1menu "mbedTLS" 2 3 choice MBEDTLS_MEM_ALLOC_MODE 4 prompt "Memory allocation strategy" 5 default MBEDTLS_INTERNAL_MEM_ALLOC 6 help 7 Allocation strategy for mbedTLS, essentially provides ability to 8 allocate all required dynamic allocations from, 9 10 - Internal DRAM memory only 11 - External SPIRAM memory only 12 - Either internal or external memory based on default malloc() 13 behavior in ESP-IDF 14 - Custom allocation mode, by overwriting calloc()/free() using 15 mbedtls_platform_set_calloc_free() function 16 - Internal IRAM memory wherever applicable else internal DRAM 17 18 Recommended mode here is always internal (*), since that is most preferred 19 from security perspective. But if application requirement does not 20 allow sufficient free internal memory then alternate mode can be 21 selected. 22 23 (*) In case of ESP32-S2/ESP32-S3, hardware allows encryption of external 24 SPIRAM contents provided hardware flash encryption feature is enabled. 25 In that case, using external SPIRAM allocation strategy is also safe choice 26 from security perspective. 27 28 config MBEDTLS_INTERNAL_MEM_ALLOC 29 bool "Internal memory" 30 31 config MBEDTLS_EXTERNAL_MEM_ALLOC 32 bool "External SPIRAM" 33 depends on SPIRAM_USE_CAPS_ALLOC || SPIRAM_USE_MALLOC 34 35 config MBEDTLS_DEFAULT_MEM_ALLOC 36 bool "Default alloc mode" 37 38 config MBEDTLS_CUSTOM_MEM_ALLOC 39 bool "Custom alloc mode" 40 41 config MBEDTLS_IRAM_8BIT_MEM_ALLOC 42 bool "Internal IRAM" 43 depends on ESP32_IRAM_AS_8BIT_ACCESSIBLE_MEMORY 44 help 45 Allows to use IRAM memory region as 8bit accessible region. 46 47 TLS input and output buffers will be allocated in IRAM section which is 32bit aligned 48 memory. Every unaligned (8bit or 16bit) access will result in an exception 49 and incur penalty of certain clock cycles per unaligned read/write. 50 51 endchoice #MBEDTLS_MEM_ALLOC_MODE 52 53 config MBEDTLS_SSL_MAX_CONTENT_LEN 54 int "TLS maximum message content length" 55 default 16384 56 range 512 16384 57 depends on !MBEDTLS_ASYMMETRIC_CONTENT_LEN 58 help 59 Maximum TLS message length (in bytes) supported by mbedTLS. 60 61 16384 is the default and this value is required to comply 62 fully with TLS standards. 63 64 However you can set a lower value in order to save RAM. This 65 is safe if the other end of the connection supports Maximum 66 Fragment Length Negotiation Extension (max_fragment_length, 67 see RFC6066) or you know for certain that it will never send a 68 message longer than a certain number of bytes. 69 70 If the value is set too low, symptoms are a failed TLS 71 handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD 72 (-0x7200). 73 74 config MBEDTLS_ASYMMETRIC_CONTENT_LEN 75 bool "Asymmetric in/out fragment length" 76 default y 77 help 78 If enabled, this option allows customizing TLS in/out fragment length 79 in asymmetric way. Please note that enabling this with default values 80 saves 12KB of dynamic memory per TLS connection. 81 82 config MBEDTLS_SSL_IN_CONTENT_LEN 83 int "TLS maximum incoming fragment length" 84 default 16384 85 range 512 16384 86 depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN 87 help 88 This defines maximum incoming fragment length, overriding default 89 maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN). 90 91 config MBEDTLS_SSL_OUT_CONTENT_LEN 92 int "TLS maximum outgoing fragment length" 93 default 4096 94 range 512 16384 95 depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN 96 help 97 This defines maximum outgoing fragment length, overriding default 98 maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN). 99 100 config MBEDTLS_DYNAMIC_BUFFER 101 bool "Using dynamic TX/RX buffer" 102 default n 103 select MBEDTLS_ASYMMETRIC_CONTENT_LEN 104 # Dynamic buffer feature is not supported with DTLS 105 depends on !IDF_TARGET_LINUX && !MBEDTLS_SSL_PROTO_DTLS && !MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 106 help 107 Using dynamic TX/RX buffer. After enabling this option, mbedTLS will 108 allocate TX buffer when need to send data and then free it if all data 109 is sent, allocate RX buffer when need to receive data and then free it 110 when all data is used or read by upper layer. 111 112 By default, when SSL is initialized, mbedTLS also allocate TX and 113 RX buffer with the default value of "MBEDTLS_SSL_OUT_CONTENT_LEN" or 114 "MBEDTLS_SSL_IN_CONTENT_LEN", so to save more heap, users can set 115 the options to be an appropriate value. 116 117 config MBEDTLS_DYNAMIC_FREE_CONFIG_DATA 118 bool "Free private key and DHM data after its usage" 119 default n 120 depends on MBEDTLS_DYNAMIC_BUFFER 121 help 122 Free private key and DHM data after its usage in handshake process. 123 124 The option will decrease heap cost when handshake, but also lead to problem: 125 126 Because all certificate, private key and DHM data are freed so users should register 127 certificate and private key to ssl config object again. 128 129 config MBEDTLS_DYNAMIC_FREE_CA_CERT 130 bool "Free SSL CA certificate after its usage" 131 default y 132 depends on MBEDTLS_DYNAMIC_FREE_CONFIG_DATA 133 help 134 Free CA certificate after its usage in the handshake process. 