modules: mbedtls: Add separate configs for EC algorithms

Instead of relying on selected ciphesuite to enable mbed TLS EC configs, add separate config entries to enable them. This allows to use EC functionality w/o TLS/DTLS enabled. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2022-04-29 12:07:55 +02:00 · 2022-04-29 12:07:55 +02:00 · 1c1bb51730
commit 1c1bb51730
parent fc81f67e9a
2 changed files with 44 additions and 28 deletions
--- a/modules/mbedtls/Kconfig.tls-generic
+++ b/modules/mbedtls/Kconfig.tls-generic
@ -69,6 +69,7 @@ config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED

 config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
 	bool "ECDHE-PSK based ciphersuite modes"
+	select MBEDTLS_ECDH_C

 config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
 	bool "RSA-PSK based ciphersuite modes"
@ -96,28 +97,47 @@ config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED

 config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 	bool "ECDHE-RSA based ciphersuite modes"
+	select MBEDTLS_ECDH_C

 config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 	bool "ECDHE-ECDSA based ciphersuite modes"
+	select MBEDTLS_ECDH_C
+	select MBEDTLS_ECDSA_C

 config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 	bool "ECDH-ECDSA based ciphersuite modes"
+	select MBEDTLS_ECDH_C
+	select MBEDTLS_ECDSA_C

 config MBEDTLS_ECDSA_DETERMINISTIC
 	bool "Deterministic ECDSA (RFC 6979)"

 config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
 	bool "ECDH-RSA based ciphersuite modes"
+	select MBEDTLS_ECDH_C

 config MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 	bool "ECJPAKE based ciphersuite modes"
+	select MBEDTLS_ECJPAKE_C

-if MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \
-	MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || \
-	MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || \
-	MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED || \
-	MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || \
-	MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+comment "Elliptic curve libraries"
+
+config MBEDTLS_ECDH_C
+	bool "Elliptic curve Diffie-Hellman library"
+	select MBEDTLS_ECP_C
+
+config MBEDTLS_ECDSA_C
+	bool "Elliptic curve DSA library"
+	select MBEDTLS_ECP_C
+
+config MBEDTLS_ECJPAKE_C
+	bool "Elliptic curve J-PAKE library"
+	select MBEDTLS_ECP_C
+
+config MBEDTLS_ECP_C
+	bool "Elliptic curve over GF(p) library"
+
+if MBEDTLS_ECP_C

 comment "Supported elliptic curves"

--- a/modules/mbedtls/configs/config-tls-generic.h
+++ b/modules/mbedtls/configs/config-tls-generic.h
@ -172,6 +172,24 @@
 #define MBEDTLS_CIPHER_MODE_CTR
 #endif

+/* Supported elliptic curve libraries */
+
+#if defined(CONFIG_MBEDTLS_ECDH_C)
+#define MBEDTLS_ECDH_C
+#endif
+
+#if defined(CONFIG_MBEDTLS_ECDSA_C)
+#define MBEDTLS_ECDSA_C
+#endif
+
+#if defined(CONFIG_MBEDTLS_ECJPAKE_C)
+#define MBEDTLS_ECJPAKE_C
+#endif
+
+#if defined(CONFIG_MBEDTLS_ECP_C)
+#define MBEDTLS_ECP_C
+#endif
+
 /* Supported elliptic curves */

 #if defined(CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED)
@ -327,14 +345,6 @@
 #define MBEDTLS_DHM_C
 #endif

-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
-#define MBEDTLS_ECDH_C
-#endif
-
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
    defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
@ -366,20 +376,6 @@
 #define MBEDTLS_BASE64_C
 #endif

-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#define MBEDTLS_ECDSA_C
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#define MBEDTLS_ECJPAKE_C
-#endif
-
-#if defined(MBEDTLS_ECDH_C) || \
-    defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_ECJPAKE_C)
-#define MBEDTLS_ECP_C
-#endif
-
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #define MBEDTLS_X509_USE_C
 #endif