283 lines
6.5 KiB
Plaintext
283 lines
6.5 KiB
Plaintext
#
|
|
# For a description of the syntax of this configuration file,
|
|
# see the file kconfig-language.txt in the NuttX tools repository.
|
|
#
|
|
|
|
menuconfig CRYPTO_MBEDTLS
|
|
bool "Mbed TLS Cryptography Library"
|
|
default n
|
|
---help---
|
|
Enable support for Mbed TLS.
|
|
|
|
if CRYPTO_MBEDTLS
|
|
|
|
config MBEDTLS_VERSION
|
|
string "Mbed TLS Version"
|
|
default "3.4.0"
|
|
|
|
config MBEDTLS_DEBUG_C
|
|
bool "This module provides debugging functions."
|
|
default n
|
|
---help---
|
|
This module provides debugging functions.
|
|
|
|
config MBEDTLS_SSL_IN_CONTENT_LEN
|
|
int "Maximum length (in bytes) of incoming plaintext fragments."
|
|
default 16384
|
|
---help---
|
|
Maximum length (in bytes) of incoming plaintext fragments.
|
|
|
|
config MBEDTLS_SSL_OUT_CONTENT_LEN
|
|
int "Maximum length (in bytes) of outgoing plaintext fragments."
|
|
default 16384
|
|
---help---
|
|
Maximum length (in bytes) of outgoing plaintext fragments.
|
|
|
|
config MBEDTLS_SSL_SRV_C
|
|
bool "This module is required for SSL/TLS server support."
|
|
default y
|
|
---help---
|
|
This module is required for SSL/TLS server support.
|
|
|
|
config MBEDTLS_PLATFORM_MEMORY
|
|
bool "Enable the memory allocation layer."
|
|
default n
|
|
|
|
config MBEDTLS_ENTROPY_HARDWARE_ALT
|
|
bool "Uncomment this macro to let mbed TLS use your own implementation of a hardware entropy collector."
|
|
default n
|
|
depends on DEV_RANDOM
|
|
select MBEDTLS_NO_PLATFORM_ENTROPY
|
|
|
|
config MBEDTLS_AES_ROM_TABLES
|
|
bool "Store the AES tables in ROM."
|
|
default n
|
|
|
|
config MBEDTLS_NO_PLATFORM_ENTROPY
|
|
bool "Do not use built-in platform entropy functions."
|
|
default n
|
|
|
|
config MBEDTLS_ECP_RESTARTABLE
|
|
bool "Enable the restartable ECC."
|
|
default n
|
|
|
|
config MBEDTLS_SELF_TEST
|
|
bool "Enable the checkup functions (*_self_test)."
|
|
default n
|
|
|
|
config MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
|
|
bool "Enable server-side support for clients that reconnect from the same port."
|
|
default n
|
|
|
|
config MBEDTLS_BLOWFISH_C
|
|
bool "Enable the Blowfish block cipher."
|
|
default n
|
|
|
|
config MBEDTLS_CAMELLIA_C
|
|
bool "Enable the Camellia block cipher."
|
|
default n
|
|
|
|
config MBEDTLS_PADLOCK_C
|
|
bool "Enable VIA Padlock support on x86."
|
|
default n
|
|
|
|
config MBEDTLS_TIMING_C
|
|
bool "Enable the semi-portable timing interface."
|
|
default y
|
|
|
|
config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
|
bool "Enable the availability of the API mbedtls_ssl_get_peer_cert() giving access to the peer's certificate after completion of the handshake."
|
|
default n
|
|
|
|
config MBEDTLS_SSL_PROTO_DTLS
|
|
bool "Enable support for DTLS (all available versions)."
|
|
default n
|
|
|
|
if MBEDTLS_SSL_PROTO_DTLS
|
|
|
|
config MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
|
bool "Enable support for the anti-replay mechanism in DTLS."
|
|
default n
|
|
|
|
config MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
|
bool "Enable support for HelloVerifyRequest on DTLS servers."
|
|
default n
|
|
|
|
config MBEDTLS_SSL_DTLS_BADMAC_LIMIT
|
|
bool "Enable support for a limit of records with bad MAC."
|
|
default n
|
|
|
|
config MBEDTLS_SSL_DTLS_CONNECTION_ID
|
|
bool "Enable the Connection ID extension."
|
|
default n
|
|
|
|
config MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
|
bool "Enable the standard version of DTLS Connection ID feature."
|
|
depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
|
|
default n
|
|
|
|
endif # MBEDTLS_SSL_PROTO_DTLS
|
|
|
|
config MBEDTLS_SSL_ALPN
|
|
bool "Enable support for RFC 7301 Application Layer Protocol Negotiation."
|
|
default n
|
|
|
|
config MBEDTLS_AESNI_C
|
|
bool "Enable AES-NI support on x86-64."
|
|
default n
|
|
|
|
config MBEDTLS_ECP_WINDOW_SIZE
|
|
int "Maximum window size used"
|
|
default 6
|
|
|
|
config MBEDTLS_ECP_FIXED_POINT_OPTIM
|
|
bool "Enable fixed-point speed-up"
|
|
default n
|
|
|
|
config MBEDTLS_CMAC_C
|
|
bool "Enable the CMAC (Cipher-based Message Authentication Code) mode for block"
|
|
default n
|
|
|
|
config MBEDTLS_NET_C
|
|
bool "Enable the TCP and UDP over IPv6/IPv4 networking routines"
|
|
default y if LIBC_NETDB
|
|
default n if !LIBC_NETDB
|
|
|
|
config MBEDTLS_ECDSA_C
|
|
bool "Enable the elliptic curve DSA library."
