joey shelton
/
LED_Demo
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependencies: MAX44000 PWM_Tone_Library nexpaq_mdk
Fork of
LED_Demo
by 
Maxim nexpaq
Embed:
(wiki syntax)
Show/hide line numbers
config.h
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * This set of compile-time options may be used to enable 00007 * or disable features selectively, and reduce the global 00008 * memory footprint. 00009 * 00010 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00011 * SPDX-License-Identifier: Apache-2.0 00012 * 00013 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00014 * not use this file except in compliance with the License. 00015 * You may obtain a copy of the License at 00016 * 00017 * http://www.apache.org/licenses/LICENSE-2.0 00018 * 00019 * Unless required by applicable law or agreed to in writing, software 00020 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00021 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00022 * See the License for the specific language governing permissions and 00023 * limitations under the License. 00024 * 00025 * This file is part of mbed TLS (https://tls.mbed.org) 00026 */ 00027 00028 #ifndef MBEDTLS_CONFIG_H 00029 #define MBEDTLS_CONFIG_H 00030 00031 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00032 #define _CRT_SECURE_NO_DEPRECATE 1 00033 #endif 00034 00035 /** 00036 * \name SECTION: System support 00037 * 00038 * This section sets system specific settings. 00039 * \{ 00040 */ 00041 00042 /** 00043 * \def MBEDTLS_HAVE_ASM 00044 * 00045 * The compiler has support for asm(). 00046 * 00047 * Requires support for asm() in compiler. 00048 * 00049 * Used in: 00050 * library/timing.c 00051 * library/padlock.c 00052 * include/mbedtls/bn_mul.h 00053 * 00054 * Comment to disable the use of assembly code. 00055 */ 00056 #define MBEDTLS_HAVE_ASM 00057 00058 /** 00059 * \def MBEDTLS_HAVE_SSE2 00060 * 00061 * CPU supports SSE2 instruction set. 00062 * 00063 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00064 */ 00065 //#define MBEDTLS_HAVE_SSE2 00066 00067 /** 00068 * \def MBEDTLS_HAVE_TIME 00069 * 00070 * System has time.h and time(). 00071 * The time does not need to be correct, only time differences are used, 00072 * by contrast with MBEDTLS_HAVE_TIME_DATE 00073 * 00074 * Comment if your system does not support time functions 00075 */ 00076 #define MBEDTLS_HAVE_TIME 00077 00078 /** 00079 * \def MBEDTLS_HAVE_TIME_DATE 00080 * 00081 * System has time.h and time(), gmtime() and the clock is correct. 00082 * The time needs to be correct (not necesarily very accurate, but at least 00083 * the date should be correct). This is used to verify the validity period of 00084 * X.509 certificates. 00085 * 00086 * Comment if your system does not have a correct clock. 00087 */ 00088 //#define MBEDTLS_HAVE_TIME_DATE 00089 00090 /** 00091 * \def MBEDTLS_PLATFORM_MEMORY 00092 * 00093 * Enable the memory allocation layer. 00094 * 00095 * By default mbed TLS uses the system-provided calloc() and free(). 00096 * This allows different allocators (self-implemented or provided) to be 00097 * provided to the platform abstraction layer. 00098 * 00099 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00100 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00101 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00102 * free() function pointer at runtime. 00103 * 00104 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00105 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00106 * alternate function at compile time. 00107 * 00108 * Requires: MBEDTLS_PLATFORM_C 00109 * 00110 * Enable this layer to allow use of alternative memory allocators. 00111 */ 00112 //#define MBEDTLS_PLATFORM_MEMORY 00113 00114 /** 00115 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00116 * 00117 * Do not assign standard functions in the platform layer (e.g. calloc() to 00118 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00119 * 00120 * This makes sure there are no linking errors on platforms that do not support 00121 * these functions. You will HAVE to provide alternatives, either at runtime 00122 * via the platform_set_xxx() functions or at compile time by setting 00123 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00124 * MBEDTLS_PLATFORM_XXX_MACRO. 00125 * 00126 * Requires: MBEDTLS_PLATFORM_C 00127 * 00128 * Uncomment to prevent default assignment of standard functions in the 00129 * platform layer. 00130 */ 00131 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00132 00133 /** 00134 * \def MBEDTLS_PLATFORM_EXIT_ALT 00135 * 00136 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the 00137 * function in the platform abstraction layer. 00138 * 00139 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00140 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00141 * alternative printf function pointer. 00142 * 00143 * All these define require MBEDTLS_PLATFORM_C to be defined! 00144 * 00145 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00146 * it will be enabled automatically by check_config.h 00147 * 00148 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00149 * MBEDTLS_PLATFORM_XXX_MACRO! 00150 * 00151 * Uncomment a macro to enable alternate implementation of specific base 00152 * platform function 00153 */ 00154 //#define MBEDTLS_PLATFORM_EXIT_ALT 00155 //#define MBEDTLS_PLATFORM_TIME_ALT 00156 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00157 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00158 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00159 //#define MBEDTLS_PLATFORM_NV_SEED_ALT 00160 00161 /** 00162 * \def MBEDTLS_DEPRECATED_WARNING 00163 * 00164 * Mark deprecated functions so that they generate a warning if used. 00165 * Functions deprecated in one version will usually be removed in the next 00166 * version. You can enable this to help you prepare the transition to a new 00167 * major version by making sure your code is not using these functions. 00168 * 00169 * This only works with GCC and Clang. With other compilers, you may want to 00170 * use MBEDTLS_DEPRECATED_REMOVED 00171 * 00172 * Uncomment to get warnings on using deprecated functions. 00173 */ 00174 //#define MBEDTLS_DEPRECATED_WARNING 00175 00176 /** 00177 * \def MBEDTLS_DEPRECATED_REMOVED 00178 * 00179 * Remove deprecated functions so that they generate an error if used. 00180 * Functions deprecated in one version will usually be removed in the next 00181 * version. You can enable this to help you prepare the transition to a new 00182 * major version by making sure your code is not using these functions. 00183 * 00184 * Uncomment to get errors on using deprecated functions. 00185 */ 00186 //#define MBEDTLS_DEPRECATED_REMOVED 00187 00188 /* \} name SECTION: System support */ 00189 00190 /** 00191 * \name SECTION: mbed TLS feature support 00192 * 00193 * This section sets support for features that are or are not needed 00194 * within the modules that are enabled. 00195 * \{ 00196 */ 00197 00198 /** 00199 * \def MBEDTLS_TIMING_ALT 00200 * 00201 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00202 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00203 * 00204 * Only works if you have MBEDTLS_TIMING_C enabled. 00205 * 00206 * You will need to provide a header "timing_alt.h" and an implementation at 00207 * compile time. 00208 */ 00209 //#define MBEDTLS_TIMING_ALT 00210 00211 /** 00212 * \def MBEDTLS_AES_ALT 00213 * 00214 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your 00215 * alternate core implementation of a symmetric crypto or hash module (e.g. 00216 * platform specific assembly optimized implementations). Keep in mind that 00217 * the function prototypes should remain the same. 00218 * 00219 * This replaces the whole module. If you only want to replace one of the 00220 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00221 * 00222 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00223 * provide the "struct mbedtls_aes_context" definition and omit the base function 00224 * declarations and implementations. "aes_alt.h" will be included from 00225 * "aes.h" to include the new function definitions. 00226 * 00227 * Uncomment a macro to enable alternate implementation of the corresponding 00228 * module. 00229 */ 00230 //#define MBEDTLS_AES_ALT 00231 //#define MBEDTLS_ARC4_ALT 00232 //#define MBEDTLS_BLOWFISH_ALT 00233 //#define MBEDTLS_CAMELLIA_ALT 00234 //#define MBEDTLS_DES_ALT 00235 //#define MBEDTLS_XTEA_ALT 00236 //#define MBEDTLS_MD2_ALT 00237 //#define MBEDTLS_MD4_ALT 00238 //#define MBEDTLS_MD5_ALT 00239 //#define MBEDTLS_RIPEMD160_ALT 00240 //#define MBEDTLS_SHA1_ALT 00241 //#define MBEDTLS_SHA256_ALT 00242 //#define MBEDTLS_SHA512_ALT 00243 00244 /** 00245 * \def MBEDTLS_MD2_PROCESS_ALT 00246 * 00247 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you 00248 * alternate core implementation of symmetric crypto or hash function. Keep in 00249 * mind that function prototypes should remain the same. 00250 * 00251 * This replaces only one function. The header file from mbed TLS is still 00252 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00253 * 00254 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00255 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00256 * the other function (using your mbedtls_sha1_process() function) and the definition 00257 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00258 * with this definition. 00259 * 00260 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set 00261 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00262 * tables. 