mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
befc93aa2d
- Removed code regarding MBEDTLS_DYNAMIC_FREE_PEER_CERT (config was kept for backward compatibility) - Combined mbedTLS v2.28.x related options under a separate Kconfig menu
1030 lines
39 KiB
Plaintext
1030 lines
39 KiB
Plaintext
menu "mbedTLS"
|
|
|
|
choice MBEDTLS_MEM_ALLOC_MODE
|
|
prompt "Memory allocation strategy"
|
|
default MBEDTLS_INTERNAL_MEM_ALLOC
|
|
help
|
|
Allocation strategy for mbedTLS, essentially provides ability to
|
|
allocate all required dynamic allocations from,
|
|
|
|
- Internal DRAM memory only
|
|
- External SPIRAM memory only
|
|
- Either internal or external memory based on default malloc()
|
|
behavior in ESP-IDF
|
|
- Custom allocation mode, by overwriting calloc()/free() using
|
|
mbedtls_platform_set_calloc_free() function
|
|
- Internal IRAM memory wherever applicable else internal DRAM
|
|
|
|
Recommended mode here is always internal (*), since that is most preferred
|
|
from security perspective. But if application requirement does not
|
|
allow sufficient free internal memory then alternate mode can be
|
|
selected.
|
|
|
|
(*) In case of ESP32-S2/ESP32-S3, hardware allows encryption of external
|
|
SPIRAM contents provided hardware flash encryption feature is enabled.
|
|
In that case, using external SPIRAM allocation strategy is also safe choice
|
|
from security perspective.
|
|
|
|
config MBEDTLS_INTERNAL_MEM_ALLOC
|
|
bool "Internal memory"
|
|
|
|
config MBEDTLS_EXTERNAL_MEM_ALLOC
|
|
bool "External SPIRAM"
|
|
depends on SPIRAM_USE_CAPS_ALLOC || SPIRAM_USE_MALLOC
|
|
|
|
config MBEDTLS_DEFAULT_MEM_ALLOC
|
|
bool "Default alloc mode"
|
|
|
|
config MBEDTLS_CUSTOM_MEM_ALLOC
|
|
bool "Custom alloc mode"
|
|
|
|
config MBEDTLS_IRAM_8BIT_MEM_ALLOC
|
|
bool "Internal IRAM"
|
|
depends on ESP32_IRAM_AS_8BIT_ACCESSIBLE_MEMORY
|
|
help
|
|
Allows to use IRAM memory region as 8bit accessible region.
|
|
|
|
TLS input and output buffers will be allocated in IRAM section which is 32bit aligned
|
|
memory. Every unaligned (8bit or 16bit) access will result in an exception
|
|
and incur penalty of certain clock cycles per unaligned read/write.
|
|
|
|
endchoice #MBEDTLS_MEM_ALLOC_MODE
|
|
|
|
config MBEDTLS_SSL_MAX_CONTENT_LEN
|
|
int "TLS maximum message content length"
|
|
default 16384
|
|
range 512 16384
|
|
depends on !MBEDTLS_ASYMMETRIC_CONTENT_LEN
|
|
help
|
|
Maximum TLS message length (in bytes) supported by mbedTLS.
|
|
|
|
16384 is the default and this value is required to comply
|
|
fully with TLS standards.
|
|
|
|
However you can set a lower value in order to save RAM. This
|
|
is safe if the other end of the connection supports Maximum
|
|
Fragment Length Negotiation Extension (max_fragment_length,
|
|
see RFC6066) or you know for certain that it will never send a
|
|
message longer than a certain number of bytes.
|
|
|
|
If the value is set too low, symptoms are a failed TLS
|
|
handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD
|
|
(-0x7200).
|
|
|
|
config MBEDTLS_ASYMMETRIC_CONTENT_LEN
|
|
bool "Asymmetric in/out fragment length"
|
|
default y
|
|
help
|
|
If enabled, this option allows customizing TLS in/out fragment length
|
|
in asymmetric way. Please note that enabling this with default values
|
|
saves 12KB of dynamic memory per TLS connection.
|
|
|
|
config MBEDTLS_SSL_IN_CONTENT_LEN
|
|
int "TLS maximum incoming fragment length"
|
|
default 16384
|
|
range 512 16384
|
|
depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN
|
|
help
|
|
This defines maximum incoming fragment length, overriding default
|
|
maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN).
|
|
|
|
config MBEDTLS_SSL_OUT_CONTENT_LEN
|
|
int "TLS maximum outgoing fragment length"
|
|
default 4096
|
|
range 512 16384
|
|
depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN
|
|
help
|
|
This defines maximum outgoing fragment length, overriding default
|
|
maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN).
|
|
|
|
config MBEDTLS_DYNAMIC_BUFFER
|
|
bool "Using dynamic TX/RX buffer"
|
|
default n
|
|
select MBEDTLS_ASYMMETRIC_CONTENT_LEN
|
|
# Dynamic buffer feature is not supported with DTLS
|
|
depends on !MBEDTLS_SSL_PROTO_DTLS && !MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
|
help
|
|
Using dynamic TX/RX buffer. After enabling this option, mbedTLS will
|
|
allocate TX buffer when need to send data and then free it if all data
|
|
is sent, allocate RX buffer when need to receive data and then free it
|
|
when all data is used or read by upper layer.
