2021-01-18 09:57:33 +01:00
|
|
|
#
|
|
|
|
# For a description of the syntax of this configuration file,
|
|
|
|
# see the file kconfig-language.txt in the NuttX tools repository.
|
|
|
|
#
|
|
|
|
|
|
|
|
menuconfig CRYPTO_MBEDTLS
|
|
|
|
bool "Mbed TLS Cryptography Library"
|
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
Enable support for Mbed TLS.
|
|
|
|
|
|
|
|
if CRYPTO_MBEDTLS
|
|
|
|
|
|
|
|
config MBEDTLS_VERSION
|
2021-11-04 21:09:52 +01:00
|
|
|
string "Mbed TLS Version"
|
2023-03-27 13:37:12 +02:00
|
|
|
default "3.4.0"
|
2021-01-18 09:57:33 +01:00
|
|
|
|
2023-07-18 15:44:38 +02:00
|
|
|
config MBEDTLS_DEBUG_C
|
|
|
|
bool "This module provides debugging functions."
|
2023-09-24 11:36:25 +02:00
|
|
|
default DEBUG_FEATURES
|
2023-08-18 11:33:36 +02:00
|
|
|
---help---
|
2023-07-18 15:44:38 +02:00
|
|
|
This module provides debugging functions.
|
|
|
|
|
2023-08-27 05:57:43 +02:00
|
|
|
config MBEDTLS_SSL_IN_CONTENT_LEN
|
|
|
|
int "Maximum length (in bytes) of incoming plaintext fragments."
|
2023-07-18 15:44:38 +02:00
|
|
|
default 16384
|
2023-08-18 11:33:36 +02:00
|
|
|
---help---
|
2023-08-27 05:57:43 +02:00
|
|
|
Maximum length (in bytes) of incoming plaintext fragments.
|
|
|
|
|
|
|
|
config MBEDTLS_SSL_OUT_CONTENT_LEN
|
|
|
|
int "Maximum length (in bytes) of outgoing plaintext fragments."
|
|
|
|
default 16384
|
|
|
|
---help---
|
|
|
|
Maximum length (in bytes) of outgoing plaintext fragments.
|
2023-07-18 15:44:38 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_SRV_C
|
|
|
|
bool "This module is required for SSL/TLS server support."
|
|
|
|
default y
|
2023-08-18 11:33:36 +02:00
|
|
|
---help---
|
2023-07-18 15:44:38 +02:00
|
|
|
This module is required for SSL/TLS server support.
|
|
|
|
|
|
|
|
config MBEDTLS_PLATFORM_MEMORY
|
|
|
|
bool "Enable the memory allocation layer."
|
2023-08-29 11:58:43 +02:00
|
|
|
depends on MBEDTLS_PLATFORM_C
|
2023-07-18 15:44:38 +02:00
|
|
|
default n
|
|
|
|
|
|
|
|
config MBEDTLS_ENTROPY_HARDWARE_ALT
|
|
|
|
bool "Uncomment this macro to let mbed TLS use your own implementation of a hardware entropy collector."
|
|
|
|
default n
|
|
|
|
depends on DEV_RANDOM
|
|
|
|
select MBEDTLS_NO_PLATFORM_ENTROPY
|
|
|
|
|
|
|
|
config MBEDTLS_AES_ROM_TABLES
|
|
|
|
bool "Store the AES tables in ROM."
|
|
|
|
default n
|
|
|
|
|
|
|
|
config MBEDTLS_NO_PLATFORM_ENTROPY
|
|
|
|
bool "Do not use built-in platform entropy functions."
|
|
|
|
default n
|
|
|
|
|
|
|
|
config MBEDTLS_ECP_RESTARTABLE
|
|
|
|
bool "Enable the restartable ECC."
|
2023-08-29 11:58:43 +02:00
|
|
|
depends on MBEDTLS_ECP_C
|
2023-07-18 15:44:38 +02:00
|
|
|
default n
|
|
|
|
|
|
|
|
config MBEDTLS_SELF_TEST
|
|
|
|
bool "Enable the checkup functions (*_self_test)."
