mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-05-20 16:13:50 +03:00
Add a crypto config file for suite-b
Also converts legacy symbols into their PSA equivalents. When PSA is defined this does not change the compiled code Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This commit is contained in:
Ryan Everett
Ronald Cron
parent
0a0393e8bd
commit
4540cd3429
@ -32,17 +32,13 @@
|
||||
#define MBEDTLS_SSL_PROTO_TLS1_2
|
||||
|
||||
/* Mbed TLS modules */
|
||||
#define MBEDTLS_AES_C
|
||||
#define MBEDTLS_ASN1_PARSE_C
|
||||
#define MBEDTLS_ASN1_WRITE_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_CIPHER_C
|
||||
#define MBEDTLS_CTR_DRBG_C
|
||||
#define MBEDTLS_ECDH_C
|
||||
#define MBEDTLS_ECDSA_C
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_ENTROPY_C
|
||||
#define MBEDTLS_GCM_C
|
||||
#define MBEDTLS_MD_C
|
||||
#define MBEDTLS_NET_C
|
||||
#define MBEDTLS_OID_C
|
||||
|
||||
50
configs/crypto-config-suite-b.h
Normal file
50
configs/crypto-config-suite-b.h
Normal file
@ -0,0 +1,50 @@
|
||||
/**
|
||||
* \file crypto-config-symmetric-only.h
|
||||
*
|
||||
* \brief \brief Minimal crypto configuration for
|
||||
* TLS NSA Suite B Profile (RFC 6460).
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/**
|
||||
* Minimal crypto configuration for TLS NSA Suite B Profile (RFC 6460)
|
||||
*
|
||||
* Distinguishing features:
|
||||
* - no RSA or classic DH, fully based on ECC
|
||||
* - optimized for low RAM usage
|
||||
*
|
||||
* Possible improvements:
|
||||
* - if 128-bit security is enough, disable secp384r1 and SHA-512
|
||||
* - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C
|
||||
*
|
||||
* To be used in conjunction with configs/config-suite-b.h. */
|
||||
|
||||
#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-suite-b.h"
|
||||
|
||||
#define MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
|
||||
#ifndef PSA_CRYPTO_CONFIG_H
|
||||
#define PSA_CRYPTO_CONFIG_H
|
||||
|
||||
#define PSA_WANT_ALG_ECB_NO_PADDING 1
|
||||
#define PSA_WANT_ALG_ECDH 1
|
||||
#define PSA_WANT_ALG_ECDSA 1
|
||||
#define PSA_WANT_ALG_GCM 1
|
||||
#define PSA_WANT_ALG_HMAC 1
|
||||
#define PSA_WANT_ALG_SHA_256 1
|
||||
#define PSA_WANT_ALG_SHA_384 1
|
||||
#define PSA_WANT_ALG_SHA_512 1
|
||||
#define PSA_WANT_ECC_SECP_R1_256 1
|
||||
#define PSA_WANT_ALG_TLS12_PRF 1
|
||||
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
|
||||
#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
|
||||
|
||||
#define PSA_WANT_KEY_TYPE_AES 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
|
||||
#define PSA_WANT_KEY_TYPE_HMAC 1
|
||||
#endif /* PSA_CRYPTO_CONFIG_H */
|
||||
Loading…
x
Reference in New Issue
Block a user