Simple interface for Mbed Cloud Client
Embed:
(wiki syntax)
Show/hide line numbers
mbedTLSConfig_FreeRTOS_PSK.h
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00007 * SPDX-License-Identifier: Apache-2.0 00008 * 00009 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00010 * not use this file except in compliance with the License. 00011 * You may obtain a copy of the License at 00012 * 00013 * http://www.apache.org/licenses/LICENSE-2.0 00014 * 00015 * Unless required by applicable law or agreed to in writing, software 00016 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00017 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00018 * See the License for the specific language governing permissions and 00019 * limitations under the License. 00020 * 00021 * This file is part of mbed TLS (https://tls.mbed.org) 00022 */ 00023 00024 /* 00025 * This set of compile-time options may be used to enable 00026 * or disable features selectively, and reduce the global 00027 * memory footprint. 00028 */ 00029 #ifndef KSDK_MBEDTLS_CONFIG_H 00030 #define KSDK_MBEDTLS_CONFIG_H 00031 00032 #include "pal_configuration.h" 00033 00034 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00035 #define _CRT_SECURE_NO_DEPRECATE 1 00036 #endif 00037 00038 /**************************** KSDK ********************************************/ 00039 00040 #include "fsl_device_registers.h" 00041 00042 /* Enable LTC use in library if there is LTC on chip. */ 00043 #if defined(FSL_FEATURE_SOC_LTC_COUNT) && (FSL_FEATURE_SOC_LTC_COUNT > 0) 00044 #include "fsl_ltc.h" 00045 00046 #define LTC_INSTANCE LTC0 /* LTC base register.*/ 00047 00048 #if defined(FSL_FEATURE_LTC_HAS_DES) && FSL_FEATURE_LTC_HAS_DES 00049 #define MBEDTLS_FREESCALE_LTC_DES /* Enable use of LTC DES.*/ 00050 #endif 00051 #define MBEDTLS_FREESCALE_LTC_AES /* Enable use of LTC AES.*/ 00052 #if defined(FSL_FEATURE_LTC_HAS_GCM) && FSL_FEATURE_LTC_HAS_GCM 00053 #define MBEDTLS_FREESCALE_LTC_AES_GCM /* Enable use of LTC AES GCM.*/ 00054 #endif 00055 #if defined(FSL_FEATURE_LTC_HAS_PKHA) && FSL_FEATURE_LTC_HAS_PKHA 00056 #define MBEDTLS_FREESCALE_LTC_PKHA /* Enable use of LTC PKHA.*/ 00057 #endif 00058 #endif 00059 00060 /* Enable MMCAU use in library if there is MMCAU on chip. */ 00061 #if defined(FSL_FEATURE_SOC_MMCAU_COUNT) && (FSL_FEATURE_SOC_MMCAU_COUNT > 0) 00062 #include "fsl_mmcau.h" 00063 00064 #define MBEDTLS_FREESCALE_MMCAU_MD5 /* Enable use of MMCAU MD5.*/ 00065 #define MBEDTLS_FREESCALE_MMCAU_SHA1 /* Enable use of MMCAU SHA1.*/ 00066 #define MBEDTLS_FREESCALE_MMCAU_SHA256 /* Enable use of MMCAU SHA256.*/ 00067 #define MBEDTLS_FREESCALE_MMCAU_DES /* Enable use of MMCAU DES, when LTC is disabled.*/ 00068 #define MBEDTLS_FREESCALE_MMCAU_AES /* Enable use of MMCAU AES, when LTC is disabled.*/ 00069 #endif 00070 00071 /* Define ALT MMCAU & LTC functions. Do not change it. */ 00072 #if defined(MBEDTLS_FREESCALE_MMCAU_DES) || defined(MBEDTLS_FREESCALE_LTC_DES) 00073 #define MBEDTLS_DES_SETKEY_ENC_ALT 00074 #define MBEDTLS_DES_SETKEY_DEC_ALT 00075 #define MBEDTLS_DES_CRYPT_ECB_ALT 00076 #define MBEDTLS_DES3_CRYPT_ECB_ALT 00077 #endif 00078 #if defined(MBEDTLS_FREESCALE_LTC_DES) 00079 #define MBEDTLS_DES_CRYPT_CBC_ALT 00080 #define MBEDTLS_DES3_CRYPT_CBC_ALT 00081 #endif 00082 #if defined(MBEDTLS_FREESCALE_LTC_AES) || defined(MBEDTLS_FREESCALE_MMCAU_AES) 00083 #define MBEDTLS_AES_SETKEY_ENC_ALT 00084 #define MBEDTLS_AES_SETKEY_DEC_ALT 00085 #define MBEDTLS_AES_ENCRYPT_ALT 00086 #define MBEDTLS_AES_DECRYPT_ALT 00087 #endif 00088 #if defined(MBEDTLS_FREESCALE_LTC_AES) 00089 #define MBEDTLS_AES_CRYPT_CBC_ALT 00090 #define MBEDTLS_AES_CRYPT_CTR_ALT 00091 #define MBEDTLS_CCM_CRYPT_ALT 00092 #endif 00093 #if defined(MBEDTLS_FREESCALE_LTC_AES_GCM) 00094 #define MBEDTLS_GCM_CRYPT_ALT 00095 #endif 00096 #if defined(MBEDTLS_FREESCALE_LTC_PKHA) 00097 #define MBEDTLS_MPI_ADD_ABS_ALT 00098 #define MBEDTLS_MPI_SUB_ABS_ALT 00099 #define MBEDTLS_MPI_MUL_MPI_ALT 00100 #define MBEDTLS_MPI_MOD_MPI_ALT 00101 #define MBEDTLS_MPI_EXP_MOD_ALT 00102 #define MBEDTLS_MPI_GCD_ALT 00103 #define MBEDTLS_MPI_INV_MOD_ALT 00104 #define MBEDTLS_MPI_IS_PRIME_ALT 00105 #define MBEDTLS_ECP_MUL_COMB_ALT 00106 #define MBEDTLS_ECP_ADD_ALT 00107 #endif 00108 #if defined(MBEDTLS_FREESCALE_MMCAU_MD5) 00109 #define MBEDTLS_MD5_PROCESS_ALT 00110 #endif 00111 #if defined(MBEDTLS_FREESCALE_MMCAU_SHA1) 00112 #define MBEDTLS_SHA1_PROCESS_ALT 00113 #endif 00114 #if defined(MBEDTLS_FREESCALE_MMCAU_SHA256) 00115 #define MBEDTLS_SHA256_PROCESS_ALT 00116 #endif 00117 /**************************** KSDK end ****************************************/ 00118 00119 /** 00120 * \name SECTION: System support 00121 * 00122 * This section sets system specific settings. 00123 * \{ 00124 */ 00125 #if 1 //Please set to 1 if you are using secure time 00126 /** 00127 * \def MBEDTLS_HAVE_ASM 00128 * 00129 * The compiler has support for asm(). 00130 * 00131 * Requires support for asm() in compiler. 00132 * 00133 * Used in: 00134 * library/timing.c 00135 * library/padlock.c 00136 * include/mbedtls/bn_mul.h 00137 * 00138 * Comment to disable the use of assembly code. 00139 */ 00140 #define MBEDTLS_HAVE_ASM 00141 00142 /** 00143 * \def MBEDTLS_HAVE_SSE2 00144 * 00145 * CPU supports SSE2 instruction set. 00146 * 00147 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00148 */ 00149 //#define MBEDTLS_HAVE_SSE2 00150 00151 /** 00152 * \def MBEDTLS_HAVE_TIME 00153 * 00154 * System has time.h and time(). 00155 * The time does not need to be correct, only time differences are used, 00156 * by contrast with MBEDTLS_HAVE_TIME_DATE 00157 * 00158 * Comment if your system does not support time functions 00159 */ 00160 #define MBEDTLS_HAVE_TIME 00161 00162 /** 00163 * \def MBEDTLS_HAVE_TIME_DATE 00164 * 00165 * System has time.h and time(), gmtime() and the clock is correct. 00166 * The time needs to be correct (not necesarily very accurate, but at least 00167 * the date should be correct). This is used to verify the validity period of 00168 * X.509 certificates. 00169 * 00170 * Comment if your system does not have a correct clock. 00171 */ 00172 #define MBEDTLS_HAVE_TIME_DATE 00173 #define MBEDTLS_PLATFORM_TIME_ALT 00174 #endif //0 00175 /** 00176 * \def MBEDTLS_PLATFORM_MEMORY 00177 * 00178 * Enable the memory allocation layer. 00179 * 00180 * By default mbed TLS uses the system-provided calloc() and free(). 00181 * This allows different allocators (self-implemented or provided) to be 00182 * provided to the platform abstraction layer. 00183 * 00184 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00185 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00186 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00187 * free() function pointer at runtime. 00188 * 00189 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00190 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00191 * alternate function at compile time. 00192 * 00193 * Requires: MBEDTLS_PLATFORM_C 00194 * 00195 * Enable this layer to allow use of alternative memory allocators. 00196 */ 00197 //#define MBEDTLS_PLATFORM_MEMORY 00198 00199 /** 00200 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00201 * 00202 * Do not assign standard functions in the platform layer (e.g. calloc() to 00203 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00204 * 00205 * This makes sure there are no linking errors on platforms that do not support 00206 * these functions. You will HAVE to provide alternatives, either at runtime 00207 * via the platform_set_xxx() functions or at compile time by setting 00208 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00209 * MBEDTLS_PLATFORM_XXX_MACRO. 00210 * 00211 * Requires: MBEDTLS_PLATFORM_C 00212 * 00213 * Uncomment to prevent default assignment of standard functions in the 00214 * platform layer. 00215 */ 00216 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00217 00218 /** 00219 * \def MBEDTLS_PLATFORM_XXX_ALT 00220 * 00221 * Uncomment a macro to let mbed TLS support the function in the platform 00222 * abstraction layer. 00223 * 00224 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00225 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00226 * alternative printf function pointer. 00227 * 00228 * All these define require MBEDTLS_PLATFORM_C to be defined! 00229 * 00230 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00231 * it will be enabled automatically by check_config.h 00232 * 00233 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00234 * MBEDTLS_PLATFORM_XXX_MACRO! 00235 * 00236 * Uncomment a macro to enable alternate implementation of specific base 00237 * platform function 00238 */ 00239 //#define MBEDTLS_PLATFORM_EXIT_ALT 00240 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00241 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00242 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00243 00244 /** 00245 * \def MBEDTLS_DEPRECATED_WARNING 00246 * 00247 * Mark deprecated functions so that they generate a warning if used. 00248 * Functions deprecated in one version will usually be removed in the next 00249 * version. You can enable this to help you prepare the transition to a new 00250 * major version by making sure your code is not using these functions. 00251 * 00252 * This only works with GCC and Clang. With other compilers, you may want to 00253 * use MBEDTLS_DEPRECATED_REMOVED 00254 * 00255 * Uncomment to get warnings on using deprecated functions. 00256 */ 00257 //#define MBEDTLS_DEPRECATED_WARNING 00258 00259 /** 00260 * \def MBEDTLS_DEPRECATED_REMOVED 00261 * 00262 * Remove deprecated functions so that they generate an error if used. 00263 * Functions deprecated in one version will usually be removed in the next 00264 * version. You can enable this to help you prepare the transition to a new 00265 * major version by making sure your code is not using these functions. 00266 * 00267 * Uncomment to get errors on using deprecated functions. 00268 */ 00269 //#define MBEDTLS_DEPRECATED_REMOVED 00270 00271 /* \} name SECTION: System support */ 00272 00273 /** 00274 * \name SECTION: mbed TLS feature support 00275 * 00276 * This section sets support for features that are or are not needed 00277 * within the modules that are enabled. 00278 * \{ 00279 */ 00280 00281 /** 00282 * \def MBEDTLS_TIMING_ALT 00283 * 00284 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00285 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00286 * 00287 * Only works if you have MBEDTLS_TIMING_C enabled. 