135 This option will decrease the heap footprint for the TLS handshake, but may lead to a problem: 136 If the respective ssl object needs to perform the TLS handshake again, 137 the CA certificate should once again be registered to the ssl object. 138 139 config MBEDTLS_DEBUG 140 bool "Enable mbedTLS debugging" 141 default n 142 help 143 Enable mbedTLS debugging functions at compile time. 144 145 If this option is enabled, you can include 146 "mbedtls/esp_debug.h" and call mbedtls_esp_enable_debug_log() 147 at runtime in order to enable mbedTLS debug output via the ESP 148 log mechanism. 149 150 choice MBEDTLS_DEBUG_LEVEL 151 bool "Set mbedTLS debugging level" 152 depends on MBEDTLS_DEBUG 153 default MBEDTLS_DEBUG_LEVEL_VERBOSE 154 help 155 Set mbedTLS debugging level 156 157 config MBEDTLS_DEBUG_LEVEL_WARN 158 bool "Warning" 159 config MBEDTLS_DEBUG_LEVEL_INFO 160 bool "Info" 161 config MBEDTLS_DEBUG_LEVEL_DEBUG 162 bool "Debug" 163 config MBEDTLS_DEBUG_LEVEL_VERBOSE 164 bool "Verbose" 165 endchoice 166 167 config MBEDTLS_DEBUG_LEVEL 168 int 169 default 1 if MBEDTLS_DEBUG_LEVEL_WARN 170 default 2 if MBEDTLS_DEBUG_LEVEL_INFO 171 default 3 if MBEDTLS_DEBUG_LEVEL_DEBUG 172 default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE 173 174 menu "mbedTLS v3.x related" 175 # NOTE: MBEDTLS_DYNAMIC_BUFFER feature is not supported with TLS 1.3 yet. Ref: IDF-4762 176 config MBEDTLS_SSL_PROTO_TLS1_3 177 bool "Support TLS 1.3 protocol" 178 depends on MBEDTLS_TLS_ENABLED && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE && !MBEDTLS_DYNAMIC_BUFFER 179 select MBEDTLS_HKDF_C 180 default n 181 182 menu "TLS 1.3 related configurations" 183 depends on MBEDTLS_SSL_PROTO_TLS1_3 184 185 config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 186 bool "TLS 1.3 middlebox compatibility mode" 187 default y 188 189 config MBEDTLS_SSL_TLS1_3_KEXM_PSK 190 bool "TLS 1.3 PSK key exchange mode" 191 default y 192 193 config MBEDTLS_SSL_TLS1_3_KEXM_EPHEMERAL 194 bool "TLS 1.3 ephemeral key exchange mode" 195 default y 196 197 config MBEDTLS_SSL_TLS1_3_KEXM_PSK_EPHEMERAL 198 bool "TLS 1.3 PSK ephemeral key exchange mode" 199 default y 200 201 endmenu 202 203 config MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 204 bool "Variable SSL buffer length" 205 default n 206 help 207 This enables the SSL buffer to be resized automatically 208 based on the negotiated maximum fragment length in each direction. 209 210 config MBEDTLS_ECDH_LEGACY_CONTEXT 211 bool "Use a backward compatible ECDH context (Experimental)" 212 default n 213 depends on MBEDTLS_ECDH_C && MBEDTLS_ECP_RESTARTABLE 214 help 215 Use the legacy ECDH context format. 216 Define this option only if you enable MBEDTLS_ECP_RESTARTABLE or if you 217 want to access ECDH context fields directly. 218 219 config MBEDTLS_X509_TRUSTED_CERT_CALLBACK 220 bool "Enable trusted certificate callbacks" 221 default n 222 help 223 Enables users to configure the set of trusted certificates 224 through a callback instead of a linked list. 225 226 See mbedTLS documentation for required API and more details. 227 228 config MBEDTLS_SSL_CONTEXT_SERIALIZATION 229 bool "Enable serialization of the TLS context structures" 230 default n 231 depends on MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C 232 help 233 Enable serialization of the TLS context structures 234 This is a local optimization in handling a single, potentially long-lived connection. 235 236 See mbedTLS documentation for required API and more details. 237 Disabling this option will save some code size. 238 239 config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 240 bool "Keep peer certificate after handshake completion" 241 default y 242 help 243 Keep the peer's certificate after completion of the handshake. 244 Disabling this option will save about 4kB of heap and some code size. 245 246 See mbedTLS documentation for required API and more details. 247 248 config MBEDTLS_PKCS7_C 249 bool "Enable PKCS #7" 250 default y 251 depends on MBEDTLS_X509_CRL_PARSE_C 252 help 253 Enable PKCS #7 core for using PKCS #7-formatted signatures. 254 255 config MBEDTLS_SSL_CID_PADDING_GRANULARITY 256 int "Record plaintext padding" 257 default 16 258 range 0 32 259 depends on MBEDTLS_SSL_PROTO_TLS1_3 || MBEDTLS_SSL_DTLS_CONNECTION_ID 260 help 261 Controls the use of record plaintext padding in TLS 1.3 and 262 when using the Connection ID extension in DTLS 1.2. 263 264 The padding will always be chosen so that the length of the 265 padded plaintext is a multiple of the value of this option. 266 267 Notes: 268 A value of 1 means that no padding will be used for outgoing records. 269 On systems lacking division instructions, a power of two should be preferred. 270 271 menu "DTLS-based configurations" 272 depends on MBEDTLS_SSL_PROTO_DTLS 273 274 config MBEDTLS_SSL_DTLS_CONNECTION_ID 275 bool "Support for the DTLS Connection ID extension" 276 default n 277 help 278 Enable support for the DTLS Connection ID extension which allows to 279 identify DTLS connections across changes in the underlying transport. 