esp-idf/components/mbedtls/Kconfig

menu "mbedTLS"

    choice MBEDTLS_MEM_ALLOC_MODE
        prompt "Memory allocation strategy"
        default MBEDTLS_INTERNAL_MEM_ALLOC
        help
            Allocation strategy for mbedTLS, essentially provides ability to
            allocate all required dynamic allocations from,

            - Internal DRAM memory only
            - External SPIRAM memory only
            - Either internal or external memory based on default malloc()
              behavior in ESP-IDF
            - Custom allocation mode, by overwriting calloc()/free() using
              mbedtls_platform_set_calloc_free() function
            - Internal IRAM memory wherever applicable else internal DRAM

            Recommended mode here is always internal (*), since that is most preferred
            from security perspective. But if application requirement does not
            allow sufficient free internal memory then alternate mode can be
            selected.

            (*) In case of ESP32-S2/ESP32-S3, hardware allows encryption of external
            SPIRAM contents provided hardware flash encryption feature is enabled.
            In that case, using external SPIRAM allocation strategy is also safe choice
            from security perspective.

        config MBEDTLS_INTERNAL_MEM_ALLOC
            bool "Internal memory"

        config MBEDTLS_EXTERNAL_MEM_ALLOC
            bool "External SPIRAM"
            depends on SPIRAM_USE_CAPS_ALLOC || SPIRAM_USE_MALLOC

        config MBEDTLS_DEFAULT_MEM_ALLOC
            bool "Default alloc mode"

        config MBEDTLS_CUSTOM_MEM_ALLOC
            bool "Custom alloc mode"

        config MBEDTLS_IRAM_8BIT_MEM_ALLOC
            bool "Internal IRAM"
            depends on ESP32_IRAM_AS_8BIT_ACCESSIBLE_MEMORY
            help
                Allows to use IRAM memory region as 8bit accessible region.

                TLS input and output buffers will be allocated in IRAM section which is 32bit aligned
                memory. Every unaligned (8bit or 16bit) access will result in an exception
                and incur penalty of certain clock cycles per unaligned read/write.

    endchoice #MBEDTLS_MEM_ALLOC_MODE

    config MBEDTLS_SSL_MAX_CONTENT_LEN
        int "TLS maximum message content length"
        default 16384
        range 512 16384
        depends on !MBEDTLS_ASYMMETRIC_CONTENT_LEN
        help
            Maximum TLS message length (in bytes) supported by mbedTLS.

            16384 is the default and this value is required to comply
            fully with TLS standards.

            However you can set a lower value in order to save RAM. This
            is safe if the other end of the connection supports Maximum
            Fragment Length Negotiation Extension (max_fragment_length,
            see RFC6066) or you know for certain that it will never send a
            message longer than a certain number of bytes.

            If the value is set too low, symptoms are a failed TLS
            handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD
            (-0x7200).

    config MBEDTLS_ASYMMETRIC_CONTENT_LEN
        bool "Asymmetric in/out fragment length"
        default y
        help
            If enabled, this option allows customizing TLS in/out fragment length
            in asymmetric way. Please note that enabling this with default values
            saves 12KB of dynamic memory per TLS connection.

    config MBEDTLS_SSL_IN_CONTENT_LEN
        int "TLS maximum incoming fragment length"
        default 16384
        range 512 16384
        depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN
        help
            This defines maximum incoming fragment length, overriding default
            maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN).

    config MBEDTLS_SSL_OUT_CONTENT_LEN
        int "TLS maximum outgoing fragment length"
        default 4096
        range 512 16384
        depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN
        help
            This defines maximum outgoing fragment length, overriding default
            maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN).

    config MBEDTLS_DYNAMIC_BUFFER
        bool "Using dynamic TX/RX buffer"
        default n
        select MBEDTLS_ASYMMETRIC_CONTENT_LEN
        # Dynamic buffer feature is not supported with DTLS
        depends on !MBEDTLS_SSL_PROTO_DTLS
        help
            Using dynamic TX/RX buffer. After enabling this option, mbedTLS will
            allocate TX buffer when need to send data and then free it if all data
            is sent, allocate RX buffer when need to receive data and then free it
            when all data is used or read by upper layer.