00288 * 00289 * You will need to provide a header "timing_alt.h" and an implementation at 00290 * compile time. 00291 */ 00292 //#define MBEDTLS_TIMING_ALT 00293 00294 /** 00295 * \def MBEDTLS__MODULE_NAME__ALT 00296 * 00297 * Uncomment a macro to let mbed TLS use your alternate core implementation of 00298 * a symmetric crypto or hash module (e.g. platform specific assembly 00299 * optimized implementations). Keep in mind that the function prototypes 00300 * should remain the same. 00301 * 00302 * This replaces the whole module. If you only want to replace one of the 00303 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00304 * 00305 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00306 * provide the "struct mbedtls_aes_context" definition and omit the base function 00307 * declarations and implementations. "aes_alt.h" will be included from 00308 * "aes.h" to include the new function definitions. 00309 * 00310 * Uncomment a macro to enable alternate implementation of the corresponding 00311 * module. 00312 */ 00313 //#define MBEDTLS_AES_ALT 00314 //#define MBEDTLS_ARC4_ALT 00315 //#define MBEDTLS_BLOWFISH_ALT 00316 //#define MBEDTLS_CAMELLIA_ALT 00317 //#define MBEDTLS_DES_ALT 00318 //#define MBEDTLS_XTEA_ALT 00319 //#define MBEDTLS_MD2_ALT 00320 //#define MBEDTLS_MD4_ALT 00321 //#define MBEDTLS_MD5_ALT 00322 //#define MBEDTLS_RIPEMD160_ALT 00323 //#define MBEDTLS_SHA1_ALT 00324 //#define MBEDTLS_SHA256_ALT 00325 //#define MBEDTLS_SHA512_ALT 00326 00327 /** 00328 * \def MBEDTLS__FUNCTION_NAME__ALT 00329 * 00330 * Uncomment a macro to let mbed TLS use you alternate core implementation of 00331 * symmetric crypto or hash function. Keep in mind that function prototypes 00332 * should remain the same. 00333 * 00334 * This replaces only one function. The header file from mbed TLS is still 00335 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00336 * 00337 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00338 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00339 * the other function (using your mbedtls_sha1_process() function) and the definition 00340 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00341 * with this definition. 00342 * 00343 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set 00344 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00345 * tables. 00346 * 00347 * Uncomment a macro to enable alternate implementation of the corresponding 00348 * function. 00349 */ 00350 //#define MBEDTLS_MD2_PROCESS_ALT 00351 //#define MBEDTLS_MD4_PROCESS_ALT 00352 //#define MBEDTLS_MD5_PROCESS_ALT 00353 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00354 //#define MBEDTLS_SHA1_PROCESS_ALT 00355 //#define MBEDTLS_SHA256_PROCESS_ALT 00356 //#define MBEDTLS_SHA512_PROCESS_ALT 00357 //#define MBEDTLS_DES_SETKEY_ALT 00358 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00359 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00360 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00361 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00362 //#define MBEDTLS_AES_ENCRYPT_ALT 00363 //#define MBEDTLS_AES_DECRYPT_ALT 00364 00365 /** 00366 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00367 * 00368 * Uncomment this macro to let mbed TLS use your own implementation of a 00369 * hardware entropy collector. 00370 * 00371 * Your function must be called \c mbedtls_hardware_poll(), have the same 00372 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00373 * 00374 * Uncomment to use your own hardware entropy collector. 00375 */ 00376 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00377 00378 /** 00379 * \def MBEDTLS_AES_ROM_TABLES 00380 * 00381 * Store the AES tables in ROM. 00382 * 00383 * Uncomment this macro to store the AES tables in ROM. 00384 */ 00385 //#define MBEDTLS_AES_ROM_TABLES 00386 00387 /** 00388 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00389 * 00390 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00391 * 00392 * Uncomment this macro to use less memory for Camellia. 00393 */ 00394 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00395 00396 /** 00397 * \def MBEDTLS_CIPHER_MODE_CBC 00398 * 00399 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00400 */ 00401 #define MBEDTLS_CIPHER_MODE_CBC 00402 00403 /** 00404 * \def MBEDTLS_CIPHER_MODE_CFB 00405 * 00406 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00407 */ 00408 //#define MBEDTLS_CIPHER_MODE_CFB 00409 00410 /** 00411 * \def MBEDTLS_CIPHER_MODE_CTR 00412 * 00413 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00414 */ 00415 #define MBEDTLS_CIPHER_MODE_CTR 00416 00417 /** 00418 * \def MBEDTLS_CIPHER_NULL_CIPHER 00419 * 00420 * Enable NULL cipher. 00421 * Warning: Only do so when you know what you are doing. This allows for 00422 * encryption or channels without any security! 00423 * 00424 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00425 * the following ciphersuites: 00426 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00427 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00428 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00429 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00430 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00431 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00432 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00433 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00434 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00435 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00436 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00437 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00438 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00439 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00440 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00441 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00442 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00443 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00444 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00445 * 00446 * Uncomment this macro to enable the NULL cipher and ciphersuites 00447 */ 00448 //#define MBEDTLS_CIPHER_NULL_CIPHER 00449 00450 /** 00451 * \def MBEDTLS_CIPHER_PADDING_XXX 00452 * 00453 * Uncomment or comment macros to add support for specific padding modes 00454 * in the cipher layer with cipher modes that support padding (e.g. CBC) 00455 * 00456 * If you disable all padding modes, only full blocks can be used with CBC. 00457 * 00458 * Enable padding modes in the cipher layer. 00459 */ 00460 #define MBEDTLS_CIPHER_PADDING_PKCS7 00461 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00462 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00463 //#define MBEDTLS_CIPHER_PADDING_ZEROS 00464 00465 /** 00466 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00467 * 00468 * Enable weak ciphersuites in SSL / TLS. 00469 * Warning: Only do so when you know what you are doing. This allows for 00470 * channels with virtually no security at all! 00471 * 00472 * This enables the following ciphersuites: 00473 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00474 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00475 * 00476 * Uncomment this macro to enable weak ciphersuites 00477 */ 00478 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00479 00480 /** 00481 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00482 * 00483 * Remove RC4 ciphersuites by default in SSL / TLS. 00484 * This flag removes the ciphersuites based on RC4 from the default list as 00485 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00486 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00487 * explicitly. 00488 * 00489 * Uncomment this macro to remove RC4 ciphersuites by default. 00490 */ 00491 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00492 00493 /** 00494 * \def MBEDTLS_ECP_XXXX_ENABLED 00495 * 00496 * Enables specific curves within the Elliptic Curve module. 00497 * By default all supported curves are enabled. 00498 * 00499 * Comment macros to disable the curve and functions for it 00500 */ 00501 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00502 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00503 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00504 //#define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00505 //#ifndef MBEDTLS_FREESCALE_LTC_PKHA /* PKHA suports only <=512 */ 00506 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00507 //#endif 00508 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00509 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00510 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00511 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED 00512 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED 00513 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED 00514 //#define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00515 00516 /** 00517 * \def MBEDTLS_ECP_NIST_OPTIM 00518 * 00519 * Enable specific 'modulo p' routines for each NIST prime. 00520 * Depending on the prime and architecture, makes operations 4 to 8 times 00521 * faster on the corresponding curve. 00522 * 00523 * Comment this macro to disable NIST curves optimisation. 00524 */ 00525 #define MBEDTLS_ECP_NIST_OPTIM 00526 00527 /** 00528 * \def MBEDTLS_ECDSA_DETERMINISTIC 00529 * 00530 * Enable deterministic ECDSA (RFC 6979). 00531 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00532 * may result in a compromise of the long-term signing key. This is avoided by 00533 * the deterministic variant. 00534 * 00535 * Requires: MBEDTLS_HMAC_DRBG_C 00536 * 00537 * Comment this macro to disable deterministic ECDSA. 00538 */ 00539 #define MBEDTLS_ECDSA_DETERMINISTIC 00540 00541 /** 00542 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00543 * 00544 * Enable the PSK based ciphersuite modes in SSL / TLS. 00545 * 00546 * This enables the following ciphersuites (if other requisites are 00547 * enabled as well): 00548 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00549 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00550 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00551 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00552 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00553 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00554 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00555 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00556 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00557 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00558 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00559 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00560 */ 00561 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00562 00563 /** 00564 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00565 * 00566 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00567 * 00568 * Requires: MBEDTLS_DHM_C 00569 * 00570 * This enables the following ciphersuites (if other requisites are 00571 * enabled as well): 00572 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00573 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00574 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00575 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00576 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00577 