Simple interface for Mbed Cloud Client
Embed:
(wiki syntax)
Show/hide line numbers
mbedTLSConfig_FreeRTOS.h
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00007 * SPDX-License-Identifier: Apache-2.0 00008 * 00009 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00010 * not use this file except in compliance with the License. 00011 * You may obtain a copy of the License at 00012 * 00013 * http://www.apache.org/licenses/LICENSE-2.0 00014 * 00015 * Unless required by applicable law or agreed to in writing, software 00016 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00017 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00018 * See the License for the specific language governing permissions and 00019 * limitations under the License. 00020 * 00021 * This file is part of mbed TLS (https://tls.mbed.org) 00022 */ 00023 00024 /* 00025 * This set of compile-time options may be used to enable 00026 * or disable features selectively, and reduce the global 00027 * memory footprint. 00028 */ 00029 #ifndef KSDK_MBEDTLS_CONFIG_H 00030 #define KSDK_MBEDTLS_CONFIG_H 00031 00032 00033 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00034 #define _CRT_SECURE_NO_DEPRECATE 1 00035 #endif 00036 00037 /**************************** KSDK ********************************************/ 00038 00039 #include "fsl_device_registers.h" 00040 00041 /* Enable LTC use in library if there is LTC on chip. */ 00042 #if defined(FSL_FEATURE_SOC_LTC_COUNT) && (FSL_FEATURE_SOC_LTC_COUNT > 0) 00043 #include "fsl_ltc.h" 00044 00045 #define LTC_INSTANCE LTC0 /* LTC base register.*/ 00046 00047 #if defined(FSL_FEATURE_LTC_HAS_DES) && FSL_FEATURE_LTC_HAS_DES 00048 #define MBEDTLS_FREESCALE_LTC_DES /* Enable use of LTC DES.*/ 00049 #endif 00050 #define MBEDTLS_FREESCALE_LTC_AES /* Enable use of LTC AES.*/ 00051 #if defined(FSL_FEATURE_LTC_HAS_GCM) && FSL_FEATURE_LTC_HAS_GCM 00052 #define MBEDTLS_FREESCALE_LTC_AES_GCM /* Enable use of LTC AES GCM.*/ 00053 #endif 00054 #if defined(FSL_FEATURE_LTC_HAS_PKHA) && FSL_FEATURE_LTC_HAS_PKHA 00055 #define MBEDTLS_FREESCALE_LTC_PKHA /* Enable use of LTC PKHA.*/ 00056 #endif 00057 #endif 00058 00059 /* Enable MMCAU use in library if there is MMCAU on chip. */ 00060 #if defined(FSL_FEATURE_SOC_MMCAU_COUNT) && (FSL_FEATURE_SOC_MMCAU_COUNT > 0) 00061 #include "fsl_mmcau.h" 00062 00063 #define MBEDTLS_FREESCALE_MMCAU_MD5 /* Enable use of MMCAU MD5.*/ 00064 #define MBEDTLS_FREESCALE_MMCAU_SHA1 /* Enable use of MMCAU SHA1.*/ 00065 #define MBEDTLS_FREESCALE_MMCAU_SHA256 /* Enable use of MMCAU SHA256.*/ 00066 #define MBEDTLS_FREESCALE_MMCAU_DES /* Enable use of MMCAU DES, when LTC is disabled.*/ 00067 #define MBEDTLS_FREESCALE_MMCAU_AES /* Enable use of MMCAU AES, when LTC is disabled.*/ 00068 #endif 00069 00070 /* Define ALT MMCAU & LTC functions. Do not change it. */ 00071 #if defined(MBEDTLS_FREESCALE_MMCAU_DES) || defined(MBEDTLS_FREESCALE_LTC_DES) 00072 #define MBEDTLS_DES_SETKEY_ENC_ALT 00073 #define MBEDTLS_DES_SETKEY_DEC_ALT 00074 #define MBEDTLS_DES_CRYPT_ECB_ALT 00075 #define MBEDTLS_DES3_CRYPT_ECB_ALT 00076 #endif 00077 #if defined(MBEDTLS_FREESCALE_LTC_DES) 00078 #define MBEDTLS_DES_CRYPT_CBC_ALT 00079 #define MBEDTLS_DES3_CRYPT_CBC_ALT 00080 #endif 00081 #if defined(MBEDTLS_FREESCALE_LTC_AES) || defined(MBEDTLS_FREESCALE_MMCAU_AES) 00082 #define MBEDTLS_AES_SETKEY_ENC_ALT 00083 #define MBEDTLS_AES_SETKEY_DEC_ALT 00084 #define MBEDTLS_AES_ENCRYPT_ALT 00085 #define MBEDTLS_AES_DECRYPT_ALT 00086 #endif 00087 #if defined(MBEDTLS_FREESCALE_LTC_AES) 00088 #define MBEDTLS_AES_CRYPT_CBC_ALT 00089 #define MBEDTLS_AES_CRYPT_CTR_ALT 00090 #define MBEDTLS_CCM_CRYPT_ALT 00091 #endif 00092 #if defined(MBEDTLS_FREESCALE_LTC_AES_GCM) 00093 #define MBEDTLS_GCM_CRYPT_ALT 00094 #endif 00095 #if defined(MBEDTLS_FREESCALE_LTC_PKHA) 00096 #define MBEDTLS_MPI_ADD_ABS_ALT 00097 #define MBEDTLS_MPI_SUB_ABS_ALT 00098 #define MBEDTLS_MPI_MUL_MPI_ALT 00099 #define MBEDTLS_MPI_MOD_MPI_ALT 00100 #define MBEDTLS_MPI_EXP_MOD_ALT 00101 #define MBEDTLS_MPI_GCD_ALT 00102 #define MBEDTLS_MPI_INV_MOD_ALT 00103 #define MBEDTLS_MPI_IS_PRIME_ALT 00104 #define MBEDTLS_ECP_MUL_COMB_ALT 00105 #define MBEDTLS_ECP_ADD_ALT 00106 #endif 00107 #if defined(MBEDTLS_FREESCALE_MMCAU_MD5) 00108 #define MBEDTLS_MD5_PROCESS_ALT 00109 #endif 00110 #if defined(MBEDTLS_FREESCALE_MMCAU_SHA1) 00111 #define MBEDTLS_SHA1_PROCESS_ALT 00112 #endif 00113 #if defined(MBEDTLS_FREESCALE_MMCAU_SHA256) 00114 #define MBEDTLS_SHA256_PROCESS_ALT 00115 #endif 00116 /**************************** KSDK end ****************************************/ 00117 00118 /** 00119 * \name SECTION: System support 00120 * 00121 * This section sets system specific settings. 00122 * \{ 00123 */ 00124 #if 1 //Please set to 1 if you are using secure time 00125 /** 00126 * \def MBEDTLS_HAVE_ASM 00127 * 00128 * The compiler has support for asm(). 00129 * 00130 * Requires support for asm() in compiler. 00131 * 00132 * Used in: 00133 * library/timing.c 00134 * library/padlock.c 00135 * include/mbedtls/bn_mul.h 00136 * 00137 * Comment to disable the use of assembly code. 00138 */ 00139 #define MBEDTLS_HAVE_ASM 00140 00141 /** 00142 * \def MBEDTLS_HAVE_SSE2 00143 * 00144 * CPU supports SSE2 instruction set. 00145 * 00146 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00147 */ 00148 //#define MBEDTLS_HAVE_SSE2 00149 00150 /** 00151 * \def MBEDTLS_HAVE_TIME 00152 * 00153 * System has time.h and time(). 00154 * The time does not need to be correct, only time differences are used, 00155 * by contrast with MBEDTLS_HAVE_TIME_DATE 00156 * 00157 * Comment if your system does not support time functions 00158 */ 00159 #define MBEDTLS_HAVE_TIME 00160 00161 /** 00162 * \def MBEDTLS_HAVE_TIME_DATE 00163 * 00164 * System has time.h and time(), gmtime() and the clock is correct. 00165 * The time needs to be correct (not necesarily very accurate, but at least 00166 * the date should be correct). This is used to verify the validity period of 00167 * X.509 certificates. 00168 * 00169 * Comment if your system does not have a correct clock. 00170 */ 00171 #define MBEDTLS_HAVE_TIME_DATE 00172 #define MBEDTLS_PLATFORM_TIME_ALT 00173 #endif //0 00174 /** 00175 * \def MBEDTLS_PLATFORM_MEMORY 00176 * 00177 * Enable the memory allocation layer. 00178 * 00179 * By default mbed TLS uses the system-provided calloc() and free(). 00180 * This allows different allocators (self-implemented or provided) to be 00181 * provided to the platform abstraction layer. 00182 * 00183 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00184 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00185 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00186 * free() function pointer at runtime. 00187 * 00188 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00189 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00190 * alternate function at compile time. 00191 * 00192 * Requires: MBEDTLS_PLATFORM_C 00193 * 00194 * Enable this layer to allow use of alternative memory allocators. 00195 */ 00196 //#define MBEDTLS_PLATFORM_MEMORY 00197 00198 /** 00199 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00200 * 00201 * Do not assign standard functions in the platform layer (e.g. calloc() to 00202 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00203 * 00204 * This makes sure there are no linking errors on platforms that do not support 00205 * these functions. You will HAVE to provide alternatives, either at runtime 00206 * via the platform_set_xxx() functions or at compile time by setting 00207 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00208 * MBEDTLS_PLATFORM_XXX_MACRO. 00209 * 00210 * Requires: MBEDTLS_PLATFORM_C 00211 * 00212 * Uncomment to prevent default assignment of standard functions in the 00213 * platform layer. 00214 */ 00215 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00216 00217 /** 00218 * \def MBEDTLS_PLATFORM_XXX_ALT 00219 * 00220 * Uncomment a macro to let mbed TLS support the function in the platform 00221 * abstraction layer. 00222 * 00223 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00224 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00225 * alternative printf function pointer. 00226 * 00227 * All these define require MBEDTLS_PLATFORM_C to be defined! 00228 * 00229 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00230 * it will be enabled automatically by check_config.h 00231 * 00232 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00233 * MBEDTLS_PLATFORM_XXX_MACRO! 00234 * 00235 * Uncomment a macro to enable alternate implementation of specific base 00236 * platform function 00237 */ 00238 //#define MBEDTLS_PLATFORM_EXIT_ALT 00239 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00240 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00241 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00242 00243 /** 00244 * \def MBEDTLS_DEPRECATED_WARNING 00245 * 00246 * Mark deprecated functions so that they generate a warning if used. 00247 * Functions deprecated in one version will usually be removed in the next 00248 * version. You can enable this to help you prepare the transition to a new 00249 * major version by making sure your code is not using these functions. 00250 * 00251 * This only works with GCC and Clang. With other compilers, you may want to 00252 * use MBEDTLS_DEPRECATED_REMOVED 00253 * 00254 * Uncomment to get warnings on using deprecated functions. 00255 */ 00256 //#define MBEDTLS_DEPRECATED_WARNING 00257 00258 /** 00259 * \def MBEDTLS_DEPRECATED_REMOVED 00260 * 00261 * Remove deprecated functions so that they generate an error if used. 00262 * Functions deprecated in one version will usually be removed in the next 00263 * version. You can enable this to help you prepare the transition to a new 00264 * major version by making sure your code is not using these functions. 00265 * 00266 * Uncomment to get errors on using deprecated functions. 00267 */ 00268 //#define MBEDTLS_DEPRECATED_REMOVED 00269 00270 /* \} name SECTION: System support */ 00271 00272 /** 00273 * \name SECTION: mbed TLS feature support 00274 * 00275 * This section sets support for features that are or are not needed 00276 * within the modules that are enabled. 00277 * \{ 00278 */ 00279 00280 /** 00281 * \def MBEDTLS_TIMING_ALT 00282 * 00283 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00284 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00285 * 00286 * Only works if you have MBEDTLS_TIMING_C enabled. 00287 * 00288 * You will need to provide a header "timing_alt.h" and an implementation at 00289 * compile time. 00290 */ 00291 //#define MBEDTLS_TIMING_ALT 00292 00293 /** 00294 * \def MBEDTLS__MODULE_NAME__ALT 00295 * 00296 * Uncomment a macro to let mbed TLS use your alternate core implementation of 00297 * a symmetric crypto or hash module (e.g. platform specific assembly 00298 * optimized implementations). Keep in mind that the function prototypes 00299 * should remain the same. 00300 * 00301 * This replaces the whole module. If you only want to replace one of the 00302 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00303 * 00304 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00305 * provide the "struct mbedtls_aes_context" definition and omit the base function 00306 * declarations and implementations. "aes_alt.h" will be included from 00307 * "aes.h" to include the new function definitions. 