-
Notifications
You must be signed in to change notification settings - Fork 98
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
external: add the optiga-trust-m dependency
Needed to interact with the Optiga secure chip. The optiga-trust-m module was forked to the BitBoxSwiss org, along with its own submodule mbedtls, so we are safe against deps disappearing.
- Loading branch information
Showing
6 changed files
with
264 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
/** | ||
* \file config-ccm-psk-tls1_2.h | ||
* | ||
* \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites | ||
*/ | ||
/* | ||
* Copyright The Mbed TLS Contributors | ||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later | ||
*/ | ||
/* | ||
* Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites | ||
* | ||
* Distinguishing features: | ||
* - Optimized for small code size, low bandwidth (on a reliable transport), | ||
* and low RAM usage. | ||
* - No asymmetric cryptography (no certificates, no Diffie-Hellman key | ||
* exchange). | ||
* - Fully modern and secure (provided the pre-shared keys are generated and | ||
* stored securely). | ||
* - Very low record overhead with CCM-8. | ||
* | ||
* See README.txt for usage instructions. | ||
*/ | ||
|
||
/* System support */ | ||
//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ | ||
/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ | ||
|
||
// This undefines everything as a basis. Specific settings are re-enabled below. | ||
#include <mbedtls_default_config.h> | ||
|
||
/* Mbed TLS modules */ | ||
#define MBEDTLS_AES_C | ||
#define MBEDTLS_CCM_C | ||
#define MBEDTLS_CIPHER_C | ||
#define MBEDTLS_CTR_DRBG_C | ||
#define MBEDTLS_ENTROPY_C | ||
#define MBEDTLS_MD_C | ||
|
||
#define MBEDTLS_SHA256_C | ||
#define MBEDTLS_SSL_CLI_C | ||
#define MBEDTLS_SSL_SRV_C | ||
#define MBEDTLS_SSL_TLS_C | ||
|
||
/* TLS protocol feature support */ | ||
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | ||
#define MBEDTLS_SSL_PROTO_TLS1_2 | ||
|
||
/* | ||
* Use only CCM_8 ciphersuites, and | ||
* save ROM and a few bytes of RAM by specifying our own ciphersuite list | ||
*/ | ||
#define MBEDTLS_SSL_CIPHERSUITES \ | ||
MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ | ||
MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 | ||
|
||
/* | ||
* Save RAM at the expense of interoperability: do this only if you control | ||
* both ends of the connection! (See comments in "mbedtls/ssl.h".) | ||
* The optimal size here depends on the typical size of records. | ||
*/ | ||
#define MBEDTLS_SSL_IN_CONTENT_LEN 1024 | ||
#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024 | ||
|
||
/* Save RAM at the expense of ROM */ | ||
#define MBEDTLS_AES_ROM_TABLES | ||
|
||
/* Save some RAM by adjusting to your exact needs */ | ||
#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ | ||
|
||
/* | ||
* You should adjust this to the exact number of sources you're using: default | ||
* is the "platform_entropy_poll" source, but you may want to add other ones | ||
* Minimum is 2 for the entropy test suite. | ||
*/ | ||
#define MBEDTLS_NO_PLATFORM_ENTROPY | ||
#define MBEDTLS_ENTROPY_MAX_SOURCES 2 | ||
|
||
/* These defines are present so that the config modifying scripts can enable | ||
* them during tests/scripts/test-ref-configs.pl */ | ||
//#define MBEDTLS_USE_PSA_CRYPTO | ||
//#define MBEDTLS_PSA_CRYPTO_C | ||
|
||