            By default, when SSL is initialized, mbedTLS also allocate TX and
            RX buffer with the default value of "MBEDTLS_SSL_OUT_CONTENT_LEN" or
            "MBEDTLS_SSL_IN_CONTENT_LEN", so to save more heap, users can set
            the options to be an appropriate value.

    config MBEDTLS_DYNAMIC_FREE_PEER_CERT
        bool "Free SSL peer certificate after its usage"
        default n
        depends on MBEDTLS_DYNAMIC_BUFFER
        help
            Free peer certificate after its usage in handshake process.

    config MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
        bool "Free private key and DHM data after its usage"
        default n
        depends on MBEDTLS_DYNAMIC_BUFFER
        help
            Free private key and DHM data after its usage in handshake process.

            The option will decrease heap cost when handshake, but also lead to problem:

            Becasue all certificate, private key and DHM data are freed so users should register
            certificate and private key to ssl config object again.

    config MBEDTLS_DYNAMIC_FREE_CA_CERT
        bool "Free SSL CA certificate after its usage"
        default y
        depends on MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
        help
            Free CA certificate after its usage in the handshake process.
            This option will decrease the heap footprint for the TLS handshake, but may lead to a problem:
            If the respective ssl object needs to perform the TLS handshake again,
            the CA certificate should once again be registered to the ssl object.

    config MBEDTLS_DEBUG
        bool "Enable mbedTLS debugging"
        default n
        help
            Enable mbedTLS debugging functions at compile time.

            If this option is enabled, you can include
            "mbedtls/esp_debug.h" and call mbedtls_esp_enable_debug_log()
            at runtime in order to enable mbedTLS debug output via the ESP
            log mechanism.

    choice MBEDTLS_DEBUG_LEVEL
        bool "Set mbedTLS debugging level"
        depends on MBEDTLS_DEBUG
        default MBEDTLS_DEBUG_LEVEL_VERBOSE
        help
            Set mbedTLS debugging level

        config MBEDTLS_DEBUG_LEVEL_WARN
            bool "Warning"
        config MBEDTLS_DEBUG_LEVEL_INFO
            bool "Info"
        config MBEDTLS_DEBUG_LEVEL_DEBUG
            bool "Debug"
        config MBEDTLS_DEBUG_LEVEL_VERBOSE
            bool "Verbose"
    endchoice

    config MBEDTLS_DEBUG_LEVEL
        int
        default 1 if MBEDTLS_DEBUG_LEVEL_WARN
        default 2 if MBEDTLS_DEBUG_LEVEL_INFO
        default 3 if MBEDTLS_DEBUG_LEVEL_DEBUG
        default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE


    menu "Certificate Bundle"

        config MBEDTLS_CERTIFICATE_BUNDLE
            bool "Enable trusted root certificate bundle"
            default y
            help
                Enable support for large number of default root certificates

                When enabled this option allows user to store default as well
                as customer specific root certificates in compressed format rather
                than storing full certificate. For the root certificates the public key and the subject name
                will be stored.

        choice MBEDTLS_DEFAULT_CERTIFICATE_BUNDLE
            bool "Default certificate bundle options"
            depends on MBEDTLS_CERTIFICATE_BUNDLE
            default MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL

            config MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL
                bool "Use the full default certificate bundle"
            config MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN
                bool "Use only the most common certificates from the default bundles"
                help
                    Use only the most common certificates from the default bundles, reducing the size with 50%,
                    while still having around 99% coverage.
            config MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE
                bool "Do not use the default certificate bundle"
        endchoice

        config MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE
            depends on MBEDTLS_CERTIFICATE_BUNDLE
            default n
            bool "Add custom certificates to the default bundle"
        config MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH
            depends on MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE
            string "Custom certificate bundle path"
            help
                Name of the custom certificate directory or file. This path is evaluated
                relative to the project root directory.
    endmenu





    config MBEDTLS_ECP_RESTARTABLE
        bool "Enable mbedTLS ecp restartable"
        default n
        help
            Enable "non-blocking" ECC operations that can return early and be resumed.

