diff --git a/Components/Network/Interface/TLS_mbed.c b/Components/Network/Interface/TLS_mbed.c index 55ab3662..7cfa47ef 100644 --- a/Components/Network/Interface/TLS_mbed.c +++ b/Components/Network/Interface/TLS_mbed.c @@ -33,6 +33,9 @@ #if defined(MBEDTLS_SSL_CACHE_C) #include "mbedtls/ssl_cache.h" #endif +#if defined(MBEDTLS_SSL_TICKET_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) + #include "mbedtls/ssl_ticket.h" +#endif #if defined(MBEDTLS_DEBUG_C) #include #endif @@ -67,6 +70,10 @@ static mbedtls_pk_context pkey_srv; #if defined(MBEDTLS_SSL_CACHE_C) static mbedtls_ssl_cache_context cache; #endif +#if defined(MBEDTLS_SSL_TICKET_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) +static mbedtls_ssl_ticket_context ticket; +static uint32_t last_ostick; +#endif #endif #ifdef __TLS_CLIENT static mbedtls_ssl_config conf_cli; @@ -372,6 +379,9 @@ static int32_t tls_init (void) { #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_init (&cache); #endif +#if defined(MBEDTLS_SSL_TICKET_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) + mbedtls_ssl_ticket_init (&ticket); +#endif #endif #ifdef __TLS_CLIENT mbedtls_ssl_config_init (&conf_cli); @@ -380,7 +390,7 @@ static int32_t tls_init (void) { #endif #endif -#if (MBEDTLS_VERSION_MAJOR == 4) +#if (MBEDTLS_VERSION_MAJOR == 4) ret = psa_crypto_init(); if (ret != PSA_SUCCESS) { /* PSA Crypto initialization failed */ @@ -431,28 +441,26 @@ static int32_t tls_init (void) { buf = netTLS_GetServerKey (&buf_len); if (buf == NULL) { -#if (MBEDTLS_VERSION_MAJOR == 3) + #if (MBEDTLS_VERSION_MAJOR == 3) ret = mbedtls_pk_parse_key (&pkey_srv, NetSecurity_ServerKey, NetSecurity_ServerKey_Len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg); -#endif -#if (MBEDTLS_VERSION_MAJOR == 4) + #elif (MBEDTLS_VERSION_MAJOR == 4) ret = mbedtls_pk_parse_key (&pkey_srv, NetSecurity_ServerKey, NetSecurity_ServerKey_Len, NULL, 0); -#endif + #endif } else { -#if (MBEDTLS_VERSION_MAJOR == 3) + #if (MBEDTLS_VERSION_MAJOR == 3) ret = mbedtls_pk_parse_key (&pkey_srv, buf, buf_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg); -#endif -#if (MBEDTLS_VERSION_MAJOR == 4) + #elif (MBEDTLS_VERSION_MAJOR == 4) ret = mbedtls_pk_parse_key (&pkey_srv, buf, buf_len, NULL, 0); -#endif + #endif netTLS_ReleaseMemory (buf); } if (ret != 0) { @@ -516,9 +524,23 @@ static int32_t tls_init (void) { mbedtls_ssl_conf_rng (&conf_srv, mbedtls_ctr_drbg_random, &ctr_drbg); #endif #if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_cache_set_max_entries (&cache, 5); mbedtls_ssl_conf_session_cache (&conf_srv, &cache, mbedtls_ssl_cache_get, mbedtls_ssl_cache_set); +#endif +#if defined(MBEDTLS_SSL_TICKET_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) +#if (MBEDTLS_VERSION_MAJOR == 3) + mbedtls_ssl_ticket_setup (&ticket, mbedtls_ctr_drbg_random, &ctr_drbg, + MBEDTLS_CIPHER_AES_256_GCM, 3600); +#elif (MBEDTLS_VERSION_MAJOR == 4) + mbedtls_ssl_ticket_setup (&ticket, PSA_ALG_GCM, PSA_KEY_TYPE_AES, 256, 3600); +#endif + mbedtls_ssl_conf_session_tickets_cb (&conf_srv, + mbedtls_ssl_ticket_write, + mbedtls_ssl_ticket_parse, + &ticket); + last_ostick = osKernelGetTickCount(); #endif mbedtls_ssl_conf_ca_chain (&conf_srv, srvcert.next, NULL); ret = mbedtls_ssl_conf_own_cert (&conf_srv, &srvcert, &pkey_srv); @@ -532,6 +554,9 @@ static int32_t tls_init (void) { #if (MBEDTLS_VERSION_MAJOR == 3) mbedtls_ssl_conf_rng (&conf_cli, mbedtls_ctr_drbg_random, &ctr_drbg); #endif +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + mbedtls_ssl_conf_max_frag_len(&conf_cli, MBEDTLS_SSL_MAX_FRAG_LEN_4096); +#endif #ifdef __TLS_CLIENT_CA mbedtls_ssl_conf_ca_chain (&conf_cli, &cacert, NULL); #endif @@ -568,11 +593,14 @@ static void tls_uninit (void) { #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free (&cache); #endif +#if defined(MBEDTLS_SSL_TICKET_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) + mbedtls_ssl_ticket_free (&ticket); +#endif #endif /* Uninit central random generator */ - mbedtls_ctr_drbg_free( &ctr_drbg ); - mbedtls_entropy_free( &entropy ); + mbedtls_ctr_drbg_free (&ctr_drbg); + mbedtls_entropy_free (&entropy); } /** @@ -612,6 +640,21 @@ static void tls_run (void) { } mbedtls_ssl_set_bio (tls_s->ssl, tls_s, (mbedtls_ssl_send_t *)bio_send, (mbedtls_ssl_recv_t *)bio_recv, NULL); + #if defined(MBEDTLS_SSL_TICKET_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) + /* Rotate ticket keys after timeout of 1 hour */ + uint32_t ostick = osKernelGetTickCount(); + if ((ostick - last_ostick) > 3600000) { + last_ostick = ostick; + mbedtls_ssl_ticket_free (&ticket); + mbedtls_ssl_ticket_init (&ticket); + #if (MBEDTLS_VERSION_MAJOR == 3) + mbedtls_ssl_ticket_setup (&ticket, mbedtls_ctr_drbg_random, &ctr_drbg, + MBEDTLS_CIPHER_AES_256_GCM, 3600); + #elif (MBEDTLS_VERSION_MAJOR == 4) + mbedtls_ssl_ticket_setup (&ticket, PSA_ALG_GCM, PSA_KEY_TYPE_AES, 256, 3600); + #endif + } + #endif tls_s->State = TLS_STATE_HANDSHAKE; ctrl.busy = true; break; diff --git a/Components/Network/Interface/TLS_mbed.h b/Components/Network/Interface/TLS_mbed.h index a587667e..36609c66 100644 --- a/Components/Network/Interface/TLS_mbed.h +++ b/Components/Network/Interface/TLS_mbed.h @@ -1,6 +1,6 @@ /*------------------------------------------------------------------------------ * MDK Middleware - Component ::Network - * Copyright (c) 2004-2024 Arm Limited (or its affiliates). All rights reserved. + * Copyright (c) 2004-2026 Arm Limited (or its affiliates). All rights reserved. *------------------------------------------------------------------------------ * Name: TLS_mbed.h * Purpose: TLS Interface definitions @@ -46,11 +46,11 @@ #error "mbedTLS_config: MBEDTLS_SSL_TLS_C not defined" #endif -#if !defined(MBEDTLS_RSA_C) +#if !defined(MBEDTLS_RSA_C) && (MBEDTLS_VERSION_MAJOR == 3) #error "mbedTLS_config: MBEDTLS_RSA_C not defined" #endif -#if !defined(MBEDTLS_BIGNUM_C) +#if !defined(MBEDTLS_BIGNUM_C) && (MBEDTLS_VERSION_MAJOR == 3) #error "mbedTLS_config: MBEDTLS_BIGNUM_C not defined" #endif @@ -62,7 +62,7 @@ #error "mbedTLS_config: MBEDTLS_X509_CRT_PARSE_C not defined" #endif -#if !defined(MBEDTLS_ENTROPY_C) +#if !defined(MBEDTLS_ENTROPY_C) && (MBEDTLS_VERSION_MAJOR == 3) #error "mbedTLS_config: MBEDTLS_ENTROPY_C not defined" #endif diff --git a/Examples/Network/HTTPS_Server/app_crypto_config.h b/Examples/Network/HTTPS_Server/app_crypto_config.h index bebed365..6a9320c4 100644 --- a/Examples/Network/HTTPS_Server/app_crypto_config.h +++ b/Examples/Network/HTTPS_Server/app_crypto_config.h @@ -1,126 +1,50 @@ /** - * PSA crypto configuration template for HTTPS - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * PSA crypto configuration for HTTPS server + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define TF_PSA_CRYPTO_CONFIG_VERSION 0x01000000 -/* Cryptographic mechanism selection (PSA API) */ -#define PSA_WANT_ALG_CBC_NO_PADDING 1 -#define PSA_WANT_ALG_CBC_PKCS7 1 -#define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 -#define PSA_WANT_ALG_CMAC 1 -#define PSA_WANT_ALG_CFB 1 -#define PSA_WANT_ALG_CHACHA20_POLY1305 1 -#define PSA_WANT_ALG_CTR 1 -#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 -#define PSA_WANT_ALG_ECB_NO_PADDING 1 +/* Cryptographic mechanism selection (PSA API) */ #define PSA_WANT_ALG_ECDH 1 -#define PSA_WANT_ALG_FFDH 1 #define PSA_WANT_ALG_ECDSA 1 -#define PSA_WANT_ALG_JPAKE 1 #define PSA_WANT_ALG_GCM 1 -#define PSA_WANT_ALG_HKDF 1 -#define PSA_WANT_ALG_HKDF_EXTRACT 1 -#define PSA_WANT_ALG_HKDF_EXPAND 1 -#define PSA_WANT_ALG_HMAC 1 -#define PSA_WANT_ALG_MD5 1 -#define PSA_WANT_ALG_OFB 1 -#define PSA_WANT_ALG_PBKDF2_HMAC 1 -#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1 -#define PSA_WANT_ALG_RIPEMD160 1 #define PSA_WANT_ALG_RSA_OAEP 1 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 #define PSA_WANT_ALG_RSA_PSS 1 -#define PSA_WANT_ALG_SHA_1 1 -#define PSA_WANT_ALG_SHA_224 1 #define PSA_WANT_ALG_SHA_256 1 -#define PSA_WANT_ALG_SHA_384 1 -#define PSA_WANT_ALG_SHA_512 1 -#define PSA_WANT_ALG_SHA3_224 1 -#define PSA_WANT_ALG_SHA3_256 1 -#define PSA_WANT_ALG_SHA3_384 1 -#define PSA_WANT_ALG_SHA3_512 1 -#define PSA_WANT_ALG_STREAM_CIPHER 1 #define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 -#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 - -#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 -#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 -#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 -#define PSA_WANT_ECC_MONTGOMERY_255 1 -#define PSA_WANT_ECC_MONTGOMERY_448 1 -#define PSA_WANT_ECC_SECP_K1_256 1 - #define PSA_WANT_ECC_SECP_R1_256 1 -#define PSA_WANT_ECC_SECP_R1_384 1 -#define PSA_WANT_ECC_SECP_R1_521 1 - -#define PSA_WANT_DH_RFC7919_2048 1 -#define PSA_WANT_DH_RFC7919_3072 1 -#define PSA_WANT_DH_RFC7919_4096 1 -#define PSA_WANT_DH_RFC7919_6144 1 -#define PSA_WANT_DH_RFC7919_8192 1 - #define PSA_WANT_KEY_TYPE_DERIVE 1 -#define PSA_WANT_KEY_TYPE_PASSWORD 1 -#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1 #define PSA_WANT_KEY_TYPE_HMAC 1 #define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_KEY_TYPE_ARIA 1 -#define PSA_WANT_KEY_TYPE_CAMELLIA 1 -#define PSA_WANT_KEY_TYPE_CHACHA20 1 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_RAW_DATA 1 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 - #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 - #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 -#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 - -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 /* Platform abstraction layer */ #define MBEDTLS_PLATFORM_C -/* General and test configuration options */ -#define MBEDTLS_SELF_TEST - /* Cryptographic mechanism selection (extended API) */ #define MBEDTLS_MD_C #define MBEDTLS_PK_C -#define MBEDTLS_PKCS5_C #define