6ef29c0250
A single menu within an if like
if FOO
menu "blah"
...
endmenu
endif
can be replaced with
menu "blah"
depends on FOO
...
endmenu
Fix up all existing instances.
Also remove redundant extra menus underneath 'menuconfig' symbols.
'menuconfig' already creates a menu.
Also remove the menu in arch/arm/core/aarch32/Kconfig around the
"Floating point ABI" choice. The choice depends on FLOAT, which depends
on CPU_HAS_CPU, so remove the 'depends on CPU_HAS_FPU' too.
Piggyback removing a redundant 'default n' for BME280.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
326 lines
9.8 KiB
Text
326 lines
9.8 KiB
Text
# TLS/DTLS related options
|
|
|
|
# Copyright (c) 2018 Intel Corporation
|
|
# Copyright (c) 2018 Nordic Semiconductor ASA
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
menu "TLS configuration"
|
|
depends on MBEDTLS
|
|
|
|
menu "Supported TLS version"
|
|
|
|
config MBEDTLS_TLS_VERSION_1_0
|
|
bool "Enable support for TLS 1.0"
|
|
select MBEDTLS_MAC_MD5_ENABLED
|
|
select MBEDTLS_MAC_SHA1_ENABLED
|
|
|
|
config MBEDTLS_TLS_VERSION_1_1
|
|
bool "Enable support for TLS 1.1 (DTLS 1.0)"
|
|
select MBEDTLS_MAC_MD5_ENABLED
|
|
select MBEDTLS_MAC_SHA1_ENABLED
|
|
|
|
config MBEDTLS_TLS_VERSION_1_2
|
|
bool "Enable support for TLS 1.2 (DTLS 1.2)"
|
|
default y
|
|
|
|
config MBEDTLS_DTLS
|
|
bool "Enable support for DTLS"
|
|
depends on MBEDTLS_TLS_VERSION_1_1 || MBEDTLS_TLS_VERSION_1_2
|
|
|
|
config MBEDTLS_SSL_EXPORT_KEYS
|
|
bool "Enable support for exporting SSL key block and master secret"
|
|
depends on MBEDTLS_TLS_VERSION_1_0 || MBEDTLS_TLS_VERSION_1_1 || MBEDTLS_TLS_VERSION_1_2
|
|
|
|
endmenu
|
|
|
|
menu "Ciphersuite configuration"
|
|
|
|
comment "Supported key exchange modes"
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ALL_ENABLED
|
|
bool "Enable all available ciphersuite modes"
|
|
select MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
|
select MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
select MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
select MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
select MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
select MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
select MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
select MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
select MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
select MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
select MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
|
bool "Enable the PSK based ciphersuite modes"
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
bool "Enable the DHE-PSK based ciphersuite modes"
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
bool "Enable the ECDHE-PSK based ciphersuite modes"
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
bool "Enable the RSA-PSK based ciphersuite modes"
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
bool "Enable the RSA-only based ciphersuite modes"
|
|
default y if !NET_L2_OPENTHREAD
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
bool "Enable the DHE-RSA based ciphersuite modes"
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
bool "Enable the ECDHE-RSA based ciphersuite modes"
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
bool "Enable the ECDHE-ECDSA based ciphersuite modes"
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
bool "Enable the ECDH-ECDSA based ciphersuite modes"
|
|
|
|
config MBEDTLS_ECDSA_DETERMINISTIC
|
|
bool "Enable deterministic ECDSA (RFC 6979)"
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
bool "Enable the ECDH-RSA based ciphersuite modes"
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
bool "Enable the ECJPAKE based ciphersuite modes"
|
|
|
|
if MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \
|
|
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || \
|
|
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || \
|
|
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED || \
|
|
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || \
|
|
