Skip to content

Commit d9c4312

Browse files
Ashish285Ashish285
committed
feat(mbedtls): restructure mbedtls configuration page
1 parent f7be43c commit d9c4312

File tree

12 files changed

+2046
-1389
lines changed

12 files changed

+2046
-1389
lines changed

components/esp-tls/Kconfig

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ menu "ESP-TLS"
88
usage. Consult the ESP-TLS documentation in ESP-IDF Programming guide for more details.
99
config ESP_TLS_USING_MBEDTLS
1010
bool "mbedTLS"
11+
select MBEDTLS_TLS_ENABLED
1112
config ESP_TLS_USING_WOLFSSL
1213
depends on TLS_STACK_WOLFSSL
1314
bool "wolfSSL (License info in wolfSSL directory README)"

components/mbedtls/CMakeLists.txt

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -357,8 +357,19 @@ foreach(target ${mbedtls_targets})
357357
if(CONFIG_COMPILER_STATIC_ANALYZER AND CMAKE_C_COMPILER_ID STREQUAL "GNU") # TODO IDF-10087
358358
target_compile_options(${target} PRIVATE "-fno-analyzer")
359359
endif()
360+
if(CONFIG_MBEDTLS_COMPILER_OPTIMIZATION_SIZE)
361+
target_compile_options(${target} PRIVATE "-Os")
362+
elseif(CONFIG_MBEDTLS_COMPILER_OPTIMIZATION_SPEED)
363+
target_compile_options(${target} PRIVATE "-O2")
364+
endif()
360365
endforeach()
361366

367+
if(CONFIG_MBEDTLS_COMPILER_OPTIMIZATION_SIZE)
368+
target_compile_options(${COMPONENT_LIB} PRIVATE "-Os")
369+
elseif(CONFIG_MBEDTLS_COMPILER_OPTIMIZATION_SPEED)
370+
target_compile_options(${COMPONENT_LIB} PRIVATE "-O2")
371+
endif()
372+
362373
if(CONFIG_MBEDTLS_DYNAMIC_BUFFER)
363374
set(WRAP_FUNCTIONS
364375
mbedtls_ssl_write_client_hello

components/mbedtls/Kconfig

Lines changed: 1418 additions & 1380 deletions
Large diffs are not rendered by default.