280 281 config MBEDTLS_SSL_CID_IN_LEN_MAX 282 int "Maximum length of CIDs used for incoming DTLS messages" 283 default 32 284 range 0 32 285 depends on MBEDTLS_SSL_DTLS_CONNECTION_ID 286 help 287 Maximum length of CIDs used for incoming DTLS messages 288 289 config MBEDTLS_SSL_CID_OUT_LEN_MAX 290 int "Maximum length of CIDs used for outgoing DTLS messages" 291 default 32 292 range 0 32 293 depends on MBEDTLS_SSL_DTLS_CONNECTION_ID 294 help 295 Maximum length of CIDs used for outgoing DTLS messages 296 297 config MBEDTLS_SSL_DTLS_SRTP 298 bool "Enable support for negotiation of DTLS-SRTP (RFC 5764)" 299 default n 300 help 301 Enable support for negotiation of DTLS-SRTP (RFC 5764) through the use_srtp extension. 302 303 See mbedTLS documentation for required API and more details. 304 Disabling this option will save some code size. 305 306 endmenu 307 308 endmenu 309 310 menu "Certificate Bundle" 311 312 config MBEDTLS_CERTIFICATE_BUNDLE 313 bool "Enable trusted root certificate bundle" 314 default y 315 help 316 Enable support for large number of default root certificates 317 318 When enabled this option allows user to store default as well 319 as customer specific root certificates in compressed format rather 320 than storing full certificate. For the root certificates the public key and the subject name 321 will be stored. 322 323 choice MBEDTLS_DEFAULT_CERTIFICATE_BUNDLE 324 bool "Default certificate bundle options" 325 depends on MBEDTLS_CERTIFICATE_BUNDLE 326 default MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL 327 328 config MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL 329 bool "Use the full default certificate bundle" 330 config MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN 331 bool "Use only the most common certificates from the default bundles" 332 help 333 Use only the most common certificates from the default bundles, reducing the size with 50%, 334 while still having around 99% coverage. 335 config MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE 336 bool "Do not use the default certificate bundle" 337 endchoice 338 339 config MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE 340 depends on MBEDTLS_CERTIFICATE_BUNDLE 341 default n 342 bool "Add custom certificates to the default bundle" 343 config MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH 344 depends on MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE 345 string "Custom certificate bundle path" 346 help 347 Name of the custom certificate directory or file. This path is evaluated 348 relative to the project root directory. 349 350 config MBEDTLS_CERTIFICATE_BUNDLE_MAX_CERTS 351 int "Maximum no of certificates allowed in certificate bundle" 352 default 200 353 depends on MBEDTLS_CERTIFICATE_BUNDLE 354 355 endmenu 356 357 config MBEDTLS_ECP_RESTARTABLE 358 bool "Enable mbedTLS ecp restartable" 359 select MBEDTLS_ECDH_LEGACY_CONTEXT 360 depends on MBEDTLS_ECP_C 361 default n 362 help 363 Enable "non-blocking" ECC operations that can return early and be resumed. 364 365 config MBEDTLS_CMAC_C 366 bool "Enable CMAC mode for block ciphers" 367 default n 368 depends on MBEDTLS_AES_C || MBEDTLS_DES_C 369 help 370 Enable the CMAC (Cipher-based Message Authentication Code) mode for 371 block ciphers. 372 373 config MBEDTLS_HARDWARE_AES 374 bool "Enable hardware AES acceleration" 375 default y 376 depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_AES_SUPPORTED 377 help 378 Enable hardware accelerated AES encryption & decryption. 379 380 Note that if the ESP32 CPU is running at 240MHz, hardware AES does not 381 offer any speed boost over software AES. 382 383 config MBEDTLS_AES_USE_INTERRUPT 384 bool "Use interrupt for long AES operations" 385 depends on !IDF_TARGET_ESP32 && MBEDTLS_HARDWARE_AES 386 default y 387 help 388 Use an interrupt to coordinate long AES operations. 389 390 This allows other code to run on the CPU while an AES operation is pending. 391 Otherwise the CPU busy-waits. 392 393 config MBEDTLS_HARDWARE_GCM 394 bool "Enable partially hardware accelerated GCM" 395 depends on SOC_AES_SUPPORT_GCM && MBEDTLS_HARDWARE_AES 396 default y 397 help 398 Enable partially hardware accelerated GCM. GHASH calculation is still done 399 in software. 400 401 If MBEDTLS_HARDWARE_GCM is disabled and MBEDTLS_HARDWARE_AES is enabled then 402 mbedTLS will still use the hardware accelerated AES block operation, but 403 on a single block at a time. 404 405 config MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER 406 bool "Enable support for non-AES ciphers in GCM operation" 407 depends on MBEDTLS_HARDWARE_AES 408 default n 409 help 410 Enable this config to support fallback to software definitions for a non-AES 411 cipher GCM operation as we support hardware acceleration only for AES cipher. 412 Some of the non-AES ciphers used in a GCM operation are DES, ARIA, CAMELLIA, 413 CHACHA20, BLOWFISH. 414 415 If this config is disabled, performing a non-AES cipher GCM operation with 416 the config MBEDTLS_HARDWARE_AES enabled will result in calculation of an 417 AES-GCM operation instead for the given input values and thus could lead 418 to failure in certificate validation which would ultimately lead to a SSL 419 handshake failure. 