Kconfig.tls-generic 7.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267
  1. # Kconfig.tls - TLS/DTLS related options
  2. #
  3. # Copyright (c) 2018 Intel Corporation
  4. # Copyright (c) 2018 Nordic Semiconductor ASA
  5. #
  6. # SPDX-License-Identifier: Apache-2.0
  7. #
  8. menu "TLS configuration"
  9. menu "Supported TLS version"
  10. config WOLFSSL_TLS_VERSION_1_0
  11. bool "Enable support for TLS 1.0"
  12. select WOLFSSL_ALLOW_TLSV10_ENABLED
  13. config WOLFSSL_TLS_VERSION_1_1
  14. bool "Enable support for TLS 1.1"
  15. select WOLFSSL_NO_OLD_TLS_DISABLED
  16. config WOLFSSL_TLS_VERSION_1_2
  17. bool "Enable support for TLS 1.2"
  18. default y
  19. config WOLFSSL_TLS_VERSION_1_3
  20. bool "Enable support for TLS 1.3"
  21. select WOLFSSL_TLS13_ENABLED
  22. endmenu
  23. menu "Ciphersuite configuration"
  24. comment "Supported key exchange modes"
  25. config WOLFSSL_KEY_EXCHANGE_ALL_ENABLED
  26. bool "Enable all available ciphersuite modes"
  27. select WOLFSSL_KEY_EXCHANGE_PSK_ENABLED
  28. select WOLFSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
  29. select WOLFSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
  30. select WOLFSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
  31. select WOLFSSL_KEY_EXCHANGE_RSA_ENABLED
  32. select WOLFSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
  33. select WOLFSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
  34. select WOLFSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
  35. select WOLFSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
  36. select WOLFSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
  37. select WOLFSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
  38. select WOLFSSL_KEY_EXCHANGE_ECJPAKE_ENABLED
  39. config WOLFSSL_KEY_EXCHANGE_PSK_ENABLED
  40. bool "Enable the PSK based ciphersuite modes"
  41. config WOLFSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
  42. bool "Enable the DHE-PSK based ciphersuite modes"
  43. config WOLFSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
  44. bool "Enable the ECDHE-PSK based ciphersuite modes"
  45. config WOLFSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
  46. bool "Enable the RSA-PSK based ciphersuite modes"
  47. config WOLFSSL_KEY_EXCHANGE_RSA_ENABLED
  48. bool "Enable the RSA-only based ciphersuite modes"
  49. default y
  50. config WOLFSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
  51. bool "Enable the DHE-RSA based ciphersuite modes"
  52. config WOLFSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
  53. bool "Enable the ECDHE-RSA based ciphersuite modes"
  54. config WOLFSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
  55. bool "Enable the ECDHE-ECDSA based ciphersuite modes"
  56. config WOLFSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
  57. bool "Enable the ECDH-ECDSA based ciphersuite modes"
  58. config WOLFSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
  59. bool "Enable the ECDH-RSA based ciphersuite modes"
  60. config WOLFSSL_KEY_EXCHANGE_ECJPAKE_ENABLED
  61. bool "Enable the ECJPAKE based ciphersuite modes"
  62. if WOLFSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \
  63. WOLFSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED || \
  64. WOLFSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || \
  65. WOLFSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED || \
  66. WOLFSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED || \
  67. WOLFSSL_KEY_EXCHANGE_ECJPAKE_ENABLED
  68. comment "Supported elliptic curves"
  69. config WOLFSSL_ECP_ALL_ENABLED
  70. bool "Enable all available elliptic curves"
  71. select WOLFSSL_ECP_DP_SECP192R1_ENABLED
  72. select WOLFSSL_ECP_DP_SECP192R1_ENABLED
  73. select WOLFSSL_ECP_DP_SECP224R1_ENABLED
  74. select WOLFSSL_ECP_DP_SECP256R1_ENABLED
  75. select WOLFSSL_ECP_DP_SECP384R1_ENABLED
  76. select WOLFSSL_ECP_DP_SECP521R1_ENABLED
  77. select WOLFSSL_ECP_DP_SECP192K1_ENABLED
  78. select WOLFSSL_ECP_DP_SECP224K1_ENABLED
  79. select WOLFSSL_ECP_DP_SECP256K1_ENABLED
  80. select WOLFSSL_ECP_DP_BP256R1_ENABLED
  81. select WOLFSSL_ECP_DP_BP384R1_ENABLED
  82. select WOLFSSL_ECP_DP_BP512R1_ENABLED
  83. select WOLFSSL_ECP_DP_CURVE25519_ENABLED
  84. select WOLFSSL_ECP_DP_CURVE448_ENABLED
  85. select WOLFSSL_ECP_NIST_OPTIM
  86. config WOLFSSL_ECP_DP_SECP192R1_ENABLED
  87. bool "Enable SECP192R1 elliptic curve"
  88. config WOLFSSL_ECP_DP_SECP224R1_ENABLED
  89. bool "Enable SECP224R1 elliptic curve"
  90. config WOLFSSL_ECP_DP_SECP256R1_ENABLED
  91. bool "Enable SECP256R1 elliptic curve"
  92. config WOLFSSL_ECP_DP_SECP384R1_ENABLED
  93. bool "Enable SECP384R1 elliptic curve"
  94. config WOLFSSL_ECP_DP_SECP521R1_ENABLED
  95. bool "Enable SECP521R1 elliptic curve"
  96. config WOLFSSL_ECP_DP_SECP192K1_ENABLED
  97. bool "Enable SECP192K1 elliptic curve"
  98. config WOLFSSL_ECP_DP_SECP224K1_ENABLED
  99. bool "Enable SECP224K1 elliptic curve"
  100. config WOLFSSL_ECP_DP_SECP256K1_ENABLED
  101. bool "Enable SECP256K1 elliptic curve"
  102. config WOLFSSL_ECP_DP_BP256R1_ENABLED
  103. bool "Enable BP256R1 elliptic curve"
  104. config WOLFSSL_ECP_DP_BP384R1_ENABLED
  105. bool "Enable BP384R1 elliptic curve"
  106. config WOLFSSL_ECP_DP_BP512R1_ENABLED
  107. bool "Enable BP512R1 elliptic curve"
  108. config WOLFSSL_ECP_DP_CURVE25519_ENABLED
  109. bool "Enable CURVE25519 elliptic curve"
  110. config WOLFSSL_ECP_DP_CURVE448_ENABLED
  111. bool "Enable CURVE448 elliptic curve"
  112. config WOLFSSL_ECP_NIST_OPTIM
  113. bool "Enable NSIT curves optimization"
  114. endif
  115. comment "Supported cipher modes"
  116. config WOLFSSL_CIPHER_ALL_ENABLED
  117. bool "Enable all available ciphers"
  118. select WOLFSSL_CIPHER_AES_ENABLED
  119. select WOLFSSL_CIPHER_CAMELLIA_ENABLED
  120. select WOLFSSL_CIPHER_DES_ENABLED
  121. select WOLFSSL_CIPHER_ARC4_ENABLED
  122. select WOLFSSL_CIPHER_CHACHA20_ENABLED
  123. select WOLFSSL_CIPHER_BLOWFISH_ENABLED
  124. select WOLFSSL_CIPHER_CCM_ENABLED
  125. select WOLFSSL_CIPHER_MODE_XTS_ENABLED
  126. select WOLFSSL_CIPHER_MODE_GCM_ENABLED
  127. select WOLFSSL_CIPHER_CBC_ENABLED
  128. select WOLFSSL_CHACHAPOLY_AEAD_ENABLED
  129. config WOLFSSL_CIPHER_AES_ENABLED
  130. bool "Enable the AES block cipher"
  131. default y
  132. config WOLFSSL_AES_ROM_TABLES
  133. depends on WOLFSSL_CIPHER_AES_ENABLED
  134. bool "Use precomputed AES tables stored in ROM."
