menu "mbedTLS"

    menu "Core Configuration"
        choice MBEDTLS_COMPILER_OPTIMIZATION
            prompt "Compiler optimization level"
            default MBEDTLS_COMPILER_OPTIMIZATION_NONE
            help
                This option allows you to select the compiler optimization level for mbedTLS.
                The default is set to the optimization level used by the rest of the ESP-IDF project.
            config MBEDTLS_COMPILER_OPTIMIZATION_NONE
                bool "No optimization"
            config MBEDTLS_COMPILER_OPTIMIZATION_SIZE
                bool "Optimize for size (-Os)"
            config MBEDTLS_COMPILER_OPTIMIZATION_PERF
                bool "Optimize for performance (-O2)"
        endchoice

        config MBEDTLS_FS_IO
            bool "Enable functions that use the filesystem"
            default y
            depends on (VFS_SUPPORT_IO && VFS_SUPPORT_DIR) || IDF_TARGET_LINUX
            help
                This option enables functions in mbedTLS that use the filesystem.
                It uses the default filesystem support for the target,
                which is added through vfs component for ESP32 based targets or by
                the host system when the target is Linux.

        config MBEDTLS_THREADING_C
            bool "Enable the threading abstraction layer"
            default n
            help
                If you do intend to use contexts between threads, you will need to enable
                this layer to prevent race conditions.

        config MBEDTLS_THREADING_ALT
            bool "Enable threading alternate implementation"
            depends on MBEDTLS_THREADING_C
            default y
            help
                Enable threading alt to allow your own alternate threading implementation.

        config MBEDTLS_THREADING_PTHREAD
            bool "Enable threading pthread implementation"
            depends on MBEDTLS_THREADING_C
            default n
            help
                Enable the pthread wrapper layer for the threading layer.

        config MBEDTLS_ERROR_STRINGS
            bool "Enable error code to error string conversion"
            default y
            help
                Enables mbedtls_strerror() for converting error codes to error strings.
                Disabling this config can save some code/rodata size as the error
                string conversion implementation is replaced with an empty stub.

        config MBEDTLS_ERROR_STRERROR_DUMMY
            bool "Enable a dummy error function to make use of mbedtls_strerror()"
            default n
            depends on !MBEDTLS_ERROR_STRINGS
            help
                This option enables a dummy error function to make use of mbedtls_strerror()
                when MBEDTLS_ERROR_STRINGS is disabled. This is useful for applications
                that use mbedtls_strerror() but do not need the actual error strings.
                This option can be used to save code size when MBEDTLS_ERROR_STRINGS is disabled.

        config MBEDTLS_VERSION_C
            bool "Enable version information"
            default y
            help
                Enable version information functions.

        config MBEDTLS_HAVE_TIME
            bool "Enable mbedtls time support"
            depends on !ESP_TIME_FUNCS_USE_NONE
            default y
            help
                Enable use of time.h functions (time() and gmtime()) by mbedTLS.

                This option doesn't require the system time to be correct, but enables
                functionality that requires relative timekeeping - for example periodic
                expiry of TLS session tickets or session cache entries.

                Disabling this option will save some firmware size, particularly if
                the rest of the firmware doesn't call any standard timekeeping
                functions.

        config MBEDTLS_PLATFORM_TIME_ALT
            bool "Enable mbedtls time support: platform-specific"
            depends on MBEDTLS_HAVE_TIME
            default n
            help
                Enabling this config will provide users with a function
                "mbedtls_platform_set_time()" that allows to set an alternative
                time function pointer.

        config MBEDTLS_HAVE_TIME_DATE
            bool "Enable mbedtls certificate expiry check"
            depends on MBEDTLS_HAVE_TIME
            default n
            help
                Enables X.509 certificate expiry checks in mbedTLS.

                If this option is disabled (default) then X.509 certificate
                "valid from" and "valid to" timestamp fields are ignored.

                If this option is enabled, these fields are compared with the
                current system date and time. The time is retrieved using the
                standard time() and gmtime() functions. If the certificate is not
                valid for the current system time then verification will fail with
                code MBEDTLS_X509_BADCERT_FUTURE or MBEDTLS_X509_BADCERT_EXPIRED.

                Enabling this option requires adding functionality in the firmware
                to set the system clock to a valid timestamp before using TLS. The
                recommended way to do this is via ESP-IDF's SNTP functionality, but
                any method can be used.

                In the case where only a small number of certificates are trusted by
                the device, please carefully consider the tradeoffs of enabling this
                option. There may be undesired consequences, for example if all
                trusted certificates expire while the device is offline and a TLS
                connection is required to update. Or if an issue with the SNTP
                server means that the system time is invalid for an extended period
                after a reset.

        choice MBEDTLS_MEM_ALLOC_MODE
            prompt "Memory allocation strategy"
            default MBEDTLS_INTERNAL_MEM_ALLOC
            help
                Allocation strategy for mbedTLS, essentially provides ability to
                allocate all required dynamic allocations from,

                - Internal DRAM memory only
                - External SPIRAM memory only
                - Either internal or external memory based on default malloc() behavior in ESP-IDF
                - Custom allocation mode, by overwriting calloc()/free()
                    using mbedtls_platform_set_calloc_free() function
                - Internal IRAM memory wherever applicable else internal DRAM

                Recommended mode here is always internal (*), since that is most preferred
                from security perspective. But if application requirement does not
                allow sufficient free internal memory then alternate mode can be
                selected.

                (*) In case of ESP32-S2/ESP32-S3, hardware allows encryption of external
                SPIRAM contents provided hardware flash encryption feature is enabled.
                In that case, using external SPIRAM allocation strategy is also safe choice
                from security perspective.

            config MBEDTLS_INTERNAL_MEM_ALLOC
                bool "Internal memory"

            config MBEDTLS_EXTERNAL_MEM_ALLOC
                bool "External SPIRAM"
                depends on SPIRAM_USE_CAPS_ALLOC || SPIRAM_USE_MALLOC

            config MBEDTLS_DEFAULT_MEM_ALLOC
                bool "Default alloc mode"

            config MBEDTLS_CUSTOM_MEM_ALLOC
                bool "Custom alloc mode"

            config MBEDTLS_IRAM_8BIT_MEM_ALLOC
                bool "Internal IRAM"
                depends on ESP32_IRAM_AS_8BIT_ACCESSIBLE_MEMORY
                help
                    Allows to use IRAM memory region as 8bit accessible region.

                    TLS input and output buffers will be allocated in IRAM section which is 32bit aligned
                    memory. Every unaligned (8bit or 16bit) access will result in an exception
                    and incur penalty of certain clock cycles per unaligned read/write.

        endchoice #MBEDTLS_MEM_ALLOC_MODE

        config MBEDTLS_SSL_MAX_CONTENT_LEN
            int "TLS maximum message content length"
            default 16384
            range 512 16384
            depends on !MBEDTLS_ASYMMETRIC_CONTENT_LEN
            help
                Maximum TLS message length (in bytes) supported by mbedTLS.

                16384 is the default and this value is required to comply
                fully with TLS standards.

                However you can set a lower value in order to save RAM. This
                is safe if the other end of the connection supports Maximum
                Fragment Length Negotiation Extension (max_fragment_length,
                see RFC6066) or you know for certain that it will never send a
                message longer than a certain number of bytes.

                If the value is set too low, symptoms are a failed TLS
                handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD
                (-0x7200).

        config MBEDTLS_ASYMMETRIC_CONTENT_LEN
            bool "Asymmetric in/out fragment length"
            default y
            help
                If enabled, this option allows customizing TLS in/out fragment length
                in asymmetric way. Please note that enabling this with default values
                saves 12KB of dynamic memory per TLS connection.

        config MBEDTLS_SSL_IN_CONTENT_LEN
            int "TLS maximum incoming fragment length"
            default 16384
            range 512 16384
            depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN
            help
                This defines maximum incoming fragment length, overriding default
                maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN).

        config MBEDTLS_SSL_OUT_CONTENT_LEN
            int "TLS maximum outgoing fragment length"
            default 4096
            range 512 16384
            depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN
            help
                This defines maximum outgoing fragment length, overriding default
                maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN).

        config MBEDTLS_DYNAMIC_BUFFER
            bool "Using dynamic TX/RX buffer"
            default n
            select MBEDTLS_ASYMMETRIC_CONTENT_LEN
            # Dynamic buffer feature is not supported with DTLS
            depends on !IDF_TARGET_LINUX && !MBEDTLS_SSL_PROTO_DTLS && !MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
            help
                Using dynamic TX/RX buffer. After enabling this option, mbedTLS will
                allocate TX buffer when need to send data and then free it if all data
                is sent, allocate RX buffer when need to receive data and then free it
                when all data is used or read by upper layer.

