1# TLS/DTLS related options
2
3# Copyright (c) 2018 Intel Corporation
4# Copyright (c) 2018 Nordic Semiconductor ASA
5# SPDX-License-Identifier: Apache-2.0
6
7menu "Mbed TLS configuration"
8	depends on MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h"
9
10menu "TLS"
11
12config MBEDTLS_TLS_VERSION_1_2
13	bool "Support for TLS 1.2 (DTLS 1.2)"
14	select MBEDTLS_CIPHER
15	select MBEDTLS_MD
16
17if MBEDTLS_TLS_VERSION_1_2
18
19config MBEDTLS_DTLS
20	bool "Support for DTLS"
21
22endif # MBEDTLS_TLS_VERSION_1_2
23
24config MBEDTLS_TLS_VERSION_1_3
25	bool "Support for TLS 1.3"
26
27if MBEDTLS_TLS_VERSION_1_3
28
29config MBEDTLS_TLS_SESSION_TICKETS
30	bool "Support for RFC 5077 session tickets in TLS 1.3"
31
32endif # MBEDTLS_TLS_VERSION_1_3
33
34if MBEDTLS_TLS_VERSION_1_2 || MBEDTLS_TLS_VERSION_1_3
35
36config MBEDTLS_SSL_ALPN
37	bool "Support for setting the supported Application Layer Protocols"
38
39endif # MBEDTLS_TLS_VERSION_1_2 || MBEDTLS_TLS_VERSION_1_3
40
41endmenu # TLS
42
43menu "Ciphersuite configuration"
44
45comment "Supported key exchange modes"
46
47config MBEDTLS_KEY_EXCHANGE_ALL_ENABLED
48	bool "All available ciphersuite modes"
49	select MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
50	select MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
51	select MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
52	select MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
53	select MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
54	select MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
55	select MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
56	select MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
57	select MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
58	select MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
59	select MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
60
61config MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
62	bool "PSK based ciphersuite modes"
63
64config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
65	bool "DHE-PSK based ciphersuite modes"
66
67config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
68	bool "ECDHE-PSK based ciphersuite modes"
69	depends on MBEDTLS_ECDH_C
70
71config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
72	bool "RSA-PSK based ciphersuite modes"
73
74config MBEDTLS_PSK_MAX_LEN
75	int "Max size of TLS pre-shared keys"
76	default 32
77	help
78	  Max size of TLS pre-shared keys, in bytes. It has no effect if no
79	  PSK key exchange is used.
80
81config MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
82	bool "RSA-only based ciphersuite modes"
83	default y if UOSCORE || UEDHOC
84	select MBEDTLS_MD
85	select PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY if PSA_CRYPTO_CLIENT
86	select PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT if PSA_CRYPTO_CLIENT
87	select PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT if PSA_CRYPTO_CLIENT
88	select PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE if PSA_CRYPTO_CLIENT
89
90config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
91	bool "DHE-RSA based ciphersuite modes"
92
93config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
94	bool "ECDHE-RSA based ciphersuite modes"
95	depends on MBEDTLS_ECDH_C
96
97config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
98	bool "ECDHE-ECDSA based ciphersuite modes"
99	depends on MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C || (PSA_WANT_ALG_ECDH && PSA_WANT_ALG_ECDSA)
100
101config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
102	bool "ECDH-ECDSA based ciphersuite modes"
103	depends on (MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C) || (PSA_WANT_ALG_ECDH && PSA_WANT_ALG_ECDSA)
104
105config MBEDTLS_ECDSA_DETERMINISTIC
106	bool "Deterministic ECDSA (RFC 6979)"
107
108config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
109	bool "ECDH-RSA based ciphersuite modes"
110	depends on MBEDTLS_ECDH_C
111
112config MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
113	bool "ECJPAKE based ciphersuite modes"
114	depends on MBEDTLS_ECJPAKE_C
