mirror of
				https://github.com/espressif/esp-idf.git
				synced 2025-10-25 03:22:43 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			569 lines
		
	
	
		
			17 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			569 lines
		
	
	
		
			17 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| menu "mbedTLS"
 | |
| 
 | |
| choice MBEDTLS_MEM_ALLOC_MODE
 | |
|     prompt "Memory allocation strategy"
 | |
|     default MBEDTLS_INTERNAL_MEM_ALLOC
 | |
|     help
 | |
|         Allocation strategy for mbedTLS, essentially provides ability to
 | |
|         allocate all required dynamic allocations from,
 | |
| 
 | |
|             - Internal DRAM memory only
 | |
|             - External SPIRAM memory only
 | |
|             - Either internal or external memory based on default malloc()
 | |
|               behavior in ESP-IDF
 | |
|             - Custom allocation mode, by overwriting calloc()/free() using
 | |
|               mbedtls_platform_set_calloc_free() function
 | |
| 
 | |
|         Recommended mode here is always internal, since that is most preferred
 | |
|         from security perspective. But if application requirement does not
 | |
|         allow sufficient free internal memory then alternate mode can be
 | |
|         selected.
 | |
| 
 | |
| config MBEDTLS_INTERNAL_MEM_ALLOC
 | |
|     bool "Internal memory"
 | |
| 
 | |
| config MBEDTLS_EXTERNAL_MEM_ALLOC
 | |
|     bool "External SPIRAM"
 | |
|     depends on SPIRAM_SUPPORT
 | |
| 
 | |
| config MBEDTLS_DEFAULT_MEM_ALLOC
 | |
|     bool "Default alloc mode"
 | |
| 
 | |
| config MBEDTLS_CUSTOM_MEM_ALLOC
 | |
|     bool "Custom alloc mode"
 | |
| 
 | |
| endchoice #MBEDTLS_MEM_ALLOC_MODE
 | |
| 
 | |
| config MBEDTLS_SSL_MAX_CONTENT_LEN
 | |
|     int "TLS maximum message content length"
 | |
|     default 16384
 | |
|     range 512 16384
 | |
|     depends on !MBEDTLS_ASYMMETRIC_CONTENT_LEN
 | |
|     help
 | |
|         Maximum TLS message length (in bytes) supported by mbedTLS.
 | |
|         
 | |
|         16384 is the default and this value is required to comply
 | |
|         fully with TLS standards.
 | |
|         
 | |
|         However you can set a lower value in order to save RAM. This
 | |
|         is safe if the other end of the connection supports Maximum
 | |
|         Fragment Length Negotiation Extension (max_fragment_length,
 | |
|         see RFC6066) or you know for certain that it will never send a
 | |
|         message longer than a certain number of bytes.
 | |
| 
 | |
|         If the value is set too low, symptoms are a failed TLS
 | |
|         handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD
 | |
|         (-0x7200).
 | |
| 
 | |
| config MBEDTLS_ASYMMETRIC_CONTENT_LEN
 | |
|     bool "Asymmetric in/out fragment length"
 | |
|     default n
 | |
|     help
 | |
|        If enabled, this option allows customizing TLS in/out fragment length
 | |
|        in asymmetric way. Please note that enabling this with default values
 | |
|        saves 12KB of dynamic memory per TLS connection.
 | |
| 
 | |
| config MBEDTLS_SSL_IN_CONTENT_LEN
 | |
|     int "TLS maximum incoming fragment length"
 | |
|     default 16384
 | |
|     range 512 16384
 | |
|     depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN
 | |
|     help
 | |
|         This defines maximum incoming fragment length, overriding default
 | |
|         maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN).
 | |
| 
 | |
| config MBEDTLS_SSL_OUT_CONTENT_LEN
 | |
|     int "TLS maximum outgoing fragment length"
 | |
|     default 4096
 | |
|     range 512 16384
 | |
|     depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN
 | |
|     help
 | |
|         This defines maximum outgoing fragment length, overriding default
 | |
|         maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN).