00263 * 00264 * Uncomment a macro to enable alternate implementation of the corresponding 00265 * function. 00266 */ 00267 //#define MBEDTLS_MD2_PROCESS_ALT 00268 //#define MBEDTLS_MD4_PROCESS_ALT 00269 //#define MBEDTLS_MD5_PROCESS_ALT 00270 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00271 //#define MBEDTLS_SHA1_PROCESS_ALT 00272 //#define MBEDTLS_SHA256_PROCESS_ALT 00273 //#define MBEDTLS_SHA512_PROCESS_ALT 00274 //#define MBEDTLS_DES_SETKEY_ALT 00275 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00276 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00277 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00278 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00279 //#define MBEDTLS_AES_ENCRYPT_ALT 00280 //#define MBEDTLS_AES_DECRYPT_ALT 00281 00282 /** 00283 * \def MBEDTLS_TEST_NULL_ENTROPY 00284 * 00285 * Enables testing and use of mbed TLS without any configured entropy sources. 00286 * This permits use of the library on platforms before an entropy source has 00287 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the 00288 * MBEDTLS_ENTROPY_NV_SEED switches). 00289 * 00290 * WARNING! This switch MUST be disabled in production builds, and is suitable 00291 * only for development. 00292 * Enabling the switch negates any security provided by the library. 00293 * 00294 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00295 * 00296 */ 00297 //#define MBEDTLS_TEST_NULL_ENTROPY 00298 00299 /** 00300 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00301 * 00302 * Uncomment this macro to let mbed TLS use your own implementation of a 00303 * hardware entropy collector. 00304 * 00305 * Your function must be called \c mbedtls_hardware_poll(), have the same 00306 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00307 * 00308 * Uncomment to use your own hardware entropy collector. 00309 */ 00310 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00311 00312 /** 00313 * \def MBEDTLS_AES_ROM_TABLES 00314 * 00315 * Store the AES tables in ROM. 00316 * 00317 * Uncomment this macro to store the AES tables in ROM. 00318 */ 00319 //#define MBEDTLS_AES_ROM_TABLES 00320 00321 /** 00322 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00323 * 00324 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00325 * 00326 * Uncomment this macro to use less memory for Camellia. 00327 */ 00328 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00329 00330 /** 00331 * \def MBEDTLS_CIPHER_MODE_CBC 00332 * 00333 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00334 */ 00335 #define MBEDTLS_CIPHER_MODE_CBC 00336 00337 /** 00338 * \def MBEDTLS_CIPHER_MODE_CFB 00339 * 00340 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00341 */ 00342 //#define MBEDTLS_CIPHER_MODE_CFB 00343 00344 /** 00345 * \def MBEDTLS_CIPHER_MODE_CTR 00346 * 00347 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00348 */ 00349 //#define MBEDTLS_CIPHER_MODE_CTR 00350 00351 /** 00352 * \def MBEDTLS_CIPHER_NULL_CIPHER 00353 * 00354 * Enable NULL cipher. 00355 * Warning: Only do so when you know what you are doing. This allows for 00356 * encryption or channels without any security! 00357 * 00358 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00359 * the following ciphersuites: 00360 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00361 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00362 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00363 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00364 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00365 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00366 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00367 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00368 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00369 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00370 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00371 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00372 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00373 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00374 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00375 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00376 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00377 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00378 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00379 * 00380 * Uncomment this macro to enable the NULL cipher and ciphersuites 00381 */ 00382 //#define MBEDTLS_CIPHER_NULL_CIPHER 00383 00384 /** 00385 * \def MBEDTLS_CIPHER_PADDING_PKCS7 00386 * 00387 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for 00388 * specific padding modes in the cipher layer with cipher modes that support 00389 * padding (e.g. CBC) 00390 * 00391 * If you disable all padding modes, only full blocks can be used with CBC. 00392 * 00393 * Enable padding modes in the cipher layer. 00394 */ 00395 #define MBEDTLS_CIPHER_PADDING_PKCS7 00396 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00397 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00398 //#define MBEDTLS_CIPHER_PADDING_ZEROS 00399 00400 /** 00401 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00402 * 00403 * Enable weak ciphersuites in SSL / TLS. 00404 * Warning: Only do so when you know what you are doing. This allows for 00405 * channels with virtually no security at all! 00406 * 00407 * This enables the following ciphersuites: 00408 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00409 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00410 * 00411 * Uncomment this macro to enable weak ciphersuites 00412 */ 00413 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00414 00415 /** 00416 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00417 * 00418 * Remove RC4 ciphersuites by default in SSL / TLS. 00419 * This flag removes the ciphersuites based on RC4 from the default list as 00420 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00421 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00422 * explicitly. 00423 * 00424 * Uncomment this macro to remove RC4 ciphersuites by default. 00425 */ 00426 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00427 00428 /** 00429 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED 00430 * 00431 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve 00432 * module. By default all supported curves are enabled. 00433 * 00434 * Comment macros to disable the curve and functions for it 00435 */ 00436 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00437 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00438 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00439 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00440 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00441 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00442 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00443 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00444 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED 00445 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED 00446 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED 00447 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00448 00449 /** 00450 * \def MBEDTLS_ECP_NIST_OPTIM 00451 * 00452 * Enable specific 'modulo p' routines for each NIST prime. 00453 * Depending on the prime and architecture, makes operations 4 to 8 times 00454 * faster on the corresponding curve. 00455 * 00456 * Comment this macro to disable NIST curves optimisation. 00457 */ 00458 #define MBEDTLS_ECP_NIST_OPTIM 00459 00460 /** 00461 * \def MBEDTLS_ECDSA_DETERMINISTIC 00462 * 00463 * Enable deterministic ECDSA (RFC 6979). 00464 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00465 * may result in a compromise of the long-term signing key. This is avoided by 00466 * the deterministic variant. 00467 * 00468 * Requires: MBEDTLS_HMAC_DRBG_C 00469 * 00470 * Comment this macro to disable deterministic ECDSA. 00471 */ 00472 #define MBEDTLS_ECDSA_DETERMINISTIC 00473 00474 /** 00475 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00476 * 00477 * Enable the PSK based ciphersuite modes in SSL / TLS. 00478 * 00479 * This enables the following ciphersuites (if other requisites are 00480 * enabled as well): 00481 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00482 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00483 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00484 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00485 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00486 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00487 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00488 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00489 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00490 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00491 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00492 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00493 */ 00494 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00495 00496 /** 00497 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00498 * 00499 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00500 * 00501 * Requires: MBEDTLS_DHM_C 00502 * 00503 * This enables the following ciphersuites (if other requisites are 00504 * enabled as well): 00505 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00506 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00507 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00508 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00509 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00510 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00511 