Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add config to enable EC-JPAKE and HKDF (GIT8266O-634) #1056

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

add config to enable EC-JPAKE and HKDF (GIT8266O-634) #1056

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5e21b76
mbedtls: add configuration options for EC-JPAKE
wgtdkp Apr 12, 2020
e277171
mbedtls_hkdf: Add a config option to enable HKDF
shahpiyushv May 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions components/mbedtls/Kconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,13 @@ menu "mbedTLS"
help
Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-

config MBEDTLS_KEY_EXCHANGE_ECJPAKE
bool "Enable ECJPAKE based ciphersuite modes"
depends on MBEDTLS_ECJPAKE_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED
default n
help
Enable to support ciphersuites with prefix TLS-ECJPAKE-WITH-

endmenu # TLS key exchange modes

config MBEDTLS_SSL_RENEGOTIATION
Expand Down Expand Up @@ -491,6 +498,13 @@ menu "mbedTLS"
help
Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites.

config MBEDTLS_ECJPAKE_C
bool "Elliptic curve J-PAKE"
depends on MBEDTLS_ECP_C
default n
help
Enable ECJPAKE. Needed to use ECJPAKE-xxx TLS ciphersuites.

config MBEDTLS_ECP_DP_SECP192R1_ENABLED
bool "Enable SECP192R1 curve"
depends on MBEDTLS_ECP_C
Expand Down Expand Up @@ -586,6 +600,13 @@ menu "mbedTLS"

# end of Elliptic Curve options

config MBEDTLS_HKDF_C
bool "HKDF algorithm (RFC 5869)"
default n
help
Enable support for the Hashed Message Authentication Code
(HMAC)-based key derivation function (HKDF).

menu "Util"

config util_assert
Expand Down
37 changes: 33 additions & 4 deletions components/mbedtls/port/include/mbedtls/esp_config.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -621,6 +621,29 @@
#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
#endif

/**
* \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
*
* Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
*
* \warning This is currently experimental. EC J-PAKE support is based on the
* Thread v1.0.0 specification; incompatible changes to the specification
* might still happen. For this reason, this is disabled by default.
*
* Requires: MBEDTLS_ECJPAKE_C
* MBEDTLS_SHA256_C
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
*/
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE
#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
#else
#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
#endif

/**
* \def MBEDTLS_PK_PARSE_EC_EXTENDED
*
Expand Down Expand Up @@ -1531,7 +1554,11 @@
*
* Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
*/
//#define MBEDTLS_ECJPAKE_C
#ifdef CONFIG_MBEDTLS_ECJPAKE_C
#define MBEDTLS_ECJPAKE_C
#else
#undef MBEDTLS_ECJPAKE_C
#endif

/**
* \def MBEDTLS_ECP_C
Expand Down Expand Up @@ -1598,17 +1625,19 @@
/**
* \def MBEDTLS_HKDF_C
*
* Disable the HKDF algorithm (RFC 5869).
* Enable the HKDF algorithm (RFC 5869).
*
* Module: library/hkdf.c
* Caller:
*
* Requires: MBEDTLS_MD_C
*
* This module adds support for the Hashed Message Authentication Code
* This module enables support for the Hashed Message Authentication Code
* (HMAC)-based key derivation function (HKDF).
*/
#ifdef MBEDTLS_HKDF_C
#ifdef CONFIG_MBEDTLS_HKDF_C
#define MBEDTLS_HKDF_C
#else
#undef MBEDTLS_HKDF_C
#endif

Expand Down