                By default, when SSL is initialized, mbedTLS also allocate TX and
                RX buffer with the default value of "MBEDTLS_SSL_OUT_CONTENT_LEN" or
                "MBEDTLS_SSL_IN_CONTENT_LEN", so to save more heap, users can set
                the options to be an appropriate value.

        config MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
            bool "Free private key and DHM data after its usage"
            default n
            depends on MBEDTLS_DYNAMIC_BUFFER
            help
                Free private key and DHM data after its usage in handshake process.

                The option will decrease heap cost when handshake, but also lead to problem:

                Because all certificate, private key and DHM data are freed so users should register
                certificate and private key to ssl config object again.

        config MBEDTLS_DYNAMIC_FREE_CA_CERT
            bool "Free SSL CA certificate after its usage"
            default y
            depends on MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
            help
                Free CA certificate after its usage in the handshake process.
                This option will decrease the heap footprint for the TLS handshake, but may lead to a problem:
                If the respective ssl object needs to perform the TLS handshake again,
                the CA certificate should once again be registered to the ssl object.

        config MBEDTLS_VERSION_FEATURES
            bool "Enable mbedTLS version features"
            default n
            help
                Enable mbedTLS version features.
                This option allows Allow run-time checking of compile-time enabled features.
                Disabling this option will save some code size.

        config MBEDTLS_DEBUG
            bool "Enable mbedTLS debugging"
            default n
            help
                Enable mbedTLS debugging functions at compile time.

                If this option is enabled, you can include
                "mbedtls/esp_debug.h" and call mbedtls_esp_enable_debug_log()
                at runtime in order to enable mbedTLS debug output via the ESP
                log mechanism.

        choice MBEDTLS_DEBUG_LEVEL
            bool "Set mbedTLS debugging level"
            depends on MBEDTLS_DEBUG
            default MBEDTLS_DEBUG_LEVEL_VERBOSE
            help
                Set mbedTLS debugging level

            config MBEDTLS_DEBUG_LEVEL_WARN
                bool "Warning"
            config MBEDTLS_DEBUG_LEVEL_INFO
                bool "Info"
            config MBEDTLS_DEBUG_LEVEL_DEBUG
                bool "Debug"
            config MBEDTLS_DEBUG_LEVEL_VERBOSE
                bool "Verbose"
        endchoice

        config MBEDTLS_DEBUG_LEVEL
            int
            default 1 if MBEDTLS_DEBUG_LEVEL_WARN
            default 2 if MBEDTLS_DEBUG_LEVEL_INFO
            default 3 if MBEDTLS_DEBUG_LEVEL_DEBUG
            default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE

        config MBEDTLS_SELF_TEST
            bool "Enable mbedTLS self-test"
            default y
            help
                Enable mbedTLS self-test functions.
    endmenu # Core Configuration

    menu "Certificates"
        config MBEDTLS_X509_USE_C
            bool "Enable X.509 certificate support"
            default y
            help
                Enable X.509 certificate support.

        config MBEDTLS_PEM_PARSE_C
            bool "Read & Parse PEM formatted certificates"
            default y
            select MBEDTLS_BASE64_C
            help
                Enable decoding/parsing of PEM formatted certificates.

                If your certificates are all in the simpler DER format, disabling
                this option will save some code size.

        config MBEDTLS_PEM_WRITE_C
            bool "Write PEM formatted certificates"
            default y
            select MBEDTLS_BASE64_C
            help
                Enable writing of PEM formatted certificates.

                If writing certificate data only in DER format, disabling this
                option will save some code size.

        config MBEDTLS_PK_C
            bool "Enable generic public key layer"
            default y
            depends on MBEDTLS_MD_C && (MBEDTLS_RSA_C || MBEDTLS_ECP_C)
            help
                Enable support for generic public key layer.

        config MBEDTLS_PK_PARSE_C
            bool "Enables generic public key parsing functions"
            default y
            depends on MBEDTLS_ASN1_PARSE_C && MBEDTLS_PK_C && MBEDTLS_OID_C
            help
                Enable generic public key parsing functions.

        config MBEDTLS_PK_WRITE_C
            bool "Enables generic public key writing functions"
            default y
            depends on MBEDTLS_PK_C && MBEDTLS_OID_C && MBEDTLS_ASN1_WRITE_C
            help
                Enable generic public key writing functions.

        config MBEDTLS_X509_REMOVE_INFO
            bool "Remove X.509 debug info"
            default n
            help
                Removes mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt() and other
                functions/constants only used by these functions.
                This will save some code size.

        config MBEDTLS_X509_CRL_PARSE_C
            bool "X.509 CRL parsing"
            default y
            help
                Support for parsing X.509 Certificate Revocation Lists.

        config MBEDTLS_X509_CRT_PARSE_C
            bool "Enable X.509 certificate parsing"
            default y
            depends on MBEDTLS_X509_USE_C
            help
                Enable X.509 certificate parsing.
                This is required for TLS and DTLS.

        config MBEDTLS_X509_CSR_PARSE_C
            bool "X.509 CSR parsing"
            default y
            help
                Support for parsing X.509 Certificate Signing Requests

        config MBEDTLS_X509_CREATE_C
            bool "X.509 certificate creation"
            default n
            depends on MBEDTLS_BIGNUM_C && MBEDTLS_OID_C && \
                MBEDTLS_PK_WRITE_C && MBEDTLS_MD_C
            help
                Support for creating X.509 certificates and CSRs.

        config MBEDTLS_X509_CRT_WRITE_C
            bool "X.509 certificate writing"
            default y
            depends on MBEDTLS_X509_CREATE_C
            help
                Support for writing X.509 certificates

        config MBEDTLS_X509_CSR_WRITE_C
            bool "X.509 CSR writing"
            default y
            depends on MBEDTLS_X509_CREATE_C
            help
                Support for writing X.509 CSRs

        config MBEDTLS_X509_RSASSA_PSS_SUPPORT
            bool "X.509 PSS support"
            default y
            select MBEDTLS_PKCS1_V21
            depends on MBEDTLS_X509_CRL_PARSE_C || MBEDTLS_X509_CSR_PARSE_C || MBEDTLS_X509_CRT_PARSE_C
            help
                Support for parsing X.509 certificates with RSASSA-PSS signatures.

        config MBEDTLS_X509_TRUSTED_CERT_CALLBACK
            bool "Enable trusted certificate callbacks"
            default n
            help
                Enables users to configure the set of trusted certificates
                through a callback instead of a linked list.

                See mbedTLS documentation for required API and more details.

        config MBEDTLS_ASN1_PARSE_C
            bool "Enable ASN.1 parsing"
            default y
            help
                Enable ASN.1 parsing functions.

        config MBEDTLS_ASN1_WRITE_C
            bool "Enable ASN.1 writing"
            default y
            help
                Enable ASN.1 writing functions.

        config MBEDTLS_OID_C
            bool "Enable OID support"
            default y
            help
                Enable support for Object Identifier (OID) parsing and printing.
                This is used by X.509 and PKCS#11.

        config MBEDTLS_CERTIFICATE_BUNDLE
            bool "Enable trusted root certificate bundle"
            default y
            help
                Enable support for large number of default root certificates

                When enabled this option allows user to store default as well
                as customer specific root certificates in compressed format rather
                than storing full certificate. For the root certificates the public key and the subject name
                will be stored.

        menu "Certificate Bundle Configuration"
            depends on MBEDTLS_CERTIFICATE_BUNDLE
            choice MBEDTLS_DEFAULT_CERTIFICATE_BUNDLE
                bool "Default certificate bundle options"
                default MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL

                config MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL
                    bool "Use the full default certificate bundle"

                config MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN
                    bool "Use only the most common certificates from the default bundles"
                    help
                        Use only the most common certificates from the default bundles, reducing the size with 50%,
                        while still having around 99% coverage.