MBEDTLS_PK_PARSE_C #define MBEDTLS_PK_PARSE_EC_EXTENDED -#define MBEDTLS_PK_WRITE_C /* Data format support */ #define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_BASE64_C #define MBEDTLS_PEM_PARSE_C -#define MBEDTLS_PEM_WRITE_C /* PSA core */ #define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_PSA_DRIVER_GET_ENTROPY diff --git a/Examples/Network/HTTPS_Server/app_mbedtls_config.h b/Examples/Network/HTTPS_Server/app_mbedtls_config.h index 54aa15a4..4ebd4c57 100644 --- a/Examples/Network/HTTPS_Server/app_mbedtls_config.h +++ b/Examples/Network/HTTPS_Server/app_mbedtls_config.h @@ -1,9 +1,8 @@ /** - * Configuration template for HTTPS - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * Configuration for HTTPS server + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_CONFIG_VERSION 0x04000000 @@ -11,23 +10,16 @@ /* General configuration options */ #define MBEDTLS_ERROR_C #define MBEDTLS_ERROR_STRERROR_DUMMY -#define MBEDTLS_VERSION_C -#define MBEDTLS_VERSION_FEATURES /* TLS feature selection */ //#define MBEDTLS_DEBUG_C #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #define MBEDTLS_SSL_ALL_ALERT_MESSAGES -#define MBEDTLS_SSL_ALPN #define MBEDTLS_SSL_CACHE_C -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH #define MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_SERVER_NAME_INDICATION #define MBEDTLS_SSL_SESSION_TICKETS #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TICKET_C @@ -36,12 +28,6 @@ #define MBEDTLS_SSL_OUT_CONTENT_LEN 4096 /* X.509 feature selection */ -#define MBEDTLS_PKCS7_C -#define MBEDTLS_X509_CREATE_C -#define MBEDTLS_X509_CRL_PARSE_C #define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_CRT_WRITE_C -#define MBEDTLS_X509_CSR_PARSE_C -#define MBEDTLS_X509_CSR_WRITE_C #define MBEDTLS_X509_RSASSA_PSS_SUPPORT #define MBEDTLS_X509_USE_C diff --git a/Examples/Network/SMTPS_Client/app_crypto_config.h b/Examples/Network/SMTPS_Client/app_crypto_config.h index 737d839a..752d978d 100644 --- a/Examples/Network/SMTPS_Client/app_crypto_config.h +++ b/Examples/Network/SMTPS_Client/app_crypto_config.h @@ -1,101 +1,36 @@ /** - * PSA crypto configuration template for SMTPS - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * PSA crypto configuration for SMTPS client + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define TF_PSA_CRYPTO_CONFIG_VERSION 0x01000000 /* Cryptographic mechanism selection (PSA API) */ -#define PSA_WANT_ALG_CBC_NO_PADDING 1 -#define PSA_WANT_ALG_CBC_PKCS7 1 -#define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 -#define PSA_WANT_ALG_CMAC 1 -#define PSA_WANT_ALG_CFB 1 #define PSA_WANT_ALG_CHACHA20_POLY1305 1 -#define PSA_WANT_ALG_CTR 1 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 -#define PSA_WANT_ALG_ECB_NO_PADDING 1 #define PSA_WANT_ALG_ECDH 1 -#define PSA_WANT_ALG_FFDH 1 #define PSA_WANT_ALG_ECDSA 1 -#define PSA_WANT_ALG_JPAKE 1 #define PSA_WANT_ALG_GCM 1 #define PSA_WANT_ALG_HKDF 1 -#define PSA_WANT_ALG_HKDF_EXTRACT 1 -#define PSA_WANT_ALG_HKDF_EXPAND 1 -#define PSA_WANT_ALG_HMAC 1 -#define PSA_WANT_ALG_MD5 1 -#define PSA_WANT_ALG_OFB 1 -#define PSA_WANT_ALG_PBKDF2_HMAC 1 -#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1 -#define PSA_WANT_ALG_RIPEMD160 1 -#define PSA_WANT_ALG_RSA_OAEP 1 