Merge branch 'feature/mbedtls_ecjpake_config_option' into 'master'

mbedtls: add configuration options for EC-JPAKE

Closes IDFGH-3085

See merge request espressif/esp-idf!8325
This commit is contained in:
Mahavir Jain 2020-04-15 12:57:10 +08:00
commit b28a5cfd22
2 changed files with 42 additions and 1 deletions

View file

@ -389,6 +389,13 @@ menu "mbedTLS"
help help
Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH- Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
config MBEDTLS_KEY_EXCHANGE_ECJPAKE
bool "Enable ECJPAKE based ciphersuite modes"
depends on MBEDTLS_ECJPAKE_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED
default n
help
Enable to support ciphersuites with prefix TLS-ECJPAKE-WITH-
endmenu # TLS key exchange modes endmenu # TLS key exchange modes
config MBEDTLS_SSL_RENEGOTIATION config MBEDTLS_SSL_RENEGOTIATION
@ -586,6 +593,13 @@ menu "mbedTLS"
help help
Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites. Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites.
config MBEDTLS_ECJPAKE_C
bool "Elliptic curve J-PAKE"
depends on MBEDTLS_ECP_C
default n
help
Enable ECJPAKE. Needed to use ECJPAKE-xxx TLS ciphersuites.
config MBEDTLS_ECP_DP_SECP192R1_ENABLED config MBEDTLS_ECP_DP_SECP192R1_ENABLED
bool "Enable SECP192R1 curve" bool "Enable SECP192R1 curve"
depends on MBEDTLS_ECP_C depends on MBEDTLS_ECP_C

View file

@ -684,6 +684,29 @@
#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
#endif #endif
/**
* \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
*
* Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
*
* \warning This is currently experimental. EC J-PAKE support is based on the
* Thread v1.0.0 specification; incompatible changes to the specification
* might still happen. For this reason, this is disabled by default.
*
* Requires: MBEDTLS_ECJPAKE_C
* MBEDTLS_SHA256_C
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
*/
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE
#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
#else
#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
#endif
/** /**
* \def MBEDTLS_PK_PARSE_EC_EXTENDED * \def MBEDTLS_PK_PARSE_EC_EXTENDED
* *
@ -1594,7 +1617,11 @@
* *
* Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
*/ */
//#define MBEDTLS_ECJPAKE_C #ifdef CONFIG_MBEDTLS_ECJPAKE_C
#define MBEDTLS_ECJPAKE_C
#else
#undef MBEDTLS_ECJPAKE_C
#endif
/** /**
* \def MBEDTLS_ECP_C * \def MBEDTLS_ECP_C