|
40 | 40 | #include <openthread/platform/logging.h> |
41 | 41 | #include <openthread/platform/memory.h> |
42 | 42 |
|
43 | | -#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf |
| 43 | +// ============================================================================== |
| 44 | +// Cryptographic configuration |
| 45 | +// ============================================================================== |
44 | 46 |
|
45 | 47 | #define MBEDTLS_AES_C |
46 | 48 | #if (MBEDTLS_VERSION_NUMBER >= 0x03050000) |
|
66 | 68 | #define MBEDTLS_ENTROPY_C |
67 | 69 | #define MBEDTLS_HAVE_ASM |
68 | 70 | #define MBEDTLS_HMAC_DRBG_C |
69 | | -#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED |
70 | 71 | #define MBEDTLS_MD_C |
71 | | -#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES |
72 | | -#define MBEDTLS_NO_PLATFORM_ENTROPY |
73 | | -#define MBEDTLS_OID_C |
74 | | -#define MBEDTLS_PK_C |
75 | | -#define MBEDTLS_PK_PARSE_C |
76 | | -#define MBEDTLS_PLATFORM_C |
77 | | -#define MBEDTLS_PLATFORM_MEMORY |
78 | | -#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS |
79 | 72 | #define MBEDTLS_SHA224_C |
80 | 73 | #define MBEDTLS_SHA256_C |
81 | 74 | #define MBEDTLS_SHA256_SMALLER |
| 75 | + |
| 76 | +#if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE || OPENTHREAD_CONFIG_TLS_ENABLE |
| 77 | +#define MBEDTLS_BASE64_C |
| 78 | +#define MBEDTLS_ECDH_C |
| 79 | +#define MBEDTLS_ECDSA_C |
| 80 | +#endif |
| 81 | + |
| 82 | +#if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE |
| 83 | +#define MBEDTLS_GCM_C |
| 84 | +#endif |
| 85 | + |
| 86 | +#if OPENTHREAD_CONFIG_ECDSA_ENABLE |
| 87 | +#define MBEDTLS_BASE64_C |
| 88 | +#define MBEDTLS_ECDH_C |
| 89 | +#define MBEDTLS_ECDSA_C |
| 90 | +#if OPENTHREAD_CONFIG_DETERMINISTIC_ECDSA_ENABLE |
| 91 | +#define MBEDTLS_ECDSA_DETERMINISTIC |
| 92 | +#endif |
| 93 | +#endif |
| 94 | + |
| 95 | +// ============================================================================== |
| 96 | +// SSL configuration |
| 97 | +// ============================================================================== |
| 98 | + |
82 | 99 | #define MBEDTLS_SSL_CLI_C |
83 | 100 | #define MBEDTLS_SSL_DTLS_ANTI_REPLAY |
84 | 101 | #define MBEDTLS_SSL_DTLS_HELLO_VERIFY |
|
93 | 110 | #define MBEDTLS_SSL_SRV_C |
94 | 111 | #endif |
95 | 112 |
|
| 113 | +#if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE |
| 114 | +#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE |
| 115 | +#endif |
| 116 | + |
| 117 | +#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED |
| 118 | + |
96 | 119 | #if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE |
97 | 120 | #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED |
98 | 121 | #endif |
|
102 | 125 | #endif |
103 | 126 |
|
104 | 127 | #if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE |
105 | | -#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE |
106 | | -#define MBEDTLS_GCM_C |
| 128 | +#define MBEDTLS_SSL_MAX_CONTENT_LEN 2000 /**< Maxium fragment length in bytes */ |
| 129 | +#elif OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE |
| 130 | +#define MBEDTLS_SSL_MAX_CONTENT_LEN 900 /**< Maxium fragment length in bytes */ |
| 131 | +#else |
| 132 | +#define MBEDTLS_SSL_MAX_CONTENT_LEN 768 /**< Maxium fragment length in bytes */ |
107 | 133 | #endif |
108 | 134 |
|
109 | | -#ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
| 135 | +#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
| 136 | +#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
| 137 | +#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 |
| 138 | + |
| 139 | +// ============================================================================== |
| 140 | +// x509 & PK configuration |
| 141 | +// ============================================================================== |
