quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

config-ccm-psk-tls1_2.h (2662B)

      1 /**
      2  * \file config-ccm-psk-tls1_2.h
      3  *
      4  * \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
      5  */
      6 /*
      7  *  Copyright The Mbed TLS Contributors
      8  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
      9  */
     10 /*
     11  * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
     12  *
     13  * Distinguishing features:
     14  * - Optimized for small code size, low bandwidth (on a reliable transport),
     15  *   and low RAM usage.
     16  * - No asymmetric cryptography (no certificates, no Diffie-Hellman key
     17  *   exchange).
     18  * - Fully modern and secure (provided the pre-shared keys are generated and
     19  *   stored securely).
     20  * - Very low record overhead with CCM-8.
     21  *
     22  * See README.txt for usage instructions.
     23  */
     24 
     25 /* System support */
     26 //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
     27 /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
     28 
     29 /* Mbed TLS modules */
     30 #define MBEDTLS_AES_C
     31 #define MBEDTLS_CCM_C
     32 #define MBEDTLS_CIPHER_C
     33 #define MBEDTLS_CTR_DRBG_C
     34 #define MBEDTLS_ENTROPY_C
     35 #define MBEDTLS_MD_C
     36 #define MBEDTLS_NET_C
     37 #define MBEDTLS_SHA256_C
     38 #define MBEDTLS_SSL_CLI_C
     39 #define MBEDTLS_SSL_SRV_C
     40 #define MBEDTLS_SSL_TLS_C
     41 
     42 /* TLS protocol feature support */
     43 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
     44 #define MBEDTLS_SSL_PROTO_TLS1_2
     45 
     46 /*
     47  * Use only CCM_8 ciphersuites, and
     48  * save ROM and a few bytes of RAM by specifying our own ciphersuite list
     49  */
     50 #define MBEDTLS_SSL_CIPHERSUITES                        \
     51     MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,             \
     52     MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
     53 
     54 /*
     55  * Save RAM at the expense of interoperability: do this only if you control
     56  * both ends of the connection!  (See comments in "mbedtls/ssl.h".)
     57  * The optimal size here depends on the typical size of records.
     58  */
     59 #define MBEDTLS_SSL_IN_CONTENT_LEN              1024
     60 #define MBEDTLS_SSL_OUT_CONTENT_LEN             1024
     61 
     62 /* Save RAM at the expense of ROM */
     63 #define MBEDTLS_AES_ROM_TABLES
     64 
     65 /* Save some RAM by adjusting to your exact needs */
     66 #define MBEDTLS_PSK_MAX_LEN    16 /* 128-bits keys are generally enough */
     67 
     68 /*
     69  * You should adjust this to the exact number of sources you're using: default
     70  * is the "platform_entropy_poll" source, but you may want to add other ones
     71  * Minimum is 2 for the entropy test suite.
     72  */
     73 #define MBEDTLS_ENTROPY_MAX_SOURCES 2
     74 
     75 /* These defines are present so that the config modifying scripts can enable
     76  * them during tests/scripts/test-ref-configs.pl */
     77 //#define MBEDTLS_USE_PSA_CRYPTO
     78 //#define MBEDTLS_PSA_CRYPTO_C
     79 
     80 /* Error messages and TLS debugging traces
     81  * (huge code size increase, needed for tests/ssl-opt.sh) */
     82 //#define MBEDTLS_DEBUG_C
     83 //#define MBEDTLS_ERROR_C