTLS_PK_PARSE_C |
76 | | -#define MBEDTLS_PLATFORM_C |
77 | | -#define MBEDTLS_PLATFORM_MEMORY |
78 | | -#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS |
79 | 72 | #define MBEDTLS_SHA224_C |
80 | 73 | #define MBEDTLS_SHA256_C |
81 | 74 | #define MBEDTLS_SHA256_SMALLER |
| 75 | + |
| 76 | +#if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE || OPENTHREAD_CONFIG_TLS_ENABLE || OPENTHREAD_CONFIG_ECDSA_ENABLE |
| 77 | +#define MBEDTLS_ECDH_C |
| 78 | +#define MBEDTLS_ECDSA_C |
| 79 | +#endif |
| 80 | + |
| 81 | +#if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE |
| 82 | +#define MBEDTLS_GCM_C |
| 83 | +#endif |
| 84 | + |
| 85 | +#if OPENTHREAD_CONFIG_ECDSA_ENABLE |
| 86 | +#if OPENTHREAD_CONFIG_DETERMINISTIC_ECDSA_ENABLE |
| 87 | +#define MBEDTLS_ECDSA_DETERMINISTIC |
| 88 | +#endif |
| 89 | +#endif |
| 90 | + |
| 91 | +// ============================================================================== |
| 92 | +// SSL configuration |
| 93 | +// ============================================================================== |
| 94 | + |
82 | 95 | #define MBEDTLS_SSL_CLI_C |
83 | 96 | #define MBEDTLS_SSL_DTLS_ANTI_REPLAY |
84 | 97 | #define MBEDTLS_SSL_DTLS_HELLO_VERIFY |
|
93 | 106 | #define MBEDTLS_SSL_SRV_C |
94 | 107 | #endif |
95 | 108 |
|
| 109 | +#if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE |
| 110 | +#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE |
| 111 | +#endif |
| 112 | + |
| 113 | +#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED |
| 114 | + |
96 | 115 | #if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE |
97 | 116 | #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED |
98 | 117 | #endif |
|
102 | 121 | #endif |
103 | 122 |
|
104 | 123 | #if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE |
105 | | -#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE |
106 | | -#define MBEDTLS_GCM_C |
| 124 | +#define MBEDTLS_SSL_MAX_CONTENT_LEN 2000 /**< Maximum fragment length in bytes */ |
| 125 | +#elif OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE |
| 126 | +#define MBEDTLS_SSL_MAX_CONTENT_LEN 900 /**< Maximum fragment length in bytes */ |
| 127 | +#else |
| 128 | +#define MBEDTLS_SSL_MAX_CONTENT_LEN 768 /**< Maximum fragment length in bytes */ |
107 | 129 | #endif |
108 | 130 |
|
109 | | -#ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
| 131 | +#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
| 132 | +#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
| 133 | +#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 |
| 134 | + |
| 135 | +// ============================================================================== |
| 136 | +// x509 & PK configuration |
| 137 | +// ============================================================================== |
| 138 | + |
| 139 | +#define MBEDTLS_OID_C |
| 140 | +#define MBEDTLS_PK_C |
| 141 | +#define MBEDTLS_PK_PARSE_C |
| 142 | + |
| 143 | +#if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE || OPENTHREAD_CONFIG_TLS_ENABLE || OPENTHREAD_CONFIG_ECDSA_ENABLE |
110 | 144 | #define MBEDTLS_BASE64_C |
111 | | -#define MBEDTLS_ECDH_C |
112 | | -#define MBEDTLS_ECDSA_C |
113 | 145 | #define MBEDTLS_PEM_PARSE_C |
| 146 | +#endif |
| 147 | + |
| 148 | +#if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE || OPENTHREAD_CONFIG_TLS_ENABLE |
114 | 149 | #define MBEDTLS_X509_USE_C |
115 | 150 | #define MBEDTLS_X509_CRT_PARSE_C |
116 | 151 | #endif |
117 | 152 |
|