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00512 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00513 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00514 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00515 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00516 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00517 */ 00518 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00519 00520 /** 00521 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00522 * 00523 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00524 * 00525 * Requires: MBEDTLS_ECDH_C 00526 * 00527 * This enables the following ciphersuites (if other requisites are 00528 * enabled as well): 00529 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00530 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00531 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00532 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00533 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00534 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00535 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00536 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00537 */ 00538 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00539 00540 /** 00541 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00542 * 00543 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00544 * 00545 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00546 * MBEDTLS_X509_CRT_PARSE_C 00547 * 00548 * This enables the following ciphersuites (if other requisites are 00549 * enabled as well): 00550 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00551 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00552 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00553 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00554 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00555 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00556 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00557 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00558 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00559 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00560 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00561 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00562 */ 00563 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00564 00565 /** 00566 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00567 * 00568 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00569 * 00570 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00571 * MBEDTLS_X509_CRT_PARSE_C 00572 * 00573 * This enables the following ciphersuites (if other requisites are 00574 * enabled as well): 00575 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00576 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00577 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00578 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00579 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00580 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00581 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00582 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00583 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00584 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00585 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00586 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00587 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00588 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00589 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00590 */ 00591 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00592 00593 /** 00594 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00595 * 00596 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00597 * 00598 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00599 * MBEDTLS_X509_CRT_PARSE_C 00600 * 00601 * This enables the following ciphersuites (if other requisites are 00602 * enabled as well): 00603 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00604 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00605 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00606 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00607 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00608 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00609 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00610 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00611 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00612 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00613 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00614 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00615 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00616 */ 00617 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00618 00619 /** 00620 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00621 * 00622 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00623 * 00624 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00625 * MBEDTLS_X509_CRT_PARSE_C 00626 * 00627 * This enables the following ciphersuites (if other requisites are 00628 * enabled as well): 00629 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00630 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00631 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00632 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00633 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00634 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00635 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00636 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00637 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00638 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00639 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00640 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00641 */ 00642 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00643 00644 /** 00645 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00646 * 00647 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00648 * 00649 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00650 * 00651 * This enables the following ciphersuites (if other requisites are 00652 * enabled as well): 00653 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00654 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00655 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00656 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00657 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00658 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00659 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00660 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00661 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00662 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00663 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00664 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00665 */ 00666 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00667 00668 /** 00669 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00670 * 00671 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00672 * 00673 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00674 * 00675 * This enables the following ciphersuites (if other requisites are 00676 * enabled as well): 00677 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00678 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00679 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00680 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00681 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00682 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00683 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00684 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00685 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00686 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00687 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00688 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00689 */ 00690 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00691 00692 /** 00693 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00694 * 00695 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00696 * 00697 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00698 * 00699 * This enables the following ciphersuites (if other requisites are 00700 * enabled as well): 00701 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00702 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00703 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00704 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00705 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00706 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00707 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00708 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00709 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00710 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00711 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00712 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00713 */ 00714 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00715 00716 /** 00717 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00718 * 00719 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. 00720 * 00721 * \warning This is currently experimental. EC J-PAKE support is based on the 00722 * Thread v1.0.0 specification; incompatible changes to the specification 00723 * might still happen. For this reason, this is disabled by default. 