115
116if MBEDTLS_TLS_VERSION_1_3
117
118config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
119	bool "TLS 1.3 PSK key exchange mode"
120
121config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
122	bool "TLS 1.3 ephemeral key exchange mode"
123
124config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
125	bool "TLS 1.3 PSK ephemeral key exchange mode"
126
127endif # MBEDTLS_TLS_VERSION_1_3
128
129config MBEDTLS_HKDF_C
130	bool "HMAC-based Extract-and-Expand Key Derivation Function"
131
132comment "Elliptic curve libraries"
133
134config MBEDTLS_ECDH_C
135	bool "Elliptic curve Diffie-Hellman library"
136	depends on MBEDTLS_ECP_C
137
138config MBEDTLS_ECDSA_C
139	bool "Elliptic curve DSA library"
140	depends on MBEDTLS_ECP_C
141
142config MBEDTLS_ECJPAKE_C
143	bool "Elliptic curve J-PAKE library"
144	depends on MBEDTLS_ECP_C
145
146config MBEDTLS_ECP_C
147	bool "Elliptic curve over GF(p) library"
148	default y if UOSCORE || UEDHOC
149
150if MBEDTLS_ECP_C
151
152comment "Supported elliptic curves"
153
154config MBEDTLS_ECP_ALL_ENABLED
155	bool "All available elliptic curves"
156	select MBEDTLS_ECP_DP_SECP192R1_ENABLED
157	select MBEDTLS_ECP_DP_SECP192R1_ENABLED
158	select MBEDTLS_ECP_DP_SECP224R1_ENABLED
159	select MBEDTLS_ECP_DP_SECP256R1_ENABLED
160	select MBEDTLS_ECP_DP_SECP384R1_ENABLED
161	select MBEDTLS_ECP_DP_SECP521R1_ENABLED
162	select MBEDTLS_ECP_DP_SECP192K1_ENABLED
163	select MBEDTLS_ECP_DP_SECP224K1_ENABLED
164	select MBEDTLS_ECP_DP_SECP256K1_ENABLED
165	select MBEDTLS_ECP_DP_BP256R1_ENABLED
166	select MBEDTLS_ECP_DP_BP384R1_ENABLED
167	select MBEDTLS_ECP_DP_BP512R1_ENABLED
168	select MBEDTLS_ECP_DP_CURVE25519_ENABLED
169	select MBEDTLS_ECP_DP_CURVE448_ENABLED
170	select MBEDTLS_ECP_NIST_OPTIM
171
172config MBEDTLS_ECP_DP_SECP192R1_ENABLED
173	bool "SECP192R1 elliptic curve"
174
175config MBEDTLS_ECP_DP_SECP224R1_ENABLED
176	bool "SECP224R1 elliptic curve"
177
178config MBEDTLS_ECP_DP_SECP256R1_ENABLED
179	bool "SECP256R1 elliptic curve"
180	default y if UOSCORE || UEDHOC
181
182config MBEDTLS_ECP_DP_SECP384R1_ENABLED
183	bool "SECP384R1 elliptic curve"
184
185config MBEDTLS_ECP_DP_SECP521R1_ENABLED
186	bool "SECP521R1 elliptic curve"
187
188config MBEDTLS_ECP_DP_SECP192K1_ENABLED
189	bool "SECP192K1 elliptic curve"
190
191config MBEDTLS_ECP_DP_SECP224K1_ENABLED
192	bool "SECP224K1 elliptic curve"
193
194config MBEDTLS_ECP_DP_SECP256K1_ENABLED
195	bool "SECP256K1 elliptic curve"
196
197config MBEDTLS_ECP_DP_BP256R1_ENABLED
198	bool "BP256R1 elliptic curve"
199
200config MBEDTLS_ECP_DP_BP384R1_ENABLED
201	bool "BP384R1 elliptic curve"
202
203config MBEDTLS_ECP_DP_BP512R1_ENABLED
204	bool "BP512R1 elliptic curve"
205
206config MBEDTLS_ECP_DP_CURVE25519_ENABLED
207	bool "CURVE25519 elliptic curve"
208
209config MBEDTLS_ECP_DP_CURVE448_ENABLED
210	bool "CURVE448 elliptic curve"
211
212config MBEDTLS_ECP_NIST_OPTIM
213	bool "NSIT curves optimization"
214
215endif
216
217comment "Supported ciphers and cipher modes"
218
219config MBEDTLS_CIPHER_ALL_ENABLED
220	bool "All available ciphers and modes"
221	select MBEDTLS_CIPHER_AES_ENABLED
222	select MBEDTLS_CIPHER_CAMELLIA_ENABLED
223	select MBEDTLS_CIPHER_DES_ENABLED
224	select MBEDTLS_CIPHER_CHACHA20_ENABLED
225	select MBEDTLS_CIPHER_CCM_ENABLED
226	select MBEDTLS_CIPHER_GCM_ENABLED
227	select MBEDTLS_CIPHER_MODE_XTS_ENABLED
228	select MBEDTLS_CIPHER_MODE_CBC_ENABLED
229	select MBEDTLS_CIPHER_MODE_CTR_ENABLED
230	select MBEDTLS_CHACHAPOLY_AEAD_ENABLED
231
232config MBEDTLS_SOME_AEAD_CIPHER_ENABLED
233	bool
234	default y
235	depends on \
236		MBEDTLS_CIPHER_AES_ENABLED || \
237		MBEDTLS_CIPHER_CAMELLIA_ENABLED
238
239config MBEDTLS_SOME_CIPHER_ENABLED
240	bool
241	default y
242	depends on \
243		MBEDTLS_SOME_AEAD_CIPHER_ENABLED || \
244		MBEDTLS_CIPHER_DES_ENABLED || \
245		MBEDTLS_CIPHER_CHACHA20_ENABLED
246
247config MBEDTLS_CIPHER_AES_ENABLED
248	bool "AES block cipher"
249	default y if PSA_WANT_KEY_TYPE_AES && MBEDTLS_PSA_CRYPTO_C
250
251if MBEDTLS_CIPHER_AES_ENABLED
252
253config MBEDTLS_AES_ROM_TABLES
254	bool "Use precomputed AES tables stored in ROM."
