Domů Procházet Nápověda
Přihlásit se
RT-Thread-packages
/
esp-idf
zrcadlo https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Procházet zdrojové kódy

mbedtls: add configuration options for EC-JPAKE

Closes https://github.com/espressif/esp-idf/pull/5106
kangping před 5 roky
rodič
d85d3d969f
revize
4883010f40
2 změnil soubory, kde provedl 42 přidání a 1 odebrání
Jednotné zobrazení Ukázat statistiku rozdílových dat
  1. 14 0
      components/mbedtls/Kconfig
  2. 28 1
      components/mbedtls/port/include/mbedtls/esp_config.h

+ 14 - 0
components/mbedtls/Kconfig
Zobrazit soubor 

@@ -389,6 +389,13 @@ menu "mbedTLS"
 
             help
 
             help
 
                 Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
 
                 Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
 
 
 
+        config MBEDTLS_KEY_EXCHANGE_ECJPAKE
 
+            bool "Enable ECJPAKE based ciphersuite modes"
 
+            depends on MBEDTLS_ECJPAKE_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED
 
+            default n
 
+            help
 
+                Enable to support ciphersuites with prefix TLS-ECJPAKE-WITH-
 
+
 
     endmenu # TLS key exchange modes
 
     endmenu # TLS key exchange modes
 
 
 
     config MBEDTLS_SSL_RENEGOTIATION
 
     config MBEDTLS_SSL_RENEGOTIATION
 
@@ -586,6 +593,13 @@ menu "mbedTLS"
 
         help
 
         help
 
             Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites.
 
             Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites.
 
 
 
+    config MBEDTLS_ECJPAKE_C
 
+        bool "Elliptic curve J-PAKE"
 
+        depends on MBEDTLS_ECP_C
 
+        default n
 
+        help
 
+            Enable ECJPAKE. Needed to use ECJPAKE-xxx TLS ciphersuites.
 
+
 
     config MBEDTLS_ECP_DP_SECP192R1_ENABLED
 
     config MBEDTLS_ECP_DP_SECP192R1_ENABLED
 
         bool "Enable SECP192R1 curve"
 
         bool "Enable SECP192R1 curve"
 
         depends on MBEDTLS_ECP_C
 
         depends on MBEDTLS_ECP_C

+ 28 - 1
components/mbedtls/port/include/mbedtls/esp_config.h
Zobrazit soubor 

@@ -684,6 +684,29 @@
 
 #undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
 
 #undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
 
 #endif
 
 #endif
 
 
 
+/**
 
+ * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 
+ *
 
+ * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
 
+ *
 
+ * \warning This is currently experimental. EC J-PAKE support is based on the
 
+ * Thread v1.0.0 specification; incompatible changes to the specification
 
+ * might still happen. For this reason, this is disabled by default.
 
+ *
 
+ * Requires: MBEDTLS_ECJPAKE_C
 
+ *           MBEDTLS_SHA256_C
 
+ *           MBEDTLS_ECP_DP_SECP256R1_ENABLED
 
+ *
 
+ * This enables the following ciphersuites (if other requisites are
 
+ * enabled as well):
 
+ *      MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
 
+ */
 
+#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE
 
+#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 
+#else
 
+#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 
+#endif
 
+
 
 /**
 
 /**
 
  * \def MBEDTLS_PK_PARSE_EC_EXTENDED
 
  * \def MBEDTLS_PK_PARSE_EC_EXTENDED
 
  *
 
  *
 
@@ -1594,7 +1617,11 @@
 
  *
 
  *
 
  * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
 
  * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
 
  */
 
  */
 
-//#define MBEDTLS_ECJPAKE_C
 
+#ifdef CONFIG_MBEDTLS_ECJPAKE_C
 
+#define MBEDTLS_ECJPAKE_C
 
+#else
 
+#undef MBEDTLS_ECJPAKE_C
 
+#endif
 
 
 
 /**
 
 /**
 
  * \def MBEDTLS_ECP_C
 
  * \def MBEDTLS_ECP_C