|
|
default n
|
|
|
|
config MBEDTLS_ECP_C
|
|
bool "Enable the elliptic curve over GF(p) library."
|
|
default n
|
|
|
|
config MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
|
bool "Enables specific curves within the Elliptic Curve module."
|
|
default n
|
|
|
|
config MBEDTLS_PEM_WRITE_C
|
|
bool "Enable PEM encoding / writing."
|
|
default n
|
|
|
|
config MBEDTLS_PK_WRITE_C
|
|
bool "Enable the generic public (asymmetric) key writer."
|
|
default n
|
|
|
|
config MBEDTLS_X509_CREATE_C
|
|
bool "Enable X.509 core for creating certificates."
|
|
default n
|
|
|
|
config MBEDTLS_X509_CRT_WRITE_C
|
|
bool "Enable creating X.509 certificates."
|
|
select MBEDTLS_X509_CREATE_C
|
|
default n
|
|
|
|
config MBEDTLS_X509_CSR_WRITE_C
|
|
bool "Enable creating X.509 Certificate Signing Requests (CSR)."
|
|
select MBEDTLS_X509_CREATE_C
|
|
default n
|
|
|
|
config MBEDTLS_X509_CSR_PARSE_C
|
|
bool "Enable X.509 Certificate Signing Request (CSR) parsing."
|
|
default n
|
|
|
|
config MBEDTLS_X509_CRT_POOL
|
|
bool "Enable the X509 Certificate Pool"
|
|
default n
|
|
|
|
if CRYPTO_CRYPTODEV
|
|
|
|
config MBEDTLS_ALT
|
|
bool
|
|
default n
|
|
---help---
|
|
Enable Mbed TLS alted by nuttx crypto via /dev/crypto
|
|
|
|
config MBEDTLS_AES_ALT
|
|
bool "Enable Mbedt TLS AES module alted by nuttx crypto"
|
|
select MBEDTLS_ALT
|
|
default n
|
|
|
|
config MBEDTLS_SHA1_ALT
|
|
bool "Enable Mbedt TLS SHA1 module alted by nuttx crypto"
|
|
select MBEDTLS_ALT
|
|
default n
|
|
|
|
config MBEDTLS_SHA256_ALT
|
|
bool "Enable Mbedt TLS SHA224/SHA256 module alted by nuttx crypto"
|
|
select MBEDTLS_ALT
|
|
default n
|
|
|
|
config MBEDTLS_SHA512_ALT
|
|
bool "Enable Mbedt TLS SHA384/SHA512 module alted by nuttx crypto"
|
|
select MBEDTLS_ALT
|
|
default n
|
|
|
|
endif # CRYPTO_CRYPTODEV
|
|
|
|
menuconfig MBEDTLS_APPS
|
|
tristate "Mbed TLS Applications"
|
|
default n
|
|
---help---
|
|
Enable Mbed TLS Applications
|
|
|
|
if MBEDTLS_APPS
|
|
|
|
config MBEDTLS_DEFAULT_TASK_STACKSIZE
|
|
int "Mbed TLS app default stack size"
|
|
default 8192
|
|
|
|
config MBEDTLS_APP_BENCHMARK
|
|
bool "Mbed TLS benchmark"
|
|
default n
|
|
---help---
|
|
Enable the Mbed TLS self test
|
|
|
|
if MBEDTLS_APP_BENCHMARK
|
|
|
|
config MBEDTLS_APP_BENCHMARK_PROGNAME
|
|
string "Program name"
|
|
default "mbedbenchmark"
|
|
---help---
|
|
This is the name of the program that will be used when the NSH ELF
|
|
program is installed.
|
|
|
|
config MBEDTLS_APP_BENCHMARK_PRIORITY
|
|
int "Benchmark task priority"
|
|
default 100
|
|
|
|
config MBEDTLS_APP_BENCHMARK_STACKSIZE
|
|
int "Benchmark stack size"
|
|
default MBEDTLS_DEFAULT_TASK_STACKSIZE
|
|
|
|
endif # MBEDTLS_APP_BENCHMARK
|
|
|
|
config MBEDTLS_APP_SELFTEST
|
|
bool "Mbed TLS Self Test"
|
|
default n
|
|
---help---
|
|
Enable the Mbed TLS self test
|
|
|
|
if MBEDTLS_APP_SELFTEST
|
|
|
|
config MBEDTLS_APP_SELFTEST_PROGNAME
|
|
string "Program name"
|
|
default "mbedselftest"
|
|
---help---
|
|
This is the name of the program that will be used when the NSH ELF
|
|
program is installed.
|
|
|
|
config MBEDTLS_APP_SELFTEST_PRIORITY
|
|
int "Self test task priority"
|
|
default 100
|
|
|
|
config MBEDTLS_APP_SELFTEST_STACKSIZE
|
|
int "Self test stack size"
|
|
default MBEDTLS_DEFAULT_TASK_STACKSIZE
|
|
|
|
endif # MBEDTLS_APP_SELFTEST
|
|
|
|
endif # MBEDTLS_APPS
|
|
|
|
endif # CRYPTO_MBEDTLS
|