2016-07-21 06:03:12 +08:00
|
|
|
# Kconfig - Cryptography primitive options for mbed TLS
|
|
|
|
|
|
|
|
#
|
|
|
|
# Copyright (c) 2016 Intel Corporation
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
menuconfig MBEDTLS
|
|
|
|
bool
|
|
|
|
prompt "mbedTLS Support"
|
|
|
|
default n
|
|
|
|
help
|
|
|
|
This option enables the mbedTLS cryptography library.
|
|
|
|
|
2017-12-11 19:36:26 +08:00
|
|
|
if MBEDTLS
|
|
|
|
|
|
|
|
choice
|
|
|
|
prompt "Select implementation"
|
|
|
|
default MBEDTLS_BUILTIN
|
|
|
|
|
2016-07-21 06:03:12 +08:00
|
|
|
config MBEDTLS_BUILTIN
|
|
|
|
bool "Enable mbedTLS integrated sources"
|
|
|
|
help
|
2017-12-13 23:08:21 +08:00
|
|
|
Link with local mbedTLS sources instead of external library.
|
2016-07-21 06:03:12 +08:00
|
|
|
|
2017-12-11 19:36:26 +08:00
|
|
|
config MBEDTLS_LIBRARY
|
|
|
|
bool "Enable mbedTLS external library"
|
|
|
|
help
|
|
|
|
This option enables mbedTLS library.
|
|
|
|
|
|
|
|
endchoice
|
|
|
|
|
2016-07-21 06:03:12 +08:00
|
|
|
config MBEDTLS_CFG_FILE
|
|
|
|
string "mbed TLS configuration file"
|
|
|
|
depends on MBEDTLS_BUILTIN
|
|
|
|
default "config-threadnet.h"
|
|
|
|
help
|
2017-12-13 23:08:21 +08:00
|
|
|
Enable custom mbed TLS configuration
|
2016-07-21 06:03:12 +08:00
|
|
|
|
2017-06-22 20:38:37 +08:00
|
|
|
config MBEDTLS_DEBUG
|
2017-10-02 04:37:41 +08:00
|
|
|
bool "mbed TLS debug activation"
|
2017-06-22 20:38:37 +08:00
|
|
|
depends on MBEDTLS_BUILTIN
|
|
|
|
default n
|
|
|
|
help
|
2017-12-13 23:08:21 +08:00
|
|
|
Enable debugging activation for mbed TLS configuration. Note that this
|
|
|
|
does not directly cause any debug print output. For that you need to
|
|
|
|
call
|
|
|
|
mbedtls_debug_set_threshold(level);
|
|
|
|
and
|
|
|
|
mbedtls_ssl_conf_dbg(&mbedtls.conf, my_debug, NULL);
|
|
|
|
functions in your application, and create the my_debug() function to
|
|
|
|
actually print something useful.
|
2017-06-22 20:38:37 +08:00
|
|
|
|
2016-07-21 06:03:12 +08:00
|
|
|
config MBEDTLS_TEST
|
|
|
|
bool "Compile internal self test functions"
|
|
|
|
depends on MBEDTLS_BUILTIN
|
|
|
|
default n
|
|
|
|
help
|
2017-12-13 23:08:21 +08:00
|
|
|
Enable self test function for the crypto algorithms
|
2016-07-21 06:03:12 +08:00
|
|
|
|
|
|
|
config MBEDTLS_INSTALL_PATH
|
|
|
|
string "mbedTLS install path"
|
|
|
|
depends on MBEDTLS_LIBRARY
|
|
|
|
help
|
2017-12-13 23:08:21 +08:00
|
|
|
This option holds the path where the mbedTLS libraries and headers are
|
|
|
|
installed. Make sure this option is properly set when MBEDTLS_LIBRARY
|
|
|
|
is enabled otherwise the build will fail.
|
2017-06-22 21:23:39 +08:00
|
|
|
|
|
|
|
config MBEDTLS_ENABLE_HEAP
|
|
|
|
bool "Enable global heap for mbed TLS"
|
|
|
|
default n
|
|
|
|
help
|
2017-12-13 23:08:21 +08:00
|
|
|
This option enables the mbedtls to use the heap. This setting must
|
|
|
|
be global so that various applications and libraries in Zephyr do not
|
|
|
|
try to do this themselves as there can be only one heap defined
|
|
|
|
in mbedtls. If this is enabled, then the Zephyr will, during the device
|
|
|
|
startup, initialize the heap automatically.
|
2017-06-22 21:23:39 +08:00
|
|
|
|
|
|
|
config MBEDTLS_HEAP_SIZE
|
|
|
|
int "Heap size for mbed TLS"
|
2017-11-04 04:38:29 +08:00
|
|
|
default 512
|
2017-06-22 21:23:39 +08:00
|
|
|
depends on MBEDTLS_ENABLE_HEAP
|
|
|
|
help
|
2017-12-13 23:08:21 +08:00
|
|
|
The mbedtls routines will use this heap if enabled.
|
|
|
|
See ext/lib/crypto/mbedtls/include/mbedtls/config.h and
|
|
|
|
MBEDTLS_MEMORY_BUFFER_ALLOC_C option for details. That option is not
|
|
|
|
enabled by default.
|
|
|
|
Default value for the heap size is not set as it depends on the
|
|
|
|
application. For server application 15000 bytes should be enough.
|
|
|
|
For some dedicated and specific usage of mbedtls API, the 1000 bytes
|
|
|
|
might be ok.
|
2017-12-27 23:10:15 +08:00
|
|
|
|
|
|
|
config APP_LINK_WITH_MBEDTLS
|
|
|
|
bool "Link 'app' with MBEDTLS"
|
|
|
|
default y
|
|
|
|
depends on MBEDTLS
|
|
|
|
help
|
|
|
|
Add MBEDTLS header files to the 'app' include path. It may be
|
|
|
|
disabled if the include paths for MBEDTLS are causing aliasing
|
|
|
|
issues for 'app'.
|
2017-12-11 19:36:26 +08:00
|
|
|
|
|
|
|
endif
|