source: azure_iot_hub_mbedtls/trunk/mbedtls-2.16.1/include/mbedtls/config.h@ 398

Last change on this file since 398 was 398, checked in by coas-nagasima, 5 years ago

mbedTLS版Azure IoT Hub接続サンプルのソースコードを追加
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-chdr;charset=UTF-8
File size: 5.1 KB
Line 
1/**
2 * \file config-suite-b.h
3 *
4 * \brief Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
5 */
6/*
7 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8 * SPDX-License-Identifier: Apache-2.0
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
21 *
22 * This file is part of mbed TLS (https://tls.mbed.org)
23 */
24/*
25 * Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
26 *
27 * Distinguishing features:
28 * - no RSA or classic DH, fully based on ECC
29 * - optimized for low RAM usage
30 *
31 * Possible improvements:
32 * - if 128-bit security is enough, disable secp384r1 and SHA-512
33 * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C
34 *
35 * See README.txt for usage instructions.
36 */
37
38#ifndef MBEDTLS_CONFIG_H
39#define MBEDTLS_CONFIG_H
40
41//#define MBEDTLS_PLATFORM_C
42#define unix
43#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
44#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
45#define MBEDTLS_SHA1_C
46#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
47#define MBEDTLS_SSL_RENEGOTIATION
48
49#define MBEDTLS_DEBUG_C
50
51#define MBEDTLS_RSA_C
52#define MBEDTLS_PKCS1_V15
53
54/* System support */
55#define MBEDTLS_HAVE_ASM
56#define MBEDTLS_HAVE_TIME
57
58/* mbed TLS feature support */
59#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
60#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
61#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
62#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
63#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
64#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
65#define MBEDTLS_SSL_PROTO_TLS1_2
66
67/* mbed TLS modules */
68#define MBEDTLS_AES_C
69#define MBEDTLS_ASN1_PARSE_C
70#define MBEDTLS_ASN1_WRITE_C
71#define MBEDTLS_BIGNUM_C
72#define MBEDTLS_CIPHER_C
73#define MBEDTLS_CTR_DRBG_C
74#define MBEDTLS_ECDH_C
75#define MBEDTLS_ECDSA_C
76#define MBEDTLS_ECP_C
77#define MBEDTLS_ENTROPY_C
78#define MBEDTLS_GCM_C
79#define MBEDTLS_MD_C
80#define MBEDTLS_NET_C
81#define MBEDTLS_OID_C
82#define MBEDTLS_PK_C
83#define MBEDTLS_PK_PARSE_C
84#define MBEDTLS_SHA256_C
85#define MBEDTLS_SHA512_C
86#define MBEDTLS_SSL_CLI_C
87#define MBEDTLS_SSL_SRV_C
88#define MBEDTLS_SSL_TLS_C
89#define MBEDTLS_X509_CRT_PARSE_C
90#define MBEDTLS_X509_USE_C
91#define MBEDTLS_DHM_C
92
93/* For test certificates */
94#define MBEDTLS_BASE64_C
95#define MBEDTLS_CERTS_C
96#define MBEDTLS_PEM_PARSE_C
97
98/* Save RAM at the expense of ROM */
99#define MBEDTLS_AES_ROM_TABLES
100
101/* Save RAM by adjusting to our exact needs */
102#define MBEDTLS_ECP_MAX_BITS 384
103#define MBEDTLS_MPI_MAX_SIZE 512
104
105/* Save RAM at the expense of speed, see ecp.h */
106#define MBEDTLS_ECP_WINDOW_SIZE 2
107#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0
108
109/* Significant speed benefit at the expense of some ROM */
110#define MBEDTLS_ECP_NIST_OPTIM
111
112/*
113 * You should adjust this to the exact number of sources you're using: default
114 * is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones.
115 * Minimum is 2 for the entropy test suite.
116 */
117#define MBEDTLS_ENTROPY_MAX_SOURCES 2
118
119/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
120#define MBEDTLS_SSL_CIPHERSUITES \
121 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \
122 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \
123 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, \
124 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \
125 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, \
126 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, \
127 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, \
128 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, \
129 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, \
130 MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, \
131 MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, \
132 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, \
133 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \
134 MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, \
135 MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, \
136 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, \
137 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \
138 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \
139 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
140 MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, \
141 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, \
142 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
143
144/*
145 * Save RAM at the expense of interoperability: do this only if you control
146 * both ends of the connection! (See coments in "mbedtls/ssl.h".)
147 * The minimum size here depends on the certificate chain used as well as the
148 * typical size of records.
149 */
150#define MBEDTLS_SSL_MAX_CONTENT_LEN 5120
151
152#include "mbedtls/check_config.h"
153
154#endif /* MBEDTLS_CONFIG_H */
Note: See TracBrowser for help on using the repository browser.