    config MBEDTLS_CMAC_C
        bool "Enable CMAC mode for block ciphers"
        default n
        depends on MBEDTLS_AES_C || MBEDTLS_DES_C
        help
            Enable the CMAC (Cipher-based Message Authentication Code) mode for
            block ciphers.

    config MBEDTLS_HARDWARE_AES
        bool "Enable hardware AES acceleration"
        default y
        depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST
        help
            Enable hardware accelerated AES encryption & decryption.

            Note that if the ESP32 CPU is running at 240MHz, hardware AES does not
            offer any speed boost over software AES.

    config MBEDTLS_AES_USE_INTERRUPT
        bool "Use interrupt for long AES operations"
        depends on !IDF_TARGET_ESP32 && MBEDTLS_HARDWARE_AES
        default y
        help
            Use an interrupt to coordinate long AES operations.

            This allows other code to run on the CPU while an AES operation is pending.
            Otherwise the CPU busy-waits.

    config MBEDTLS_HARDWARE_GCM
        bool "Enable partially hardware accelerated GCM"
        depends on IDF_TARGET_ESP32S2 && MBEDTLS_HARDWARE_AES
        default y
        help
            Enable partially hardware accelerated GCM. GHASH calculation is still done
            in software.

            If MBEDTLS_HARDWARE_GCM is disabled and MBEDTLS_HARDWARE_AES is enabled then
            mbedTLS will still use the hardware accelerated AES block operation, but
            on a single block at a time.

    config MBEDTLS_HARDWARE_MPI
        bool "Enable hardware MPI (bignum) acceleration"
        default y
        depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST
        help
            Enable hardware accelerated multiple precision integer operations.

            Hardware accelerated multiplication, modulo multiplication,
            and modular exponentiation for up to SOC_RSA_MAX_BIT_LEN bit results.

            These operations are used by RSA.

    config MBEDTLS_HARDWARE_SHA
        bool "Enable hardware SHA acceleration"
        default y
        depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST
        help
            Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS.

            Due to a hardware limitation, on the ESP32 hardware acceleration is only
            guaranteed if SHA digests are calculated one at a time. If more
            than one SHA digest is calculated at the same time, one will
            be calculated fully in hardware and the rest will be calculated
            (at least partially calculated) in software. This happens automatically.

            SHA hardware acceleration is faster than software in some situations but
            slower in others. You should benchmark to find the best setting for you.

    config MBEDTLS_ROM_MD5
        bool "Use MD5 implementation in ROM"
        default y
        help
            Use ROM MD5 in mbedTLS.

    config MBEDTLS_ATCA_HW_ECDSA_SIGN
        bool "Enable hardware ECDSA sign acceleration when using ATECC608A"
        default n
        help
            This option enables hardware acceleration for ECDSA sign function, only
            when using ATECC608A cryptoauth chip (integrated with ESP32-WROOM-32SE)

    config MBEDTLS_ATCA_HW_ECDSA_VERIFY
        bool "Enable hardware ECDSA verify acceleration when using ATECC608A"
        default n
        help
            This option enables hardware acceleration for ECDSA sign function, only
            when using ATECC608A cryptoauth chip (integrated with ESP32-WROOM-32SE)

    config MBEDTLS_HAVE_TIME
        bool "Enable mbedtls time support"
        depends on !ESP_TIME_FUNCS_USE_NONE
        default y
        help
            Enable use of time.h functions (time() and gmtime()) by mbedTLS.