|
|
|
|
By default, when SSL is initialized, mbedTLS also allocate TX and
|
|
RX buffer with the default value of "MBEDTLS_SSL_OUT_CONTENT_LEN" or
|
|
"MBEDTLS_SSL_IN_CONTENT_LEN", so to save more heap, users can set
|
|
the options to be an appropriate value.
|
|
|
|
config MBEDTLS_DYNAMIC_FREE_PEER_CERT
|
|
bool "Free SSL peer certificate after its usage"
|
|
default n
|
|
depends on MBEDTLS_DYNAMIC_BUFFER
|
|
help
|
|
Free peer certificate after its usage in handshake process.
|
|
|
|
config MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
|
|
bool "Free private key and DHM data after its usage"
|
|
default n
|
|
depends on MBEDTLS_DYNAMIC_BUFFER
|
|
help
|
|
Free private key and DHM data after its usage in handshake process.
|
|
|
|
The option will decrease heap cost when handshake, but also lead to problem:
|
|
|
|
Becasue all certificate, private key and DHM data are freed so users should register
|
|
certificate and private key to ssl config object again.
|
|
|
|
config MBEDTLS_DYNAMIC_FREE_CA_CERT
|
|
bool "Free SSL CA certificate after its usage"
|
|
default y
|
|
depends on MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
|
|
help
|
|
Free CA certificate after its usage in the handshake process.
|
|
This option will decrease the heap footprint for the TLS handshake, but may lead to a problem:
|
|
If the respective ssl object needs to perform the TLS handshake again,
|
|
the CA certificate should once again be registered to the ssl object.
|
|
|
|
config MBEDTLS_DEBUG
|
|
bool "Enable mbedTLS debugging"
|
|
default n
|
|
help
|
|
Enable mbedTLS debugging functions at compile time.
|
|
|
|
If this option is enabled, you can include
|
|
"mbedtls/esp_debug.h" and call mbedtls_esp_enable_debug_log()
|
|
at runtime in order to enable mbedTLS debug output via the ESP
|
|
log mechanism.
|
|
|
|
choice MBEDTLS_DEBUG_LEVEL
|
|
bool "Set mbedTLS debugging level"
|
|
depends on MBEDTLS_DEBUG
|
|
default MBEDTLS_DEBUG_LEVEL_VERBOSE
|
|
help
|
|
Set mbedTLS debugging level
|
|
|
|
config MBEDTLS_DEBUG_LEVEL_WARN
|
|
bool "Warning"
|
|
config MBEDTLS_DEBUG_LEVEL_INFO
|
|
bool "Info"
|
|
config MBEDTLS_DEBUG_LEVEL_DEBUG
|
|
bool "Debug"
|
|
config MBEDTLS_DEBUG_LEVEL_VERBOSE
|
|
bool "Verbose"
|
|
endchoice
|
|
|
|
config MBEDTLS_DEBUG_LEVEL
|
|
int
|
|
default 1 if MBEDTLS_DEBUG_LEVEL_WARN
|
|
default 2 if MBEDTLS_DEBUG_LEVEL_INFO
|
|
default 3 if MBEDTLS_DEBUG_LEVEL_DEBUG
|
|
default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE
|
|
|
|
menu "mbedTLS v2.28.x related"
|
|
|
|
config MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
|
bool "Variable SSL buffer length"
|
|
default n
|
|
help
|
|
This enables the SSL buffer to be resized automatically
|
|
based on the negotiated maximum fragment length in each direction.
|
|
|
|
config MBEDTLS_ECDH_LEGACY_CONTEXT
|
|
bool "Use a backward compatible ECDH context (Experimental)"
|
|
default y
|
|
depends on MBEDTLS_ECDH_C && MBEDTLS_ECP_RESTARTABLE
|
|
help
|
|
Use the legacy ECDH context format.
|
|
Define this option only if you enable MBEDTLS_ECP_RESTARTABLE or if you
|
|
want to access ECDH context fields directly.
|
|
|
|
config MBEDTLS_X509_TRUSTED_CERT_CALLBACK
|
|
bool "Enable trusted certificate callbacks"
|
|
default n
|
|
help
|
|
Enables users to configure the set of trusted certificates
|
|
through a callback instead of a linked list.
|
|
|
|
See mbedTLS documentation for required API and more details.
|
|
|
|
config MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
|
bool "Enable serialization of the TLS context structures"
|
|
default n
|
|
help
|
|
Enable serialization of the TLS context structures
|
|
This is a local optimization in handling a single, potentially long-lived connection.
|
|
|
|
See mbedTLS documentation for required API and more details.
|
|
Disabling this option will save some code size.
|
|
|
|
config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
|
bool "Keep peer certificate after handshake completion"
|
|
default y
|
|
depends on !MBEDTLS_DYNAMIC_FREE_PEER_CERT
|
|
help
|
|
Keep the peer's certificate after completion of the handshake.
|
|
Disabling this option will save about 4kB of heap and some code size.
|
|
|
|
See mbedTLS documentation for required API and more details.
|
|
|
|
menu "DTLS-based configurations"
|
|
visible if MBEDTLS_SSL_PROTO_DTLS
|
|
|
|
config MBEDTLS_SSL_DTLS_CONNECTION_ID
|
|
bool "Support for the DTLS Connection ID extension"
|
|
depends on MBEDTLS_SSL_PROTO_DTLS
|
|
default n
|
|
help
|
|
Enable support for the DTLS Connection ID extension which allows to
|
|
identify DTLS connections across changes in the underlying transport.