  135. default y
  136. config WOLFSSL_CIPHER_CAMELLIA_ENABLED
  137. bool "Enable the Camellia block cipher"
  138. config WOLFSSL_CIPHER_DES_ENABLED
  139. bool "Enable the DES block cipher"
  140. default y
  141. config WOLFSSL_CIPHER_ARC4_ENABLED
  142. bool "Enable the ARC4 stream cipher"
  143. config WOLFSSL_CIPHER_CHACHA20_ENABLED
  144. bool "Enable the ChaCha20 stream cipher"
  145. config WOLFSSL_CIPHER_BLOWFISH_ENABLED
  146. bool "Enable the Blowfish block cipher"
  147. config WOLFSSL_CIPHER_CCM_ENABLED
  148. bool "Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher"
  149. depends on WOLFSSL_CIPHER_AES_ENABLED || WOLFSSL_CIPHER_CAMELLIA_ENABLED
  150. config WOLFSSL_CIPHER_MODE_XTS_ENABLED
  151. bool "Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES"
  152. depends on WOLFSSL_CIPHER_AES_ENABLED || WOLFSSL_CIPHER_CAMELLIA_ENABLED
  153. config WOLFSSL_CIPHER_MODE_GCM_ENABLED
  154. bool "Enable the Galois/Counter Mode (GCM) for AES"
  155. depends on WOLFSSL_CIPHER_AES_ENABLED || WOLFSSL_CIPHER_CAMELLIA_ENABLED
  156. config WOLFSSL_CIPHER_CBC_ENABLED
  157. bool "Enable Cipher Block Chaining mode (CBC) for symmetric ciphers"
  158. default y
  159. config WOLFSSL_CHACHAPOLY_AEAD_ENABLED
  160. bool "Enable the ChaCha20-Poly1305 AEAD algorithm"
  161. depends on WOLFSSL_CIPHER_CHACHA20_ENABLED || WOLFSSL_MAC_POLY1305_ENABLED
  162. comment "Supported message authentication methods"
  163. config WOLFSSL_MAC_ALL_ENABLED
  164. bool "Enable all available MAC methods"
  165. select WOLFSSL_MAC_MD4_ENABLED
  166. select WOLFSSL_MAC_MD5_ENABLED
  167. select WOLFSSL_MAC_SHA1_ENABLED
  168. select WOLFSSL_MAC_SHA256_ENABLED
  169. select WOLFSSL_MAC_SHA512_ENABLED
  170. select WOLFSSL_MAC_POLY1305_ENABLED
  171. config WOLFSSL_MAC_MD4_ENABLED
  172. bool "Enable the MD4 hash algorithm"
  173. config WOLFSSL_MAC_MD5_ENABLED
  174. bool "Enable the MD5 hash algorithm"
  175. default y
  176. config WOLFSSL_MAC_SHA1_ENABLED
  177. bool "Enable the SHA1 hash algorithm"
  178. default y
  179. config WOLFSSL_MAC_SHA256_ENABLED
  180. bool "Enable the SHA-224 and SHA-256 hash algorithms"
  181. default y
  182. config WOLFSSL_MAC_SHA512_ENABLED
  183. bool "Enable the SHA-384 and SHA-512 hash algorithms"
  184. config WOLFSSL_MAC_POLY1305_ENABLED
  185. bool "Enable the Poly1305 MAC algorithm"
  186. endmenu
  187. comment "Random number generators"
  188. config WOLFSSL_HMAC_DRBG_ENABLED
  189. bool "Enable the HMAC_DRBG random generator"
  190. default y
  191. comment "Other configurations"
  192. config WOLFSSL_HAVE_ASM
  193. bool "Enable use of assembly code"
  194. default y
  195. help
  196. Enable use of assembly code in wolfSSL. This improves the performances
  197. of asymmetric cryptography, however this might have an impact on the
  198. code size.
  199. endmenu