| 142 | + |
| 143 | +#define MBEDTLS_OID_C |
| 144 | +#define MBEDTLS_PK_C |
| 145 | +#define MBEDTLS_PK_PARSE_C |
| 146 | + |
| 147 | +#if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE || OPENTHREAD_CONFIG_TLS_ENABLE |
110 | 148 | #define MBEDTLS_BASE64_C |
111 | | -#define MBEDTLS_ECDH_C |
112 | | -#define MBEDTLS_ECDSA_C |
113 | 149 | #define MBEDTLS_PEM_PARSE_C |
114 | 150 | #define MBEDTLS_X509_USE_C |
115 | 151 | #define MBEDTLS_X509_CRT_PARSE_C |
116 | 152 | #endif |
117 | 153 |
|
118 | 154 | #if OPENTHREAD_CONFIG_ECDSA_ENABLE |
119 | | -#define MBEDTLS_BASE64_C |
120 | | -#define MBEDTLS_ECDH_C |
121 | | -#define MBEDTLS_ECDSA_C |
122 | | -#if OPENTHREAD_CONFIG_DETERMINISTIC_ECDSA_ENABLE |
123 | | -#define MBEDTLS_ECDSA_DETERMINISTIC |
124 | | -#endif |
125 | 155 | #define MBEDTLS_PEM_PARSE_C |
126 | 156 | #define MBEDTLS_PK_WRITE_C |
127 | 157 | #endif |
128 | 158 |
|
| 159 | +// ============================================================================== |
| 160 | +// MPI configuration |
| 161 | +// ============================================================================== |
| 162 | + |
129 | 163 | #define MBEDTLS_MPI_WINDOW_SIZE 1 /**< Maximum windows size used. */ |
130 | 164 | #define MBEDTLS_MPI_MAX_SIZE 32 /**< Maximum number of bytes for usable MPIs. */ |
| 165 | + |
| 166 | +// ============================================================================== |
| 167 | +// ECP configuration |
| 168 | +// ============================================================================== |
| 169 | + |
| 170 | +#if (MBEDTLS_VERSION_NUMBER < 0x03000000) |
131 | 171 | #define MBEDTLS_ECP_MAX_BITS 256 /**< Maximum bit size of groups */ |
| 172 | +#endif |
132 | 173 | #define MBEDTLS_ECP_WINDOW_SIZE 2 /**< Maximum window size used */ |
133 | 174 | #define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */ |
134 | | -#define MBEDTLS_ENTROPY_MAX_SOURCES 1 /**< Maximum number of sources supported */ |
| 175 | + |
| 176 | +// ============================================================================== |
| 177 | +// Platform configuration |
| 178 | +// ============================================================================== |
| 179 | + |
| 180 | +#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf |
135 | 181 |
|
136 | 182 | #if OPENTHREAD_CONFIG_HEAP_EXTERNAL_ENABLE |
137 | | -#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ |
138 | | -#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ |
| 183 | +#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ |
| 184 | +#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ |
139 | 185 | #else |
140 | 186 | #define MBEDTLS_MEMORY_BUFFER_ALLOC_C |
141 | 187 | #endif |
142 | 188 |
|
143 | | -#if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE |
144 | | -#define MBEDTLS_SSL_MAX_CONTENT_LEN 2000 /**< Maxium fragment length in bytes */ |
145 | | -#elif OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE |
146 | | -#define MBEDTLS_SSL_MAX_CONTENT_LEN 900 /**< Maxium fragment length in bytes */ |
147 | | -#else |
148 | | -#define MBEDTLS_SSL_MAX_CONTENT_LEN 768 /**< Maxium fragment length in bytes */ |
149 | | -#endif |
150 | | - |
151 | | -#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
152 | | -#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
153 | | -#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 |
| 189 | +#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES |
| 190 | +#define MBEDTLS_NO_PLATFORM_ENTROPY |
| 191 | +#define MBEDTLS_PLATFORM_C |
| 192 | +#define MBEDTLS_PLATFORM_MEMORY |
| 193 | +#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS |
| 194 | +#define MBEDTLS_ENTROPY_MAX_SOURCES 1 |
154 | 195 |
|
155 | 196 | // Spans multiple lines to avoid being processed by unifdef |
156 | 197 | #if defined(\ |
|
0 commit comments