255
256config MBEDTLS_AES_FEWER_TABLES
257	bool "Reduce the size of precomputed AES tables by ~6kB"
258	default y
259	depends on MBEDTLS_AES_ROM_TABLES
260	help
261	  Reduce the size of the AES tables at a tradeoff of more
262	  arithmetic operations at runtime. Specifically 4 table
263	  lookups are converted to 1 table lookup, 3 additions
264	  and 6 bit shifts.
265
266config MBEDTLS_CIPHER_MODE_XTS_ENABLED
267	bool "Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES"
268
269endif # MBEDTLS_CIPHER_AES_ENABLED
270
271config MBEDTLS_CIPHER_CAMELLIA_ENABLED
272	bool "Camellia block cipher"
273
274config MBEDTLS_CIPHER_DES_ENABLED
275	bool "DES block cipher"
276
277config MBEDTLS_CIPHER_CHACHA20_ENABLED
278	bool "ChaCha20 stream cipher"
279
280if MBEDTLS_SOME_AEAD_CIPHER_ENABLED
281
282config MBEDTLS_CIPHER_CCM_ENABLED
283	bool "Counter with CBC-MAC (CCM) mode for 128-bit block cipher"
284	default y if UOSCORE || UEDHOC
285
286config MBEDTLS_CIPHER_GCM_ENABLED
287	bool "Galois/Counter Mode (GCM) for symmetric ciphers"
288
289endif # MBEDTLS_SOME_AEAD_CIPHER_ENABLED
290
291if MBEDTLS_SOME_CIPHER_ENABLED
292
293config MBEDTLS_CIPHER_MODE_CBC_ENABLED
294	bool "Cipher Block Chaining mode (CBC) for symmetric ciphers"
295	default y if !NET_L2_OPENTHREAD
296
297config MBEDTLS_CIPHER_MODE_CTR_ENABLED
298	bool "Counter Block Cipher mode (CTR) for symmetric ciphers"
299
300endif # MBEDTLS_SOME_CIPHER_ENABLED
301
302config MBEDTLS_CHACHAPOLY_AEAD_ENABLED
303	bool "ChaCha20-Poly1305 AEAD algorithm"
304	depends on MBEDTLS_CIPHER_CHACHA20_ENABLED && MBEDTLS_POLY1305
305
306config MBEDTLS_CMAC
307	bool "CMAC (Cipher-based Message Authentication Code) mode for block ciphers."
308	depends on MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_DES_ENABLED
309
310comment "Supported hash algorithms"
311
312config MBEDTLS_HASH_ALL_ENABLED
313	bool "All available MAC methods"
314	select MBEDTLS_MD5
315	select MBEDTLS_SHA1
316	select MBEDTLS_SHA224
317	select MBEDTLS_SHA256
318	select MBEDTLS_SHA384
319	select MBEDTLS_SHA512
320	select MBEDTLS_POLY1305
321
322config MBEDTLS_MD5
323	bool "MD5 hash algorithm"
324
325config MBEDTLS_SHA1
326	bool "SHA-1 hash algorithm"
327
328config MBEDTLS_SHA224
329	bool "SHA-224 hash algorithm"
330
331config MBEDTLS_SHA256
332	bool "SHA-256 hash algorithm"
333	default y
334
335config MBEDTLS_SHA256_SMALLER
336	bool "Smaller SHA-256 implementation"
337	depends on MBEDTLS_SHA256
338	default y
339	help
340	  Enable an implementation of SHA-256 that has a
341	  smaller ROM footprint but also lower performance.
