From 24036483d2540017a1c87178b3ca7faf82df956d Mon Sep 17 00:00:00 2001 From: Wang Qixiang <43193572+wqx6@users.noreply.github.com> Date: Tue, 23 May 2023 21:02:43 +0800 Subject: [PATCH] ESP32: Use mbedtls component in IDF (#26608) * ESP32: use mbedtls config in IDF * esp32: remove esp32_mbedtls component --- config/esp32/components/chip/CMakeLists.txt | 75 +- .../components/esp32_mbedtls/CMakeLists.txt | 3 - config/esp32/components/esp32_mbedtls/hkdf.c | 191 -- .../esp32_mbedtls/mbedtls/esp_config.h | 2345 ----------------- .../all-clusters-app/esp32/sdkconfig.defaults | 3 + .../esp32/sdkconfig_c3devkit.defaults | 3 + .../esp32/sdkconfig_m5stack.defaults | 5 +- .../esp32/sdkconfig_m5stack_rpc.defaults | 5 +- .../esp32/sdkconfig.defaults | 3 + .../esp32/sdkconfig_c3devkit.defaults | 3 + .../esp32/sdkconfig_m5stack.defaults | 5 +- .../esp32/sdkconfig_m5stack_rpc.defaults | 5 +- examples/bridge-app/esp32/sdkconfig.defaults | 3 + examples/chef/esp32/main/CMakeLists.txt | 2 +- examples/chef/esp32/sdkconfig.defaults | 3 + examples/chef/esp32/sdkconfig_rpc.defaults | 3 + .../light-switch-app/esp32/sdkconfig.defaults | 3 + .../lighting-app/esp32/sdkconfig.defaults | 3 + .../esp32/sdkconfig.optimize.defaults | 2 + .../esp32/sdkconfig_m5stack.defaults | 3 + examples/lock-app/esp32/sdkconfig.defaults | 3 + .../ota-provider-app/esp32/sdkconfig.defaults | 3 + .../esp32/sdkconfig.defaults | 3 + .../esp32/sdkconfig_m5stack.defaults | 3 + .../esp32/sdkconfig_m5stack_rpc.defaults | 3 + .../esp32/sdkconfig_rpc.defaults | 5 +- .../esp32/sdkconfig.defaults | 3 + examples/pigweed-app/esp32/sdkconfig.defaults | 3 + examples/shell/esp32/main/CMakeLists.txt | 2 +- .../esp32/sdkconfig.defaults | 3 + .../esp32/sdkconfig.optimize.defaults | 3 + .../esp32/sdkconfig_rpc.defaults | 5 +- src/test_driver/esp32/sdkconfig.defaults | 3 + src/test_driver/esp32/sdkconfig_qemu.defaults | 3 + 34 files changed, 154 insertions(+), 2559 deletions(-) delete mode 100644 config/esp32/components/esp32_mbedtls/CMakeLists.txt delete mode 100644 config/esp32/components/esp32_mbedtls/hkdf.c delete mode 100644 config/esp32/components/esp32_mbedtls/mbedtls/esp_config.h diff --git a/config/esp32/components/chip/CMakeLists.txt b/config/esp32/components/chip/CMakeLists.txt index 6f30e30e297e34..b064a89d572d6b 100644 --- a/config/esp32/components/chip/CMakeLists.txt +++ b/config/esp32/components/chip/CMakeLists.txt @@ -332,22 +332,17 @@ target_include_directories(${COMPONENT_LIB} INTERFACE "${CHIP_ROOT}/config/esp32/${CONFIG_CHIP_EXTERNAL_PLATFORM_DIR}/../../" ) -idf_component_get_property(esp32_mbedtls_lib esp32_mbedtls COMPONENT_LIB) +idf_component_get_property(mbedtls_lib mbedtls COMPONENT_LIB) + +idf_build_get_property(idf_target IDF_TARGET) +set(target_name "${idf_target}") if(CONFIG_BT_ENABLED) idf_component_get_property(bt_lib bt COMPONENT_LIB) - if("${CONFIG_IDF_TARGET}" STREQUAL "esp32h2") - idf_component_get_property(bt_dir bt COMPONENT_DIR) - list(APPEND chip_libraries $) - list(APPEND chip_libraries ${bt_dir}/controller/lib_esp32h2/esp32h2-bt-lib/libble_app.a) - elseif("${CONFIG_IDF_TARGET}" STREQUAL "esp32c2") + if((target_name STREQUAL "esp32h2") OR (target_name STREQUAL "esp32c2") OR (target_name STREQUAL "esp32c6")) idf_component_get_property(bt_dir bt COMPONENT_DIR) list(APPEND chip_libraries $) - list(APPEND chip_libraries ${bt_dir}/controller/lib_esp32c2/esp32c2-bt-lib/libble_app.a) - elseif("${CONFIG_IDF_TARGET}" STREQUAL "esp32c6") - idf_component_get_property(bt_dir bt COMPONENT_DIR) - list(APPEND chip_libraries $) - list(APPEND chip_libraries ${bt_dir}/controller/lib_esp32c6/esp32c6-bt-lib/libble_app.a) + list(APPEND chip_libraries "${bt_dir}/controller/lib_${target_name}/${target_name}-bt-lib/libble_app.a") else() list(APPEND chip_libraries $ -lbtdm_app) endif() @@ -383,9 +378,65 @@ if (CONFIG_SEC_CERT_DAC_PROVIDER) list(APPEND chip_libraries $) endif() +idf_component_get_property(lwip_lib lwip COMPONENT_LIB) +list(APPEND chip_libraries $) + + +if (CONFIG_ESP_WIFI_ENABLED) + idf_component_get_property(esp_wifi_lib esp_wifi COMPONENT_LIB) + idf_component_get_property(esp_wifi_dir esp_wifi COMPONENT_DIR) + list(APPEND chip_libraries $) + if (CONFIG_IDF_TARGET_ESP32C2) + set(blobs core net80211 pp) + else() + set(blobs core mesh net80211 pp) + endif() + + foreach(blob ${blobs}) + list(APPEND chip_libraries "${esp_wifi_dir}/lib/${target_name}/lib${blob}.a") + endforeach() +endif() + +idf_component_get_property(esp_netif_lib esp_netif COMPONENT_LIB) +list(APPEND chip_libraries $) + +idf_component_get_property(esp_hw_support_lib esp_hw_support COMPONENT_LIB) +list(APPEND chip_libraries $) + +idf_component_get_property(esp_phy_lib esp_phy COMPONENT_LIB) +idf_component_get_property(esp_phy_dir esp_phy COMPONENT_DIR) +list(APPEND chip_libraries $) + +if (CONFIG_IDF_TARGET_ESP32) + set(phy_blobs phy rtc) +elseif (CONFIG_IDF_TARGET_ESP32S2) + set(phy_blobs phy) +else() + set(phy_blobs phy btbb) +endif() +foreach(phy_blob ${phy_blobs}) + list(APPEND chip_libraries "${esp_phy_dir}/lib/${target_name}/lib${phy_blob}.a") +endforeach() + +idf_component_get_property(esp_event_lib esp_event COMPONENT_LIB) +list(APPEND chip_libraries $) + +idf_component_get_property(hal_lib hal COMPONENT_LIB) +list(APPEND chip_libraries $) + +idf_component_get_property(esp_system_lib esp_system COMPONENT_LIB) +list(APPEND chip_libraries $) + +idf_component_get_property(soc_lib soc COMPONENT_LIB) +list(APPEND chip_libraries $) + +idf_component_get_property(efuse_lib efuse COMPONENT_LIB) +list(APPEND chip_libraries $) + target_link_libraries(${COMPONENT_LIB} INTERFACE -Wl,--start-group ${chip_libraries} - $ $ + $ $ + $ -Wl,--end-group) # Make the component dependent on our CHIP build diff --git a/config/esp32/components/esp32_mbedtls/CMakeLists.txt b/config/esp32/components/esp32_mbedtls/CMakeLists.txt deleted file mode 100644 index 1e5382bbad0e0c..00000000000000 --- a/config/esp32/components/esp32_mbedtls/CMakeLists.txt +++ /dev/null @@ -1,3 +0,0 @@ -idf_component_register(SRCS hkdf.c - INCLUDE_DIRS . - PRIV_REQUIRES mbedtls) diff --git a/config/esp32/components/esp32_mbedtls/hkdf.c b/config/esp32/components/esp32_mbedtls/hkdf.c deleted file mode 100644 index c480bbf950b203..00000000000000 --- a/config/esp32/components/esp32_mbedtls/hkdf.c +++ /dev/null @@ -1,191 +0,0 @@ -/** - * - * Copyright (c) 2020 Project CHIP Authors - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -/* - * HKDF implementation -- RFC 5869 - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_HKDF_C) - -#include "mbedtls/hkdf.h" -#include "mbedtls/platform_util.h" -#include - -int mbedtls_hkdf(const mbedtls_md_info_t * md, const unsigned char * salt, size_t salt_len, const unsigned char * ikm, - size_t ikm_len, const unsigned char * info, size_t info_len, unsigned char * okm, size_t okm_len) -{ - int ret; - unsigned char prk[MBEDTLS_MD_MAX_SIZE]; - - ret = mbedtls_hkdf_extract(md, salt, salt_len, ikm, ikm_len, prk); - - if (ret == 0) - { - ret = mbedtls_hkdf_expand(md, prk, mbedtls_md_get_size(md), info, info_len, okm, okm_len); - } - - mbedtls_platform_zeroize(prk, sizeof(prk)); - - return (ret); -} - -int mbedtls_hkdf_extract(const mbedtls_md_info_t * md, const unsigned char * salt, size_t salt_len, const unsigned char * ikm, - size_t ikm_len, unsigned char * prk) -{ - unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' }; - - if (salt == NULL) - { - size_t hash_len; - - if (salt_len != 0) - { - return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; - } - - hash_len = mbedtls_md_get_size(md); - - if (hash_len == 0) - { - return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; - } - - salt = null_salt; - salt_len = hash_len; - } - - return (mbedtls_md_hmac(md, salt, salt_len, ikm, ikm_len, prk)); -} - -int mbedtls_hkdf_expand(const mbedtls_md_info_t * md, const unsigned char * prk, size_t prk_len, const unsigned char * info, - size_t info_len, unsigned char * okm, size_t okm_len) -{ - size_t hash_len; - size_t where = 0; - size_t n; - size_t t_len = 0; - size_t i; - int ret = 0; - mbedtls_md_context_t ctx; - unsigned char t[MBEDTLS_MD_MAX_SIZE]; - - if (okm == NULL) - { - return (MBEDTLS_ERR_HKDF_BAD_INPUT_DATA); - } - - hash_len = mbedtls_md_get_size(md); - - if (prk_len < hash_len || hash_len == 0) - { - return (MBEDTLS_ERR_HKDF_BAD_INPUT_DATA); - } - - if (info == NULL) - { - info = (const unsigned char *) ""; - info_len = 0; - } - - n = okm_len / hash_len; - - if ((okm_len % hash_len) != 0) - { - n++; - } - - /* - * Per RFC 5869 Section 2.3, okm_len must not exceed - * 255 times the hash length - */ - if (n > 255) - { - return (MBEDTLS_ERR_HKDF_BAD_INPUT_DATA); - } - - mbedtls_md_init(&ctx); - - if ((ret = mbedtls_md_setup(&ctx, md, 1)) != 0) - { - goto exit; - } - - /* - * Compute T = T(1) | T(2) | T(3) | ... | T(N) - * Where T(N) is defined in RFC 5869 Section 2.3 - */ - for (i = 1; i <= n; i++) - { - size_t num_to_copy; - unsigned char c = i & 0xff; - - ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len); - if (ret != 0) - { - goto exit; - } - - ret = mbedtls_md_hmac_update(&ctx, t, t_len); - if (ret != 0) - { - goto exit; - } - - ret = mbedtls_md_hmac_update(&ctx, info, info_len); - if (ret != 0) - { - goto exit; - } - - /* The constant concatenated to the end of each T(n) is a single octet. - * */ - ret = mbedtls_md_hmac_update(&ctx, &c, 1); - if (ret != 0) - { - goto exit; - } - - ret = mbedtls_md_hmac_finish(&ctx, t); - if (ret != 0) - { - goto exit; - } - - num_to_copy = i != n ? hash_len : okm_len - where; - memcpy(okm + where, t, num_to_copy); - where += hash_len; - t_len = hash_len; - } - -exit: - mbedtls_md_free(&ctx); - mbedtls_platform_zeroize(t, sizeof(t)); - - return (ret); -} - -#endif /* MBEDTLS_HKDF_C */ diff --git a/config/esp32/components/esp32_mbedtls/mbedtls/esp_config.h b/config/esp32/components/esp32_mbedtls/mbedtls/esp_config.h deleted file mode 100644 index aca884cdc9fbf6..00000000000000 --- a/config/esp32/components/esp32_mbedtls/mbedtls/esp_config.h +++ /dev/null @@ -1,2345 +0,0 @@ -/** - * - * Copyright (c) 2020 Project CHIP Authors - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -/** - * - * \brief Default mbedTLS configuration options for esp-idf - * - * This set of compile-time options may be used to enable - * or disable features selectively, and reduce the global - * memory footprint. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#ifndef ESP_CONFIG_H -#define ESP_CONFIG_H - -#include "esp_idf_version.h" -#include "sdkconfig.h" -// For ESP32H2, we use idf v5.0. Its "mbedtls/config.h" was replaced by "mbedtls/build_info.h" -#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(5, 0, 0) -#include "mbedtls/build_info.h" -#else -#include "mbedtls/config.h" -#endif -/** - * \name SECTION: System support - * - * This section sets system specific settings. - * \{ - */ - -/** - * \def MBEDTLS_HAVE_TIME - * - * System has time.h and time(). - * The time does not need to be correct, only time differences are used, - * by contrast with MBEDTLS_HAVE_TIME_DATE - * - * Comment if your system does not support time functions - */ -#ifdef CONFIG_MBEDTLS_HAVE_TIME -#define MBEDTLS_HAVE_TIME -#else -#undef MBEDTLS_HAVE_TIME -#endif - -/** - * \def MBEDTLS_HAVE_TIME_DATE - * - * System has time.h and time(), gmtime() and the clock is correct. - * The time needs to be correct (not necesarily very accurate, but at least - * the date should be correct). This is used to verify the validity period of - * X.509 certificates. - * - * Comment if your system does not have a correct clock. - */ -#ifdef CONFIG_MBEDTLS_HAVE_TIME_DATE -#define MBEDTLS_HAVE_TIME_DATE -#else -#undef MBEDTLS_HAVE_TIME_DATE -#endif - -/** - * \def MBEDTLS_PLATFORM_MEMORY - * - * Enable the memory allocation layer. - * - * By default mbed TLS uses the system-provided calloc() and free(). - * This allows different allocators (self-implemented or provided) to be - * provided to the platform abstraction layer. - * - * Enabling MBEDTLS_PLATFORM_MEMORY without the - * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide - * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and - * free() function pointer at runtime. - * - * Enabling MBEDTLS_PLATFORM_MEMORY and specifying - * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the - * alternate function at compile time. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Enable this layer to allow use of alternative memory allocators. - */ -#define MBEDTLS_PLATFORM_MEMORY - -/** Override calloc(), free() except for case where memory allocation scheme is not set to custom */ -#ifndef CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC -#include "esp_mem.h" -#define MBEDTLS_PLATFORM_STD_CALLOC esp_mbedtls_mem_calloc -#define MBEDTLS_PLATFORM_STD_FREE esp_mbedtls_mem_free -#endif - -/* \} name SECTION: System support */ - -/** - * \name SECTION: mbed TLS feature support - * - * This section sets support for features that are or are not needed - * within the modules that are enabled. - * \{ - */ - -/* The following units have ESP32 hardware support, - uncommenting each _ALT macro will use the - hardware-accelerated implementation. */ -#ifdef CONFIG_MBEDTLS_HARDWARE_AES -#define MBEDTLS_AES_ALT -#else -#undef MBEDTLS_AES_ALT -#endif - -/* MBEDTLS_SHAxx_ALT to enable hardware SHA support - with software fallback. -*/ -#ifdef CONFIG_MBEDTLS_HARDWARE_SHA -#define MBEDTLS_SHA1_ALT -#define MBEDTLS_SHA256_ALT -#define MBEDTLS_SHA512_ALT -#else -#undef MBEDTLS_SHA1_ALT -#undef MBEDTLS_SHA256_ALT -#undef MBEDTLS_SHA512_ALT -#endif - -/* The following MPI (bignum) functions have ESP32 hardware support, - Uncommenting these macros will use the hardware-accelerated - implementations. -*/ -#ifdef CONFIG_MBEDTLS_HARDWARE_MPI -#define MBEDTLS_MPI_EXP_MOD_ALT -#define MBEDTLS_MPI_MUL_MPI_ALT -#else -#undef MBEDTLS_MPI_EXP_MOD_ALT -#undef MBEDTLS_MPI_MUL_MPI_ALT -#endif - -/** - * \def MBEDTLS_ENTROPY_HARDWARE_ALT - * - * Uncomment this macro to let mbed TLS use your own implementation of a - * hardware entropy collector. - * - * Your function must be called \c mbedtls_hardware_poll(), have the same - * prototype as declared in entropy_poll.h, and accept NULL as first argument. - * - * Uncomment to use your own hardware entropy collector. - */ -#define MBEDTLS_ENTROPY_HARDWARE_ALT - -/** - * \def MBEDTLS_AES_ROM_TABLES - * - * Store the AES tables in ROM. - * - * Uncomment this macro to store the AES tables in ROM. - */ -#define MBEDTLS_AES_ROM_TABLES - -/** - * \def MBEDTLS_CIPHER_MODE_CBC - * - * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CBC - -/** - * \def MBEDTLS_CIPHER_MODE_CFB - * - * Enable Cipher Feedback mode (CFB) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CFB - -/** - * \def MBEDTLS_CIPHER_MODE_CTR - * - * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CTR - -/** - * \def MBEDTLS_CIPHER_MODE_OFB - * - * Enable Output Feedback mode (OFB) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_OFB - -/** - * \def MBEDTLS_CIPHER_MODE_XTS - * - * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. - */ -#define MBEDTLS_CIPHER_MODE_XTS - -/** - * \def MBEDTLS_CIPHER_PADDING_PKCS7 - * - * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for - * specific padding modes in the cipher layer with cipher modes that support - * padding (e.g. CBC) - * - * If you disable all padding modes, only full blocks can be used with CBC. - * - * Enable padding modes in the cipher layer. - */ -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CIPHER_PADDING_ZEROS - -/** - * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES & MBEDTLS_ARC4_C - * - * MBEDTLS_ARC4_C - * Enable the ARCFOUR stream cipher. - * - * This module enables/disables the following ciphersuites - * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 - * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA - * - * MBEDTLS_REMOVE_ARC4_CIPHERSUITES - * This flag removes the ciphersuites based on RC4 from the default list as - * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to - * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them - * explicitly. - * - * Uncomment this macro to remove RC4 ciphersuites by default. - */ -#ifdef CONFIG_MBEDTLS_RC4_ENABLED -#define MBEDTLS_ARC4_C -#undef MBEDTLS_REMOVE_ARC4_CIPHERSUITES -#elif defined CONFIG_MBEDTLS_RC4_ENABLED_NO_DEFAULT -#define MBEDTLS_ARC4_C -#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES -#else -#undef MBEDTLS_ARC4_C -#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES -#endif - -/** - * \def MBEDTLS_ECP_RESTARTABLE - * - * Enable "non-blocking" ECC operations that can return early and be resumed. - * - * This allows various functions to pause by returning - * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in - * order to further progress and eventually complete their operation. This is - * controlled through mbedtls_ecp_set_max_ops() which limits the maximum - * number of ECC operations a function may perform before pausing; see - * mbedtls_ecp_set_max_ops() for more information. - * - * This is useful in non-threaded environments if you want to avoid blocking - * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. - * - * Uncomment this macro to enable restartable ECC computations. - * - * \note This option only works with the default software implementation of - * elliptic curve functionality. It is incompatible with - * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT. - */ -#ifdef CONFIG_MBEDTLS_ECP_RESTARTABLE -#define MBEDTLS_ECP_RESTARTABLE -#endif - -/** - * \def MBEDTLS_CMAC_C - * - * Enable the CMAC (Cipher-based Message Authentication Code) mode for block - * ciphers. - * - * Module: library/cmac.