00308 * 00309 * Uncomment a macro to enable alternate implementation of the corresponding 00310 * module. 00311 */ 00312 //#define MBEDTLS_AES_ALT 00313 //#define MBEDTLS_ARC4_ALT 00314 //#define MBEDTLS_BLOWFISH_ALT 00315 //#define MBEDTLS_CAMELLIA_ALT 00316 //#define MBEDTLS_DES_ALT 00317 //#define MBEDTLS_XTEA_ALT 00318 //#define MBEDTLS_MD2_ALT 00319 //#define MBEDTLS_MD4_ALT 00320 //#define MBEDTLS_MD5_ALT 00321 //#define MBEDTLS_RIPEMD160_ALT 00322 //#define MBEDTLS_SHA1_ALT 00323 //#define MBEDTLS_SHA256_ALT 00324 //#define MBEDTLS_SHA512_ALT 00325 00326 /** 00327 * \def MBEDTLS__FUNCTION_NAME__ALT 00328 * 00329 * Uncomment a macro to let mbed TLS use you alternate core implementation of 00330 * symmetric crypto or hash function. Keep in mind that function prototypes 00331 * should remain the same. 00332 * 00333 * This replaces only one function. The header file from mbed TLS is still 00334 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00335 * 00336 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00337 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00338 * the other function (using your mbedtls_sha1_process() function) and the definition 00339 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00340 * with this definition. 00341 * 00342 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set 00343 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00344 * tables. 00345 * 00346 * Uncomment a macro to enable alternate implementation of the corresponding 00347 * function. 00348 */ 00349 //#define MBEDTLS_MD2_PROCESS_ALT 00350 //#define MBEDTLS_MD4_PROCESS_ALT 00351 //#define MBEDTLS_MD5_PROCESS_ALT 00352 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00353 //#define MBEDTLS_SHA1_PROCESS_ALT 00354 //#define MBEDTLS_SHA256_PROCESS_ALT 00355 //#define MBEDTLS_SHA512_PROCESS_ALT 00356 //#define MBEDTLS_DES_SETKEY_ALT 00357 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00358 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00359 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00360 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00361 //#define MBEDTLS_AES_ENCRYPT_ALT 00362 //#define MBEDTLS_AES_DECRYPT_ALT 00363 00364 /** 00365 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00366 * 00367 * Uncomment this macro to let mbed TLS use your own implementation of a 00368 * hardware entropy collector. 00369 * 00370 * Your function must be called \c mbedtls_hardware_poll(), have the same 00371 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00372 * 00373 * Uncomment to use your own hardware entropy collector. 00374 */ 00375 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00376 00377 /** 00378 * \def MBEDTLS_AES_ROM_TABLES 00379 * 00380 * Store the AES tables in ROM. 00381 * 00382 * Uncomment this macro to store the AES tables in ROM. 00383 */ 00384 //#define MBEDTLS_AES_ROM_TABLES 00385 00386 /** 00387 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00388 * 00389 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00390 * 00391 * Uncomment this macro to use less memory for Camellia. 00392 */ 00393 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00394 00395 /** 00396 * \def MBEDTLS_CIPHER_MODE_CBC 00397 * 00398 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00399 */ 00400 #define MBEDTLS_CIPHER_MODE_CBC 00401 00402 /** 00403 * \def MBEDTLS_CIPHER_MODE_CFB 00404 * 00405 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00406 */ 00407 //#define MBEDTLS_CIPHER_MODE_CFB 00408 00409 /** 00410 * \def MBEDTLS_CIPHER_MODE_CTR 00411 * 00412 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00413 */ 00414 #define MBEDTLS_CIPHER_MODE_CTR 00415 00416 /** 00417 * \def MBEDTLS_CIPHER_NULL_CIPHER 00418 * 00419 * Enable NULL cipher. 00420 * Warning: Only do so when you know what you are doing. This allows for 00421 * encryption or channels without any security! 00422 * 00423 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00424 * the following ciphersuites: 00425 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00426 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00427 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00428 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00429 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00430 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00431 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00432 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00433 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00434 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00435 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00436 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00437 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00438 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00439 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00440 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00441 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00442 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00443 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00444 * 00445 * Uncomment this macro to enable the NULL cipher and ciphersuites 00446 */ 00447 //#define MBEDTLS_CIPHER_NULL_CIPHER 00448 00449 /** 00450 * \def MBEDTLS_CIPHER_PADDING_XXX 00451 * 00452 * Uncomment or comment macros to add support for specific padding modes 00453 * in the cipher layer with cipher modes that support padding (e.g. CBC) 00454 * 00455 * If you disable all padding modes, only full blocks can be used with CBC. 00456 * 00457 * Enable padding modes in the cipher layer. 00458 */ 00459 #define MBEDTLS_CIPHER_PADDING_PKCS7 00460 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00461 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00462 //#define MBEDTLS_CIPHER_PADDING_ZEROS 00463 00464 /** 00465 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00466 * 00467 * Enable weak ciphersuites in SSL / TLS. 00468 * Warning: Only do so when you know what you are doing. This allows for 00469 * channels with virtually no security at all! 00470 * 00471 * This enables the following ciphersuites: 00472 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00473 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00474 * 00475 * Uncomment this macro to enable weak ciphersuites 00476 */ 00477 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00478 00479 /** 00480 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00481 * 00482 * Remove RC4 ciphersuites by default in SSL / TLS. 00483 * This flag removes the ciphersuites based on RC4 from the default list as 00484 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00485 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00486 * explicitly. 00487 * 00488 * Uncomment this macro to remove RC4 ciphersuites by default. 00489 */ 00490 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00491 00492 /** 00493 * \def MBEDTLS_ECP_XXXX_ENABLED 00494 * 00495 * Enables specific curves within the Elliptic Curve module. 00496 * By default all supported curves are enabled. 00497 * 00498 * Comment macros to disable the curve and functions for it 00499 */ 00500 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00501 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00502 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00503 //#define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00504 //#ifndef MBEDTLS_FREESCALE_LTC_PKHA /* PKHA suports only <=512 */ 00505 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00506 //#endif 00507 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00508 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00509 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00510 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED 00511 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED 00512 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED 00513 //#define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00514 00515 /** 00516 * \def MBEDTLS_ECP_NIST_OPTIM 00517 * 00518 * Enable specific 'modulo p' routines for each NIST prime. 00519 * Depending on the prime and architecture, makes operations 4 to 8 times 00520 * faster on the corresponding curve. 00521 * 00522 * Comment this macro to disable NIST curves optimisation. 00523 */ 00524 #define MBEDTLS_ECP_NIST_OPTIM 00525 00526 /** 00527 * \def MBEDTLS_ECDSA_DETERMINISTIC 00528 * 00529 * Enable deterministic ECDSA (RFC 6979). 00530 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00531 * may result in a compromise of the long-term signing key. This is avoided by 00532 * the deterministic variant. 00533 * 00534 * Requires: MBEDTLS_HMAC_DRBG_C 00535 * 00536 * Comment this macro to disable deterministic ECDSA. 00537 */ 00538 #define MBEDTLS_ECDSA_DETERMINISTIC 00539 00540 /** 00541 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00542 * 00543 * Enable the PSK based ciphersuite modes in SSL / TLS. 00544 * 00545 * This enables the following ciphersuites (if other requisites are 00546 * enabled as well): 00547 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00548 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00549 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00550 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00551 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00552 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00553 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00554 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00555 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00556 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00557 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00558 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00559 */ 00560 //#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00561 00562 /** 00563 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00564 * 00565 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00566 * 00567 * Requires: MBEDTLS_DHM_C 00568 * 00569 * This enables the following ciphersuites (if other requisites are 00570 * enabled as well): 00571 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00572 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00573 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00574 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00575 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00576 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00577 