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
|
|
comment "Supported elliptic curves"
|
|
|
|
config MBEDTLS_ECP_ALL_ENABLED
|
|
bool "Enable all available elliptic curves"
|
|
select MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
|
select MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
|
select MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
|
select MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
|
select MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
|
select MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
|
select MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
|
select MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
|
select MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
|
select MBEDTLS_ECP_DP_BP256R1_ENABLED
|
|
select MBEDTLS_ECP_DP_BP384R1_ENABLED
|
|
select MBEDTLS_ECP_DP_BP512R1_ENABLED
|
|
select MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
|
select MBEDTLS_ECP_DP_CURVE448_ENABLED
|
|
select MBEDTLS_ECP_NIST_OPTIM
|
|
|
|
config MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
|
bool "Enable SECP192R1 elliptic curve"
|
|
|
|
config MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
|
bool "Enable SECP224R1 elliptic curve"
|
|
|
|
config MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
|
bool "Enable SECP256R1 elliptic curve"
|
|
|
|
config MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
|
bool "Enable SECP384R1 elliptic curve"
|
|
|
|
config MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
|
bool "Enable SECP521R1 elliptic curve"
|
|
|
|
config MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
|
bool "Enable SECP192K1 elliptic curve"
|
|
|
|
config MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
|
bool "Enable SECP224K1 elliptic curve"
|
|
|
|
config MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
|
bool "Enable SECP256K1 elliptic curve"
|
|
|
|
config MBEDTLS_ECP_DP_BP256R1_ENABLED
|
|
bool "Enable BP256R1 elliptic curve"
|
|
|
|
config MBEDTLS_ECP_DP_BP384R1_ENABLED
|
|
bool "Enable BP384R1 elliptic curve"
|
|
|
|
config MBEDTLS_ECP_DP_BP512R1_ENABLED
|
|
bool "Enable BP512R1 elliptic curve"
|
|
|
|
config MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
|
bool "Enable CURVE25519 elliptic curve"
|
|
|
|
config MBEDTLS_ECP_DP_CURVE448_ENABLED
|
|
bool "Enable CURVE448 elliptic curve"
|
|
|
|
config MBEDTLS_ECP_NIST_OPTIM
|
|
bool "Enable NSIT curves optimization"
|
|
|
|
endif
|
|
|
|
comment "Supported cipher modes"
|
|
|
|
config MBEDTLS_CIPHER_ALL_ENABLED
|
|
bool "Enable all available ciphers"
|
|
select MBEDTLS_CIPHER_AES_ENABLED
|
|
select MBEDTLS_CIPHER_CAMELLIA_ENABLED
|
|
select MBEDTLS_CIPHER_DES_ENABLED
|
|
select MBEDTLS_CIPHER_ARC4_ENABLED
|
|
select MBEDTLS_CIPHER_CHACHA20_ENABLED
|
|
select MBEDTLS_CIPHER_BLOWFISH_ENABLED
|
|
select MBEDTLS_CIPHER_CCM_ENABLED
|
|
select MBEDTLS_CIPHER_MODE_XTS_ENABLED
|
|
select MBEDTLS_CIPHER_MODE_GCM_ENABLED
|
|
select MBEDTLS_CIPHER_CBC_ENABLED
|
|
select MBEDTLS_CHACHAPOLY_AEAD_ENABLED
|
|
|
|
config MBEDTLS_CIPHER_AES_ENABLED
|
|
bool "Enable the AES block cipher"
|
|
default y
|
|
|
|
config MBEDTLS_AES_ROM_TABLES
|
|
depends on MBEDTLS_CIPHER_AES_ENABLED
|
|
bool "Use precomputed AES tables stored in ROM."
|
|
default y
|
|
|
|
config MBEDTLS_CIPHER_CAMELLIA_ENABLED
|
|
bool "Enable the Camellia block cipher"
|
|
|
|
config MBEDTLS_CIPHER_DES_ENABLED
|
|
bool "Enable the DES block cipher"
|
|
default y if !NET_L2_OPENTHREAD
|
|
|
|
config MBEDTLS_CIPHER_ARC4_ENABLED
|
|
bool "Enable the ARC4 stream cipher"
|
|
|
|
config MBEDTLS_CIPHER_CHACHA20_ENABLED
|
|
bool "Enable the ChaCha20 stream cipher"
|
|
|
|
config MBEDTLS_CIPHER_BLOWFISH_ENABLED
|
|
bool "Enable the Blowfish block cipher"
|
|
|
|
config MBEDTLS_CIPHER_CCM_ENABLED
|
|
bool "Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher"
|
|
depends on MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_CAMELLIA_ENABLED
|
|
|
|
config MBEDTLS_CIPHER_MODE_XTS_ENABLED
|
|
bool "Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES"
|
|