118 | 153 | #if OPENTHREAD_CONFIG_ECDSA_ENABLE |
119 | | -#define MBEDTLS_BASE64_C |
120 | | -#define MBEDTLS_ECDH_C |
121 | | -#define MBEDTLS_ECDSA_C |
122 | | -#if OPENTHREAD_CONFIG_DETERMINISTIC_ECDSA_ENABLE |
123 | | -#define MBEDTLS_ECDSA_DETERMINISTIC |
124 | | -#endif |
125 | | -#define MBEDTLS_PEM_PARSE_C |
126 | 154 | #define MBEDTLS_PK_WRITE_C |
127 | 155 | #endif |
128 | 156 |
|
| 157 | +// ============================================================================== |
| 158 | +// MPI configuration |
| 159 | +// ============================================================================== |
| 160 | + |
129 | 161 | #define MBEDTLS_MPI_WINDOW_SIZE 1 /**< Maximum windows size used. */ |
130 | 162 | #define MBEDTLS_MPI_MAX_SIZE 32 /**< Maximum number of bytes for usable MPIs. */ |
| 163 | + |
| 164 | +// ============================================================================== |
| 165 | +// ECP configuration |
| 166 | +// ============================================================================== |
| 167 | + |
| 168 | +#if (MBEDTLS_VERSION_NUMBER < 0x03000000) |
131 | 169 | #define MBEDTLS_ECP_MAX_BITS 256 /**< Maximum bit size of groups */ |
| 170 | +#endif |
132 | 171 | #define MBEDTLS_ECP_WINDOW_SIZE 2 /**< Maximum window size used */ |
133 | 172 | #define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */ |
134 | | -#define MBEDTLS_ENTROPY_MAX_SOURCES 1 /**< Maximum number of sources supported */ |
| 173 | + |
| 174 | +// ============================================================================== |
| 175 | +// Platform configuration |
| 176 | +// ============================================================================== |
| 177 | + |
| 178 | +#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf |
135 | 179 |
|
136 | 180 | #if OPENTHREAD_CONFIG_HEAP_EXTERNAL_ENABLE |
137 | | -#define MBEDTLS_PLATFORM_STD_CALLOC otPlatCryptoCAlloc /**< Default allocator to use, can be undefined */ |
138 | | -#define MBEDTLS_PLATFORM_STD_FREE otPlatCryptoFree /**< Default free to use, can be undefined */ |
| 181 | +#define MBEDTLS_PLATFORM_STD_CALLOC otPlatCryptoCAlloc /**< Default allocator to use, can be undefined */ |
| 182 | +#define MBEDTLS_PLATFORM_STD_FREE otPlatCryptoFree /**< Default free to use, can be undefined */ |
139 | 183 | #else |
140 | 184 | #define MBEDTLS_MEMORY_BUFFER_ALLOC_C |
141 | 185 | #endif |
142 | 186 |
|
143 | | -#if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE |
144 | | -#define MBEDTLS_SSL_MAX_CONTENT_LEN 2000 /**< Maxium fragment length in bytes */ |
145 | | -#elif OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE |
146 | | -#define MBEDTLS_SSL_MAX_CONTENT_LEN 900 /**< Maxium fragment length in bytes */ |
147 | | -#else |
148 | | -#define MBEDTLS_SSL_MAX_CONTENT_LEN 768 /**< Maxium fragment length in bytes */ |
149 | | -#endif |
150 | | - |
151 | | -#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
152 | | -#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
153 | | -#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 |
| 187 | +#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES |
| 188 | +#define MBEDTLS_NO_PLATFORM_ENTROPY |
| 189 | +#define MBEDTLS_PLATFORM_C |
| 190 | +#define MBEDTLS_PLATFORM_MEMORY |
| 191 | +#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS |
| 192 | +#define MBEDTLS_ENTROPY_MAX_SOURCES 1 |
154 | 193 |
|
155 | 194 | // Spans multiple lines to avoid being processed by unifdef |
156 | 195 | #if defined(\ |
|
0 commit comments