/* Error messages and TLS debugging traces | ||
* (huge code size increase, needed for tests/ssl-opt.sh) */ | ||
//#define MBEDTLS_DEBUG_C | ||
//#define MBEDTLS_ERROR_C | ||
|
||
// Change to a buffer allocator | ||
#define MBEDTLS_PLATFORM_C | ||
#define MBEDTLS_PLATFORM_MEMORY | ||
#define MBEDTLS_MEMORY_BUFFER_ALLOC_C |
Submodule optiga-trust-m
added at
5b924c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,125 @@ | ||
#ifndef _OPTIGA_LIB_CONFIG_BITBOX02_H_ | ||
#define _OPTIGA_LIB_CONFIG_BITBOX02_H_ | ||
|
||
#ifdef __cplusplus | ||
extern "C" { | ||
#endif | ||
|
||
/** @brief OPTIGA CRYPT random number generation feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_RANDOM_ENABLED | ||
/** @brief OPTIGA CRYPT hash feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_HASH_ENABLED | ||
/** @brief OPTIGA CRYPT ECC generate keypair feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_ECC_GENERATE_KEYPAIR_ENABLED | ||
/** @brief OPTIGA CRYPT ECDSA signature feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_ECDSA_SIGN_ENABLED | ||
/** @brief OPTIGA CRYPT verify ECDSA signature feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_ECDSA_VERIFY_ENABLED | ||
/** @brief OPTIGA CRYPT ECDH feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_ECDH_ENABLED | ||
/** @brief OPTIGA CRYPT ECC 521 feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_ECC_NIST_P_521_ENABLED | ||
/** @brief OPTIGA CRYPT ECC Brainpool feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_ECC_BRAINPOOL_P_R1_ENABLED | ||
/** @brief OPTIGA CRYPT TLS PRF sha256 feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_TLS_PRF_SHA256_ENABLED | ||
/** @brief OPTIGA CRYPT TLS PRF sha384 feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_TLS_PRF_SHA384_ENABLED | ||
/** @brief OPTIGA CRYPT TLS PRF sha512 feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_TLS_PRF_SHA512_ENABLED | ||
/** @brief OPTIGA CRYPT RSA generate keypair feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_RSA_GENERATE_KEYPAIR_ENABLED | ||
/** @brief OPTIGA CRYPT RSA sign feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_RSA_SIGN_ENABLED | ||
/** @brief OPTIGA CRYPT RSA verify sign feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_RSA_VERIFY_ENABLED | ||
/** @brief OPTIGA CRYPT RSA Encrypt feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_RSA_ENCRYPT_ENABLED | ||
/** @brief OPTIGA CRYPT RSA Decrypt feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_RSA_DECRYPT_ENABLED | ||
/** @brief OPTIGA CRYPT RSA pre-master feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_RSA_PRE_MASTER_SECRET_ENABLED | ||
/** @brief OPTIGA CRYPT RSA SSA with SHA512 as digest feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_RSA_SSA_SHA512_ENABLED | ||
/** @brief OPTIGA CRYPT symmetric encrypt feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_SYM_ENCRYPT_ENABLED | ||
/** @brief OPTIGA CRYPT symmetric decrypt feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_SYM_DECRYPT_ENABLED | ||
/** @brief OPTIGA CRYPT HMAC feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_HMAC_ENABLED | ||
/** @brief OPTIGA CRYPT HKDF feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_HKDF_ENABLED | ||
/** @brief OPTIGA CRYPT symmetric generate key feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_SYM_GENERATE_KEY_ENABLED | ||