|
|
The Connection ID extension is still in draft state.
|
|
Refer: version draft-ietf-tls-dtls-connection-id-05
|
|
|
|
config MBEDTLS_SSL_CID_IN_LEN_MAX
|
|
int "Maximum length of CIDs used for incoming DTLS messages"
|
|
default 32
|
|
range 0 32
|
|
depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
|
|
help
|
|
Maximum length of CIDs used for incoming DTLS messages
|
|
|
|
config MBEDTLS_SSL_CID_OUT_LEN_MAX
|
|
int "Maximum length of CIDs used for outgoing DTLS messages"
|
|
default 32
|
|
range 0 32
|
|
depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
|
|
help
|
|
Maximum length of CIDs used for outgoing DTLS messages
|
|
|
|
config MBEDTLS_SSL_CID_PADDING_GRANULARITY
|
|
int "Record plaintext padding (for DTLS 1.2)"
|
|
default 16
|
|
range 0 32
|
|
depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
|
|
help
|
|
Controls the use of record plaintext padding when
|
|
using the Connection ID extension in DTLS 1.2.
|
|
|
|
The padding will always be chosen so that the length of the
|
|
padded plaintext is a multiple of the value of this option.
|
|
|
|
Notes:
|
|
A value of 1 means that no padding will be used for outgoing records.
|
|
On systems lacking division instructions, a power of two should be preferred.
|
|
|
|
config MBEDTLS_SSL_DTLS_SRTP
|
|
bool "Enable support for negotiation of DTLS-SRTP (RFC 5764)"
|
|
depends on MBEDTLS_SSL_PROTO_DTLS
|
|
default n
|
|
help
|
|
Enable support for negotiation of DTLS-SRTP (RFC 5764) through the use_srtp extension.
|
|
|
|
See mbedTLS documentation for required API and more details.
|
|
Disabling this option will save some code size.
|
|
|
|
endmenu
|
|
|
|
endmenu
|
|
|
|
menu "Certificate Bundle"
|
|
|
|
config MBEDTLS_CERTIFICATE_BUNDLE
|
|
bool "Enable trusted root certificate bundle"
|
|
default y
|
|
help
|
|
Enable support for large number of default root certificates
|
|
|
|
When enabled this option allows user to store default as well
|
|
as customer specific root certificates in compressed format rather
|
|
than storing full certificate. For the root certificates the public key and the subject name
|
|
will be stored.
|
|
|
|
choice MBEDTLS_DEFAULT_CERTIFICATE_BUNDLE
|
|
bool "Default certificate bundle options"
|
|
depends on MBEDTLS_CERTIFICATE_BUNDLE
|
|
default MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL
|
|
|
|
config MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL
|
|
bool "Use the full default certificate bundle"
|
|
config MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN
|
|
bool "Use only the most common certificates from the default bundles"
|
|
help
|
|
Use only the most common certificates from the default bundles, reducing the size with 50%,
|
|
while still having around 99% coverage.
|
|
config MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE
|
|
bool "Do not use the default certificate bundle"
|
|
endchoice
|
|
|
|
config MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE
|
|
depends on MBEDTLS_CERTIFICATE_BUNDLE
|
|
default n
|
|
bool "Add custom certificates to the default bundle"
|
|
config MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH
|
|
depends on MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE
|
|
string "Custom certificate bundle path"
|
|
help
|
|
Name of the custom certificate directory or file. This path is evaluated
|
|
relative to the project root directory.
|
|
endmenu
|
|
|
|
config MBEDTLS_ECP_RESTARTABLE
|
|
bool "Enable mbedTLS ecp restartable"
|
|
default n
|
|
help
|
|
Enable "non-blocking" ECC operations that can return early and be resumed.
|
|
|
|
config MBEDTLS_CMAC_C
|
|
bool "Enable CMAC mode for block ciphers"
|
|
default n
|
|
depends on MBEDTLS_AES_C || MBEDTLS_DES_C
|
|
help
|
|
Enable the CMAC (Cipher-based Message Authentication Code) mode for
|
|
block ciphers.
|
|
|
|
config MBEDTLS_HARDWARE_AES
|
|
bool "Enable hardware AES acceleration"
|
|
default y
|
|
depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && !IDF_TARGET_ESP32C2
|
|
help
|
|
Enable hardware accelerated AES encryption & decryption.
|
|
|
|
Note that if the ESP32 CPU is running at 240MHz, hardware AES does not
|
|
offer any speed boost over software AES.
|
|
|
|
config MBEDTLS_AES_USE_INTERRUPT
|
|
bool "Use interrupt for long AES operations"
|
|
depends on !IDF_TARGET_ESP32 && MBEDTLS_HARDWARE_AES
|
|
default y
|
|
help
|
|
Use an interrupt to coordinate long AES operations.
|
|
|
|
This allows other code to run on the CPU while an AES operation is pending.
|
|
Otherwise the CPU busy-waits.