            This option doesn't require the system time to be correct, but enables
            functionality that requires relative timekeeping - for example periodic
            expiry of TLS session tickets or session cache entries.

            Disabling this option will save some firmware size, particularly if
            the rest of the firmware doesn't call any standard timekeeeping
            functions.

    config MBEDTLS_HAVE_TIME_DATE
        bool "Enable mbedtls certificate expiry check"
        depends on MBEDTLS_HAVE_TIME
        default n
        help
            Enables X.509 certificate expiry checks in mbedTLS.

            If this option is disabled (default) then X.509 certificate
            "valid from" and "valid to" timestamp fields are ignored.

            If this option is enabled, these fields are compared with the
            current system date and time. The time is retrieved using the
            standard time() and gmtime() functions. If the certificate is not
            valid for the current system time then verification will fail with
            code MBEDTLS_X509_BADCERT_FUTURE or MBEDTLS_X509_BADCERT_EXPIRED.

            Enabling this option requires adding functionality in the firmware
            to set the system clock to a valid timestamp before using TLS. The
            recommended way to do this is via ESP-IDF's SNTP functionality, but
            any method can be used.

            In the case where only a small number of certificates are trusted by
            the device, please carefully consider the tradeoffs of enabling this
            option. There may be undesired consequences, for example if all
            trusted certificates expire while the device is offline and a TLS
            connection is required to update. Or if an issue with the SNTP
            server means that the system time is invalid for an extended period
            after a reset.

    config MBEDTLS_ECDSA_DETERMINISTIC
        bool "Enable deterministic ECDSA"
        default y
        help
            Standard ECDSA is "fragile" in the sense that lack of entropy when signing
            may result in a compromise of the long-term signing key.

    config MBEDTLS_SHA512_C
        bool "Enable the SHA-384 and SHA-512 cryptographic hash algorithms"
        default y
        help
            Enable MBEDTLS_SHA512_C adds support for SHA-384 and SHA-512.

    choice MBEDTLS_TLS_MODE
        bool "TLS Protocol Role"
        default MBEDTLS_TLS_SERVER_AND_CLIENT
        help
            mbedTLS can be compiled with protocol support for the TLS
            server, TLS client, or both server and client.

            Reducing the number of TLS roles supported saves code size.

        config MBEDTLS_TLS_SERVER_AND_CLIENT
            bool "Server & Client"
            select MBEDTLS_TLS_SERVER
            select MBEDTLS_TLS_CLIENT
        config MBEDTLS_TLS_SERVER_ONLY
            bool "Server"
            select MBEDTLS_TLS_SERVER
        config MBEDTLS_TLS_CLIENT_ONLY
            bool "Client"
            select MBEDTLS_TLS_CLIENT
        config MBEDTLS_TLS_DISABLED
            bool "None"

    endchoice

    config MBEDTLS_TLS_SERVER
        bool
        select MBEDTLS_TLS_ENABLED
    config MBEDTLS_TLS_CLIENT
        bool
        select MBEDTLS_TLS_ENABLED
    config MBEDTLS_TLS_ENABLED
        bool

    menu "TLS Key Exchange Methods"
        depends on MBEDTLS_TLS_ENABLED

        config MBEDTLS_PSK_MODES
            bool "Enable pre-shared-key ciphersuites"
            default n
            help
                Enable to show configuration for different types of pre-shared-key TLS authentatication methods.