components/mbedtls/config/mbedtls_preset_bt.conf

Lines changed: 98 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,98 @@
1+
#
2+
# mbedTLS Bluetooth Configuration Preset
3+
#
4+
5+
# Core Configuration
6+
CONFIG_MBEDTLS_FS_IO=n
7+
CONFIG_MBEDTLS_ERROR_STRINGS=n
8+
CONFIG_MBEDTLS_HAVE_TIME=n
9+
CONFIG_MBEDTLS_SELF_TEST=n
10+
11+
# Certificates
12+
CONFIG_MBEDTLS_PEM_PARSE_C=n
13+
CONFIG_MBEDTLS_PEM_WRITE_C=n
14+
CONFIG_MBEDTLS_X509_REMOVE_INFO=y
15+
CONFIG_MBEDTLS_X509_CRL_PARSE_C=n
16+
CONFIG_MBEDTLS_X509_CSR_PARSE_C=n
17+
CONFIG_MBEDTLS_X509_RSASSA_PSS_SUPPORT=n
18+
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
19+
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=n
20+
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE=y
21+
22+
# TLS Protocol Configuration
23+
CONFIG_MBEDTLS_TLS_ENABLED=n
24+
CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
25+
CONFIG_MBEDTLS_TLS_DISABLED=y
26+
27+
# TLS 1.2 Configuration
28+
CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
29+
30+
# TLS 1.3 Configuration
31+
CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=n
32+
33+
# TLS Key Exchange Configuration
34+
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=n
35+
CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE=n
36+
CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=n
37+
CONFIG_MBEDTLS_SSL_ALPN=n
38+
CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
39+
CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
40+
CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
41+
42+
# DTLS Protocol Configuration
43+
44+
# Cipher Abstraction Layer
45+
CONFIG_MBEDTLS_CIPHER_C=y
46+
47+
# Symmetric Ciphers
48+
CONFIG_MBEDTLS_ARIA_C=n
49+
CONFIG_MBEDTLS_CCM_C=n
50+
CONFIG_MBEDTLS_CIPHER_MODE_CBC=n
51+
CONFIG_MBEDTLS_CIPHER_MODE_CFB=n
52+
CONFIG_MBEDTLS_CIPHER_MODE_CTR=n
53+
CONFIG_MBEDTLS_CIPHER_MODE_OFB=n
54+
CONFIG_MBEDTLS_CIPHER_MODE_XTS=y
55+
CONFIG_MBEDTLS_GCM_C=n
56+
CONFIG_MBEDTLS_PKCS5_C=n
57+
CONFIG_MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS=n
58+
CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN=n
59+
CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS=n
60+
CONFIG_MBEDTLS_AES_FEWER_TABLES=y
61+
62+
# Elliptic Curve Ciphers Configuration
63+
CONFIG_MBEDTLS_ECP_NIST_OPTIM=n
64+
CONFIG_MBEDTLS_DHM_C=n
65+
CONFIG_MBEDTLS_ECDSA_C=y
66+
CONFIG_MBEDTLS_PK_PARSE_EC_EXTENDED=n
67+
CONFIG_MBEDTLS_PK_PARSE_EC_COMPRESSED=n
68+
CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED=n
69+
CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED=n
70+
CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=n
71+
CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=n
72+
CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED=n
73+
CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED=n
74+
CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED=n
75+
CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED=n
76+
CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=n
77+
CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=n
78+
CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED=n
79+
80+
# Hash functions
81+
CONFIG_MBEDTLS_SHA1_C=n
82+
CONFIG_MBEDTLS_SHA384_C=n
83+
CONFIG_MBEDTLS_SHA512_C=n
84+
CONFIG_MBEDTLS_MD5_C=n
85+
CONFIG_MBEDTLS_MPI_USE_INTERRUPT=n
86+
CONFIG_MBEDTLS_ECC_OTHER_CURVES_SOFT_FALLBACK=n
87+
CONFIG_MBEDTLS_GENPRIME=y
88+
89+
CONFIG_MBEDTLS_PKCS12_C=n
90+
CONFIG_MBEDTLS_PKCS1_V21=n
91+
92+
CONFIG_MBEDTLS_ENTROPY_FORCE_SHA256=y
93+
CONFIG_MBEDTLS_CTR_DRBG_C=y
94+
CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT=n
95+
96+
#
97+
# End of mbedTLS Minimal Configuration Preset
98+
#