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00578 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00579 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00580 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00581 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00582 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00583 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00584 */ 00585 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00586 00587 /** 00588 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00589 * 00590 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00591 * 00592 * Requires: MBEDTLS_ECDH_C 00593 * 00594 * This enables the following ciphersuites (if other requisites are 00595 * enabled as well): 00596 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00597 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00598 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00599 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00600 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00601 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00602 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00603 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00604 */ 00605 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00606 00607 /** 00608 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00609 * 00610 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00611 * 00612 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00613 * MBEDTLS_X509_CRT_PARSE_C 00614 * 00615 * This enables the following ciphersuites (if other requisites are 00616 * enabled as well): 00617 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00618 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00619 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00620 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00621 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00622 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00623 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00624 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00625 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00626 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00627 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00628 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00629 */ 00630 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00631 /** 00632 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00633 * 00634 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00635 * 00636 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00637 * MBEDTLS_X509_CRT_PARSE_C 00638 * 00639 * This enables the following ciphersuites (if other requisites are 00640 * enabled as well): 00641 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00642 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00643 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00644 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00645 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00646 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00647 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00648 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00649 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00650 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00651 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00652 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00653 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00654 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00655 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00656 */ 00657 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00658 00659 /** 00660 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00661 * 00662 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00663 * 00664 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00665 * MBEDTLS_X509_CRT_PARSE_C 00666 * 00667 * This enables the following ciphersuites (if other requisites are 00668 * enabled as well): 00669 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00670 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00671 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00672 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00673 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00674 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00675 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00676 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00677 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00678 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00679 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00680 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00681 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00682 */ 00683 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00684 00685 /** 00686 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00687 * 00688 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00689 * 00690 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00691 * MBEDTLS_X509_CRT_PARSE_C 00692 * 00693 * This enables the following ciphersuites (if other requisites are 00694 * enabled as well): 00695 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00696 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00697 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00698 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00699 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00700 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00701 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00702 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00703 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00704 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00705 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00706 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00707 */ 00708 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00709 00710 /** 00711 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00712 * 00713 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00714 * 00715 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00716 * 00717 * This enables the following ciphersuites (if other requisites are 00718 * enabled as well): 00719 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00720 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00721 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00722 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00723 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00724 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00725 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00726 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00727 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00728 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00729 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00730 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00731 */ 00732 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00733 /** 00734 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00735 * 00736 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00737 * 00738 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00739 * 00740 * This enables the following ciphersuites (if other requisites are 00741 * enabled as well): 00742 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00743 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00744 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00745 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00746 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00747 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00748 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00749 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00750 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00751 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00752 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00753 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00754 */ 00755 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00756 00757 /** 00758 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00759 * 00760 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00761 * 00762 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00763 * 00764 * This enables the following ciphersuites (if other requisites are 00765 * enabled as well): 00766 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00767 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00768 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00769 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00770 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00771 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00772 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00773 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00774 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00775 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00776 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00777 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00778 */ 00779 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00780 00781 /** 00782 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00783 * 00784 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00785 * RFC 5915 and RFC 5480. 00786 * 00787 * Currently this means parsing the SpecifiedECDomain choice of EC 00788 * parameters (only known groups are supported, not arbitrary domains, to 00789 * avoid validation issues). 00790 * 00791 * Disable if you only need to support RFC 5915 + 5480 key formats. 00792 */ 00793 //#define MBEDTLS_PK_PARSE_EC_EXTENDED 00794 00795 /** 00796 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00797 * 00798 * Enable a dummy error function to make use of mbedtls_strerror() in 00799 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00800 * (no effect when MBEDTLS_ERROR_C is enabled). 00801 * 00802 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00803 * not using mbedtls_strerror() or error_strerror() in your application. 00804 * 00805 * Disable if you run into name conflicts and want to really remove the 00806 * mbedtls_strerror() 00807 */ 00808 //#define MBEDTLS_ERROR_STRERROR_DUMMY 00809 00810 /** 00811 * \def MBEDTLS_GENPRIME 00812 * 00813 * Enable the prime-number generation code. 00814 * 00815 * Requires: MBEDTLS_BIGNUM_C 00816 */ 00817 //#define MBEDTLS_GENPRIME 00818 00819 /** 00820 * \def MBEDTLS_FS_IO 00821 * 00822 * Enable functions that use the filesystem. 00823 */ 00824 //#define MBEDTLS_FS_IO 00825 00826 /** 00827 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00828 * 00829 * Do not add default entropy sources. These are the platform specific, 00830 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00831 * 00832 * This is useful to have more control over the added entropy sources in an 00833 * application. 