00724 * 00725 * Requires: MBEDTLS_ECJPAKE_C 00726 * MBEDTLS_SHA256_C 00727 * MBEDTLS_ECP_DP_SECP256R1_ENABLED 00728 * 00729 * This enables the following ciphersuites (if other requisites are 00730 * enabled as well): 00731 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 00732 */ 00733 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00734 00735 /** 00736 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00737 * 00738 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00739 * RFC 5915 and RFC 5480. 00740 * 00741 * Currently this means parsing the SpecifiedECDomain choice of EC 00742 * parameters (only known groups are supported, not arbitrary domains, to 00743 * avoid validation issues). 00744 * 00745 * Disable if you only need to support RFC 5915 + 5480 key formats. 00746 */ 00747 //#define MBEDTLS_PK_PARSE_EC_EXTENDED 00748 00749 /** 00750 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00751 * 00752 * Enable a dummy error function to make use of mbedtls_strerror() in 00753 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00754 * (no effect when MBEDTLS_ERROR_C is enabled). 00755 * 00756 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00757 * not using mbedtls_strerror() or error_strerror() in your application. 00758 * 00759 * Disable if you run into name conflicts and want to really remove the 00760 * mbedtls_strerror() 00761 */ 00762 #define MBEDTLS_ERROR_STRERROR_DUMMY 00763 00764 /** 00765 * \def MBEDTLS_GENPRIME 00766 * 00767 * Enable the prime-number generation code. 00768 * 00769 * Requires: MBEDTLS_BIGNUM_C 00770 */ 00771 //#define MBEDTLS_GENPRIME 00772 00773 /** 00774 * \def MBEDTLS_FS_IO 00775 * 00776 * Enable functions that use the filesystem. 00777 */ 00778 //#define MBEDTLS_FS_IO 00779 00780 /** 00781 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00782 * 00783 * Do not add default entropy sources. These are the platform specific, 00784 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00785 * 00786 * This is useful to have more control over the added entropy sources in an 00787 * application. 00788 * 00789 * Uncomment this macro to prevent loading of default entropy functions. 00790 */ 00791 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00792 00793 /** 00794 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00795 * 00796 * Do not use built-in platform entropy functions. 00797 * This is useful if your platform does not support 00798 * standards like the /dev/urandom or Windows CryptoAPI. 00799 * 00800 * Uncomment this macro to disable the built-in platform entropy functions. 00801 */ 00802 #define MBEDTLS_NO_PLATFORM_ENTROPY 00803 00804 /** 00805 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00806 * 00807 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00808 * default SHA-512 based one (if both are available). 00809 * 00810 * Requires: MBEDTLS_SHA256_C 00811 * 00812 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00813 * if you have performance concerns. 00814 * 00815 * This option is only useful if both MBEDTLS_SHA256_C and 00816 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00817 */ 00818 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00819 00820 /** 00821 * \def MBEDTLS_ENTROPY_NV_SEED 00822 * 00823 * Enable the non-volatile (NV) seed file-based entropy source. 00824 * (Also enables the NV seed read/write functions in the platform layer) 00825 * 00826 * This is crucial (if not required) on systems that do not have a 00827 * cryptographic entropy source (in hardware or kernel) available. 00828 * 00829 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C 00830 * 00831 * \note The read/write functions that are used by the entropy source are 00832 * determined in the platform layer, and can be modified at runtime and/or 00833 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. 00834 * 00835 * \note If you use the default implementation functions that read a seedfile 00836 * with regular fopen(), please make sure you make a seedfile with the 00837 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at 00838 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from 00839 * and written to or you will get an entropy source error! The default 00840 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE 00841 * bytes from the file. 00842 * 00843 * \note The entropy collector will write to the seed file before entropy is 00844 * given to an external source, to update it. 00845 */ 00846 //#define MBEDTLS_ENTROPY_NV_SEED 00847 00848 /** 00849 * \def MBEDTLS_MEMORY_DEBUG 00850 * 00851 * Enable debugging of buffer allocator memory issues. Automatically prints 00852 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00853 * function for 'debug output' of allocated memory. 00854 * 00855 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00856 * 00857 * Uncomment this macro to let the buffer allocator print out error messages. 00858 */ 00859 //#define MBEDTLS_MEMORY_DEBUG 00860 00861 /** 00862 * \def MBEDTLS_MEMORY_BACKTRACE 00863 * 00864 * Include backtrace information with each allocated block. 00865 * 00866 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00867 * GLIBC-compatible backtrace() an backtrace_symbols() support 00868 * 00869 * Uncomment this macro to include backtrace information 00870 */ 00871 //#define MBEDTLS_MEMORY_BACKTRACE 00872 00873 /** 00874 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00875 * 00876 * Support external private RSA keys (eg from a HSM) in the PK layer. 00877 * 00878 * Comment this macro to disable support for external private RSA keys. 00879 */ 00880 #define MBEDTLS_PK_RSA_ALT_SUPPORT 00881 00882 /** 00883 * \def MBEDTLS_PKCS1_V15 00884 * 00885 * Enable support for PKCS#1 v1.5 encoding. 00886 * 00887 * Requires: MBEDTLS_RSA_C 00888 * 00889 * This enables support for PKCS#1 v1.5 operations. 00890 */ 00891 #define MBEDTLS_PKCS1_V15 00892 00893 /** 00894 * \def MBEDTLS_PKCS1_V21 00895 * 00896 * Enable support for PKCS#1 v2.1 encoding. 00897 * 00898 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 00899 * 00900 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00901 */ 00902 #define MBEDTLS_PKCS1_V21 00903 00904 /** 00905 * \def MBEDTLS_RSA_NO_CRT 00906 * 00907 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00908 * 00909 * Uncomment this macro to disable the use of CRT in RSA. 00910 * 00911 */ 00912 //#define MBEDTLS_RSA_NO_CRT 00913 00914 /** 00915 * \def MBEDTLS_SELF_TEST 00916 * 00917 * Enable the checkup functions (*_self_test). 00918 */ 00919 #define MBEDTLS_SELF_TEST 00920 00921 /** 00922 * \def MBEDTLS_SHA256_SMALLER 00923 * 00924 * Enable an implementation of SHA-256 that has lower ROM footprint but also 00925 * lower performance. 00926 * 00927 * The default implementation is meant to be a reasonnable compromise between 00928 * performance and size. This version optimizes more aggressively for size at 00929 * the expense of performance. Eg on Cortex-M4 it reduces the size of 00930 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 00931 * 30%. 00932 * 00933 * Uncomment to enable the smaller implementation of SHA256. 00934 */ 00935 //#define MBEDTLS_SHA256_SMALLER 00936 00937 /** 00938 * \def MBEDTLS_SSL_AEAD_RANDOM_IV 00939 * 00940 * Generate a random IV rather than using the record sequence number as a 00941 * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). 00942 * 00943 * Using the sequence number is generally recommended. 00944 * 00945 * Uncomment this macro to always use random IVs with AEAD ciphersuites. 00946 */ 00947 //#define MBEDTLS_SSL_AEAD_RANDOM_IV 00948 00949 /** 00950 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 00951 * 00952 * Enable sending of alert messages in case of encountered errors as per RFC. 00953 * If you choose not to send the alert messages, mbed TLS can still communicate 00954 * with other servers, only debugging of failures is harder. 00955 * 00956 * The advantage of not sending alert messages, is that no information is given 00957 * about reasons for failures thus preventing adversaries of gaining intel. 00958 * 00959 * Enable sending of all alert messages 00960 */ 00961 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 00962 00963 /** 00964 * \def MBEDTLS_SSL_DEBUG_ALL 00965 * 00966 * Enable the debug messages in SSL module for all issues. 00967 * Debug messages have been disabled in some places to prevent timing 00968 * attacks due to (unbalanced) debugging function calls. 00969 * 00970 * If you need all error reporting you should enable this during debugging, 00971 * but remove this for production servers that should log as well. 00972 * 00973 * Uncomment this macro to report all debug messages on errors introducing 00974 * a timing side-channel. 00975 * 00976 */ 00977 //#define MBEDTLS_SSL_DEBUG_ALL 00978 00979 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 00980 * 00981 * Enable support for Encrypt-then-MAC, RFC 7366. 00982 * 00983 * This allows peers that both support it to use a more robust protection for 00984 * ciphersuites using CBC, providing deep resistance against timing attacks 00985 * on the padding or underlying cipher. 00986 * 00987 * This only affects CBC ciphersuites, and is useless if none is defined. 00988 * 00989 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 00990 * MBEDTLS_SSL_PROTO_TLS1_1 or 00991 * MBEDTLS_SSL_PROTO_TLS1_2 00992 * 00993 * Comment this macro to disable support for Encrypt-then-MAC 00994 */ 00995 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 00996 00997 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 00998 * 00999 * Enable support for Extended Master Secret, aka Session Hash 01000 * (draft-ietf-tls-session-hash-02). 