|
2023-08-27 05:57:43 +02:00
|
|
|
default n
|
2023-07-18 15:44:38 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
|
|
|
|
bool "Enable server-side support for clients that reconnect from the same port."
|
2023-08-29 11:58:43 +02:00
|
|
|
depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-07-18 15:44:38 +02:00
|
|
|
|
|
|
|
config MBEDTLS_CAMELLIA_C
|
|
|
|
bool "Enable the Camellia block cipher."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-07-18 15:44:38 +02:00
|
|
|
|
|
|
|
config MBEDTLS_PADLOCK_C
|
|
|
|
bool "Enable VIA Padlock support on x86."
|
2023-09-24 11:36:25 +02:00
|
|
|
default !MBEDTLS_AES_ALT
|
2023-07-18 15:44:38 +02:00
|
|
|
|
|
|
|
config MBEDTLS_TIMING_C
|
|
|
|
bool "Enable the semi-portable timing interface."
|
|
|
|
default y
|
|
|
|
|
|
|
|
config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
|
|
|
bool "Enable the availability of the API mbedtls_ssl_get_peer_cert() giving access to the peer's certificate after completion of the handshake."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-07-18 15:44:38 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_PROTO_DTLS
|
|
|
|
bool "Enable support for DTLS (all available versions)."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-07-18 15:44:38 +02:00
|
|
|
|
|
|
|
if MBEDTLS_SSL_PROTO_DTLS
|
|
|
|
|
|
|
|
config MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
|
|
|
bool "Enable support for the anti-replay mechanism in DTLS."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-07-18 15:44:38 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
|
|
|
bool "Enable support for HelloVerifyRequest on DTLS servers."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-07-18 15:44:38 +02:00
|
|
|
|
2023-08-25 04:19:29 +02:00
|
|
|
config MBEDTLS_SSL_DTLS_CONNECTION_ID
|
|
|
|
bool "Enable the Connection ID extension."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-25 04:19:29 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
2023-09-24 11:36:25 +02:00
|
|
|
int "Enable the standard version of DTLS Connection ID feature."
|
2023-08-25 04:19:29 +02:00
|
|
|
depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
|
2023-09-24 11:36:25 +02:00
|
|
|
default 0
|
2023-08-25 04:19:29 +02:00
|
|
|
|
2023-08-18 11:33:36 +02:00
|
|
|
endif # MBEDTLS_SSL_PROTO_DTLS
|
2023-07-18 15:44:38 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_ALPN
|
|
|
|
bool "Enable support for RFC 7301 Application Layer Protocol Negotiation."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-07-18 15:44:38 +02:00
|
|
|
|
|
|
|
config MBEDTLS_AESNI_C
|
|
|
|
bool "Enable AES-NI support on x86-64."
|
2023-09-24 11:36:25 +02:00
|
|
|
depends on ARCH_X86_64
|
|
|
|
default !MBEDTLS_AES_ALT
|
2023-07-18 15:44:38 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_WINDOW_SIZE
|
|
|
|
int "Maximum window size used"
|
|
|
|
default 6
|
|
|
|
|
|
|
|
config MBEDTLS_ECP_FIXED_POINT_OPTIM
|
|
|
|
bool "Enable fixed-point speed-up"
|
|
|
|
default n
|
|
|
|
|
|
|
|
config MBEDTLS_CMAC_C
|
|
|
|
bool "Enable the CMAC (Cipher-based Message Authentication Code) mode for block"
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-07-18 15:44:38 +02:00
|
|
|
|
|
|
|
config MBEDTLS_NET_C
|
|
|
|
bool "Enable the TCP and UDP over IPv6/IPv4 networking routines"
|
2023-09-24 11:36:25 +02:00
|
|
|
default LIBC_NETDB
|
2023-07-18 15:44:38 +02:00
|
|
|
|
2023-05-12 12:19:18 +02:00
|
|
|
config MBEDTLS_ECDSA_C
|
|
|
|
bool "Enable the elliptic curve DSA library."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-05-12 12:19:18 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_C
|
|
|
|
bool "Enable the elliptic curve over GF(p) library."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-05-12 12:19:18 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
|
|
|
bool "Enables specific curves within the Elliptic Curve module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-05-12 12:19:18 +02:00
|
|
|
|
|
|
|
config MBEDTLS_PEM_WRITE_C
|
|
|
|
bool "Enable PEM encoding / writing."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-05-12 12:19:18 +02:00
|
|
|
|
|
|
|
config MBEDTLS_PK_WRITE_C
|
|
|
|
bool "Enable the generic public (asymmetric) key writer."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-05-12 12:19:18 +02:00
|
|
|
|
|
|
|
config MBEDTLS_X509_CREATE_C
|
|
|
|
bool "Enable X.509 core for creating certificates."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-05-12 12:19:18 +02:00
|
|
|
|
|
|
|
config MBEDTLS_X509_CRT_WRITE_C
|
|
|
|
bool "Enable creating X.509 certificates."
|
2023-09-24 11:36:25 +02:00
|
|
|
depends on MBEDTLS_X509_CREATE_C
|
|
|
|
default y
|
2023-05-12 12:19:18 +02:00
|
|
|
|
|
|
|
config MBEDTLS_X509_CSR_WRITE_C
|
|
|
|
bool "Enable creating X.509 Certificate Signing Requests (CSR)."
|
2023-09-24 11:36:25 +02:00
|
|
|
depends on MBEDTLS_X509_CREATE_C
|
|
|
|
default y
|
2023-05-12 12:19:18 +02:00
|
|
|
|
|
|
|
config MBEDTLS_X509_CSR_PARSE_C
|
|
|
|
bool "Enable X.509 Certificate Signing Request (CSR) parsing."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-05-12 12:19:18 +02:00
|
|
|
|
2023-08-27 05:57:43 +02:00
|
|
|
config MBEDTLS_X509_CRT_POOL
|
|
|
|
bool "Enable the X509 Certificate Pool"
|
|
|
|
default n
|
|
|
|
|
2023-08-29 11:58:43 +02:00
|
|
|
config MBEDTLS_HAVE_ASM
|
|
|
|
bool "Enable compiler support for asm."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_HAVE_TIME_DATE
|
|
|
|
bool "Enable to verify the validity period of X.509 certificates when system have correct clock."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_CIPHER_MODE_CFB
|
|
|
|
bool "Enable Cipher Feedback mode (CFB) for symmetric ciphers."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_CIPHER_MODE_CTR
|
|
|
|
bool "Enable Counter Block Cipher mode (CTR) for symmetric ciphers."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_CIPHER_MODE_OFB
|
|
|
|
bool "Enable Output Feedback mode (OFB) for symmetric ciphers."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_CIPHER_MODE_XTS
|
|
|
|
bool "Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_CIPHER_PADDING_PKCS7
|
|
|
|
bool "Enable PKCS7 padding mode in the cipher layer."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
|
|
|
|
bool "Enable bit padding mode in the cipher layer."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
|
|
|
|
bool "Enable zero and length padding mode in the cipher layer."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_CIPHER_PADDING_ZEROS
|
|
|
|
bool "Enable zeros padding mode in the cipher layer."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
|
|
|
bool "Enables SECP192R1 curve within the Elliptic Curve module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
|
|
|
bool "Enables SECP224R1 curve within the Elliptic Curve module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
|
|
|
bool "Enables SECP384R1 curve within the Elliptic Curve module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
|
|
|
bool "Enables SECP521R1 curve within the Elliptic Curve module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
|
|
|
bool "Enables SECP192K1 curve within the Elliptic Curve module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
|
|
|
bool "Enables SECP224K1 curve within the Elliptic Curve module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
|
|
|
bool "Enables SECP256K1 curve within the Elliptic Curve module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_DP_BP256R1_ENABLED
|
|
|
|
bool "Enables BP256R1 curve within the Elliptic Curve module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_DP_BP384R1_ENABLED
|
|
|
|
bool "Enables BP384R1 curve within the Elliptic Curve module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_DP_BP512R1_ENABLED
|
|
|
|
bool "Enables BP512R1 curve within the Elliptic Curve module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
|
|
|
bool "Enables CURVE25519 curve within the Elliptic Curve module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_DP_CURVE448_ENABLED
|
|
|
|
bool "Enables CURVE448 curve within the Elliptic Curve module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_NIST_OPTIM
|
|
|
|
bool "Enable specific 'modulo p' routines for each NIST prime."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECDSA_DETERMINISTIC
|
|
|
|
bool "Enable deterministic ECDSA (RFC 6979)."
|
|
|
|
depends on MBEDTLS_HMAC_DRBG_C && MBEDTLS_ECDSA_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
|
|
|
bool "Enable the PSK based ciphersuite modes in SSL / TLS."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
|
|
bool "Enable the DHE-PSK based ciphersuite modes in SSL / TLS."
|
|
|
|
depends on MBEDTLS_DHM_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
|
|
bool "Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS."
|
|
|
|
depends on MBEDTLS_ECDH_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
|
|
bool "Enable the RSA-PSK based ciphersuite modes in SSL / TLS."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
|
|
bool "Enable the DHE-RSA based ciphersuite modes in SSL / TLS."
|
|
|
|
depends on MBEDTLS_DHM_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
|
|
bool "Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS."
|
|
|
|
depends on MBEDTLS_ECDH_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
|
|
bool "Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS."
|
|
|
|
depends on MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
|
|
bool "Enable the ECDH-RSA based ciphersuite modes in SSL / TLS."
|
|
|
|
depends on MBEDTLS_ECDH_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_PK_PARSE_EC_EXTENDED
|
|
|
|
bool "Enhance support for reading EC keys using variants of SEC1 not allowed by RFC 5915 and RFC 5480."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ERROR_STRERROR_DUMMY
|
|
|
|
bool "Enable a dummy error function to make use of mbedtls_strerror()."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_GENPRIME
|
|
|
|
bool "Enable the prime-number generation code."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_PK_RSA_ALT_SUPPORT
|
|
|
|
bool "Support external private RSA keys (eg from a HSM) in the PK layer."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
|
|
|
bool "Enable serialization of the TLS context structures."
|
|
|
|
depends on MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
|
|
bool "Enable support for Encrypt-then-MAC, RFC 7366."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
|
|
|
bool "Enable Session Hash and Extended Master Secret Extension."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_RENEGOTIATION
|
|
|
|
bool "Enable support for TLS renegotiation."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
|
|
|
bool "Enable support for RFC 6066 max_fragment_length extension in SSL."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
|
|
bool "Enable TLS 1.3 PSK key exchange mode."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
|
|
bool "Enable TLS 1.3 ephemeral key exchange mode."
|
|
|
|
depends on MBEDTLS_ECDH_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
|
|
bool "Enable TLS 1.3 PSK ephemeral key exchange mode."
|
|
|
|
depends on MBEDTLS_ECDH_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
2023-10-06 09:18:08 +02:00
|
|
|
config MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
|
2023-08-29 11:58:43 +02:00
|
|
|
int "The default maximum amount of 0-RTT data."
|
|
|
|
default 1024
|
|
|
|
|
|
|
|
config MBEDTLS_SSL_SESSION_TICKETS
|
|
|
|
bool "Enable support for RFC 5077 session tickets in SSL."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_SERVER_NAME_INDICATION
|
|
|
|
bool "Enable support for RFC 6066 server name indication (SNI) in SSL."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_THREADING_PTHREAD
|
|
|
|
bool "Enable the pthread wrapper layer for the threading layer."
|
|
|
|
depends on MBEDTLS_THREADING_C
|
|
|
|
default n
|
|
|
|
|
|
|
|
config MBEDTLS_VERSION_FEATURES
|
|
|
|
bool "Allow run-time checking of compile-time enabled features."
|
|
|
|
depends on MBEDTLS_VERSION_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
|
|
|
bool "Enable parsing and verification of X.509 certificates, CRLs and CSRS signed with RSASSA-PSS."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_AESCE_C
|
|
|
|
bool "Enable AES cryptographic extension support on 64-bit Arm."
|
|
|
|
depends on MBEDTLS_HAVE_ASM
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ARIA_C
|
|
|
|
bool "Enable the ARIA block cipher."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_CCM_C
|
|
|
|
bool "Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_CHACHA20_C
|
|
|
|
bool "Enable the ChaCha20 stream cipher."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_CHACHAPOLY_C
|
|
|
|
bool "Enable the ChaCha20-Poly1305 AEAD algorithm."
|
|
|
|
depends on MBEDTLS_CHACHA20_C && MBEDTLS_POLY1305_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_DHM_C
|
|
|
|
bool "Enable the Diffie-Hellman-Merkle module."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECDH_C
|
|
|
|
bool "Enable the elliptic curve Diffie-Hellman library."
|
|
|
|
depends on MBEDTLS_ECP_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECDSA_C
|
|
|
|
bool "Enable the elliptic curve DSA library."
|
|
|
|
depends on MBEDTLS_ECP_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECJPAKE_C
|
|
|
|
bool "Enable the elliptic curve J-PAKE library."
|
|
|
|
depends on MBEDTLS_ECP_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ECP_C
|
|
|
|
bool "Enable the elliptic curve over GF(p) library."
|
|
|
|
depends on MBEDTLS_ECP_DP_SECP256R1_ENABLED || MBEDTLS_ECP_DP_SECP192R1_ENABLED \
|
|
|
|
|| MBEDTLS_ECP_DP_SECP224R1_ENABLED || MBEDTLS_ECP_DP_SECP384R1_ENABLED \
|
|
|
|
|| MBEDTLS_ECP_DP_SECP521R1_ENABLED || MBEDTLS_ECP_DP_SECP192K1_ENABLED \
|
|
|
|
|| MBEDTLS_ECP_DP_SECP224K1_ENABLED || MBEDTLS_ECP_DP_SECP256K1_ENABLED \
|
|
|
|
|| MBEDTLS_ECP_DP_BP256R1_ENABLED || MBEDTLS_ECP_DP_BP384R1_ENABLED \
|
|
|
|
|| MBEDTLS_ECP_DP_BP512R1_ENABLED || MBEDTLS_ECP_DP_CURVE25519_ENABLED \
|
|
|
|
|| MBEDTLS_ECP_DP_CURVE448_ENABLED
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_ERROR_C
|
|
|
|
bool "Enable error code to error string conversion."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_GCM_C
|
|
|
|
bool "Enable the Galois/Counter Mode (GCM)."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_HKDF_C
|
|
|
|
bool "Enable the HKDF algorithm (RFC 5869)."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_HMAC_DRBG_C
|
|
|
|
bool "Enable the HMAC_DRBG random generator."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_LMS_C
|
|
|
|
bool "Enable the LMS stateful-hash asymmetric signature algorithm."
|
|
|
|
depends on MBEDTLS_PSA_CRYPTO_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_NIST_KW_C
|
|
|
|
bool "Enable the Key Wrapping mode for 128-bit block ciphers."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_PKCS5_C
|
|
|
|
bool "Enable PKCS#5 functions."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_PKCS7_C
|
|
|
|
bool "Enable PKCS #7 core for using PKCS #7-formatted signatures."
|
|
|
|
depends on MBEDTLS_X509_CRL_PARSE_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_PKCS12_C
|
|
|
|
bool "Enable PKCS#12 PBE functions."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_PLATFORM_C
|
|
|
|
bool "Enable the platform abstraction layer."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_POLY1305_C
|
|
|
|
bool "Enable the Poly1305 MAC algorithm."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_PSA_CRYPTO_C
|
|
|
|
bool "Enable the Platform Security Architecture cryptography API."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_PSA_CRYPTO_STORAGE_C
|
|
|
|
bool "Enable the Platform Security Architecture persistent key storage."
|
|
|
|
depends on MBEDTLS_PSA_CRYPTO_C
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_PSA_ITS_FILE_C
|
|
|
|
bool "Enable the emulation of the Platform Security Architecture Internal Trusted Storage (PSA ITS) over files."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_RIPEMD160_C
|
|
|
|
bool "Enable the RIPEMD-160 hash algorithm."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SHA384_C
|
|
|
|
bool "Enable the SHA-384 cryptographic hash algorithm."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SHA512_C
|
|
|
|
bool "Enable SHA-512 cryptographic hash algorithms."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_CACHE_C
|
|
|
|
bool "Enable simple SSL cache implementation."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_TICKET_C
|
|
|
|
bool "Enable an implementation of TLS server-side callbacks for session tickets."
|
|
|
|
depends on (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) && \
|
|
|
|
(MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_THREADING_C
|
|
|
|
bool "Enable the threading abstraction layer."
|
|
|
|
default n
|
|
|
|
|
|
|
|
config MBEDTLS_VERSION_C
|
|
|
|
bool "Enable run-time version information."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_X509_CRL_PARSE_C
|
|
|
|
bool "Enable X.509 CRL parsing."
|
2023-09-24 11:36:25 +02:00
|
|
|
default y
|
2023-08-29 11:58:43 +02:00
|
|
|
|
|
|
|
config MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
|
|
|
|
int "Maximum time difference in milliseconds tolerated between the age of a ticket from the server and client point of view."
|
|
|
|
default 6000
|
|
|
|
|
|
|
|
config MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
|
|
|
|
int "Size in bytes of a ticket nonce."
|
|
|
|
default 32
|
|
|
|
|
2023-09-24 11:36:25 +02:00
|
|
|
config MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
|
2023-08-29 11:58:43 +02:00
|
|
|
int "Default number of NewSessionTicket messages to be sent by a TLS 1.3 server after handshake completion."
|
|
|
|
default 1
|
|
|
|
|
2023-07-18 15:44:38 +02:00
|
|
|
if CRYPTO_CRYPTODEV
|
|
|
|
|
|
|
|
config MBEDTLS_ALT
|
|
|
|
bool
|
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
Enable Mbed TLS alted by nuttx crypto via /dev/crypto
|
|
|
|
|
2023-08-09 13:48:42 +02:00
|
|
|
config MBEDTLS_AES_ALT
|
|
|
|
