modules/Kconfig.mbedtls - third_party/github/zephyrproject-rtos/zephyr - Git at Google

 # Cryptography primitive options for mbed TLS

 # Copyright (c) 2016 Intel Corporation
 # SPDX-License-Identifier: Apache-2.0

 menuconfig MBEDTLS
 	bool "mbedTLS Support"
 	help
 	  This option enables the mbedTLS cryptography library.

 if MBEDTLS

 choice
 	prompt "Select implementation"
 	default MBEDTLS_BUILTIN

 config MBEDTLS_BUILTIN
 	bool "Enable mbedTLS integrated sources"
 	help
 	  Link with local mbedTLS sources instead of external library.

 config MBEDTLS_LIBRARY
 	bool "Enable mbedTLS external library"
 	help
 	  This option enables mbedTLS library.

 endchoice

 config MBEDTLS_CFG_FILE
 	string "mbed TLS configuration file"
 	depends on MBEDTLS_BUILTIN
 	default "config-tls-generic.h"
 	help
 	  Use a specific mbed TLS configuration file. The default config file
 	  file can be tweaked with Kconfig. The default configuration is
 	  suitable to communicate with majority of HTTPS servers on the Internet,
 	  but has relatively many features enabled. To optimize resources for
 	  special TLS usage, use available Kconfig options, or select an
 	  alternative config.

 if MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h"
 rsource "Kconfig.tls-generic"
 endif

 config MBEDTLS_SSL_MAX_CONTENT_LEN
 	int "Max payload size for TLS protocol message"
 	default 1500
 	depends on MBEDTLS_BUILTIN
 	help
 	  The TLS standards mandate max payload size of 16384 bytes. So, for
 	  maximum operability and for general-purpose usage, that value must
 	  be used. For specific usages, that value can be largely decreased.
 	  E.g. for DTLS, payload size is limited by UDP datagram size, and
 	  even for HTTPS REST API, the payload can be limited to max size of
 	  (REST request, REST response, server certificate(s)).
 	  mbedTLS uses this value separate for input and output buffers, so
 	  twice this value will be allocated (on mbedTLS own heap, so the
 	  value of MBEDTLS_HEAP_SIZE should accommodate that).

 config MBEDTLS_DEBUG
 	bool "mbed TLS debug activation"
 	depends on MBEDTLS_BUILTIN
 	help
 	  Enable debugging activation for mbed TLS configuration. If you use
 	  mbedTLS/Zephyr integration (e.g. net_app), this will activate debug
 	  logging (of the level configured by MBEDTLS_DEBUG_LEVEL).
 	  If you use mbedTLS directly instead, you will need to perform
 	  additional configuration yourself: call
 	  mbedtls_ssl_conf_dbg(&mbedtls.conf, my_debug, NULL);
 	  mbedtls_debug_set_threshold(level);
 	  functions in your application, and create the my_debug() function to
 	  actually print something useful.

 config MBEDTLS_DEBUG_LEVEL
 	int "mbed TLS default debug level"
 	depends on MBEDTLS_DEBUG
 	default 0
 	range 0 4
 	help
 	  Default mbed TLS debug logging level for Zephyr integration code
 	  (from ext/lib/crypto/mbedtls/include/mbedtls/debug.h):
 	  0 No debug
 	  1 Error
 	  2 State change
 	  3 Information
 	  4 Verbose

 config MBEDTLS_TEST
 	bool "Compile internal self test functions"
 	depends on MBEDTLS_BUILTIN
 	help
 	  Enable self test function for the crypto algorithms

 config MBEDTLS_INSTALL_PATH
 	string "mbedTLS install path"
 	depends on MBEDTLS_LIBRARY
 	help
 	  This option holds the path where the mbedTLS libraries and headers are
 	  installed. Make sure this option is properly set when MBEDTLS_LIBRARY
 	  is enabled otherwise the build will fail.

 config MBEDTLS_ENABLE_HEAP
 	bool "Enable global heap for mbed TLS"
 	help
 	  This option enables the mbedtls to use the heap. This setting must
 	  be global so that various applications and libraries in Zephyr do not
 	  try to do this themselves as there can be only one heap defined
 	  in mbedtls. If this is enabled, then the Zephyr will, during the device
 	  startup, initialize the heap automatically.

 config MBEDTLS_HEAP_SIZE
 	int "Heap size for mbed TLS"
 	default 512
 	depends on MBEDTLS_ENABLE_HEAP
 	help
 	  The mbedtls routines will use this heap if enabled.
 	  See ext/lib/crypto/mbedtls/include/mbedtls/config.h and
 	  MBEDTLS_MEMORY_BUFFER_ALLOC_C option for details. That option is not
 	  enabled by default.
 	  Default value for the heap size is not set as it depends on the
 	  application. For streaming communication with arbitrary (HTTPS)
 	  servers on the Internet, 32KB + overheads (up to another 20KB) may
 	  be needed. For some dedicated and specific usage of mbedtls API, the
 	  1000 bytes might be ok.