00834 * 00835 * Uncomment this macro to prevent loading of default entropy functions. 00836 */ 00837 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00838 00839 /** 00840 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00841 * 00842 * Do not use built-in platform entropy functions. 00843 * This is useful if your platform does not support 00844 * standards like the /dev/urandom or Windows CryptoAPI. 00845 * 00846 * Uncomment this macro to disable the built-in platform entropy functions. 00847 */ 00848 #define MBEDTLS_NO_PLATFORM_ENTROPY 00849 00850 /** 00851 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00852 * 00853 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00854 * default SHA-512 based one (if both are available). 00855 * 00856 * Requires: MBEDTLS_SHA256_C 00857 * 00858 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00859 * if you have performance concerns. 00860 * 00861 * This option is only useful if both MBEDTLS_SHA256_C and 00862 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00863 */ 00864 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00865 00866 /** 00867 * \def MBEDTLS_MEMORY_DEBUG 00868 * 00869 * Enable debugging of buffer allocator memory issues. Automatically prints 00870 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00871 * function for 'debug output' of allocated memory. 00872 * 00873 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00874 * 00875 * Uncomment this macro to let the buffer allocator print out error messages. 00876 */ 00877 //#define MBEDTLS_MEMORY_DEBUG 00878 00879 /** 00880 * \def MBEDTLS_MEMORY_BACKTRACE 00881 * 00882 * Include backtrace information with each allocated block. 00883 * 00884 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00885 * GLIBC-compatible backtrace() an backtrace_symbols() support 00886 * 00887 * Uncomment this macro to include backtrace information 00888 */ 00889 //#define MBEDTLS_MEMORY_BACKTRACE 00890 00891 /** 00892 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00893 * 00894 * Support external private RSA keys (eg from a HSM) in the PK layer. 00895 * 00896 * Comment this macro to disable support for external private RSA keys. 00897 */ 00898 //#define MBEDTLS_PK_RSA_ALT_SUPPORT 00899 00900 /** 00901 * \def MBEDTLS_PKCS1_V15 00902 * 00903 * Enable support for PKCS#1 v1.5 encoding. 00904 * 00905 * Requires: MBEDTLS_RSA_C 00906 * 00907 * This enables support for PKCS#1 v1.5 operations. 00908 */ 00909 #define MBEDTLS_PKCS1_V15 00910 00911 /** 00912 * \def MBEDTLS_PKCS1_V21 00913 * 00914 * Enable support for PKCS#1 v2.1 encoding. 00915 * 00916 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 00917 * 00918 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00919 */ 00920 #define MBEDTLS_PKCS1_V21 00921 00922 /** 00923 * \def MBEDTLS_RSA_NO_CRT 00924 * 00925 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00926 * 00927 * Uncomment this macro to disable the use of CRT in RSA. 00928 * 00929 */ 00930 //#define MBEDTLS_RSA_NO_CRT 00931 00932 /** 00933 * \def MBEDTLS_SELF_TEST 00934 * 00935 * Enable the checkup functions (*_self_test). 00936 */ 00937 //#define MBEDTLS_SELF_TEST 00938 00939 /** 00940 * \def MBEDTLS_SHA256_SMALLER 00941 * 00942 * Enable an implementation of SHA-256 that has lower ROM footprint but also 00943 * lower performance. 00944 * 00945 * The default implementation is meant to be a reasonnable compromise between 00946 * performance and size. This version optimizes more aggressively for size at 00947 * the expense of performance. Eg on Cortex-M4 it reduces the size of 00948 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 00949 * 30%. 00950 * 00951 * Uncomment to enable the smaller implementation of SHA256. 00952 */ 00953 //#define MBEDTLS_SHA256_SMALLER 00954 00955 /** 00956 * \def MBEDTLS_SSL_AEAD_RANDOM_IV 00957 * 00958 * Generate a random IV rather than using the record sequence number as a 00959 * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). 00960 * 00961 * Using the sequence number is generally recommended. 00962 * 00963 * Uncomment this macro to always use random IVs with AEAD ciphersuites. 00964 */ 00965 //#define MBEDTLS_SSL_AEAD_RANDOM_IV 00966 00967 /** 00968 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 00969 * 00970 * Enable sending of alert messages in case of encountered errors as per RFC. 00971 * If you choose not to send the alert messages, mbed TLS can still communicate 00972 * with other servers, only debugging of failures is harder. 00973 * 00974 * The advantage of not sending alert messages, is that no information is given 00975 * about reasons for failures thus preventing adversaries of gaining intel. 00976 * 00977 * Enable sending of all alert messages 00978 */ 00979 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 00980 00981 /** 00982 * \def MBEDTLS_SSL_DEBUG_ALL 00983 * 00984 * Enable the debug messages in SSL module for all issues. 00985 * Debug messages have been disabled in some places to prevent timing 00986 * attacks due to (unbalanced) debugging function calls. 00987 * 00988 * If you need all error reporting you should enable this during debugging, 00989 * but remove this for production servers that should log as well. 00990 * 00991 * Uncomment this macro to report all debug messages on errors introducing 00992 * a timing side-channel. 00993 * 00994 */ 00995 //#define MBEDTLS_SSL_DEBUG_ALL 00996 00997 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 00998 * 00999 * Enable support for Encrypt-then-MAC, RFC 7366. 01000 * 01001 * This allows peers that both support it to use a more robust protection for 01002 * ciphersuites using CBC, providing deep resistance against timing attacks 01003 * on the padding or underlying cipher. 01004 * 01005 * This only affects CBC ciphersuites, and is useless if none is defined. 01006 * 01007 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01008 * MBEDTLS_SSL_PROTO_TLS1_1 or 01009 * MBEDTLS_SSL_PROTO_TLS1_2 01010 * 01011 * Comment this macro to disable support for Encrypt-then-MAC 01012 */ 01013 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 01014 01015 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01016 * 01017 * Enable support for Extended Master Secret, aka Session Hash 01018 * (draft-ietf-tls-session-hash-02). 01019 * 01020 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01021 * attacks, but it is recommended to always use it (even if you disable 01022 * renegotiation), since it actually fixes a more fundamental issue in the 01023 * original SSL/TLS design, and has implications beyond Triple Handshake. 01024 * 01025 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01026 * MBEDTLS_SSL_PROTO_TLS1_1 or 01027 * MBEDTLS_SSL_PROTO_TLS1_2 01028 * 01029 * Comment this macro to disable support for Extended Master Secret. 01030 */ 01031 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01032 01033 /** 01034 * \def MBEDTLS_SSL_FALLBACK_SCSV 01035 * 01036 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01037 * 01038 * For servers, it is recommended to always enable this, unless you support 01039 * only one version of TLS, or know for sure that none of your clients 01040 * implements a fallback strategy. 01041 * 01042 * For clients, you only need this if you're using a fallback strategy, which 01043 * is not recommended in the first place, unless you absolutely need it to 01044 * interoperate with buggy (version-intolerant) servers. 01045 * 01046 * Comment this macro to disable support for FALLBACK_SCSV 01047 */ 01048 //#define MBEDTLS_SSL_FALLBACK_SCSV 01049 01050 /** 01051 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01052 * 01053 * Enable hooking functions in SSL module for hardware acceleration of 01054 * individual records. 01055 * 01056 * Uncomment this macro to enable hooking functions. 01057 */ 01058 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01059 01060 /** 01061 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01062 * 01063 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01064 * 01065 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01066 * of interoperability issues compared to sending 0-length records. 01067 * 01068 * Comment this macro to disable 1/n-1 record splitting. 01069 */ 01070 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01071 01072 /** 01073 * \def MBEDTLS_SSL_RENEGOTIATION 01074 * 01075 * Disable support for TLS renegotiation. 01076 * 01077 * The two main uses of renegotiation are (1) refresh keys on long-lived 01078 * connections and (2) client authentication after the initial handshake. 01079 * If you don't need renegotiation, it's probably better to disable it, since 01080 * it has been associated with security issues in the past and is easy to 01081 * misuse/misunderstand. 01082 * 01083 * Comment this to disable support for renegotiation. 01084 */ 01085 #define MBEDTLS_SSL_RENEGOTIATION 01086 01087 /** 01088 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01089 * 01090 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01091 * SSL Server module (MBEDTLS_SSL_SRV_C). 01092 * 01093 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01094 */ 01095 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01096 01097 /** 01098 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01099 * 01100 * Pick the ciphersuite according to the client's preferences rather than ours 01101 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01102 * 01103 * Uncomment this macro to respect client's ciphersuite order 01104 */ 01105 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01106 01107 /** 01108 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01109 * 01110 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01111 * 01112 * Comment this macro to disable support for the max_fragment_length extension 01113 */ 01114 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01115 01116 /** 01117 * \def MBEDTLS_SSL_PROTO_SSL3 01118 * 01119 * Enable support for SSL 3.0. 01120 * 01121 * Requires: MBEDTLS_MD5_C 01122 * MBEDTLS_SHA1_C 01123 * 01124 * Comment this macro to disable support for SSL 3.0 01125 */ 01126 //#define MBEDTLS_SSL_PROTO_SSL3 01127 01128 /** 01129 * \def MBEDTLS_SSL_PROTO_TLS1 01130 * 01131 * Enable support for TLS 1.0. 01132 * 01133 * Requires: MBEDTLS_MD5_C 01134 * MBEDTLS_SHA1_C 01135 * 01136 * Comment this macro to disable support for TLS 1.0 01137 */ 01138 //#define MBEDTLS_SSL_PROTO_TLS1 01139 01140 /** 01141 * \def MBEDTLS_SSL_PROTO_TLS1_1 01142 * 01143 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01144 * 01145 * Requires: MBEDTLS_MD5_C 01146 * MBEDTLS_SHA1_C 01147 * 01148 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01149 */ 01150 //#define MBEDTLS_SSL_PROTO_TLS1_1 01151 01152 /** 01153 * \def MBEDTLS_SSL_PROTO_TLS1_2 01154 * 01155 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01156 * 01157 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01158 * (Depends on ciphersuites) 01159 * 01160 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01161 */ 01162 #define MBEDTLS_SSL_PROTO_TLS1_2 01163 01164 /** 01165 * \def MBEDTLS_SSL_PROTO_DTLS 01166 * 01167 * Enable support for DTLS (all available versions). 