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00578 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00579 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00580 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00581 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00582 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00583 */ 00584 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00585 00586 /** 00587 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00588 * 00589 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00590 * 00591 * Requires: MBEDTLS_ECDH_C 00592 * 00593 * This enables the following ciphersuites (if other requisites are 00594 * enabled as well): 00595 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00596 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00597 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00598 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00599 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00600 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00601 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00602 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00603 */ 00604 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00605 00606 /** 00607 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00608 * 00609 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00610 * 00611 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00612 * MBEDTLS_X509_CRT_PARSE_C 00613 * 00614 * This enables the following ciphersuites (if other requisites are 00615 * enabled as well): 00616 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00617 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00618 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00619 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00620 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00621 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00622 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00623 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00624 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00625 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00626 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00627 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00628 */ 00629 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00630 /** 00631 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00632 * 00633 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00634 * 00635 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00636 * MBEDTLS_X509_CRT_PARSE_C 00637 * 00638 * This enables the following ciphersuites (if other requisites are 00639 * enabled as well): 00640 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00641 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00642 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00643 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00644 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00645 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00646 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00647 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00648 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00649 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00650 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00651 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00652 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00653 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00654 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00655 */ 00656 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00657 00658 /** 00659 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00660 * 00661 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00662 * 00663 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00664 * MBEDTLS_X509_CRT_PARSE_C 00665 * 00666 * This enables the following ciphersuites (if other requisites are 00667 * enabled as well): 00668 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00669 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00670 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00671 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00672 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00673 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00674 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00675 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00676 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00677 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00678 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00679 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00680 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00681 */ 00682 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00683 00684 /** 00685 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00686 * 00687 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00688 * 00689 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00690 * MBEDTLS_X509_CRT_PARSE_C 00691 * 00692 * This enables the following ciphersuites (if other requisites are 00693 * enabled as well): 00694 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00695 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00696 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00697 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00698 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00699 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00700 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00701 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00702 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00703 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00704 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00705 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00706 */ 00707 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00708 00709 /** 00710 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00711 * 00712 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00713 * 00714 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00715 * 00716 * This enables the following ciphersuites (if other requisites are 00717 * enabled as well): 00718 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00719 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00720 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00721 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00722 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00723 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00724 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00725 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00726 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00727 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00728 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00729 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00730 */ 00731 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00732 /** 00733 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00734 * 00735 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00736 * 00737 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00738 * 00739 * This enables the following ciphersuites (if other requisites are 00740 * enabled as well): 00741 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00742 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00743 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00744 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00745 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00746 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00747 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00748 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00749 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00750 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00751 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00752 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00753 */ 00754 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00755 00756 /** 00757 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00758 * 00759 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00760 * 00761 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00762 * 00763 * This enables the following ciphersuites (if other requisites are 00764 * enabled as well): 00765 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00766 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00767 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00768 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00769 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00770 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00771 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00772 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00773 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00774 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00775 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00776 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00777 */ 00778 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00779 00780 /** 00781 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00782 * 00783 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00784 * RFC 5915 and RFC 5480. 00785 * 00786 * Currently this means parsing the SpecifiedECDomain choice of EC 00787 * parameters (only known groups are supported, not arbitrary domains, to 00788 * avoid validation issues). 00789 * 00790 * Disable if you only need to support RFC 5915 + 5480 key formats. 00791 */ 00792 //#define MBEDTLS_PK_PARSE_EC_EXTENDED 00793 00794 /** 00795 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00796 * 00797 * Enable a dummy error function to make use of mbedtls_strerror() in 00798 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00799 * (no effect when MBEDTLS_ERROR_C is enabled). 00800 * 00801 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00802 * not using mbedtls_strerror() or error_strerror() in your application. 00803 * 00804 * Disable if you run into name conflicts and want to really remove the 00805 * mbedtls_strerror() 00806 */ 00807 //#define MBEDTLS_ERROR_STRERROR_DUMMY 00808 00809 /** 00810 * \def MBEDTLS_GENPRIME 00811 * 00812 * Enable the prime-number generation code. 00813 * 00814 * Requires: MBEDTLS_BIGNUM_C 00815 */ 00816 //#define MBEDTLS_GENPRIME 00817 00818 /** 00819 * \def MBEDTLS_FS_IO 00820 * 00821 * Enable functions that use the filesystem. 00822 */ 00823 //#define MBEDTLS_FS_IO 00824 00825 /** 00826 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00827 * 00828 * Do not add default entropy sources. These are the platform specific, 00829 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00830 * 00831 * This is useful to have more control over the added entropy sources in an 00832 * application. 