 | |
| 
 | |
| config MBEDTLS_DEBUG
 | |
|    bool "Enable mbedTLS debugging"
 | |
|    default n
 | |
|    help
 | |
|        Enable mbedTLS debugging functions at compile time.
 | |
| 
 | |
|        If this option is enabled, you can include
 | |
| 	   "mbedtls/esp_debug.h" and call mbedtls_esp_enable_debug_log()
 | |
| 	   at runtime in order to enable mbedTLS debug output via the ESP
 | |
| 	   log mechanism.
 | |
| 
 | |
| config MBEDTLS_HARDWARE_AES
 | |
|    bool "Enable hardware AES acceleration"
 | |
|    default y
 | |
|    help
 | |
|        Enable hardware accelerated AES encryption & decryption.
 | |
| 
 | |
|        Note that if the ESP32 CPU is running at 240MHz, hardware AES does not
 | |
|        offer any speed boost over software AES.
 | |
| 
 | |
| config MBEDTLS_HARDWARE_MPI
 | |
|    bool "Enable hardware MPI (bignum) acceleration"
 | |
|    default n
 | |
|    help
 | |
|        Enable hardware accelerated multiple precision integer operations.
 | |
| 
 | |
|        Hardware accelerated multiplication, modulo multiplication,
 | |
|        and modular exponentiation for up to 4096 bit results.
 | |
| 
 | |
|        These operations are used by RSA.
 | |
| 
 | |
| config MBEDTLS_MPI_USE_INTERRUPT
 | |
|     bool "Use interrupt for MPI operations"
 | |
|     depends on MBEDTLS_HARDWARE_MPI
 | |
|     default n
 | |
|     help
 | |
|         Use an interrupt to coordinate MPI operations.
 | |
| 
 | |
|         This allows other code to run on the CPU while an MPI operation is pending.
 | |
|         Otherwise the CPU busy-waits.
 | |
| 
 | |
| config MBEDTLS_HARDWARE_SHA
 | |
|    bool "Enable hardware SHA acceleration"
 | |
|    default n
 | |
|    help
 | |
|        Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS.
 | |
| 
 | |
|        Due to a hardware limitation, hardware acceleration is only
 | |
|        guaranteed if SHA digests are calculated one at a time. If more
 | |
|        than one SHA digest is calculated at the same time, one will
 | |
|        be calculated fully in hardware and the rest will be calculated
 | |
|        (at least partially calculated) in software. This happens automatically.
 | |
| 
 | |
|        SHA hardware acceleration is faster than software in some situations but
 | |
|        slower in others. You should benchmark to find the best setting for you.
 | |
| 
 | |
| config MBEDTLS_HAVE_TIME
 | |
|    bool "Enable mbedtls time"
 | |
|    depends on !ESP32_TIME_SYSCALL_USE_NONE
 | |
|    default y
 | |
|    help
 | |
|        System has time.h and time().
 | |
|        The time does not need to be correct, only time differences are used,
 | |
| 
 | |
| config MBEDTLS_HAVE_TIME_DATE
 | |
|    bool "Enable mbedtls certificate expiry check"
 | |
|    depends on MBEDTLS_HAVE_TIME
 | |
|    default n
 | |
|    help
 | |
|        System has time.h and time(), gmtime() and the clock is correct.
 | |
|        The time needs to be correct (not necesarily very accurate, but at least
 | |
|        the date should be correct). This is used to verify the validity period of
 | |
|        X.509 certificates.
 | |
| 
 | |
|        It is suggested that you should get the real time by "SNTP".
 | |
| 
 | |
| choice MBEDTLS_TLS_MODE
 | |
|     bool "TLS Protocol Role"
 | |
|     default MBEDTLS_TLS_SERVER_AND_CLIENT
 | |
|     help
 | |
|         mbedTLS can be compiled with protocol support for the TLS
 | |
|         server, TLS client, or both server and client.
 | |
| 
 | |
|         Reducing the number of TLS roles supported saves code size.