420 421 This config being by-default enabled leads to an increase in binary size 422 footprint of ~2.5KB. 423 In case you are sure that your use case (for example, client and server 424 configurations in case of a TLS handshake) would not involve any GCM 425 operations using a non-AES cipher, you can safely disable this config, 426 leading to reduction in binary size footprint. 427 428 config MBEDTLS_HARDWARE_MPI 429 bool "Enable hardware MPI (bignum) acceleration" 430 default y 431 depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_MPI_SUPPORTED 432 help 433 Enable hardware accelerated multiple precision integer operations. 434 435 Hardware accelerated multiplication, modulo multiplication, 436 and modular exponentiation for up to SOC_RSA_MAX_BIT_LEN bit results. 437 438 These operations are used by RSA. 439 440 config MBEDTLS_LARGE_KEY_SOFTWARE_MPI 441 bool "Fallback to software implementation for larger MPI values" 442 depends on MBEDTLS_HARDWARE_MPI 443 default y if SOC_RSA_MAX_BIT_LEN <= 3072 # HW max 3072 bits 444 default n 445 help 446 Fallback to software implementation for RSA key lengths 447 larger than SOC_RSA_MAX_BIT_LEN. If this is not active 448 then the ESP will be unable to process keys greater 449 than SOC_RSA_MAX_BIT_LEN. 450 451 config MBEDTLS_MPI_USE_INTERRUPT 452 bool "Use interrupt for MPI exp-mod operations" 453 depends on !IDF_TARGET_ESP32 && MBEDTLS_HARDWARE_MPI 454 default y 455 help 456 Use an interrupt to coordinate long MPI operations. 457 458 This allows other code to run on the CPU while an MPI operation is pending. 459 Otherwise the CPU busy-waits. 460 461 config MBEDTLS_HARDWARE_SHA 462 bool "Enable hardware SHA acceleration" 463 default y 464 depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_SHA_SUPPORTED 465 help 466 Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS. 467 468 Due to a hardware limitation, on the ESP32 hardware acceleration is only 469 guaranteed if SHA digests are calculated one at a time. If more 470 than one SHA digest is calculated at the same time, one will 471 be calculated fully in hardware and the rest will be calculated 472 (at least partially calculated) in software. This happens automatically. 473 474 SHA hardware acceleration is faster than software in some situations but 475 slower in others. You should benchmark to find the best setting for you. 476 477 config MBEDTLS_HARDWARE_ECC 478 bool "Enable hardware ECC acceleration" 479 default y 480 depends on SOC_ECC_SUPPORTED 481 help 482 Enable hardware accelerated ECC point multiplication and point verification for points 483 on curve SECP192R1 and SECP256R1 in mbedTLS 484 485 config MBEDTLS_ECC_OTHER_CURVES_SOFT_FALLBACK 486 bool "Fallback to software implementation for curves not supported in hardware" 487 depends on MBEDTLS_HARDWARE_ECC 488 default y 489 help 490 Fallback to software implementation of ECC point multiplication and point verification 491 for curves not supported in hardware. 492 493 config MBEDTLS_ROM_MD5 494 bool "Use MD5 implementation in ROM" 495 default y 496 help 497 Use ROM MD5 in mbedTLS. 498 499 config MBEDTLS_HARDWARE_ECDSA_SIGN 500 bool "Enable ECDSA signing using on-chip ECDSA peripheral" 501 default n 502 depends on SOC_ECDSA_SUPPORTED 503 help 504 Enable hardware accelerated ECDSA peripheral to sign data 505 on curve SECP192R1 and SECP256R1 in mbedTLS. 506 507 Note that for signing, the private key has to be burnt in an efuse key block 508 with key purpose set to ECDSA_KEY. 509 If no key is burnt, it will report an error 510 511 The key should be burnt in little endian format. espefuse.py utility handles it internally 512 but care needs to be taken while burning using esp_efuse APIs 513 514 menu "Enable Software Countermeasure for ECDSA signing using on-chip ECDSA peripheral" 515 depends on MBEDTLS_HARDWARE_ECDSA_SIGN 516 depends on IDF_TARGET_ESP32H2 517 config MBEDTLS_HARDWARE_ECDSA_SIGN_MASKING_CM 518 bool "Mask original ECDSA sign operation under dummy sign operations" 519 select HAL_ECDSA_GEN_SIG_CM 520 # ToDo: IDF-11051 521 default y 522 help 523 The ECDSA peripheral before ECO5 does not offer constant time ECDSA sign operation. 524 This time can be observed through power profiling of the device, 525 making the ECDSA private key vulnerable to side-channel timing attacks. 526 This countermeasure masks the real ECDSA sign operation 527 under dummy sign operations to add randomness in the generated power signature. 528 It is highly recommended to also enable Secure Boot for the device in addition to this countermeasure 529 so that only trusted software can execute on the device. 530 531 config MBEDTLS_HARDWARE_ECDSA_SIGN_CONSTANT_TIME_CM 532 bool "Make ECDSA signature operation pseudo constant time for software" 533 default y 534 help 535 This option adds a delay after the actual ECDSA signature operation 536 so that the entire operation appears to be constant time for the software. 537 This fix helps in protecting the device only in case of remote timing attack on the ECDSA private key. 538 For e.g., When an interface is exposed by the device to perform ECDSA signature 539 of an arbitrary message. 