00833 * 00834 * Uncomment this macro to prevent loading of default entropy functions. 00835 */ 00836 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00837 00838 /** 00839 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00840 * 00841 * Do not use built-in platform entropy functions. 00842 * This is useful if your platform does not support 00843 * standards like the /dev/urandom or Windows CryptoAPI. 00844 * 00845 * Uncomment this macro to disable the built-in platform entropy functions. 00846 */ 00847 #define MBEDTLS_NO_PLATFORM_ENTROPY 00848 00849 /** 00850 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00851 * 00852 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00853 * default SHA-512 based one (if both are available). 00854 * 00855 * Requires: MBEDTLS_SHA256_C 00856 * 00857 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00858 * if you have performance concerns. 00859 * 00860 * This option is only useful if both MBEDTLS_SHA256_C and 00861 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00862 */ 00863 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00864 00865 /** 00866 * \def MBEDTLS_MEMORY_DEBUG 00867 * 00868 * Enable debugging of buffer allocator memory issues. Automatically prints 00869 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00870 * function for 'debug output' of allocated memory. 00871 * 00872 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00873 * 00874 * Uncomment this macro to let the buffer allocator print out error messages. 00875 */ 00876 //#define MBEDTLS_MEMORY_DEBUG 00877 00878 /** 00879 * \def MBEDTLS_MEMORY_BACKTRACE 00880 * 00881 * Include backtrace information with each allocated block. 00882 * 00883 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00884 * GLIBC-compatible backtrace() an backtrace_symbols() support 00885 * 00886 * Uncomment this macro to include backtrace information 00887 */ 00888 //#define MBEDTLS_MEMORY_BACKTRACE 00889 00890 /** 00891 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00892 * 00893 * Support external private RSA keys (eg from a HSM) in the PK layer. 00894 * 00895 * Comment this macro to disable support for external private RSA keys. 00896 */ 00897 //#define MBEDTLS_PK_RSA_ALT_SUPPORT 00898 00899 /** 00900 * \def MBEDTLS_PKCS1_V15 00901 * 00902 * Enable support for PKCS#1 v1.5 encoding. 00903 * 00904 * Requires: MBEDTLS_RSA_C 00905 * 00906 * This enables support for PKCS#1 v1.5 operations. 00907 */ 00908 #define MBEDTLS_PKCS1_V15 00909 00910 /** 00911 * \def MBEDTLS_PKCS1_V21 00912 * 00913 * Enable support for PKCS#1 v2.1 encoding. 00914 * 00915 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 00916 * 00917 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00918 */ 00919 #define MBEDTLS_PKCS1_V21 00920 00921 /** 00922 * \def MBEDTLS_RSA_NO_CRT 00923 * 00924 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00925 * 00926 * Uncomment this macro to disable the use of CRT in RSA. 00927 * 00928 */ 00929 //#define MBEDTLS_RSA_NO_CRT 00930 00931 /** 00932 * \def MBEDTLS_SELF_TEST 00933 * 00934 * Enable the checkup functions (*_self_test). 00935 */ 00936 //#define MBEDTLS_SELF_TEST 00937 00938 /** 00939 * \def MBEDTLS_SHA256_SMALLER 00940 * 00941 * Enable an implementation of SHA-256 that has lower ROM footprint but also 00942 * lower performance. 00943 * 00944 * The default implementation is meant to be a reasonnable compromise between 00945 * performance and size. This version optimizes more aggressively for size at 00946 * the expense of performance. Eg on Cortex-M4 it reduces the size of 00947 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 00948 * 30%. 00949 * 00950 * Uncomment to enable the smaller implementation of SHA256. 00951 */ 00952 //#define MBEDTLS_SHA256_SMALLER 00953 00954 /** 00955 * \def MBEDTLS_SSL_AEAD_RANDOM_IV 00956 * 00957 * Generate a random IV rather than using the record sequence number as a 00958 * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). 00959 * 00960 * Using the sequence number is generally recommended. 00961 * 00962 * Uncomment this macro to always use random IVs with AEAD ciphersuites. 00963 */ 00964 //#define MBEDTLS_SSL_AEAD_RANDOM_IV 00965 00966 /** 00967 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 00968 * 00969 * Enable sending of alert messages in case of encountered errors as per RFC. 00970 * If you choose not to send the alert messages, mbed TLS can still communicate 00971 * with other servers, only debugging of failures is harder. 00972 * 00973 * The advantage of not sending alert messages, is that no information is given 00974 * about reasons for failures thus preventing adversaries of gaining intel. 00975 * 00976 * Enable sending of all alert messages 00977 */ 00978 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 00979 00980 /** 00981 * \def MBEDTLS_SSL_DEBUG_ALL 00982 * 00983 * Enable the debug messages in SSL module for all issues. 00984 * Debug messages have been disabled in some places to prevent timing 00985 * attacks due to (unbalanced) debugging function calls. 00986 * 00987 * If you need all error reporting you should enable this during debugging, 00988 * but remove this for production servers that should log as well. 00989 * 00990 * Uncomment this macro to report all debug messages on errors introducing 00991 * a timing side-channel. 00992 * 00993 */ 00994 //#define MBEDTLS_SSL_DEBUG_ALL 00995 00996 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 00997 * 00998 * Enable support for Encrypt-then-MAC, RFC 7366. 00999 * 01000 * This allows peers that both support it to use a more robust protection for 01001 * ciphersuites using CBC, providing deep resistance against timing attacks 01002 * on the padding or underlying cipher. 01003 * 01004 * This only affects CBC ciphersuites, and is useless if none is defined. 01005 * 01006 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01007 * MBEDTLS_SSL_PROTO_TLS1_1 or 01008 * MBEDTLS_SSL_PROTO_TLS1_2 01009 * 01010 * Comment this macro to disable support for Encrypt-then-MAC 01011 */ 01012 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 01013 01014 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01015 * 01016 * Enable support for Extended Master Secret, aka Session Hash 01017 * (draft-ietf-tls-session-hash-02). 01018 * 01019 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01020 * attacks, but it is recommended to always use it (even if you disable 01021 * renegotiation), since it actually fixes a more fundamental issue in the 01022 * original SSL/TLS design, and has implications beyond Triple Handshake. 01023 * 01024 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01025 * MBEDTLS_SSL_PROTO_TLS1_1 or 01026 * MBEDTLS_SSL_PROTO_TLS1_2 01027 * 01028 * Comment this macro to disable support for Extended Master Secret. 01029 */ 01030 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01031 01032 /** 01033 * \def MBEDTLS_SSL_FALLBACK_SCSV 01034 * 01035 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01036 * 01037 * For servers, it is recommended to always enable this, unless you support 01038 * only one version of TLS, or know for sure that none of your clients 01039 * implements a fallback strategy. 01040 * 01041 * For clients, you only need this if you're using a fallback strategy, which 01042 * is not recommended in the first place, unless you absolutely need it to 01043 * interoperate with buggy (version-intolerant) servers. 01044 * 01045 * Comment this macro to disable support for FALLBACK_SCSV 01046 */ 01047 //#define MBEDTLS_SSL_FALLBACK_SCSV 01048 01049 /** 01050 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01051 * 01052 * Enable hooking functions in SSL module for hardware acceleration of 01053 * individual records. 01054 * 01055 * Uncomment this macro to enable hooking functions. 01056 */ 01057 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01058 01059 /** 01060 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01061 * 01062 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01063 * 01064 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01065 * of interoperability issues compared to sending 0-length records. 01066 * 01067 * Comment this macro to disable 1/n-1 record splitting. 01068 */ 01069 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01070 01071 /** 01072 * \def MBEDTLS_SSL_RENEGOTIATION 01073 * 01074 * Disable support for TLS renegotiation. 01075 * 01076 * The two main uses of renegotiation are (1) refresh keys on long-lived 01077 * connections and (2) client authentication after the initial handshake. 01078 * If you don't need renegotiation, it's probably better to disable it, since 01079 * it has been associated with security issues in the past and is easy to 01080 * misuse/misunderstand. 01081 * 01082 * Comment this to disable support for renegotiation. 01083 */ 01084 #define MBEDTLS_SSL_RENEGOTIATION 01085 01086 /** 01087 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01088 * 01089 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01090 * SSL Server module (MBEDTLS_SSL_SRV_C). 01091 * 01092 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01093 */ 01094 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01095 01096 /** 01097 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01098 * 01099 * Pick the ciphersuite according to the client's preferences rather than ours 01100 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01101 * 01102 * Uncomment this macro to respect client's ciphersuite order 01103 */ 01104 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01105 01106 /** 01107 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01108 * 01109 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01110 * 01111 * Comment this macro to disable support for the max_fragment_length extension 01112 */ 01113 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01114 01115 /** 01116 * \def MBEDTLS_SSL_PROTO_SSL3 01117 * 01118 * Enable support for SSL 3.0. 01119 * 01120 * Requires: MBEDTLS_MD5_C 01121 * MBEDTLS_SHA1_C 01122 * 01123 * Comment this macro to disable support for SSL 3.0 01124 */ 01125 //#define MBEDTLS_SSL_PROTO_SSL3 01126 01127 /** 01128 * \def MBEDTLS_SSL_PROTO_TLS1 01129 * 01130 * Enable support for TLS 1.0. 01131 * 01132 * Requires: MBEDTLS_MD5_C 01133 * MBEDTLS_SHA1_C 01134 * 01135 * Comment this macro to disable support for TLS 1.0 01136 */ 01137 //#define MBEDTLS_SSL_PROTO_TLS1 01138 01139 /** 01140 * \def MBEDTLS_SSL_PROTO_TLS1_1 01141 * 01142 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01143 * 01144 * Requires: MBEDTLS_MD5_C 01145 * MBEDTLS_SHA1_C 01146 * 01147 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01148 */ 01149 //#define MBEDTLS_SSL_PROTO_TLS1_1 01150 01151 /** 01152 * \def MBEDTLS_SSL_PROTO_TLS1_2 01153 * 01154 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01155 * 01156 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01157 * (Depends on ciphersuites) 01158 * 01159 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01160 */ 01161 #define MBEDTLS_SSL_PROTO_TLS1_2 01162 01163 /** 01164 * \def MBEDTLS_SSL_PROTO_DTLS 01165 * 01166 * Enable support for DTLS (all available versions). 