mirror of
https://github.com/espressif/esp-idf.git
synced 2025-08-25 17:58:46 +00:00
200 lines
5.8 KiB
Plaintext
200 lines
5.8 KiB
Plaintext
#
|
|
# mbedTLS Default Configuration Preset
|
|
#
|
|
|
|
# Core Configuration
|
|
CONFIG_MBEDTLS_FS_IO=y
|
|
CONFIG_MBEDTLS_THREADING_C=n
|
|
CONFIG_MBEDTLS_ERROR_STRINGS=y
|
|
CONFIG_MBEDTLS_VERSION_C=n
|
|
CONFIG_MBEDTLS_HAVE_TIME=y
|
|
CONFIG_MBEDTLS_PLATFORM_TIME_ALT=n
|
|
CONFIG_MBEDTLS_HAVE_TIME_DATE=n
|
|
CONFIG_MBEDTLS_BIGNUM_C=y
|
|
CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC=y
|
|
CONFIG_MBEDTLS_EXTERNAL_MEM_ALLOC=n
|
|
CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=n
|
|
CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC=n
|
|
CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
|
|
CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
|
|
CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
|
|
CONFIG_MBEDTLS_DYNAMIC_BUFFER=n
|
|
CONFIG_MBEDTLS_VERSION_FEATURES=n
|
|
CONFIG_MBEDTLS_DEBUG=n
|
|
CONFIG_MBEDTLS_SELF_TEST=y
|
|
|
|
# Certificates
|
|
CONFIG_MBEDTLS_ALLOW_WEAK_CERTIFICATE_VERIFICATION=n
|
|
CONFIG_MBEDTLS_X509_USE_C=y
|
|
CONFIG_MBEDTLS_PEM_PARSE_C=y
|
|
CONFIG_MBEDTLS_PEM_WRITE_C=y
|
|
CONFIG_MBEDTLS_PK_C=y
|
|
CONFIG_MBEDTLS_PK_PARSE_C=y
|
|
CONFIG_MBEDTLS_PK_WRITE_C=y
|
|
CONFIG_MBEDTLS_X509_REMOVE_INFO=n
|
|
CONFIG_MBEDTLS_X509_CRL_PARSE_C=y
|
|
CONFIG_MBEDTLS_X509_CRT_PARSE_C=y
|
|
CONFIG_MBEDTLS_X509_CSR_PARSE_C=y
|
|
CONFIG_MBEDTLS_X509_CREATE_C=n
|
|
CONFIG_MBEDTLS_X509_CRT_WRITE_C=y
|
|
CONFIG_MBEDTLS_X509_CSR_WRITE_C=y
|
|
CONFIG_MBEDTLS_X509_RSASSA_PSS_SUPPORT=y
|
|
CONFIG_MBEDTLS_X509_TRUSTED_CERT_CALLBACK=n
|
|
CONFIG_MBEDTLS_ASN1_PARSE_C=y
|
|
CONFIG_MBEDTLS_ASN1_WRITE_C=y
|
|
CONFIG_MBEDTLS_OID_C=y
|
|
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y
|
|
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
|
|
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE=n
|
|
CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=n
|
|
|
|
# TLS Protocol Configuration
|
|
CONFIG_MBEDTLS_TLS_ENABLED=y
|
|
CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
|
|
CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=y
|
|
CONFIG_MBEDTLS_TLS_SERVER_ONLY=n
|
|
CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
|
|
CONFIG_MBEDTLS_TLS_DISABLED=n
|
|
CONFIG_MBEDTLS_TLS_SERVER=y
|
|
CONFIG_MBEDTLS_TLS_CLIENT=y
|
|
CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY=1
|
|
CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n
|
|
CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION=n
|
|
CONFIG_MBEDTLS_SSL_CACHE_C=n
|
|
CONFIG_MBEDTLS_SSL_ALL_ALERT_MESSAGES=n
|
|
|
|
# TLS 1.2 Configuration
|
|
CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=y
|
|
|
|
# TLS 1.3 Configuration
|
|
CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y
|
|
|
|
# TLS Key Exchange Configuration
|
|
CONFIG_MBEDTLS_PSK_MODES=n
|
|
CONFIG_MBEDTLS_KEY_EXCHANGE_PSK=n
|
|
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK=n
|
|
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK=n
|
|
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=y
|
|
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=y
|
|
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA=y
|
|
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=y
|
|
CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE=y
|
|
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA=y
|
|
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=y
|
|
CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y
|
|
CONFIG_MBEDTLS_SSL_ALPN=y
|
|
CONFIG_MBEDTLS_SSL_MAX_FRAGMENT_LENGTH=y
|
|
CONFIG_MBEDTLS_SSL_RECORD_SIZE_LIMIT=n
|
|
CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=n
|
|
CONFIG_MBEDTLS_SSL_RENEGOTIATION=y
|
|
CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y
|
|
CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=y