01168 * 01169 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01170 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01171 * 01172 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01173 * or MBEDTLS_SSL_PROTO_TLS1_2 01174 * 01175 * Comment this macro to disable support for DTLS 01176 */ 01177 #define MBEDTLS_SSL_PROTO_DTLS 01178 01179 /** 01180 * \def MBEDTLS_SSL_ALPN 01181 * 01182 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01183 * 01184 * Comment this macro to disable support for ALPN. 01185 */ 01186 #define MBEDTLS_SSL_ALPN 01187 01188 /** 01189 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01190 * 01191 * Enable support for the anti-replay mechanism in DTLS. 01192 * 01193 * Requires: MBEDTLS_SSL_TLS_C 01194 * MBEDTLS_SSL_PROTO_DTLS 01195 * 01196 * \warning Disabling this is often a security risk! 01197 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01198 * 01199 * Comment this to disable anti-replay in DTLS. 01200 */ 01201 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01202 01203 /** 01204 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01205 * 01206 * Enable support for HelloVerifyRequest on DTLS servers. 01207 * 01208 * This feature is highly recommended to prevent DTLS servers being used as 01209 * amplifiers in DoS attacks against other hosts. It should always be enabled 01210 * unless you know for sure amplification cannot be a problem in the 01211 * environment in which your server operates. 01212 * 01213 * \warning Disabling this can ba a security risk! (see above) 01214 * 01215 * Requires: MBEDTLS_SSL_PROTO_DTLS 01216 * 01217 * Comment this to disable support for HelloVerifyRequest. 01218 */ 01219 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01220 01221 /** 01222 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01223 * 01224 * Enable server-side support for clients that reconnect from the same port. 01225 * 01226 * Some clients unexpectedly close the connection and try to reconnect using the 01227 * same source port. This needs special support from the server to handle the 01228 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01229 * flag enables that support. 01230 * 01231 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01232 * 01233 * Comment this to disable support for clients reusing the source port. 01234 */ 01235 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01236 01237 /** 01238 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01239 * 01240 * Enable support for a limit of records with bad MAC. 01241 * 01242 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01243 * 01244 * Requires: MBEDTLS_SSL_PROTO_DTLS 01245 */ 01246 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01247 01248 /** 01249 * \def MBEDTLS_SSL_SESSION_TICKETS 01250 * 01251 * Enable support for RFC 5077 session tickets in SSL. 01252 * Client-side, provides full support for session tickets (maintainance of a 01253 * session store remains the responsibility of the application, though). 01254 * Server-side, you also need to provide callbacks for writing and parsing 01255 * tickets, including authenticated encryption and key management. Example 01256 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01257 * 01258 * Comment this macro to disable support for SSL session tickets 01259 */ 01260 #define MBEDTLS_SSL_SESSION_TICKETS 01261 01262 /** 01263 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01264 * 01265 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01266 * 01267 * Requires: MBEDTLS_X509_CRT_PARSE_C 01268 * 01269 * Comment this macro to disable support for server name indication in SSL 01270 */ 01271 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 01272 /** 01273 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01274 * 01275 * Enable support for RFC 6066 truncated HMAC in SSL. 01276 * 01277 * Comment this macro to disable support for truncated HMAC in SSL 01278 */ 01279 //#define MBEDTLS_SSL_TRUNCATED_HMAC 01280 01281 /** 01282 * \def MBEDTLS_THREADING_ALT 01283 * 01284 * Provide your own alternate threading implementation. 01285 * 01286 * Requires: MBEDTLS_THREADING_C 01287 * 01288 * Uncomment this to allow your own alternate threading implementation. 01289 */ 01290 //#define MBEDTLS_THREADING_ALT 01291 01292 /** 01293 * \def MBEDTLS_THREADING_PTHREAD 01294 * 01295 * Enable the pthread wrapper layer for the threading layer. 01296 * 01297 * Requires: MBEDTLS_THREADING_C 01298 * 01299 * Uncomment this to enable pthread mutexes. 01300 */ 01301 //#define MBEDTLS_THREADING_PTHREAD 01302 01303 /** 01304 * \def MBEDTLS_VERSION_FEATURES 01305 * 01306 * Allow run-time checking of compile-time enabled features. Thus allowing users 01307 * to check at run-time if the library is for instance compiled with threading 01308 * support via mbedtls_version_check_feature(). 01309 * 01310 * Requires: MBEDTLS_VERSION_C 01311 * 01312 * Comment this to disable run-time checking and save ROM space 01313 */ 01314 //#define MBEDTLS_VERSION_FEATURES 01315 01316 /** 01317 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01318 * 01319 * If set, the X509 parser will not break-off when parsing an X509 certificate 01320 * and encountering an extension in a v1 or v2 certificate. 01321 * 01322 * Uncomment to prevent an error. 01323 */ 01324 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01325 01326 /** 01327 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01328 * 01329 * If set, the X509 parser will not break-off when parsing an X509 certificate 01330 * and encountering an unknown critical extension. 01331 * 01332 * Uncomment to prevent an error. 01333 */ 01334 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01335 01336 /** 01337 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01338 * 01339 * Enable verification of the keyUsage extension (CA and leaf certificates). 01340 * 01341 * Disabling this avoids problems with mis-issued and/or misused 01342 * (intermediate) CA and leaf certificates. 01343 * 01344 * \warning Depending on your PKI use, disabling this can be a security risk! 01345 * 01346 * Comment to skip keyUsage checking for both CA and leaf certificates. 01347 */ 01348 #define MBEDTLS_X509_CHECK_KEY_USAGE 01349 01350 /** 01351 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01352 * 01353 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01354 * 01355 * Disabling this avoids problems with mis-issued and/or misused certificates. 01356 * 01357 * \warning Depending on your PKI use, disabling this can be a security risk! 01358 * 01359 * Comment to skip extendedKeyUsage checking for certificates. 01360 */ 01361 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01362 01363 /** 01364 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01365 * 01366 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01367 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01368 * 01369 * Comment this macro to disallow using RSASSA-PSS in certificates. 01370 */ 01371 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01372 /** 01373 * \def MBEDTLS_ZLIB_SUPPORT 01374 * 01375 * If set, the SSL/TLS module uses ZLIB to support compression and 01376 * decompression of packet data. 01377 * 01378 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01379 * CRIME attack. Before enabling this option, you should examine with care if 01380 * CRIME or similar exploits may be a applicable to your use case. 01381 * 01382 * \note Currently compression can't be used with DTLS. 01383 * 01384 * Used in: library/ssl_tls.c 01385 * library/ssl_cli.c 01386 * library/ssl_srv.c 01387 * 01388 * This feature requires zlib library and headers to be present. 01389 * 01390 * Uncomment to enable use of ZLIB 01391 */ 01392 //#define MBEDTLS_ZLIB_SUPPORT 01393 /* \} name SECTION: mbed TLS feature support */ 01394 01395 /** 01396 * \name SECTION: mbed TLS modules 01397 * 01398 * This section enables or disables entire modules in mbed TLS 01399 * \{ 01400 */ 01401 01402 /** 01403 * \def MBEDTLS_AESNI_C 01404 * 01405 * Enable AES-NI support on x86-64. 01406 * 01407 * Module: library/aesni.c 01408 * Caller: library/aes.c 01409 * 01410 * Requires: MBEDTLS_HAVE_ASM 01411 * 01412 * This modules adds support for the AES-NI instructions on x86-64 01413 */ 01414 //#define MBEDTLS_AESNI_C 01415 01416 /** 01417 * \def MBEDTLS_AES_C 01418 * 01419 * Enable the AES block cipher. 01420 * 01421 * Module: library/aes.c 01422 * Caller: library/ssl_tls.c 01423 * library/pem.c 01424 * library/ctr_drbg.c 01425 * 01426 * This module enables the following ciphersuites (if other requisites are 01427 * enabled as well): 01428 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01429 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01430 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01431 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01432 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01433 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01434 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01435 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01436 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01437 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01438 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01439 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01440 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01441 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01442 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01443 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01444 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01445 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01446 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01447 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01448 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01449 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01450 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01451 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01452 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01453 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01454 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01455 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01456 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01457 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01458 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01459 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01460 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01461 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01462 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01463 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01464 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01465 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01466 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01467 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01468 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01469 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01470 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01471 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01472 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01473 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01474 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01475 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01476 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01477 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01478 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01479 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01480 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01481 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01482 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01483 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01484 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01485 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01486 * 01487 * PEM_PARSE uses AES for decrypting encrypted keys. 01488 */ 01489 #define MBEDTLS_AES_C 01490 01491 /** 01492 * \def MBEDTLS_ARC4_C 01493 * 01494 * Enable the ARCFOUR stream cipher. 