01167 * 01168 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01169 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01170 * 01171 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01172 * or MBEDTLS_SSL_PROTO_TLS1_2 01173 * 01174 * Comment this macro to disable support for DTLS 01175 */ 01176 #define MBEDTLS_SSL_PROTO_DTLS 01177 01178 /** 01179 * \def MBEDTLS_SSL_ALPN 01180 * 01181 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01182 * 01183 * Comment this macro to disable support for ALPN. 01184 */ 01185 #define MBEDTLS_SSL_ALPN 01186 01187 /** 01188 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01189 * 01190 * Enable support for the anti-replay mechanism in DTLS. 01191 * 01192 * Requires: MBEDTLS_SSL_TLS_C 01193 * MBEDTLS_SSL_PROTO_DTLS 01194 * 01195 * \warning Disabling this is often a security risk! 01196 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01197 * 01198 * Comment this to disable anti-replay in DTLS. 01199 */ 01200 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01201 01202 /** 01203 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01204 * 01205 * Enable support for HelloVerifyRequest on DTLS servers. 01206 * 01207 * This feature is highly recommended to prevent DTLS servers being used as 01208 * amplifiers in DoS attacks against other hosts. It should always be enabled 01209 * unless you know for sure amplification cannot be a problem in the 01210 * environment in which your server operates. 01211 * 01212 * \warning Disabling this can ba a security risk! (see above) 01213 * 01214 * Requires: MBEDTLS_SSL_PROTO_DTLS 01215 * 01216 * Comment this to disable support for HelloVerifyRequest. 01217 */ 01218 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01219 01220 /** 01221 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01222 * 01223 * Enable server-side support for clients that reconnect from the same port. 01224 * 01225 * Some clients unexpectedly close the connection and try to reconnect using the 01226 * same source port. This needs special support from the server to handle the 01227 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01228 * flag enables that support. 01229 * 01230 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01231 * 01232 * Comment this to disable support for clients reusing the source port. 01233 */ 01234 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01235 01236 /** 01237 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01238 * 01239 * Enable support for a limit of records with bad MAC. 01240 * 01241 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01242 * 01243 * Requires: MBEDTLS_SSL_PROTO_DTLS 01244 */ 01245 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01246 01247 /** 01248 * \def MBEDTLS_SSL_SESSION_TICKETS 01249 * 01250 * Enable support for RFC 5077 session tickets in SSL. 01251 * Client-side, provides full support for session tickets (maintainance of a 01252 * session store remains the responsibility of the application, though). 01253 * Server-side, you also need to provide callbacks for writing and parsing 01254 * tickets, including authenticated encryption and key management. Example 01255 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01256 * 01257 * Comment this macro to disable support for SSL session tickets 01258 */ 01259 #define MBEDTLS_SSL_SESSION_TICKETS 01260 01261 /** 01262 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01263 * 01264 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01265 * 01266 * Requires: MBEDTLS_X509_CRT_PARSE_C 01267 * 01268 * Comment this macro to disable support for server name indication in SSL 01269 */ 01270 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 01271 /** 01272 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01273 * 01274 * Enable support for RFC 6066 truncated HMAC in SSL. 01275 * 01276 * Comment this macro to disable support for truncated HMAC in SSL 01277 */ 01278 //#define MBEDTLS_SSL_TRUNCATED_HMAC 01279 01280 /** 01281 * \def MBEDTLS_THREADING_ALT 01282 * 01283 * Provide your own alternate threading implementation. 01284 * 01285 * Requires: MBEDTLS_THREADING_C 01286 * 01287 * Uncomment this to allow your own alternate threading implementation. 01288 */ 01289 //#define MBEDTLS_THREADING_ALT 01290 01291 /** 01292 * \def MBEDTLS_THREADING_PTHREAD 01293 * 01294 * Enable the pthread wrapper layer for the threading layer. 01295 * 01296 * Requires: MBEDTLS_THREADING_C 01297 * 01298 * Uncomment this to enable pthread mutexes. 01299 */ 01300 //#define MBEDTLS_THREADING_PTHREAD 01301 01302 /** 01303 * \def MBEDTLS_VERSION_FEATURES 01304 * 01305 * Allow run-time checking of compile-time enabled features. Thus allowing users 01306 * to check at run-time if the library is for instance compiled with threading 01307 * support via mbedtls_version_check_feature(). 01308 * 01309 * Requires: MBEDTLS_VERSION_C 01310 * 01311 * Comment this to disable run-time checking and save ROM space 01312 */ 01313 //#define MBEDTLS_VERSION_FEATURES 01314 01315 /** 01316 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01317 * 01318 * If set, the X509 parser will not break-off when parsing an X509 certificate 01319 * and encountering an extension in a v1 or v2 certificate. 01320 * 01321 * Uncomment to prevent an error. 01322 */ 01323 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01324 01325 /** 01326 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01327 * 01328 * If set, the X509 parser will not break-off when parsing an X509 certificate 01329 * and encountering an unknown critical extension. 01330 * 01331 * Uncomment to prevent an error. 01332 */ 01333 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01334 01335 /** 01336 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01337 * 01338 * Enable verification of the keyUsage extension (CA and leaf certificates). 01339 * 01340 * Disabling this avoids problems with mis-issued and/or misused 01341 * (intermediate) CA and leaf certificates. 01342 * 01343 * \warning Depending on your PKI use, disabling this can be a security risk! 01344 * 01345 * Comment to skip keyUsage checking for both CA and leaf certificates. 01346 */ 01347 #define MBEDTLS_X509_CHECK_KEY_USAGE 01348 01349 /** 01350 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01351 * 01352 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01353 * 01354 * Disabling this avoids problems with mis-issued and/or misused certificates. 01355 * 01356 * \warning Depending on your PKI use, disabling this can be a security risk! 01357 * 01358 * Comment to skip extendedKeyUsage checking for certificates. 01359 */ 01360 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01361 01362 /** 01363 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01364 * 01365 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01366 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01367 * 01368 * Comment this macro to disallow using RSASSA-PSS in certificates. 01369 */ 01370 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01371 /** 01372 * \def MBEDTLS_ZLIB_SUPPORT 01373 * 01374 * If set, the SSL/TLS module uses ZLIB to support compression and 01375 * decompression of packet data. 01376 * 01377 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01378 * CRIME attack. Before enabling this option, you should examine with care if 01379 * CRIME or similar exploits may be a applicable to your use case. 01380 * 01381 * \note Currently compression can't be used with DTLS. 01382 * 01383 * Used in: library/ssl_tls.c 01384 * library/ssl_cli.c 01385 * library/ssl_srv.c 01386 * 01387 * This feature requires zlib library and headers to be present. 01388 * 01389 * Uncomment to enable use of ZLIB 01390 */ 01391 //#define MBEDTLS_ZLIB_SUPPORT 01392 /* \} name SECTION: mbed TLS feature support */ 01393 01394 /** 01395 * \name SECTION: mbed TLS modules 01396 * 01397 * This section enables or disables entire modules in mbed TLS 01398 * \{ 01399 */ 01400 01401 /** 01402 * \def MBEDTLS_AESNI_C 01403 * 01404 * Enable AES-NI support on x86-64. 01405 * 01406 * Module: library/aesni.c 01407 * Caller: library/aes.c 01408 * 01409 * Requires: MBEDTLS_HAVE_ASM 01410 * 01411 * This modules adds support for the AES-NI instructions on x86-64 01412 */ 01413 //#define MBEDTLS_AESNI_C 01414 01415 /** 01416 * \def MBEDTLS_AES_C 01417 * 01418 * Enable the AES block cipher. 01419 * 01420 * Module: library/aes.c 01421 * Caller: library/ssl_tls.c 01422 * library/pem.c 01423 * library/ctr_drbg.c 01424 * 01425 * This module enables the following ciphersuites (if other requisites are 01426 * enabled as well): 01427 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01428 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01429 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01430 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01431 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01432 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01433 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01434 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01435 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01436 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01437 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01438 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01439 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01440 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01441 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01442 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01443 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01444 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01445 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01446 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01447 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01448 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01449 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01450 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01451 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01452 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01453 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01454 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01455 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01456 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01457 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01458 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01459 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01460 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01461 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01462 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01463 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01464 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01465 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01466 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01467 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01468 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01469 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01470 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01471 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01472 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01473 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01474 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01475 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01476 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01477 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01478 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01479 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01480 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01481 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01482 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01483 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01484 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01485 * 01486 * PEM_PARSE uses AES for decrypting encrypted keys. 01487 */ 01488 #define MBEDTLS_AES_C 01489 01490 /** 01491 * \def MBEDTLS_ARC4_C 01492 * 01493 * Enable the ARCFOUR stream cipher. 