depends on MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_CAMELLIA_ENABLED
|
|
|
|
config MBEDTLS_CIPHER_MODE_GCM_ENABLED
|
|
bool "Enable the Galois/Counter Mode (GCM) for AES"
|
|
depends on MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_CAMELLIA_ENABLED
|
|
|
|
config MBEDTLS_CIPHER_CBC_ENABLED
|
|
bool "Enable Cipher Block Chaining mode (CBC) for symmetric ciphers"
|
|
default y if !NET_L2_OPENTHREAD
|
|
|
|
config MBEDTLS_CHACHAPOLY_AEAD_ENABLED
|
|
bool "Enable the ChaCha20-Poly1305 AEAD algorithm"
|
|
depends on MBEDTLS_CIPHER_CHACHA20_ENABLED || MBEDTLS_MAC_POLY1305_ENABLED
|
|
|
|
comment "Supported message authentication methods"
|
|
|
|
config MBEDTLS_MAC_ALL_ENABLED
|
|
bool "Enable all available MAC methods"
|
|
select MBEDTLS_MAC_MD4_ENABLED
|
|
select MBEDTLS_MAC_MD5_ENABLED
|
|
select MBEDTLS_MAC_SHA1_ENABLED
|
|
select MBEDTLS_MAC_SHA256_ENABLED
|
|
select MBEDTLS_MAC_SHA512_ENABLED
|
|
select MBEDTLS_MAC_POLY1305_ENABLED
|
|
select MBEDTLS_MAC_CMAC_ENABLED
|
|
|
|
config MBEDTLS_MAC_MD4_ENABLED
|
|
bool "Enable the MD4 hash algorithm"
|
|
|
|
config MBEDTLS_MAC_MD5_ENABLED
|
|
bool "Enable the MD5 hash algorithm"
|
|
default y if !NET_L2_OPENTHREAD
|
|
|
|
config MBEDTLS_MAC_SHA1_ENABLED
|
|
bool "Enable the SHA1 hash algorithm"
|
|
default y if !NET_L2_OPENTHREAD
|
|
|
|
config MBEDTLS_MAC_SHA256_ENABLED
|
|
bool "Enable the SHA-224 and SHA-256 hash algorithms"
|
|
default y
|
|
|
|
config MBEDTLS_SHA256_SMALLER
|
|
bool "Enable smaller SHA-256 implementation"
|
|
depends on MBEDTLS_MAC_SHA256_ENABLED
|
|
default y
|
|
help
|
|
Enable an implementation of SHA-256 that has lower ROM footprint but also
|
|
lower performance
|
|
|
|
config MBEDTLS_MAC_SHA512_ENABLED
|
|
bool "Enable the SHA-384 and SHA-512 hash algorithms"
|
|
|
|
config MBEDTLS_MAC_POLY1305_ENABLED
|
|
bool "Enable the Poly1305 MAC algorithm"
|
|
|
|
config MBEDTLS_MAC_CMAC_ENABLED
|
|
bool "Enable the CMAC (Cipher-based Message Authentication Code) mode for block ciphers."
|
|
depends on MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_DES_ENABLED
|
|
|
|
endmenu
|
|
|
|
comment "Random number generators"
|
|
|
|
config MBEDTLS_CTR_DRBG_ENABLED
|
|
bool "Enable the CTR_DRBG AES-256-based random generator"
|
|
depends on MBEDTLS_CIPHER_AES_ENABLED
|
|
default y
|
|
|
|
config MBEDTLS_HMAC_DRBG_ENABLED
|
|
bool "Enable the HMAC_DRBG random generator"
|
|
|
|
comment "Other configurations"
|
|
|
|
config MBEDTLS_GENPRIME_ENABLED
|
|
bool "Enable the prime-number generation code."
|
|
|
|
config MBEDTLS_PEM_CERTIFICATE_FORMAT
|
|
bool "Enable support for PEM certificate format"
|
|
help
|
|
By default only DER (binary) format of certificates is supported. Enable
|
|
this option to enable support for PEM format.
|
|
|
|
config MBEDTLS_HAVE_ASM
|
|
bool "Enable use of assembly code"
|
|
default y if !ARM
|
|
help
|
|
Enable use of assembly code in mbedTLS. This improves the performances
|
|
of asymmetric cryptography, however this might have an impact on the
|
|
code size.
|
|
|
|
config MBEDTLS_ENTROPY_ENABLED
|
|
bool "Enable mbedTLS generic entropy pool"
|
|
depends on MBEDTLS_MAC_SHA256_ENABLED || MBEDTLS_MAC_SHA512_ENABLED
|
|
|
|
config MBEDTLS_OPENTHREAD_OPTIMIZATIONS_ENABLED
|
|
bool "Enable mbedTLS optimizations for OpenThread"
|
|
depends on NET_L2_OPENTHREAD
|
|
default y if !NET_SOCKETS_SOCKOPT_TLS
|
|
help
|
|
Enable some OpenThread specific mbedTLS optimizations that allows to
|
|
save some RAM/ROM when OpenThread is used. Note, that when application
|
|
aims to use other mbedTLS services on top of OpenThread (e.g. secure
|
|
sockets), it's advised to disable this option.
|
|
|
|
config MBEDTLS_USER_CONFIG_ENABLE
|
|
bool "Enable user mbedTLS config file"
|
|
help
|
|
Enable user mbedTLS config file that will be included at the end of
|
|
the generic config file.
|
|
|
|
config MBEDTLS_USER_CONFIG_FILE
|
|
string "User configuration file for mbedTLS"
|
|
depends on MBEDTLS_USER_CONFIG_ENABLE
|
|
help
|
|
User config file that can contain mbedTLS configs that were not
|
|
covered by the generic config file.
|
|
|
|
endmenu
|