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 #define PSA_WANT_ALG_RSA_PSS 1 -#define PSA_WANT_ALG_SHA_1 1 -#define PSA_WANT_ALG_SHA_224 1 #define PSA_WANT_ALG_SHA_256 1 #define PSA_WANT_ALG_SHA_384 1 -#define PSA_WANT_ALG_SHA_512 1 -#define PSA_WANT_ALG_SHA3_224 1 -#define PSA_WANT_ALG_SHA3_256 1 -#define PSA_WANT_ALG_SHA3_384 1 -#define PSA_WANT_ALG_SHA3_512 1 -#define PSA_WANT_ALG_STREAM_CIPHER 1 #define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 -#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 - -#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 -#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 -#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 -#define PSA_WANT_ECC_MONTGOMERY_255 1 -#define PSA_WANT_ECC_MONTGOMERY_448 1 -#define PSA_WANT_ECC_SECP_K1_256 1 - #define PSA_WANT_ECC_SECP_R1_256 1 #define PSA_WANT_ECC_SECP_R1_384 1 -#define PSA_WANT_ECC_SECP_R1_521 1 - -#define PSA_WANT_DH_RFC7919_2048 1 -#define PSA_WANT_DH_RFC7919_3072 1 -#define PSA_WANT_DH_RFC7919_4096 1 -#define PSA_WANT_DH_RFC7919_6144 1 -#define PSA_WANT_DH_RFC7919_8192 1 - -#define PSA_WANT_KEY_TYPE_DERIVE 1 -#define PSA_WANT_KEY_TYPE_PASSWORD 1 -#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1 -#define PSA_WANT_KEY_TYPE_HMAC 1 #define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_KEY_TYPE_ARIA 1 -#define PSA_WANT_KEY_TYPE_CAMELLIA 1 #define PSA_WANT_KEY_TYPE_CHACHA20 1 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_RAW_DATA 1 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 - #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 - #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 -#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 - -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 /* Platform abstraction layer */ #define MBEDTLS_PLATFORM_C @@ -107,13 +42,11 @@ /* Data format support */ #define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_BASE64_C #define MBEDTLS_PEM_PARSE_C /* PSA core */ #define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_PSA_DRIVER_GET_ENTROPY diff --git a/Examples/Network/SMTPS_Client/app_mbedtls_config.h b/Examples/Network/SMTPS_Client/app_mbedtls_config.h index 2ab83761..d1fed0ac 100644 --- a/Examples/Network/SMTPS_Client/app_mbedtls_config.h +++ b/Examples/Network/SMTPS_Client/app_mbedtls_config.h @@ -1,9 +1,8 @@ /** - * Configuration template for SMTPS - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * Configuration for SMTPS client + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_CONFIG_VERSION 0x04000000 @@ -11,18 +10,12 @@ /* General configuration options */ #define MBEDTLS_ERROR_C #define MBEDTLS_ERROR_STRERROR_DUMMY -#define MBEDTLS_VERSION_C -#define MBEDTLS_VERSION_FEATURES /* TLS feature selection */ //#define MBEDTLS_DEBUG_C #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #define MBEDTLS_SSL_ALL_ALERT_MESSAGES -#define MBEDTLS_SSL_ALPN -#define MBEDTLS_SSL_CACHE_C #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_ENCRYPT_THEN_MAC #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET @@ -34,6 +27,5 @@ #define MBEDTLS_SSL_OUT_CONTENT_LEN 4096 /* X.509 feature selection */ -#define MBEDTLS_X509_CRL_PARSE_C #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_USE_C