01494 * 01495 * Module: library/arc4.c 01496 * Caller: library/ssl_tls.c 01497 * 01498 * This module enables the following ciphersuites (if other requisites are 01499 * enabled as well): 01500 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01501 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01502 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01503 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01504 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01505 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01506 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01507 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01508 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01509 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01510 */ 01511 //#define MBEDTLS_ARC4_C 01512 01513 /** 01514 * \def MBEDTLS_ASN1_PARSE_C 01515 * 01516 * Enable the generic ASN1 parser. 01517 * 01518 * Module: library/asn1.c 01519 * Caller: library/x509.c 01520 * library/dhm.c 01521 * library/pkcs12.c 01522 * library/pkcs5.c 01523 * library/pkparse.c 01524 */ 01525 #define MBEDTLS_ASN1_PARSE_C 01526 01527 /** 01528 * \def MBEDTLS_ASN1_WRITE_C 01529 * 01530 * Enable the generic ASN1 writer. 01531 * 01532 * Module: library/asn1write.c 01533 * Caller: library/ecdsa.c 01534 * library/pkwrite.c 01535 * library/x509_create.c 01536 * library/x509write_crt.c 01537 * library/mbedtls_x509write_csr.c 01538 */ 01539 #define MBEDTLS_ASN1_WRITE_C 01540 01541 /** 01542 * \def MBEDTLS_BASE64_C 01543 * 01544 * Enable the Base64 module. 01545 * 01546 * Module: library/base64.c 01547 * Caller: library/pem.c 01548 * 01549 * This module is required for PEM support (required by X.509). 01550 */ 01551 //#define MBEDTLS_BASE64_C 01552 01553 /** 01554 * \def MBEDTLS_BIGNUM_C 01555 * 01556 * Enable the multi-precision integer library. 01557 * 01558 * Module: library/bignum.c 01559 * Caller: library/dhm.c 01560 * library/ecp.c 01561 * library/ecdsa.c 01562 * library/rsa.c 01563 * library/ssl_tls.c 01564 * 01565 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01566 */ 01567 #define MBEDTLS_BIGNUM_C 01568 01569 /** 01570 * \def MBEDTLS_BLOWFISH_C 01571 * 01572 * Enable the Blowfish block cipher. 01573 * 01574 * Module: library/blowfish.c 01575 */ 01576 //#define MBEDTLS_BLOWFISH_C 01577 01578 /** 01579 * \def MBEDTLS_CAMELLIA_C 01580 * 01581 * Enable the Camellia block cipher. 01582 * 01583 * Module: library/camellia.c 01584 * Caller: library/ssl_tls.c 01585 * 01586 * This module enables the following ciphersuites (if other requisites are 01587 * enabled as well): 01588 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01589 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01590 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01591 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01592 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01593 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01594 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01595 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01596 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01597 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01598 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01599 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01600 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01601 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01602 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01603 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01604 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01605 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01606 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01607 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01608 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01609 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01610 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01611 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01612 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01613 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01614 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01615 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01616 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01617 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01618 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01619 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01620 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01621 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01622 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01623 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01624 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01625 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01626 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01627 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01628 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01629 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01630 */ 01631 //#define MBEDTLS_CAMELLIA_C 01632 01633 /** 01634 * \def MBEDTLS_CCM_C 01635 * 01636 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01637 * 01638 * Module: library/ccm.c 01639 * 01640 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01641 * 01642 * This module enables the AES-CCM ciphersuites, if other requisites are 01643 * enabled as well. 01644 */ 01645 #define MBEDTLS_CCM_C 01646 01647 /** 01648 * \def MBEDTLS_CERTS_C 01649 * 01650 * Enable the test certificates. 01651 * 01652 * Module: library/certs.c 01653 * Caller: 01654 * 01655 * This module is used for testing (ssl_client/server). 01656 */ 01657 //#define MBEDTLS_CERTS_C 01658 01659 /** 01660 * \def MBEDTLS_CIPHER_C 01661 * 01662 * Enable the generic cipher layer. 01663 * 01664 * Module: library/cipher.c 01665 * Caller: library/ssl_tls.c 01666 * 01667 * Uncomment to enable generic cipher wrappers. 01668 */ 01669 #define MBEDTLS_CIPHER_C 01670 01671 /** 01672 * \def MBEDTLS_CMAC_C 01673 * 01674 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block 01675 * ciphers. 01676 * 01677 * Module: library/cmac.c 01678 * 01679 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C 01680 * 01681 */ 01682 #define MBEDTLS_CMAC_C 01683 01684 /** 01685 * \def MBEDTLS_CTR_DRBG_C 01686 * 01687 * Enable the CTR_DRBG AES-256-based random generator. 01688 * 01689 * Module: library/ctr_drbg.c 01690 * Caller: 01691 * 01692 * Requires: MBEDTLS_AES_C 01693 * 01694 * This module provides the CTR_DRBG AES-256 random number generator. 01695 */ 01696 #define MBEDTLS_CTR_DRBG_C 01697 01698 /** 01699 * \def MBEDTLS_DEBUG_C 01700 * 01701 * Enable the debug functions. 01702 * 01703 * Module: library/debug.c 01704 * Caller: library/ssl_cli.c 01705 * library/ssl_srv.c 01706 * library/ssl_tls.c 01707 * 01708 * This module provides debugging functions. 01709 */ 01710 //#define MBEDTLS_DEBUG_C 01711 01712 /** 01713 * \def MBEDTLS_DES_C 01714 * 01715 * Enable the DES block cipher. 01716 * 01717 * Module: library/des.c 01718 * Caller: library/pem.c 01719 * library/ssl_tls.c 01720 * 01721 * This module enables the following ciphersuites (if other requisites are 01722 * enabled as well): 01723 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01724 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01725 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01726 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01727 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01728 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01729 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01730 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01731 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01732 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01733 * 01734 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01735 */ 01736 //#define MBEDTLS_DES_C 01737 01738 /** 01739 * \def MBEDTLS_DHM_C 01740 * 01741 * Enable the Diffie-Hellman-Merkle module. 01742 * 01743 * Module: library/dhm.c 01744 * Caller: library/ssl_cli.c 01745 * library/ssl_srv.c 01746 * 01747 * This module is used by the following key exchanges: 01748 * DHE-RSA, DHE-PSK 01749 */ 01750 //#define MBEDTLS_DHM_C 01751 01752 /** 01753 * \def MBEDTLS_ECDH_C 01754 * 01755 * Enable the elliptic curve Diffie-Hellman library. 01756 * 01757 * Module: library/ecdh.c 01758 * Caller: library/ssl_cli.c 01759 * library/ssl_srv.c 01760 * 01761 * This module is used by the following key exchanges: 01762 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01763 * 01764 * Requires: MBEDTLS_ECP_C 01765 */ 01766 #define MBEDTLS_ECDH_C 01767 01768 /** 01769 * \def MBEDTLS_ECDSA_C 01770 * 01771 * Enable the elliptic curve DSA library. 01772 * 01773 * Module: library/ecdsa.c 01774 * Caller: 01775 * 01776 * This module is used by the following key exchanges: 01777 * ECDHE-ECDSA 01778 * 01779 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01780 */ 01781 #define MBEDTLS_ECDSA_C 01782 01783 /** 01784 * \def MBEDTLS_ECP_C 01785 * 01786 * Enable the elliptic curve over GF(p) library. 