Contiki-NG
Loading...
Searching...
No Matches
dtls-support-config.h
1/*
2 * Copyright (c) 2022, RISE Research Institutes of Sweden AB
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * 3. Neither the name of the copyright holder nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 * OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34#ifndef DTLS_SUPPORT_CONFIG_H
35#define DTLS_SUPPORT_CONFIG_H
36
37#include "uip.h"
38
39/*
40 * Macro to control debug level of Mbed TLS lib. Two pre-requisites are needed:
41 * Note -- 1. Debug prints of Mbed TLS are printed as DTLS logs at level
42 * of LOG_LEVEL_DBG. Hence, LOG_CONF_LEVEL_DTLS must be set to
43 * LOG_LEVEL_DBG.
44 * 2. Mbed TLS debugs prints are compiled out to save memory and
45 * should be enabled in mbedtls-config.h. */
46#ifdef COAP_MBEDTLS_LIB_CONF_DEBUG_LEVEL
47#define COAP_MBEDTLS_LIB_DEBUG_LEVEL COAP_MBEDTLS_LIB_CONF_DEBUG_LEVEL
48#else
49#define COAP_MBEDTLS_LIB_DEBUG_LEVEL 0 /* Value between 0 to 5 */
50#endif
51
52/* Determines whether an insecure PRNG should be used for testing on
53 platforms that have not yet implemented a proper CSPRNG. */
54#ifdef COAP_DTLS_CONF_PRNG_INSECURE
55#define COAP_DTLS_PRNG_INSECURE COAP_DTLS_CONF_PRNG_INSECURE
56#else
57#define COAP_DTLS_PRNG_INSECURE 0
58#endif
59
60/* Macro to control number of DTLS sessions. Default is limited to 1
61 to save memory. */
62#ifdef COAP_DTLS_CONF_MAX_SESSIONS
63#define COAP_DTLS_MAX_SESSIONS COAP_DTLS_CONF_MAX_SESSIONS
64#else
65#define COAP_DTLS_MAX_SESSIONS 1
66#endif /* COAP_DTLS_CONF_MAX_SESSIONS */
67
68/* Macro to control the min and max re-transmission timeout values. */
69#ifdef COAP_MBEDTLS_CONF_HANDSHAKE_MIN_TIMEOUT_MS
70#define COAP_MBEDTLS_HANDSHAKE_MIN_TIMEOUT_MS COAP_MBEDTLS_CONF_HANDSHAKE_MIN_TIMEOUT_MS
71#else
72/* Set according to RFC 7925. */
73#define COAP_MBEDTLS_HANDSHAKE_MIN_TIMEOUT_MS 9000
74#endif /* COAP_MBEDTLS_CONF_HANDSHAKE_MIN_TIMEOUT_MS */
75
76#ifdef COAP_MBEDTLS_CONF_HANDSHAKE_MAX_TIMEOUT_MS
77#define COAP_MBEDTLS_HANDSHAKE_MAX_TIMEOUT_MS COAP_MBEDTLS_CONF_HANDSHAKE_MAX_TIMEOUT_MS
78#else
79#define COAP_MBEDTLS_HANDSHAKE_MAX_TIMEOUT_MS 60000
80#endif /* COAP_MBEDTLS_CONF_HANDSHAKE_MAX_TIMEOUT_MS */
81
82/*
83 * Macro to enable the MFL extension (RFC 6066).
84 *
85 * Fragmentation length can be None (0), 512 (1), 1024 (2), 2048 (3)
86 * Check mbedtls_ssl_conf_max_frag_len() for more info. */
87#ifdef COAP_MBEDTLS_CONF_MAX_FRAG_LEN
88#define COAP_MBEDTLS_MAX_FRAG_LEN COAP_MBEDTLS_CONF_MAX_FRAG_LEN
89#else
90#define COAP_MBEDTLS_MAX_FRAG_LEN 0
91#endif
92
93/*
94 * Macro to control the interval in-between sending of consecutive messages.
95 *
96 * Mbed TLS may produce messages at a much faster rate than the
97 * underlying network stack or the DTLS peer can handle. In such a
98 * case, it is useful to provide an interval of time to wait
99 * in-between of sending consecutive messages.
100 *
101 * This is the case when DTLS fragmentation is enabled and long HS
102 * messages (~1000 bytes) are fragmented. We may want to wait until a
103 * fragment is processed before pushing the next one onto the queue
104 * buffer.
105 *
106 * A default value of 2s is set after experimenting with the nRF52840.
107 */
108#ifdef COAP_MBEDTLS_CONF_FRAGMENT_TIMER
109#define COAP_MBEDTLS_FRAGMENT_TIMER COAP_MBEDTLS_CONF_FRAGMENT_TIMER
110#else
111#define COAP_MBEDTLS_FRAGMENT_TIMER 2000 /* Time in ms */
112#endif /* COAP_MBEDTLS_CONF_FRAGMENT_TIMER */
113
114/*
115 * Macro to control the MTU size of Mbed DTLS. Mbed TLS will fragment
116 * its messages accordingly. This is different from MFL. MFL can be
117 * communicated in the Client Hello message to the peer to limit its
118 * outgoing message size.
119 *
120 * UIP_CONF_BUFFER_SIZE must be > than App. Data + DTLS header + UDP
121 * header (8) + IPv6 Header (40) + IPv6 Fragment header (8). The DTLS
122 * header size can be queried with mbedtls_ssl_get_record_expansion().
123 */
124#ifdef COAP_MBEDTLS_CONF_MTU
125#define COAP_MBEDTLS_MTU COAP_MBEDTLS_CONF_MTU
126#else
127#define COAP_MBEDTLS_MTU (UIP_CONF_BUFFER_SIZE - UIP_IPUDPH_LEN - UIP_FRAGH_LEN)
128#endif /* COAP_MBEDTLS_CONF_FRAGMENT_TIMER */
129
130/*
131 * Macro to enable use of all supported ciphersuites. When enabled,
132 * the Client Hello message will contain a list of all possible
133 * ciphersuites and the strongest one will be chosen.
134 *
135 * Depending on the security mode, either
136 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 or
137 * MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 will be used by default when
138 * disabled.
139 */
140/* #define COAP_MBEDTLS_CONF_USE_ALL_CIPHERSUITES */
141
142#endif /* DTLS_SUPPORT_CONFIG_H */
uip.h
Header file for the uIP TCP/IP stack.