From 6739844daa9fa164873854cdbff1108c9afb2291 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 18 Sep 2024 10:20:03 +0200 Subject: [PATCH 1/2] mbedtls: remove unnecessary headers These headers are basically a copy of those found in the official Mbed TLS repo in the "configs" folder. However these are unmaintaned (i.e. not updated when Mbed TLS is bumped to a new version) and also unused in Zephyr. Therefore there's no benefit in keeping them around. Signed-off-by: Valerio Setti --- .../mbedtls/configs/config-ccm-psk-tls1_2.h | 114 -------------- modules/mbedtls/configs/config-coap.h | 104 ------------- modules/mbedtls/configs/config-mini-dtls1_2.h | 85 ----------- modules/mbedtls/configs/config-mini-tls1_1.h | 105 ------------- modules/mbedtls/configs/config-mini-tls1_2.h | 82 ---------- modules/mbedtls/configs/config-no-entropy.h | 120 --------------- modules/mbedtls/configs/config-suite-b.h | 144 ------------------ modules/mbedtls/configs/config-thread.h | 119 --------------- modules/mbedtls/configs/config-threadnet.h | 108 ------------- 9 files changed, 981 deletions(-) delete mode 100644 modules/mbedtls/configs/config-ccm-psk-tls1_2.h delete mode 100644 modules/mbedtls/configs/config-coap.h delete mode 100644 modules/mbedtls/configs/config-mini-dtls1_2.h delete mode 100644 modules/mbedtls/configs/config-mini-tls1_1.h delete mode 100644 modules/mbedtls/configs/config-mini-tls1_2.h delete mode 100644 modules/mbedtls/configs/config-no-entropy.h delete mode 100644 modules/mbedtls/configs/config-suite-b.h delete mode 100644 modules/mbedtls/configs/config-thread.h delete mode 100644 modules/mbedtls/configs/config-threadnet.h diff --git a/modules/mbedtls/configs/config-ccm-psk-tls1_2.h b/modules/mbedtls/configs/config-ccm-psk-tls1_2.h deleted file mode 100644 index 06d71f14545f..000000000000 --- a/modules/mbedtls/configs/config-ccm-psk-tls1_2.h +++ /dev/null @@ -1,114 +0,0 @@ -/** - * \file config-ccm-psk-tls1_2.h - * - * \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is provided under the Apache License 2.0, or the - * GNU General Public License v2.0 or later. - * - * ********** - * Apache License 2.0: - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ********** - * - * ********** - * GNU General Public License v2.0 or later: - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - * - * ********** - */ -/* - * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites - * Distinguishing features: - * - no bignum, no PK, no X509 - * - fully modern and secure (provided the pre-shared keys have high entropy) - * - very low record overhead with CCM-8 - * - optimized for low RAM usage - * - * See README.txt for usage instructions. - */ -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -/* System support */ -//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ -/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ - -/* mbed TLS feature support */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/* mbed TLS modules */ -#define MBEDTLS_AES_C -#define MBEDTLS_CCM_C -#define MBEDTLS_CIPHER_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_MD_C -#define MBEDTLS_NET_C -#define MBEDTLS_SHA224_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C - -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -/* Save some RAM by adjusting to your exact needs */ -#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ - -/* - * You should adjust this to the exact number of sources you're using: default - * is the "platform_entropy_poll" source, but you may want to add other ones - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 - -/* - * Use only CCM_8 ciphersuites, and - * save ROM and a few bytes of RAM by specifying our own ciphersuite list - */ -#define MBEDTLS_SSL_CIPHERSUITES \ - MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ - MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 - -/* - * Save RAM at the expense of interoperability: do this only if you control - * both ends of the connection! (See comments in "mbedtls/ssl.h".) - * The optimal size here depends on the typical size of records. - */ -#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 - -#include "mbedtls/check_config.h" - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-coap.h b/modules/mbedtls/configs/config-coap.h deleted file mode 100644 index f610eb20bc67..000000000000 --- a/modules/mbedtls/configs/config-coap.h +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -/* - * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites - * Distinguishing features: - * - no bignum, no PK, no X509 - * - fully modern and secure (provided the pre-shared keys have high entropy) - * - very low record overhead with CCM-8 - * - optimized for low RAM usage - * - * See README.txt for usage instructions. - */ -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -/* System support */ -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_PLATFORM_MEMORY -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C -#define MBEDTLS_MEMORY_ALIGN_MULTIPLE (sizeof(void *)) -#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -#define MBEDTLS_PLATFORM_EXIT_ALT -#define