01495 * 01496 * Module: library/arc4.c 01497 * Caller: library/ssl_tls.c 01498 * 01499 * This module enables the following ciphersuites (if other requisites are 01500 * enabled as well): 01501 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01502 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01503 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01504 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01505 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01506 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01507 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01508 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01509 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01510 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01511 */ 01512 //#define MBEDTLS_ARC4_C 01513 01514 /** 01515 * \def MBEDTLS_ASN1_PARSE_C 01516 * 01517 * Enable the generic ASN1 parser. 01518 * 01519 * Module: library/asn1.c 01520 * Caller: library/x509.c 01521 * library/dhm.c 01522 * library/pkcs12.c 01523 * library/pkcs5.c 01524 * library/pkparse.c 01525 */ 01526 #define MBEDTLS_ASN1_PARSE_C 01527 01528 /** 01529 * \def MBEDTLS_ASN1_WRITE_C 01530 * 01531 * Enable the generic ASN1 writer. 01532 * 01533 * Module: library/asn1write.c 01534 * Caller: library/ecdsa.c 01535 * library/pkwrite.c 01536 * library/x509_create.c 01537 * library/x509write_crt.c 01538 * library/mbedtls_x509write_csr.c 01539 */ 01540 #define MBEDTLS_ASN1_WRITE_C 01541 01542 /** 01543 * \def MBEDTLS_BASE64_C 01544 * 01545 * Enable the Base64 module. 01546 * 01547 * Module: library/base64.c 01548 * Caller: library/pem.c 01549 * 01550 * This module is required for PEM support (required by X.509). 01551 */ 01552 //#define MBEDTLS_BASE64_C 01553 01554 /** 01555 * \def MBEDTLS_BIGNUM_C 01556 * 01557 * Enable the multi-precision integer library. 01558 * 01559 * Module: library/bignum.c 01560 * Caller: library/dhm.c 01561 * library/ecp.c 01562 * library/ecdsa.c 01563 * library/rsa.c 01564 * library/ssl_tls.c 01565 * 01566 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01567 */ 01568 #define MBEDTLS_BIGNUM_C 01569 01570 /** 01571 * \def MBEDTLS_BLOWFISH_C 01572 * 01573 * Enable the Blowfish block cipher. 01574 * 01575 * Module: library/blowfish.c 01576 */ 01577 //#define MBEDTLS_BLOWFISH_C 01578 01579 /** 01580 * \def MBEDTLS_CAMELLIA_C 01581 * 01582 * Enable the Camellia block cipher. 01583 * 01584 * Module: library/camellia.c 01585 * Caller: library/ssl_tls.c 01586 * 01587 * This module enables the following ciphersuites (if other requisites are 01588 * enabled as well): 01589 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01590 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01591 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01592 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01593 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01594 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01595 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01596 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01597 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01598 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01599 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01600 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01601 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01602 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01603 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01604 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01605 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01606 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01607 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01608 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01609 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01610 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01611 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01612 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01613 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01614 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01615 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01616 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01617 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01618 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01619 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01620 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01621 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01622 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01623 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01624 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01625 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01626 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01627 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01628 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01629 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01630 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01631 */ 01632 //#define MBEDTLS_CAMELLIA_C 01633 01634 /** 01635 * \def MBEDTLS_CCM_C 01636 * 01637 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01638 * 01639 * Module: library/ccm.c 01640 * 01641 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01642 * 01643 * This module enables the AES-CCM ciphersuites, if other requisites are 01644 * enabled as well. 01645 */ 01646 #define MBEDTLS_CCM_C 01647 01648 /** 01649 * \def MBEDTLS_CERTS_C 01650 * 01651 * Enable the test certificates. 01652 * 01653 * Module: library/certs.c 01654 * Caller: 01655 * 01656 * This module is used for testing (ssl_client/server). 01657 */ 01658 //#define MBEDTLS_CERTS_C 01659 01660 /** 01661 * \def MBEDTLS_CIPHER_C 01662 * 01663 * Enable the generic cipher layer. 01664 * 01665 * Module: library/cipher.c 01666 * Caller: library/ssl_tls.c 01667 * 01668 * Uncomment to enable generic cipher wrappers. 01669 */ 01670 #define MBEDTLS_CIPHER_C 01671 01672 /** 01673 * \def MBEDTLS_CMAC_C 01674 * 01675 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block 01676 * ciphers. 01677 * 01678 * Module: library/cmac.c 01679 * 01680 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C 01681 * 01682 */ 01683 #define MBEDTLS_CMAC_C 01684 01685 /** 01686 * \def MBEDTLS_CTR_DRBG_C 01687 * 01688 * Enable the CTR_DRBG AES-256-based random generator. 01689 * 01690 * Module: library/ctr_drbg.c 01691 * Caller: 01692 * 01693 * Requires: MBEDTLS_AES_C 01694 * 01695 * This module provides the CTR_DRBG AES-256 random number generator. 01696 */ 01697 #define MBEDTLS_CTR_DRBG_C 01698 01699 /** 01700 * \def MBEDTLS_DEBUG_C 01701 * 01702 * Enable the debug functions. 01703 * 01704 * Module: library/debug.c 01705 * Caller: library/ssl_cli.c 01706 * library/ssl_srv.c 01707 * library/ssl_tls.c 01708 * 01709 * This module provides debugging functions. 01710 */ 01711 //#define MBEDTLS_DEBUG_C 01712 01713 /** 01714 * \def MBEDTLS_DES_C 01715 * 01716 * Enable the DES block cipher. 01717 * 01718 * Module: library/des.c 01719 * Caller: library/pem.c 01720 * library/ssl_tls.c 01721 * 01722 * This module enables the following ciphersuites (if other requisites are 01723 * enabled as well): 01724 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01725 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01726 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01727 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01728 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01729 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01730 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01731 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01732 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01733 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01734 * 01735 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01736 */ 01737 //#define MBEDTLS_DES_C 01738 01739 /** 01740 * \def MBEDTLS_DHM_C 01741 * 01742 * Enable the Diffie-Hellman-Merkle module. 01743 * 01744 * Module: library/dhm.c 01745 * Caller: library/ssl_cli.c 01746 * library/ssl_srv.c 01747 * 01748 * This module is used by the following key exchanges: 01749 * DHE-RSA, DHE-PSK 01750 */ 01751 //#define MBEDTLS_DHM_C 01752 01753 /** 01754 * \def MBEDTLS_ECDH_C 01755 * 01756 * Enable the elliptic curve Diffie-Hellman library. 01757 * 01758 * Module: library/ecdh.c 01759 * Caller: library/ssl_cli.c 01760 * library/ssl_srv.c 01761 * 01762 * This module is used by the following key exchanges: 01763 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01764 * 01765 * Requires: MBEDTLS_ECP_C 01766 */ 01767 #define MBEDTLS_ECDH_C 01768 01769 /** 01770 * \def MBEDTLS_ECDSA_C 01771 * 01772 * Enable the elliptic curve DSA library. 01773 * 01774 * Module: library/ecdsa.c 01775 * Caller: 01776 * 01777 * This module is used by the following key exchanges: 01778 * ECDHE-ECDSA 01779 * 01780 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01781 */ 01782 #define MBEDTLS_ECDSA_C 01783 01784 /** 01785 * \def MBEDTLS_ECP_C 01786 * 01787 * Enable the elliptic curve over GF(p) library. 