|
|
|
|
config MBEDTLS_HARDWARE_GCM
|
|
bool "Enable partially hardware accelerated GCM"
|
|
depends on IDF_TARGET_ESP32S2 && MBEDTLS_HARDWARE_AES
|
|
default y
|
|
help
|
|
Enable partially hardware accelerated GCM. GHASH calculation is still done
|
|
in software.
|
|
|
|
If MBEDTLS_HARDWARE_GCM is disabled and MBEDTLS_HARDWARE_AES is enabled then
|
|
mbedTLS will still use the hardware accelerated AES block operation, but
|
|
on a single block at a time.
|
|
|
|
config MBEDTLS_HARDWARE_MPI
|
|
bool "Enable hardware MPI (bignum) acceleration"
|
|
default y
|
|
depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && !IDF_TARGET_ESP32C2
|
|
help
|
|
Enable hardware accelerated multiple precision integer operations.
|
|
|
|
Hardware accelerated multiplication, modulo multiplication,
|
|
and modular exponentiation for up to SOC_RSA_MAX_BIT_LEN bit results.
|
|
|
|
These operations are used by RSA.
|
|
|
|
config MBEDTLS_MPI_USE_INTERRUPT
|
|
bool "Use interrupt for MPI exp-mod operations"
|
|
depends on !IDF_TARGET_ESP32 && MBEDTLS_HARDWARE_MPI
|
|
default y
|
|
help
|
|
Use an interrupt to coordinate long MPI operations.
|
|
|
|
This allows other code to run on the CPU while an MPI operation is pending.
|
|
Otherwise the CPU busy-waits.
|
|
|
|
config MBEDTLS_HARDWARE_SHA
|
|
bool "Enable hardware SHA acceleration"
|
|
default y
|
|
depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST
|
|
help
|
|
Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS.
|
|
|
|
Due to a hardware limitation, on the ESP32 hardware acceleration is only
|
|
guaranteed if SHA digests are calculated one at a time. If more
|
|
than one SHA digest is calculated at the same time, one will
|
|
be calculated fully in hardware and the rest will be calculated
|
|
(at least partially calculated) in software. This happens automatically.
|
|
|
|
SHA hardware acceleration is faster than software in some situations but
|
|
slower in others. You should benchmark to find the best setting for you.
|
|
|
|
config MBEDTLS_ROM_MD5
|
|
bool "Use MD5 implementation in ROM"
|
|
default y
|
|
help
|
|
Use ROM MD5 in mbedTLS.
|
|
|
|
config MBEDTLS_ATCA_HW_ECDSA_SIGN
|
|
bool "Enable hardware ECDSA sign acceleration when using ATECC608A"
|
|
default n
|
|
help
|
|
This option enables hardware acceleration for ECDSA sign function, only
|
|
when using ATECC608A cryptoauth chip (integrated with ESP32-WROOM-32SE)
|
|
|
|
config MBEDTLS_ATCA_HW_ECDSA_VERIFY
|
|
bool "Enable hardware ECDSA verify acceleration when using ATECC608A"
|
|
default n
|
|
help
|
|
This option enables hardware acceleration for ECDSA sign function, only
|
|
when using ATECC608A cryptoauth chip (integrated with ESP32-WROOM-32SE)
|
|
|
|
config MBEDTLS_HAVE_TIME
|
|
bool "Enable mbedtls time support"
|
|
depends on !ESP_TIME_FUNCS_USE_NONE
|
|
default y
|
|
help
|
|
Enable use of time.h functions (time() and gmtime()) by mbedTLS.
|
|
|
|
This option doesn't require the system time to be correct, but enables
|
|
functionality that requires relative timekeeping - for example periodic
|
|
expiry of TLS session tickets or session cache entries.
|
|
|
|
Disabling this option will save some firmware size, particularly if
|
|
the rest of the firmware doesn't call any standard timekeeeping
|
|
functions.
|
|
|
|
config MBEDTLS_HAVE_TIME_DATE
|
|
bool "Enable mbedtls certificate expiry check"
|
|
depends on MBEDTLS_HAVE_TIME
|
|
default n
|
|
help
|
|
Enables X.509 certificate expiry checks in mbedTLS.
|
|
|
|
If this option is disabled (default) then X.509 certificate
|
|
"valid from" and "valid to" timestamp fields are ignored.
|
|
|
|
If this option is enabled, these fields are compared with the
|
|
current system date and time. The time is retrieved using the
|
|
standard time() and gmtime() functions. If the certificate is not
|
|
valid for the current system time then verification will fail with
|
|
code MBEDTLS_X509_BADCERT_FUTURE or MBEDTLS_X509_BADCERT_EXPIRED.
|
|
|
|
Enabling this option requires adding functionality in the firmware
|
|
to set the system clock to a valid timestamp before using TLS. The
|
|
recommended way to do this is via ESP-IDF's SNTP functionality, but
|
|
any method can be used.
|
|
|
|
In the case where only a small number of certificates are trusted by
|
|
the device, please carefully consider the tradeoffs of enabling this
|
|
option. There may be undesired consequences, for example if all
|
|
trusted certificates expire while the device is offline and a TLS
|
|
connection is required to update. Or if an issue with the SNTP
|
|
server means that the system time is invalid for an extended period
|
|
after a reset.
|
|
|
|
config MBEDTLS_ECDSA_DETERMINISTIC
|
|
bool "Enable deterministic ECDSA"
|
|
default y
|
|
help
|
|
Standard ECDSA is "fragile" in the sense that lack of entropy when signing
|
|
may result in a compromise of the long-term signing key.