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C - * - */ -#ifdef CONFIG_MBEDTLS_CMAC_C -#define MBEDTLS_CMAC_C -#endif - -/** - * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED - * - * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve - * module. By default all supported curves are enabled. - * - * Comment macros to disable the curve and functions for it - */ -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#else -#undef MBEDTLS_ECP_DP_SECP192R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#else -#undef MBEDTLS_ECP_DP_SECP224R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#else -#undef MBEDTLS_ECP_DP_SECP256R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#else -#undef MBEDTLS_ECP_DP_SECP384R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#else -#undef MBEDTLS_ECP_DP_SECP521R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#else -#undef MBEDTLS_ECP_DP_SECP192K1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#else -#undef MBEDTLS_ECP_DP_SECP224K1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#else -#undef MBEDTLS_ECP_DP_SECP256K1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#else -#undef MBEDTLS_ECP_DP_BP256R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#else -#undef MBEDTLS_ECP_DP_BP384R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -#else -#undef MBEDTLS_ECP_DP_BP512R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#else -#undef MBEDTLS_ECP_DP_CURVE25519_ENABLED -#endif - -#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED -#undef MBEDTLS_ECP_DP_CURVE448_ENABLED -#endif - -/** - * \def MBEDTLS_ECP_NIST_OPTIM - * - * Enable specific 'modulo p' routines for each NIST prime. - * Depending on the prime and architecture, makes operations 4 to 8 times - * faster on the corresponding curve. - * - * Comment this macro to disable NIST curves optimisation. - */ -#ifdef CONFIG_MBEDTLS_ECP_NIST_OPTIM -#define MBEDTLS_ECP_NIST_OPTIM -#else -#undef MBEDTLS_ECP_NIST_OPTIM -#endif - -/** - * \def MBEDTLS_ECDSA_DETERMINISTIC - * - * Enable deterministic ECDSA (RFC 6979). - * Standard ECDSA is "fragile" in the sense that lack of entropy when signing - * may result in a compromise of the long-term signing key. This is avoided by - * the deterministic variant. - * - * Requires: MBEDTLS_HMAC_DRBG_C - * - * Comment this macro to disable deterministic ECDSA. - */ -#define MBEDTLS_ECDSA_DETERMINISTIC - -/** - * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - * - * Enable the PSK based ciphersuite modes in SSL / TLS. - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_PSK -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - * - * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - * - * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - * - * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK -#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - * - * Enable the RSA-only based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - * - * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - * - * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - * - * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - * - * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -#endif - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - * - * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -#else -#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -#endif - -/** - * \def MBEDTLS_PK_PARSE_EC_EXTENDED - * - * Enhance support for reading EC keys using variants of SEC1 not allowed by - * RFC 5915 and RFC 5480. - * - * Currently this means parsing the SpecifiedECDomain choice of EC - * parameters (only known groups are supported, not arbitrary domains, to - * avoid validation issues). - * - * Disable if you only need to support RFC 5915 + 5480 key formats. - */ -#define MBEDTLS_PK_PARSE_EC_EXTENDED - -/** - * \def MBEDTLS_ERROR_STRERROR_DUMMY - * - * Enable a dummy error function to make use of mbedtls_strerror() in - * third party libraries easier when MBEDTLS_ERROR_C is disabled - * (no effect when MBEDTLS_ERROR_C is enabled). - * - * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're - * not using mbedtls_strerror() or error_strerror() in your application. - * - * Disable if you run into name conflicts and want to really remove the - * mbedtls_strerror() - */ -#define MBEDTLS_ERROR_STRERROR_DUMMY - -/** - * \def MBEDTLS_GENPRIME - * - * Enable the prime-number generation code. - * - * Requires: MBEDTLS_BIGNUM_C - */ -#define MBEDTLS_GENPRIME - -/** - * \def MBEDTLS_FS_IO - * - * Enable functions that use the filesystem. - */ -#define MBEDTLS_FS_IO - -/** - * \def MBEDTLS_NO_PLATFORM_ENTROPY - * - * Do not use built-in platform entropy functions. - * This is useful if your platform does not support - * standards like the /dev/urandom or Windows CryptoAPI. - * - * Uncomment this macro to disable the built-in platform entropy functions. - */ -#define MBEDTLS_NO_PLATFORM_ENTROPY - -/** - * \def MBEDTLS_PK_RSA_ALT_SUPPORT - * - * Support external private RSA keys (eg from a HSM) in the PK layer. - * - * Comment this macro to disable support for external private RSA keys. - */ -#define MBEDTLS_PK_RSA_ALT_SUPPORT - -/** - * \def MBEDTLS_PKCS1_V15 - * - * Enable support for PKCS#1 v1.5 encoding. - * - * Requires: MBEDTLS_RSA_C - * - * This enables support for PKCS#1 v1.5 operations. - */ -#define MBEDTLS_PKCS1_V15 - -/** - * \def MBEDTLS_PKCS1_V21 - * - * Enable support for PKCS#1 v2.1 encoding. - * - * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C - * - * This enables support for RSAES-OAEP and RSASSA-PSS operations. - */ -#define MBEDTLS_PKCS1_V21 - -/** - * \def MBEDTLS_SELF_TEST - * - * Enable the checkup functions (*_self_test). - */ -#define MBEDTLS_SELF_TEST - -/** - * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES - * - * Enable sending of alert messages in case of encountered errors as per RFC. - * If you choose not to send the alert messages, mbed TLS can still communicate - * with other servers, only debugging of failures is harder. - * - * The advantage of not sending alert messages, is that no information is given - * about reasons for failures thus preventing adversaries of gaining intel. - * - * Enable sending of all alert messages - */ -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES - -/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC - * - * Enable support for Encrypt-then-MAC, RFC 7366. - * - * This allows peers that both support it to use a more robust protection for - * ciphersuites using CBC, providing deep resistance against timing attacks - * on the padding or underlying cipher. - * - * This only affects CBC ciphersuites, and is useless if none is defined. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Encrypt-then-MAC - */ -#ifdef CONFIG_MBEDTLS_TLS_ENABLED -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC -#else -#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC -#endif - -/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET - * - * Enable support for Extended Master Secret, aka Session Hash - * (draft-ietf-tls-session-hash-02). - * - * This was introduced as "the proper fix" to the Triple Handshake familiy of - * attacks, but it is recommended to always use it (even if you disable - * renegotiation), since it actually fixes a more fundamental issue in the - * original SSL/TLS design, and has implications beyond Triple Handshake. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Extended Master Secret. - */ -#ifdef CONFIG_MBEDTLS_TLS_ENABLED -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET -#else -#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET -#endif - -/** - * \def MBEDTLS_SSL_FALLBACK_SCSV - * - * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). - * - * For servers, it is recommended to always enable this, unless you support - * only one version of TLS, or know for sure that none of your clients - * implements a fallback strategy. - * - * For clients, you only need this if you're using a fallback strategy, which - * is not recommended in the first place, unless you absolutely need it to - * interoperate with buggy (version-intolerant) servers. - * - * Comment this macro to disable support for FALLBACK_SCSV - */ -#define MBEDTLS_SSL_FALLBACK_SCSV - -/** - * \def MBEDTLS_SSL_PROTO_TLS1 - * - * Enable support for TLS 1.0. - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for TLS 1.0 - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1 -#define MBEDTLS_SSL_PROTO_TLS1 -#else -#undef MBEDTLS_SSL_PROTO_TLS1 -#endif - -/** - * \def MBEDTLS_SSL_PROTO_SSL3 - * - * Enable support for SSL 3.0. - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for SSL 3.0 - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_SSL3 -#define MBEDTLS_SSL_PROTO_SSL3 -#else -#undef MBEDTLS_SSL_PROTO_SSL3 -#endif - -/** - * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING - * - * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. - * - * This