01001 * 01002 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01003 * attacks, but it is recommended to always use it (even if you disable 01004 * renegotiation), since it actually fixes a more fundamental issue in the 01005 * original SSL/TLS design, and has implications beyond Triple Handshake. 01006 * 01007 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01008 * MBEDTLS_SSL_PROTO_TLS1_1 or 01009 * MBEDTLS_SSL_PROTO_TLS1_2 01010 * 01011 * Comment this macro to disable support for Extended Master Secret. 01012 */ 01013 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01014 01015 /** 01016 * \def MBEDTLS_SSL_FALLBACK_SCSV 01017 * 01018 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01019 * 01020 * For servers, it is recommended to always enable this, unless you support 01021 * only one version of TLS, or know for sure that none of your clients 01022 * implements a fallback strategy. 01023 * 01024 * For clients, you only need this if you're using a fallback strategy, which 01025 * is not recommended in the first place, unless you absolutely need it to 01026 * interoperate with buggy (version-intolerant) servers. 01027 * 01028 * Comment this macro to disable support for FALLBACK_SCSV 01029 */ 01030 //#define MBEDTLS_SSL_FALLBACK_SCSV 01031 01032 /** 01033 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01034 * 01035 * Enable hooking functions in SSL module for hardware acceleration of 01036 * individual records. 01037 * 01038 * Uncomment this macro to enable hooking functions. 01039 */ 01040 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01041 01042 /** 01043 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01044 * 01045 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01046 * 01047 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01048 * of interoperability issues compared to sending 0-length records. 01049 * 01050 * Comment this macro to disable 1/n-1 record splitting. 01051 */ 01052 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01053 01054 /** 01055 * \def MBEDTLS_SSL_RENEGOTIATION 01056 * 01057 * Disable support for TLS renegotiation. 01058 * 01059 * The two main uses of renegotiation are (1) refresh keys on long-lived 01060 * connections and (2) client authentication after the initial handshake. 01061 * If you don't need renegotiation, it's probably better to disable it, since 01062 * it has been associated with security issues in the past and is easy to 01063 * misuse/misunderstand. 01064 * 01065 * Comment this to disable support for renegotiation. 01066 */ 01067 #define MBEDTLS_SSL_RENEGOTIATION 01068 01069 /** 01070 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01071 * 01072 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01073 * SSL Server module (MBEDTLS_SSL_SRV_C). 01074 * 01075 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01076 */ 01077 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01078 01079 /** 01080 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01081 * 01082 * Pick the ciphersuite according to the client's preferences rather than ours 01083 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01084 * 01085 * Uncomment this macro to respect client's ciphersuite order 01086 */ 01087 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01088 01089 /** 01090 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01091 * 01092 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01093 * 01094 * Comment this macro to disable support for the max_fragment_length extension 01095 */ 01096 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01097 01098 /** 01099 * \def MBEDTLS_SSL_PROTO_SSL3 01100 * 01101 * Enable support for SSL 3.0. 01102 * 01103 * Requires: MBEDTLS_MD5_C 01104 * MBEDTLS_SHA1_C 01105 * 01106 * Comment this macro to disable support for SSL 3.0 01107 */ 01108 //#define MBEDTLS_SSL_PROTO_SSL3 01109 01110 /** 01111 * \def MBEDTLS_SSL_PROTO_TLS1 01112 * 01113 * Enable support for TLS 1.0. 01114 * 01115 * Requires: MBEDTLS_MD5_C 01116 * MBEDTLS_SHA1_C 01117 * 01118 * Comment this macro to disable support for TLS 1.0 01119 */ 01120 //#define MBEDTLS_SSL_PROTO_TLS1 01121 01122 /** 01123 * \def MBEDTLS_SSL_PROTO_TLS1_1 01124 * 01125 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01126 * 01127 * Requires: MBEDTLS_MD5_C 01128 * MBEDTLS_SHA1_C 01129 * 01130 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01131 */ 01132 //#define MBEDTLS_SSL_PROTO_TLS1_1 01133 01134 /** 01135 * \def MBEDTLS_SSL_PROTO_TLS1_2 01136 * 01137 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01138 * 01139 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01140 * (Depends on ciphersuites) 01141 * 01142 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01143 */ 01144 #define MBEDTLS_SSL_PROTO_TLS1_2 01145 01146 /** 01147 * \def MBEDTLS_SSL_PROTO_DTLS 01148 * 01149 * Enable support for DTLS (all available versions). 01150 * 01151 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01152 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01153 * 01154 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01155 * or MBEDTLS_SSL_PROTO_TLS1_2 01156 * 01157 * Comment this macro to disable support for DTLS 01158 */ 01159 #define MBEDTLS_SSL_PROTO_DTLS 01160 01161 /** 01162 * \def MBEDTLS_SSL_ALPN 01163 * 01164 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01165 * 01166 * Comment this macro to disable support for ALPN. 01167 */ 01168 #define MBEDTLS_SSL_ALPN 01169 01170 /** 01171 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01172 * 01173 * Enable support for the anti-replay mechanism in DTLS. 01174 * 01175 * Requires: MBEDTLS_SSL_TLS_C 01176 * MBEDTLS_SSL_PROTO_DTLS 01177 * 01178 * \warning Disabling this is often a security risk! 01179 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01180 * 01181 * Comment this to disable anti-replay in DTLS. 01182 */ 01183 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01184 01185 /** 01186 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01187 * 01188 * Enable support for HelloVerifyRequest on DTLS servers. 01189 * 01190 * This feature is highly recommended to prevent DTLS servers being used as 01191 * amplifiers in DoS attacks against other hosts. It should always be enabled 01192 * unless you know for sure amplification cannot be a problem in the 01193 * environment in which your server operates. 01194 * 01195 * \warning Disabling this can ba a security risk! (see above) 01196 * 01197 * Requires: MBEDTLS_SSL_PROTO_DTLS 01198 * 01199 * Comment this to disable support for HelloVerifyRequest. 01200 */ 01201 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01202 01203 /** 01204 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01205 * 01206 * Enable server-side support for clients that reconnect from the same port. 01207 * 01208 * Some clients unexpectedly close the connection and try to reconnect using the 01209 * same source port. This needs special support from the server to handle the 01210 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01211 * flag enables that support. 01212 * 01213 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01214 * 01215 * Comment this to disable support for clients reusing the source port. 01216 */ 01217 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01218 01219 /** 01220 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01221 * 01222 * Enable support for a limit of records with bad MAC. 01223 * 01224 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01225 * 01226 * Requires: MBEDTLS_SSL_PROTO_DTLS 01227 */ 01228 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01229 01230 /** 01231 * \def MBEDTLS_SSL_SESSION_TICKETS 01232 * 01233 * Enable support for RFC 5077 session tickets in SSL. 01234 * Client-side, provides full support for session tickets (maintainance of a 01235 * session store remains the responsibility of the application, though). 01236 * Server-side, you also need to provide callbacks for writing and parsing 01237 * tickets, including authenticated encryption and key management. Example 01238 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01239 * 01240 * Comment this macro to disable support for SSL session tickets 01241 */ 01242 #define MBEDTLS_SSL_SESSION_TICKETS 01243 01244 /** 01245 * \def MBEDTLS_SSL_EXPORT_KEYS 01246 * 01247 * Enable support for exporting key block and master secret. 01248 * This is required for certain users of TLS, e.g. EAP-TLS. 01249 * 01250 * Comment this macro to disable support for key export 01251 */ 01252 #define MBEDTLS_SSL_EXPORT_KEYS 01253 01254 /** 01255 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01256 * 01257 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01258 * 01259 * Requires: MBEDTLS_X509_CRT_PARSE_C 01260 * 01261 * Comment this macro to disable support for server name indication in SSL 01262 */ 01263 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 01264 01265 /** 01266 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01267 * 01268 * Enable support for RFC 6066 truncated HMAC in SSL. 01269 * 01270 * Comment this macro to disable support for truncated HMAC in SSL 01271 */ 01272 //#define MBEDTLS_SSL_TRUNCATED_HMAC 01273 01274 /** 01275 * \def MBEDTLS_THREADING_ALT 01276 * 01277 * Provide your own alternate threading implementation. 01278 * 01279 * Requires: MBEDTLS_THREADING_C 01280 * 01281 * Uncomment this to allow your own alternate threading implementation. 