| Sergio Rodriguez | 312def2 | 2016-07-20 15:03:12 -0700 | [diff] [blame] | 1 | # Kconfig - Cryptography primitive options for mbed TLS |
| 2 | |
| 3 | # |
| 4 | # Copyright (c) 2016 Intel Corporation |
| 5 | # |
| 6 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 7 | # you may not use this file except in compliance with the License. |
| 8 | # You may obtain a copy of the License at |
| 9 | # |
| 10 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | # |
| 12 | # Unless required by applicable law or agreed to in writing, software |
| 13 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 15 | # See the License for the specific language governing permissions and |
| 16 | # limitations under the License. |
| 17 | # |
| 18 | |
| 19 | |
| 20 | menuconfig MBEDTLS |
| 21 | bool |
| 22 | prompt "mbedTLS Support" |
| 23 | default n |
| 24 | help |
| 25 | This option enables the mbedTLS cryptography library. |
| 26 | |
| 27 | config MBEDTLS_BUILTIN |
| 28 | bool "Enable mbedTLS integrated sources" |
| 29 | depends on MBEDTLS |
| 30 | default n |
| 31 | help |
| Anas Nashif | 429c2a4 | 2017-12-13 10:08:21 -0500 | [diff] [blame^] | 32 | Link with local mbedTLS sources instead of external library. |
| Sergio Rodriguez | 312def2 | 2016-07-20 15:03:12 -0700 | [diff] [blame] | 33 | |
| 34 | config MBEDTLS_CFG_FILE |
| 35 | string "mbed TLS configuration file" |
| 36 | depends on MBEDTLS_BUILTIN |
| 37 | default "config-threadnet.h" |
| 38 | help |
| Anas Nashif | 429c2a4 | 2017-12-13 10:08:21 -0500 | [diff] [blame^] | 39 | Enable custom mbed TLS configuration |
| Sergio Rodriguez | 312def2 | 2016-07-20 15:03:12 -0700 | [diff] [blame] | 40 | |
| Jukka Rissanen | 65b9656 | 2017-06-22 15:38:37 +0300 | [diff] [blame] | 41 | config MBEDTLS_DEBUG |
| Michael Scott | afd5442 | 2017-10-01 13:37:41 -0700 | [diff] [blame] | 42 | bool "mbed TLS debug activation" |
| Jukka Rissanen | 65b9656 | 2017-06-22 15:38:37 +0300 | [diff] [blame] | 43 | depends on MBEDTLS_BUILTIN |
| 44 | default n |
| 45 | help |
| Anas Nashif | 429c2a4 | 2017-12-13 10:08:21 -0500 | [diff] [blame^] | 46 | Enable debugging activation for mbed TLS configuration. Note that this |
| 47 | does not directly cause any debug print output. For that you need to |
| 48 | call |
| 49 | mbedtls_debug_set_threshold(level); |
| 50 | and |
| 51 | mbedtls_ssl_conf_dbg(&mbedtls.conf, my_debug, NULL); |
| 52 | functions in your application, and create the my_debug() function to |
| 53 | actually print something useful. |
| Jukka Rissanen | 65b9656 | 2017-06-22 15:38:37 +0300 | [diff] [blame] | 54 | |
| Sergio Rodriguez | 312def2 | 2016-07-20 15:03:12 -0700 | [diff] [blame] | 55 | config MBEDTLS_TEST |
| 56 | bool "Compile internal self test functions" |
| 57 | depends on MBEDTLS_BUILTIN |
| 58 | default n |
| 59 | help |
| Anas Nashif | 429c2a4 | 2017-12-13 10:08:21 -0500 | [diff] [blame^] | 60 | Enable self test function for the crypto algorithms |
| Sergio Rodriguez | 312def2 | 2016-07-20 15:03:12 -0700 | [diff] [blame] | 61 | |
| 62 | config MBEDTLS_LIBRARY |
| 63 | bool "Enable mbedTLS external library" |
| 64 | depends on MBEDTLS |
| 65 | default n |
| 66 | help |
| Anas Nashif | 429c2a4 | 2017-12-13 10:08:21 -0500 | [diff] [blame^] | 67 | This option enables mbedTLS library. |
| Sergio Rodriguez | 312def2 | 2016-07-20 15:03:12 -0700 | [diff] [blame] | 68 | |
| 69 | config MBEDTLS_INSTALL_PATH |
| 70 | string "mbedTLS install path" |
| 71 | depends on MBEDTLS_LIBRARY |
| 72 | help |
| Anas Nashif | 429c2a4 | 2017-12-13 10:08:21 -0500 | [diff] [blame^] | 73 | This option holds the path where the mbedTLS libraries and headers are |
| 74 | installed. Make sure this option is properly set when MBEDTLS_LIBRARY |
| 75 | is enabled otherwise the build will fail. |
| Jukka Rissanen | a9c0a3f | 2017-06-22 16:23:39 +0300 | [diff] [blame] | 76 | |
| 77 | config MBEDTLS_ENABLE_HEAP |
| 78 | bool "Enable global heap for mbed TLS" |
| 79 | default n |
| 80 | depends on MBEDTLS |
| 81 | help |
| Anas Nashif | 429c2a4 | 2017-12-13 10:08:21 -0500 | [diff] [blame^] | 82 | This option enables the mbedtls to use the heap. This setting must |
| 83 | be global so that various applications and libraries in Zephyr do not |
| 84 | try to do this themselves as there can be only one heap defined |
| 85 | in mbedtls. If this is enabled, then the Zephyr will, during the device |
| 86 | startup, initialize the heap automatically. |
| Jukka Rissanen | a9c0a3f | 2017-06-22 16:23:39 +0300 | [diff] [blame] | 87 | |
| 88 | config MBEDTLS_HEAP_SIZE |
| 89 | int "Heap size for mbed TLS" |
| Ramakrishna Pallala | 26c1bd5 | 2017-11-03 16:38:29 -0400 | [diff] [blame] | 90 | default 512 |
| Jukka Rissanen | a9c0a3f | 2017-06-22 16:23:39 +0300 | [diff] [blame] | 91 | depends on MBEDTLS_ENABLE_HEAP |
| 92 | help |
| Anas Nashif | 429c2a4 | 2017-12-13 10:08:21 -0500 | [diff] [blame^] | 93 | The mbedtls routines will use this heap if enabled. |
| 94 | See ext/lib/crypto/mbedtls/include/mbedtls/config.h and |
| 95 | MBEDTLS_MEMORY_BUFFER_ALLOC_C option for details. That option is not |
| 96 | enabled by default. |
| 97 | Default value for the heap size is not set as it depends on the |
| 98 | application. For server application 15000 bytes should be enough. |
| 99 | For some dedicated and specific usage of mbedtls API, the 1000 bytes |
| 100 | might be ok. |