is a countermeasure to the BEAST attack, which also minimizes the risk - * of interoperability issues compared to sending 0-length records. - * - * Comment this macro to disable 1/n-1 record splitting. - */ -#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) -#define MBEDTLS_SSL_CBC_RECORD_SPLITTING -#else -#undef MBEDTLS_SSL_CBC_RECORD_SPLITTING -#endif - -/** - * \def MBEDTLS_SSL_RENEGOTIATION - * - * Disable support for TLS renegotiation. - * - * The two main uses of renegotiation are (1) refresh keys on long-lived - * connections and (2) client authentication after the initial handshake. - * If you don't need renegotiation, it's probably better to disable it, since - * it has been associated with security issues in the past and is easy to - * misuse/misunderstand. - * - * Comment this to disable support for renegotiation. - */ -#ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION -#define MBEDTLS_SSL_RENEGOTIATION -#else -#undef MBEDTLS_SSL_RENEGOTIATION -#endif - -/** - * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - * - * Enable support for RFC 6066 max_fragment_length extension in SSL. - * - * Comment this macro to disable support for the max_fragment_length extension - */ -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_1 - * - * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_1 -#define MBEDTLS_SSL_PROTO_TLS1_1 -#endif - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_2 - * - * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). - * - * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C - * (Depends on ciphersuites) - * - * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_PROTO_TLS1_2 -#else -#undef MBEDTLS_SSL_PROTO_TLS1_2 -#endif - -/** - * \def MBEDTLS_SSL_PROTO_DTLS - * - * Enable support for DTLS (all available versions). - * - * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, - * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_1 - * or MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for DTLS - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_PROTO_DTLS -#else -#undef MBEDTLS_SSL_PROTO_DTLS -#endif - -/** - * \def MBEDTLS_SSL_ALPN - * - * Enable support for RFC 7301 Application Layer Protocol Negotiation. - * - * Comment this macro to disable support for ALPN. - */ -#ifdef CONFIG_MBEDTLS_SSL_ALPN -#define MBEDTLS_SSL_ALPN -#else -#undef MBEDTLS_SSL_ALPN -#endif - -/** - * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY - * - * Enable support for the anti-replay mechanism in DTLS. - * - * Requires: MBEDTLS_SSL_TLS_C - * MBEDTLS_SSL_PROTO_DTLS - * - * \warning Disabling this is often a security risk! - * See mbedtls_ssl_conf_dtls_anti_replay() for details. - * - * Comment this to disable anti-replay in DTLS. - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#else -#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY -#endif - -/** - * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Enable support for HelloVerifyRequest on DTLS servers. - * - * This feature is highly recommended to prevent DTLS servers being used as - * amplifiers in DoS attacks against other hosts. It should always be enabled - * unless you know for sure amplification cannot be a problem in the - * environment in which your server operates. - * - * \warning Disabling this can ba a security risk! (see above) - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Comment this to disable support for HelloVerifyRequest. - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY -#else -#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY -#endif - -/** - * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - * - * Enable server-side support for clients that reconnect from the same port. - * - * Some clients unexpectedly close the connection and try to reconnect using the - * same source port. This needs special support from the server to handle the - * new connection securely, as described in section 4.2.8 of RFC 6347. This - * flag enables that support. - * - * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Comment this to disable support for clients reusing the source port. - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE -#else -#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE -#endif - -/** - * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT - * - * Enable support for a limit of records with bad MAC. - * - * See mbedtls_ssl_conf_dtls_badmac_limit(). - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT -#else -#undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT -#endif - -/** - * \def MBEDTLS_SSL_SESSION_TICKETS - * - * Enable support for RFC 5077 session tickets in SSL. - * Client-side, provides full support for session tickets (maintainance of a - * session store remains the responsibility of the application, though). - * Server-side, you also need to provide callbacks for writing and parsing - * tickets, including authenticated encryption and key management. Example - * callbacks are provided by MBEDTLS_SSL_TICKET_C. - * - * Comment this macro to disable support for SSL session tickets - */ -#ifdef CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS -#define MBEDTLS_SSL_SESSION_TICKETS -#else -#undef MBEDTLS_SSL_SESSION_TICKETS -#endif - -/** - * \def MBEDTLS_SSL_EXPORT_KEYS - * - * Enable support for exporting key block and master secret. - * This is required for certain users of TLS, e.g. EAP-TLS. - * - * Comment this macro to disable support for key export - */ -#define MBEDTLS_SSL_EXPORT_KEYS - -/** - * \def MBEDTLS_SSL_SERVER_NAME_INDICATION - * - * Enable support for RFC 6066 server name indication (SNI) in SSL. - * - * Requires: MBEDTLS_X509_CRT_PARSE_C - * - * Comment this macro to disable support for server name indication in SSL - */ -#define MBEDTLS_SSL_SERVER_NAME_INDICATION - -/** - * \def MBEDTLS_SSL_TRUNCATED_HMAC - * - * Enable support for RFC 6066 truncated HMAC in SSL. - * - * Comment this macro to disable support for truncated HMAC in SSL - */ -#define MBEDTLS_SSL_TRUNCATED_HMAC - -/** - * \def MBEDTLS_VERSION_FEATURES - * - * Allow run-time checking of compile-time enabled features. Thus allowing users - * to check at run-time if the library is for instance compiled with threading - * support via mbedtls_version_check_feature(). - * - * Requires: MBEDTLS_VERSION_C - * - * Comment this to disable run-time checking and save ROM space - */ -#define MBEDTLS_VERSION_FEATURES - -/** - * \def MBEDTLS_X509_CHECK_KEY_USAGE - * - * Enable verification of the keyUsage extension (CA and leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused - * (intermediate) CA and leaf certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip keyUsage checking for both CA and leaf certificates. - */ -#define MBEDTLS_X509_CHECK_KEY_USAGE - -/** - * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - * - * Enable verification of the extendedKeyUsage extension (leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip extendedKeyUsage checking for certificates. - */ -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - -/** - * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT - * - * Enable parsing and verification of X.509 certificates, CRLs and CSRS - * signed with RSASSA-PSS (aka PKCS#1 v2.1). - * - * Comment this macro to disallow using RSASSA-PSS in certificates. - */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT - -/* \} name SECTION: mbed TLS feature support */ - -/** - * \name SECTION: mbed TLS modules - * - * This section enables or disables entire modules in mbed TLS - * \{ - */ - -/** - * \def MBEDTLS_AESNI_C - * - * Enable AES-NI support on x86-64. - * - * Module: library/aesni.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the AES-NI instructions on x86-64 - */ -#define MBEDTLS_AESNI_C - -/** - * \def MBEDTLS_AES_C - * - * Enable the AES block cipher. - * - * Module: library/aes.c - * Caller: library/ssl_tls.c - * library/pem.c - * library/ctr_drbg.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * - * PEM_PARSE uses AES for decrypting encrypted keys. - */ -#ifdef CONFIG_MBEDTLS_AES_C -#define MBEDTLS_AES_C -#else -#undef MBEDTLS_AES_C -#endif - -/** - * \def MBEDTLS_ASN1_PARSE_C - * - * Enable the generic ASN1 parser. - * - * Module: library/asn1.c - * Caller: library/x509.c - * library/dhm.c - * library/pkcs12.c - * library/pkcs5.c - * library/pkparse.c - */ -#define MBEDTLS_ASN1_PARSE_C - -/** - * \def MBEDTLS_ASN1_WRITE_C - * - * Enable the generic ASN1 writer. - * - * Module: library/asn1write.c - * Caller: library/ecdsa.c - * library/pkwrite.c - * library/x509_create.c - * library/x509write_crt.c - * library/mbedtls_x509write_csr.c - */ -#define MBEDTLS_ASN1_WRITE_C - -/** - * \def MBEDTLS_BASE64_C - * - * Enable the Base64 module. - * - * Module: library/base64.c - * Caller: library/pem.c - * - * This module is required for PEM support (required by X.509). - */ -#define MBEDTLS_BASE64_C - -/** - * \def MBEDTLS_BIGNUM_C - * - * Enable the multi-precision integer library. - * - * Module: library/bignum.c - * Caller: library/dhm.c - * library/ecp.c - * library/ecdsa.c - * library/rsa.c - * library/ssl_tls.c - * - * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. - */ -#define MBEDTLS_BIGNUM_C - -/** - * \def MBEDTLS_BLOWFISH_C - * - * Enable the Blowfish block cipher. - * - * Module: library/blowfish.c - */ -#ifdef CONFIG_MBEDTLS_BLOWFISH_C -#define MBEDTLS_BLOWFISH_C -#else -#undef MBEDTLS_BLOWFISH_C -#endif - -/** - * \def MBEDTLS_CAMELLIA_C - * - * Enable the Camellia block cipher. - * - * Module: library/camellia.c - * Caller: library/ssl_tls.