01282 */ 01283 //#define MBEDTLS_THREADING_ALT 01284 01285 /** 01286 * \def MBEDTLS_THREADING_PTHREAD 01287 * 01288 * Enable the pthread wrapper layer for the threading layer. 01289 * 01290 * Requires: MBEDTLS_THREADING_C 01291 * 01292 * Uncomment this to enable pthread mutexes. 01293 */ 01294 //#define MBEDTLS_THREADING_PTHREAD 01295 01296 /** 01297 * \def MBEDTLS_VERSION_FEATURES 01298 * 01299 * Allow run-time checking of compile-time enabled features. Thus allowing users 01300 * to check at run-time if the library is for instance compiled with threading 01301 * support via mbedtls_version_check_feature(). 01302 * 01303 * Requires: MBEDTLS_VERSION_C 01304 * 01305 * Comment this to disable run-time checking and save ROM space 01306 */ 01307 #define MBEDTLS_VERSION_FEATURES 01308 01309 /** 01310 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01311 * 01312 * If set, the X509 parser will not break-off when parsing an X509 certificate 01313 * and encountering an extension in a v1 or v2 certificate. 01314 * 01315 * Uncomment to prevent an error. 01316 */ 01317 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01318 01319 /** 01320 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01321 * 01322 * If set, the X509 parser will not break-off when parsing an X509 certificate 01323 * and encountering an unknown critical extension. 01324 * 01325 * \warning Depending on your PKI use, enabling this can be a security risk! 01326 * 01327 * Uncomment to prevent an error. 01328 */ 01329 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01330 01331 /** 01332 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01333 * 01334 * Enable verification of the keyUsage extension (CA and leaf certificates). 01335 * 01336 * Disabling this avoids problems with mis-issued and/or misused 01337 * (intermediate) CA and leaf certificates. 01338 * 01339 * \warning Depending on your PKI use, disabling this can be a security risk! 01340 * 01341 * Comment to skip keyUsage checking for both CA and leaf certificates. 01342 */ 01343 #define MBEDTLS_X509_CHECK_KEY_USAGE 01344 01345 /** 01346 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01347 * 01348 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01349 * 01350 * Disabling this avoids problems with mis-issued and/or misused certificates. 01351 * 01352 * \warning Depending on your PKI use, disabling this can be a security risk! 01353 * 01354 * Comment to skip extendedKeyUsage checking for certificates. 01355 */ 01356 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01357 01358 /** 01359 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01360 * 01361 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01362 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01363 * 01364 * Comment this macro to disallow using RSASSA-PSS in certificates. 01365 */ 01366 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01367 01368 /** 01369 * \def MBEDTLS_ZLIB_SUPPORT 01370 * 01371 * If set, the SSL/TLS module uses ZLIB to support compression and 01372 * decompression of packet data. 01373 * 01374 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01375 * CRIME attack. Before enabling this option, you should examine with care if 01376 * CRIME or similar exploits may be a applicable to your use case. 01377 * 01378 * \note Currently compression can't be used with DTLS. 01379 * 01380 * Used in: library/ssl_tls.c 01381 * library/ssl_cli.c 01382 * library/ssl_srv.c 01383 * 01384 * This feature requires zlib library and headers to be present. 01385 * 01386 * Uncomment to enable use of ZLIB 01387 */ 01388 //#define MBEDTLS_ZLIB_SUPPORT 01389 /* \} name SECTION: mbed TLS feature support */ 01390 01391 /** 01392 * \name SECTION: mbed TLS modules 01393 * 01394 * This section enables or disables entire modules in mbed TLS 01395 * \{ 01396 */ 01397 01398 /** 01399 * \def MBEDTLS_AESNI_C 01400 * 01401 * Enable AES-NI support on x86-64. 01402 * 01403 * Module: library/aesni.c 01404 * Caller: library/aes.c 01405 * 01406 * Requires: MBEDTLS_HAVE_ASM 01407 * 01408 * This modules adds support for the AES-NI instructions on x86-64 01409 */ 01410 //#define MBEDTLS_AESNI_C 01411 01412 /** 01413 * \def MBEDTLS_AES_C 01414 * 01415 * Enable the AES block cipher. 01416 * 01417 * Module: library/aes.c 01418 * Caller: library/ssl_tls.c 01419 * library/pem.c 01420 * library/ctr_drbg.c 01421 * 01422 * This module enables the following ciphersuites (if other requisites are 01423 * enabled as well): 01424 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01425 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01426 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01427 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01428 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01429 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01430 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01431 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01432 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01433 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01434 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01435 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01436 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01437 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01438 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01439 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01440 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01441 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01442 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01443 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01444 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01445 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01446 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01447 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01448 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01449 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01450 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01451 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01452 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01453 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01454 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01455 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01456 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01457 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01458 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01459 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01460 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01461 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01462 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01463 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01464 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01465 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01466 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01467 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01468 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01469 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01470 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01471 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01472 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01473 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01474 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01475 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01476 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01477 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01478 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01479 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01480 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01481 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01482 * 01483 * PEM_PARSE uses AES for decrypting encrypted keys. 01484 */ 01485 #define MBEDTLS_AES_C 01486 01487 /** 01488 * \def MBEDTLS_ARC4_C 01489 * 01490 * Enable the ARCFOUR stream cipher. 01491 * 01492 * Module: library/arc4.c 01493 * Caller: library/ssl_tls.c 01494 * 01495 * This module enables the following ciphersuites (if other requisites are 01496 * enabled as well): 01497 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01498 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01499 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01500 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01501 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01502 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01503 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01504 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01505 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01506 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01507 */ 01508 //#define MBEDTLS_ARC4_C 01509 01510 /** 01511 * \def MBEDTLS_ASN1_PARSE_C 01512 * 01513 * Enable the generic ASN1 parser. 01514 * 01515 * Module: library/asn1.c 01516 * Caller: library/x509.c 01517 * library/dhm.c 01518 * library/pkcs12.c 01519 * library/pkcs5.c 01520 * library/pkparse.c 01521 */ 01522 #define MBEDTLS_ASN1_PARSE_C 01523 01524 /** 01525 * \def MBEDTLS_ASN1_WRITE_C 01526 * 01527 * Enable the generic ASN1 writer. 01528 * 01529 * Module: library/asn1write.c 01530 * Caller: library/ecdsa.c 01531 * library/pkwrite.c 01532 * library/x509_create.c 01533 * library/x509write_crt.c 01534 * library/mbedtls_x509write_csr.c 01535 */ 01536 #define MBEDTLS_ASN1_WRITE_C 01537 01538 /** 01539 * \def MBEDTLS_BASE64_C 01540 * 01541 * Enable the Base64 module. 