 | |
| 
 | |
| config MBEDTLS_TLS_SERVER_AND_CLIENT
 | |
|     bool "Server & Client"
 | |
|     select MBEDTLS_TLS_SERVER
 | |
|     select MBEDTLS_TLS_CLIENT
 | |
| config MBEDTLS_TLS_SERVER_ONLY
 | |
|     bool "Server"
 | |
|     select MBEDTLS_TLS_SERVER
 | |
| config MBEDTLS_TLS_CLIENT_ONLY
 | |
|     bool "Client"
 | |
|     select MBEDTLS_TLS_CLIENT
 | |
| config MBEDTLS_TLS_DISABLED
 | |
|     bool "None"
 | |
| 
 | |
| endchoice
 | |
| 
 | |
| config MBEDTLS_TLS_SERVER
 | |
|     bool
 | |
|     select MBEDTLS_TLS_ENABLED
 | |
| config MBEDTLS_TLS_CLIENT
 | |
|     bool
 | |
|     select MBEDTLS_TLS_ENABLED
 | |
| config MBEDTLS_TLS_ENABLED
 | |
|     bool
 | |
| 
 | |
| menu "TLS Key Exchange Methods"
 | |
|    depends on MBEDTLS_TLS_ENABLED
 | |
| 
 | |
| config MBEDTLS_PSK_MODES
 | |
|    bool "Enable pre-shared-key ciphersuites"
 | |
|    default n
 | |
|    help
 | |
|        Enable to show configuration for different types of pre-shared-key TLS authentatication methods.
 | |
| 
 | |
|        Leaving this options disabled will save code size if they are not used.
 | |
| 
 | |
| config MBEDTLS_KEY_EXCHANGE_PSK
 | |
|    bool "Enable PSK based ciphersuite modes"
 | |
|    depends on MBEDTLS_PSK_MODES
 | |
|    default n
 | |
|    help
 | |
|        Enable to support symmetric key PSK (pre-shared-key) TLS key exchange modes.
 | |
| 
 | |
| config MBEDTLS_KEY_EXCHANGE_DHE_PSK
 | |
|    bool "Enable DHE-PSK based ciphersuite modes"
 | |
|    depends on MBEDTLS_PSK_MODES
 | |
|    default y
 | |
|    help
 | |
|        Enable to support Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.
 | |
| 
 | |
| config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
 | |
|    bool "Enable ECDHE-PSK based ciphersuite modes"
 | |
|    depends on MBEDTLS_PSK_MODES
 | |
|    default y
 | |
|    help
 | |
|        Enable to support Elliptic-Curve-Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.
 | |
| 
 | |
| config MBEDTLS_KEY_EXCHANGE_RSA_PSK
 | |
|    bool "Enable RSA-PSK based ciphersuite modes"
 | |
|    depends on MBEDTLS_PSK_MODES
 | |
|    default y
 | |
|    help
 | |
|        Enable to support RSA PSK (pre-shared-key) TLS authentication modes.
 | |
| 
 | |
| config MBEDTLS_KEY_EXCHANGE_RSA
 | |
|    bool "Enable RSA-only based ciphersuite modes"
 | |
|    default y
 | |
|    help
 | |
|        Enable to support ciphersuites with prefix TLS-RSA-WITH-
 | |
| 
 | |
| config MBEDTLS_KEY_EXCHANGE_DHE_RSA
 | |
|    bool "Enable DHE-RSA based ciphersuite modes"
 | |
|    default y
 | |
|    help
 | |
|        Enable to support ciphersuites with prefix TLS-DHE-RSA-WITH-
 | |
| 
 | |
| config MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE
 | |
|    bool "Support Elliptic Curve based ciphersuites"
 | |
|    depends on MBEDTLS_ECP_C
 | |
|    default y
 | |
|    help
 | |
|        Enable to show Elliptic Curve based ciphersuite mode options.
 | |
| 
 | |
|        Disabling all Elliptic Curve ciphersuites saves code size and
 | |
|        can give slightly faster TLS handshakes, provided the server supports
 | |
|        RSA-only ciphersuite modes.
