1*62c56f98SSadaf Ebrahimi /** 2*62c56f98SSadaf Ebrahimi * \file config-ccm-psk-tls1_2.h 3*62c56f98SSadaf Ebrahimi * 4*62c56f98SSadaf Ebrahimi * \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites 5*62c56f98SSadaf Ebrahimi */ 6*62c56f98SSadaf Ebrahimi /* 7*62c56f98SSadaf Ebrahimi * Copyright The Mbed TLS Contributors 8*62c56f98SSadaf Ebrahimi * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9*62c56f98SSadaf Ebrahimi */ 10*62c56f98SSadaf Ebrahimi /* 11*62c56f98SSadaf Ebrahimi * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites 12*62c56f98SSadaf Ebrahimi * 13*62c56f98SSadaf Ebrahimi * Distinguishing features: 14*62c56f98SSadaf Ebrahimi * - Optimized for small code size, low bandwidth (on a reliable transport), 15*62c56f98SSadaf Ebrahimi * and low RAM usage. 16*62c56f98SSadaf Ebrahimi * - No asymmetric cryptography (no certificates, no Diffie-Hellman key 17*62c56f98SSadaf Ebrahimi * exchange). 18*62c56f98SSadaf Ebrahimi * - Fully modern and secure (provided the pre-shared keys are generated and 19*62c56f98SSadaf Ebrahimi * stored securely). 20*62c56f98SSadaf Ebrahimi * - Very low record overhead with CCM-8. 21*62c56f98SSadaf Ebrahimi * 22*62c56f98SSadaf Ebrahimi * See README.txt for usage instructions. 23*62c56f98SSadaf Ebrahimi */ 24*62c56f98SSadaf Ebrahimi 25*62c56f98SSadaf Ebrahimi /* System support */ 26*62c56f98SSadaf Ebrahimi //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ 27*62c56f98SSadaf Ebrahimi /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ 28*62c56f98SSadaf Ebrahimi 29*62c56f98SSadaf Ebrahimi /* Mbed TLS modules */ 30*62c56f98SSadaf Ebrahimi #define MBEDTLS_AES_C 31*62c56f98SSadaf Ebrahimi #define MBEDTLS_CCM_C 32*62c56f98SSadaf Ebrahimi #define MBEDTLS_CIPHER_C 33*62c56f98SSadaf Ebrahimi #define MBEDTLS_CTR_DRBG_C 34*62c56f98SSadaf Ebrahimi #define MBEDTLS_ENTROPY_C 35*62c56f98SSadaf Ebrahimi #define MBEDTLS_MD_C 36*62c56f98SSadaf Ebrahimi #define MBEDTLS_NET_C 37*62c56f98SSadaf Ebrahimi #define MBEDTLS_SHA256_C 38*62c56f98SSadaf Ebrahimi #define MBEDTLS_SSL_CLI_C 39*62c56f98SSadaf Ebrahimi #define MBEDTLS_SSL_SRV_C 40*62c56f98SSadaf Ebrahimi #define MBEDTLS_SSL_TLS_C 41*62c56f98SSadaf Ebrahimi 42*62c56f98SSadaf Ebrahimi /* TLS protocol feature support */ 43*62c56f98SSadaf Ebrahimi #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 44*62c56f98SSadaf Ebrahimi #define MBEDTLS_SSL_PROTO_TLS1_2 45*62c56f98SSadaf Ebrahimi 46*62c56f98SSadaf Ebrahimi /* 47*62c56f98SSadaf Ebrahimi * Use only CCM_8 ciphersuites, and 48*62c56f98SSadaf Ebrahimi * save ROM and a few bytes of RAM by specifying our own ciphersuite list 49*62c56f98SSadaf Ebrahimi */ 50*62c56f98SSadaf Ebrahimi #define MBEDTLS_SSL_CIPHERSUITES \ 51*62c56f98SSadaf Ebrahimi MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ 52*62c56f98SSadaf Ebrahimi MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 53*62c56f98SSadaf Ebrahimi 54*62c56f98SSadaf Ebrahimi /* 55*62c56f98SSadaf Ebrahimi * Save RAM at the expense of interoperability: do this only if you control 56*62c56f98SSadaf Ebrahimi * both ends of the connection! (See comments in "mbedtls/ssl.h".) 57*62c56f98SSadaf Ebrahimi * The optimal size here depends on the typical size of records. 58*62c56f98SSadaf Ebrahimi */ 59*62c56f98SSadaf Ebrahimi #define MBEDTLS_SSL_IN_CONTENT_LEN 1024 60*62c56f98SSadaf Ebrahimi #define MBEDTLS_SSL_OUT_CONTENT_LEN 1024 61*62c56f98SSadaf Ebrahimi 62*62c56f98SSadaf Ebrahimi /* Save RAM at the expense of ROM */ 63*62c56f98SSadaf Ebrahimi #define MBEDTLS_AES_ROM_TABLES 64*62c56f98SSadaf Ebrahimi 65*62c56f98SSadaf Ebrahimi /* Save some RAM by adjusting to your exact needs */ 66*62c56f98SSadaf Ebrahimi #define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ 67*62c56f98SSadaf Ebrahimi 68*62c56f98SSadaf Ebrahimi /* 69*62c56f98SSadaf Ebrahimi * You should adjust this to the exact number of sources you're using: default 70*62c56f98SSadaf Ebrahimi * is the "platform_entropy_poll" source, but you may want to add other ones 71*62c56f98SSadaf Ebrahimi * Minimum is 2 for the entropy test suite. 72*62c56f98SSadaf Ebrahimi */ 73*62c56f98SSadaf Ebrahimi #define MBEDTLS_ENTROPY_MAX_SOURCES 2 74*62c56f98SSadaf Ebrahimi 75*62c56f98SSadaf Ebrahimi /* These defines are present so that the config modifying scripts can enable 76*62c56f98SSadaf Ebrahimi * them during tests/scripts/test-ref-configs.pl */ 77*62c56f98SSadaf Ebrahimi //#define MBEDTLS_USE_PSA_CRYPTO 78*62c56f98SSadaf Ebrahimi //#define MBEDTLS_PSA_CRYPTO_C 79*62c56f98SSadaf Ebrahimi 80*62c56f98SSadaf Ebrahimi /* Error messages and TLS debugging traces 81*62c56f98SSadaf Ebrahimi * (huge code size increase, needed for tests/ssl-opt.sh) */ 82*62c56f98SSadaf Ebrahimi //#define MBEDTLS_DEBUG_C 83*62c56f98SSadaf Ebrahimi //#define MBEDTLS_ERROR_C 84