|
|
|
|
config MBEDTLS_SHA512_C
|
|
bool "Enable the SHA-384 and SHA-512 cryptographic hash algorithms"
|
|
default y
|
|
help
|
|
Enable MBEDTLS_SHA512_C adds support for SHA-384 and SHA-512.
|
|
|
|
choice MBEDTLS_TLS_MODE
|
|
bool "TLS Protocol Role"
|
|
default MBEDTLS_TLS_SERVER_AND_CLIENT
|
|
help
|
|
mbedTLS can be compiled with protocol support for the TLS
|
|
server, TLS client, or both server and client.
|
|
|
|
Reducing the number of TLS roles supported saves code size.
|
|
|
|
config MBEDTLS_TLS_SERVER_AND_CLIENT
|
|
bool "Server & Client"
|
|
select MBEDTLS_TLS_SERVER
|
|
select MBEDTLS_TLS_CLIENT
|
|
config MBEDTLS_TLS_SERVER_ONLY
|
|
bool "Server"
|
|
select MBEDTLS_TLS_SERVER
|
|
config MBEDTLS_TLS_CLIENT_ONLY
|
|
bool "Client"
|
|
select MBEDTLS_TLS_CLIENT
|
|
config MBEDTLS_TLS_DISABLED
|
|
bool "None"
|
|
|
|
endchoice
|
|
|
|
config MBEDTLS_TLS_SERVER
|
|
bool
|
|
select MBEDTLS_TLS_ENABLED
|
|
config MBEDTLS_TLS_CLIENT
|
|
bool
|
|
select MBEDTLS_TLS_ENABLED
|
|
config MBEDTLS_TLS_ENABLED
|
|
bool
|
|
|
|
menu "TLS Key Exchange Methods"
|
|
depends on MBEDTLS_TLS_ENABLED
|
|
|
|
config MBEDTLS_PSK_MODES
|
|
bool "Enable pre-shared-key ciphersuites"
|
|
default n
|
|
help
|
|
Enable to show configuration for different types of pre-shared-key TLS authentatication methods.
|
|
|
|
Leaving this options disabled will save code size if they are not used.
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_PSK
|
|
bool "Enable PSK based ciphersuite modes"
|
|
depends on MBEDTLS_PSK_MODES
|
|
default n
|
|
help
|
|
Enable to support symmetric key PSK (pre-shared-key) TLS key exchange modes.
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_DHE_PSK
|
|
bool "Enable DHE-PSK based ciphersuite modes"
|
|
depends on MBEDTLS_PSK_MODES && MBEDTLS_DHM_C
|
|
default y
|
|
help
|
|
Enable to support Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
|
|
bool "Enable ECDHE-PSK based ciphersuite modes"
|
|
depends on MBEDTLS_PSK_MODES && MBEDTLS_ECDH_C
|
|
default y
|
|
help
|
|
Enable to support Elliptic-Curve-Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_RSA_PSK
|
|
bool "Enable RSA-PSK based ciphersuite modes"
|
|
depends on MBEDTLS_PSK_MODES
|
|
default y
|
|
help
|
|
Enable to support RSA PSK (pre-shared-key) TLS authentication modes.
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_RSA
|
|
bool "Enable RSA-only based ciphersuite modes"
|
|
default y
|
|
help
|
|
Enable to support ciphersuites with prefix TLS-RSA-WITH-
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_DHE_RSA
|
|
bool "Enable DHE-RSA based ciphersuite modes"
|
|
default y
|
|
depends on MBEDTLS_DHM_C
|
|
help
|
|
Enable to support ciphersuites with prefix TLS-DHE-RSA-WITH-
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE
|
|
bool "Support Elliptic Curve based ciphersuites"
|
|
depends on MBEDTLS_ECP_C
|
|
default y
|
|
help
|
|
Enable to show Elliptic Curve based ciphersuite mode options.
|
|
|
|
Disabling all Elliptic Curve ciphersuites saves code size and
|
|
can give slightly faster TLS handshakes, provided the server supports
|
|
RSA-only ciphersuite modes.
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
|
|
bool "Enable ECDHE-RSA based ciphersuite modes"
|
|
depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C
|
|
default y
|
|
help
|
|
Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
|
|
bool "Enable ECDHE-ECDSA based ciphersuite modes"
|
|
depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
|
|
default y
|
|
help
|
|
Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
|
|
bool "Enable ECDH-ECDSA based ciphersuite modes"
|
|
depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
|
|
default y
|
|
help
|
|
Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDH_RSA
|
|
bool "Enable ECDH-RSA based ciphersuite modes"
|
|
depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C
|
|
default y
|
|
help
|
|
Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECJPAKE
|
|
bool "Enable ECJPAKE based ciphersuite modes"
|
|
depends on MBEDTLS_ECJPAKE_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
|
default n
|
|
help
|
|
Enable to support ciphersuites with prefix TLS-ECJPAKE-WITH-
|
|
|
|
endmenu # TLS key exchange modes
|
|
|
|
config MBEDTLS_SSL_RENEGOTIATION
|
|
bool "Support TLS renegotiation"
|
|
depends on MBEDTLS_TLS_ENABLED
|
|
default y
|
|
help
|
|
The two main uses of renegotiation are (1) refresh keys on long-lived
|
|
connections and (2) client authentication after the initial handshake.