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#ifdef CONFIG_MBEDTLS_CAMELLIA_C -#define MBEDTLS_CAMELLIA_C -#else -#undef MBEDTLS_CAMELLIA_C -#endif - -/** - * \def MBEDTLS_CCM_C - * - * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. - * - * Module: library/ccm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C - * - * This module enables the AES-CCM ciphersuites, if other requisites are - * enabled as well. - */ -#ifdef CONFIG_MBEDTLS_CCM_C -#define MBEDTLS_CCM_C -#else -#undef MBEDTLS_CCM_C -#endif - -/** - * \def MBEDTLS_CERTS_C - * - * Enable the test certificates. - * - * Module: library/certs.c - * Caller: - * - * This module is used for testing (ssl_client/server). - */ -#define MBEDTLS_CERTS_C - -/** - * \def MBEDTLS_CHACHA20_C - * - * Disable the ChaCha20 stream cipher. - * - * Module: library/chacha20.c - */ -#ifdef MBEDTLS_CHACHA20_C -#undef MBEDTLS_CHACHA20_C -#endif - -/** - * \def MBEDTLS_CHACHAPOLY_C - * - * Disable the ChaCha20-Poly1305 AEAD algorithm. - * - * Module: library/chachapoly.c - * - * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C - */ -#ifdef MBEDTLS_CHACHAPOLY_C -#undef MBEDTLS_CHACHAPOLY_C -#endif - -/** - * \def MBEDTLS_CIPHER_C - * - * Enable the generic cipher layer. - * - * Module: library/cipher.c - * Caller: library/ssl_tls.c - * - * Uncomment to enable generic cipher wrappers. - */ -#define MBEDTLS_CIPHER_C - -/** - * \def MBEDTLS_CTR_DRBG_C - * - * Enable the CTR_DRBG AES-256-based random generator. - * - * Module: library/ctr_drbg.c - * Caller: - * - * Requires: MBEDTLS_AES_C - * - * This module provides the CTR_DRBG AES-256 random number generator. - */ -#define MBEDTLS_CTR_DRBG_C - -/** - * \def MBEDTLS_DEBUG_C - * - * Enable the debug functions. - * - * Module: library/debug.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module provides debugging functions. - */ -#if CONFIG_MBEDTLS_DEBUG -#define MBEDTLS_DEBUG_C -#else -#undef MBEDTLS_DEBUG_C -#endif - -/** - * \def MBEDTLS_DES_C - * - * Enable the DES block cipher. - * - * Module: library/des.c - * Caller: library/pem.c - * library/ssl_tls.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA - * - * PEM_PARSE uses DES/3DES for decrypting encrypted keys. - */ -#ifdef CONFIG_MBEDTLS_DES_C -#define MBEDTLS_DES_C -#else -#undef MBEDTLS_DES_C -#endif - -/** - * \def MBEDTLS_DHM_C - * - * Enable the Diffie-Hellman-Merkle module. - * - * Module: library/dhm.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * DHE-RSA, DHE-PSK - */ -#define MBEDTLS_DHM_C - -/** - * \def MBEDTLS_ECDH_C - * - * Enable the elliptic curve Diffie-Hellman library. - * - * Module: library/ecdh.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK - * - * Requires: MBEDTLS_ECP_C - */ -#ifdef CONFIG_MBEDTLS_ECDH_C -#define MBEDTLS_ECDH_C -#else -#undef MBEDTLS_ECDH_C -#endif - -/** - * \def MBEDTLS_ECDSA_C - * - * Enable the elliptic curve DSA library. - * - * Module: library/ecdsa.c - * Caller: - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C - */ -#ifdef CONFIG_MBEDTLS_ECDSA_C -#define MBEDTLS_ECDSA_C -#else -#undef MBEDTLS_ECDSA_C -#endif - -/** - * \def MBEDTLS_ECJPAKE_C - * - * Enable the elliptic curve J-PAKE library. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Module: library/ecjpake.c - * Caller: - * - * This module is used by the following key exchanges: - * ECJPAKE - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C - */ -//#define MBEDTLS_ECJPAKE_C - -/** - * \def MBEDTLS_ECP_C - * - * Enable the elliptic curve over GF(p) library. - * - * Module: library/ecp.c - * Caller: library/ecdh.c - * library/ecdsa.c - * library/ecjpake.c - * - * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED - */ -#ifdef CONFIG_MBEDTLS_ECP_C -#define MBEDTLS_ECP_C -#else -#undef MBEDTLS_ECP_C -#endif - -/** - * \def MBEDTLS_ENTROPY_C - * - * Enable the platform-specific entropy code. - * - * Module: library/entropy.c - * Caller: - * - * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C - * - * This module provides a generic entropy pool - */ -#define MBEDTLS_ENTROPY_C - -/** - * \def MBEDTLS_ERROR_C - * - * Enable error code to error string conversion. - * - * Module: library/error.c - * Caller: - * - * This module enables mbedtls_strerror(). - */ -#define MBEDTLS_ERROR_C - -/** - * \def MBEDTLS_GCM_C - * - * Enable the Galois/Counter Mode (GCM) for AES. - * - * Module: library/gcm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C - * - * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other - * requisites are enabled as well. - */ -#ifdef CONFIG_MBEDTLS_GCM_C -#define MBEDTLS_GCM_C -#else -#undef MBEDTLS_GCM_C -#endif - -/** - * \def MBEDTLS_HKDF_C - * - * Enable the HKDF algorithm (RFC 5869). - * - * Module: library/hkdf.c - * Caller: - * - * Requires: MBEDTLS_MD_C - * - * This module adds support for the Hashed Message Authentication Code - * (HMAC)-based key derivation function (HKDF). - */ -#ifndef MBEDTLS_HKDF_C -#define MBEDTLS_HKDF_C -#endif - -/** - * \def MBEDTLS_HMAC_DRBG_C - * - * Enable the HMAC_DRBG random generator. - * - * Module: library/hmac_drbg.c - * Caller: - * - * Requires: MBEDTLS_MD_C - * - * Uncomment to enable the HMAC_DRBG random number geerator. - */ -#define MBEDTLS_HMAC_DRBG_C - -/** - * \def MBEDTLS_MD_C - * - * Enable the generic message digest layer. - * - * Module: library/mbedtls_md.c - * Caller: - * - * Uncomment to enable generic message digest wrappers. - */ -#define MBEDTLS_MD_C - -/** - * \def MBEDTLS_MD5_C - * - * Enable the MD5 hash algorithm. - * - * Module: library/mbedtls_md5.c - * Caller: library/mbedtls_md.c - * library/pem.c - * library/ssl_tls.c - * - * This module is required for SSL/TLS and X.509. - * PEM_PARSE uses MD5 for decrypting encrypted keys. - */ -#define MBEDTLS_MD5_C - -/** - * \def MBEDTLS_NET_C - * - * Enable the TCP/IP networking routines. - * - * Module: library/net.c - * - * This module provides TCP/IP networking routines. - */ -#ifdef MBEDTLS_NET_C -#undef MBEDTLS_NET_C -#endif - -/** - * \def MBEDTLS_OID_C - * - * Enable the OID database. - * - * Module: library/oid.c - * Caller: library/asn1write.c - * library/pkcs5.c - * library/pkparse.c - * library/pkwrite.c - * library/rsa.c - * library/x509.c - * library/x509_create.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c - * library/x509write_crt.c - * library/mbedtls_x509write_csr.c - * - * This modules translates between OIDs and internal values. - */ -#define MBEDTLS_OID_C - -/** - * \def MBEDTLS_PADLOCK_C - * - * Enable VIA Padlock support on x86. - * - * Module: library/padlock.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the VIA PadLock on x86. - */ -#define MBEDTLS_PADLOCK_C - -/** - * \def MBEDTLS_PEM_PARSE_C - * - * Enable PEM decoding / parsing. - * - * Module: library/pem.c - * Caller: library/dhm.c - * library/pkparse.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for decoding / parsing PEM files. - */ -#ifdef CONFIG_MBEDTLS_PEM_PARSE_C -#define MBEDTLS_PEM_PARSE_C -#else -#undef MBEDTLS_PEM_PARSE_C -#endif - -/** - * \def MBEDTLS_PEM_WRITE_C - * - * Enable PEM encoding / writing. - * - * Module: library/pem.c - * Caller: library/pkwrite.c - * library/x509write_crt.c - * library/mbedtls_x509write_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for encoding / writing PEM files. - */ -#ifdef CONFIG_MBEDTLS_PEM_WRITE_C -#define MBEDTLS_PEM_WRITE_C -#else -#undef MBEDTLS_PEM_WRITE_C -#endif - -/** - * \def MBEDTLS_PK_C - * - * Enable the generic public (asymetric) key layer. - * - * Module: library/pk.c - * Caller: library/ssl_tls.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C - * - * Uncomment to enable generic public key wrappers. - */ -#define MBEDTLS_PK_C - -/** - * \def MBEDTLS_PK_PARSE_C - * - * Enable the generic public (asymetric) key parser. - * - * Module: library/pkparse.c - * Caller: library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key parse functions. - */ -#define MBEDTLS_PK_PARSE_C - -/** - * \def MBEDTLS_PK_WRITE_C - * - * Enable the generic public (asymetric) key writer. - * - * Module: library/pkwrite.c - * Caller: library/x509write.