# Copyright (c) 2020 Nordic Semiconductor
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#

# The purpose of this file is to override and extend settings related to
# building Thread from sources. It extends the zephyrs openthread Kconfig file.
# Separate Kconfig exists in nrfxlib repository responsible solely for managing
# OpenThread precompiled libraries.

if NET_L2_OPENTHREAD

menu "OpenThread"

config NORDIC_SECURITY_PROMPTLESS
	bool
	default y if !CUSTOM_OPENTHREAD_SECURITY

choice OPENTHREAD_SECURITY
	depends on !OPENTHREAD_SECURITY_INTERNAL

config OPENTHREAD_NRF_SECURITY_PSA_CHOICE
	bool "nRF Security with PSA crypto enabled"
	select OPENTHREAD_NRF_SECURITY_PSA

config OPENTHREAD_NRF_SECURITY_CHOICE
	bool "[DEPRECATED] nRF Security"
	select DEPRECATED
	select OPENTHREAD_NRF_SECURITY

endchoice

config OPENTHREAD_NRF_SECURITY_PSA
	bool
	select NRF_SECURITY
	select MBEDTLS_ENABLE_HEAP if !OPENTHREAD_COPROCESSOR_RCP
	select MBEDTLS_TLS_LIBRARY if (OPENTHREAD_JOINER || OPENTHREAD_COMMISSIONER || OPENTHREAD_COAPS)
	select PSA_WANT_ALG_HKDF
	select PSA_WANT_ALG_CCM
	select PSA_WANT_ALG_CMAC
	select PSA_WANT_ALG_HMAC
	select PSA_WANT_ALG_ECB_NO_PADDING
	select PSA_WANT_ALG_SHA_224
	select PSA_WANT_ALG_SHA_256
	select PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
	select PSA_WANT_ALG_GCM if OPENTHREAD_BLE_TCAT
	select PSA_WANT_ALG_JPAKE  if (OPENTHREAD_JOINER || OPENTHREAD_COMMISSIONER)
	select PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS  if (OPENTHREAD_JOINER || OPENTHREAD_COMMISSIONER)
	select PSA_WANT_ALG_DETERMINISTIC_ECDSA if OPENTHREAD_ECDSA
	select PSA_WANT_ALG_ECDSA if OPENTHREAD_ECDSA
	select PSA_WANT_ALG_ECDH if OPENTHREAD_ECDSA
	select PSA_WANT_ECC_SECP_R1_256
	select PSA_WANT_GENERATE_RANDOM
	select PSA_WANT_KEY_TYPE_AES
	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE
	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
	imply OPENTHREAD_CRYPTO_PSA
	help
	  Enables nrf_security module for use by OpenThread with PSA Crypto enabled.
	  This allows OpenThread to make use of hardware accelerated cryptography
	  functions if available as well as fast oberon backend for software encryption.

config OPENTHREAD_NRF_SECURITY_PSA
	bool
	select MBEDTLS_PSA_CRYPTO_STORAGE_C
	select TRUSTED_STORAGE
	# TRUSTED_STORAGE requires Settings
	select SETTINGS
	select HW_UNIQUE_KEY_WRITE_ON_CRYPTO_INIT if SOC_NRF5340_CPUAPP
	depends on (!BUILD_WITH_TFM && !OPENTHREAD_COPROCESSOR_RCP)

if (OPENTHREAD_NRF_SECURITY_PSA && (BUILD_WITH_TFM || !SOC_NRF5340_CPUAPP))
# Temporarily use hash of UID as AEAD Key implementation for non nRF5340 and TFM builds
# until Hardware Unique Key provisioning (more secure) is implemented for all targets

choice TRUSTED_STORAGE_BACKEND_AEAD_KEY
	default TRUSTED_STORAGE_BACKEND_AEAD_KEY_HASH_UID

endchoice # TRUSTED_STORAGE_BACKEND_AEAD_KEY

endif # (OPENTHREAD_NRF_SECURITY_PSA && (BUILD_WITH_TFM || !SOC_NRF5340_CPUAPP))

config OPENTHREAD_NRF_SECURITY
	bool
	select DEPRECATED
	select MBEDTLS_AES_C
	select MBEDTLS_ENABLE_HEAP
	select MBEDTLS_CCM_C
	select MBEDTLS_CMAC_C
	select MBEDTLS_CTR_DRBG_C
	select MBEDTLS_ECDH_C if OPENTHREAD_ECDSA
	select MBEDTLS_ECDSA_C if OPENTHREAD_ECDSA
	select MBEDTLS_PK_C if OPENTHREAD_ECDSA
	select MBEDTLS_PK_WRITE_C if OPENTHREAD_ECDSA
	select MBEDTLS_ECJPAKE_C if (OPENTHREAD_JOINER || OPENTHREAD_COMMISSIONER)
	select MBEDTLS_ECP_C
	select MBEDTLS_ECP_DP_SECP256R1_ENABLED
	select MBEDTLS_HMAC_DRBG_C
	select MBEDTLS_TLS_LIBRARY if (OPENTHREAD_JOINER || OPENTHREAD_COMMISSIONER || OPENTHREAD_COAPS)
	select NORDIC_SECURITY_BACKEND
	select NRF_SECURITY_ADVANCED
	select OBERON_BACKEND if !CC3XX_BACKEND
	help
	  Enables nrf_security module for use by OpenThread. This allows
	  OpenThread to make use of hardware accelerated cryptography functions
	  if available as well as fast oberon backend for software encryption.

	  [DEPRECATED] use OPENTHREAD_NRF_SECURITY_PSA instead.

config OPENTHREAD_MBEDTLS_LIB_NAME
	default "mbedtls_external" if OPENTHREAD_NRF_SECURITY || OPENTHREAD_NRF_SECURITY_PSA

config OPENTHREAD_MBEDTLS_DEBUG
	bool "MbedTLS logs for OpenThread"
	select MBEDTLS
	select MBEDTLS_DEBUG
	select MBEDTLS_DEBUG_C

config OPENTHREAD_THREAD_STACK_SIZE
	int "OpenThread thread stack size"
	default 1224 if OPENTHREAD_COPROCESSOR_RCP
	default 6752 if (OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER) && PSA_CRYPTO_DRIVER_CRACEN
	default 6240 if (OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER)
	default 3168

config OPENTHREAD_RADIO_WORKQUEUE_STACK_SIZE
	int "OpenThread radio transmit workqueue stack size"
	default 512 if OPENTHREAD_COPROCESSOR_RCP
	default 1084 if SOC_NRF5340_CPUAPP
	default 1024

if OPENTHREAD_COPROCESSOR_RCP

config OPENTHREAD_COPROCESSOR_UART_RING_BUFFER_SIZE
	int "Set Co-Processor UART ring buffer size"
	default 2048
	help
	  TX buffer size for the OpenThread Co-Processor UART.

endif # OPENTHREAD_COPROCESSOR_RCP

choice TFM_PROFILE_TYPE
	default TFM_PROFILE_TYPE_NOT_SET
endchoice

endmenu # "OpenThread"

endif # NET_L2_OPENTHREAD