components/mbedtls/config/mbedtls_preset_default.conf

Lines changed: 199 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,199 @@
1+
#
2+
# mbedTLS Default Configuration Preset
3+
#
4+
5+
# Core Configuration
6+
CONFIG_MBEDTLS_FS_IO=y
7+
CONFIG_MBEDTLS_THREADING_C=n
8+
CONFIG_MBEDTLS_ERROR_STRINGS=y
9+
CONFIG_MBEDTLS_VERSION_C=n
10+
CONFIG_MBEDTLS_HAVE_TIME=y
11+
CONFIG_MBEDTLS_PLATFORM_TIME_ALT=n
12+
CONFIG_MBEDTLS_HAVE_TIME_DATE=n
13+
CONFIG_MBEDTLS_BIGNUM_C=y
14+
CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC=y
15+
CONFIG_MBEDTLS_EXTERNAL_MEM_ALLOC=n
16+
CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=n
17+
CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC=n
18+
CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
19+
CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
20+
CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
21+
CONFIG_MBEDTLS_DYNAMIC_BUFFER=n
22+
CONFIG_MBEDTLS_VERSION_FEATURES=n
23+
CONFIG_MBEDTLS_DEBUG=n
24+
CONFIG_MBEDTLS_SELF_TEST=y
25+
26+
# Certificates
27+
CONFIG_MBEDTLS_ALLOW_WEAK_CERTIFICATE_VERIFICATION=n
28+
CONFIG_MBEDTLS_X509_USE_C=y
29+
CONFIG_MBEDTLS_PEM_PARSE_C=y
30+
CONFIG_MBEDTLS_PEM_WRITE_C=y
31+
CONFIG_MBEDTLS_PK_C=y
32+
CONFIG_MBEDTLS_PK_PARSE_C=y
33+
CONFIG_MBEDTLS_PK_WRITE_C=y
34+
CONFIG_MBEDTLS_X509_REMOVE_INFO=n
35+
CONFIG_MBEDTLS_X509_CRL_PARSE_C=y
36+
CONFIG_MBEDTLS_X509_CRT_PARSE_C=y
37+
CONFIG_MBEDTLS_X509_CSR_PARSE_C=y
38+
CONFIG_MBEDTLS_X509_CREATE_C=n
39+
CONFIG_MBEDTLS_X509_CRT_WRITE_C=y
40+
CONFIG_MBEDTLS_X509_CSR_WRITE_C=y
41+
CONFIG_MBEDTLS_X509_RSASSA_PSS_SUPPORT=y
42+
CONFIG_MBEDTLS_X509_TRUSTED_CERT_CALLBACK=n
43+
CONFIG_MBEDTLS_ASN1_PARSE_C=y
44+
CONFIG_MBEDTLS_ASN1_WRITE_C=y
45+
CONFIG_MBEDTLS_OID_C=y
46+
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y
47+
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
48+
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE=n
49+
CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=n
50+
51+
# TLS Protocol Configuration
52+
CONFIG_MBEDTLS_TLS_ENABLED=y
53+
CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
54+
CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=y
55+
CONFIG_MBEDTLS_TLS_SERVER_ONLY=n
56+
CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
57+
CONFIG_MBEDTLS_TLS_DISABLED=n
58+
CONFIG_MBEDTLS_TLS_SERVER=y
59+
CONFIG_MBEDTLS_TLS_CLIENT=y
60+
CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY=1
61+
CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n
62+
CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION=n
63+
CONFIG_MBEDTLS_SSL_CACHE_C=n
64+
CONFIG_MBEDTLS_SSL_ALL_ALERT_MESSAGES=n
65+
66+
# TLS 1.2 Configuration
67+
CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=y
68+
69+
# TLS 1.3 Configuration
70+
CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y
71+
72+
# TLS Key Exchange Configuration
73+
CONFIG_MBEDTLS_PSK_MODES=n
74+
CONFIG_MBEDTLS_KEY_EXCHANGE_PSK=n
75+
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK=n
76+
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK=n
77+
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=y
78+
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=y
79+
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA=y
80+
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=y
81+
CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE=y
82+
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA=y
83+
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=y
84+
CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y
85+
CONFIG_MBEDTLS_SSL_ALPN=y
86+
CONFIG_MBEDTLS_SSL_MAX_FRAGMENT_LENGTH=y
87+
CONFIG_MBEDTLS_SSL_RECORD_SIZE_LIMIT=n
88+
CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=n
89+
CONFIG_MBEDTLS_SSL_RENEGOTIATION=y
90+
CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y
91+
CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=y
92+
93+
# DTLS Protocol Configuration
94+
CONFIG_MBEDTLS_SSL_PROTO_DTLS=n
