quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

config-ccm-psk-dtls1_2.h (3014B)

      1 /**
      2  * \file config-ccm-psk-dtls1_2.h
      3  *
      4  * \brief Small configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites
      5  */
      6 /*
      7  *  Copyright The Mbed TLS Contributors
      8  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
      9  */
     10 /*
     11  * Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites
     12  *
     13  * Distinguishing features:
     14  * - Optimized for small code size, low bandwidth (on an unreliable transport),
     15  *   and low RAM usage.
     16  * - No asymmetric cryptography (no certificates, no Diffie-Hellman key
     17  *   exchange).
     18  * - Fully modern and secure (provided the pre-shared keys are generated and
     19  *   stored securely).
     20  * - Very low record overhead with CCM-8.
     21  * - Includes several optional DTLS features typically used in IoT.
     22  *
     23  * See README.txt for usage instructions.
     24  */
     25 
     26 /* System support */
     27 //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
     28 /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
     29 
     30 /* Mbed TLS modules */
     31 #define MBEDTLS_AES_C
     32 #define MBEDTLS_CCM_C
     33 #define MBEDTLS_CIPHER_C
     34 #define MBEDTLS_CTR_DRBG_C
     35 #define MBEDTLS_ENTROPY_C
     36 #define MBEDTLS_MD_C
     37 #define MBEDTLS_NET_C
     38 #define MBEDTLS_SHA256_C
     39 #define MBEDTLS_SSL_CLI_C
     40 #define MBEDTLS_SSL_COOKIE_C
     41 #define MBEDTLS_SSL_SRV_C
     42 #define MBEDTLS_SSL_TLS_C
     43 #define MBEDTLS_TIMING_C
     44 
     45 /* TLS protocol feature support */
     46 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
     47 #define MBEDTLS_SSL_PROTO_TLS1_2
     48 #define MBEDTLS_SSL_PROTO_DTLS
     49 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
     50 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
     51 #define MBEDTLS_SSL_DTLS_CONNECTION_ID
     52 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
     53 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
     54 
     55 /*
     56  * Use only CCM_8 ciphersuites, and
     57  * save ROM and a few bytes of RAM by specifying our own ciphersuite list
     58  */
     59 #define MBEDTLS_SSL_CIPHERSUITES                        \
     60     MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,             \
     61     MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
     62 
     63 /*
     64  * Save RAM at the expense of interoperability: do this only if you control
     65  * both ends of the connection!  (See comments in "mbedtls/ssl.h".)
     66  * The optimal size here depends on the typical size of records.
     67  */
     68 #define MBEDTLS_SSL_IN_CONTENT_LEN              256
     69 #define MBEDTLS_SSL_OUT_CONTENT_LEN             256
     70 
     71 /* Save RAM at the expense of ROM */
     72 #define MBEDTLS_AES_ROM_TABLES
     73 
     74 /* Save some RAM by adjusting to your exact needs */
     75 #define MBEDTLS_PSK_MAX_LEN    16 /* 128-bits keys are generally enough */
     76 
     77 /*
     78  * You should adjust this to the exact number of sources you're using: default
     79  * is the "platform_entropy_poll" source, but you may want to add other ones
     80  * Minimum is 2 for the entropy test suite.
     81  */
     82 #define MBEDTLS_ENTROPY_MAX_SOURCES 2
     83 
     84 /* These defines are present so that the config modifying scripts can enable
     85  * them during tests/scripts/test-ref-configs.pl */
     86 //#define MBEDTLS_USE_PSA_CRYPTO
     87 //#define MBEDTLS_PSA_CRYPTO_C
     88 
     89 /* Error messages and TLS debugging traces
     90  * (huge code size increase, needed for tests/ssl-opt.sh) */
     91 //#define MBEDTLS_DEBUG_C
     92 //#define MBEDTLS_ERROR_C