540 The signature time would appear to be constant to the external entity after enabling 541 this option. 542 543 endmenu 544 545 config MBEDTLS_HARDWARE_ECDSA_VERIFY 546 bool "Enable ECDSA signature verification using on-chip ECDSA peripheral" 547 default y 548 depends on SOC_ECDSA_SUPPORTED 549 help 550 Enable hardware accelerated ECDSA peripheral to verify signature 551 on curve SECP192R1 and SECP256R1 in mbedTLS. 552 553 config MBEDTLS_ATCA_HW_ECDSA_SIGN 554 bool "Enable hardware ECDSA sign acceleration when using ATECC608A" 555 default n 556 help 557 This option enables hardware acceleration for ECDSA sign function, only 558 when using ATECC608A cryptoauth chip (integrated with ESP32-WROOM-32SE) 559 560 config MBEDTLS_ATCA_HW_ECDSA_VERIFY 561 bool "Enable hardware ECDSA verify acceleration when using ATECC608A" 562 default n 563 help 564 This option enables hardware acceleration for ECDSA sign function, only 565 when using ATECC608A cryptoauth chip (integrated with ESP32-WROOM-32SE) 566 567 config MBEDTLS_HAVE_TIME 568 bool "Enable mbedtls time support" 569 depends on !ESP_TIME_FUNCS_USE_NONE 570 default y 571 help 572 Enable use of time.h functions (time() and gmtime()) by mbedTLS. 573 574 This option doesn't require the system time to be correct, but enables 575 functionality that requires relative timekeeping - for example periodic 576 expiry of TLS session tickets or session cache entries. 577 578 Disabling this option will save some firmware size, particularly if 579 the rest of the firmware doesn't call any standard timekeeeping 580 functions. 581 582 config MBEDTLS_PLATFORM_TIME_ALT 583 bool "Enable mbedtls time support: platform-specific" 584 depends on MBEDTLS_HAVE_TIME 585 default n 586 help 587 Enabling this config will provide users with a function 588 "mbedtls_platform_set_time()" that allows to set an alternative 589 time function pointer. 590 591 config MBEDTLS_HAVE_TIME_DATE 592 bool "Enable mbedtls certificate expiry check" 593 depends on MBEDTLS_HAVE_TIME 594 default n 595 help 596 Enables X.509 certificate expiry checks in mbedTLS. 597 598 If this option is disabled (default) then X.509 certificate 599 "valid from" and "valid to" timestamp fields are ignored. 600 601 If this option is enabled, these fields are compared with the 602 current system date and time. The time is retrieved using the 603 standard time() and gmtime() functions. If the certificate is not 604 valid for the current system time then verification will fail with 605 code MBEDTLS_X509_BADCERT_FUTURE or MBEDTLS_X509_BADCERT_EXPIRED. 606 607 Enabling this option requires adding functionality in the firmware 608 to set the system clock to a valid timestamp before using TLS. The 609 recommended way to do this is via ESP-IDF's SNTP functionality, but 610 any method can be used. 611 612 In the case where only a small number of certificates are trusted by 613 the device, please carefully consider the tradeoffs of enabling this 614 option. There may be undesired consequences, for example if all 615 trusted certificates expire while the device is offline and a TLS 616 connection is required to update. Or if an issue with the SNTP 617 server means that the system time is invalid for an extended period 618 after a reset. 619 620 config MBEDTLS_ECDSA_DETERMINISTIC 621 bool "Enable deterministic ECDSA" 622 default y 623 help 624 Standard ECDSA is "fragile" in the sense that lack of entropy when signing 625 may result in a compromise of the long-term signing key. 626 627 config MBEDTLS_SHA512_C 628 bool "Enable the SHA-384 and SHA-512 cryptographic hash algorithms" 629 default y 630 help 631 Enable MBEDTLS_SHA512_C adds support for SHA-384 and SHA-512. 632 633 config MBEDTLS_SHA3_C 634 bool "Enable the SHA3 cryptographic hash algorithm" 635 default n 636 help 637 Enabling MBEDTLS_SHA3_C adds support for SHA3. 638 Enabling this configuration option increases the flash footprint 639 by almost 4KB. 640 641 choice MBEDTLS_TLS_MODE 642 bool "TLS Protocol Role" 643 default MBEDTLS_TLS_SERVER_AND_CLIENT 644 help 645 mbedTLS can be compiled with protocol support for the TLS 646 server, TLS client, or both server and client. 647 648 Reducing the number of TLS roles supported saves code size. 649 650 config MBEDTLS_TLS_SERVER_AND_CLIENT 651 bool "Server & Client" 652 select MBEDTLS_TLS_SERVER 653 select MBEDTLS_TLS_CLIENT 654 config MBEDTLS_TLS_SERVER_ONLY 655 bool "Server" 656 select MBEDTLS_TLS_SERVER 657 config MBEDTLS_TLS_CLIENT_ONLY 658 bool "Client" 659 select MBEDTLS_TLS_CLIENT 660 config MBEDTLS_TLS_DISABLED 661 bool "None" 662 663 endchoice 664 665 config MBEDTLS_TLS_SERVER 666 bool 667 select MBEDTLS_TLS_ENABLED 668 config MBEDTLS_TLS_CLIENT 669 bool 670 select MBEDTLS_TLS_ENABLED 671 config MBEDTLS_TLS_ENABLED 672 bool 673 674 menu "TLS Key Exchange Methods" 675 depends on MBEDTLS_TLS_ENABLED 676 677 config MBEDTLS_PSK_MODES 678 bool "Enable pre-shared-key ciphersuites" 679 default n 680 help 681 Enable to show configuration for different types of pre-shared-key TLS authentatication methods. 