/* * Minimal configuration for DTLS 1.2 with Raw Public Key and AES-CCM ciphersuites * See README.txt for usage instructions. */ #ifndef MBEDTLS_CONFIG_H #define MBEDTLS_CONFIG_H /* System support */ //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ #define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_TIME #define MBEDTLS_HAVE_TIME_DATE #define MBEDTLS_DEPRECATED_REMOVED /* mbed TLS feature support */ // TODO maybe MBEDTLS_AES_ALT and use OpenSSL from node? #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_NIST_OPTIM #define MBEDTLS_ECDSA_DETERMINISTIC #define MBEDTLS_SSL_PROTO_TLS1_2 #define MBEDTLS_SSL_PROTO_DTLS #define MBEDTLS_SSL_DTLS_ANTI_REPLAY #define MBEDTLS_SSL_DTLS_HELLO_VERIFY #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT #define MBEDTLS_SSL_DTLS_HANDSHAKE_QUEUE #define MBEDTLS_SSL_RAW_PUBLIC_KEY_SUPPORT /* mbed TLS modules */ #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_AES_C #define MBEDTLS_CCM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_MD_C #define MBEDTLS_SHA256_C #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_TLS_C #define MBEDTLS_AESNI_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_ECDH_C #define MBEDTLS_ECDSA_C #define MBEDTLS_ECP_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_SSL_COOKIE_C #define MBEDTLS_TIMING_C #define MBEDTLS_OID_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C #define MBEDTLS_PK_WRITE_C #define MBEDTLS_X509_USE_C #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_PEM_PARSE_C #define MBEDTLS_PEM_WRITE_C #define MBEDTLS_BASE64_C #define MBEDTLS_DEBUG_C #define MBEDTLS_ERROR_C /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES /* * You should adjust this to the exact number of sources you're using: default * is the "platform_entropy_poll" source, but you may want to add other ones * Minimum is 2 for the entropy test suite. */ #define MBEDTLS_ENTROPY_MAX_SOURCES 2 /* * Use only CCM_8 ciphersuites, and * save ROM and a few bytes of RAM by specifying our own ciphersuite list */ #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_SSL_CIPHERSUITES \ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 /* * Save RAM at the expense of interoperability: do this only if you control * both ends of the connection! (See comments in "mbedtls/ssl.h".) * The optimal size here depends on the typical size of records. */ #define MBEDTLS_SSL_MAX_CONTENT_LEN 768 #include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */