4e016e2260
(1)add dev_alt to manage /dev/crypto (2)add sha_alt to alternate sha1 algorithm (3)use new mbedtls_config.h to admin configs of mbedtls Signed-off-by: makejian <makejian@xiaomi.com>
217 lines
4.9 KiB
Plaintext
217 lines
4.9 KiB
Plaintext
#
|
|
# For a description of the syntax of this configuration file,
|
|
# see the file kconfig-language.txt in the NuttX tools repository.
|
|
#
|
|
|
|
menuconfig CRYPTO_MBEDTLS
|
|
bool "Mbed TLS Cryptography Library"
|
|
default n
|
|
---help---
|
|
Enable support for Mbed TLS.
|
|
|
|
if CRYPTO_MBEDTLS
|
|
|
|
config MBEDTLS_VERSION
|
|
string "Mbed TLS Version"
|
|
default "3.4.0"
|
|
|
|
config MBEDTLS_DEBUG_C
|
|
bool "This module provides debugging functions."
|
|
default n
|
|
help
|
|
This module provides debugging functions.
|
|
|
|
config MBEDTLS_SSL_MAX_CONTENT_LEN
|
|
int "Maximum length (in bytes) of incoming and outgoing plaintext fragments."
|
|
default 16384
|
|
help
|
|
Maximum length (in bytes) of incoming and outgoing plaintext fragments.
|
|
|
|
config MBEDTLS_SSL_SRV_C
|
|
bool "This module is required for SSL/TLS server support."
|
|
default y
|
|
help
|
|
This module is required for SSL/TLS server support.
|
|
|
|
config MBEDTLS_PLATFORM_MEMORY
|
|
bool "Enable the memory allocation layer."
|
|
default n
|
|
|
|
config MBEDTLS_ENTROPY_HARDWARE_ALT
|
|
bool "Uncomment this macro to let mbed TLS use your own implementation of a hardware entropy collector."
|
|
default n
|
|
depends on DEV_RANDOM
|
|
select MBEDTLS_NO_PLATFORM_ENTROPY
|
|
|
|
config MBEDTLS_AES_ROM_TABLES
|
|
bool "Store the AES tables in ROM."
|
|
default n
|
|
|
|
config MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
|
bool "Remove RC4 ciphersuites by default in SSL / TLS."
|
|
default n
|
|
|
|
config MBEDTLS_NO_PLATFORM_ENTROPY
|
|
bool "Do not use built-in platform entropy functions."
|
|
default n
|
|
|
|
config MBEDTLS_ECP_RESTARTABLE
|
|
bool "Enable the restartable ECC."
|
|
default n
|
|
|
|
config MBEDTLS_SELF_TEST
|
|
bool "Enable the checkup functions (*_self_test)."
|
|
default y
|
|
|
|
config MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
|
|
bool "Enable server-side support for clients that reconnect from the same port."
|
|
default n
|
|
|
|
config MBEDTLS_BLOWFISH_C
|
|
bool "Enable the Blowfish block cipher."
|
|
default n
|
|
|
|
config MBEDTLS_CAMELLIA_C
|
|
bool "Enable the Camellia block cipher."
|
|
default n
|
|
|
|
config MBEDTLS_CERTS_C
|
|
bool "Enable the test certificates."
|
|
default n
|
|
|
|
config MBEDTLS_PADLOCK_C
|
|
bool "Enable VIA Padlock support on x86."
|
|
default n
|
|
|
|
config MBEDTLS_TIMING_C
|
|
bool "Enable the semi-portable timing interface."
|
|
default y
|
|
|
|
config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
|
bool "Enable the availability of the API mbedtls_ssl_get_peer_cert() giving access to the peer's certificate after completion of the handshake."
|
|
default n
|
|
|
|
config MBEDTLS_SSL_PROTO_DTLS
|
|
bool "Enable support for DTLS (all available versions)."
|
|
default n
|
|
|
|
if MBEDTLS_SSL_PROTO_DTLS
|
|
|
|
config MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
|
bool "Enable support for the anti-replay mechanism in DTLS."
|
|
default n
|
|
|
|
config MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
|
bool "Enable support for HelloVerifyRequest on DTLS servers."
|
|
default n
|
|
|
|
config MBEDTLS_SSL_DTLS_BADMAC_LIMIT
|
|
bool "Enable support for a limit of records with bad MAC."
|
|
default n
|
|
|
|
endif
|
|
|
|
config MBEDTLS_SSL_ALPN
|
|
bool "Enable support for RFC 7301 Application Layer Protocol Negotiation."
|
|
default n
|
|
|
|
config MBEDTLS_AESNI_C
|
|
bool "Enable AES-NI support on x86-64."
|
|
default n
|
|
|
|
config MBEDTLS_ECP_WINDOW_SIZE
|
|
int "Maximum window size used"
|
|
default 6
|
|
|
|
config MBEDTLS_ECP_FIXED_POINT_OPTIM
|
|
bool "Enable fixed-point speed-up"
|
|
default n
|
|
|
|
config MBEDTLS_CMAC_C
|
|
bool "Enable the CMAC (Cipher-based Message Authentication Code) mode for block"
|
|
default n
|
|
|
|
config MBEDTLS_NET_C
|
|
bool "Enable the TCP and UDP over IPv6/IPv4 networking routines"
|
|
default y if LIBC_NETDB
|
|
default n if !LIBC_NETDB
|
|
|
|
if CRYPTO_CRYPTODEV
|
|
|
|
config MBEDTLS_ALT
|
|
bool
|
|
default n
|
|
---help---
|
|
Enable Mbed TLS alted by nuttx crypto via /dev/crypto
|
|
|
|
config MBEDTLS_SHA1_ALT
|
|
bool "Enable Mbedt TLS SHA1 module alted by nuttx crypto"
|
|
select MBEDTLS_ALT
|
|
default n
|
|
|
|
endif
|
|
|
|
menuconfig MBEDTLS_APPS
|
|
tristate "Mbed TLS Applications"
|
|
default n
|
|
---help---
|
|
Enable Mbed TLS Applications
|
|
|
|
if MBEDTLS_APPS
|
|
|
|
config MBEDTLS_DEFAULT_TASK_STACKSIZE
|
|
int "Mbed TLS app default stack size"
|
|
default 8192
|
|
|
|
config MBEDTLS_APP_BENCHMARK
|
|
bool "Mbed TLS benchmark"
|
|
default n
|
|
---help---
|
|
Enable the Mbed TLS self test
|
|
|
|
if MBEDTLS_APP_BENCHMARK
|
|
|
|
config MBEDTLS_APP_BENCHMARK_PROGNAME
|
|
string "Program name"
|
|
default "mbedbenchmark"
|
|
---help---
|
|
This is the name of the program that will be used when the NSH ELF
|
|
program is installed.
|
|
|
|
config MBEDTLS_APP_BENCHMARK_PRIORITY
|
|
int "Benchmark task priority"
|
|
default 100
|
|
|
|
config MBEDTLS_APP_BENCHMARK_STACKSIZE
|
|
int "Benchmark stack size"
|
|
default MBEDTLS_DEFAULT_TASK_STACKSIZE
|
|
endif # MBEDTLS_APP_BENCHMARK
|
|
|
|
config MBEDTLS_APP_SELFTEST
|
|
bool "Mbed TLS Self Test"
|
|
default n
|
|
---help---
|
|
Enable the Mbed TLS self test
|
|
|
|
if MBEDTLS_APP_SELFTEST
|
|
|
|
config MBEDTLS_APP_SELFTEST_PROGNAME
|
|
string "Program name"
|
|
default "mbedselftest"
|
|
---help---
|
|
This is the name of the program that will be used when the NSH ELF
|
|
program is installed.
|
|
|
|
config MBEDTLS_APP_SELFTEST_PRIORITY
|
|
int "Self test task priority"
|
|
default 100
|
|
|
|
config MBEDTLS_APP_SELFTEST_STACKSIZE
|
|
int "Self test stack size"
|
|
default MBEDTLS_DEFAULT_TASK_STACKSIZE
|
|
endif # MBEDTLS_APP_SELFTEST
|
|
|
|
endif # MBEDTLS_APPS
|
|
|
|
endif # CRYPTO_MBEDTLS
|