2024-04-25 15:05:31 +01:00
|
|
|
/**
|
|
|
|
|
* \file crypto-config-ccm-psk-tls1_2.h
|
|
|
|
|
*
|
|
|
|
|
* \brief Minimal crypto configuration for TLS 1.2 with
|
|
|
|
|
* PSK and AES-CCM ciphersuites
|
|
|
|
|
*/
|
|
|
|
|
/*
|
|
|
|
|
* Copyright The Mbed TLS Contributors
|
|
|
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* To be used in conjunction with configs/config-ccm-psk-tls1_2.h
|
|
|
|
|
* or configs/config-ccm-psk-dtls1_2.h. */
|
|
|
|
|
|
|
|
|
|
#ifndef PSA_CRYPTO_CONFIG_H
|
|
|
|
|
#define PSA_CRYPTO_CONFIG_H
|
|
|
|
|
|
|
|
|
|
#define PSA_WANT_ALG_CCM 1
|
|
|
|
|
#define PSA_WANT_ALG_SHA_256 1
|
|
|
|
|
#define PSA_WANT_ALG_TLS12_PRF 1
|
|
|
|
|
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
|
|
|
|
|
|
|
|
|
|
#define PSA_WANT_KEY_TYPE_AES 1
|
2024-11-01 16:50:13 +00:00
|
|
|
|
|
|
|
|
#define MBEDTLS_PSA_CRYPTO_C
|
|
|
|
|
|
|
|
|
|
/* System support */
|
Have MBEDTLS_TIMING_C require MBEDTLS_HAVE_TIME
Nowadays, the timing module just builds on a function that provides a timer
with millisecond resolution. In terms of platform requirements, this is
almost exactly equivalent to `mbedtls_ms_time()`
provides (`mbedtls_ms_time()` is arguably a little stronger because it is
supposed to last longer than a single timer object, but an application could
start a timer when it starts, so there's no real difference.) So it's a bit
silly that `timing.c` essentially reimplements this. Rely on
`mbedtls_ms_time()` instead.
This is an API break because in Mbed TLS 4.0, it was possible to enable
`MBEDTLS_TIMING_C` without `MBEDTLS_HAVE_TIME`. However, `timing.c` only
provided an implementation for Windows and Unix-like platforms, and on those
platforms, it is very likely that the default implementation of
`MBEDTLS_HAVE_TIME` would also work. (The main exception would be a platform
that has the traditional Unix function `gettimeofday()`, but not the 1990s
novelty `clock_gettime()`.) So make this an official requirement, as a
belated change that really should have gone into 4.0 if we'd taken the time
to dig into it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2026-02-19 16:26:18 +01:00
|
|
|
/* Optionally used in Hello messages. Needed for DTLS testing. */
|
|
|
|
|
#define MBEDTLS_HAVE_TIME
|
2024-11-01 16:50:13 +00:00
|
|
|
/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
|
|
|
|
|
|
|
|
|
|
#define MBEDTLS_CTR_DRBG_C
|
2025-07-15 13:09:00 +02:00
|
|
|
#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY
|
2024-11-01 16:50:13 +00:00
|
|
|
|
|
|
|
|
/* Save RAM at the expense of ROM */
|
|
|
|
|
#define MBEDTLS_AES_ROM_TABLES
|
|
|
|
|
|
2024-04-25 15:05:31 +01:00
|
|
|
#endif /* PSA_CRYPTO_CONFIG_H */
|