Merge branch 'feature/mbedtls_ecjpake_config_option' into 'master'
mbedtls: add configuration options for EC-JPAKE Closes IDFGH-3085 See merge request espressif/esp-idf!8325
This commit is contained in:
commit
b28a5cfd22
2 changed files with 42 additions and 1 deletions
|
@ -389,6 +389,13 @@ menu "mbedTLS"
|
||||||
help
|
help
|
||||||
Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
|
Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
|
||||||
|
|
||||||
|
config MBEDTLS_KEY_EXCHANGE_ECJPAKE
|
||||||
|
bool "Enable ECJPAKE based ciphersuite modes"
|
||||||
|
depends on MBEDTLS_ECJPAKE_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||||
|
default n
|
||||||
|
help
|
||||||
|
Enable to support ciphersuites with prefix TLS-ECJPAKE-WITH-
|
||||||
|
|
||||||
endmenu # TLS key exchange modes
|
endmenu # TLS key exchange modes
|
||||||
|
|
||||||
config MBEDTLS_SSL_RENEGOTIATION
|
config MBEDTLS_SSL_RENEGOTIATION
|
||||||
|
@ -586,6 +593,13 @@ menu "mbedTLS"
|
||||||
help
|
help
|
||||||
Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites.
|
Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites.
|
||||||
|
|
||||||
|
config MBEDTLS_ECJPAKE_C
|
||||||
|
bool "Elliptic curve J-PAKE"
|
||||||
|
depends on MBEDTLS_ECP_C
|
||||||
|
default n
|
||||||
|
help
|
||||||
|
Enable ECJPAKE. Needed to use ECJPAKE-xxx TLS ciphersuites.
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
config MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||||
bool "Enable SECP192R1 curve"
|
bool "Enable SECP192R1 curve"
|
||||||
depends on MBEDTLS_ECP_C
|
depends on MBEDTLS_ECP_C
|
||||||
|
|
|
@ -684,6 +684,29 @@
|
||||||
#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||||
|
*
|
||||||
|
* Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
|
||||||
|
*
|
||||||
|
* \warning This is currently experimental. EC J-PAKE support is based on the
|
||||||
|
* Thread v1.0.0 specification; incompatible changes to the specification
|
||||||
|
* might still happen. For this reason, this is disabled by default.
|
||||||
|
*
|
||||||
|
* Requires: MBEDTLS_ECJPAKE_C
|
||||||
|
* MBEDTLS_SHA256_C
|
||||||
|
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||||
|
*
|
||||||
|
* This enables the following ciphersuites (if other requisites are
|
||||||
|
* enabled as well):
|
||||||
|
* MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
|
||||||
|
*/
|
||||||
|
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE
|
||||||
|
#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||||
|
#else
|
||||||
|
#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||||
|
#endif
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_PK_PARSE_EC_EXTENDED
|
* \def MBEDTLS_PK_PARSE_EC_EXTENDED
|
||||||
*
|
*
|
||||||
|
@ -1594,7 +1617,11 @@
|
||||||
*
|
*
|
||||||
* Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
|
* Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
|
||||||
*/
|
*/
|
||||||
//#define MBEDTLS_ECJPAKE_C
|
#ifdef CONFIG_MBEDTLS_ECJPAKE_C
|
||||||
|
#define MBEDTLS_ECJPAKE_C
|
||||||
|
#else
|
||||||
|
#undef MBEDTLS_ECJPAKE_C
|
||||||
|
#endif
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_ECP_C
|
* \def MBEDTLS_ECP_C
|
||||||
|
|
Loading…
Reference in a new issue