01788 * 01789 * Module: library/ecp.c 01790 * Caller: library/ecdh.c 01791 * library/ecdsa.c 01792 * 01793 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01794 */ 01795 #define MBEDTLS_ECP_C 01796 01797 /** 01798 * \def MBEDTLS_ENTROPY_C 01799 * 01800 * Enable the platform-specific entropy code. 01801 * 01802 * Module: library/entropy.c 01803 * Caller: 01804 * 01805 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01806 * 01807 * This module provides a generic entropy pool 01808 */ 01809 #define MBEDTLS_ENTROPY_C 01810 01811 /** 01812 * \def MBEDTLS_ERROR_C 01813 * 01814 * Enable error code to error string conversion. 01815 * 01816 * Module: library/error.c 01817 * Caller: 01818 * 01819 * This module enables mbedtls_strerror(). 01820 */ 01821 //#define MBEDTLS_ERROR_C 01822 01823 /** 01824 * \def MBEDTLS_GCM_C 01825 * 01826 * Enable the Galois/Counter Mode (GCM) for AES. 01827 * 01828 * Module: library/gcm.c 01829 * 01830 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01831 * 01832 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01833 * requisites are enabled as well. 01834 */ 01835 #define MBEDTLS_GCM_C 01836 01837 /** 01838 * \def MBEDTLS_HAVEGE_C 01839 * 01840 * Enable the HAVEGE random generator. 01841 * 01842 * Warning: the HAVEGE random generator is not suitable for virtualized 01843 * environments 01844 * 01845 * Warning: the HAVEGE random generator is dependent on timing and specific 01846 * processor traits. It is therefore not advised to use HAVEGE as 01847 * your applications primary random generator or primary entropy pool 01848 * input. As a secondary input to your entropy pool, it IS able add 01849 * the (limited) extra entropy it provides. 01850 * 01851 * Module: library/havege.c 01852 * Caller: 01853 * 01854 * Requires: MBEDTLS_TIMING_C 01855 * 01856 * Uncomment to enable the HAVEGE random generator. 01857 */ 01858 //#define MBEDTLS_HAVEGE_C 01859 01860 /** 01861 * \def MBEDTLS_HMAC_DRBG_C 01862 * 01863 * Enable the HMAC_DRBG random generator. 01864 * 01865 * Module: library/hmac_drbg.c 01866 * Caller: 01867 * 01868 * Requires: MBEDTLS_MD_C 01869 * 01870 * Uncomment to enable the HMAC_DRBG random number geerator. 01871 */ 01872 #define MBEDTLS_HMAC_DRBG_C 01873 01874 /** 01875 * \def MBEDTLS_MD_C 01876 * 01877 * Enable the generic message digest layer. 01878 * 01879 * Module: library/mbedtls_md.c 01880 * Caller: 01881 * 01882 * Uncomment to enable generic message digest wrappers. 01883 */ 01884 #define MBEDTLS_MD_C 01885 01886 /** 01887 * \def MBEDTLS_MD2_C 01888 * 01889 * Enable the MD2 hash algorithm. 01890 * 01891 * Module: library/mbedtls_md2.c 01892 * Caller: 01893 * 01894 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01895 */ 01896 //#define MBEDTLS_MD2_C 01897 01898 /** 01899 * \def MBEDTLS_MD4_C 01900 * 01901 * Enable the MD4 hash algorithm. 01902 * 01903 * Module: library/mbedtls_md4.c 01904 * Caller: 01905 * 01906 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01907 */ 01908 //#define MBEDTLS_MD4_C 01909 01910 /** 01911 * \def MBEDTLS_MD5_C 01912 * 01913 * Enable the MD5 hash algorithm. 01914 * 01915 * Module: library/mbedtls_md5.c 01916 * Caller: library/mbedtls_md.c 01917 * library/pem.c 01918 * library/ssl_tls.c 01919 * 01920 * This module is required for SSL/TLS and X.509. 01921 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01922 */ 01923 //#define MBEDTLS_MD5_C 01924 01925 /** 01926 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 01927 * 01928 * Enable the buffer allocator implementation that makes use of a (stack) 01929 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 01930 * calls) 01931 * 01932 * Module: library/memory_buffer_alloc.c 01933 * 01934 * Requires: MBEDTLS_PLATFORM_C 01935 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 01936 * 01937 * Enable this module to enable the buffer memory allocator. 01938 */ 01939 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 01940 01941 /** 01942 * \def MBEDTLS_NET_C 01943 * 01944 * Enable the TCP/IP networking routines. 01945 * 01946 * Module: library/net.c 01947 * 01948 * This module provides TCP/IP networking routines. 01949 */ 01950 //#define MBEDTLS_NET_C 01951 01952 /** 01953 * \def MBEDTLS_OID_C 01954 * 01955 * Enable the OID database. 01956 * 01957 * Module: library/oid.c 01958 * Caller: library/asn1write.c 01959 * library/pkcs5.c 01960 * library/pkparse.c 01961 * library/pkwrite.c 01962 * library/rsa.c 01963 * library/x509.c 01964 * library/x509_create.c 01965 * library/mbedtls_x509_crl.c 01966 * library/mbedtls_x509_crt.c 01967 * library/mbedtls_x509_csr.c 01968 * library/x509write_crt.c 01969 * library/mbedtls_x509write_csr.c 01970 * 01971 * This modules translates between OIDs and internal values. 01972 */ 01973 #define MBEDTLS_OID_C 01974 01975 /** 01976 * \def MBEDTLS_PADLOCK_C 01977 * 01978 * Enable VIA Padlock support on x86. 01979 * 01980 * Module: library/padlock.c 01981 * Caller: library/aes.c 01982 * 01983 * Requires: MBEDTLS_HAVE_ASM 01984 * 01985 * This modules adds support for the VIA PadLock on x86. 01986 */ 01987 //#define MBEDTLS_PADLOCK_C 01988 01989 /** 01990 * \def MBEDTLS_PEM_PARSE_C 01991 * 01992 * Enable PEM decoding / parsing. 01993 * 01994 * Module: library/pem.c 01995 * Caller: library/dhm.c 01996 * library/pkparse.c 01997 * library/mbedtls_x509_crl.c 01998 * library/mbedtls_x509_crt.c 01999 * library/mbedtls_x509_csr.c 02000 * 02001 * Requires: MBEDTLS_BASE64_C 02002 * 02003 * This modules adds support for decoding / parsing PEM files. 02004 */ 02005 //#define MBEDTLS_PEM_PARSE_C 02006 02007 /** 02008 * \def MBEDTLS_PEM_WRITE_C 02009 * 02010 * Enable PEM encoding / writing. 02011 * 02012 * Module: library/pem.c 02013 * Caller: library/pkwrite.c 02014 * library/x509write_crt.c 02015 * library/mbedtls_x509write_csr.c 02016 * 02017 * Requires: MBEDTLS_BASE64_C 02018 * 02019 * This modules adds support for encoding / writing PEM files. 02020 */ 02021 //#define MBEDTLS_PEM_WRITE_C 02022 02023 /** 02024 * \def MBEDTLS_PK_C 02025 * 02026 * Enable the generic public (asymetric) key layer. 02027 * 02028 * Module: library/pk.c 02029 * Caller: library/ssl_tls.c 02030 * library/ssl_cli.c 02031 * library/ssl_srv.c 02032 * 02033 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02034 * 02035 * Uncomment to enable generic public key wrappers. 02036 */ 02037 #define MBEDTLS_PK_C 02038 02039 /** 02040 * \def MBEDTLS_PK_PARSE_C 02041 * 02042 * Enable the generic public (asymetric) key parser. 02043 * 02044 * Module: library/pkparse.c 02045 * Caller: library/mbedtls_x509_crt.c 02046 * library/mbedtls_x509_csr.c 02047 * 02048 * Requires: MBEDTLS_PK_C 02049 * 02050 * Uncomment to enable generic public key parse functions. 02051 */ 02052 #define MBEDTLS_PK_PARSE_C 02053 02054 /** 02055 * \def MBEDTLS_PK_WRITE_C 02056 * 02057 * Enable the generic public (asymetric) key writer. 02058 * 02059 * Module: library/pkwrite.c 02060 * Caller: library/x509write.c 02061 * 02062 * Requires: MBEDTLS_PK_C 02063 * 02064 * Uncomment to enable generic public key write functions. 02065 */ 02066 #define MBEDTLS_PK_WRITE_C 02067 02068 /** 02069 * \def MBEDTLS_PKCS5_C 02070 * 02071 * Enable PKCS#5 functions. 02072 * 02073 * Module: library/pkcs5.c 02074 * 02075 * Requires: MBEDTLS_MD_C 02076 * 02077 * This module adds support for the PKCS#5 functions. 02078 */ 02079 //#define MBEDTLS_PKCS5_C 02080 02081 /** 02082 * \def MBEDTLS_PKCS11_C 02083 * 02084 * Enable wrapper for PKCS#11 smartcard support. 02085 * 02086 * Module: library/pkcs11.c 02087 * Caller: library/pk.c 02088 * 02089 * Requires: MBEDTLS_PK_C 02090 * 02091 * This module enables SSL/TLS PKCS #11 smartcard support. 02092 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02093 */ 02094 //#define MBEDTLS_PKCS11_C 02095 02096 /** 02097 * \def MBEDTLS_PKCS12_C 02098 * 02099 * Enable PKCS#12 PBE functions. 02100 * Adds algorithms for parsing PKCS#8 encrypted private keys 02101 * 02102 * Module: library/pkcs12.c 02103 * Caller: library/pkparse.c 02104 * 02105 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02106 * Can use: MBEDTLS_ARC4_C 02107 * 02108 * This module enables PKCS#12 functions. 02109 */ 02110 //#define MBEDTLS_PKCS12_C 02111 02112 /** 02113 * \def MBEDTLS_PLATFORM_C 02114 * 02115 * Enable the platform abstraction layer that allows you to re-assign 02116 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02117 * 02118 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02119 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02120 * above to be specified at runtime or compile time respectively. 02121 * 02122 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02123 * as other module rely on it for a fixed snprintf implementation. 02124 * 02125 * Module: library/platform.c 02126 * Caller: Most other .c files 02127 * 02128 * This module enables abstraction of common (libc) functions. 02129 */ 02130 #define MBEDTLS_PLATFORM_C 02131 02132 /** 02133 * \def MBEDTLS_RIPEMD160_C 02134 * 02135 * Enable the RIPEMD-160 hash algorithm. 02136 * 02137 * Module: library/mbedtls_ripemd160.c 02138 * Caller: library/mbedtls_md.c 02139 * 02140 */ 02141 //#define MBEDTLS_RIPEMD160_C 02142 02143 /** 02144 * \def MBEDTLS_RSA_C 02145 * 02146 * Enable the RSA public-key cryptosystem. 02147 * 02148 * Module: library/rsa.c 02149 * Caller: library/ssl_cli.c 02150 * library/ssl_srv.c 02151 * library/ssl_tls.c 02152 * library/x509.c 02153 * 02154 * This module is used by the following key exchanges: 02155 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02156 * 02157 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02158 */ 02159 //#define MBEDTLS_RSA_C 02160 02161 /** 02162 * \def MBEDTLS_SHA1_C 02163 * 02164 * Enable the SHA1 cryptographic hash algorithm. 02165 * 02166 * Module: library/mbedtls_sha1.c 02167 * Caller: library/mbedtls_md.c 02168 * library/ssl_cli.c 02169 * library/ssl_srv.c 02170 * library/ssl_tls.c 02171 * library/x509write_crt.c 02172 * 02173 * This module is required for SSL/TLS and SHA1-signed certificates. 02174 */ 02175 //#define MBEDTLS_SHA1_C 02176 02177 /** 02178 * \def MBEDTLS_SHA256_C 02179 * 02180 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02181 * 02182 * Module: library/mbedtls_sha256.c 02183 * Caller: library/entropy.c 02184 * library/mbedtls_md.c 02185 * library/ssl_cli.c 02186 * library/ssl_srv.c 02187 * library/ssl_tls.c 02188 * 02189 * This module adds support for SHA-224 and SHA-256. 02190 * This module is required for the SSL/TLS 1.2 PRF function. 02191 */ 02192 #define MBEDTLS_SHA256_C 02193 02194 /** 02195 * \def MBEDTLS_SHA512_C 02196 * 02197 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02198 * 02199 * Module: library/mbedtls_sha512.c 02200 * Caller: library/entropy.c 02201 * library/mbedtls_md.c 02202 * library/ssl_cli.c 02203 * library/ssl_srv.c 02204 * 02205 * This module adds support for SHA-384 and SHA-512. 02206 */ 02207 //#define MBEDTLS_SHA512_C 02208 02209 /** 02210 * \def MBEDTLS_SSL_CACHE_C 02211 * 02212 * Enable simple SSL cache implementation. 