                config MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE
                    bool "Do not use the default certificate bundle"
            endchoice

            config MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE
                depends on MBEDTLS_CERTIFICATE_BUNDLE
                default n
                bool "Add custom certificates to the default bundle"

            config MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH
                depends on MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE
                string "Custom certificate bundle path"
                help
                    Name of the custom certificate directory or file. This path is evaluated
                    relative to the project root directory.

            config MBEDTLS_CERTIFICATE_BUNDLE_DEPRECATED_LIST
                bool "Add deprecated root certificates"
                depends on MBEDTLS_CERTIFICATE_BUNDLE && !MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE
                help
                    Include the deprecated list of root certificates in the bundle.
                    This list gets updated when a certificate is removed from the Mozilla's
                    NSS root certificate store. This config can be enabled if you would like
                    to ensure that none of the certificates that were deployed in the product
                    are affected because of the update to bundle. In turn, enabling this
                    setting keeps expired, retracted certificates in the bundle and it may
                    pose a security risk.
                    - Deprecated cert list may grow based based on sync with upstream bundle
                    - Deprecated certs would be removed in ESP-IDF (next) major release

            config MBEDTLS_CERTIFICATE_BUNDLE_MAX_CERTS
                int "Maximum no of certificates allowed in certificate bundle"
                default 200
                depends on MBEDTLS_CERTIFICATE_BUNDLE
        endmenu

        config MBEDTLS_ALLOW_WEAK_CERTIFICATE_VERIFICATION
            bool "Allow weak certificate verification"
            default n
            help
                This options allows weak certificate verification by skipping the hostname verification.
                It is not recommended to use this option.

        config MBEDTLS_CERTIFICATE_BUNDLE_CROSS_SIGNED_VERIFY
            bool "Support cross-signed certificate verification in certificate bundle"
            default n
            depends on MBEDTLS_CERTIFICATE_BUNDLE
            select MBEDTLS_X509_TRUSTED_CERT_CALLBACK
            help
                Enable support for cross-signed certificate verification in the certificate bundle.
                This feature uses an internal callback to verify the cross-signed certificates.
                This feature is kept disabled by default as enabling this feature increases
                heap usage by approximately 700 bytes.
    endmenu

    config MBEDTLS_TLS_ENABLED
        bool "Enable TLS protocol support"
        default y
        select MBEDTLS_CIPHER_C
        select MBEDTLS_SHA256_C
        select MBEDTLS_MD_C
        select MBEDTLS_SSL_PROTO_TLS1_2
        help
            Enable support for the TLS protocol, which is used for secure communication
            over networks. This option is required for most secure network protocols,
            including HTTPS, FTPS, and others.

            If you do not need TLS support, you can disable this option to save code size.

    menu "TLS Protocol Configuration"
        depends on MBEDTLS_TLS_ENABLED
        config MBEDTLS_SSL_PROTO_TLS1_2
            bool "Support TLS 1.2 protocol"
            depends on MBEDTLS_TLS_ENABLED
            default y

        config MBEDTLS_SSL_PROTO_TLS1_3
            bool "Support TLS 1.3 protocol"
            depends on MBEDTLS_TLS_ENABLED
            select MBEDTLS_HKDF_C
            select MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
            default n

        menu "TLS 1.3 Configuration"
            depends on MBEDTLS_SSL_PROTO_TLS1_3
            config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
                depends on MBEDTLS_SSL_PROTO_TLS1_3
                bool "TLS 1.3 middlebox compatibility mode"
                default y

            config MBEDTLS_SSL_TLS1_3_KEXM_PSK
                depends on MBEDTLS_SSL_PROTO_TLS1_3
                bool "TLS 1.3 PSK key exchange mode"
                default y

            config MBEDTLS_SSL_TLS1_3_KEXM_EPHEMERAL
                depends on MBEDTLS_SSL_PROTO_TLS1_3
                bool "TLS 1.3 ephemeral key exchange mode"
                default y

            config MBEDTLS_SSL_TLS1_3_KEXM_PSK_EPHEMERAL
                depends on MBEDTLS_SSL_PROTO_TLS1_3
                bool "TLS 1.3 PSK ephemeral key exchange mode"
                default y

            config MBEDTLS_SSL_EARLY_DATA
                depends on MBEDTLS_SSL_PROTO_TLS1_3
                bool "TLS 1.3 early data"
                default n
                depends on MBEDTLS_CLIENT_SSL_SESSION_TICKETS && \
                    (MBEDTLS_SSL_TLS1_3_KEXM_PSK || MBEDTLS_SSL_TLS1_3_KEXM_EPHEMER)
                help
                    Enable support for TLS 1.3 early data (0-RTT).
        endmenu

        config MBEDTLS_SSL_PROTO_GMTSSL1_1
            bool "Support GM/T SSL 1.1 protocol"
            depends on MBEDTLS_TLS_ENABLED
            default n
            help
                Provisions for GM/T SSL 1.1 support

        config MBEDTLS_TLS_SERVER
            bool

        config MBEDTLS_TLS_CLIENT
            bool

        choice MBEDTLS_TLS_MODE
            bool "TLS Protocol Role"
            default MBEDTLS_TLS_SERVER_AND_CLIENT
            help
                mbedTLS can be compiled with protocol support for the TLS
                server, TLS client, or both server and client.

                Reducing the number of TLS roles supported saves code size.

            config MBEDTLS_TLS_SERVER_AND_CLIENT
                bool "Server & Client"
                select MBEDTLS_TLS_SERVER
                select MBEDTLS_TLS_CLIENT

            config MBEDTLS_TLS_SERVER_ONLY
                bool "Server"
                select MBEDTLS_TLS_SERVER

            config MBEDTLS_TLS_CLIENT_ONLY
                bool "Client"
                select MBEDTLS_TLS_CLIENT

            config MBEDTLS_TLS_DISABLED
                bool "None"
        endchoice

        config MBEDTLS_SSL_CID_PADDING_GRANULARITY
            int "Record plaintext padding"
            default 16
            range 0 32
            depends on MBEDTLS_SSL_PROTO_TLS1_3 || MBEDTLS_SSL_DTLS_CONNECTION_ID
            help
                Controls the use of record plaintext padding in TLS 1.3 and
                when using the Connection ID extension in DTLS 1.2.

                The padding will always be chosen so that the length of the
                padded plaintext is a multiple of the value of this option.

                Notes:
                A value of 1 means that no padding will be used for outgoing records.
                On systems lacking division instructions, a power of two should be preferred.

        config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
            bool "Keep peer certificate after handshake completion"
            default n
            help
                Keep the peer's certificate after completion of the handshake.
                Disabling this option will save about 4kB of heap and some code size.

                See mbedTLS documentation for required API and more details.

        config MBEDTLS_SSL_CONTEXT_SERIALIZATION
            bool "Enable serialization of the TLS context structures"
            default n
            depends on MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C
            help
                Enable serialization of the TLS context structures
                This is a local optimization in handling a single, potentially long-lived connection.

                See mbedTLS documentation for required API and more details.
                Disabling this option will save some code and RAM size.

        config MBEDTLS_SSL_CACHE_C
            bool "Enable SSL session cache"
            default y
            help
                Enable simple SSL session cache implementation.

        config MBEDTLS_SSL_ALL_ALERT_MESSAGES
            bool "Enable all TLS alert messages"
            default y
            help
                Enable all TLS alert messages in case of encountered errors as per RFC.
                If disabled, Mbed TLS can still communicate with other servers, only debugging of failures is harder.
                The advantage of not sending alert messages, is that no information is given about reasons for failures
                thus preventing adversaries of gaining intel.

        menu "TLS Key Exchange Configuration"
            depends on MBEDTLS_TLS_ENABLED
            config MBEDTLS_PSK_MODES
                bool "Enable pre-shared-key ciphersuites"
                default n
                help
                    Enable to show configuration for different types of pre-shared-key TLS authentatication methods.

                    Leaving this options disabled will save code size if they are not used.

            config MBEDTLS_KEY_EXCHANGE_PSK
                bool "Enable PSK based ciphersuite modes"
                depends on MBEDTLS_PSK_MODES
                default n
                help
                    Enable to support symmetric key PSK (pre-shared-key) TLS key exchange modes.

            config MBEDTLS_KEY_EXCHANGE_DHE_PSK
                bool "Enable DHE-PSK based ciphersuite modes"
                depends on MBEDTLS_PSK_MODES && MBEDTLS_DHM_C
                default y
                help
                    Enable to support Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.

            config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
                bool "Enable ECDHE-PSK based ciphersuite modes"
                depends on MBEDTLS_PSK_MODES && MBEDTLS_ECDH_C
                default y
                help
                    Enable to support Elliptic-Curve-Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.

            config MBEDTLS_KEY_EXCHANGE_RSA_PSK
                bool "Enable RSA-PSK based ciphersuite modes"
                depends on MBEDTLS_PSK_MODES
                default y
                help
                    Enable to support RSA PSK (pre-shared-key) TLS authentication modes.

            config MBEDTLS_KEY_EXCHANGE_RSA
                bool "Enable RSA-only based ciphersuite modes"
                default y
                help
                    Enable to support ciphersuites with prefix TLS-RSA-WITH-

            config MBEDTLS_KEY_EXCHANGE_DHE_RSA
                bool "Enable DHE-RSA based ciphersuite modes"
                default y
                depends on MBEDTLS_DHM_C
                help
                    Enable to support ciphersuites with prefix TLS-DHE-RSA-WITH-

            config MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE
                bool "Support Elliptic Curve based ciphersuites"
                depends on MBEDTLS_ECP_C
                default y
                help
                    Enable to show Elliptic Curve based ciphersuite mode options.
                    Disabling all Elliptic Curve ciphersuites saves code size and
                    can give slightly faster TLS handshakes, provided the server supports
                    RSA-only ciphersuite modes.

            config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
                bool "Enable ECDHE-RSA based ciphersuite modes"
                depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C
                default y
                help
                    Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-

            config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
                bool "Enable ECDHE-ECDSA based ciphersuite modes"
                depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
                default y
                help
                    Enable to support ciphersuites with prefix TLS-ECDHE-ECDSA-WITH-

            config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
                bool "Enable ECDH-ECDSA based ciphersuite modes"
                depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
                default y
                help
                    Enable to support ciphersuites with prefix TLS-ECDH-ECDSA-WITH-

            config MBEDTLS_KEY_EXCHANGE_ECDH_RSA
                bool "Enable ECDH-RSA based ciphersuite modes"
                depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C
                default y
                help
                    Enable to support ciphersuites with prefix TLS-ECDH-RSA-WITH-

            config MBEDTLS_KEY_EXCHANGE_ECJPAKE
                bool "Enable ECJPAKE based ciphersuite modes"
                depends on MBEDTLS_ECJPAKE_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED
                default n
                help
                    Enable to support ciphersuites with prefix TLS-ECJPAKE-WITH-
        endmenu

        config MBEDTLS_SSL_SERVER_NAME_INDICATION
            bool "Enable server name indication"
            default y
            depends on MBEDTLS_X509_CRT_PARSE_C
            help
                Enable support for RFC 6066 server name indication (SNI).

        config MBEDTLS_SSL_ALPN
            bool "Support ALPN (Application Layer Protocol Negotiation)"
            depends on MBEDTLS_TLS_ENABLED
            default y
            help
                Disabling this option will save some code size if it is not needed.

        config MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
            bool "Enable support for TLS max fragment length extension"
            default y
            help
                Enable support for the TLS max fragment length extension.

        config MBEDTLS_SSL_RECORD_SIZE_LIMIT
            bool "Enable support for record size limit"
            default n
            depends on MBEDTLS_SSL_PROTO_TLS1_3
            help
                Enable support for record size limit in TLS 1.3.

        config MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
            bool "Variable SSL buffer length"
            default n
            help
                This enables the SSL buffer to be resized automatically
                based on the negotiated maximum fragment length in each direction.

        config MBEDTLS_SSL_RENEGOTIATION
            bool "Support TLS renegotiation"
            depends on MBEDTLS_TLS_ENABLED && MBEDTLS_SSL_PROTO_TLS1_2
            default y
            help
                The two main uses of renegotiation are (1) refresh keys on long-lived
                connections and (2) client authentication after the initial handshake.
                If you don't need renegotiation, disabling it will save code size and
                reduce the possibility of abuse/vulnerability.

        config MBEDTLS_CLIENT_SSL_SESSION_TICKETS
            bool "TLS: Client Support for RFC 5077 SSL session tickets"
            default y
            depends on MBEDTLS_TLS_ENABLED
            help
                Client support for RFC 5077 session tickets. See mbedTLS documentation for more details.
                Disabling this option will save some code size.

        config MBEDTLS_SERVER_SSL_SESSION_TICKETS
            bool "TLS: Server Support for RFC 5077 SSL session tickets"
            default y
            depends on MBEDTLS_TLS_ENABLED && (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
            help
                Server support for RFC 5077 session tickets. See mbedTLS documentation for more details.
                Disabling this option will save some code size.

        config MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
            bool "Enable keying material export"
            default n
            depends on MBEDTLS_TLS_ENABLED
            help
                Enable shared symmetric keys export for TLS sessions using mbedtls_ssl_export_keying_material()
                after SSL handshake. The process for deriving the keys is specified in RFC 5705 for TLS 1.2
                and in RFC 8446, Section 7.5, for TLS 1.3.
    endmenu

    config MBEDTLS_SSL_PROTO_DTLS
        bool "Support DTLS protocol (all versions)"
        default n
        depends on MBEDTLS_SSL_PROTO_TLS1_2
        help
            Requires TLS 1.2 to be enabled for DTLS 1.2

    menu "DTLS-based configurations"
        depends on MBEDTLS_SSL_PROTO_DTLS

        config MBEDTLS_SSL_COOKIE_C
            bool "Enable SSL session cookie"
            default y
            help
                Enable basic DTLS cookie implementation for hello verification.

        config MBEDTLS_SSL_DTLS_CONNECTION_ID
            bool "Support for the DTLS Connection ID extension"
            default n
            help
                Enable support for the DTLS Connection ID extension which allows to
                identify DTLS connections across changes in the underlying transport.

        config MBEDTLS_SSL_CID_IN_LEN_MAX
            int "Maximum length of CIDs used for incoming DTLS messages"
            default 32
            range 0 32
            depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
            help
                Maximum length of CIDs used for incoming DTLS messages

        config MBEDTLS_SSL_CID_OUT_LEN_MAX
            int "Maximum length of CIDs used for outgoing DTLS messages"
            default 32
            range 0 32
            depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
            help
                Maximum length of CIDs used for outgoing DTLS messages

        config MBEDTLS_SSL_DTLS_SRTP
            bool "Enable support for negotiation of DTLS-SRTP (RFC 5764)"
            default n
            help
                Enable support for negotiation of DTLS-SRTP (RFC 5764) through the use_srtp extension.

                See mbedTLS documentation for required API and more details.
                Disabling this option will save some code size.
    endmenu

    config MBEDTLS_CIPHER_C
        bool "Cipher abstraction layer"
        default y
        help
            Enable the cipher abstraction layer. This enables generic cipher wrappers
            for the block ciphers and stream ciphers.
            If you are not using the cipher abstraction layer, you can disable this
            option to save some code size.

    menu "Symmetric Ciphers"
        config MBEDTLS_AES_C
            bool "AES block cipher"
            default y

        config MBEDTLS_CAMELLIA_C
            bool "Camellia block cipher"
            default n

        config MBEDTLS_ARIA_C
            bool "ARIA block cipher"
            default y

        config MBEDTLS_CAMELLIA_SMALL_MEMORY
            bool "Use small memory implementation of Camellia"
            default n
            depends on MBEDTLS_CAMELLIA_C
            help
                Reduces ROM usage of the Camellia implementation

        config MBEDTLS_DES_C
            bool "DES block cipher (legacy, insecure)"
            default n
            help
                Enables the DES block cipher to support 3DES-based TLS ciphersuites.

                3DES is vulnerable to the Sweet32 attack and should only be enabled
                if absolutely necessary.

        config MBEDTLS_BLOWFISH_C
            bool "Blowfish block cipher (read help)"
            default n
            help
                Enables the Blowfish block cipher (not used for TLS sessions.)

                The Blowfish cipher is not used for mbedTLS TLS sessions but can be
                used for other purposes. Read up on the limitations of Blowfish (including
                Sweet32) before enabling.

        config MBEDTLS_XTEA_C
            bool "XTEA block cipher"
            default n
            help
                Enables the XTEA block cipher.

        config MBEDTLS_CCM_C
            bool "CCM (Counter with CBC-MAC) block cipher modes"
            default y
            depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
            help
                Enable Counter with CBC-MAC (CCM) modes for AES and/or Camellia ciphers.

                Disabling this option saves some code size.

        config MBEDTLS_CIPHER_MODE_CBC
            bool "CBC (Cipher Block Chaining) block cipher modes"
            default y
            depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
            help
                Enable Cipher Block Chaining (CBC) modes for AES and/or Camellia ciphers.

        config MBEDTLS_CIPHER_MODE_CFB
            bool "CFB (Cipher Feedback) block cipher modes"
            default y
            depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
            help
                Enable Cipher Feedback (CFB) modes for AES and/or Camellia ciphers.

        config MBEDTLS_CIPHER_MODE_CTR
            bool "CTR (Counter) block cipher modes"
            default y
            depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
            help
                Enable Counter (CTR) modes for AES and/or Camellia ciphers.

        config MBEDTLS_CIPHER_MODE_OFB
            bool "OFB (Output Feedback) block cipher modes"
            default y
            depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
            help
                Enable Output Feedback (OFB) modes for AES and/or Camellia ciphers.

        config MBEDTLS_CIPHER_MODE_XTS
            bool "XTS (XEX Tweakable Block Cipher with Ciphertext Stealing) block cipher modes"
            default y
            depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
            help
                Enable XEX Tweakable Block Cipher with Ciphertext Stealing (XTS) modes
                for AES and/or Camellia ciphers.

        config MBEDTLS_GCM_C
            bool "GCM (Galois/Counter) block cipher modes"
            default y
            depends on (MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C) && MBEDTLS_CIPHER_C
            help
                Enable Galois/Counter Mode for AES and/or Camellia ciphers.

                This option is generally faster than CCM.

        config MBEDTLS_NIST_KW_C
            bool "NIST key wrapping (KW) and KW padding (KWP)"
            default n
            depends on MBEDTLS_AES_C && MBEDTLS_CIPHER_C
            help
                Enable NIST key wrapping and key wrapping padding.

        config MBEDTLS_CIPHER_PADDING
            bool "Cipher padding"
            default y
            depends on MBEDTLS_CIPHER_MODE_CBC || MBEDTLS_CIPHER_MODE_CFB || MBEDTLS_CIPHER_MODE_OFB
            help
                Enable padding for block ciphers.

                Padding is only used for block ciphers in CBC, CFB, CTR and OFB modes.
                If you are using a stream cipher or a block cipher in ECB mode, you can
                disable this option to save code size.

        config MBEDTLS_CIPHER_PADDING_PKCS7
            bool "PKCS#7 padding"
            default y
            depends on MBEDTLS_CIPHER_PADDING && \
                (MBEDTLS_CIPHER_MODE_CBC || MBEDTLS_CIPHER_MODE_CFB || MBEDTLS_CIPHER_MODE_OFB)
            help
                Enable PKCS#7 padding for block ciphers.

        config MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
            bool "One and zeros padding"
            default y
            depends on MBEDTLS_CIPHER_PADDING && \
                (MBEDTLS_CIPHER_MODE_CBC || MBEDTLS_CIPHER_MODE_CFB || MBEDTLS_CIPHER_MODE_OFB)
            help
                Enable one and zeros padding for block ciphers.

        config MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
            bool "Zeros and length padding"
            default y
            depends on MBEDTLS_CIPHER_PADDING && \
                (MBEDTLS_CIPHER_MODE_CBC || MBEDTLS_CIPHER_MODE_CFB || MBEDTLS_CIPHER_MODE_OFB)
            help
                Enable zeros and length padding for block ciphers.

        config MBEDTLS_CIPHER_PADDING_ZEROS
            bool "Zeros padding"
            default y
            depends on MBEDTLS_CIPHER_PADDING && \
                (MBEDTLS_CIPHER_MODE_CBC || MBEDTLS_CIPHER_MODE_CFB || MBEDTLS_CIPHER_MODE_OFB)
            help
                Enable zeros padding for block ciphers.

        config MBEDTLS_AES_ROM_TABLES
            bool "Store AES tables in ROM"
            default y
            help
                Store the AES tables in ROM instead of generating them at runtime.
                Using precomputed ROM tables reduces RAM usage, but increases
                flash usage.

        config MBEDTLS_AES_FEWER_TABLES
            bool "Use fewer AES tables"
            default n
            help
                Use fewer AES tables to reduce ROM/RAM usage.
                Using fewer tables increases the time taken to generate the tables
                at runtime, but reduces ROM/RAM usage.

        config MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
            bool "Only support 128-bit AES keys"
            default n
            help
                Only support 128-bit AES keys.
                This reduces code size, but disables support for 192-bit and
                256-bit AES keys.

        config MBEDTLS_CMAC_C
            bool "Enable CMAC mode for block ciphers"
            default y
            select MBEDTLS_CIPHER_C
            depends on (MBEDTLS_AES_C || MBEDTLS_DES_C)
            help
                Enable the CMAC (Cipher-based Message Authentication Code) mode for
                block ciphers.
    endmenu

    menu "Asymmetric Ciphers"
        config MBEDTLS_BIGNUM_C
            bool "Enable multiple precision integer (bignum) support"
            default y
            help
                Enable support for multiple precision integer (bignum) operations.

                This is required for RSA, DSA, DHM, ECDH and ECDSA.

                If you don't need any of these algorithms, you can disable this option
                to save code size.

        config MBEDTLS_GENPRIME
            bool "Enable hardware prime number generation"
            default y
            depends on MBEDTLS_BIGNUM_C
            help
                Enable prime number generation.

        config MBEDTLS_RSA_C
            bool "RSA public key cryptosystem"
            default y
            select MBEDTLS_BIGNUM_C
            select MBEDTLS_OID_C
            help
                Enable RSA. Needed to use RSA-xxx TLS ciphersuites.

        config MBEDTLS_ECP_C
            bool  "Enable Elliptic Curve Ciphers(ECC) support"
            default y
        menu "Supported Curves"
            config MBEDTLS_ECP_DP_SECP192R1_ENABLED
                bool "Enable SECP192R1 curve"
                depends on MBEDTLS_ECP_C
                default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
                help
                        Enable support for SECP192R1 Elliptic Curve.

            config MBEDTLS_ECP_DP_SECP224R1_ENABLED
                bool "Enable SECP224R1 curve"
                depends on MBEDTLS_ECP_C
                default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
                help
                        Enable support for SECP224R1 Elliptic Curve.

            config MBEDTLS_ECP_DP_SECP256R1_ENABLED
                bool "Enable SECP256R1 curve"
                depends on MBEDTLS_ECP_C
                default y
                help
                        Enable support for SECP256R1 Elliptic Curve.

            config MBEDTLS_ECP_DP_SECP384R1_ENABLED
                bool "Enable SECP384R1 curve"
                depends on MBEDTLS_ECP_C
                default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
                help
                        Enable support for SECP384R1 Elliptic Curve.

            config MBEDTLS_ECP_DP_SECP521R1_ENABLED
                bool "Enable SECP521R1 curve"
                depends on MBEDTLS_ECP_C
                default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
                help
                        Enable support for SECP521R1 Elliptic Curve.

            config MBEDTLS_ECP_DP_SECP192K1_ENABLED
                bool "Enable SECP192K1 curve"
                depends on MBEDTLS_ECP_C
                default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
                help
                        Enable support for SECP192K1 Elliptic Curve.

            config MBEDTLS_ECP_DP_SECP224K1_ENABLED
                bool "Enable SECP224K1 curve"
                depends on MBEDTLS_ECP_C
                default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
                help
                        Enable support for SECP224K1 Elliptic Curve.

            config MBEDTLS_ECP_DP_SECP256K1_ENABLED
                bool "Enable SECP256K1 curve"
                depends on MBEDTLS_ECP_C
                default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
                help
                        Enable support for SECP256K1 Elliptic Curve.

            config MBEDTLS_ECP_DP_BP256R1_ENABLED
                bool "Enable BP256R1 curve"
                depends on MBEDTLS_ECP_C
                default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
                help
                        support for DP Elliptic Curve.

            config MBEDTLS_ECP_DP_BP384R1_ENABLED
                bool "Enable BP384R1 curve"
                depends on MBEDTLS_ECP_C
                default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
                help
                        support for DP Elliptic Curve.

            config MBEDTLS_ECP_DP_BP512R1_ENABLED
                bool "Enable BP512R1 curve"
                depends on MBEDTLS_ECP_C
                default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
                help
                        support for DP Elliptic Curve.

            config MBEDTLS_ECP_DP_CURVE25519_ENABLED
                bool "Enable CURVE25519 curve"
                depends on MBEDTLS_ECP_C
                default y if !(MBEDTLS_ATCA_HW_ECDSA_SIGN || MBEDTLS_ATCA_HW_ECDSA_VERIFY)
                help
                        Enable support for CURVE25519 Elliptic Curve.
        endmenu

        menu "Elliptic Curve Ciphers Configuration"
            depends on MBEDTLS_ECP_C
            config MBEDTLS_ECP_NIST_OPTIM
                bool "NIST 'modulo p' optimisations"
                depends on MBEDTLS_ECP_C
                default y
                help
                        NIST 'modulo p' optimisations increase Elliptic Curve operation performance.

                        Disabling this option saves some code size.

            config MBEDTLS_ECP_FIXED_POINT_OPTIM
                bool "Enable fixed-point multiplication optimisations"
                depends on MBEDTLS_ECP_C
                default n
                help
                        This configuration option enables optimizations to speedup (about 3 ~ 4 times) the ECP
                        fixed point multiplication using pre-computed tables in the flash memory.
                        Enabling this configuration option increases the flash footprint
                        (about 29KB if all Elliptic Curve selected) in the application binary.

            config MBEDTLS_ECDH_LEGACY_CONTEXT
                bool "Use a backward compatible ECDH context (Experimental)"
                default n
                depends on MBEDTLS_ECDH_C && MBEDTLS_ECP_RESTARTABLE
                help
                        Use the legacy ECDH context format.
                        Define this option only if you enable MBEDTLS_ECP_RESTARTABLE or if you
                        want to access ECDH context fields directly.

            config MBEDTLS_DHM_C
                bool "Diffie-Hellman-Merkle key exchange (DHM)"
                default y
                select MBEDTLS_BIGNUM_C
                depends on MBEDTLS_ECP_C
                help
                        Enable DHM. Needed to use DHE-xxx TLS ciphersuites.

                        Note that the security of Diffie-Hellman key exchanges depends on
                        a suitable prime being used for the exchange. Please see detailed
                        warning text about this in file `mbedtls/dhm.h` file.

            config MBEDTLS_ECDH_C
                bool "Elliptic Curve Diffie-Hellman (ECDH)"
                depends on MBEDTLS_ECP_C
                default y
                help
                        Enable ECDH. Needed to use ECDHE-xxx TLS ciphersuites.

            config MBEDTLS_ECJPAKE_C
                bool "Elliptic curve J-PAKE"
                depends on MBEDTLS_ECP_C
                default n
                help
                        Enable ECJPAKE. Needed to use ECJPAKE-xxx TLS ciphersuites.

            config MBEDTLS_ECDSA_C
                bool "Elliptic Curve DSA"
                depends on MBEDTLS_ECDH_C && MBEDTLS_ECP_C
                select MBEDTLS_ASN1_WRITE_C
                select MBEDTLS_ASN1_PARSE_C
                default y
                help
                        Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites.

            config MBEDTLS_PK_PARSE_EC_EXTENDED
                bool "Enhance support for reading EC keys"
                default y
                depends on MBEDTLS_ECP_C
                help
                        Enhance support for reading EC keys using variants of SEC1 not allowed by
                        RFC 5915 and RFC 5480.

            config MBEDTLS_PK_PARSE_EC_COMPRESSED
                bool "Enable the support for parsing public keys of type Short Weierstrass"
                default y
                depends on MBEDTLS_ECP_C
                help
                        Enable the support for parsing public keys of type Short Weierstrass
                        (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX) which are using the
                        compressed point format. This parsing is done through ECP module's functions.
                        depends on MBEDTLS_ECP_C

            config MBEDTLS_ECDSA_DETERMINISTIC
                bool "Enable deterministic ECDSA"
                default y
                help
                        Standard ECDSA is "fragile" in the sense that lack of entropy when signing
                        may result in a compromise of the long-term signing key.

            config MBEDTLS_ECP_RESTARTABLE
                bool "Enable mbedTLS ecp restartable"
                select MBEDTLS_ECDH_LEGACY_CONTEXT
                depends on MBEDTLS_ECP_C
                default n
                help
                        Enable "non-blocking" ECC operations that can return early and be resumed.
        endmenu
    endmenu

    menu "Hash functions"
        config MBEDTLS_HKDF_C
            bool "HKDF algorithm (RFC 5869)"
            default n
            depends on MBEDTLS_MD_C
            help
                Enable support for the Hashed Message Authentication Code
                (HMAC)-based key derivation function (HKDF).

        config MBEDTLS_POLY1305_C
            bool "Poly1305 MAC algorithm"
            default n
            help
                Enable support for Poly1305 MAC algorithm.

        config MBEDTLS_RIPEMD160_C
            bool "Enable RIPEMD-160 hash algorithm"
            default n
            help
                Enable the RIPEMD-160 hash algorithm.

        config MBEDTLS_MD_C
            bool "Enable message digest support"
            default y
            depends on MBEDTLS_MD5_C || MBEDTLS_RIPEMD160_C || MBEDTLS_SHA1_C || \
                MBEDTLS_SHA224_C || MBEDTLS_SHA256_C || MBEDTLS_SHA384_C || MBEDTLS_SHA512_C
            help
                Enable generic layer for message digest algorithms.

        config MBEDTLS_MD5_C
            bool "Enable the MD5 cryptographic hash algorithm"
            default y
            help
                Enables support for MD5.
                This module is required for TLS 1.2 depending on the handshake parameters.
                Further, it is used for checking MD5-signed certificates, and for PBKDF1
                when decrypting PEM-encoded encrypted keys.
                MD5 is considered a weak message digest and its use constitutes
                a security risk. If possible, consider stronger message digests
                such as SHA-256 (part of the SHA-2 family).

        config MBEDTLS_SHA1_C
            bool "Enable the SHA-1 cryptographic hash algorithm"
            default y
            help
                Enabling MBEDTLS_SHA1_C adds support for SHA-1.
                SHA-1 is considered a weak message digest and its use constitutes
                a security risk.
                Disabling this configuration option could impact TLS 1.2 / Wi-Fi Enterprise compatibility
                with certain older certificates that rely on SHA-1 for digital signatures.
                Before proceeding, ensure that all your certificates are using stronger hash algorithms,
                such as SHA-256 (part of the SHA-2 family).
                If you're using older certificates or if you're unsure about the impact on your product,
                please consider testing the changes in a controlled environment for individual features
                like OTA updates, cloud connectivity, secure local control, etc.

        config MBEDTLS_SHA224_C
            bool "Enable the SHA-224 cryptographic hash algorithm"
            default n
            help
                Enable MBEDTLS_SHA224_C adds support for SHA-224.

        config MBEDTLS_SHA256_C
            bool "Enable the SHA-256 cryptographic hash algorithm"
            default y
            help
                Enable MBEDTLS_SHA256_C adds support for SHA-256.

        config MBEDTLS_SHA384_C
            bool "Enable the SHA-384 cryptographic hash algorithm"
            default y
            help
                Enable MBEDTLS_SHA384_C adds support for SHA-384.

        config MBEDTLS_SHA512_C
            bool "Enable the SHA-384 and SHA-512 cryptographic hash algorithms"
            default y
            help
                Enable MBEDTLS_SHA512_C adds support for SHA-512.

        config MBEDTLS_SHA3_C
            bool "Enable the SHA3 cryptographic hash algorithm"
            default y
            help
                Enabling MBEDTLS_SHA3_C adds support for SHA3.
                Enabling this configuration option increases the flash footprint
                by almost 4KB.

        config MBEDTLS_ROM_MD5
            bool "Use MD5 implementation in ROM"
            default y
            help
                Use ROM MD5 in mbedTLS.

        config MBEDTLS_SHA256_SMALLER
            bool "Enable SHA-256 smaller implementation"
            default n
            depends on !MBEDTLS_HARDWARE_SHA && MBEDTLS_SHA256_C
            help
                Enable a smaller implementation of SHA-256 that has lower ROM footprint
                but is slower than the default implementation.

        config MBEDTLS_SHA512_SMALLER
            bool "Enable SHA-512 smaller implementation"
            default n
            depends on !MBEDTLS_HARDWARE_SHA && MBEDTLS_SHA512_C
            help
                Enable a smaller implementation of SHA-512 that has lower ROM footprint
                but is slower than the default implementation.
    endmenu

    menu "Hardware Acceleration"
        config MBEDTLS_HARDWARE_ECDSA_VERIFY
            bool "Enable ECDSA signature verification using on-chip ECDSA peripheral"
            default y
            depends on SOC_ECDSA_SUPPORTED
            help
                Enable hardware accelerated ECDSA peripheral to verify signature
                on curve SECP192R1 and SECP256R1 in mbedTLS.

        menu "Enable Software Countermeasure for ECDSA signing using on-chip ECDSA peripheral"
            depends on MBEDTLS_HARDWARE_ECDSA_SIGN
            depends on IDF_TARGET_ESP32H2
            config MBEDTLS_HARDWARE_ECDSA_SIGN_MASKING_CM
                bool "Mask original ECDSA sign operation under dummy sign operations"
                select HAL_ECDSA_GEN_SIG_CM
                default y
                help
                    The ECDSA peripheral before ESP32-H2 v1.2 does not offer constant time ECDSA sign operation.
                    This time can be observed through power profiling of the device,
                    making the ECDSA private key vulnerable to side-channel timing attacks.
                    This countermeasure masks the real ECDSA sign operation
                    under dummy sign operations to add randomness in the generated power signature.
                    It is highly recommended to also enable Secure Boot for the device
                    in addition to this countermeasure so that only trusted software can execute on the device.
                    This countermeasure can be safely disabled for ESP32-H2 v1.2 and above.

            config MBEDTLS_HARDWARE_ECDSA_SIGN_CONSTANT_TIME_CM
                bool "Make ECDSA signature operation pseudo constant time for software"
                default y
                help
                    This option adds a delay after the actual ECDSA signature operation
                    so that the entire operation appears to be constant  time for the software.
                    This fix helps in protecting the device only in case of remote timing attack
                    on the ECDSA private key.
                    For e.g., When an interface is exposed by the device to perform ECDSA signature
                    of an arbitrary message.
                    The signature time would appear to be constant to the external entity after enabling
                    this option.
                    This countermeasure can be safely disabled for ESP32-H2 v1.2 and above.
        endmenu

        config MBEDTLS_HARDWARE_ECDSA_SIGN
            bool "Enable ECDSA signing using on-chip ECDSA peripheral"
            default n
            depends on SOC_ECDSA_SUPPORTED
            help
                Enable hardware accelerated ECDSA peripheral to sign data
                on curve SECP192R1 and SECP256R1 in mbedTLS.

                Note that for signing, the private key has to be burnt in an efuse key block
                with key purpose set to ECDSA_KEY.
                If no key is burnt, it will report an error

                The key should be burnt in little endian format. espefuse utility handles it internally
                but care needs to be taken while burning using esp_efuse APIs

        config MBEDTLS_TEE_SEC_STG_ECDSA_SIGN
            bool "Enable ECDSA signing using TEE secure storage"
            default y
            depends on SECURE_ENABLE_TEE

        config MBEDTLS_HARDWARE_ECC
            bool "Enable hardware ECC acceleration"
            default y
            depends on SOC_ECC_SUPPORTED
            help
                Enable hardware accelerated ECC point multiplication and point verification for points
                on curve SECP192R1 and SECP256R1 in mbedTLS

        config MBEDTLS_ECC_OTHER_CURVES_SOFT_FALLBACK
            bool "Fallback to software implementation for curves not supported in hardware"
            depends on MBEDTLS_HARDWARE_ECC
            default y
            help
                Fallback to software implementation of ECC point multiplication and point verification
                for curves not supported in hardware.

        config MBEDTLS_HARDWARE_SHA
            bool "Enable hardware SHA acceleration"
            default y
            depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_SHA_SUPPORTED
            help
                Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS.

                Due to a hardware limitation, on the ESP32 hardware acceleration is only
                guaranteed if SHA digests are calculated one at a time. If more
                than one SHA digest is calculated at the same time, one will
                be calculated fully in hardware and the rest will be calculated
                (at least partially calculated) in software. This happens automatically.

                SHA hardware acceleration is faster than software in some situations but
                slower in others. You should benchmark to find the best setting for you.

        config MBEDTLS_HARDWARE_MPI
            bool "Enable hardware MPI (bignum) acceleration"
            default y
            depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_MPI_SUPPORTED && MBEDTLS_BIGNUM_C
            help
                Enable hardware accelerated multiple precision integer operations.

                Hardware accelerated multiplication, modulo multiplication,
                and modular exponentiation for up to SOC_RSA_MAX_BIT_LEN bit results.

                These operations are used by RSA.

        config MBEDTLS_LARGE_KEY_SOFTWARE_MPI
            bool "Fallback to software implementation for larger MPI values"
            depends on MBEDTLS_HARDWARE_MPI
            default y if SOC_RSA_MAX_BIT_LEN <= 3072 # HW max 3072 bits
            default n
            help
                Fallback to software implementation for RSA key lengths
                larger than SOC_RSA_MAX_BIT_LEN. If this is not active
                then the ESP will be unable to process keys greater
                than SOC_RSA_MAX_BIT_LEN.

        config MBEDTLS_MPI_USE_INTERRUPT
            bool "Use interrupt for MPI exp-mod operations"
            depends on !IDF_TARGET_ESP32 && MBEDTLS_HARDWARE_MPI
            default y
            help
                Use an interrupt to coordinate long MPI operations.

                This allows other code to run on the CPU while an MPI operation is pending.
                Otherwise the CPU busy-waits.

        config MBEDTLS_MPI_INTERRUPT_LEVEL
            int "MPI hardware interrupt level"
            default 0
            depends on MBEDTLS_MPI_USE_INTERRUPT
            range 0 3
            help
                This config helps to set the interrupt priority level for the MPI peripheral.
                Value 0 (default) means that there is no preference regarding the interrupt
                priority level and any level from 1 to 3 can be selected (based on the availability).
                Note: Higher value indicates high interrupt priority.

        config MBEDTLS_HARDWARE_AES
            bool "Enable hardware AES acceleration"
            default y
            depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_AES_SUPPORTED
            help
                Enable hardware accelerated AES encryption & decryption.

                Note that if the ESP32 CPU is running at 240MHz, hardware AES does not
                offer any speed boost over software AES.

        config MBEDTLS_HARDWARE_GCM
            bool "Enable partially hardware accelerated GCM"
            depends on SOC_AES_SUPPORT_GCM && MBEDTLS_HARDWARE_AES
            default y
            help
                Enable partially hardware accelerated GCM. GHASH calculation is still done
                in software.

                If MBEDTLS_HARDWARE_GCM is disabled and MBEDTLS_HARDWARE_AES is enabled then
                mbedTLS will still use the hardware accelerated AES block operation, but
                on a single block at a time.

        config MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER
            bool "Enable support for non-AES ciphers in GCM operation"
            depends on MBEDTLS_HARDWARE_AES
            default y
            help
                Enable this config to support fallback to software definitions for a non-AES
                cipher GCM operation as we support hardware acceleration only for AES cipher.
                Some of the non-AES ciphers used in a GCM operation are DES, ARIA, CAMELLIA,
                CHACHA20, BLOWFISH.

                If this config is disabled, performing a non-AES cipher GCM operation with
                the config MBEDTLS_HARDWARE_AES enabled will result in calculation of an
                AES-GCM operation instead for the given input values and thus could lead
                to failure in certificate validation which would ultimately lead to a SSL
                handshake failure.

                This config being by-default enabled leads to an increase in binary size
                footprint of ~2.5KB.
                In case you are sure that your use case (for example, client and server
                settings in case of a TLS handshake) would not involve any GCM
                operations using a non-AES cipher, you can safely disable this config,
                leading to reduction in binary size footprint.

        config MBEDTLS_AES_USE_INTERRUPT
            bool "Use interrupt for long AES operations"
            depends on !IDF_TARGET_ESP32 && MBEDTLS_HARDWARE_AES
            default y
            help
                Use an interrupt to coordinate long AES operations.

                This allows other code to run on the CPU while an AES operation is pending.
                Otherwise the CPU busy-waits.

        config MBEDTLS_AES_INTERRUPT_LEVEL
            int "AES hardware interrupt level"
            default 0
            depends on MBEDTLS_AES_USE_INTERRUPT
            range 0 3
            help
                This config helps to set the interrupt priority level for the AES peripheral.
                Value 0 (default) means that there is no preference regarding the interrupt
                priority level and any level from 1 to 3 can be selected (based on the availability).
                Note: Higher value indicates high interrupt priority.

        config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
            bool "Enable AES hardware's pseudo round function"
            default n
            depends on SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION && MBEDTLS_HARDWARE_AES
            help
                Enables the pseudo round function of the AES peripheral.
                Enabling this would impact the performance of the AES operations.
                For more info regarding the performance impact, please checkout
                the pseudo round function section of the security guide.

        choice MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH
            prompt "Strength of the pseudo rounds function"
            depends on MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
            default MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
            help
                The strength of the pseudo rounds functions can be configured to low, medium and high.
                You can configure the strength of the pseudo rounds functions according to your use cases,
                for example, increasing the strength would provide higher security but would slow down the
                hardware AES encryption/decryption operations.

            config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
                bool "Low"

            config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
                bool "Medium"

            config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_HIGH
                bool "High"
        endchoice

        config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH
            int
            default 1 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
            default 2 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
            default 3 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_HIGH

        config MBEDTLS_AES_HW_SMALL_DATA_LEN_OPTIM
            bool "Enable performance optimisation for the small data length hardware AES operations"
            depends on MBEDTLS_HARDWARE_AES && SOC_AES_SUPPORT_DMA
            default y
            help
                This option enables dynamically switching between the hardware
                AES peripheral's block and DMA modes based on the length of the input data,
                thus, significantly speeding up the AES operations with shorter data lengths.
                For example, NVS encryption/decryption operations, TLS communication, etc.
                with smaller data lengths.

                It is enabled by default due to the significant performance impact but note that
                it also increases the binary size by ~1.2 KB as it pulls in the peripheral's block
                mode code as well.

        config MBEDTLS_PK_RSA_ALT_SUPPORT
            bool "Enable RSA alt support"
            default y
            help
                Support external private RSA keys (eg from a HSM) int the PK layer.

        config MBEDTLS_ATCA_HW_ECDSA_SIGN
            bool "Enable hardware ECDSA sign acceleration when using ATECC608A"
            default n
            help
                This option enables hardware acceleration for ECDSA sign function, only
                when using ATECC608A cryptoauth chip.

        config MBEDTLS_ATCA_HW_ECDSA_VERIFY
            bool "Enable hardware ECDSA verify acceleration when using ATECC608A"
            default n
            help
                This option enables hardware acceleration for ECDSA sign function, only
                when using ATECC608A cryptoauth chip.
    endmenu

    menu "Entropy and Random Number Generation"
        config MBEDTLS_ENTROPY_C
            bool "Enable entropy support"
            default y
            depends on MBEDTLS_SHA256_C || MBEDTLS_SHA512_C
            help
                Enable support for entropy sources and provides a generic
                entropy pool.

        config MBEDTLS_ENTROPY_FORCE_SHA256
            bool "Force SHA-256 for entropy"
            default n
            depends on MBEDTLS_SHA256_C
            help
                Force SHA-256 to be used for the entropy pool if both SHA-256 and SHA-512 are
                enabled. On 32-bit architectures, SHA-256 can be faster than SHA-512

        config MBEDTLS_CTR_DRBG_C
            bool "Enable CTR_DRBG"
            default y
            depends on MBEDTLS_AES_C
            help
                Enable CTR_DRBG (CTR mode Deterministic Random Bit Generator).
                The CTR_DRBG generator uses AES-256 by default.

        config MBEDTLS_HMAC_DRBG_C
            bool "Enable HMAC_DRBG"
            default y
            depends on MBEDTLS_MD_C
            help
                Enable HMAC_DRBG (HMAC mode Deterministic Random Bit Generator).
    endmenu

    menu "Encoding/Decoding"
        config MBEDTLS_BASE64_C
            bool "Enable Base64 encoding/decoding"
            default y
            help
                Enable Base64 encoding and decoding functions. This is required for PEM support.

        config MBEDTLS_PKCS5_C
            bool "Enable PKCS#5 functions"
            default y
            select MBEDTLS_MD_C
            help
                Enable support for PKCS#5 functions.

        config MBEDTLS_PKCS7_C
            bool "Enable PKCS number 7"
            default y
            depends on MBEDTLS_ASN1_PARSE_C && MBEDTLS_OID_C && MBEDTLS_PK_PARSE_C && \
                MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_CRL_PARSE_C && MBEDTLS_BIGNUM_C && MBEDTLS_MD_C
            help
                Enable PKCS number 7 core for using PKCS number 7-formatted signatures.

        config MBEDTLS_PKCS12_C
            bool "Enable PKCS number 12"
            default y
            depends on MBEDTLS_ASN1_PARSE_C && (MBEDTLS_MD_C)
            help
                Enable PKCS number 12 core for using PKCS number 12-formatted signatures.
        config MBEDTLS_PKCS1_V15
            bool "Enable PKCS#1 v1.5 padding"
            default y
            depends on MBEDTLS_RSA_C
            help
                Enable support for PKCS#1 v1.5 operations.

        config MBEDTLS_PKCS1_V21
            bool "Enable PKCS#1 v2.1 padding"
            default y
            depends on MBEDTLS_RSA_C && MBEDTLS_MD_C
            help
                Enable support for PKCS#1 v2.1 operations.
    endmenu

    menu "Stream Cipher"
        config MBEDTLS_CHACHAPOLY_C
            bool "ChaCha20-Poly1305 AEAD algorithm"
            default n
            depends on MBEDTLS_CHACHA20_C && MBEDTLS_POLY1305_C
            help
                Enable support for ChaCha20-Poly1305 AEAD algorithm.

        config MBEDTLS_CHACHA20_C
            bool "Chacha20 stream cipher"
            default n
            help
                Enable support for Chacha20 stream cipher.
    endmenu

    config MBEDTLS_USE_CRYPTO_ROM_IMPL_BOOTLOADER
        bool "Use ROM implementation of the crypto algorithm in the bootloader"
        depends on ESP_ROM_HAS_MBEDTLS_CRYPTO_LIB
        default "n"
        select MBEDTLS_AES_C
        help
            Enable this flag to use mbedtls crypto algorithm from ROM instead of ESP-IDF
            in case of a bootloader build.
            Similar to the MBEDTLS_USE_CRYPTO_ROM_IMPL config but enables usage of the
            mbedtls crypto algorithm from ROM for the bootloader build.

    config MBEDTLS_USE_CRYPTO_ROM_IMPL
        bool "Use ROM implementation of the crypto algorithm"
        depends on ESP_ROM_HAS_MBEDTLS_CRYPTO_LIB
        default "n"
        select MBEDTLS_SHA512_C
        select MBEDTLS_AES_C
        select MBEDTLS_CCM_C
        select MBEDTLS_CMAC_C
        select MBEDTLS_ROM_MD5
        select MBEDTLS_HARDWARE_SHA
        select MBEDTLS_ECP_RESTARTABLE
        select MBEDTLS_THREADING_C
        help
            Enable this flag to use mbedtls crypto algorithm from ROM instead of ESP-IDF.

            This configuration option saves flash footprint in the application binary.
            Note that the version of mbedtls crypto algorithm library in ROM(ECO1~ECO3) is v2.16.12,
            and the version of mbedtls crypto algorithm library in ROM(ECO4) is v3.6.0.
            We have done the security analysis of the mbedtls revision in ROM (ECO1~ECO4)
            and ensured that affected symbols have been patched (removed). If in the future
            mbedtls revisions there are security issues that also affects the version in
            ROM (ECO1~ECO4) then we shall patch the relevant symbols. This would increase
            the flash footprint and hence care must be taken to keep some reserved space
            for the application binary in flash layout.
endmenu  # mbedTLS