95+
96+
# Cipher Abstraction Layer
97+
CONFIG_MBEDTLS_CIPHER_C=n
98+
99+
# Symmetric Ciphers
100+
CONFIG_MBEDTLS_AES_C=y
101+
CONFIG_MBEDTLS_CAMELLIA_C=n
102+
CONFIG_MBEDTLS_ARIA_C=y
103+
CONFIG_MBEDTLS_DES_C=n
104+
CONFIG_MBEDTLS_BLOWFISH_C=n
105+
CONFIG_MBEDTLS_XTEA_C=n
106+
CONFIG_MBEDTLS_CCM_C=y
107+
CONFIG_MBEDTLS_CIPHER_MODE_CBC=y
108+
CONFIG_MBEDTLS_CIPHER_MODE_CFB=y
109+
CONFIG_MBEDTLS_CIPHER_MODE_CTR=y
110+
CONFIG_MBEDTLS_CIPHER_MODE_OFB=y
111+
CONFIG_MBEDTLS_CIPHER_MODE_XTS=y
112+
CONFIG_MBEDTLS_GCM_C=y
113+
CONFIG_MBEDTLS_NIST_KW_C=n
114+
CONFIG_MBEDTLS_CIPHER_PADDING=y
115+
CONFIG_MBEDTLS_CIPHER_PADDING_PKCS7=y
116+
CONFIG_MBEDTLS_PKCS5_C=y
117+
CONFIG_MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS=y
118+
CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN=y
119+
CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS=y
120+
CONFIG_MBEDTLS_AES_ROM_TABLES=y
121+
CONFIG_MBEDTLS_AES_FEWER_TABLES=n
122+
CONFIG_MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH=n
123+
CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC=n
124+
CONFIG_MBEDTLS_CMAC_C=y
125+
126+
# Asymmetric Ciphers
127+
CONFIG_MBEDTLS_RSA_C=y
128+
129+
# Elliptic Curve Ciphers Configuration
130+
CONFIG_MBEDTLS_ECP_C=y
131+
CONFIG_MBEDTLS_ECP_NIST_OPTIM=y
132+
CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM=n
133+
CONFIG_MBEDTLS_DHM_C=y
134+
CONFIG_MBEDTLS_ECDH_C=y
135+
CONFIG_MBEDTLS_ECJPAKE_C=n
136+
CONFIG_MBEDTLS_ECDSA_C=y
137+
CONFIG_MBEDTLS_PK_PARSE_EC_EXTENDED=y
138+
CONFIG_MBEDTLS_PK_PARSE_EC_COMPRESSED=y
139+
CONFIG_MBEDTLS_ECDSA_DETERMINISTIC=y
140+
CONFIG_MBEDTLS_ECP_RESTARTABLE=n
141+
CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED=y
142+
CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED=y
143+
CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
144+
CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=y
145+
CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=y
146+
CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED=y
147+
CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED=y
148+
CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED=y
149+
CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED=y
150+
CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=y
151+
CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=y
152+
CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED=y
153+
154+
# Hash functions
155+
CONFIG_MBEDTLS_MD_C=y
156+
CONFIG_MBEDTLS_ROM_MD5=y
157+
CONFIG_MBEDTLS_SHA256_C=y
158+
CONFIG_MBEDTLS_SHA1_C=y
159+
CONFIG_MBEDTLS_SHA384_C=y
160+
CONFIG_MBEDTLS_SHA512_C=y
161+
CONFIG_MBEDTLS_MD5_C=y
162+
CONFIG_MBEDTLS_SHA3_C=n
163+
164+
CONFIG_MBEDTLS_HARDWARE_SHA=y
165+
CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER=y
166+
CONFIG_MBEDTLS_HARDWARE_AES=y
167+
CONFIG_MBEDTLS_AES_USE_INTERRUPT=y
168+
CONFIG_MBEDTLS_AES_INTERRUPT_LEVEL=0
169+
CONFIG_MBEDTLS_PK_RSA_ALT_SUPPORT=y
170+
CONFIG_MBEDTLS_HARDWARE_MPI=y
171+
# CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI=n
172+
CONFIG_MBEDTLS_MPI_USE_INTERRUPT=y
173+
CONFIG_MBEDTLS_MPI_INTERRUPT_LEVEL=0
174+
CONFIG_MBEDTLS_HARDWARE_ECC=y
175+
CONFIG_MBEDTLS_ECC_OTHER_CURVES_SOFT_FALLBACK=y
176+
CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN=n
177+
CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY=y
178+
CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN=n
179+
CONFIG_MBEDTLS_ATCA_HW_ECDSA_VERIFY=n
180+
181+
CONFIG_MBEDTLS_PKCS7_C=y
182+
CONFIG_MBEDTLS_PKCS12_C=y
183+
CONFIG_MBEDTLS_PKCS1_V15=y
184+
CONFIG_MBEDTLS_PKCS1_V21=y
185+
186+
CONFIG_MBEDTLS_ENTROPY_C=y
187+
CONFIG_MBEDTLS_ENTROPY_FORCE_SHA256=n
188+
CONFIG_MBEDTLS_CTR_DRBG_C=y
189+
CONFIG_MBEDTLS_HMAC_DRBG_C=y
190+
191+
CONFIG_MBEDTLS_BASE64_C=y
192+
193+
CONFIG_MBEDTLS_CHACHA20_C=n
194+
CONFIG_MBEDTLS_POLY1305_C=n
195+
CONFIG_MBEDTLS_HKDF_C=n
196+
197+
#
198+
# End of mbedTLS Minimal Configuration Preset
199+
#

0 commit comments

Comments
 (0)