                Leaving this options disabled will save code size if they are not used.

        config MBEDTLS_KEY_EXCHANGE_PSK
            bool "Enable PSK based ciphersuite modes"
            depends on MBEDTLS_PSK_MODES
            default n
            help
                Enable to support symmetric key PSK (pre-shared-key) TLS key exchange modes.

        config MBEDTLS_KEY_EXCHANGE_DHE_PSK
            bool "Enable DHE-PSK based ciphersuite modes"
            depends on MBEDTLS_PSK_MODES
            default y
            help
                Enable to support Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.

        config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
            bool "Enable ECDHE-PSK based ciphersuite modes"
            depends on MBEDTLS_PSK_MODES && MBEDTLS_ECDH_C
            default y
            help
                Enable to support Elliptic-Curve-Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.

        config MBEDTLS_KEY_EXCHANGE_RSA_PSK
            bool "Enable RSA-PSK based ciphersuite modes"
            depends on MBEDTLS_PSK_MODES
            default y
            help
                Enable to support RSA PSK (pre-shared-key) TLS authentication modes.

        config MBEDTLS_KEY_EXCHANGE_RSA
            bool "Enable RSA-only based ciphersuite modes"
            default y
            help
                Enable to support ciphersuites with prefix TLS-RSA-WITH-

        config MBEDTLS_KEY_EXCHANGE_DHE_RSA
            bool "Enable DHE-RSA based ciphersuite modes"
            default y
            help
                Enable to support ciphersuites with prefix TLS-DHE-RSA-WITH-

        config MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE
            bool "Support Elliptic Curve based ciphersuites"
            depends on MBEDTLS_ECP_C
            default y
            help
                Enable to show Elliptic Curve based ciphersuite mode options.

                Disabling all Elliptic Curve ciphersuites saves code size and
                can give slightly faster TLS handshakes, provided the server supports
                RSA-only ciphersuite modes.

        config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
            bool "Enable ECDHE-RSA based ciphersuite modes"
            depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C
            default y
            help
                Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-

        config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
            bool "Enable ECDHE-ECDSA based ciphersuite modes"
            depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
            default y
            help
                Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-

        config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
            bool "Enable ECDH-ECDSA based ciphersuite modes"
            depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
            default y
            help
                Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-

        config MBEDTLS_KEY_EXCHANGE_ECDH_RSA
            bool "Enable ECDH-RSA based ciphersuite modes"
            depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C
            default y
            help
                Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-

        config MBEDTLS_KEY_EXCHANGE_ECJPAKE
            bool "Enable ECJPAKE based ciphersuite modes"
            depends on MBEDTLS_ECJPAKE_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED
            default n
            help
                Enable to support ciphersuites with prefix TLS-ECJPAKE-WITH-

    endmenu # TLS key exchange modes

    config MBEDTLS_SSL_RENEGOTIATION
        bool "Support TLS renegotiation"
        depends on MBEDTLS_TLS_ENABLED
        default y
        help
            The two main uses of renegotiation are (1) refresh keys on long-lived
            connections and (2) client authentication after the initial handshake.
            If you don't need renegotiation, disabling it will save code size and
            reduce the possibility of abuse/vulnerability.

    config MBEDTLS_SSL_PROTO_SSL3
        bool "Legacy SSL 3.0 support"
        depends on MBEDTLS_TLS_ENABLED
        default n
        help
            Support the legacy SSL 3.0 protocol. Most servers will speak a newer
            TLS protocol these days.

    config MBEDTLS_SSL_PROTO_TLS1
        bool "Support TLS 1.0 protocol"
        depends on MBEDTLS_TLS_ENABLED
        default y

    config MBEDTLS_SSL_PROTO_TLS1_1
        bool "Support TLS 1.1 protocol"
        depends on MBEDTLS_TLS_ENABLED
        default y

    config MBEDTLS_SSL_PROTO_TLS1_2
        bool "Support TLS 1.2 protocol"
        depends on MBEDTLS_TLS_ENABLED
        default y

    config MBEDTLS_SSL_PROTO_GMTSSL1_1
        bool "Support GM/T SSL 1.1 protocol"
        depends on MBEDTLS_TLS_ENABLED
        default n
        help
            Provisions for GM/T SSL 1.1 support

    config MBEDTLS_SSL_PROTO_DTLS
        bool "Support DTLS protocol (all versions)"
        default n
        depends on MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2
        help
            Requires TLS 1.1 to be enabled for DTLS 1.0
            Requires TLS 1.2 to be enabled for DTLS 1.2

    config MBEDTLS_SSL_ALPN
        bool "Support ALPN (Application Layer Protocol Negotiation)"
        depends on MBEDTLS_TLS_ENABLED
        default y
        help
            Disabling this option will save some code size if it is not needed.