|
|
If you don't need renegotiation, disabling it will save code size and
|
|
reduce the possibility of abuse/vulnerability.
|
|
|
|
config MBEDTLS_SSL_PROTO_SSL3
|
|
bool "Legacy SSL 3.0 support"
|
|
depends on MBEDTLS_TLS_ENABLED
|
|
default n
|
|
help
|
|
Support the legacy SSL 3.0 protocol. Most servers will speak a newer
|
|
TLS protocol these days.
|
|
|
|
config MBEDTLS_SSL_PROTO_TLS1
|
|
bool "Support TLS 1.0 protocol"
|
|
depends on MBEDTLS_TLS_ENABLED
|
|
default y
|
|
|
|
config MBEDTLS_SSL_PROTO_TLS1_1
|
|
bool "Support TLS 1.1 protocol"
|
|
depends on MBEDTLS_TLS_ENABLED
|
|
default y
|
|
|
|
config MBEDTLS_SSL_PROTO_TLS1_2
|
|
bool "Support TLS 1.2 protocol"
|
|
depends on MBEDTLS_TLS_ENABLED
|
|
default y
|
|
|
|
config MBEDTLS_SSL_PROTO_GMTSSL1_1
|
|
bool "Support GM/T SSL 1.1 protocol"
|
|
depends on MBEDTLS_TLS_ENABLED
|
|
default n
|
|
help
|
|
Provisions for GM/T SSL 1.1 support
|
|
|
|
config MBEDTLS_SSL_PROTO_DTLS
|
|
bool "Support DTLS protocol (all versions)"
|
|
default n
|
|
depends on MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2
|
|
help
|
|
Requires TLS 1.1 to be enabled for DTLS 1.0
|
|
Requires TLS 1.2 to be enabled for DTLS 1.2
|
|
|
|
config MBEDTLS_SSL_ALPN
|
|
bool "Support ALPN (Application Layer Protocol Negotiation)"
|
|
depends on MBEDTLS_TLS_ENABLED
|
|
default y
|
|
help
|
|
Disabling this option will save some code size if it is not needed.
|
|
|
|
config MBEDTLS_CLIENT_SSL_SESSION_TICKETS
|
|
bool "TLS: Client Support for RFC 5077 SSL session tickets"
|
|
default y
|
|
depends on MBEDTLS_TLS_ENABLED
|
|
help
|
|
Client support for RFC 5077 session tickets. See mbedTLS documentation for more details.
|
|
Disabling this option will save some code size.
|
|
|
|
config MBEDTLS_X509_CHECK_KEY_USAGE
|
|
bool "Enable verification of the keyUsage extension"
|
|
default y
|
|
depends on MBEDTLS_TLS_ENABLED
|
|
help
|
|
Disabling this avoids problems with mis-issued and/or misused (intermediate) CA and leaf certificates.
|
|
Depending on your PKI use, disabling this can be a security risk.
|
|
|
|
config MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
|
|
bool "Enable verification of the extendedKeyUsage extension"
|
|
default y
|
|
depends on MBEDTLS_TLS_ENABLED
|
|
help
|
|
Disabling this avoids problems with mis-issued and/or misused certificates.
|
|
Depending on your PKI use, disabling this can be a security risk.
|
|
|
|
config MBEDTLS_SERVER_SSL_SESSION_TICKETS
|
|
bool "TLS: Server Support for RFC 5077 SSL session tickets"
|
|
default y
|
|
depends on MBEDTLS_TLS_ENABLED
|
|
help
|
|
Server support for RFC 5077 session tickets. See mbedTLS documentation for more details.
|
|
Disabling this option will save some code size.
|
|
|
|
menu "Symmetric Ciphers"
|
|
|
|
config MBEDTLS_AES_C
|
|
bool "AES block cipher"
|
|
default y
|
|
|
|
config MBEDTLS_CAMELLIA_C
|
|
bool "Camellia block cipher"
|
|
default n
|
|
|
|
config MBEDTLS_DES_C
|
|
bool "DES block cipher (legacy, insecure)"
|
|
default n
|
|
help
|
|
Enables the DES block cipher to support 3DES-based TLS ciphersuites.
|
|
|
|
3DES is vulnerable to the Sweet32 attack and should only be enabled
|
|
if absolutely necessary.
|
|
|
|
choice MBEDTLS_RC4_MODE
|
|
prompt "RC4 Stream Cipher (legacy, insecure)"
|
|
default MBEDTLS_RC4_DISABLED
|
|
help
|
|
ARCFOUR (RC4) stream cipher can be disabled entirely, enabled but not
|
|
added to default ciphersuites, or enabled completely.
|
|
|
|
Please consider the security implications before enabling RC4.
|
|
|
|
config MBEDTLS_RC4_DISABLED
|
|
bool "Disabled"
|
|
config MBEDTLS_RC4_ENABLED_NO_DEFAULT
|
|
bool "Enabled, not in default ciphersuites"
|
|
config MBEDTLS_RC4_ENABLED
|
|
bool "Enabled"
|
|
endchoice
|
|
|
|
config MBEDTLS_BLOWFISH_C
|
|
bool "Blowfish block cipher (read help)"
|
|
default n
|
|
help
|
|
Enables the Blowfish block cipher (not used for TLS sessions.)