342
343config MBEDTLS_SHA384
344	bool "SHA-384 hash algorithm"
345
346config MBEDTLS_SHA512
347	bool "SHA-512 hash algorithm"
348
349config MBEDTLS_POLY1305
350	bool "Poly1305 hash family"
351
352endmenu
353
354comment "Random number generators"
355
356config MBEDTLS_CTR_DRBG_ENABLED
357	bool "CTR_DRBG AES-256-based random generator"
358	depends on MBEDTLS_CIPHER_AES_ENABLED
359	default y
360
361config MBEDTLS_HMAC_DRBG_ENABLED
362	bool "HMAC_DRBG random generator"
363	select MBEDTLS_MD
364
365comment "Other configurations"
366
367config MBEDTLS_CIPHER
368	bool "generic cipher layer."
369	default y if PSA_WANT_ALG_CMAC
370
371config MBEDTLS_MD
372	bool "generic message digest layer."
373
374config MBEDTLS_GENPRIME_ENABLED
375	bool "prime-number generation code."
376
377config MBEDTLS_PEM_CERTIFICATE_FORMAT
378	bool "Support for PEM certificate format"
379	help
380	  By default only DER (binary) format of certificates is supported. Enable
381	  this option to enable support for PEM format.
382
383config MBEDTLS_HAVE_ASM
384	bool "Use of assembly code"
385	default y if !ARM
386	help
387	  Enable use of assembly code in mbedTLS. This improves the performances
388	  of asymmetric cryptography, however this might have an impact on the
389	  code size.
390
391config MBEDTLS_ENTROPY_C
392	bool "Mbed TLS entropy accumulator"
393	depends on MBEDTLS_SHA256 || MBEDTLS_SHA384 || MBEDTLS_SHA512
394	help
395	  This module gathers entropy data from enabled entropy sources. It's
396	  mostly used in conjunction with CTR_DRBG or HMAC_DRBG to create
397	  a deterministic random number generator.
398
399config MBEDTLS_ENTROPY_POLL_ZEPHYR
400	bool "Provide entropy data to Mbed TLS through entropy driver or random generator"
401	default y
402	depends on MBEDTLS_ENTROPY_C
403	help
404	  Provide entropy data to the Mbed TLS's entropy module through either
405	  an entropy driver (if available in the system) or a generic random
406	  number generator.
407	  Warning: the latter choice is potentially non secure because it might
408	  end up using weaker/test-only sources (ex: random number generator
409	  built on system timer).
410
411config MBEDTLS_OPENTHREAD_OPTIMIZATIONS_ENABLED
412	bool "MbedTLS optimizations for OpenThread"
413	depends on NET_L2_OPENTHREAD
414	default y if !NET_SOCKETS_SOCKOPT_TLS
415	help
416	  Enable some OpenThread specific mbedTLS optimizations that allows to
417	  save some RAM/ROM when OpenThread is used. Note, that when application
418	  aims to use other mbedTLS services on top of OpenThread (e.g. secure
419	  sockets), it's advised to disable this option.
420
421config MBEDTLS_USER_CONFIG_ENABLE
422	bool "User mbedTLS config file"
423	help
424	  Enable user mbedTLS config file that will be included at the end of
425	  the generic config file.
426
427config MBEDTLS_USER_CONFIG_FILE
428	string "User configuration file for mbed TLS" if MBEDTLS_USER_CONFIG_ENABLE
429	help
430	  User config file that can contain mbedTLS configs that were not
431	  covered by the generic config file.
432
433config MBEDTLS_SERVER_NAME_INDICATION
434	bool "Support for RFC 6066 server name indication (SNI) in SSL"
435	help
436	  Enable this to support RFC 6066 server name indication (SNI) in SSL.
437	  This requires that MBEDTLS_X509_CRT_PARSE_C is also set.
438
439config MBEDTLS_PK_WRITE_C
440	bool "The generic public (asymmetric) key writer"
441	help
442	  Enable generic public key write functions.
443
444config MBEDTLS_HAVE_TIME_DATE
445	bool "Date/time validation in mbed TLS"
446	help
447	  System has time.h, time(), and an implementation for gmtime_r().
448	  There also need to be a valid time source in the system, as mbedTLS
449	  expects a valid date/time for certificate validation."