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key write functions. - */ -#define MBEDTLS_PK_WRITE_C - -/** - * \def MBEDTLS_PKCS5_C - * - * Enable PKCS#5 functions. - * - * Module: library/pkcs5.c - * - * Requires: MBEDTLS_MD_C - * - * This module adds support for the PKCS#5 functions. - */ -#define MBEDTLS_PKCS5_C - -/** - * \def MBEDTLS_PKCS12_C - * - * Enable PKCS#12 PBE functions. - * Adds algorithms for parsing PKCS#8 encrypted private keys - * - * Module: library/pkcs12.c - * Caller: library/pkparse.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * Can use: MBEDTLS_ARC4_C - * - * This module enables PKCS#12 functions. - */ -#define MBEDTLS_PKCS12_C - -/** - * \def MBEDTLS_PLATFORM_C - * - * Enable the platform abstraction layer that allows you to re-assign - * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). - * - * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT - * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned - * above to be specified at runtime or compile time respectively. - * - * \note This abstraction layer must be enabled on Windows (including MSYS2) - * as other module rely on it for a fixed snprintf implementation. - * - * Module: library/platform.c - * Caller: Most other .c files - * - * This module enables abstraction of common (libc) functions. - */ -#define MBEDTLS_PLATFORM_C - -/** - * \def MBEDTLS_POLY1305_C - * - * Disable the Poly1305 MAC algorithm. - * - * Module: library/poly1305.c - * Caller: library/chachapoly.c - */ -#ifdef MBEDTLS_POLY1305_C -#undef MBEDTLS_POLY1305_C -#endif - -/** - * \def MBEDTLS_RIPEMD160_C - * - * Enable the RIPEMD-160 hash algorithm. - * - * Module: library/mbedtls_ripemd160.c - * Caller: library/mbedtls_md.c - * - */ -#ifdef CONFIG_MBEDTLS_RIPEMD160_C -#define MBEDTLS_RIPEMD160_C -#else -#undef MBEDTLS_RIPEMD160_C -#endif - -/** - * \def MBEDTLS_RSA_C - * - * Enable the RSA public-key cryptosystem. - * - * Module: library/rsa.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509.c - * - * This module is used by the following key exchanges: - * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C - */ -#define MBEDTLS_RSA_C - -/** - * \def MBEDTLS_SHA1_C - * - * Enable the SHA1 cryptographic hash algorithm. - * - * Module: library/mbedtls_sha1.c - * Caller: library/mbedtls_md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509write_crt.c - * - * This module is required for SSL/TLS and SHA1-signed certificates. - */ -#define MBEDTLS_SHA1_C - -/** - * \def MBEDTLS_SHA256_C - * - * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. - * - * Module: library/mbedtls_sha256.c - * Caller: library/entropy.c - * library/mbedtls_md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module adds support for SHA-224 and SHA-256. - * This module is required for the SSL/TLS 1.2 PRF function. - */ -#define MBEDTLS_SHA256_C - -/** - * \def MBEDTLS_SHA512_C - * - * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. - * - * Module: library/mbedtls_sha512.c - * Caller: library/entropy.c - * library/mbedtls_md.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * This module adds support for SHA-384 and SHA-512. - */ -#define MBEDTLS_SHA512_C - -/** - * \def MBEDTLS_SSL_CACHE_C - * - * Enable simple SSL cache implementation. - * - * Module: library/ssl_cache.c - * Caller: - * - * Requires: MBEDTLS_SSL_CACHE_C - */ -#define MBEDTLS_SSL_CACHE_C - -/** - * \def MBEDTLS_SSL_COOKIE_C - * - * Enable basic implementation of DTLS cookies for hello verification. - * - * Module: library/ssl_cookie.c - * Caller: - */ -#define MBEDTLS_SSL_COOKIE_C - -/** - * \def MBEDTLS_SSL_TICKET_C - * - * Enable an implementation of TLS server-side callbacks for session tickets. - * - * Module: library/ssl_ticket.c - * Caller: - * - * Requires: MBEDTLS_CIPHER_C - */ -#ifdef CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS -#define MBEDTLS_SSL_TICKET_C -#else -#undef MBEDTLS_SSL_TICKET_C -#endif - -/** - * \def MBEDTLS_SSL_CLI_C - * - * Enable the SSL/TLS client code. - * - * Module: library/ssl_cli.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS client support. - */ -#ifdef CONFIG_MBEDTLS_TLS_CLIENT -#define MBEDTLS_SSL_CLI_C -#else -#undef MBEDTLS_SSL_CLI_C -#endif - -/** - * \def MBEDTLS_SSL_SRV_C - * - * Enable the SSL/TLS server code. - * - * Module: library/ssl_srv.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS server support. - */ -#ifdef CONFIG_MBEDTLS_TLS_SERVER -#define MBEDTLS_SSL_SRV_C -#else -#undef MBEDTLS_SSL_SRV_C -#endif - -/** - * \def MBEDTLS_SSL_TLS_C - * - * Enable the generic SSL/TLS code. - * - * Module: library/ssl_tls.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * and at least one of the MBEDTLS_SSL_PROTO_XXX defines - * - * This module is required for SSL/TLS. - */ -#ifdef CONFIG_MBEDTLS_TLS_ENABLED -#define MBEDTLS_SSL_TLS_C -#else -#undef MBEDTLS_SSL_TLS_C -#endif - -/** - * \def MBEDTLS_TIMING_C - * - * Enable the semi-portable timing interface. - * - * \note The provided implementation only works on POSIX/Unix (including Linux, - * BSD and OS X) and Windows. On other platforms, you can either disable that - * module and provide your own implementations of the callbacks needed by - * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide - * your own implementation of the whole module by setting - * \c MBEDTLS_TIMING_ALT in the current file. - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS - * - * Module: library/timing.c - * Caller: library/havege.c - * - * This module is used by the HAVEGE random number generator. - */ -#ifdef MBEDTLS_TIMING_C -#undef MBEDTLS_TIMING_C -#endif - -/** - * \def MBEDTLS_VERSION_C - * - * Enable run-time version information. - * - * Module: library/version.c - * - * This module provides run-time version information. - */ -#define MBEDTLS_VERSION_C - -/** - * \def MBEDTLS_X509_USE_C - * - * Enable X.509 core for using certificates. - * - * Module: library/x509.c - * Caller: library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, - * MBEDTLS_PK_PARSE_C - * - * This module is required for the X.509 parsing modules. - */ -#define MBEDTLS_X509_USE_C - -/** - * \def MBEDTLS_X509_CRT_PARSE_C - * - * Enable X.509 certificate parsing. - * - * Module: library/mbedtls_x509_crt.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 certificate parsing. - */ -#define MBEDTLS_X509_CRT_PARSE_C - -/** - * \def MBEDTLS_X509_CRL_PARSE_C - * - * Enable X.509 CRL parsing. - * - * Module: library/mbedtls_x509_crl.c - * Caller: library/mbedtls_x509_crt.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 CRL parsing. - */ -#ifdef CONFIG_MBEDTLS_X509_CRL_PARSE_C -#define MBEDTLS_X509_CRL_PARSE_C -#else -#undef MBEDTLS_X509_CRL_PARSE_C -#endif - -/** - * \def MBEDTLS_X509_CSR_PARSE_C - * - * Enable X.509 Certificate Signing Request (CSR) parsing. - * - * Module: library/mbedtls_x509_csr.c - * Caller: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is used for reading X.509 certificate request. - */ -#ifdef CONFIG_MBEDTLS_X509_CSR_PARSE_C -#define MBEDTLS_X509_CSR_PARSE_C -#else -#undef MBEDTLS_X509_CSR_PARSE_C -#endif - -/** - * \def MBEDTLS_X509_CREATE_C - * - * Enable X.509 core for creating certificates. - * - * Module: library/x509_create.c - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C - * - * This module is the basis for creating X.509 certificates and CSRs. - */ -#define MBEDTLS_X509_CREATE_C - -/** - * \def MBEDTLS_X509_CRT_WRITE_C - * - * Enable creating X.509 certificates. - * - * Module: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate creation. - */ -#define MBEDTLS_X509_CRT_WRITE_C - -/** - * \def MBEDTLS_X509_CSR_WRITE_C - * - * Enable creating X.509 Certificate Signing Requests (CSR). - * - * Module: library/x509_csr_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate request writing. - */ -#define MBEDTLS_X509_CSR_WRITE_C - -/** - * \def MBEDTLS_XTEA_C - * - * Enable the XTEA block cipher. - * - * Module: library/xtea.c - * Caller: - */ -#ifdef CONFIG_MBEDTLS_XTEA_C -#define MBEDTLS_XTEA_C -#else -#undef MBEDTLS_XTEA_C -#endif - -/* \} name SECTION: mbed TLS modules */ - -/** - * \name SECTION: Module configuration options - * - * This section allows for the setting of module specific sizes and - * configuration options. The default values are already present in the - * relevant header files and should suffice for the regular use cases. - * - * Our advice is to enable options and change their values here - * only if you have a good reason and know the consequences. - * - * Please check the respective header file for documentation on these - * parameters (to prevent duplicate documentation). - * \{ - */ - -/* SSL options */ -#ifndef CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN - -#define MBEDTLS_SSL_MAX_CONTENT_LEN \ - CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O \ - buffers */ - -#else - -/** \def MBEDTLS_SSL_IN_CONTENT_LEN - * - * Maximum incoming fragment length in bytes. - * - * Uncomment to set the size of the inward