    config MBEDTLS_CLIENT_SSL_SESSION_TICKETS
        bool "TLS: Client Support for RFC 5077 SSL session tickets"
        default y
        depends on MBEDTLS_TLS_ENABLED
        help
            Client support for RFC 5077 session tickets. See mbedTLS documentation for more details.
            Disabling this option will save some code size.

    config MBEDTLS_X509_CHECK_KEY_USAGE
        bool "Enable verification of the keyUsage extension"
        default y
        depends on MBEDTLS_TLS_ENABLED
        help
            Disabling this avoids problems with mis-issued and/or misused (intermediate) CA and leaf certificates.
            Depending on your PKI use, disabling this can be a security risk.

    config MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
        bool "Enable verification of the extendedKeyUsage extension"
        default y
        depends on MBEDTLS_TLS_ENABLED
        help
            Disabling this avoids problems with mis-issued and/or misused certificates.
            Depending on your PKI use, disabling this can be a security risk.

    config MBEDTLS_SERVER_SSL_SESSION_TICKETS
        bool "TLS: Server Support for RFC 5077 SSL session tickets"
        default y
        depends on MBEDTLS_TLS_ENABLED
        help
            Server support for RFC 5077 session tickets. See mbedTLS documentation for more details.
            Disabling this option will save some code size.

    menu "Symmetric Ciphers"

        config MBEDTLS_AES_C
            bool "AES block cipher"
            default y

        config MBEDTLS_CAMELLIA_C
            bool "Camellia block cipher"
            default n

        config MBEDTLS_DES_C
            bool "DES block cipher (legacy, insecure)"
            default n
            help
                Enables the DES block cipher to support 3DES-based TLS ciphersuites.

                3DES is vulnerable to the Sweet32 attack and should only be enabled
                if absolutely necessary.

        choice MBEDTLS_RC4_MODE
            prompt "RC4 Stream Cipher (legacy, insecure)"
            default MBEDTLS_RC4_DISABLED
            help
                    ARCFOUR (RC4) stream cipher can be disabled entirely, enabled but not
                    added to default ciphersuites, or enabled completely.

                    Please consider the security implications before enabling RC4.

                config MBEDTLS_RC4_DISABLED
                    bool "Disabled"
                config MBEDTLS_RC4_ENABLED_NO_DEFAULT
                    bool "Enabled, not in default ciphersuites"
                config MBEDTLS_RC4_ENABLED
                    bool "Enabled"
        endchoice

        config MBEDTLS_BLOWFISH_C
            bool "Blowfish block cipher (read help)"
            default n
            help
                    Enables the Blowfish block cipher (not used for TLS sessions.)

                    The Blowfish cipher is not used for mbedTLS TLS sessions but can be
                    used for other purposes. Read up on the limitations of Blowfish (including
                    Sweet32) before enabling.

        config MBEDTLS_XTEA_C
            bool "XTEA block cipher"
            default n
            help
                    Enables the XTEA block cipher.


        config MBEDTLS_CCM_C
            bool "CCM (Counter with CBC-MAC) block cipher modes"
            default y
            depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
            help
                    Enable Counter with CBC-MAC (CCM) modes for AES and/or Camellia ciphers.

                    Disabling this option saves some code size.

        config MBEDTLS_GCM_C
            bool "GCM (Galois/Counter) block cipher modes"
            default y
            depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
            help
                    Enable Galois/Counter Mode for AES and/or Camellia ciphers.