450
451config MBEDTLS_PKCS5_C
452	bool "Password-based encryption functions"
453	select MBEDTLS_MD
454	help
455	  Enable PKCS5 functions
456
457config MBEDTLS_SSL_CACHE_C
458	bool "SSL session cache support"
459	help
460	  "This option enables simple SSL cache implementation (server side)."
461
462if MBEDTLS_SSL_CACHE_C
463
464config MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT
465	int "Default timeout for SSL cache entires"
466	default 86400
467
468config MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
469	int "Maximum number of SSL cache entires"
470	default 5
471
472endif # MBEDTLS_SSL_CACHE_C
473
474config MBEDTLS_SSL_EXTENDED_MASTER_SECRET
475	bool "(D)TLS Extended Master Secret extension"
476	depends on MBEDTLS_TLS_VERSION_1_2
477	help
478	  Enable support for the (D)TLS Extended Master Secret extension
479	  which ensures that master secrets are different for every
480	  connection and every session.
481
482choice MBEDTLS_PSA_CRYPTO_RNG_SOURCE
483	prompt "Select random source for built-in PSA crypto"
484	depends on MBEDTLS_PSA_CRYPTO_C
485	# The only way to check if there is any entropy driver available on the
486	# platform is to check if the "zephyr,entropy" chosen property exists.
487	# CONFIG_CSPRNG_ENABLED cannot be used for this because it gets enabled by
488	# entropy drivers but these are gated by CONFIG_ENTROPY_GENERATOR which
489	# is disabled by default.
490	default MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG if CSPRNG_AVAILABLE
491	default MBEDTLS_PSA_CRYPTO_LEGACY_RNG
492
493config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
494	bool "Use a cryptographically secure driver as random source"
495	select ENTROPY_GENERATOR
496	help
497	  Use a cryptographically secure random generator to provide random data
498	  instead of legacy Mbed TLS modules. This has a smaller footprint
499	  than its legacy counterpart MBEDTLS_PSA_CRYPTO_LEGACY_RNG, but it
500	  requires a cryptographically secure random number generator (CSPRNG)
501	  to be available in the system. If no CSPRNG is available:
502	  - there is no fallback to weak entropy random generators.
503	  - the initialization of PSA crypto will fail and none of its API
504	    will be available.
505
506config MBEDTLS_PSA_CRYPTO_LEGACY_RNG
507	bool "Use legacy modules to generate random data"
508	select MBEDTLS_ENTROPY_C
509	select MBEDTLS_HMAC_DRBG_ENABLED if !MBEDTLS_CTR_DRBG_ENABLED
510	# If there is any entropy driver in the system, then the choice would be
511	# CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. If we fall here, then the only
512	# way to get some random data is to enable CONFIG_TEST_RANDOM_GENERATOR.
513	select TEST_RANDOM_GENERATOR
514	help
515	  Use legacy Mbed TLS modules to generate random data. In this
516	  configuration the entropy module is used to gather some data and then
517	  either ctr_drbg or hmac_drbg are applied on top of it to improve
518	  the randomness.
519	  Security level in this case really depends on the type of entropy
520	  sources which are enabled in the system: if weak entropy sources are
521	  used, then the generated data will only be pseudo random. Strong
522	  entropy sources are strongly recommended (if possible) to have real
523	  random data.
524	  Another difference betwen this implementation and the
525	  MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG counterpart is the memory footprint:
526	  this implementation brings in legacy modules which are not required
527	  in the "external" version, so the footprint is larger.
528
529endchoice
530
531config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG
532	bool "Allow non cryptographically secure random sources (for test only!)"
533	depends on MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
534	help
535	  MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is by default limited to rely only
536	  on cryptographically secure random number generators. However, only
537	  for test purposes, it might be useful to enable external random
538	  number generation, but have it using weak random sources (non
539	  cryptographically secure).
540	  Warning: this is meant to be enabled only for tests, not in production
541	  as the generated values are not cryptographically secure!
542
543config MBEDTLS_PSA_CRYPTO_C
544	bool "Platform Security Architecture cryptography API"
545	depends on !BUILD_WITH_TFM
546	default y if UOSCORE || UEDHOC
547
548config MBEDTLS_USE_PSA_CRYPTO
549	bool "Use PSA APIs instead of legacy MbedTLS when possible"
550	default y if MBEDTLS_PSA_CRYPTO_CLIENT
551	help
552	  Use PSA APIs instead of legacy MbedTLS functions in TLS/DTLS and other
553	  "intermediate" modules such as PK, MD and Cipher.