MBEDTLS_NO_PLATFORM_ENTROPY -#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES -#define MBEDTLS_PLATFORM_PRINTF_ALT - -#if defined(CONFIG_MBEDTLS_TEST) -#define MBEDTLS_SELF_TEST -#define MBEDTLS_DEBUG_C -#else -#define MBEDTLS_ENTROPY_C -#endif - - -/* mbed TLS feature support */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -#define MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY - - -/* mbed TLS modules */ -#define MBEDTLS_AES_C -#define MBEDTLS_CCM_C -#define MBEDTLS_CIPHER_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_MD_C -#define MBEDTLS_SHA224_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SSL_COOKIE_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C - -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -/* Save some RAM by adjusting to your exact needs */ -#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ - -/* - * You should adjust this to the exact number of sources you're using: default - * is the "platform_entropy_poll" source, but you may want to add other ones - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 - -/* - * Use only CCM_8 ciphersuites, and - * save ROM and a few bytes of RAM by specifying our own ciphersuite list - */ -#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 - -/* - * Allow to save RAM at the expense of interoperability: do this only if you - * control both ends of the connection! (See comments in "mbedtls/ssl.h".) - * The optimal size here depends on the typical size of records. - */ -#define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN - -#include "mbedtls/check_config.h" - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-mini-dtls1_2.h b/modules/mbedtls/configs/config-mini-dtls1_2.h deleted file mode 100644 index ee0d70b59153..000000000000 --- a/modules/mbedtls/configs/config-mini-dtls1_2.h +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Copyright (c) 2017 Intel Corporation. - * - * SPDX-License-Identifier: Apache-2.0 - * - * Minimal configuration for DTLS 1.2 for Zephyr with PSK and AES-CCM - * ciphersuites. - * - * See README.txt for usage instructions. - */ -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -/* System support */ -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_PLATFORM_MEMORY -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C -#define MBEDTLS_MEMORY_ALIGN_MULTIPLE (sizeof(void *)) -#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -#define MBEDTLS_PLATFORM_EXIT_ALT -#define MBEDTLS_NO_PLATFORM_ENTROPY -#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES -#define MBEDTLS_PLATFORM_PRINTF_ALT - -#if defined(CONFIG_MBEDTLS_TEST) -#define MBEDTLS_SELF_TEST -#define MBEDTLS_DEBUG_C -#else -#define MBEDTLS_ENTROPY_C -#endif - -/* mbed TLS feature support */ -#define MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_PKCS1_V15 -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -#define MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY - -/* mbed TLS modules */ -#define MBEDTLS_AES_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_CIPHER_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_DES_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_MD_C -#define MBEDTLS_MD5_C -#define MBEDTLS_OID_C -#define MBEDTLS_RSA_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_SHA1_C -#define MBEDTLS_SHA224_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_USE_C -#define MBEDTLS_CCM_C -#define MBEDTLS_SSL_COOKIE_C - -/* For test certificates */ -#define MBEDTLS_BASE64_C -#define MBEDTLS_CERTS_C - -#if defined(CONFIG_MBEDTLS_DEBUG) -#define MBEDTLS_ERROR_C -#define MBEDTLS_DEBUG_C -#define MBEDTLS_SSL_DEBUG_ALL -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES -#endif - -#define MBEDTLS_SSL_MAX_CONTENT_LEN 1500 - -#include "mbedtls/check_config.h" - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-mini-tls1_1.h b/modules/mbedtls/configs/config-mini-tls1_1.h deleted file mode 100644 index da8bf795c1d8..000000000000 --- a/modules/mbedtls/configs/config-mini-tls1_1.h +++ /dev/null @@ -1,105 +0,0 @@ -/** - * \file config-mini-tls1_1.h - * - * \brief Minimal configuration for TLS 1.1 (RFC 4346) - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is provided under the Apache License 2.0, or the - * GNU General Public License v2.0 or later. - * - * ********** - * Apache License 2.0: - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ********** - * - * ********** - * GNU General Public License v2.0 or later: - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - * - * ********** - */ -/* - * Minimal configuration for TLS 1.1 (RFC 4346), implementing only the - * required ciphersuite: MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - * - * See README.txt for usage instructions. - */ - -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -/* System support */ -#define MBEDTLS_HAVE_ASM -#define MBEDTLS_HAVE_TIME -#define MBEDTLS_PLATFORM_MS_TIME_ALT - -/* mbed TLS feature support */ -#define MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_PKCS1_V15 -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -#define MBEDTLS_SSL_PROTO_TLS1_1 - -/* mbed TLS modules */ -#define