TLS buffer independently of the - * outward buffer. - */ -#define MBEDTLS_SSL_IN_CONTENT_LEN CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN - -/** \def MBEDTLS_SSL_OUT_CONTENT_LEN - * - * Maximum outgoing fragment length in bytes. - * - * Uncomment to set the size of the outward TLS buffer independently of the - * inward buffer. - * - * It is possible to save RAM by setting a smaller outward buffer, while keeping - * the default inward 16384 byte buffer to conform to the TLS specification. - * - * The minimum required outward buffer size is determined by the handshake - * protocol's usage. Handshaking will fail if the outward buffer is too small. - * The specific size requirement depends on the configured ciphers and any - * certificate data which is sent during the handshake. - * - * For absolute minimum RAM usage, it's best to enable - * MBEDTLS_SSL_MAX_FRAGMENT_LENGTH and reduce MBEDTLS_SSL_MAX_CONTENT_LEN. This - * reduces both incoming and outgoing buffer sizes. However this is only - * guaranteed if the other end of the connection also supports the TLS - * max_fragment_len extension. Otherwise the connection may fail. - */ -#define MBEDTLS_SSL_OUT_CONTENT_LEN CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN - -#endif /* !CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN */ - -/** - * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake - * signature and ciphersuite selection. Without this build-time option, SHA-1 - * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes. - * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by - * default. At the time of writing, there is no practical attack on the use - * of SHA-1 in handshake signatures, hence this option is turned on by default - * for compatibility with existing peers. - */ -#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE - -/* \} name SECTION: Module configuration options */ - -#if defined(TARGET_LIKE_MBED) -#include "mbedtls/target_config.h" -#endif - -/* - * Allow user to override any previous default. - * - * Use two macro names for that, as: - * - with yotta the prefix YOTTA_CFG_ is forced - * - without yotta is looks weird to have a YOTTA prefix. - */ -#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) -#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE -#elif defined(MBEDTLS_USER_CONFIG_FILE) -#include MBEDTLS_USER_CONFIG_FILE -#endif - -#include "mbedtls/check_config.h" - -#endif /* ESP_CONFIG_H */ diff --git a/examples/all-clusters-app/esp32/sdkconfig.defaults b/examples/all-clusters-app/esp32/sdkconfig.defaults index 42d30f4d170b8d..d824c990600f65 100644 --- a/examples/all-clusters-app/esp32/sdkconfig.defaults +++ b/examples/all-clusters-app/esp32/sdkconfig.defaults @@ -60,6 +60,9 @@ CONFIG_ESPTOOLPY_FLASHSIZE="4MB" # Disable softap support by default CONFIG_ESP_WIFI_SOFTAP_SUPPORT=n +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y + # This example uses the older version of RMT driver to work with both # idf-v4.4.3 and idf-v5.0, so supressing the warnings by setting below option CONFIG_RMT_SUPPRESS_DEPRECATE_WARN=y diff --git a/examples/all-clusters-app/esp32/sdkconfig_c3devkit.defaults b/examples/all-clusters-app/esp32/sdkconfig_c3devkit.defaults index 737935b166f98f..24d4fe754ebdc8 100644 --- a/examples/all-clusters-app/esp32/sdkconfig_c3devkit.defaults +++ b/examples/all-clusters-app/esp32/sdkconfig_c3devkit.defaults @@ -47,3 +47,6 @@ CONFIG_LWIP_HOOK_ND6_GET_GW_DEFAULT=y # Serial Flasher config CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y CONFIG_ESPTOOLPY_FLASHSIZE="4MB" + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/all-clusters-app/esp32/sdkconfig_m5stack.defaults b/examples/all-clusters-app/esp32/sdkconfig_m5stack.defaults index 6b3de5e5cfea51..d8d54e5eea03a8 100644 --- a/examples/all-clusters-app/esp32/sdkconfig_m5stack.defaults +++ b/examples/all-clusters-app/esp32/sdkconfig_m5stack.defaults @@ -63,4 +63,7 @@ CONFIG_ESPTOOLPY_FLASHSIZE="4MB" #enable it may cause GPIO ISR triggers continuously CONFIG_BTDM_CTRL_MODEM_SLEEP=n CONFIG_BTDM_CTRL_MODEM_SLEEP_MODE_ORIG=n -CONFIG_BTDM_CTRL_LPCLK_SEL_MAIN_XTAL=n \ No newline at end of file +CONFIG_BTDM_CTRL_LPCLK_SEL_MAIN_XTAL=n + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/all-clusters-app/esp32/sdkconfig_m5stack_rpc.defaults b/examples/all-clusters-app/esp32/sdkconfig_m5stack_rpc.defaults index 5ffdd6672f1205..35fd87ed9f690c 100644 --- a/examples/all-clusters-app/esp32/sdkconfig_m5stack_rpc.defaults +++ b/examples/all-clusters-app/esp32/sdkconfig_m5stack_rpc.defaults @@ -67,4 +67,7 @@ CONFIG_ESPTOOLPY_FLASHSIZE="4MB" #enable it may cause GPIO ISR triggers continuously CONFIG_BTDM_CTRL_MODEM_SLEEP=n CONFIG_BTDM_CTRL_MODEM_SLEEP_MODE_ORIG=n -CONFIG_BTDM_CTRL_LPCLK_SEL_MAIN_XTAL=n \ No newline at end of file +CONFIG_BTDM_CTRL_LPCLK_SEL_MAIN_XTAL=n + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/all-clusters-minimal-app/esp32/sdkconfig.defaults b/examples/all-clusters-minimal-app/esp32/sdkconfig.defaults index 42d30f4d170b8d..dcceac3858cd3e 100644 --- a/examples/all-clusters-minimal-app/esp32/sdkconfig.defaults +++ b/examples/all-clusters-minimal-app/esp32/sdkconfig.defaults @@ -63,3 +63,6 @@ CONFIG_ESP_WIFI_SOFTAP_SUPPORT=n # This example uses the older version of RMT driver to work with both # idf-v4.4.3 and idf-v5.0, so supressing the warnings by setting below option CONFIG_RMT_SUPPRESS_DEPRECATE_WARN=y + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/all-clusters-minimal-app/esp32/sdkconfig_c3devkit.defaults b/examples/all-clusters-minimal-app/esp32/sdkconfig_c3devkit.defaults index 737935b166f98f..24d4fe754ebdc8 100644 --- a/examples/all-clusters-minimal-app/esp32/sdkconfig_c3devkit.defaults +++ b/examples/all-clusters-minimal-app/esp32/sdkconfig_c3devkit.defaults @@ -47,3 +47,6 @@ CONFIG_LWIP_HOOK_ND6_GET_GW_DEFAULT=y # Serial Flasher config CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y CONFIG_ESPTOOLPY_FLASHSIZE="4MB" + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/all-clusters-minimal-app/esp32/sdkconfig_m5stack.defaults b/examples/all-clusters-minimal-app/esp32/sdkconfig_m5stack.defaults index 6b3de5e5cfea51..d8d54e5eea03a8 100644 --- a/examples/all-clusters-minimal-app/esp32/sdkconfig_m5stack.defaults +++ b/examples/all-clusters-minimal-app/esp32/sdkconfig_m5stack.defaults @@ -63,4 +63,7 @@ CONFIG_ESPTOOLPY_FLASHSIZE="4MB" #enable it may cause GPIO ISR triggers continuously CONFIG_BTDM_CTRL_MODEM_SLEEP=n CONFIG_BTDM_CTRL_MODEM_SLEEP_MODE_ORIG=n -CONFIG_BTDM_CTRL_LPCLK_SEL_MAIN_XTAL=n \ No newline at end of file +CONFIG_BTDM_CTRL_LPCLK_SEL_MAIN_XTAL=n + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/all-clusters-minimal-app/esp32/sdkconfig_m5stack_rpc.defaults b/examples/all-clusters-minimal-app/esp32/sdkconfig_m5stack_rpc.defaults index 5ffdd6672f1205..35fd87ed9f690c 100644 --- a/examples/all-clusters-minimal-app/esp32/sdkconfig_m5stack_rpc.defaults +++ b/examples/all-clusters-minimal-app/esp32/sdkconfig_m5stack_rpc.defaults @@ -67,4 +67,7 @@ CONFIG_ESPTOOLPY_FLASHSIZE="4MB" #enable it may cause GPIO ISR triggers continuously CONFIG_BTDM_CTRL_MODEM_SLEEP=n CONFIG_BTDM_CTRL_MODEM_SLEEP_MODE_ORIG=n -CONFIG_BTDM_CTRL_LPCLK_SEL_MAIN_XTAL=n \ No newline at end of file +CONFIG_BTDM_CTRL_LPCLK_SEL_MAIN_XTAL=n + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/bridge-app/esp32/sdkconfig.defaults b/examples/bridge-app/esp32/sdkconfig.defaults index 611f452a22990c..bc364e144359d3 100644 --- a/examples/bridge-app/esp32/sdkconfig.defaults +++ b/examples/bridge-app/esp32/sdkconfig.defaults @@ -45,3 +45,6 @@ CONFIG_LWIP_HOOK_ND6_GET_GW_DEFAULT=y # Disable softap support by default CONFIG_ESP_WIFI_SOFTAP_SUPPORT=n + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/chef/esp32/main/CMakeLists.txt b/examples/chef/esp32/main/CMakeLists.txt index e1940af232fd8d..5a48e62a7bb457 100644 --- a/examples/chef/esp32/main/CMakeLists.txt +++ b/examples/chef/esp32/main/CMakeLists.txt @@ -107,7 +107,7 @@ endif (CONFIG_ENABLE_PW_RPC) idf_component_register(PRIV_INCLUDE_DIRS "${CHIP_SHELL_DIR}/shell_common/include" "${PRIV_INCLUDE_DIRS_LIST}" - PRIV_REQUIRES chip nvs_flash bt console esp32_mbedtls QRCode tft screen-framework spidriver + PRIV_REQUIRES chip nvs_flash bt console mbedtls QRCode tft screen-framework spidriver SRC_DIRS ${SRC_DIRS_LIST}) include("${CHIP_ROOT}/build/chip/esp32/esp32_codegen.cmake") diff --git a/examples/chef/esp32/sdkconfig.defaults b/examples/chef/esp32/sdkconfig.defaults index a4365b4d808315..ca2cd09fcd1541 100644 --- a/examples/chef/esp32/sdkconfig.defaults +++ b/examples/chef/esp32/sdkconfig.defaults @@ -56,3 +56,6 @@ CONFIG_ESPTOOLPY_FLASHSIZE="4MB" # Disable softap support by default CONFIG_ESP_WIFI_SOFTAP_SUPPORT=n + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/chef/esp32/sdkconfig_rpc.defaults b/examples/chef/esp32/sdkconfig_rpc.defaults index 