682 683 Leaving this options disabled will save code size if they are not used. 684 685 config MBEDTLS_KEY_EXCHANGE_PSK 686 bool "Enable PSK based ciphersuite modes" 687 depends on MBEDTLS_PSK_MODES 688 default n 689 help 690 Enable to support symmetric key PSK (pre-shared-key) TLS key exchange modes. 691 692 config MBEDTLS_KEY_EXCHANGE_DHE_PSK 693 bool "Enable DHE-PSK based ciphersuite modes" 694 depends on MBEDTLS_PSK_MODES && MBEDTLS_DHM_C 695 default y 696 help 697 Enable to support Diffie-Hellman PSK (pre-shared-key) TLS authentication modes. 698 699 config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK 700 bool "Enable ECDHE-PSK based ciphersuite modes" 701 depends on MBEDTLS_PSK_MODES && MBEDTLS_ECDH_C 702 default y 703 help 704 Enable to support Elliptic-Curve-Diffie-Hellman PSK (pre-shared-key) TLS authentication modes. 705 706 config MBEDTLS_KEY_EXCHANGE_RSA_PSK 707 bool "Enable RSA-PSK based ciphersuite modes" 708 depends on MBEDTLS_PSK_MODES 709 default y 710 help 711 Enable to support RSA PSK (pre-shared-key) TLS authentication modes. 712 713 config MBEDTLS_KEY_EXCHANGE_RSA 714 bool "Enable RSA-only based ciphersuite modes" 715 default y 716 help 717 Enable to support ciphersuites with prefix TLS-RSA-WITH- 718 719 config MBEDTLS_KEY_EXCHANGE_DHE_RSA 720 bool "Enable DHE-RSA based ciphersuite modes" 721 default y 722 depends on MBEDTLS_DHM_C 723 help 724 Enable to support ciphersuites with prefix TLS-DHE-RSA-WITH- 725 726 config MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE 727 bool "Support Elliptic Curve based ciphersuites" 728 depends on MBEDTLS_ECP_C 729 default y 730 help 731 Enable to show Elliptic Curve based ciphersuite mode options. 732 733 Disabling all Elliptic Curve ciphersuites saves code size and 734 can give slightly faster TLS handshakes, provided the server supports 735 RSA-only ciphersuite modes. 736 737 config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA 738 bool "Enable ECDHE-RSA based ciphersuite modes" 739 depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C 740 default y 741 help 742 Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH- 743 744 config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 745 bool "Enable ECDHE-ECDSA based ciphersuite modes" 746 depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C 747 default y 748 help 749 Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH- 750 751 config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA 752 bool "Enable ECDH-ECDSA based ciphersuite modes" 753 depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C 754 default y 755 help 756 Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH- 757 758 config MBEDTLS_KEY_EXCHANGE_ECDH_RSA 759 bool "Enable ECDH-RSA based ciphersuite modes" 760 depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C 761 default y 762 help 763 Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH- 764 765 config MBEDTLS_KEY_EXCHANGE_ECJPAKE 766 bool "Enable ECJPAKE based ciphersuite modes" 767 depends on MBEDTLS_ECJPAKE_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED 768 default n 769 help 770 Enable to support ciphersuites with prefix TLS-ECJPAKE-WITH- 771 772 endmenu # TLS key exchange modes 773 774 config MBEDTLS_SSL_RENEGOTIATION 775 bool "Support TLS renegotiation" 776 depends on MBEDTLS_TLS_ENABLED 777 default y 778 help 779 The two main uses of renegotiation are (1) refresh keys on long-lived 780 connections and (2) client authentication after the initial handshake. 781 If you don't need renegotiation, disabling it will save code size and 782 reduce the possibility of abuse/vulnerability. 783 784 config MBEDTLS_SSL_PROTO_TLS1_2 785 bool "Support TLS 1.2 protocol" 786 depends on MBEDTLS_TLS_ENABLED 787 default y 788 789 config MBEDTLS_SSL_PROTO_GMTSSL1_1 790 bool "Support GM/T SSL 1.1 protocol" 791 depends on MBEDTLS_TLS_ENABLED 792 default n 793 help 794 Provisions for GM/T SSL 1.1 support 795 796 config MBEDTLS_SSL_PROTO_DTLS 797 bool "Support DTLS protocol (all versions)" 798 default n 799 depends on MBEDTLS_SSL_PROTO_TLS1_2 800 help 801 Requires TLS 1.2 to be enabled for DTLS 1.2 802 803 config MBEDTLS_SSL_ALPN 804 bool "Support ALPN (Application Layer Protocol Negotiation)" 805 depends on MBEDTLS_TLS_ENABLED 806 default y 807 help 808 Disabling this option will save some code size if it is not needed. 809 810 config MBEDTLS_CLIENT_SSL_SESSION_TICKETS 811 bool "TLS: Client Support for RFC 5077 SSL session tickets" 812 default y 813 depends on MBEDTLS_TLS_ENABLED 814 help 815 Client support for RFC 5077 session tickets. See mbedTLS documentation for more details. 816 Disabling this option will save some code size. 817 818 config MBEDTLS_SERVER_SSL_SESSION_TICKETS 819 bool "TLS: Server Support for RFC 5077 SSL session tickets" 820 default y 821 depends on MBEDTLS_TLS_ENABLED && (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C) 822 help 823 Server support for RFC 5077 session tickets. See mbedTLS documentation for more details. 