01542 * 01543 * Module: library/base64.c 01544 * Caller: library/pem.c 01545 * 01546 * This module is required for PEM support (required by X.509). 01547 */ 01548 #define MBEDTLS_BASE64_C 01549 01550 /** 01551 * \def MBEDTLS_BIGNUM_C 01552 * 01553 * Enable the multi-precision integer library. 01554 * 01555 * Module: library/bignum.c 01556 * Caller: library/dhm.c 01557 * library/ecp.c 01558 * library/ecdsa.c 01559 * library/rsa.c 01560 * library/ssl_tls.c 01561 * 01562 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01563 */ 01564 #define MBEDTLS_BIGNUM_C 01565 01566 /** 01567 * \def MBEDTLS_BLOWFISH_C 01568 * 01569 * Enable the Blowfish block cipher. 01570 * 01571 * Module: library/blowfish.c 01572 */ 01573 //#define MBEDTLS_BLOWFISH_C 01574 01575 /** 01576 * \def MBEDTLS_CAMELLIA_C 01577 * 01578 * Enable the Camellia block cipher. 01579 * 01580 * Module: library/camellia.c 01581 * Caller: library/ssl_tls.c 01582 * 01583 * This module enables the following ciphersuites (if other requisites are 01584 * enabled as well): 01585 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01586 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01587 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01588 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01589 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01590 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01591 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01592 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01593 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01594 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01595 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01596 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01597 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01598 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01599 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01600 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01601 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01602 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01603 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01604 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01605 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01606 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01607 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01608 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01609 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01610 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01611 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01612 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01613 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01614 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01615 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01616 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01617 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01618 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01619 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01620 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01621 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01622 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01623 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01624 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01625 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01626 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01627 */ 01628 //#define MBEDTLS_CAMELLIA_C 01629 01630 /** 01631 * \def MBEDTLS_CCM_C 01632 * 01633 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01634 * 01635 * Module: library/ccm.c 01636 * 01637 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01638 * 01639 * This module enables the AES-CCM ciphersuites, if other requisites are 01640 * enabled as well. 01641 */ 01642 #define MBEDTLS_CCM_C 01643 01644 /** 01645 * \def MBEDTLS_CERTS_C 01646 * 01647 * Enable the test certificates. 01648 * 01649 * Module: library/certs.c 01650 * Caller: 01651 * 01652 * This module is used for testing (ssl_client/server). 01653 */ 01654 #define MBEDTLS_CERTS_C 01655 01656 /** 01657 * \def MBEDTLS_CIPHER_C 01658 * 01659 * Enable the generic cipher layer. 01660 * 01661 * Module: library/cipher.c 01662 * Caller: library/ssl_tls.c 01663 * 01664 * Uncomment to enable generic cipher wrappers. 01665 */ 01666 #define MBEDTLS_CIPHER_C 01667 01668 /** 01669 * \def MBEDTLS_CTR_DRBG_C 01670 * 01671 * Enable the CTR_DRBG AES-256-based random generator. 01672 * 01673 * Module: library/ctr_drbg.c 01674 * Caller: 01675 * 01676 * Requires: MBEDTLS_AES_C 01677 * 01678 * This module provides the CTR_DRBG AES-256 random number generator. 01679 */ 01680 #define MBEDTLS_CTR_DRBG_C 01681 01682 /** 01683 * \def MBEDTLS_DEBUG_C 01684 * 01685 * Enable the debug functions. 01686 * 01687 * Module: library/debug.c 01688 * Caller: library/ssl_cli.c 01689 * library/ssl_srv.c 01690 * library/ssl_tls.c 01691 * 01692 * This module provides debugging functions. 01693 */ 01694 #define MBEDTLS_DEBUG_C 01695 01696 /** 01697 * \def MBEDTLS_DES_C 01698 * 01699 * Enable the DES block cipher. 01700 * 01701 * Module: library/des.c 01702 * Caller: library/pem.c 01703 * library/ssl_tls.c 01704 * 01705 * This module enables the following ciphersuites (if other requisites are 01706 * enabled as well): 01707 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01708 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01709 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01710 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01711 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01712 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01713 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01714 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01715 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01716 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01717 * 01718 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01719 */ 01720 //#define MBEDTLS_DES_C 01721 01722 /** 01723 * \def MBEDTLS_DHM_C 01724 * 01725 * Enable the Diffie-Hellman-Merkle module. 01726 * 01727 * Module: library/dhm.c 01728 * Caller: library/ssl_cli.c 01729 * library/ssl_srv.c 01730 * 01731 * This module is used by the following key exchanges: 01732 * DHE-RSA, DHE-PSK 01733 */ 01734 //#define MBEDTLS_DHM_C 01735 01736 /** 01737 * \def MBEDTLS_ECDH_C 01738 * 01739 * Enable the elliptic curve Diffie-Hellman library. 01740 * 01741 * Module: library/ecdh.c 01742 * Caller: library/ssl_cli.c 01743 * library/ssl_srv.c 01744 * 01745 * This module is used by the following key exchanges: 01746 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01747 * 01748 * Requires: MBEDTLS_ECP_C 01749 */ 01750 #define MBEDTLS_ECDH_C 01751 01752 /** 01753 * \def MBEDTLS_ECDSA_C 01754 * 01755 * Enable the elliptic curve DSA library. 01756 * 01757 * Module: library/ecdsa.c 01758 * Caller: 01759 * 01760 * This module is used by the following key exchanges: 01761 * ECDHE-ECDSA 01762 * 01763 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01764 */ 01765 #define MBEDTLS_ECDSA_C 01766 01767 /** 01768 * \def MBEDTLS_ECJPAKE_C 01769 * 01770 * Enable the elliptic curve J-PAKE library. 01771 * 01772 * \warning This is currently experimental. EC J-PAKE support is based on the 01773 * Thread v1.0.0 specification; incompatible changes to the specification 01774 * might still happen. For this reason, this is disabled by default. 01775 * 01776 * Module: library/ecjpake.c 01777 * Caller: 01778 * 01779 * This module is used by the following key exchanges: 01780 * ECJPAKE 01781 * 01782 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C 01783 */ 01784 //#define MBEDTLS_ECJPAKE_C 01785 01786 /** 01787 * \def MBEDTLS_ECP_C 01788 * 01789 * Enable the elliptic curve over GF(p) library. 01790 * 01791 * Module: library/ecp.c 01792 * Caller: library/ecdh.c 01793 * library/ecdsa.c 01794 * library/ecjpake.c 01795 * 01796 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01797 */ 01798 #define MBEDTLS_ECP_C 01799 01800 /** 01801 * \def MBEDTLS_ENTROPY_C 01802 * 01803 * Enable the platform-specific entropy code. 01804 * 01805 * Module: library/entropy.c 01806 * Caller: 01807 * 01808 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01809 * 01810 * This module provides a generic entropy pool 01811 */ 01812 #define MBEDTLS_ENTROPY_C 01813 01814 /** 01815 * \def MBEDTLS_ERROR_C 01816 * 01817 * Enable error code to error string conversion. 01818 * 01819 * Module: library/error.c 01820 * Caller: 01821 * 01822 * This module enables mbedtls_strerror(). 01823 */ 01824 #define MBEDTLS_ERROR_C 01825 01826 /** 01827 * \def MBEDTLS_GCM_C 01828 * 01829 * Enable the Galois/Counter Mode (GCM) for AES. 01830 * 01831 * Module: library/gcm.c 01832 * 01833 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01834 * 01835 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01836 * requisites are enabled as well. 01837 */ 01838 #define MBEDTLS_GCM_C 01839 01840 /** 01841 * \def MBEDTLS_HAVEGE_C 01842 * 01843 * Enable the HAVEGE random generator. 01844 * 01845 * Warning: the HAVEGE random generator is not suitable for virtualized 01846 * environments 01847 * 01848 * Warning: the HAVEGE random generator is dependent on timing and specific 01849 * processor traits. It is therefore not advised to use HAVEGE as 01850 * your applications primary random generator or primary entropy pool 01851 * input. As a secondary input to your entropy pool, it IS able add 01852 * the (limited) extra entropy it provides. 