|
|
|
|
The Blowfish cipher is not used for mbedTLS TLS sessions but can be
|
|
used for other purposes. Read up on the limitations of Blowfish (including
|
|
Sweet32) before enabling.
|
|
|
|
config MBEDTLS_XTEA_C
|
|
bool "XTEA block cipher"
|
|
default n
|
|
help
|
|
Enables the XTEA block cipher.
|
|
|
|
|
|
config MBEDTLS_CCM_C
|
|
bool "CCM (Counter with CBC-MAC) block cipher modes"
|
|
default y
|
|
depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
|
|
help
|
|
Enable Counter with CBC-MAC (CCM) modes for AES and/or Camellia ciphers.
|
|
|
|
Disabling this option saves some code size.
|
|
|
|
config MBEDTLS_GCM_C
|
|
bool "GCM (Galois/Counter) block cipher modes"
|
|
default y
|
|
depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
|
|
help
|
|
Enable Galois/Counter Mode for AES and/or Camellia ciphers.
|
|
|
|
This option is generally faster than CCM.
|
|
|
|
config MBEDTLS_NIST_KW_C
|
|
bool "NIST key wrapping (KW) and KW padding (KWP)"
|
|
default n
|
|
depends on MBEDTLS_AES_C
|
|
help
|
|
Enable NIST key wrapping and key wrapping padding.
|
|
|
|
endmenu # Symmetric Ciphers
|
|
|
|
config MBEDTLS_RIPEMD160_C
|
|
bool "Enable RIPEMD-160 hash algorithm"
|
|
default n
|
|
help
|
|
Enable the RIPEMD-160 hash algorithm.
|
|
|
|
menu "Certificates"
|
|
|
|
config MBEDTLS_PEM_PARSE_C
|
|
bool "Read & Parse PEM formatted certificates"
|
|
default y
|
|
help
|
|
Enable decoding/parsing of PEM formatted certificates.
|
|
|
|
If your certificates are all in the simpler DER format, disabling
|
|
this option will save some code size.
|
|
|
|
config MBEDTLS_PEM_WRITE_C
|
|
bool "Write PEM formatted certificates"
|
|
default y
|
|
help
|
|
Enable writing of PEM formatted certificates.
|
|
|
|
If writing certificate data only in DER format, disabling this
|
|
option will save some code size.
|
|
|
|
config MBEDTLS_X509_CRL_PARSE_C
|
|
bool "X.509 CRL parsing"
|
|
default y
|
|
help
|
|
Support for parsing X.509 Certifificate Revocation Lists.
|
|
|
|
config MBEDTLS_X509_CSR_PARSE_C
|
|
bool "X.509 CSR parsing"
|
|
default y
|
|
help
|
|
Support for parsing X.509 Certifificate Signing Requests
|
|
|
|
endmenu # Certificates
|
|
|
|
menuconfig MBEDTLS_ECP_C
|
|
bool "Elliptic Curve Ciphers"
|
|
default y
|
|
|
|
config MBEDTLS_DHM_C
|
|
bool "Diffie-Hellman-Merkle key exchange (DHM)"
|
|
default n
|
|
help
|
|
Enable DHM. Needed to use DHE-xxx TLS ciphersuites.
|
|
|
|
Note that the security of Diffie-Hellman key exchanges depends on
|
|
a suitable prime being used for the exchange. Please see detailed
|
|
warning text about this in file `mbedtls/dhm.h` file.
|
|
|
|
config MBEDTLS_ECDH_C
|
|
bool "Elliptic Curve Diffie-Hellman (ECDH)"
|
|
depends on MBEDTLS_ECP_C
|
|
default y
|
|
help
|
|
Enable ECDH. Needed to use ECDHE-xxx TLS ciphersuites.
|
|
|
|
config MBEDTLS_ECDSA_C
|
|
bool "Elliptic Curve DSA"
|
|
depends on MBEDTLS_ECDH_C
|
|
default y
|
|
help
|
|
Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites.
|
|
|
|
config MBEDTLS_ECJPAKE_C
|
|
bool "Elliptic curve J-PAKE"
|
|
depends on MBEDTLS_ECP_C
|
|
default n
|
|
help
|
|
Enable ECJPAKE. Needed to use ECJPAKE-xxx TLS ciphersuites.
|
|
|
|
config MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
|
bool "Enable SECP192R1 curve"
|
|
depends on MBEDTLS_ECP_C
|
|
default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
|
|
help
|
|
Enable support for SECP192R1 Elliptic Curve.
|
|
|
|
config MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
|
bool "Enable SECP224R1 curve"
|
|
depends on MBEDTLS_ECP_C
|
|
default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
|
|
help
|
|
Enable support for SECP224R1 Elliptic Curve.
|
|
|
|
config MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
|
bool "Enable SECP256R1 curve"
|
|
depends on MBEDTLS_ECP_C
|
|
default y
|
|
help
|
|
Enable support for SECP256R1 Elliptic Curve.
|
|
|
|
config MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
|
bool "Enable SECP384R1 curve"
|
|
depends on MBEDTLS_ECP_C
|
|
default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
|
|
help
|
|
Enable support for SECP384R1 Elliptic Curve.