 | |
| 
 | |
| config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
 | |
|    bool "Enable ECDHE-RSA based ciphersuite modes"
 | |
|    depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C
 | |
|    default y
 | |
|    help
 | |
|        Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
 | |
| 
 | |
| config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
 | |
|    bool "Enable ECDHE-ECDSA based ciphersuite modes"
 | |
|    depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
 | |
|    default y
 | |
|    help
 | |
|        Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
 | |
| 
 | |
| config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
 | |
|    bool "Enable ECDH-ECDSA based ciphersuite modes"
 | |
|    depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
 | |
|    default y
 | |
|    help
 | |
|        Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
 | |
| 
 | |
| config MBEDTLS_KEY_EXCHANGE_ECDH_RSA
 | |
|    bool "Enable ECDH-RSA based ciphersuite modes"
 | |
|    depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C
 | |
|    default y
 | |
|    help
 | |
|        Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
 | |
| 
 | |
| endmenu # TLS key exchange modes
 | |
| 
 | |
| config MBEDTLS_SSL_RENEGOTIATION
 | |
|    bool "Support TLS renegotiation"
 | |
|    depends on MBEDTLS_TLS_ENABLED
 | |
|    default y
 | |
|    help
 | |
|        The two main uses of renegotiation are (1) refresh keys on long-lived
 | |
|        connections and (2) client authentication after the initial handshake.
 | |
|        If you don't need renegotiation, disabling it will save code size and
 | |
|        reduce the possibility of abuse/vulnerability.
 | |
| 
 | |
| config MBEDTLS_SSL_PROTO_SSL3
 | |
|    bool "Legacy SSL 3.0 support"
 | |
|    depends on MBEDTLS_TLS_ENABLED
 | |
|    default n
 | |
|    help
 | |
|        Support the legacy SSL 3.0 protocol. Most servers will speak a newer
 | |
|        TLS protocol these days.
 | |
| 
 | |
| config MBEDTLS_SSL_PROTO_TLS1
 | |
|    bool "Support TLS 1.0 protocol"
 | |
|    depends on MBEDTLS_TLS_ENABLED
 | |
|    default y
 | |
| 
 | |
| config MBEDTLS_SSL_PROTO_TLS1_1
 | |
|    bool "Support TLS 1.1 protocol"
 | |
|    depends on MBEDTLS_TLS_ENABLED
 | |
|    default y
 | |
| 
 | |
| config MBEDTLS_SSL_PROTO_TLS1_2
 | |
|    bool "Support TLS 1.2 protocol"
 | |
|    depends on MBEDTLS_TLS_ENABLED
 | |
|    default y
 | |
| 
 | |
| config MBEDTLS_SSL_PROTO_DTLS
 | |
|    bool "Support DTLS protocol (all versions)"
 | |
|    default n
 | |
|    depends on MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2
 | |
|    help
 | |
|        Requires TLS 1.1 to be enabled for DTLS 1.0
 | |
|        Requires TLS 1.2 to be enabled for DTLS 1.2
 | |
| 
 | |
| config MBEDTLS_SSL_ALPN
 | |
|    bool "Support ALPN (Application Layer Protocol Negotiation)"
 | |
|    depends on MBEDTLS_TLS_ENABLED
 | |
|    default y
 | |
|    help
 | |
|        Disabling this option will save some code size if it is not needed.
 | |
| 
 | |
| config MBEDTLS_SSL_SESSION_TICKETS
 | |
|    bool "TLS: Support RFC 5077 SSL session tickets"
 | |
|    default y
 | |
|    depends on MBEDTLS_TLS_ENABLED
 | |
|    help
 | |
|        Support RFC 5077 session tickets. See mbedTLS documentation for more details.
 | |
| 
 | |
|        Disabling this option will save some code size.
 | |
| 
 | |
| menu "Symmetric Ciphers"
 | |
| 
 | |
| config MBEDTLS_AES_C
 | |
|    bool "AES block cipher"
 | |
|    default y
 | |
| 
 | |
| config MBEDTLS_CAMELLIA_C
 | |
|    bool "Camellia block cipher"
 | |
|    default n
 | |
| 
 | |
| config MBEDTLS_DES_C
 | |
|    bool "DES block cipher (legacy, insecure)"
 | |
|    default n
 | |
|    help
 | |
|        Enables the DES block cipher to support 3DES-based TLS ciphersuites.
 | |
| 
 | |
|        3DES is vulnerable to the Sweet32 attack and should only be enabled
 | |
|        if absolutely necessary.
 | |
| 
 | |
| choice MBEDTLS_RC4_MODE
 | |
|     prompt "RC4 Stream Cipher (legacy, insecure)"
 | |
|     default MBEDTLS_RC4_DISABLED
 | |
|     help
 | |
|         ARCFOUR (RC4) stream cipher can be disabled entirely, enabled but not
 | |
|         added to default ciphersuites, or enabled completely.
 | |
| 
 | |
|         Please consider the security implications before enabling RC4.
 | |
| 
 | |
| config MBEDTLS_RC4_DISABLED
 | |
|     bool "Disabled"
 | |
| config MBEDTLS_RC4_ENABLED_NO_DEFAULT
 | |
|     bool "Enabled, not in default ciphersuites"
 | |
| config MBEDTLS_RC4_ENABLED
 | |
|     bool "Enabled"
 | |
| endchoice
 | |
| 
 | |
| config MBEDTLS_BLOWFISH_C
 | |
|     bool "Blowfish block cipher (read help)"
 | |
|     default n
 | |
|     help
 | |
|         Enables the Blowfish block cipher (not used for TLS sessions.)
 | |
| 
 | |
|         The Blowfish cipher is not used for mbedTLS TLS sessions but can be
 | |
|         used for other purposes. Read up on the limitations of Blowfish (including
 | |
|         Sweet32) before enabling.
 | |
| 
 | |
| config MBEDTLS_XTEA_C
 | |
|     bool "XTEA block cipher"
 | |
|     default n
 | |
|     help
 | |
|         Enables the XTEA block cipher.
 | |
| 
 | |
| 
 | |
| config MBEDTLS_CCM_C
 | |
|     bool "CCM (Counter with CBC-MAC) block cipher modes"
 | |
|     default y
 | |
|     depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
 | |
|     help
 | |
|         Enable Counter with CBC-MAC (CCM) modes for AES and/or Camellia ciphers.
 | |
| 
 | |
|         Disabling this option saves some code size.
 | |
| 
 | |
| config MBEDTLS_GCM_C
 | |
|     bool "GCM (Galois/Counter) block cipher modes"
 | |
|     default y
 | |
|     depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
 | |
|     help
 | |
|         Enable Galois/Counter Mode for AES and/or Camellia ciphers.
 | |
| 
 | |
|         This option is generally faster than CCM.
 | |
| 
 | |
| endmenu # Symmetric Ciphers
 | |
| 
 | |
| config MBEDTLS_RIPEMD160_C
 | |
|     bool "Enable RIPEMD-160 hash algorithm"
 | |
|     default n
 | |
|     help
 | |
|         Enable the RIPEMD-160 hash algorithm.
 | |
| 
 | |
| menu "Certificates"
 | |
| 
 | |
| config MBEDTLS_PEM_PARSE_C
 | |
|     bool "Read & Parse PEM formatted certificates"
 | |
|     default y
 | |
|     help
 | |
|         Enable decoding/parsing of PEM formatted certificates.
 | |
| 
 | |
|         If your certificates are all in the simpler DER format, disabling
 | |
|         this option will save some code size.
 | |
| 
 | |
| config MBEDTLS_PEM_WRITE_C
 | |
|     bool "Write PEM formatted certificates"
 | |
|     default y
 | |
|     help
 | |
|         Enable writing of PEM formatted certificates.
 | |
| 
 | |
|         If writing certificate data only in DER format, disabling this
 | |
|         option will save some code size.
 | |
| 
 | |
| config MBEDTLS_X509_CRL_PARSE_C
 | |
|     bool "X.509 CRL parsing"
 | |
|     default y
 | |
|     help
 | |
|         Support for parsing X.509 Certifificate Revocation Lists.
 | |
| 
 | |
| config MBEDTLS_X509_CSR_PARSE_C
 | |
|     bool "X.509 CSR parsing"
 | |
|     default y
 | |
|     help
 | |
|         Support for parsing X.509 Certifificate Signing Requests
 | |
| 
 | |
| endmenu # Certificates
 | |
| 
 | |
| menuconfig MBEDTLS_ECP_C
 | |
|     bool  "Elliptic Curve Ciphers"
 | |
|     default y
 | |
| 
 | |
| config MBEDTLS_ECDH_C
 | |
|     bool "Elliptic Curve Diffie-Hellman (ECDH)"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         Enable ECDH. Needed to use ECDHE-xxx TLS ciphersuites.
 | |
| 
 | |
| config MBEDTLS_ECDSA_C
 | |
|     bool "Elliptic Curve DSA"
 | |
|     depends on MBEDTLS_ECDH_C
 | |
|     default y
 | |
|     help
 | |
|         Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites.
 | |
| 
 | |
| config MBEDTLS_ECP_DP_SECP192R1_ENABLED
 | |
|     bool "Enable SECP192R1 curve"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         Enable support for SECP192R1 Elliptic Curve.
 | |
| 
 | |
| config MBEDTLS_ECP_DP_SECP224R1_ENABLED
 | |
|     bool "Enable SECP224R1 curve"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         Enable support for SECP224R1 Elliptic Curve.
 | |
| 
 | |
| config MBEDTLS_ECP_DP_SECP256R1_ENABLED
 | |
|     bool "Enable SECP256R1 curve"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         Enable support for SECP256R1 Elliptic Curve.
 | |
| 
 | |
| config MBEDTLS_ECP_DP_SECP384R1_ENABLED
 | |
|     bool "Enable SECP384R1 curve"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         Enable support for SECP384R1 Elliptic Curve.
 | |
| 
 | |
| config MBEDTLS_ECP_DP_SECP521R1_ENABLED
 | |
|     bool "Enable SECP521R1 curve"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         Enable support for SECP521R1 Elliptic Curve.
 | |
| 
 | |
| config MBEDTLS_ECP_DP_SECP192K1_ENABLED
 | |
|     bool "Enable SECP192K1 curve"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         Enable support for SECP192K1 Elliptic Curve.
 | |
| 
 | |
| config MBEDTLS_ECP_DP_SECP224K1_ENABLED
 | |
|     bool "Enable SECP224K1 curve"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         Enable support for SECP224K1 Elliptic Curve.
 | |
| 
 | |
| config MBEDTLS_ECP_DP_SECP256K1_ENABLED
 | |
|     bool "Enable SECP256K1 curve"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         Enable support for SECP256K1 Elliptic Curve.
 | |
| 
 | |
| config MBEDTLS_ECP_DP_BP256R1_ENABLED
 | |
|     bool "Enable BP256R1 curve"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         support for DP Elliptic Curve.
 | |
| 
 | |
| config MBEDTLS_ECP_DP_BP384R1_ENABLED
 | |
|     bool "Enable BP384R1 curve"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         support for DP Elliptic Curve.
 | |
| 
 | |
| config MBEDTLS_ECP_DP_BP512R1_ENABLED
 | |
|     bool "Enable BP512R1 curve"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         support for DP Elliptic Curve.
 | |
| 
 | |
| config MBEDTLS_ECP_DP_CURVE25519_ENABLED
 | |
|     bool "Enable CURVE25519 curve"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         Enable support for CURVE25519 Elliptic Curve.
 | |
| 
 | |
| config MBEDTLS_ECP_NIST_OPTIM
 | |
|     bool "NIST 'modulo p' optimisations"
 | |
|     depends on MBEDTLS_ECP_C
 | |
|     default y
 | |
|     help
 | |
|         NIST 'modulo p' optimisations increase Elliptic Curve operation performance.
 | |
| 
 | |
|         Disabling this option saves some code size.
 | |
| 
 | |
| # end of Elliptic Curve options
 | |
| 
 | |
| endmenu  # mbedTLS
 | 