|
|
|
|
# DTLS Protocol Configuration
|
|
CONFIG_MBEDTLS_SSL_PROTO_DTLS=n
|
|
|
|
# Cipher Abstraction Layer
|
|
CONFIG_MBEDTLS_CIPHER_C=n
|
|
|
|
# Symmetric Ciphers
|
|
CONFIG_MBEDTLS_AES_C=y
|
|
CONFIG_MBEDTLS_CAMELLIA_C=n
|
|
CONFIG_MBEDTLS_ARIA_C=y
|
|
CONFIG_MBEDTLS_DES_C=n
|
|
CONFIG_MBEDTLS_BLOWFISH_C=n
|
|
CONFIG_MBEDTLS_XTEA_C=n
|
|
CONFIG_MBEDTLS_CCM_C=y
|
|
CONFIG_MBEDTLS_CIPHER_MODE_CBC=y
|
|
CONFIG_MBEDTLS_CIPHER_MODE_CFB=y
|
|
CONFIG_MBEDTLS_CIPHER_MODE_CTR=y
|
|
CONFIG_MBEDTLS_CIPHER_MODE_OFB=y
|
|
CONFIG_MBEDTLS_CIPHER_MODE_XTS=y
|
|
CONFIG_MBEDTLS_GCM_C=y
|
|
CONFIG_MBEDTLS_NIST_KW_C=n
|
|
CONFIG_MBEDTLS_CIPHER_PADDING=y
|
|
CONFIG_MBEDTLS_CIPHER_PADDING_PKCS7=y
|
|
CONFIG_MBEDTLS_PKCS5_C=y
|
|
CONFIG_MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS=y
|
|
CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN=y
|
|
CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS=y
|
|
CONFIG_MBEDTLS_AES_ROM_TABLES=y
|
|
CONFIG_MBEDTLS_AES_FEWER_TABLES=n
|
|
CONFIG_MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH=n
|
|
CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC=n
|
|
CONFIG_MBEDTLS_CMAC_C=y
|
|
|
|
# Asymmetric Ciphers
|
|
CONFIG_MBEDTLS_RSA_C=y
|
|
|
|
# Elliptic Curve Ciphers Configuration
|
|
CONFIG_MBEDTLS_ECP_C=y
|
|
CONFIG_MBEDTLS_ECP_NIST_OPTIM=y
|
|
CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM=n
|
|
CONFIG_MBEDTLS_DHM_C=y
|
|
CONFIG_MBEDTLS_ECDH_C=y
|
|
CONFIG_MBEDTLS_ECJPAKE_C=n
|
|
CONFIG_MBEDTLS_ECDSA_C=y
|
|
CONFIG_MBEDTLS_PK_PARSE_EC_EXTENDED=y
|
|
CONFIG_MBEDTLS_PK_PARSE_EC_COMPRESSED=y
|
|
CONFIG_MBEDTLS_ECDSA_DETERMINISTIC=y
|
|
CONFIG_MBEDTLS_ECP_RESTARTABLE=n
|
|
CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED=y
|
|
CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED=y
|
|
CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
|
|
CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=y
|
|
CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=y
|
|
CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED=y
|
|
CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED=y
|
|
CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED=y
|
|
CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED=y
|
|
CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=y
|
|
CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=y
|
|
CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED=y
|
|
|
|
# Hash functions
|
|
CONFIG_MBEDTLS_MD_C=y
|
|
CONFIG_MBEDTLS_ROM_MD5=y
|
|
CONFIG_MBEDTLS_SHA256_C=y
|
|
CONFIG_MBEDTLS_SHA1_C=y
|
|
CONFIG_MBEDTLS_SHA384_C=y
|
|
CONFIG_MBEDTLS_SHA512_C=y
|
|
CONFIG_MBEDTLS_MD5_C=y
|
|
CONFIG_MBEDTLS_SHA3_C=n
|
|
|
|
CONFIG_MBEDTLS_HARDWARE_SHA=y
|
|
CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER=y
|
|
CONFIG_MBEDTLS_HARDWARE_AES=y
|
|
CONFIG_MBEDTLS_AES_USE_INTERRUPT=y
|
|
CONFIG_MBEDTLS_AES_INTERRUPT_LEVEL=0
|
|
CONFIG_MBEDTLS_PK_RSA_ALT_SUPPORT=y
|
|
CONFIG_MBEDTLS_HARDWARE_MPI=y
|
|
# CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI=n
|
|
CONFIG_MBEDTLS_MPI_USE_INTERRUPT=y
|
|
CONFIG_MBEDTLS_MPI_INTERRUPT_LEVEL=0
|
|
CONFIG_MBEDTLS_HARDWARE_ECC=y
|
|
CONFIG_MBEDTLS_ECC_OTHER_CURVES_SOFT_FALLBACK=y
|
|
CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN=n
|
|
CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY=y
|
|
CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN=n
|
|
CONFIG_MBEDTLS_ATCA_HW_ECDSA_VERIFY=n
|
|
|
|
CONFIG_MBEDTLS_PKCS7_C=y
|
|
CONFIG_MBEDTLS_PKCS12_C=y
|
|
CONFIG_MBEDTLS_PKCS1_V15=y
|
|
CONFIG_MBEDTLS_PKCS1_V21=y
|
|
|
|
CONFIG_MBEDTLS_ENTROPY_C=y
|
|
CONFIG_MBEDTLS_ENTROPY_FORCE_SHA256=n
|
|
CONFIG_MBEDTLS_CTR_DRBG_C=y
|
|
CONFIG_MBEDTLS_HMAC_DRBG_C=y
|
|
|
|
CONFIG_MBEDTLS_BASE64_C=y
|
|
|
|
CONFIG_MBEDTLS_CHACHA20_C=n
|
|
CONFIG_MBEDTLS_POLY1305_C=n
|
|
CONFIG_MBEDTLS_HKDF_C=n
|
|
|
|
#
|
|
# End of mbedTLS Minimal Configuration Preset
|
|
#
|