                    This option is generally faster than CCM.

        config MBEDTLS_NIST_KW_C
            bool "NIST key wrapping (KW) and KW padding (KWP)"
            default n
            depends on MBEDTLS_AES_C
            help
                    Enable NIST key wrapping and key wrapping padding.

    endmenu # Symmetric Ciphers

    config MBEDTLS_RIPEMD160_C
        bool "Enable RIPEMD-160 hash algorithm"
        default n
        help
            Enable the RIPEMD-160 hash algorithm.

    menu "Certificates"

        config MBEDTLS_PEM_PARSE_C
            bool "Read & Parse PEM formatted certificates"
            default y
            help
                Enable decoding/parsing of PEM formatted certificates.

                If your certificates are all in the simpler DER format, disabling
                this option will save some code size.

        config MBEDTLS_PEM_WRITE_C
            bool "Write PEM formatted certificates"
            default y
            help
                Enable writing of PEM formatted certificates.

                If writing certificate data only in DER format, disabling this
                option will save some code size.

        config MBEDTLS_X509_CRL_PARSE_C
            bool "X.509 CRL parsing"
            default y
            help
                Support for parsing X.509 Certifificate Revocation Lists.

        config MBEDTLS_X509_CSR_PARSE_C
            bool "X.509 CSR parsing"
            default y
            help
                Support for parsing X.509 Certifificate Signing Requests

    endmenu # Certificates

    menuconfig MBEDTLS_ECP_C
        bool  "Elliptic Curve Ciphers"
        default y

    config MBEDTLS_ECDH_C
        bool "Elliptic Curve Diffie-Hellman (ECDH)"
        depends on MBEDTLS_ECP_C
        default y
        help
            Enable ECDH. Needed to use ECDHE-xxx TLS ciphersuites.

    config MBEDTLS_ECDSA_C
        bool "Elliptic Curve DSA"
        depends on MBEDTLS_ECDH_C
        default y
        help
            Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites.

    config MBEDTLS_ECJPAKE_C
        bool "Elliptic curve J-PAKE"
        depends on MBEDTLS_ECP_C
        default n
        help
            Enable ECJPAKE. Needed to use ECJPAKE-xxx TLS ciphersuites.

    config MBEDTLS_ECP_DP_SECP192R1_ENABLED
        bool "Enable SECP192R1 curve"
        depends on MBEDTLS_ECP_C
        default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
        help
            Enable support for SECP192R1 Elliptic Curve.

    config MBEDTLS_ECP_DP_SECP224R1_ENABLED
        bool "Enable SECP224R1 curve"
        depends on MBEDTLS_ECP_C
        default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
        help
            Enable support for SECP224R1 Elliptic Curve.

    config MBEDTLS_ECP_DP_SECP256R1_ENABLED
        bool "Enable SECP256R1 curve"
        depends on MBEDTLS_ECP_C
        default y
        help
            Enable support for SECP256R1 Elliptic Curve.

    config MBEDTLS_ECP_DP_SECP384R1_ENABLED
        bool "Enable SECP384R1 curve"
        depends on MBEDTLS_ECP_C
        default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
        help
            Enable support for SECP384R1 Elliptic Curve.

    config MBEDTLS_ECP_DP_SECP521R1_ENABLED
        bool "Enable SECP521R1 curve"
        depends on MBEDTLS_ECP_C
        default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
        help
            Enable support for SECP521R1 Elliptic Curve.

    config MBEDTLS_ECP_DP_SECP192K1_ENABLED
        bool "Enable SECP192K1 curve"
        depends on MBEDTLS_ECP_C
        default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
        help
            Enable support for SECP192K1 Elliptic Curve.

    config MBEDTLS_ECP_DP_SECP224K1_ENABLED
        bool "Enable SECP224K1 curve"
        depends on MBEDTLS_ECP_C
        default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
        help
            Enable support for SECP224K1 Elliptic Curve.

    config MBEDTLS_ECP_DP_SECP256K1_ENABLED
        bool "Enable SECP256K1 curve"
        depends on MBEDTLS_ECP_C
        default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
        help
            Enable support for SECP256K1 Elliptic Curve.

    config MBEDTLS_ECP_DP_BP256R1_ENABLED
        bool "Enable BP256R1 curve"
        depends on MBEDTLS_ECP_C
        default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
        help
            support for DP Elliptic Curve.

    config MBEDTLS_ECP_DP_BP384R1_ENABLED
        bool "Enable BP384R1 curve"
        depends on MBEDTLS_ECP_C
        default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
        help
            support for DP Elliptic Curve.

    config MBEDTLS_ECP_DP_BP512R1_ENABLED
        bool "Enable BP512R1 curve"
        depends on MBEDTLS_ECP_C
        default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
        help
            support for DP Elliptic Curve.

    config MBEDTLS_ECP_DP_CURVE25519_ENABLED
        bool "Enable CURVE25519 curve"
        depends on MBEDTLS_ECP_C
        default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
        help
            Enable support for CURVE25519 Elliptic Curve.

    config MBEDTLS_ECP_NIST_OPTIM
        bool "NIST 'modulo p' optimisations"
        depends on MBEDTLS_ECP_C
        default y
        help
            NIST 'modulo p' optimisations increase Elliptic Curve operation performance.

            Disabling this option saves some code size.

            # end of Elliptic Curve options

    config MBEDTLS_POLY1305_C
        bool "Poly1305 MAC algorithm"
        default n
        help
            Enable support for Poly1305 MAC algorithm.

    config MBEDTLS_CHACHA20_C
        bool "Chacha20 stream cipher"
        default n
        help
            Enable support for Chacha20 stream cipher.

    config MBEDTLS_CHACHAPOLY_C
        bool "ChaCha20-Poly1305 AEAD algorithm"
        default n
        depends on MBEDTLS_CHACHA20_C && MBEDTLS_POLY1305_C
        help
            Enable support for ChaCha20-Poly1305 AEAD algorithm.

    config MBEDTLS_HKDF_C
        bool "HKDF algorithm (RFC 5869)"
        default n
        help
            Enable support for the Hashed Message Authentication Code
            (HMAC)-based key derivation function (HKDF).

    config MBEDTLS_THREADING_C
        bool "Enable the threading abstraction layer"
        default n
        help
            If you do intend to use contexts between threads, you will need to enable
            this layer to prevent race conditions.

    config MBEDTLS_THREADING_ALT
        bool "Enable threading alternate implementation"
        depends on MBEDTLS_THREADING_C
        default y
        help
            Enable threading alt to allow your own alternate threading implementation.

    config MBEDTLS_THREADING_PTHREAD
        bool "Enable threading pthread implementation"
        depends on MBEDTLS_THREADING_C
        default n
        help
            Enable the pthread wrapper layer for the threading layer.

    config MBEDTLS_LARGE_KEY_SOFTWARE_MPI
        bool "Fallback to software implementation for larger MPI values"
        depends on MBEDTLS_HARDWARE_MPI
        default y if IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32H2  # HW max 3072 bits
        default n
        help
            Fallback to software implementation for RSA key lengths
            larger than SOC_RSA_MAX_BIT_LEN. If this is not active
            then the ESP will be unable to process keys greater
            than SOC_RSA_MAX_BIT_LEN.

    menuconfig MBEDTLS_SECURITY_RISKS
        bool "Show configurations with potential security risks"
        default n

    config MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT
        bool "X.509 CRT parsing with unsupported critical extensions"
        depends on MBEDTLS_SECURITY_RISKS
        default n
        help
            Allow the X.509 certificate parser to load certificates
            with unsupported critical extensions

endmenu  # mbedTLS