/** @brief OPTIGA CRYPT generate auth code feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_GENERATE_AUTH_CODE_ENABLED | ||
/** @brief OPTIGA CRYPT HMAC verify feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_HMAC_VERIFY_ENABLED | ||
/** @brief OPTIGA CRYPT clear AUTO state feature enable/disable macro */ | ||
#define OPTIGA_CRYPT_CLEAR_AUTO_STATE_ENABLED | ||
|
||
/** @brief OPTIGA COMMS shielded connection feature. | ||
* To disable the feature, undefine the macro | ||
*/ | ||
#define OPTIGA_COMMS_SHIELDED_CONNECTION | ||
|
||
/** @brief Default reset protection level for OPTIGA CRYPT and UTIL APIs */ | ||
#define OPTIGA_COMMS_DEFAULT_PROTECTION_LEVEL OPTIGA_COMMS_FULL_PROTECTION | ||
//#define OPTIGA_COMMS_DEFAULT_PROTECTION_LEVEL OPTIGA_COMMS_NO_PROTECTION | ||
|
||
/** @brief Default reset type in optiga_comms_open. \n | ||
* Cold Reset - (0) : This is applicable if the host platform has GPIO option for RST and VDD. \n | ||
* Soft Reset - (1) : This is applicable if the host platform doesn't have GPIO options for VDD and RST. \n | ||
* Warm Reset - (2) : This is applicable if the host platform doesn't have GPIO option for VDD. \n | ||
* Any other value will lead to error | ||
*/ | ||
#define OPTIGA_COMMS_DEFAULT_RESET_TYPE (1U) | ||
|
||
/** @brief NULL parameter check. | ||
* To disable the check, undefine the macro | ||
*/ | ||
#define OPTIGA_LIB_DEBUG_NULL_CHECK | ||
/** @brief Maximum number of instance registration */ | ||
#define OPTIGA_CMD_MAX_REGISTRATIONS (0x06) | ||
/** @brief Maximum buffer size required to communicate with OPTIGA */ | ||
#define OPTIGA_MAX_COMMS_BUFFER_SIZE (0x615) //1557 in decimal | ||
|
||
/** @brief Macro to enable logger \n | ||
* Enable macro OPTIGA_LIB_ENABLE_UTIL_LOGGING for Util Service layer logging \n | ||
* Enable macro OPTIGA_LIB_ENABLE_CRYPT_LOGGING for Crypt Service layer logging \n | ||
* Enable macro OPTIGA_LIB_ENABLE_CMD_LOGGING for Command layer logging \n | ||
* Enable macro OPTIGA_LIB_ENABLE_COMMS_LOGGING for Communication layer logging */ | ||
#define OPTIGA_LIB_ENABLE_LOGGING | ||
/** @brief Enable macro OPTIGA_PAL_INIT_ENABLED for calling pal_init functionality */ | ||
//#define OPTIGA_PAL_INIT_ENABLED | ||
/// @cond | ||
#ifdef OPTIGA_LIB_ENABLE_LOGGING | ||
/** @brief Macro to enable logger for Util service */ | ||
#define OPTIGA_LIB_ENABLE_UTIL_LOGGING | ||
/** @brief Macro to enable logger for Crypt service */ | ||
#define OPTIGA_LIB_ENABLE_CRYPT_LOGGING | ||
/** @brief Macro to enable logger for Command layer */ | ||
#define OPTIGA_LIB_ENABLE_CMD_LOGGING | ||
/** @brief Macro to enable logger for Communication layer */ | ||
#define OPTIGA_LIB_ENABLE_COMMS_LOGGING | ||
#endif | ||
/// @endcond | ||
|
||
/* Below are the example macros for protected update not for any feature */ | ||
/** @brief OPTIGA UTIL confidentiality protected update feature enable/disable macro */ | ||
#define EXAMPLE_OPTIGA_UTIL_PROTECTED_UPDATE_CONFIDENTIALITY_ENABLED | ||
/** @brief OPTIGA UTIL key object protected update feature enable/disable macro */ | ||
#define EXAMPLE_OPTIGA_UTIL_PROTECTED_UPDATE_OBJECT_KEY_ENABLED | ||
/** @brief OPTIGA UTIL metadata object protected update feature enable/disable macro */ | ||
#define EXAMPLE_OPTIGA_UTIL_PROTECTED_UPDATE_OBJECT_METADATA_ENABLED | ||
|
||
|
||
#ifdef __cplusplus | ||
} | ||
#endif | ||
|
||
#endif /* _OPTIGA_LIB_CONFIG_BITBOX02_*/ | ||
|
||
/** | ||
* @} | ||
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters