diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index b76e29a4d9..34d5f79013 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -982,6 +982,16 @@ menu "mbedTLS" Disabling this option saves some code size. + config MBEDTLS_ECP_FIXED_POINT_OPTIM + bool "Enable fixed-point multiplication optimisations" + depends on MBEDTLS_ECP_C + default y + help + This configuration option enables optimizations to speedup (about 3 ~ 4 times) the ECP + fixed point multiplication using pre-computed tables in the flash memory. + Disabling this configuration option saves flash footprint (about 29KB if all Elliptic Curve selected) + in the application binary. + # end of Elliptic Curve options config MBEDTLS_POLY1305_C diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index 488063b172..b8d3be3798 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -488,6 +488,19 @@ #undef MBEDTLS_ECP_NIST_OPTIM #endif +/** + * \def MBEDTLS_ECP_FIXED_POINT_OPTIM + * + * Enable speed up fixed-point multiplication. + * + * Comment this macro to disable FIXED POINT curves optimisation. + */ +#ifdef CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 +#else +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 +#endif + /** * \def MBEDTLS_ECDSA_DETERMINISTIC * diff --git a/docs/en/api-guides/performance/size.rst b/docs/en/api-guides/performance/size.rst index 3ce0e71ee9..06094b67f4 100644 --- a/docs/en/api-guides/performance/size.rst +++ b/docs/en/api-guides/performance/size.rst @@ -502,6 +502,8 @@ These include: - :ref:`CONFIG_MBEDTLS_CCM_C` - :ref:`CONFIG_MBEDTLS_GCM_C` - :ref:`CONFIG_MBEDTLS_ECP_C` (Alternatively: Leave this option enabled but disable some of the elliptic curves listed in the sub-menu.) +- :ref:`CONFIG_MBEDTLS_ECP_NIST_OPTIM` +- :ref:`CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM` - Change :ref:`CONFIG_MBEDTLS_TLS_MODE` if both server & client functionalities are not needed - Consider disabling some cipher suites listed in the ``TLS Key Exchange Methods`` sub-menu (i.e. :ref:`CONFIG_MBEDTLS_KEY_EXCHANGE_RSA`) diff --git a/docs/zh_CN/api-guides/performance/size.rst b/docs/zh_CN/api-guides/performance/size.rst index c80f8841c8..738d4d8755 100644 --- a/docs/zh_CN/api-guides/performance/size.rst +++ b/docs/zh_CN/api-guides/performance/size.rst @@ -484,7 +484,7 @@ ESP-IDF 的 I/O 函数( ``printf()`` 和 ``scanf()`` 等)默认使用 Newlib .. _minimizing_binary_mbedtls: -mbedTLS 功能 +MbedTLS 功能 @@@@@@@@@@@@@@@@@@@@@ 在 **Component Config** > **mbedTLS** 下有多个默认启用的 mbedTLS 功能,如果不需要,可以禁用相应功能以减小代码大小。 @@ -502,6 +502,8 @@ mbedTLS 功能 - :ref:`CONFIG_MBEDTLS_CCM_C` - :ref:`CONFIG_MBEDTLS_GCM_C` - :ref:`CONFIG_MBEDTLS_ECP_C` (或者:启用此选项,但在子菜单中禁用部分椭圆曲线) +- :ref:`CONFIG_MBEDTLS_ECP_NIST_OPTIM` +- :ref:`CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM` - 如果不需要 mbedTLS 的服务器和客户端功能,可以修改 :ref:`CONFIG_MBEDTLS_TLS_MODE` - 可以考虑禁用在 ``TLS Key Exchange Methods`` 子菜单中列出的一些密码套件(例如 :ref:`CONFIG_MBEDTLS_KEY_EXCHANGE_RSA`),以减小代码大小。