# TLS/DTLS related options # Copyright (c) 2018 Intel Corporation # Copyright (c) 2018 Nordic Semiconductor ASA # SPDX-License-Identifier: Apache-2.0 menu "Mbed TLS configuration" depends on MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" menu "TLS" config MBEDTLS_TLS_VERSION_1_2 bool "Support for TLS 1.2 (DTLS 1.2)" select MBEDTLS_CIPHER select MBEDTLS_MD if MBEDTLS_TLS_VERSION_1_2 config MBEDTLS_DTLS bool "Support for DTLS" endif # MBEDTLS_TLS_VERSION_1_2 config MBEDTLS_TLS_VERSION_1_3 bool "Support for TLS 1.3" if MBEDTLS_TLS_VERSION_1_3 config MBEDTLS_TLS_SESSION_TICKETS bool "Support for RFC 5077 session tickets in TLS 1.3" endif # MBEDTLS_TLS_VERSION_1_3 if MBEDTLS_TLS_VERSION_1_2 || MBEDTLS_TLS_VERSION_1_3 config MBEDTLS_SSL_ALPN bool "Support for setting the supported Application Layer Protocols" endif # MBEDTLS_TLS_VERSION_1_2 || MBEDTLS_TLS_VERSION_1_3 endmenu # TLS menu "Ciphersuite configuration" comment "Supported key exchange modes" config MBEDTLS_KEY_EXCHANGE_ALL_ENABLED bool "All available ciphersuite modes" select MBEDTLS_KEY_EXCHANGE_PSK_ENABLED select MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED select MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED select MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED select MBEDTLS_KEY_EXCHANGE_RSA_ENABLED select MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED select MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED select MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED select MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED select MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED select MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED config MBEDTLS_KEY_EXCHANGE_PSK_ENABLED bool "PSK based ciphersuite modes" config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED bool "DHE-PSK based ciphersuite modes" config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED bool "ECDHE-PSK based ciphersuite modes" depends on MBEDTLS_ECDH_C config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED bool "RSA-PSK based ciphersuite modes" config MBEDTLS_PSK_MAX_LEN int "Max size of TLS pre-shared keys" default 32 help Max size of TLS pre-shared keys, in bytes. It has no effect if no PSK key exchange is used. config MBEDTLS_KEY_EXCHANGE_RSA_ENABLED bool "RSA-only based ciphersuite modes" default y if UOSCORE || UEDHOC select MBEDTLS_MD select PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY if PSA_CRYPTO_CLIENT select PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT if PSA_CRYPTO_CLIENT select PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT if PSA_CRYPTO_CLIENT select PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE if PSA_CRYPTO_CLIENT config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED bool "DHE-RSA based ciphersuite modes" config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED bool "ECDHE-RSA based ciphersuite modes" depends on MBEDTLS_ECDH_C config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED bool "ECDHE-ECDSA based ciphersuite modes" depends on MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C || (PSA_WANT_ALG_ECDH && PSA_WANT_ALG_ECDSA) config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED bool "ECDH-ECDSA based ciphersuite modes" depends on (MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C) || (PSA_WANT_ALG_ECDH && PSA_WANT_ALG_ECDSA) config MBEDTLS_ECDSA_DETERMINISTIC bool "Deterministic ECDSA (RFC 6979)" config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED bool "ECDH-RSA based ciphersuite modes" depends on MBEDTLS_ECDH_C config MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED bool "ECJPAKE based ciphersuite modes" depends on MBEDTLS_ECJPAKE_C if MBEDTLS_TLS_VERSION_1_3 config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED bool "TLS 1.3 PSK key exchange mode" config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED bool "TLS 1.3 ephemeral key exchange mode" config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED bool "TLS 1.3 PSK ephemeral key exchange mode" endif # MBEDTLS_TLS_VERSION_1_3 config MBEDTLS_HKDF_C bool "HMAC-based Extract-and-Expand Key Derivation Function" comment "Elliptic curve libraries" config MBEDTLS_ECDH_C bool "Elliptic curve Diffie-Hellman library" depends on MBEDTLS_ECP_C config MBEDTLS_ECDSA_C bool "Elliptic curve DSA library" depends on MBEDTLS_ECP_C config MBEDTLS_ECJPAKE_C bool "Elliptic curve J-PAKE library" depends on MBEDTLS_ECP_C config MBEDTLS_ECP_C bool "Elliptic curve over GF(p) library" default y if UOSCORE || UEDHOC if MBEDTLS_ECP_C comment "Supported elliptic curves" config MBEDTLS_ECP_ALL_ENABLED bool "All available elliptic curves" select MBEDTLS_ECP_DP_SECP192R1_ENABLED select MBEDTLS_ECP_DP_SECP192R1_ENABLED select MBEDTLS_ECP_DP_SECP224R1_ENABLED select MBEDTLS_ECP_DP_SECP256R1_ENABLED select MBEDTLS_ECP_DP_SECP384R1_ENABLED select MBEDTLS_ECP_DP_SECP521R1_ENABLED select MBEDTLS_ECP_DP_SECP192K1_ENABLED select MBEDTLS_ECP_DP_SECP224K1_ENABLED select MBEDTLS_ECP_DP_SECP256K1_ENABLED select MBEDTLS_ECP_DP_BP256R1_ENABLED select MBEDTLS_ECP_DP_BP384R1_ENABLED select MBEDTLS_ECP_DP_BP512R1_ENABLED select MBEDTLS_ECP_DP_CURVE25519_ENABLED select MBEDTLS_ECP_DP_CURVE448_ENABLED select MBEDTLS_ECP_NIST_OPTIM config MBEDTLS_ECP_DP_SECP192R1_ENABLED bool "SECP192R1 elliptic curve" config MBEDTLS_ECP_DP_SECP224R1_ENABLED bool "SECP224R1 elliptic curve" config MBEDTLS_ECP_DP_SECP256R1_ENABLED bool "SECP256R1 elliptic curve" default y if UOSCORE || UEDHOC config MBEDTLS_ECP_DP_SECP384R1_ENABLED bool "SECP384R1 elliptic curve" config MBEDTLS_ECP_DP_SECP521R1_ENABLED bool "SECP521R1 elliptic curve" config MBEDTLS_ECP_DP_SECP192K1_ENABLED bool "SECP192K1 elliptic curve" config MBEDTLS_ECP_DP_SECP224K1_ENABLED bool "SECP224K1 elliptic curve" config MBEDTLS_ECP_DP_SECP256K1_ENABLED bool "SECP256K1 elliptic curve" config MBEDTLS_ECP_DP_BP256R1_ENABLED bool "BP256R1 elliptic curve" config MBEDTLS_ECP_DP_BP384R1_ENABLED bool "BP384R1 elliptic curve" config MBEDTLS_ECP_DP_BP512R1_ENABLED bool "BP512R1 elliptic curve" config MBEDTLS_ECP_DP_CURVE25519_ENABLED bool "CURVE25519 elliptic curve" config MBEDTLS_ECP_DP_CURVE448_ENABLED bool "CURVE448 elliptic curve" config MBEDTLS_ECP_NIST_OPTIM bool "NSIT curves optimization" endif comment "Supported ciphers and cipher modes" config MBEDTLS_CIPHER_ALL_ENABLED bool "All available ciphers and modes" select MBEDTLS_CIPHER_AES_ENABLED select MBEDTLS_CIPHER_CAMELLIA_ENABLED select MBEDTLS_CIPHER_DES_ENABLED select MBEDTLS_CIPHER_CHACHA20_ENABLED select MBEDTLS_CIPHER_CCM_ENABLED select MBEDTLS_CIPHER_GCM_ENABLED select MBEDTLS_CIPHER_MODE_XTS_ENABLED select MBEDTLS_CIPHER_MODE_CBC_ENABLED select MBEDTLS_CIPHER_MODE_CTR_ENABLED select MBEDTLS_CHACHAPOLY_AEAD_ENABLED config MBEDTLS_SOME_AEAD_CIPHER_ENABLED bool default y depends on \ MBEDTLS_CIPHER_AES_ENABLED || \ MBEDTLS_CIPHER_CAMELLIA_ENABLED config MBEDTLS_SOME_CIPHER_ENABLED bool default y depends on \ MBEDTLS_SOME_AEAD_CIPHER_ENABLED || \ MBEDTLS_CIPHER_DES_ENABLED || \ MBEDTLS_CIPHER_CHACHA20_ENABLED config MBEDTLS_CIPHER_AES_ENABLED bool "AES block cipher" if MBEDTLS_CIPHER_AES_ENABLED config MBEDTLS_AES_ROM_TABLES bool "Use precomputed AES tables stored in ROM." config