bool "Enable Mbedt TLS AES module alted by nuttx crypto"
|
|
|
|
select MBEDTLS_ALT
|
|
|
|
default n
|
|
|
|
|
2023-09-09 10:44:08 +02:00
|
|
|
config MBEDTLS_MD5_ALT
|
|
|
|
bool "Enable Mbedt TLS MD5 module alted by nuttx crypto"
|
|
|
|
select MBEDTLS_ALT
|
|
|
|
default n
|
|
|
|
|
2023-07-18 15:44:38 +02:00
|
|
|
config MBEDTLS_SHA1_ALT
|
|
|
|
bool "Enable Mbedt TLS SHA1 module alted by nuttx crypto"
|
|
|
|
select MBEDTLS_ALT
|
|
|
|
default n
|
|
|
|
|
2023-08-08 08:32:21 +02:00
|
|
|
config MBEDTLS_SHA256_ALT
|
|
|
|
bool "Enable Mbedt TLS SHA224/SHA256 module alted by nuttx crypto"
|
|
|
|
select MBEDTLS_ALT
|
|
|
|
default n
|
|
|
|
|
|
|
|
config MBEDTLS_SHA512_ALT
|
|
|
|
bool "Enable Mbedt TLS SHA384/SHA512 module alted by nuttx crypto"
|
|
|
|
select MBEDTLS_ALT
|
|
|
|
default n
|
|
|
|
|
2023-08-18 11:33:36 +02:00
|
|
|
endif # CRYPTO_CRYPTODEV
|
2023-07-18 15:44:38 +02:00
|
|
|
|
2021-01-18 09:57:33 +01:00
|
|
|
menuconfig MBEDTLS_APPS
|
|
|
|
tristate "Mbed TLS Applications"
|
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
Enable Mbed TLS Applications
|
|
|
|
|
|
|
|
if MBEDTLS_APPS
|
|
|
|
|
|
|
|
config MBEDTLS_DEFAULT_TASK_STACKSIZE
|
|
|
|
int "Mbed TLS app default stack size"
|
|
|
|
default 8192
|
|
|
|
|
|
|
|
config MBEDTLS_APP_BENCHMARK
|
|
|
|
bool "Mbed TLS benchmark"
|
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
Enable the Mbed TLS self test
|
|
|
|
|
|
|
|
if MBEDTLS_APP_BENCHMARK
|
|
|
|
|
|
|
|
config MBEDTLS_APP_BENCHMARK_PROGNAME
|
|
|
|
string "Program name"
|
|
|
|
default "mbedbenchmark"
|
|
|
|
---help---
|
|
|
|
This is the name of the program that will be used when the NSH ELF
|
|
|
|
program is installed.
|
|
|
|
|
|
|
|
config MBEDTLS_APP_BENCHMARK_PRIORITY
|
|
|
|
int "Benchmark task priority"
|
|
|
|
default 100
|
|
|
|
|
|
|
|
config MBEDTLS_APP_BENCHMARK_STACKSIZE
|
|
|
|
int "Benchmark stack size"
|
|
|
|
default MBEDTLS_DEFAULT_TASK_STACKSIZE
|
2023-08-18 11:33:36 +02:00
|
|
|
|
2023-08-09 15:21:12 +02:00
|
|
|
endif # MBEDTLS_APP_BENCHMARK
|
2021-01-18 09:57:33 +01:00
|
|
|
|
|
|
|
config MBEDTLS_APP_SELFTEST
|
|
|
|
bool "Mbed TLS Self Test"
|
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
Enable the Mbed TLS self test
|
|
|
|
|
|
|
|
if MBEDTLS_APP_SELFTEST
|
|
|
|
|
|
|
|
config MBEDTLS_APP_SELFTEST_PROGNAME
|
|
|
|
string "Program name"
|
|
|
|
default "mbedselftest"
|
|
|
|
---help---
|
|
|
|
This is the name of the program that will be used when the NSH ELF
|
|
|
|
program is installed.
|
|
|
|
|
|
|
|
config MBEDTLS_APP_SELFTEST_PRIORITY
|
|
|
|
int "Self test task priority"
|
|
|
|
default 100
|
|
|
|
|
|
|
|
config MBEDTLS_APP_SELFTEST_STACKSIZE
|
|
|
|
int "Self test stack size"
|
|
|
|
default MBEDTLS_DEFAULT_TASK_STACKSIZE
|
2023-08-18 11:33:36 +02:00
|
|
|
|
2023-08-09 15:21:12 +02:00
|
|
|
endif # MBEDTLS_APP_SELFTEST
|
2021-01-18 09:57:33 +01:00
|
|
|
|
2023-08-09 15:21:12 +02:00
|
|
|
endif # MBEDTLS_APPS
|
2021-01-18 09:57:33 +01:00
|
|
|
|
|
|
|
endif # CRYPTO_MBEDTLS
|