824 Disabling this option will save some code size. 825 826 menu "Symmetric Ciphers" 827 828 config MBEDTLS_AES_C 829 bool "AES block cipher" 830 default y 831 832 config MBEDTLS_CAMELLIA_C 833 bool "Camellia block cipher" 834 default n 835 836 config MBEDTLS_DES_C 837 bool "DES block cipher (legacy, insecure)" 838 default n 839 help 840 Enables the DES block cipher to support 3DES-based TLS ciphersuites. 841 842 3DES is vulnerable to the Sweet32 attack and should only be enabled 843 if absolutely necessary. 844 845 config MBEDTLS_BLOWFISH_C 846 bool "Blowfish block cipher (read help)" 847 default n 848 help 849 Enables the Blowfish block cipher (not used for TLS sessions.) 850 851 The Blowfish cipher is not used for mbedTLS TLS sessions but can be 852 used for other purposes. Read up on the limitations of Blowfish (including 853 Sweet32) before enabling. 854 855 config MBEDTLS_XTEA_C 856 bool "XTEA block cipher" 857 default n 858 help 859 Enables the XTEA block cipher. 860 861 862 config MBEDTLS_CCM_C 863 bool "CCM (Counter with CBC-MAC) block cipher modes" 864 default y 865 depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C 866 help 867 Enable Counter with CBC-MAC (CCM) modes for AES and/or Camellia ciphers. 868 869 Disabling this option saves some code size. 870 871 config MBEDTLS_GCM_C 872 bool "GCM (Galois/Counter) block cipher modes" 873 default y 874 depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C 875 help 876 Enable Galois/Counter Mode for AES and/or Camellia ciphers. 877 878 This option is generally faster than CCM. 879 880 config MBEDTLS_NIST_KW_C 881 bool "NIST key wrapping (KW) and KW padding (KWP)" 882 default n 883 depends on MBEDTLS_AES_C 884 help 885 Enable NIST key wrapping and key wrapping padding. 886 887 endmenu # Symmetric Ciphers 888 889 config MBEDTLS_RIPEMD160_C 890 bool "Enable RIPEMD-160 hash algorithm" 891 default n 892 help 893 Enable the RIPEMD-160 hash algorithm. 894 895 menu "Certificates" 896 897 config MBEDTLS_PEM_PARSE_C 898 bool "Read & Parse PEM formatted certificates" 899 default y 900 help 901 Enable decoding/parsing of PEM formatted certificates. 902 903 If your certificates are all in the simpler DER format, disabling 904 this option will save some code size. 905 906 config MBEDTLS_PEM_WRITE_C 907 bool "Write PEM formatted certificates" 908 default y 909 help 910 Enable writing of PEM formatted certificates. 911 912 If writing certificate data only in DER format, disabling this 913 option will save some code size. 914 915 config MBEDTLS_X509_CRL_PARSE_C 916 bool "X.509 CRL parsing" 917 default y 918 help 919 Support for parsing X.509 Certificate Revocation Lists. 920 921 config MBEDTLS_X509_CSR_PARSE_C 922 bool "X.509 CSR parsing" 923 default y 924 help 925 Support for parsing X.509 Certificate Signing Requests 926 927 endmenu # Certificates 928 929 menuconfig MBEDTLS_ECP_C 930 bool "Elliptic Curve Ciphers" 931 default y 932 933 config MBEDTLS_DHM_C 934 bool "Diffie-Hellman-Merkle key exchange (DHM)" 935 default n 936 help 937 Enable DHM. Needed to use DHE-xxx TLS ciphersuites. 938 939 Note that the security of Diffie-Hellman key exchanges depends on 940 a suitable prime being used for the exchange. Please see detailed 941 warning text about this in file `mbedtls/dhm.h` file. 942 943 config MBEDTLS_ECDH_C 944 bool "Elliptic Curve Diffie-Hellman (ECDH)" 945 depends on MBEDTLS_ECP_C 946 default y 947 help 948 Enable ECDH. Needed to use ECDHE-xxx TLS ciphersuites. 949 950 config MBEDTLS_ECDSA_C 951 bool "Elliptic Curve DSA" 952 depends on MBEDTLS_ECDH_C 953 default y 954 help 955 Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites. 956 957 config MBEDTLS_ECJPAKE_C 958 bool "Elliptic curve J-PAKE" 959 depends on MBEDTLS_ECP_C 960 default n 961 help 962 Enable ECJPAKE. Needed to use ECJPAKE-xxx TLS ciphersuites. 963 964 config MBEDTLS_ECP_DP_SECP192R1_ENABLED 965 bool "Enable SECP192R1 curve" 966 depends on MBEDTLS_ECP_C 967 default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY) 968 help 969 Enable support for SECP192R1 Elliptic Curve. 970 971 config MBEDTLS_ECP_DP_SECP224R1_ENABLED 972 bool "Enable SECP224R1 curve" 973 depends on MBEDTLS_ECP_C 974 default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY) 975 help 976 Enable support for SECP224R1 Elliptic Curve. 977 978 config MBEDTLS_ECP_DP_SECP256R1_ENABLED 979 bool "Enable SECP256R1 curve" 980 depends on MBEDTLS_ECP_C 981 default y 982 help 983 Enable support for SECP256R1 Elliptic Curve. 984 985 config MBEDTLS_ECP_DP_SECP384R1_ENABLED 986 bool "Enable SECP384R1 curve" 987 depends on MBEDTLS_ECP_C 988 default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY) 989 help 990 Enable support for SECP384R1 Elliptic Curve. 991 992 config MBEDTLS_ECP_DP_SECP521R1_ENABLED 993 bool "Enable SECP521R1 curve" 994 depends on MBEDTLS_ECP_C 995 default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY) 996 help 997 Enable support for SECP521R1 Elliptic Curve. 998 999 config MBEDTLS_ECP_DP_SECP192K1_ENABLED 1000 bool "Enable SECP192K1 curve" 1001 depends on MBEDTLS_ECP_C 1002 default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY) 1003 help 1004 Enable support for SECP192K1 Elliptic Curve. 