 config APP_LINK_WITH_MBEDTLS
 	bool "Link 'app' with MBEDTLS"
 	default y
 	help
 	  Add MBEDTLS header files to the 'app' include path. It may be
 	  disabled if the include paths for MBEDTLS are causing aliasing
 	  issues for 'app'.

 endif # MBEDTLS
	# Cryptography primitive options for mbed TLS

	# Copyright (c) 2016 Intel Corporation
	# SPDX-License-Identifier: Apache-2.0

	menuconfig MBEDTLS
	bool "mbedTLS Support"
	help
	This option enables the mbedTLS cryptography library.

	if MBEDTLS

	choice
	prompt "Select implementation"
	default MBEDTLS_BUILTIN

	config MBEDTLS_BUILTIN
	bool "Enable mbedTLS integrated sources"
	help
	Link with local mbedTLS sources instead of external library.

	config MBEDTLS_LIBRARY
	bool "Enable mbedTLS external library"
	help
	This option enables mbedTLS library.

	endchoice

	config MBEDTLS_CFG_FILE
	string "mbed TLS configuration file"
	depends on MBEDTLS_BUILTIN
	default "config-tls-generic.h"
	help
	Use a specific mbed TLS configuration file. The default config file
	file can be tweaked with Kconfig. The default configuration is
	suitable to communicate with majority of HTTPS servers on the Internet,
	but has relatively many features enabled. To optimize resources for
	special TLS usage, use available Kconfig options, or select an
	alternative config.

	if MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h"
	rsource "Kconfig.tls-generic"
	endif

	config MBEDTLS_SSL_MAX_CONTENT_LEN
	int "Max payload size for TLS protocol message"
	default 1500
	depends on MBEDTLS_BUILTIN
	help
	The TLS standards mandate max payload size of 16384 bytes. So, for
	maximum operability and for general-purpose usage, that value must
	be used. For specific usages, that value can be largely decreased.
	E.g. for DTLS, payload size is limited by UDP datagram size, and
	even for HTTPS REST API, the payload can be limited to max size of
	(REST request, REST response, server certificate(s)).
	mbedTLS uses this value separate for input and output buffers, so
	twice this value will be allocated (on mbedTLS own heap, so the
	value of MBEDTLS_HEAP_SIZE should accommodate that).

	config MBEDTLS_DEBUG
	bool "mbed TLS debug activation"
	depends on MBEDTLS_BUILTIN
	help
	Enable debugging activation for mbed TLS configuration. If you use
	mbedTLS/Zephyr integration (e.g. net_app), this will activate debug
	logging (of the level configured by MBEDTLS_DEBUG_LEVEL).
	If you use mbedTLS directly instead, you will need to perform
	additional configuration yourself: call
	mbedtls_ssl_conf_dbg(&mbedtls.conf, my_debug, NULL);
	mbedtls_debug_set_threshold(level);
	functions in your application, and create the my_debug() function to
	actually print something useful.

	config MBEDTLS_DEBUG_LEVEL
	int "mbed TLS default debug level"
	depends on MBEDTLS_DEBUG
	default 0
	range 0 4
	help
	Default mbed TLS debug logging level for Zephyr integration code
	(from ext/lib/crypto/mbedtls/include/mbedtls/debug.h):
	0 No debug
	1 Error
	2 State change
	3 Information
	4 Verbose

	config MBEDTLS_TEST
	bool "Compile internal self test functions"
	depends on MBEDTLS_BUILTIN
	help
	Enable self test function for the crypto algorithms

	config MBEDTLS_INSTALL_PATH
	string "mbedTLS install path"
	depends on MBEDTLS_LIBRARY
	help
	This option holds the path where the mbedTLS libraries and headers are
	installed. Make sure this option is properly set when MBEDTLS_LIBRARY
	is enabled otherwise the build will fail.

	config MBEDTLS_ENABLE_HEAP
	bool "Enable global heap for mbed TLS"
	help
	This option enables the mbedtls to use the heap. This setting must
	be global so that various applications and libraries in Zephyr do not
	try to do this themselves as there can be only one heap defined
	in mbedtls. If this is enabled, then the Zephyr will, during the device
	startup, initialize the heap automatically.

	config MBEDTLS_HEAP_SIZE
	int "Heap size for mbed TLS"
	default 512
	depends on MBEDTLS_ENABLE_HEAP
	help
	The mbedtls routines will use this heap if enabled.
	See ext/lib/crypto/mbedtls/include/mbedtls/config.h and
	MBEDTLS_MEMORY_BUFFER_ALLOC_C option for details. That option is not
	enabled by default.
	Default value for the heap size is not set as it depends on the
	application. For streaming communication with arbitrary (HTTPS)
	servers on the Internet, 32KB + overheads (up to another 20KB) may
	be needed. For some dedicated and specific usage of mbedtls API, the
	1000 bytes might be ok.

	config APP_LINK_WITH_MBEDTLS
	bool "Link 'app' with MBEDTLS"
	default y
	help
	Add MBEDTLS header files to the 'app' include path. It may be
	disabled if the include paths for MBEDTLS are causing aliasing
	issues for 'app'.

	endif # MBEDTLS