MBEDTLS_AES_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_CIPHER_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_DES_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_MD_C -#define MBEDTLS_MD5_C -#define MBEDTLS_NET_C -#define MBEDTLS_OID_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_RSA_C -#define MBEDTLS_SHA1_C -#define MBEDTLS_SHA224_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_USE_C - -/* For test certificates */ -#define MBEDTLS_BASE64_C -#define MBEDTLS_CERTS_C -#define MBEDTLS_PEM_PARSE_C - -/* For testing with compat.sh */ -#define MBEDTLS_FS_IO - -#include "mbedtls/check_config.h" - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-mini-tls1_2.h b/modules/mbedtls/configs/config-mini-tls1_2.h deleted file mode 100644 index 4045fe70478e..000000000000 --- a/modules/mbedtls/configs/config-mini-tls1_2.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Copyright (c) 2017 Intel Corporation. - * - * SPDX-License-Identifier: Apache-2.0 - * - * Minimal configuration for TLS 1.2 (RFC 5246) for Zephyr, implementing only - * a few of the most popular ciphersuites. - */ - -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -/* System support */ -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_PLATFORM_MEMORY -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C -#define MBEDTLS_MEMORY_ALIGN_MULTIPLE (sizeof(void *)) -#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -#define MBEDTLS_PLATFORM_EXIT_ALT -#define MBEDTLS_NO_PLATFORM_ENTROPY -#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES -#define MBEDTLS_PLATFORM_PRINTF_ALT -#define MBEDTLS_PLATFORM_SNPRINTF_ALT - -#if !defined(CONFIG_ARM) -#define MBEDTLS_HAVE_ASM -#endif - -#if defined(CONFIG_MBEDTLS_TEST) -#define MBEDTLS_SELF_TEST -#define MBEDTLS_DEBUG_C -#else -#define MBEDTLS_ENTROPY_C -#endif - -/* mbed TLS feature support */ -#define MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_PKCS1_V15 -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/* mbed TLS modules */ -#define MBEDTLS_AES_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_CIPHER_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_DES_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_MD_C -#define MBEDTLS_MD5_C -#define MBEDTLS_OID_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_RSA_C -#define MBEDTLS_SHA1_C -#define MBEDTLS_SHA224_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_USE_C - -/* For test certificates */ -#define MBEDTLS_BASE64_C -#define MBEDTLS_CERTS_C - -#if defined(CONFIG_MBEDTLS_DEBUG) -#define MBEDTLS_ERROR_C -#define MBEDTLS_DEBUG_C -#define MBEDTLS_SSL_DEBUG_ALL -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES -#endif - -#define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN - -#include "mbedtls/check_config.h" - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-no-entropy.h b/modules/mbedtls/configs/config-no-entropy.h deleted file mode 100644 index b3406a394b42..000000000000 --- a/modules/mbedtls/configs/config-no-entropy.h +++ /dev/null @@ -1,120 +0,0 @@ -/** - * \file config-no-entropy.h - * - * \brief Minimal configuration of features that do not require an entropy source - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is provided under the Apache License 2.0, or the - * GNU General Public License v2.0 or later. - * - * ********** - * Apache License 2.0: - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ********** - * - * ********** - * GNU General Public License v2.0 or later: - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - * - * ********** - */ -/* - * Minimal configuration of features that do not require an entropy source - * Distinguishing features: - * - no entropy module - * - no TLS protocol implementation available due to absence of an entropy - * source - * - * See README.txt for usage instructions. - */ - -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -/* System support */ -#define MBEDTLS_HAVE_ASM -#define MBEDTLS_HAVE_TIME -#define MBEDTLS_PLATFORM_MS_TIME_ALT - -/* mbed TLS feature support */ -#define MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_NIST_OPTIM -#define MBEDTLS_ECDSA_DETERMINISTIC -#define MBEDTLS_PK_RSA_ALT_SUPPORT -#define MBEDTLS_PKCS1_V15 -#define MBEDTLS_PKCS1_V21 -#define MBEDTLS_SELF_TEST -#define MBEDTLS_VERSION_FEATURES -#define MBEDTLS_X509_CHECK_KEY_USAGE -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - -/* mbed TLS modules */ -#define MBEDTLS_AES_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BASE64_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_CCM_C -#define MBEDTLS_CIPHER_C -#define MBEDTLS_ECDSA_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ERROR_C -#define MBEDTLS_GCM_C -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_MD_C -#define MBEDTLS_OID_C -#define MBEDTLS_PEM_PARSE_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_RSA_C -#define MBEDTLS_SHA224_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SHA384_C -#define MBEDTLS_SHA512_C -#define MBEDTLS_VERSION_C -#define MBEDTLS_X509_USE_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_CRL_PARSE_C -//#define MBEDTLS_CMAC_C - -/* Miscellaneous options */ -#define MBEDTLS_AES_ROM_TABLES - -#include "check_config.h" - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-suite-b.h b/modules/mbedtls/configs/config-suite-b.h deleted file mode 100644 index 7468f7633580..000000000000 --- a/modules/mbedtls/configs/config-suite-b.h +++ /dev/null @@ -1,144 +0,0 @@ -/** - * \file config-suite-b.h - * - * \brief Minimal configuration for TLS NSA Suite B Profile (RFC 6460) - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is provided under the Apache License 2.0, or the - * GNU General Public License v2.0 or later. - * - * ********** - * Apache License 2.0: - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ********** - * - * ********** - * GNU General Public License v2.0 or later: - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - * - * ********** - */ -/* - * Minimal configuration for TLS NSA Suite B Profile (RFC 6460) - * - * Distinguishing features: - * - no RSA or classic DH, fully based on ECC - * - optimized for low RAM usage - * - * Possible improvements: - * - if 128-bit security is enough, disable secp384r1 and SHA-512 - * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C - * - * See README.txt for usage instructions. - */ - -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -/* System support */ -#define MBEDTLS_HAVE_ASM -#define MBEDTLS_HAVE_TIME -#define MBEDTLS_PLATFORM_MS_TIME_ALT - -/* mbed TLS feature support */ -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/* mbed TLS modules */ -#define MBEDTLS_AES_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_CIPHER_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ECDH_C -#define MBEDTLS_ECDSA_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_GCM_C -#define MBEDTLS_MD_C -#define MBEDTLS_NET_C -#define MBEDTLS_OID_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_SHA224_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SHA384_C -#define MBEDTLS_SHA512_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_USE_C - -/* For test certificates */ -#define MBEDTLS_BASE64_C -#define MBEDTLS_CERTS_C -#define MBEDTLS_PEM_PARSE_C - -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -/* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_MPI_MAX_SIZE 48 // 384 bits is 48 bytes - -/* Save RAM at the expense of speed, see ecp.h */ -#define MBEDTLS_ECP_WINDOW_SIZE 2 -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 - -/* Significant speed benefit at the expense of some ROM */ -#define MBEDTLS_ECP_NIST_OPTIM - -/* - * You should adjust this to the exact number of sources you're using: default - * is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones. - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 - -/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ -#define MBEDTLS_SSL_CIPHERSUITES \ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - -/* - * Save RAM at the expense of interoperability: do this only if you control - * both ends of the connection! (See comments in "mbedtls/ssl.h".) - * The minimum size here depends on the certificate chain used as well as the - * typical size of records. - */ -#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 - -#include "mbedtls/check_config.h" - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-thread.h b/modules/mbedtls/configs/config-thread.h deleted file mode 100644 index 24ac5a928cba..000000000000 --- a/modules/mbedtls/configs/config-thread.h +++ /dev/null @@ -1,119 +0,0 @@ -/** - * \file config-thread.h - * - * \brief Minimal configuration for using TLS as part of Thread - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is provided under the Apache License 2.0, or the - * GNU General Public License v2.0 or later. - * - * ********** - * Apache License 2.0: - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ********** - * - * ********** - * GNU General Public License v2.0 or later: - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - * - * ********** - */ - -/* - * Minimal configuration for using TLS a part of Thread - * http://threadgroup.org/ - * - * Distinguishing features: - * - no RSA or classic DH, fully based on ECC - * - no X.509 - * - support for experimental EC J-PAKE key exchange - * - * See README.txt for usage instructions. - */ - -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -/* System support */ -#define MBEDTLS_HAVE_ASM - -/* mbed TLS feature support */ -#define MBEDTLS_AES_ROM_TABLES -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_NIST_OPTIM -#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -#define MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY -#define MBEDTLS_SSL_EXPORT_KEYS - -/* mbed TLS modules */ -#define MBEDTLS_AES_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_CCM_C -#define MBEDTLS_CIPHER_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_CMAC_C -#define MBEDTLS_ECJPAKE_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_MD_C -#define MBEDTLS_OID_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_SHA224_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SSL_COOKIE_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C - -/* For tests using ssl-opt.sh */ -#define