02213 * 02214 * Module: library/ssl_cache.c 02215 * Caller: 02216 * 02217 * Requires: MBEDTLS_SSL_CACHE_C 02218 */ 02219 #define MBEDTLS_SSL_CACHE_C 02220 02221 /** 02222 * \def MBEDTLS_SSL_COOKIE_C 02223 * 02224 * Enable basic implementation of DTLS cookies for hello verification. 02225 * 02226 * Module: library/ssl_cookie.c 02227 * Caller: 02228 */ 02229 #define MBEDTLS_SSL_COOKIE_C 02230 02231 /** 02232 * \def MBEDTLS_SSL_TICKET_C 02233 * 02234 * Enable an implementation of TLS server-side callbacks for session tickets. 02235 * 02236 * Module: library/ssl_ticket.c 02237 * Caller: 02238 * 02239 * Requires: MBEDTLS_CIPHER_C 02240 */ 02241 #define MBEDTLS_SSL_TICKET_C 02242 02243 /** 02244 * \def MBEDTLS_SSL_CLI_C 02245 * 02246 * Enable the SSL/TLS client code. 02247 * 02248 * Module: library/ssl_cli.c 02249 * Caller: 02250 * 02251 * Requires: MBEDTLS_SSL_TLS_C 02252 * 02253 * This module is required for SSL/TLS client support. 02254 */ 02255 #define MBEDTLS_SSL_CLI_C 02256 02257 /** 02258 * \def MBEDTLS_SSL_SRV_C 02259 * 02260 * Enable the SSL/TLS server code. 02261 * 02262 * Module: library/ssl_srv.c 02263 * Caller: 02264 * 02265 * Requires: MBEDTLS_SSL_TLS_C 02266 * 02267 * This module is required for SSL/TLS server support. 02268 */ 02269 //#define MBEDTLS_SSL_SRV_C 02270 02271 /** 02272 * \def MBEDTLS_SSL_TLS_C 02273 * 02274 * Enable the generic SSL/TLS code. 02275 * 02276 * Module: library/ssl_tls.c 02277 * Caller: library/ssl_cli.c 02278 * library/ssl_srv.c 02279 * 02280 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02281 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02282 * 02283 * This module is required for SSL/TLS. 02284 */ 02285 #define MBEDTLS_SSL_TLS_C 02286 02287 /** 02288 * \def MBEDTLS_THREADING_C 02289 * 02290 * Enable the threading abstraction layer. 02291 * By default mbed TLS assumes it is used in a non-threaded environment or that 02292 * contexts are not shared between threads. If you do intend to use contexts 02293 * between threads, you will need to enable this layer to prevent race 02294 * conditions. 02295 * 02296 * Module: library/threading.c 02297 * 02298 * This allows different threading implementations (self-implemented or 02299 * provided). 02300 * 02301 * You will have to enable either MBEDTLS_THREADING_ALT or 02302 * MBEDTLS_THREADING_PTHREAD. 02303 * 02304 * Enable this layer to allow use of mutexes within mbed TLS 02305 */ 02306 //#define MBEDTLS_THREADING_C 02307 02308 /** 02309 * \def MBEDTLS_TIMING_C 02310 * 02311 * Enable the portable timing interface. 02312 * 02313 * Module: library/timing.c 02314 * Caller: library/havege.c 02315 * 02316 * This module is used by the HAVEGE random number generator. 02317 */ 02318 //#define MBEDTLS_TIMING_C 02319 02320 /** 02321 * \def MBEDTLS_VERSION_C 02322 * 02323 * Enable run-time version information. 02324 * 02325 * Module: library/version.c 02326 * 02327 * This module provides run-time version information. 02328 */ 02329 #define MBEDTLS_VERSION_C 02330 02331 /** 02332 * \def MBEDTLS_X509_USE_C 02333 * 02334 * Enable X.509 core for using certificates. 02335 * 02336 * Module: library/x509.c 02337 * Caller: library/mbedtls_x509_crl.c 02338 * library/mbedtls_x509_crt.c 02339 * library/mbedtls_x509_csr.c 02340 * 02341 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02342 * MBEDTLS_PK_PARSE_C 02343 * 02344 * This module is required for the X.509 parsing modules. 02345 */ 02346 //#define MBEDTLS_X509_USE_C 02347 02348 /** 02349 * \def MBEDTLS_X509_CRT_PARSE_C 02350 * 02351 * Enable X.509 certificate parsing. 02352 * 02353 * Module: library/mbedtls_x509_crt.c 02354 * Caller: library/ssl_cli.c 02355 * library/ssl_srv.c 02356 * library/ssl_tls.c 02357 * 02358 * Requires: MBEDTLS_X509_USE_C 02359 * 02360 * This module is required for X.509 certificate parsing. 02361 */ 02362 02363 //#define MBEDTLS_X509_CRT_PARSE_C 02364 02365 /** 02366 * \def MBEDTLS_X509_CRL_PARSE_C 02367 * 02368 * Enable X.509 CRL parsing. 02369 * 02370 * Module: library/mbedtls_x509_crl.c 02371 * Caller: library/mbedtls_x509_crt.c 02372 * 02373 * Requires: MBEDTLS_X509_USE_C 02374 * 02375 * This module is required for X.509 CRL parsing. 02376 */ 02377 //#define MBEDTLS_X509_CRL_PARSE_C 02378 02379 /** 02380 * \def MBEDTLS_X509_CSR_PARSE_C 02381 * 02382 * Enable X.509 Certificate Signing Request (CSR) parsing. 02383 * 02384 * Module: library/mbedtls_x509_csr.c 02385 * Caller: library/x509_crt_write.c 02386 * 02387 * Requires: MBEDTLS_X509_USE_C 02388 * 02389 * This module is used for reading X.509 certificate request. 02390 */ 02391 //#define MBEDTLS_X509_CSR_PARSE_C 02392 02393 /** 02394 * \def MBEDTLS_X509_CREATE_C 02395 * 02396 * Enable X.509 core for creating certificates. 02397 * 02398 * Module: library/x509_create.c 02399 * 02400 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02401 * 02402 * This module is the basis for creating X.509 certificates and CSRs. 02403 */ 02404 //#define MBEDTLS_X509_CREATE_C 02405 02406 /** 02407 * \def MBEDTLS_X509_CRT_WRITE_C 02408 * 02409 * Enable creating X.509 certificates. 02410 * 02411 * Module: library/x509_crt_write.c 02412 * 02413 * Requires: MBEDTLS_X509_CREATE_C 02414 * 02415 * This module is required for X.509 certificate creation. 02416 */ 02417 //#define MBEDTLS_X509_CRT_WRITE_C 02418 02419 /** 02420 * \def MBEDTLS_X509_CSR_WRITE_C 02421 * 02422 * Enable creating X.509 Certificate Signing Requests (CSR). 02423 * 02424 * Module: library/x509_csr_write.c 02425 * 02426 * Requires: MBEDTLS_X509_CREATE_C 02427 * 02428 * This module is required for X.509 certificate request writing. 02429 */ 02430 //#define MBEDTLS_X509_CSR_WRITE_C 02431 /** 02432 * \def MBEDTLS_XTEA_C 02433 * 02434 * Enable the XTEA block cipher. 02435 * 02436 * Module: library/xtea.c 02437 * Caller: 02438 */ 02439 //#define MBEDTLS_XTEA_C 02440 02441 /* \} name SECTION: mbed TLS modules */ 02442 02443 /** 02444 * \name SECTION: Module configuration options 02445 * 02446 * This section allows for the setting of module specific sizes and 02447 * configuration options. The default values are already present in the 02448 * relevant header files and should suffice for the regular use cases. 02449 * 02450 * Our advice is to enable options and change their values here 02451 * only if you have a good reason and know the consequences. 02452 * 02453 * Please check the respective header file for documentation on these 02454 * parameters (to prevent duplicate documentation). 02455 * \{ 02456 */ 02457 02458 /* MPI / BIGNUM options */ 02459 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02460 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02461 02462 /* CTR_DRBG options */ 02463 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02464 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02465 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02466 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02467 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02468 02469 /* HMAC_DRBG options */ 02470 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02471 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02472 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02473 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02474 02475 /* ECP options */ 02476 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02477 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02478 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02479 02480 /* Entropy options */ 02481 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02482 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02483 02484 /* Memory buffer allocator options */ 02485 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02486 02487 /* Platform options */ 02488 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02489 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02490 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02491 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02492 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02493 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02494 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02495 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02496 02497 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02498 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02499 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02500 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02501 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02502 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02503 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02504 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02505 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02506 02507 /* SSL Cache options */ 02508 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02509 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02510 02511 /* SSL options */ 02512 02513 #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096 02514 02515 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02516 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02517 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02518 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02519 02520 /** 02521 * Complete list of ciphersuites to use, in order of preference. 02522 * 02523 * \warning No dependency checking is done on that field! This option can only 02524 * be used to restrict the set of available ciphersuites. It is your 02525 * responsibility to make sure the needed modules are active. 02526 * 02527 * Use this to save a few hundred bytes of ROM (default ordering of all 02528 * available ciphersuites) and a few to a few hundred bytes of RAM. 02529 * 02530 * The value below is only an example, not the default. 02531 */ 02532 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, \ 02533 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \ 02534 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ 02535 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, \ 02536 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ 02537 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 02538 /* X509 options */ 02539 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02540 02541 /* \} name SECTION: Module configuration options */ 02542 02543 #if defined(TARGET_LIKE_MBED) 02544 #include "mbedtls/target_config.h" 02545 #endif 02546 02547 /* 02548 * Allow user to override any previous default. 02549 * 02550 * Use two macro names for that, as: 02551 * - with yotta the prefix YOTTA_CFG_ is forced 02552 * - without yotta is looks weird to have a YOTTA prefix. 02553 */ 02554 #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) 02555 #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE 02556 #elif defined(MBEDTLS_USER_CONFIG_FILE) 02557 #include MBEDTLS_USER_CONFIG_FILE 02558 #endif 02559 02560 #include "mbedtls/check_config.h" 02561 02562 #endif /* KSDK_MBEDTLS_CONFIG_H */
Generated on Tue Jul 12 2022 19:01:35 by 1.7.2