97220a651a1abe..caac0212b3b17a 100644 --- a/examples/chef/esp32/sdkconfig_rpc.defaults +++ b/examples/chef/esp32/sdkconfig_rpc.defaults @@ -55,3 +55,6 @@ CONFIG_ESP_MAIN_TASK_STACK_SIZE=6144 # Serial Flasher config CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y CONFIG_ESPTOOLPY_FLASHSIZE="4MB" + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/light-switch-app/esp32/sdkconfig.defaults b/examples/light-switch-app/esp32/sdkconfig.defaults index 822b1da8974845..e392501a531a67 100644 --- a/examples/light-switch-app/esp32/sdkconfig.defaults +++ b/examples/light-switch-app/esp32/sdkconfig.defaults @@ -52,3 +52,6 @@ CONFIG_ENABLE_CHIP_SHELL=y # Disable softap support by default CONFIG_ESP_WIFI_SOFTAP_SUPPORT=n + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/lighting-app/esp32/sdkconfig.defaults b/examples/lighting-app/esp32/sdkconfig.defaults index 32b11db88fb2f9..59c0af656896f0 100644 --- a/examples/lighting-app/esp32/sdkconfig.defaults +++ b/examples/lighting-app/esp32/sdkconfig.defaults @@ -55,3 +55,6 @@ CONFIG_ESP_WIFI_SOFTAP_SUPPORT=n # This example uses the older version of RMT driver to work with both # idf-v4.4.3 and idf-v5.0, so suppressing the warnings by setting below option CONFIG_RMT_SUPPRESS_DEPRECATE_WARN=y + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/lighting-app/esp32/sdkconfig.optimize.defaults b/examples/lighting-app/esp32/sdkconfig.optimize.defaults index 97a291d44d9e6d..78b876c81aa991 100644 --- a/examples/lighting-app/esp32/sdkconfig.optimize.defaults +++ b/examples/lighting-app/esp32/sdkconfig.optimize.defaults @@ -91,3 +91,5 @@ CONFIG_NIMBLE_MAX_CONNECTIONS=1 CONFIG_TCPIP_RECVMBOX_SIZE=16 CONFIG_TCP_SYNMAXRTX=6 +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/lighting-app/esp32/sdkconfig_m5stack.defaults b/examples/lighting-app/esp32/sdkconfig_m5stack.defaults index 3f70ee3bfe1c46..95d805aa75b55e 100644 --- a/examples/lighting-app/esp32/sdkconfig_m5stack.defaults +++ b/examples/lighting-app/esp32/sdkconfig_m5stack.defaults @@ -62,3 +62,6 @@ CONFIG_ESP_WIFI_SOFTAP_SUPPORT=n # This example uses the older version of RMT driver to work with both # idf-v4.4.3 and idf-v5.0, so supressing the warnings by setting below option CONFIG_RMT_SUPPRESS_DEPRECATE_WARN=y + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/lock-app/esp32/sdkconfig.defaults b/examples/lock-app/esp32/sdkconfig.defaults index f74cbb10d6c259..29b42045b60791 100644 --- a/examples/lock-app/esp32/sdkconfig.defaults +++ b/examples/lock-app/esp32/sdkconfig.defaults @@ -49,3 +49,6 @@ CONFIG_DEVICE_PRODUCT_ID=0x8006 # Disable softap support by default CONFIG_ESP_WIFI_SOFTAP_SUPPORT=n + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/ota-provider-app/esp32/sdkconfig.defaults b/examples/ota-provider-app/esp32/sdkconfig.defaults index 74c5ea54afdd65..9c1ccf088c9592 100644 --- a/examples/ota-provider-app/esp32/sdkconfig.defaults +++ b/examples/ota-provider-app/esp32/sdkconfig.defaults @@ -64,3 +64,6 @@ CONFIG_ENABLE_CHIP_SHELL=y # Disable softap support by default CONFIG_ESP_WIFI_SOFTAP_SUPPORT=n + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/ota-requestor-app/esp32/sdkconfig.defaults b/examples/ota-requestor-app/esp32/sdkconfig.defaults index e25893a290b100..b994220206e218 100644 --- a/examples/ota-requestor-app/esp32/sdkconfig.defaults +++ b/examples/ota-requestor-app/esp32/sdkconfig.defaults @@ -65,3 +65,6 @@ CONFIG_ENABLE_CHIP_SHELL=y # Disable softap support by default CONFIG_ESP_WIFI_SOFTAP_SUPPORT=n + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/ota-requestor-app/esp32/sdkconfig_m5stack.defaults b/examples/ota-requestor-app/esp32/sdkconfig_m5stack.defaults index e251fb99a5bc47..6e55e05779841d 100644 --- a/examples/ota-requestor-app/esp32/sdkconfig_m5stack.defaults +++ b/examples/ota-requestor-app/esp32/sdkconfig_m5stack.defaults @@ -63,3 +63,6 @@ CONFIG_BTDM_CTRL_LPCLK_SEL_MAIN_XTAL=n # Enable OTA Requestor CONFIG_ENABLE_OTA_REQUESTOR=y CONFIG_DEVICE_SOFTWARE_VERSION_NUMBER=2 + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/ota-requestor-app/esp32/sdkconfig_m5stack_rpc.defaults b/examples/ota-requestor-app/esp32/sdkconfig_m5stack_rpc.defaults index 3f39345861b8c3..8d425ec83719cd 100644 --- a/examples/ota-requestor-app/esp32/sdkconfig_m5stack_rpc.defaults +++ b/examples/ota-requestor-app/esp32/sdkconfig_m5stack_rpc.defaults @@ -70,3 +70,6 @@ CONFIG_EXAMPLE_UART_BAUD_RATE=115200 CONFIG_EXAMPLE_UART_RXD=3 CONFIG_EXAMPLE_UART_TXD=1 CONFIG_ENABLE_PW_RPC=y + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/ota-requestor-app/esp32/sdkconfig_rpc.defaults b/examples/ota-requestor-app/esp32/sdkconfig_rpc.defaults index 350613d6118874..8e3f95fd44319f 100644 --- a/examples/ota-requestor-app/esp32/sdkconfig_rpc.defaults +++ b/examples/ota-requestor-app/esp32/sdkconfig_rpc.defaults @@ -62,4 +62,7 @@ CONFIG_EXAMPLE_UART_PORT_NUM=0 CONFIG_EXAMPLE_UART_BAUD_RATE=115200 CONFIG_EXAMPLE_UART_RXD=3 CONFIG_EXAMPLE_UART_TXD=1 -CONFIG_ENABLE_PW_RPC=y \ No newline at end of file +CONFIG_ENABLE_PW_RPC=y + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/persistent-storage/esp32/sdkconfig.defaults b/examples/persistent-storage/esp32/sdkconfig.defaults index 9fb2f9e34dbe5e..f9a4c4bbcb05da 100644 --- a/examples/persistent-storage/esp32/sdkconfig.defaults +++ b/examples/persistent-storage/esp32/sdkconfig.defaults @@ -29,3 +29,6 @@ CONFIG_PARTITION_TABLE_FILENAME="partitions.csv" # Vendor and product id CONFIG_DEVICE_VENDOR_ID=0xFFF1 CONFIG_DEVICE_PRODUCT_ID=0x8009 + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/pigweed-app/esp32/sdkconfig.defaults b/examples/pigweed-app/esp32/sdkconfig.defaults index 6ad8460e99986c..3421646d8fbbdf 100644 --- a/examples/pigweed-app/esp32/sdkconfig.defaults +++ b/examples/pigweed-app/esp32/sdkconfig.defaults @@ -40,3 +40,6 @@ CONFIG_ENABLE_PW_RPC=y # Vendor and product id CONFIG_DEVICE_VENDOR_ID=0xFFF1 CONFIG_DEVICE_PRODUCT_ID=0x800B + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/shell/esp32/main/CMakeLists.txt b/examples/shell/esp32/main/CMakeLists.txt index a55f95cc8c3677..8fac15167812f5 100644 --- a/examples/shell/esp32/main/CMakeLists.txt +++ b/examples/shell/esp32/main/CMakeLists.txt @@ -23,4 +23,4 @@ idf_component_register(SRCS main.cpp "${CHIP_SHELL_DIR}/shell_common/globals.cpp" PRIV_INCLUDE_DIRS "${CHIP_SHELL_DIR}/shell_common/include" - PRIV_REQUIRES chip nvs_flash bt console esp32_mbedtls) + PRIV_REQUIRES chip nvs_flash bt console) diff --git a/examples/temperature-measurement-app/esp32/sdkconfig.defaults b/examples/temperature-measurement-app/esp32/sdkconfig.defaults index 4aea5a3a2c96cb..33c86a9673b901 100644 --- a/examples/temperature-measurement-app/esp32/sdkconfig.defaults +++ b/examples/temperature-measurement-app/esp32/sdkconfig.defaults @@ -90,3 +90,6 @@ CONFIG_LWIP_HOOK_ND6_GET_GW_DEFAULT=y # Disable softap support by default CONFIG_ESP_WIFI_SOFTAP_SUPPORT=n + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/temperature-measurement-app/esp32/sdkconfig.optimize.defaults b/examples/temperature-measurement-app/esp32/sdkconfig.optimize.defaults index 86335c251937d2..ec8e29e4726ee6 100644 --- a/examples/temperature-measurement-app/esp32/sdkconfig.optimize.defaults +++ b/examples/temperature-measurement-app/esp32/sdkconfig.optimize.defaults @@ -76,3 +76,6 @@ CONFIG_BTDM_CONTROLLER_BLE_MAX_CONN_EFF=1 CONFIG_NIMBLE_MAX_CONNECTIONS=1 CONFIG_TCPIP_RECVMBOX_SIZE=16 CONFIG_TCP_SYNMAXRTX=6 + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/examples/temperature-measurement-app/esp32/sdkconfig_rpc.defaults b/examples/temperature-measurement-app/esp32/sdkconfig_rpc.defaults index f1e074d1fe6197..936e8ee05908da 100644 --- a/examples/temperature-measurement-app/esp32/sdkconfig_rpc.defaults +++ b/examples/temperature-measurement-app/esp32/sdkconfig_rpc.defaults @@ -90,4 +90,7 @@ CONFIG_EXAMPLE_UART_PORT_NUM=0 CONFIG_EXAMPLE_UART_BAUD_RATE=115200 CONFIG_EXAMPLE_UART_RXD=3 CONFIG_EXAMPLE_UART_TXD=1 -CONFIG_ENABLE_PW_RPC=y \ No newline at end of file +CONFIG_ENABLE_PW_RPC=y + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/src/test_driver/esp32/sdkconfig.defaults b/src/test_driver/esp32/sdkconfig.defaults index 78f0bdd4979f41..77ae47ce60b141 100644 --- a/src/test_driver/esp32/sdkconfig.defaults +++ b/src/test_driver/esp32/sdkconfig.defaults @@ -31,3 +31,6 @@ CONFIG_ESP_MAIN_TASK_STACK_SIZE=32768 #enable BT CONFIG_BT_ENABLED=y + +#enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y diff --git a/src/test_driver/esp32/sdkconfig_qemu.defaults b/src/test_driver/esp32/sdkconfig_qemu.defaults index 31a991644d1377..6278876c71d564 100644 --- a/src/test_driver/esp32/sdkconfig_qemu.defaults +++ b/src/test_driver/esp32/sdkconfig_qemu.defaults @@ -49,3 +49,6 @@ CONFIG_PARTITION_TABLE_FILENAME="partitions.csv" # Crypto tests generally take long enough for the watchdog to trigger # otherwise. CONFIG_ESP_TASK_WDT=n + +# Enable HKDF in mbedtls +CONFIG_MBEDTLS_HKDF_C=y