From 4883010f4010702fee2b9c2556309fcd05f37d64 Mon Sep 17 00:00:00 2001 From: kangping Date: Sun, 12 Apr 2020 18:20:10 +0800 Subject: [PATCH] mbedtls: add configuration options for EC-JPAKE Closes https://github.com/espressif/esp-idf/pull/5106 --- components/mbedtls/Kconfig | 14 +++++++++ .../mbedtls/port/include/mbedtls/esp_config.h | 29 ++++++++++++++++++- 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index 737f8cdb2..5c055fc8e 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -389,6 +389,13 @@ menu "mbedTLS" help Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH- + config MBEDTLS_KEY_EXCHANGE_ECJPAKE + bool "Enable ECJPAKE based ciphersuite modes" + depends on MBEDTLS_ECJPAKE_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED + default n + help + Enable to support ciphersuites with prefix TLS-ECJPAKE-WITH- + endmenu # TLS key exchange modes config MBEDTLS_SSL_RENEGOTIATION @@ -586,6 +593,13 @@ menu "mbedTLS" help Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites. + config MBEDTLS_ECJPAKE_C + bool "Elliptic curve J-PAKE" + depends on MBEDTLS_ECP_C + default n + help + Enable ECJPAKE. Needed to use ECJPAKE-xxx TLS ciphersuites. + config MBEDTLS_ECP_DP_SECP192R1_ENABLED bool "Enable SECP192R1 curve" depends on MBEDTLS_ECP_C diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index 5519396f9..f89b8c9d8 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -684,6 +684,29 @@ #undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED #endif +/** + * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + * + * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. + * + * \warning This is currently experimental. EC J-PAKE support is based on the + * Thread v1.0.0 specification; incompatible changes to the specification + * might still happen. For this reason, this is disabled by default. + * + * Requires: MBEDTLS_ECJPAKE_C + * MBEDTLS_SHA256_C + * MBEDTLS_ECP_DP_SECP256R1_ENABLED + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 + */ +#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE +#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +#else +#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +#endif + /** * \def MBEDTLS_PK_PARSE_EC_EXTENDED * @@ -1594,7 +1617,11 @@ * * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C */ -//#define MBEDTLS_ECJPAKE_C +#ifdef CONFIG_MBEDTLS_ECJPAKE_C +#define MBEDTLS_ECJPAKE_C +#else +#undef MBEDTLS_ECJPAKE_C +#endif /** * \def MBEDTLS_ECP_C