554
555config MBEDTLS_PSA_CRYPTO_CLIENT
556	bool
557	default y
558	depends on BUILD_WITH_TFM || MBEDTLS_PSA_CRYPTO_C
559	select PSA_CRYPTO_CLIENT
560
561config MBEDTLS_LMS
562	bool "Support LMS signature schemes"
563	depends on MBEDTLS_PSA_CRYPTO_CLIENT
564	depends on MBEDTLS_SHA256
565	select PSA_WANT_ALG_SHA_256
566
567if MBEDTLS_PSA_CRYPTO_C
568
569config MBEDTLS_PSA_P256M_DRIVER_ENABLED
570	bool "P256-M driver"
571	imply PSA_WANT_ALG_SHA_256
572	help
573	  Enable support for the optimized sofware implementation of the secp256r1
574	  curve through the standard PSA API.
575
576config MBEDTLS_PSA_P256M_DRIVER_RAW
577	bool "Access p256-m driver directly (without PSA interface)"
578	depends on MBEDTLS_PSA_P256M_DRIVER_ENABLED
579	help
580	  Allow direct access to the p256-m driver interface.
581	  Warning: Usage of this Kconfig option is prohibited in Zephyr's codebase.
582	           Users can enable it in case of very memory-constrained devices, but be aware that the p256-m interface is absolutely not guaranted to remain stable over time.
583
584config MBEDTLS_PSA_STATIC_KEY_SLOTS
585	bool "Use statically allocated key buffers to store key material"
586	default y if !MBEDTLS_ENABLE_HEAP
587	help
588	  By default Mbed TLS's PSA Crypto core uses heap memory to store the
589	  key material for each key slot. This might impose an undesired
590	  requirement to support heap memory and its management code, affecting
591	  RAM and ROM footprints at the same time.
592	  Enabling this symbol causes Mbed TLS to pre-allocate all the key slot
593	  buffers that are used to store the key material at build time, thus
594	  removing the need for heap memory. Each buffer will be sized to
595	  contain the largest asymmetric/symmetric key type enabled in the build
596	  through PSA_WANT symbols.
597
598config MBEDTLS_PSA_KEY_SLOT_COUNT
599	int "Number of key slots in PSA Crypto core"
600	default 16
601	help
602	  Set the number of key slots that are available in the PSA Crypto core.
603	  Be aware that each slot, even if unused, increases RAM consumption
604	  by ~40 bytes plus:
605	  * the length of the largest asymmetric/symmetric key type enabled in
606	    the build through PSA_WANT symbols, if MBEDTLS_PSA_STATIC_KEY_SLOTS
607	    is set. (This is all defined statically at build time).
608	  * the heap-allocated memory to store the key material of a given slot,
609	    if it is used and MBEDTLS_PSA_STATIC_KEY_SLOTS is not set.
610
611endif # MBEDTLS_PSA_CRYPTO_C
612
613config MBEDTLS_SSL_DTLS_CONNECTION_ID
614	bool "DTLS Connection ID extension"
615	depends on MBEDTLS_DTLS
616	help
617	  Enable support for the DTLS Connection ID extension
618	  which allows to identify DTLS connections across changes
619	  in the underlying transport.
620
621
622config MBEDTLS_NIST_KW_C
623	bool "NIST key wrap"
624	depends on MBEDTLS_CIPHER_AES_ENABLED
625	help
626	  Key Wrapping mode for 128-bit block ciphers,
627	  as defined in NIST SP 800-38F.
628
629config MBEDTLS_DHM_C
630	bool "Diffie-Hellman-Merkle mode"
631	help
632	  Used by the following key exchanges,
633	  DHE-RSA, DHE-PSK
634
635config MBEDTLS_X509_CRL_PARSE_C
636	bool "X.509 CRL parsing"
637	help
638	  Used by X.509 CRL parsing
639
640config MBEDTLS_X509_CSR_WRITE_C
641	bool "X.509 Certificate Signing Requests writing"
642	help
643	  For X.509 certificate request writing.
644
645config MBEDTLS_X509_CSR_PARSE_C
646	bool "X.509 Certificate Signing Request parsing"
647	help
648	  For reading X.509 certificate request.
649
650config MBEDTLS_X509_CRT_WRITE_C
651	bool "X.509 certificate creation"
652
653endmenu
654