|
|
|
|
config MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
|
bool "Enable SECP521R1 curve"
|
|
depends on MBEDTLS_ECP_C
|
|
default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
|
|
help
|
|
Enable support for SECP521R1 Elliptic Curve.
|
|
|
|
config MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
|
bool "Enable SECP192K1 curve"
|
|
depends on MBEDTLS_ECP_C
|
|
default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
|
|
help
|
|
Enable support for SECP192K1 Elliptic Curve.
|
|
|
|
config MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
|
bool "Enable SECP224K1 curve"
|
|
depends on MBEDTLS_ECP_C
|
|
default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
|
|
help
|
|
Enable support for SECP224K1 Elliptic Curve.
|
|
|
|
config MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
|
bool "Enable SECP256K1 curve"
|
|
depends on MBEDTLS_ECP_C
|
|
default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
|
|
help
|
|
Enable support for SECP256K1 Elliptic Curve.
|
|
|
|
config MBEDTLS_ECP_DP_BP256R1_ENABLED
|
|
bool "Enable BP256R1 curve"
|
|
depends on MBEDTLS_ECP_C
|
|
default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
|
|
help
|
|
support for DP Elliptic Curve.
|
|
|
|
config MBEDTLS_ECP_DP_BP384R1_ENABLED
|
|
bool "Enable BP384R1 curve"
|
|
depends on MBEDTLS_ECP_C
|
|
default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
|
|
help
|
|
support for DP Elliptic Curve.
|
|
|
|
config MBEDTLS_ECP_DP_BP512R1_ENABLED
|
|
bool "Enable BP512R1 curve"
|
|
depends on MBEDTLS_ECP_C
|
|
default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
|
|
help
|
|
support for DP Elliptic Curve.
|
|
|
|
config MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
|
bool "Enable CURVE25519 curve"
|
|
depends on MBEDTLS_ECP_C
|
|
default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
|
|
help
|
|
Enable support for CURVE25519 Elliptic Curve.
|
|
|
|
config MBEDTLS_ECP_NIST_OPTIM
|
|
bool "NIST 'modulo p' optimisations"
|
|
depends on MBEDTLS_ECP_C
|
|
default y
|
|
help
|
|
NIST 'modulo p' optimisations increase Elliptic Curve operation performance.
|
|
|
|
Disabling this option saves some code size.
|
|
|
|
# end of Elliptic Curve options
|
|
|
|
config MBEDTLS_POLY1305_C
|
|
bool "Poly1305 MAC algorithm"
|
|
default n
|
|
help
|
|
Enable support for Poly1305 MAC algorithm.
|
|
|
|
config MBEDTLS_CHACHA20_C
|
|
bool "Chacha20 stream cipher"
|
|
default n
|
|
help
|
|
Enable support for Chacha20 stream cipher.
|
|
|
|
config MBEDTLS_CHACHAPOLY_C
|
|
bool "ChaCha20-Poly1305 AEAD algorithm"
|
|
default n
|
|
depends on MBEDTLS_CHACHA20_C && MBEDTLS_POLY1305_C
|
|
help
|
|
Enable support for ChaCha20-Poly1305 AEAD algorithm.
|
|
|
|
config MBEDTLS_HKDF_C
|
|
bool "HKDF algorithm (RFC 5869)"
|
|
default n
|
|
help
|
|
Enable support for the Hashed Message Authentication Code
|
|
(HMAC)-based key derivation function (HKDF).
|
|
|
|
config MBEDTLS_THREADING_C
|
|
bool "Enable the threading abstraction layer"
|
|
default n
|
|
help
|
|
If you do intend to use contexts between threads, you will need to enable
|
|
this layer to prevent race conditions.
|
|
|
|
config MBEDTLS_THREADING_ALT
|
|
bool "Enable threading alternate implementation"
|
|
depends on MBEDTLS_THREADING_C
|
|
default y
|
|
help
|
|
Enable threading alt to allow your own alternate threading implementation.
|
|
|
|
config MBEDTLS_THREADING_PTHREAD
|
|
bool "Enable threading pthread implementation"
|
|
depends on MBEDTLS_THREADING_C
|
|
default n
|
|
help
|
|
Enable the pthread wrapper layer for the threading layer.
|
|
|
|
config MBEDTLS_LARGE_KEY_SOFTWARE_MPI
|
|
bool "Fallback to software implementation for larger MPI values"
|
|
depends on MBEDTLS_HARDWARE_MPI
|
|
default y if IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32H2 || IDF_TARGET_ESP32C2 # HW max 3072 bits
|
|
default n
|
|
help
|
|
Fallback to software implementation for RSA key lengths
|
|
larger than SOC_RSA_MAX_BIT_LEN. If this is not active
|
|
then the ESP will be unable to process keys greater
|
|
than SOC_RSA_MAX_BIT_LEN.
|
|
|
|
menuconfig MBEDTLS_SECURITY_RISKS
|
|
bool "Show configurations with potential security risks"
|
|
default n
|
|
|
|
config MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT
|
|
bool "X.509 CRT parsing with unsupported critical extensions"
|
|
depends on MBEDTLS_SECURITY_RISKS
|
|
default n
|
|
help
|
|
Allow the X.509 certificate parser to load certificates
|
|
with unsupported critical extensions
|
|
|
|
endmenu # mbedTLS
|