MBEDTLS_NET_C -#define MBEDTLS_TIMING_C - -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -/* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes - -/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ -#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 - -#include "mbedtls/check_config.h" - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/modules/mbedtls/configs/config-threadnet.h b/modules/mbedtls/configs/config-threadnet.h deleted file mode 100644 index c6676f034339..000000000000 --- a/modules/mbedtls/configs/config-threadnet.h +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Minimal configuration for using TLS as part of Thread - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -/* - * Minimal configuration for using TLS a part of Thread - * http://threadgroup.org/ - * - * Distinguishing features: - * - no RSA or classic DH, fully based on ECC - * - no X.509 - * - support for experimental EC J-PAKE key exchange - * - * See README.txt for usage instructions. - */ - -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -/* System support */ -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_PLATFORM_MEMORY -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C -#define MBEDTLS_MEMORY_ALIGN_MULTIPLE (sizeof(void *)) -#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -#define MBEDTLS_PLATFORM_EXIT_ALT -#define MBEDTLS_NO_PLATFORM_ENTROPY -#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES -#define MBEDTLS_PLATFORM_PRINTF_ALT - -#if !defined(CONFIG_ARM) -#define MBEDTLS_HAVE_ASM -#endif - -#if defined(CONFIG_MBEDTLS_TEST) -#define MBEDTLS_SELF_TEST -#define MBEDTLS_DEBUG_C -#else -#define MBEDTLS_ENTROPY_C -#endif - -/* mbed TLS feature support */ -#define MBEDTLS_AES_ROM_TABLES -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_NIST_OPTIM -#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -#define MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY -#define MBEDTLS_SSL_EXPORT_KEYS - -/* mbed TLS modules */ -#define MBEDTLS_AES_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_CCM_C -#define MBEDTLS_CIPHER_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_CMAC_C -#define MBEDTLS_ECJPAKE_C -#define MBEDTLS_ECP_C -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_MD_C -#define MBEDTLS_OID_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_SHA224_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SSL_COOKIE_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C - - -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -/* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes - -#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 - -/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ -#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 - -#include "mbedtls/check_config.h" - -#endif /* MBEDTLS_CONFIG_H */ From 17ee3312e7909d41e81a50bdb7fa5086210e2f18 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 17 Feb 2025 11:57:03 +0100 Subject: [PATCH 2/2] mbedtls: rename tls-generic Kconfig and configuration header file Since there's now a single Kconfig and header file for Mbed TLS it makes more sense to name them: - Kconfig.mbedtls (instead of Kconfig.tls-generic) - config-mbedtls.h (instead config-tls-generic.h) Signed-off-by: Valerio Setti --- modules/mbedtls/Kconfig | 4 ++-- modules/mbedtls/{Kconfig.tls-generic => Kconfig.mbedtls} | 2 +- .../configs/{config-tls-generic.h => config-mbedtls.h} | 0 3 files changed, 3 insertions(+), 3 deletions(-) rename modules/mbedtls/{Kconfig.tls-generic => Kconfig.mbedtls} (99%) rename modules/mbedtls/configs/{config-tls-generic.h => config-mbedtls.h} (100%) diff --git a/modules/mbedtls/Kconfig b/modules/mbedtls/Kconfig index cb178fb3c273..bf165473f17f 100644 --- a/modules/mbedtls/Kconfig +++ b/modules/mbedtls/Kconfig @@ -52,7 +52,7 @@ config CUSTOM_MBEDTLS_CFG_FILE config MBEDTLS_CFG_FILE string "mbed TLS configuration file" if CUSTOM_MBEDTLS_CFG_FILE depends on MBEDTLS_BUILTIN - default "config-tls-generic.h" + default "config-mbedtls.h" help Use a specific mbedTLS configuration file. The default config file file can be tweaked with Kconfig. The default configuration is @@ -61,7 +61,7 @@ config MBEDTLS_CFG_FILE special TLS usage, use available Kconfig options, or select an alternative config. -rsource "Kconfig.tls-generic" +rsource "Kconfig.mbedtls" config MBEDTLS_SSL_MAX_CONTENT_LEN int "Max payload size for TLS protocol message" diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.mbedtls similarity index 99% rename from modules/mbedtls/Kconfig.tls-generic rename to modules/mbedtls/Kconfig.mbedtls index 6505539082ad..59c05db06031 100644 --- a/modules/mbedtls/Kconfig.tls-generic +++ b/modules/mbedtls/Kconfig.mbedtls @@ -5,7 +5,7 @@ # SPDX-License-Identifier: Apache-2.0 menu "Mbed TLS configuration" - depends on MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" + depends on MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-mbedtls.h" menu "TLS" diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-mbedtls.h similarity index 100% rename from modules/mbedtls/configs/config-tls-generic.h rename to modules/mbedtls/configs/config-mbedtls.h