1005 1006 config MBEDTLS_ECP_DP_SECP224K1_ENABLED 1007 bool "Enable SECP224K1 curve" 1008 depends on MBEDTLS_ECP_C 1009 default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY) 1010 help 1011 Enable support for SECP224K1 Elliptic Curve. 1012 1013 config MBEDTLS_ECP_DP_SECP256K1_ENABLED 1014 bool "Enable SECP256K1 curve" 1015 depends on MBEDTLS_ECP_C 1016 default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY) 1017 help 1018 Enable support for SECP256K1 Elliptic Curve. 1019 1020 config MBEDTLS_ECP_DP_BP256R1_ENABLED 1021 bool "Enable BP256R1 curve" 1022 depends on MBEDTLS_ECP_C 1023 default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY) 1024 help 1025 support for DP Elliptic Curve. 1026 1027 config MBEDTLS_ECP_DP_BP384R1_ENABLED 1028 bool "Enable BP384R1 curve" 1029 depends on MBEDTLS_ECP_C 1030 default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY) 1031 help 1032 support for DP Elliptic Curve. 1033 1034 config MBEDTLS_ECP_DP_BP512R1_ENABLED 1035 bool "Enable BP512R1 curve" 1036 depends on MBEDTLS_ECP_C 1037 default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY) 1038 help 1039 support for DP Elliptic Curve. 1040 1041 config MBEDTLS_ECP_DP_CURVE25519_ENABLED 1042 bool "Enable CURVE25519 curve" 1043 depends on MBEDTLS_ECP_C 1044 default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY) 1045 help 1046 Enable support for CURVE25519 Elliptic Curve. 1047 1048 config MBEDTLS_ECP_NIST_OPTIM 1049 bool "NIST 'modulo p' optimisations" 1050 depends on MBEDTLS_ECP_C 1051 default y 1052 help 1053 NIST 'modulo p' optimisations increase Elliptic Curve operation performance. 1054 1055 Disabling this option saves some code size. 1056 1057 config MBEDTLS_ECP_FIXED_POINT_OPTIM 1058 bool "Enable fixed-point multiplication optimisations" 1059 depends on MBEDTLS_ECP_C 1060 default n 1061 help 1062 This configuration option enables optimizations to speedup (about 3 ~ 4 times) the ECP 1063 fixed point multiplication using pre-computed tables in the flash memory. 1064 Enabling this configuration option increases the flash footprint 1065 (about 29KB if all Elliptic Curve selected) in the application binary. 1066 1067 # end of Elliptic Curve options 1068 1069 config MBEDTLS_POLY1305_C 1070 bool "Poly1305 MAC algorithm" 1071 default n 1072 help 1073 Enable support for Poly1305 MAC algorithm. 1074 1075 config MBEDTLS_CHACHA20_C 1076 bool "Chacha20 stream cipher" 1077 default n 1078 help 1079 Enable support for Chacha20 stream cipher. 1080 1081 config MBEDTLS_CHACHAPOLY_C 1082 bool "ChaCha20-Poly1305 AEAD algorithm" 1083 default n 1084 depends on MBEDTLS_CHACHA20_C && MBEDTLS_POLY1305_C 1085 help 1086 Enable support for ChaCha20-Poly1305 AEAD algorithm. 1087 1088 config MBEDTLS_HKDF_C 1089 bool "HKDF algorithm (RFC 5869)" 1090 default n 1091 help 1092 Enable support for the Hashed Message Authentication Code 1093 (HMAC)-based key derivation function (HKDF). 1094 1095 config MBEDTLS_THREADING_C 1096 bool "Enable the threading abstraction layer" 1097 default n 1098 help 1099 If you do intend to use contexts between threads, you will need to enable 1100 this layer to prevent race conditions. 1101 1102 config MBEDTLS_THREADING_ALT 1103 bool "Enable threading alternate implementation" 1104 depends on MBEDTLS_THREADING_C 1105 default y 1106 help 1107 Enable threading alt to allow your own alternate threading implementation. 1108 1109 config MBEDTLS_THREADING_PTHREAD 1110 bool "Enable threading pthread implementation" 1111 depends on MBEDTLS_THREADING_C 1112 default n 1113 help 1114 Enable the pthread wrapper layer for the threading layer. 1115 1116 config MBEDTLS_ERROR_STRINGS 1117 bool "Enable error code to error string conversion" 1118 default y 1119 help 1120 Enables mbedtls_strerror() for converting error codes to error strings. 1121 Disabling this config can save some code/rodata size as the error 1122 string conversion implementation is replaced with an empty stub. 1123 1124 config MBEDTLS_USE_CRYPTO_ROM_IMPL 1125 bool "Use ROM implementation of the crypto algorithm" 1126 depends on ESP_ROM_HAS_MBEDTLS_CRYPTO_LIB 1127 default "n" 1128 select MBEDTLS_SHA512_C 1129 select MBEDTLS_AES_C 1130 select MBEDTLS_CCM_C 1131 select MBEDTLS_CMAC_C 1132 select MBEDTLS_ROM_MD5 1133 select MBEDTLS_HARDWARE_SHA 1134 select MBEDTLS_ECP_RESTARTABLE 1135 select MBEDTLS_THREADING_C 1136 help 1137 Enable this flag to use mbedtls crypto algorithm from ROM instead of ESP-IDF. 1138 1139 This configuration option saves flash footprint in the application binary. 1140 Note that the version of mbedtls crypto algorithm library in ROM(ECO1~ECO3) is v2.16.12, 1141 and the version of mbedtls crypto algorithm library in ROM(ECO4) is v3.6.0. 1142 We have done the security analysis of the mbedtls revision in ROM (ECO1~ECO4) 1143 and ensured that affected symbols have been patched (removed). If in the future 1144 mbedtls revisions there are security issues that also affects the version in 1145 ROM (ECO1~ECO4) then we shall patch the relevant symbols. This would increase 1146 the flash footprint and hence care must be taken to keep some reserved space 1147 for the application binary in flash layout. 1148 1149endmenu # mbedTLS 1150