MBEDTLS_AES_FEWER_TABLES bool "Reduce the size of precomputed AES tables by ~6kB" default y depends on MBEDTLS_AES_ROM_TABLES help Reduce the size of the AES tables at a tradeoff of more arithmetic operations at runtime. Specifically 4 table lookups are converted to 1 table lookup, 3 additions and 6 bit shifts. config MBEDTLS_CIPHER_MODE_XTS_ENABLED bool "Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES" endif # MBEDTLS_CIPHER_AES_ENABLED config MBEDTLS_CIPHER_CAMELLIA_ENABLED bool "Camellia block cipher" config MBEDTLS_CIPHER_DES_ENABLED bool "DES block cipher" config MBEDTLS_CIPHER_CHACHA20_ENABLED bool "ChaCha20 stream cipher" if MBEDTLS_SOME_AEAD_CIPHER_ENABLED config MBEDTLS_CIPHER_CCM_ENABLED bool "Counter with CBC-MAC (CCM) mode for 128-bit block cipher" default y if UOSCORE || UEDHOC config MBEDTLS_CIPHER_GCM_ENABLED bool "Galois/Counter Mode (GCM) for symmetric ciphers" endif # MBEDTLS_SOME_AEAD_CIPHER_ENABLED if MBEDTLS_SOME_CIPHER_ENABLED config MBEDTLS_CIPHER_MODE_CBC_ENABLED bool "Cipher Block Chaining mode (CBC) for symmetric ciphers" default y if !NET_L2_OPENTHREAD config MBEDTLS_CIPHER_MODE_CTR_ENABLED bool "Counter Block Cipher mode (CTR) for symmetric ciphers" endif # MBEDTLS_SOME_CIPHER_ENABLED config MBEDTLS_CHACHAPOLY_AEAD_ENABLED bool "ChaCha20-Poly1305 AEAD algorithm" depends on MBEDTLS_CIPHER_CHACHA20_ENABLED && MBEDTLS_POLY1305 config MBEDTLS_CMAC bool "CMAC (Cipher-based Message Authentication Code) mode for block ciphers." depends on MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_DES_ENABLED comment "Supported hash algorithms" config MBEDTLS_HASH_ALL_ENABLED bool "All available MAC methods" select MBEDTLS_MD5 select MBEDTLS_SHA1 select MBEDTLS_SHA224 select MBEDTLS_SHA256 select MBEDTLS_SHA384 select MBEDTLS_SHA512 select MBEDTLS_POLY1305 config MBEDTLS_MD5 bool "MD5 hash algorithm" config MBEDTLS_SHA1 bool "SHA-1 hash algorithm" config MBEDTLS_SHA224 bool "SHA-224 hash algorithm" config MBEDTLS_SHA256 bool "SHA-256 hash algorithm" default y config MBEDTLS_SHA256_SMALLER bool "Smaller SHA-256 implementation" depends on MBEDTLS_SHA256 default y help Enable an implementation of SHA-256 that has a smaller ROM footprint but also lower performance. config MBEDTLS_SHA384 bool "SHA-384 hash algorithm" config MBEDTLS_SHA512 bool "SHA-512 hash algorithm" config MBEDTLS_POLY1305 bool "Poly1305 hash family" endmenu comment "Random number generators" config MBEDTLS_CTR_DRBG_ENABLED bool "CTR_DRBG AES-256-based random generator" depends on MBEDTLS_CIPHER_AES_ENABLED default y config MBEDTLS_HMAC_DRBG_ENABLED bool "HMAC_DRBG random generator" select MBEDTLS_MD comment "Other configurations" config MBEDTLS_CIPHER bool "generic cipher layer." default y if PSA_WANT_ALG_CMAC config MBEDTLS_MD bool "generic message digest layer." config MBEDTLS_GENPRIME_ENABLED bool "prime-number generation code." config MBEDTLS_PEM_CERTIFICATE_FORMAT bool "Support for PEM certificate format" help By default only DER (binary) format of certificates is supported. Enable this option to enable support for PEM format. config MBEDTLS_HAVE_ASM bool "Use of assembly code" default y if !ARM help Enable use of assembly code in mbedTLS. This improves the performances of asymmetric cryptography, however this might have an impact on the code size. config MBEDTLS_ENTROPY_C bool "Mbed TLS entropy accumulator" depends on MBEDTLS_SHA256 || MBEDTLS_SHA384 || MBEDTLS_SHA512 help This module gathers entropy data from enabled entropy sources. It's mostly used in conjunction with CTR_DRBG or HMAC_DRBG to create a deterministic random number generator. config MBEDTLS_ENTROPY_POLL_ZEPHYR bool "Provide entropy data to Mbed TLS through entropy driver or random generator" depends on MBEDTLS_ENTROPY_C help Provide entropy data to the Mbed TLS's entropy module through either an entropy driver (if available in the system) or a generic random number generator. Warning: the latter choice is potentially non secure because it might end up using weaker/test-only sources (ex: random number generator built on system timer). config MBEDTLS_OPENTHREAD_OPTIMIZATIONS_ENABLED bool "MbedTLS optimizations for OpenThread" depends on NET_L2_OPENTHREAD default y if !NET_SOCKETS_SOCKOPT_TLS help Enable some OpenThread specific mbedTLS optimizations that allows to save some RAM/ROM when OpenThread is used. Note, that when application aims to use other mbedTLS services on top of OpenThread (e.g. secure sockets), it's advised to disable this option. config MBEDTLS_USER_CONFIG_ENABLE bool "User mbedTLS config file" help Enable user mbedTLS config file that will be included at the end of the generic config file. config MBEDTLS_USER_CONFIG_FILE string "User configuration file for mbed TLS" if MBEDTLS_USER_CONFIG_ENABLE help User config file that can contain mbedTLS configs that were not covered by the generic config file. config MBEDTLS_SERVER_NAME_INDICATION bool "Support for RFC 6066 server name indication (SNI) in SSL" help Enable this to support RFC 6066 server name indication (SNI) in SSL. This requires that MBEDTLS_X509_CRT_PARSE_C is also set. config MBEDTLS_PK_WRITE_C bool "The generic public (asymmetric) key writer" help Enable generic public key write functions. config MBEDTLS_HAVE_TIME_DATE bool "Date/time validation in mbed TLS" help System has time.h, time(), and an implementation for gmtime_r(). There also need to be a valid time source in the system, as mbedTLS expects a valid date/time for certificate validation." config MBEDTLS_PKCS5_C bool "Password-based encryption functions" select MBEDTLS_MD help Enable PKCS5 functions config MBEDTLS_SSL_CACHE_C bool "SSL session cache support" help "This option enables simple SSL cache implementation (server side)." if MBEDTLS_SSL_CACHE_C config MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT int "Default timeout for SSL cache entires" default 86400 config MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES int "Maximum number of SSL cache entires" default 5 endif # MBEDTLS_SSL_CACHE_C config MBEDTLS_SSL_EXTENDED_MASTER_SECRET bool "(D)TLS Extended Master Secret extension" depends on MBEDTLS_TLS_VERSION_1_2 help Enable support for the (D)TLS Extended Master Secret extension which ensures that master secrets are different for every connection and every session. choice MBEDTLS_PSA_CRYPTO_RNG_SOURCE prompt "Select random source for built-in PSA crypto" depends on MBEDTLS_PSA_CRYPTO_C default MBEDTLS_PSA_CRYPTO_LEGACY_RNG config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG bool "Use a cryptographically secure driver as random source" help Use a cryptographically secure random generator to provide random data instead of legacy Mbed TLS modules. This has a smaller footprint than its legacy counterpart MBEDTLS_PSA_CRYPTO_LEGACY_RNG, but it requires a cryptographically secure random number generator (CSPRNG) to be available in the system. If no CSPRNG is available: - there is no fallback to weak entropy random generators. - the initialization of PSA crypto will fail and none of its API will be available. config MBEDTLS_PSA_CRYPTO_LEGACY_RNG bool "Use legacy modules to generate random data" select MBEDTLS_ENTROPY_C select MBEDTLS_HMAC_DRBG_ENABLED if !MBEDTLS_CTR_DRBG_ENABLED help Use legacy Mbed TLS modules to generate random data. In this configuration the entropy module is used to gather some data and then either ctr_drbg or hmac_drbg are applied on top of it to improve the randomness. Security level in this case really depends on the type of entropy sources which are enabled in the system: if weak entropy sources are used, then the generated data will only be pseudo random. Strong entropy sources are strongly recommended (if possible) to have real random data. Another difference betwen this implementation and the MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG counterpart is the memory footprint: this implementation brings in legacy modules which are not required in the "external" version, so the footprint is larger. endchoice config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG bool "Allow non cryptographically secure random sources (for test only!)" depends on MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG help MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is by default limited to rely only on cryptographically secure random number generators. However, only for test purposes, it might be useful to enable external random number generation, but have it using weak random sources (non cryptographically secure). Warning: this is meant to be enabled only for tests, not in production as the generated values are not cryptographically secure! config MBEDTLS_PSA_CRYPTO_C bool "Platform Security Architecture cryptography API" depends on !BUILD_WITH_TFM default y if UOSCORE || UEDHOC config MBEDTLS_USE_PSA_CRYPTO bool "Use PSA APIs instead of legacy MbedTLS when possible" default y if MBEDTLS_PSA_CRYPTO_CLIENT help Use PSA APIs instead of legacy MbedTLS functions in TLS/DTLS and other "intermediate" modules such as PK, MD and Cipher. config MBEDTLS_PSA_CRYPTO_CLIENT bool default y depends on BUILD_WITH_TFM || MBEDTLS_PSA_CRYPTO_C select PSA_CRYPTO_CLIENT config MBEDTLS_LMS bool "Support LMS signature schemes" depends on MBEDTLS_PSA_CRYPTO_CLIENT depends on MBEDTLS_SHA256 select PSA_WANT_ALG_SHA_256 config MBEDTLS_PSA_P256M_DRIVER_ENABLED bool "P256-M driver" depends on MBEDTLS_PSA_CRYPTO_C imply PSA_WANT_ALG_SHA_256 help Enable support for the optimized sofware implementation of the secp256r1 curve through the standard PSA API. config MBEDTLS_PSA_P256M_DRIVER_RAW bool "Access p256-m driver directly (without PSA interface)" depends on MBEDTLS_PSA_P256M_DRIVER_ENABLED help Allow direct access to the p256-m driver interface. Warning: Usage of this Kconfig option is prohibited in Zephyr's codebase. Users can enable it in case of very memory-constrained devices, but be aware that the p256-m interface is absolutely not guaranted to remain stable over time. config MBEDTLS_SSL_DTLS_CONNECTION_ID bool "DTLS Connection ID extension" depends on MBEDTLS_DTLS help Enable support for the DTLS Connection ID extension which allows to identify DTLS connections across changes in the underlying transport. config MBEDTLS_NIST_KW_C bool "NIST key wrap" depends on MBEDTLS_CIPHER_AES_ENABLED help Key Wrapping mode for 128-bit block ciphers, as defined in NIST SP 800-38F. config MBEDTLS_DHM_C bool "Diffie-Hellman-Merkle mode" help Used by the following key exchanges, DHE-RSA, DHE-PSK config MBEDTLS_X509_CRL_PARSE_C bool "X.509 CRL parsing" help Used by X.509 CRL parsing config MBEDTLS_X509_CSR_WRITE_C bool "X.509 Certificate Signing Requests writing" help For X.509 certificate request writing. config MBEDTLS_X509_CSR_PARSE_C bool "X.509 Certificate Signing Request parsing" help For reading X.509 certificate request. config MBEDTLS_X509_CRT_WRITE_C bool "X.509 certificate creation" endmenu