01787 * 01788 * Module: library/ecp.c 01789 * Caller: library/ecdh.c 01790 * library/ecdsa.c 01791 * 01792 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01793 */ 01794 #define MBEDTLS_ECP_C 01795 01796 /** 01797 * \def MBEDTLS_ENTROPY_C 01798 * 01799 * Enable the platform-specific entropy code. 01800 * 01801 * Module: library/entropy.c 01802 * Caller: 01803 * 01804 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01805 * 01806 * This module provides a generic entropy pool 01807 */ 01808 #define MBEDTLS_ENTROPY_C 01809 01810 /** 01811 * \def MBEDTLS_ERROR_C 01812 * 01813 * Enable error code to error string conversion. 01814 * 01815 * Module: library/error.c 01816 * Caller: 01817 * 01818 * This module enables mbedtls_strerror(). 01819 */ 01820 //#define MBEDTLS_ERROR_C 01821 01822 /** 01823 * \def MBEDTLS_GCM_C 01824 * 01825 * Enable the Galois/Counter Mode (GCM) for AES. 01826 * 01827 * Module: library/gcm.c 01828 * 01829 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01830 * 01831 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01832 * requisites are enabled as well. 01833 */ 01834 #define MBEDTLS_GCM_C 01835 01836 /** 01837 * \def MBEDTLS_HAVEGE_C 01838 * 01839 * Enable the HAVEGE random generator. 01840 * 01841 * Warning: the HAVEGE random generator is not suitable for virtualized 01842 * environments 01843 * 01844 * Warning: the HAVEGE random generator is dependent on timing and specific 01845 * processor traits. It is therefore not advised to use HAVEGE as 01846 * your applications primary random generator or primary entropy pool 01847 * input. As a secondary input to your entropy pool, it IS able add 01848 * the (limited) extra entropy it provides. 01849 * 01850 * Module: library/havege.c 01851 * Caller: 01852 * 01853 * Requires: MBEDTLS_TIMING_C 01854 * 01855 * Uncomment to enable the HAVEGE random generator. 01856 */ 01857 //#define MBEDTLS_HAVEGE_C 01858 01859 /** 01860 * \def MBEDTLS_HMAC_DRBG_C 01861 * 01862 * Enable the HMAC_DRBG random generator. 01863 * 01864 * Module: library/hmac_drbg.c 01865 * Caller: 01866 * 01867 * Requires: MBEDTLS_MD_C 01868 * 01869 * Uncomment to enable the HMAC_DRBG random number geerator. 01870 */ 01871 #define MBEDTLS_HMAC_DRBG_C 01872 01873 /** 01874 * \def MBEDTLS_MD_C 01875 * 01876 * Enable the generic message digest layer. 01877 * 01878 * Module: library/mbedtls_md.c 01879 * Caller: 01880 * 01881 * Uncomment to enable generic message digest wrappers. 01882 */ 01883 #define MBEDTLS_MD_C 01884 01885 /** 01886 * \def MBEDTLS_MD2_C 01887 * 01888 * Enable the MD2 hash algorithm. 01889 * 01890 * Module: library/mbedtls_md2.c 01891 * Caller: 01892 * 01893 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01894 */ 01895 //#define MBEDTLS_MD2_C 01896 01897 /** 01898 * \def MBEDTLS_MD4_C 01899 * 01900 * Enable the MD4 hash algorithm. 01901 * 01902 * Module: library/mbedtls_md4.c 01903 * Caller: 01904 * 01905 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01906 */ 01907 //#define MBEDTLS_MD4_C 01908 01909 /** 01910 * \def MBEDTLS_MD5_C 01911 * 01912 * Enable the MD5 hash algorithm. 01913 * 01914 * Module: library/mbedtls_md5.c 01915 * Caller: library/mbedtls_md.c 01916 * library/pem.c 01917 * library/ssl_tls.c 01918 * 01919 * This module is required for SSL/TLS and X.509. 01920 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01921 */ 01922 //#define MBEDTLS_MD5_C 01923 01924 /** 01925 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 01926 * 01927 * Enable the buffer allocator implementation that makes use of a (stack) 01928 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 01929 * calls) 01930 * 01931 * Module: library/memory_buffer_alloc.c 01932 * 01933 * Requires: MBEDTLS_PLATFORM_C 01934 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 01935 * 01936 * Enable this module to enable the buffer memory allocator. 01937 */ 01938 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 01939 01940 /** 01941 * \def MBEDTLS_NET_C 01942 * 01943 * Enable the TCP/IP networking routines. 01944 * 01945 * Module: library/net.c 01946 * 01947 * This module provides TCP/IP networking routines. 01948 */ 01949 //#define MBEDTLS_NET_C 01950 01951 /** 01952 * \def MBEDTLS_OID_C 01953 * 01954 * Enable the OID database. 01955 * 01956 * Module: library/oid.c 01957 * Caller: library/asn1write.c 01958 * library/pkcs5.c 01959 * library/pkparse.c 01960 * library/pkwrite.c 01961 * library/rsa.c 01962 * library/x509.c 01963 * library/x509_create.c 01964 * library/mbedtls_x509_crl.c 01965 * library/mbedtls_x509_crt.c 01966 * library/mbedtls_x509_csr.c 01967 * library/x509write_crt.c 01968 * library/mbedtls_x509write_csr.c 01969 * 01970 * This modules translates between OIDs and internal values. 01971 */ 01972 #define MBEDTLS_OID_C 01973 01974 /** 01975 * \def MBEDTLS_PADLOCK_C 01976 * 01977 * Enable VIA Padlock support on x86. 01978 * 01979 * Module: library/padlock.c 01980 * Caller: library/aes.c 01981 * 01982 * Requires: MBEDTLS_HAVE_ASM 01983 * 01984 * This modules adds support for the VIA PadLock on x86. 01985 */ 01986 //#define MBEDTLS_PADLOCK_C 01987 01988 /** 01989 * \def MBEDTLS_PEM_PARSE_C 01990 * 01991 * Enable PEM decoding / parsing. 01992 * 01993 * Module: library/pem.c 01994 * Caller: library/dhm.c 01995 * library/pkparse.c 01996 * library/mbedtls_x509_crl.c 01997 * library/mbedtls_x509_crt.c 01998 * library/mbedtls_x509_csr.c 01999 * 02000 * Requires: MBEDTLS_BASE64_C 02001 * 02002 * This modules adds support for decoding / parsing PEM files. 02003 */ 02004 //#define MBEDTLS_PEM_PARSE_C 02005 02006 /** 02007 * \def MBEDTLS_PEM_WRITE_C 02008 * 02009 * Enable PEM encoding / writing. 02010 * 02011 * Module: library/pem.c 02012 * Caller: library/pkwrite.c 02013 * library/x509write_crt.c 02014 * library/mbedtls_x509write_csr.c 02015 * 02016 * Requires: MBEDTLS_BASE64_C 02017 * 02018 * This modules adds support for encoding / writing PEM files. 02019 */ 02020 //#define MBEDTLS_PEM_WRITE_C 02021 02022 /** 02023 * \def MBEDTLS_PK_C 02024 * 02025 * Enable the generic public (asymetric) key layer. 02026 * 02027 * Module: library/pk.c 02028 * Caller: library/ssl_tls.c 02029 * library/ssl_cli.c 02030 * library/ssl_srv.c 02031 * 02032 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02033 * 02034 * Uncomment to enable generic public key wrappers. 02035 */ 02036 #define MBEDTLS_PK_C 02037 02038 /** 02039 * \def MBEDTLS_PK_PARSE_C 02040 * 02041 * Enable the generic public (asymetric) key parser. 02042 * 02043 * Module: library/pkparse.c 02044 * Caller: library/mbedtls_x509_crt.c 02045 * library/mbedtls_x509_csr.c 02046 * 02047 * Requires: MBEDTLS_PK_C 02048 * 02049 * Uncomment to enable generic public key parse functions. 02050 */ 02051 #define MBEDTLS_PK_PARSE_C 02052 02053 /** 02054 * \def MBEDTLS_PK_WRITE_C 02055 * 02056 * Enable the generic public (asymetric) key writer. 02057 * 02058 * Module: library/pkwrite.c 02059 * Caller: library/x509write.c 02060 * 02061 * Requires: MBEDTLS_PK_C 02062 * 02063 * Uncomment to enable generic public key write functions. 02064 */ 02065 #define MBEDTLS_PK_WRITE_C 02066 02067 /** 02068 * \def MBEDTLS_PKCS5_C 02069 * 02070 * Enable PKCS#5 functions. 02071 * 02072 * Module: library/pkcs5.c 02073 * 02074 * Requires: MBEDTLS_MD_C 02075 * 02076 * This module adds support for the PKCS#5 functions. 02077 */ 02078 //#define MBEDTLS_PKCS5_C 02079 02080 /** 02081 * \def MBEDTLS_PKCS11_C 02082 * 02083 * Enable wrapper for PKCS#11 smartcard support. 02084 * 02085 * Module: library/pkcs11.c 02086 * Caller: library/pk.c 02087 * 02088 * Requires: MBEDTLS_PK_C 02089 * 02090 * This module enables SSL/TLS PKCS #11 smartcard support. 02091 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02092 */ 02093 //#define MBEDTLS_PKCS11_C 02094 02095 /** 02096 * \def MBEDTLS_PKCS12_C 02097 * 02098 * Enable PKCS#12 PBE functions. 02099 * Adds algorithms for parsing PKCS#8 encrypted private keys 02100 * 02101 * Module: library/pkcs12.c 02102 * Caller: library/pkparse.c 02103 * 02104 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02105 * Can use: MBEDTLS_ARC4_C 02106 * 02107 * This module enables PKCS#12 functions. 02108 */ 02109 //#define MBEDTLS_PKCS12_C 02110 02111 /** 02112 * \def MBEDTLS_PLATFORM_C 02113 * 02114 * Enable the platform abstraction layer that allows you to re-assign 02115 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02116 * 02117 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02118 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02119 * above to be specified at runtime or compile time respectively. 02120 * 02121 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02122 * as other module rely on it for a fixed snprintf implementation. 02123 * 02124 * Module: library/platform.c 02125 * Caller: Most other .c files 02126 * 02127 * This module enables abstraction of common (libc) functions. 02128 */ 02129 #define MBEDTLS_PLATFORM_C 02130 02131 /** 02132 * \def MBEDTLS_RIPEMD160_C 02133 * 02134 * Enable the RIPEMD-160 hash algorithm. 02135 * 02136 * Module: library/mbedtls_ripemd160.c 02137 * Caller: library/mbedtls_md.c 02138 * 02139 */ 02140 //#define MBEDTLS_RIPEMD160_C 02141 02142 /** 02143 * \def MBEDTLS_RSA_C 02144 * 02145 * Enable the RSA public-key cryptosystem. 02146 * 02147 * Module: library/rsa.c 02148 * Caller: library/ssl_cli.c 02149 * library/ssl_srv.c 02150 * library/ssl_tls.c 02151 * library/x509.c 02152 * 02153 * This module is used by the following key exchanges: 02154 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02155 * 02156 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02157 */ 02158 //#define MBEDTLS_RSA_C 02159 02160 /** 02161 * \def MBEDTLS_SHA1_C 02162 * 02163 * Enable the SHA1 cryptographic hash algorithm. 02164 * 02165 * Module: library/mbedtls_sha1.c 02166 * Caller: library/mbedtls_md.c 02167 * library/ssl_cli.c 02168 * library/ssl_srv.c 02169 * library/ssl_tls.c 02170 * library/x509write_crt.c 02171 * 02172 * This module is required for SSL/TLS and SHA1-signed certificates. 02173 */ 02174 //#define MBEDTLS_SHA1_C 02175 02176 /** 02177 * \def MBEDTLS_SHA256_C 02178 * 02179 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02180 * 02181 * Module: library/mbedtls_sha256.c 02182 * Caller: library/entropy.c 02183 * library/mbedtls_md.c 02184 * library/ssl_cli.c 02185 * library/ssl_srv.c 02186 * library/ssl_tls.c 02187 * 02188 * This module adds support for SHA-224 and SHA-256. 02189 * This module is required for the SSL/TLS 1.2 PRF function. 02190 */ 02191 #define MBEDTLS_SHA256_C 02192 02193 /** 02194 * \def MBEDTLS_SHA512_C 02195 * 02196 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02197 * 02198 * Module: library/mbedtls_sha512.c 02199 * Caller: library/entropy.c 02200 * library/mbedtls_md.c 02201 * library/ssl_cli.c 02202 * library/ssl_srv.c 02203 * 02204 * This module adds support for SHA-384 and SHA-512. 02205 */ 02206 //#define MBEDTLS_SHA512_C 02207 02208 /** 02209 * \def MBEDTLS_SSL_CACHE_C 02210 * 02211 * Enable simple SSL cache implementation. 02212 * 02213 * Module: library/ssl_cache.c 02214 * Caller: 02215 * 02216 * Requires: MBEDTLS_SSL_CACHE_C 02217 */ 02218 #define MBEDTLS_SSL_CACHE_C 02219 02220 /** 02221 * \def MBEDTLS_SSL_COOKIE_C 02222 * 02223 * Enable basic implementation of DTLS cookies for hello verification. 02224 * 02225 * Module: library/ssl_cookie.c 02226 * Caller: 02227 */ 02228 #define MBEDTLS_SSL_COOKIE_C 02229 02230 /** 02231 * \def MBEDTLS_SSL_TICKET_C 02232 * 02233 * Enable an implementation of TLS server-side callbacks for session tickets. 02234 * 02235 * Module: library/ssl_ticket.c 02236 * Caller: 02237 * 02238 * Requires: MBEDTLS_CIPHER_C 02239 */ 02240 #define MBEDTLS_SSL_TICKET_C 02241 02242 /** 02243 * \def MBEDTLS_SSL_CLI_C 02244 * 02245 * Enable the SSL/TLS client code. 02246 * 02247 * Module: library/ssl_cli.c 02248 * Caller: 02249 * 02250 * Requires: MBEDTLS_SSL_TLS_C 02251 * 02252 * This module is required for SSL/TLS client support. 02253 */ 02254 #define MBEDTLS_SSL_CLI_C 02255 02256 /** 02257 * \def MBEDTLS_SSL_SRV_C 02258 * 02259 * Enable the SSL/TLS server code. 02260 * 02261 * Module: library/ssl_srv.c 02262 * Caller: 02263 * 02264 * Requires: MBEDTLS_SSL_TLS_C 02265 * 02266 * This module is required for SSL/TLS server support. 02267 */ 02268 //#define MBEDTLS_SSL_SRV_C 02269 02270 /** 02271 * \def MBEDTLS_SSL_TLS_C 02272 * 02273 * Enable the generic SSL/TLS code. 02274 * 02275 * Module: library/ssl_tls.c 02276 * Caller: library/ssl_cli.c 02277 * library/ssl_srv.c 02278 * 02279 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02280 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02281 * 02282 * This module is required for SSL/TLS. 02283 */ 02284 #define MBEDTLS_SSL_TLS_C 02285 02286 /** 02287 * \def MBEDTLS_THREADING_C 02288 * 02289 * Enable the threading abstraction layer. 02290 * By default mbed TLS assumes it is used in a non-threaded environment or that 02291 * contexts are not shared between threads. If you do intend to use contexts 02292 * between threads, you will need to enable this layer to prevent race 02293 * conditions. 02294 * 02295 * Module: library/threading.c 02296 * 02297 * This allows different threading implementations (self-implemented or 02298 * provided). 02299 * 02300 * You will have to enable either MBEDTLS_THREADING_ALT or 02301 * MBEDTLS_THREADING_PTHREAD. 02302 * 02303 * Enable this layer to allow use of mutexes within mbed TLS 02304 */ 02305 //#define MBEDTLS_THREADING_C 02306 02307 /** 02308 * \def MBEDTLS_TIMING_C 02309 * 02310 * Enable the portable timing interface. 02311 * 02312 * Module: library/timing.c 02313 * Caller: library/havege.c 02314 * 02315 * This module is used by the HAVEGE random number generator. 02316 */ 02317 //#define MBEDTLS_TIMING_C 02318 02319 /** 02320 * \def MBEDTLS_VERSION_C 02321 * 02322 * Enable run-time version information. 02323 * 02324 * Module: library/version.c 02325 * 02326 * This module provides run-time version information. 02327 */ 02328 #define MBEDTLS_VERSION_C 02329 02330 /** 02331 * \def MBEDTLS_X509_USE_C 02332 * 02333 * Enable X.509 core for using certificates. 02334 * 02335 * Module: library/x509.c 02336 * Caller: library/mbedtls_x509_crl.c 02337 * library/mbedtls_x509_crt.c 02338 * library/mbedtls_x509_csr.c 02339 * 02340 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02341 * MBEDTLS_PK_PARSE_C 02342 * 02343 * This module is required for the X.509 parsing modules. 02344 */ 02345 #define MBEDTLS_X509_USE_C 02346 02347 /** 02348 * \def MBEDTLS_X509_CRT_PARSE_C 02349 * 02350 * Enable X.509 certificate parsing. 02351 * 02352 * Module: library/mbedtls_x509_crt.c 02353 * Caller: library/ssl_cli.c 02354 * library/ssl_srv.c 02355 * library/ssl_tls.c 02356 * 02357 * Requires: MBEDTLS_X509_USE_C 02358 * 02359 * This module is required for X.509 certificate parsing. 02360 */ 02361 02362 #define MBEDTLS_X509_CRT_PARSE_C 02363 02364 /** 02365 * \def MBEDTLS_X509_CRL_PARSE_C 02366 * 02367 * Enable X.509 CRL parsing. 02368 * 02369 * Module: library/mbedtls_x509_crl.c 02370 * Caller: library/mbedtls_x509_crt.c 02371 * 02372 * Requires: MBEDTLS_X509_USE_C 02373 * 02374 * This module is required for X.509 CRL parsing. 02375 */ 02376 #define MBEDTLS_X509_CRL_PARSE_C 02377 02378 /** 02379 * \def MBEDTLS_X509_CSR_PARSE_C 02380 * 02381 * Enable X.509 Certificate Signing Request (CSR) parsing. 02382 * 02383 * Module: library/mbedtls_x509_csr.c 02384 * Caller: library/x509_crt_write.c 02385 * 02386 * Requires: MBEDTLS_X509_USE_C 02387 * 02388 * This module is used for reading X.509 certificate request. 02389 */ 02390 #define MBEDTLS_X509_CSR_PARSE_C 02391 02392 /** 02393 * \def MBEDTLS_X509_CREATE_C 02394 * 02395 * Enable X.509 core for creating certificates. 02396 * 02397 * Module: library/x509_create.c 02398 * 02399 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02400 * 02401 * This module is the basis for creating X.509 certificates and CSRs. 02402 */ 02403 #define MBEDTLS_X509_CREATE_C 02404 02405 /** 02406 * \def MBEDTLS_X509_CRT_WRITE_C 02407 * 02408 * Enable creating X.509 certificates. 02409 * 02410 * Module: library/x509_crt_write.c 02411 * 02412 * Requires: MBEDTLS_X509_CREATE_C 02413 * 02414 * This module is required for X.509 certificate creation. 02415 */ 02416 //#define MBEDTLS_X509_CRT_WRITE_C 02417 02418 /** 02419 * \def MBEDTLS_X509_CSR_WRITE_C 02420 * 02421 * Enable creating X.509 Certificate Signing Requests (CSR). 02422 * 02423 * Module: library/x509_csr_write.c 02424 * 02425 * Requires: MBEDTLS_X509_CREATE_C 02426 * 02427 * This module is required for X.509 certificate request writing. 02428 */ 02429 #define MBEDTLS_X509_CSR_WRITE_C 02430 /** 02431 * \def MBEDTLS_XTEA_C 02432 * 02433 * Enable the XTEA block cipher. 02434 * 02435 * Module: library/xtea.c 02436 * Caller: 02437 */ 02438 //#define MBEDTLS_XTEA_C 02439 02440 /* \} name SECTION: mbed TLS modules */ 02441 02442 /** 02443 * \name SECTION: Module configuration options 02444 * 02445 * This section allows for the setting of module specific sizes and 02446 * configuration options. The default values are already present in the 02447 * relevant header files and should suffice for the regular use cases. 02448 * 02449 * Our advice is to enable options and change their values here 02450 * only if you have a good reason and know the consequences. 02451 * 02452 * Please check the respective header file for documentation on these 02453 * parameters (to prevent duplicate documentation). 02454 * \{ 02455 */ 02456 02457 /* MPI / BIGNUM options */ 02458 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02459 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02460 02461 /* CTR_DRBG options */ 02462 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02463 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02464 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02465 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02466 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02467 02468 /* HMAC_DRBG options */ 02469 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02470 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02471 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02472 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02473 02474 /* ECP options */ 02475 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02476 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02477 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02478 02479 /* Entropy options */ 02480 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02481 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02482 02483 /* Memory buffer allocator options */ 02484 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02485 02486 /* Platform options */ 02487 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02488 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02489 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02490 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02491 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02492 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02493 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02494 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02495 02496 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02497 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02498 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02499 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02500 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02501 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02502 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02503 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02504 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02505 02506 /* SSL Cache options */ 02507 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02508 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02509 02510 /* SSL options */ 02511 02512 #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096 02513 02514 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02515 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02516 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02517 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02518 02519 /** 02520 * Complete list of ciphersuites to use, in order of preference. 02521 * 02522 * \warning No dependency checking is done on that field! This option can only 02523 * be used to restrict the set of available ciphersuites. It is your 02524 * responsibility to make sure the needed modules are active. 02525 * 02526 * Use this to save a few hundred bytes of ROM (default ordering of all 02527 * available ciphersuites) and a few to a few hundred bytes of RAM. 02528 * 02529 * The value below is only an example, not the default. 02530 */ 02531 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, \ 02532 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \ 02533 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ 02534 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, \ 02535 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ 02536 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 02537 /* X509 options */ 02538 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02539 02540 /* \} name SECTION: Module configuration options */ 02541 02542 #if defined(TARGET_LIKE_MBED) 02543 #include "mbedtls/target_config.h" 02544 #endif 02545 02546 /* 02547 * Allow user to override any previous default. 02548 * 02549 * Use two macro names for that, as: 02550 * - with yotta the prefix YOTTA_CFG_ is forced 02551 * - without yotta is looks weird to have a YOTTA prefix. 02552 */ 02553 #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) 02554 #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE 02555 #elif defined(MBEDTLS_USER_CONFIG_FILE) 02556 #include MBEDTLS_USER_CONFIG_FILE 02557 #endif 02558 02559 #include "mbedtls/check_config.h" 02560 02561 #endif /* KSDK_MBEDTLS_CONFIG_H */
Generated on Tue Jul 12 2022 19:01:35 by 1.7.2