01853 * 01854 * Module: library/havege.c 01855 * Caller: 01856 * 01857 * Requires: MBEDTLS_TIMING_C 01858 * 01859 * Uncomment to enable the HAVEGE random generator. 01860 */ 01861 //#define MBEDTLS_HAVEGE_C 01862 01863 /** 01864 * \def MBEDTLS_HMAC_DRBG_C 01865 * 01866 * Enable the HMAC_DRBG random generator. 01867 * 01868 * Module: library/hmac_drbg.c 01869 * Caller: 01870 * 01871 * Requires: MBEDTLS_MD_C 01872 * 01873 * Uncomment to enable the HMAC_DRBG random number geerator. 01874 */ 01875 #define MBEDTLS_HMAC_DRBG_C 01876 01877 /** 01878 * \def MBEDTLS_MD_C 01879 * 01880 * Enable the generic message digest layer. 01881 * 01882 * Module: library/mbedtls_md.c 01883 * Caller: 01884 * 01885 * Uncomment to enable generic message digest wrappers. 01886 */ 01887 #define MBEDTLS_MD_C 01888 01889 /** 01890 * \def MBEDTLS_MD2_C 01891 * 01892 * Enable the MD2 hash algorithm. 01893 * 01894 * Module: library/mbedtls_md2.c 01895 * Caller: 01896 * 01897 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01898 */ 01899 //#define MBEDTLS_MD2_C 01900 01901 /** 01902 * \def MBEDTLS_MD4_C 01903 * 01904 * Enable the MD4 hash algorithm. 01905 * 01906 * Module: library/mbedtls_md4.c 01907 * Caller: 01908 * 01909 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01910 */ 01911 //#define MBEDTLS_MD4_C 01912 01913 /** 01914 * \def MBEDTLS_MD5_C 01915 * 01916 * Enable the MD5 hash algorithm. 01917 * 01918 * Module: library/mbedtls_md5.c 01919 * Caller: library/mbedtls_md.c 01920 * library/pem.c 01921 * library/ssl_tls.c 01922 * 01923 * This module is required for SSL/TLS and X.509. 01924 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01925 */ 01926 //#define MBEDTLS_MD5_C 01927 01928 /** 01929 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 01930 * 01931 * Enable the buffer allocator implementation that makes use of a (stack) 01932 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 01933 * calls) 01934 * 01935 * Module: library/memory_buffer_alloc.c 01936 * 01937 * Requires: MBEDTLS_PLATFORM_C 01938 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 01939 * 01940 * Enable this module to enable the buffer memory allocator. 01941 */ 01942 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 01943 01944 /** 01945 * \def MBEDTLS_NET_C 01946 * 01947 * Enable the TCP and UDP over IPv6/IPv4 networking routines. 01948 * 01949 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) 01950 * and Windows. For other platforms, you'll want to disable it, and write your 01951 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). 01952 * 01953 * \note See also our Knowledge Base article about porting to a new 01954 * environment: 01955 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 01956 * 01957 * Module: library/net.c 01958 * 01959 * This module provides networking routines. 01960 */ 01961 //#define MBEDTLS_NET_C 01962 01963 /** 01964 * \def MBEDTLS_OID_C 01965 * 01966 * Enable the OID database. 01967 * 01968 * Module: library/oid.c 01969 * Caller: library/asn1write.c 01970 * library/pkcs5.c 01971 * library/pkparse.c 01972 * library/pkwrite.c 01973 * library/rsa.c 01974 * library/x509.c 01975 * library/x509_create.c 01976 * library/mbedtls_x509_crl.c 01977 * library/mbedtls_x509_crt.c 01978 * library/mbedtls_x509_csr.c 01979 * library/x509write_crt.c 01980 * library/mbedtls_x509write_csr.c 01981 * 01982 * This modules translates between OIDs and internal values. 01983 */ 01984 #define MBEDTLS_OID_C 01985 01986 /** 01987 * \def MBEDTLS_PADLOCK_C 01988 * 01989 * Enable VIA Padlock support on x86. 01990 * 01991 * Module: library/padlock.c 01992 * Caller: library/aes.c 01993 * 01994 * Requires: MBEDTLS_HAVE_ASM 01995 * 01996 * This modules adds support for the VIA PadLock on x86. 01997 */ 01998 //#define MBEDTLS_PADLOCK_C 01999 02000 /** 02001 * \def MBEDTLS_PEM_PARSE_C 02002 * 02003 * Enable PEM decoding / parsing. 02004 * 02005 * Module: library/pem.c 02006 * Caller: library/dhm.c 02007 * library/pkparse.c 02008 * library/mbedtls_x509_crl.c 02009 * library/mbedtls_x509_crt.c 02010 * library/mbedtls_x509_csr.c 02011 * 02012 * Requires: MBEDTLS_BASE64_C 02013 * 02014 * This modules adds support for decoding / parsing PEM files. 02015 */ 02016 #define MBEDTLS_PEM_PARSE_C 02017 02018 /** 02019 * \def MBEDTLS_PEM_WRITE_C 02020 * 02021 * Enable PEM encoding / writing. 02022 * 02023 * Module: library/pem.c 02024 * Caller: library/pkwrite.c 02025 * library/x509write_crt.c 02026 * library/mbedtls_x509write_csr.c 02027 * 02028 * Requires: MBEDTLS_BASE64_C 02029 * 02030 * This modules adds support for encoding / writing PEM files. 02031 */ 02032 //#define MBEDTLS_PEM_WRITE_C 02033 02034 /** 02035 * \def MBEDTLS_PK_C 02036 * 02037 * Enable the generic public (asymetric) key layer. 02038 * 02039 * Module: library/pk.c 02040 * Caller: library/ssl_tls.c 02041 * library/ssl_cli.c 02042 * library/ssl_srv.c 02043 * 02044 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02045 * 02046 * Uncomment to enable generic public key wrappers. 02047 */ 02048 #define MBEDTLS_PK_C 02049 02050 /** 02051 * \def MBEDTLS_PK_PARSE_C 02052 * 02053 * Enable the generic public (asymetric) key parser. 02054 * 02055 * Module: library/pkparse.c 02056 * Caller: library/mbedtls_x509_crt.c 02057 * library/mbedtls_x509_csr.c 02058 * 02059 * Requires: MBEDTLS_PK_C 02060 * 02061 * Uncomment to enable generic public key parse functions. 02062 */ 02063 #define MBEDTLS_PK_PARSE_C 02064 02065 /** 02066 * \def MBEDTLS_PK_WRITE_C 02067 * 02068 * Enable the generic public (asymetric) key writer. 02069 * 02070 * Module: library/pkwrite.c 02071 * Caller: library/x509write.c 02072 * 02073 * Requires: MBEDTLS_PK_C 02074 * 02075 * Uncomment to enable generic public key write functions. 02076 */ 02077 #define MBEDTLS_PK_WRITE_C 02078 02079 /** 02080 * \def MBEDTLS_PKCS5_C 02081 * 02082 * Enable PKCS#5 functions. 02083 * 02084 * Module: library/pkcs5.c 02085 * 02086 * Requires: MBEDTLS_MD_C 02087 * 02088 * This module adds support for the PKCS#5 functions. 02089 */ 02090 //#define MBEDTLS_PKCS5_C 02091 02092 /** 02093 * \def MBEDTLS_PKCS11_C 02094 * 02095 * Enable wrapper for PKCS#11 smartcard support. 02096 * 02097 * Module: library/pkcs11.c 02098 * Caller: library/pk.c 02099 * 02100 * Requires: MBEDTLS_PK_C 02101 * 02102 * This module enables SSL/TLS PKCS #11 smartcard support. 02103 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02104 */ 02105 //#define MBEDTLS_PKCS11_C 02106 02107 /** 02108 * \def MBEDTLS_PKCS12_C 02109 * 02110 * Enable PKCS#12 PBE functions. 02111 * Adds algorithms for parsing PKCS#8 encrypted private keys 02112 * 02113 * Module: library/pkcs12.c 02114 * Caller: library/pkparse.c 02115 * 02116 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02117 * Can use: MBEDTLS_ARC4_C 02118 * 02119 * This module enables PKCS#12 functions. 02120 */ 02121 //#define MBEDTLS_PKCS12_C 02122 02123 /** 02124 * \def MBEDTLS_PLATFORM_C 02125 * 02126 * Enable the platform abstraction layer that allows you to re-assign 02127 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02128 * 02129 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02130 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02131 * above to be specified at runtime or compile time respectively. 02132 * 02133 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02134 * as other module rely on it for a fixed snprintf implementation. 02135 * 02136 * Module: library/platform.c 02137 * Caller: Most other .c files 02138 * 02139 * This module enables abstraction of common (libc) functions. 02140 */ 02141 #define MBEDTLS_PLATFORM_C 02142 02143 /** 02144 * \def MBEDTLS_RIPEMD160_C 02145 * 02146 * Enable the RIPEMD-160 hash algorithm. 02147 * 02148 * Module: library/mbedtls_ripemd160.c 02149 * Caller: library/mbedtls_md.c 02150 * 02151 */ 02152 //#define MBEDTLS_RIPEMD160_C 02153 02154 /** 02155 * \def MBEDTLS_RSA_C 02156 * 02157 * Enable the RSA public-key cryptosystem. 02158 * 02159 * Module: library/rsa.c 02160 * Caller: library/ssl_cli.c 02161 * library/ssl_srv.c 02162 * library/ssl_tls.c 02163 * library/x509.c 02164 * 02165 * This module is used by the following key exchanges: 02166 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02167 * 02168 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02169 */ 02170 #define MBEDTLS_RSA_C 02171 02172 /** 02173 * \def MBEDTLS_SHA1_C 02174 * 02175 * Enable the SHA1 cryptographic hash algorithm. 02176 * 02177 * Module: library/mbedtls_sha1.c 02178 * Caller: library/mbedtls_md.c 02179 * library/ssl_cli.c 02180 * library/ssl_srv.c 02181 * library/ssl_tls.c 02182 * library/x509write_crt.c 02183 * 02184 * This module is required for SSL/TLS and SHA1-signed certificates. 02185 */ 02186 //#define MBEDTLS_SHA1_C 02187 02188 /** 02189 * \def MBEDTLS_SHA256_C 02190 * 02191 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02192 * 02193 * Module: library/mbedtls_sha256.c 02194 * Caller: library/entropy.c 02195 * library/mbedtls_md.c 02196 * library/ssl_cli.c 02197 * library/ssl_srv.c 02198 * library/ssl_tls.c 02199 * 02200 * This module adds support for SHA-224 and SHA-256. 02201 * This module is required for the SSL/TLS 1.2 PRF function. 02202 */ 02203 #define MBEDTLS_SHA256_C 02204 02205 /** 02206 * \def MBEDTLS_SHA512_C 02207 * 02208 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02209 * 02210 * Module: library/mbedtls_sha512.c 02211 * Caller: library/entropy.c 02212 * library/mbedtls_md.c 02213 * library/ssl_cli.c 02214 * library/ssl_srv.c 02215 * 02216 * This module adds support for SHA-384 and SHA-512. 02217 */ 02218 #define MBEDTLS_SHA512_C 02219 02220 /** 02221 * \def MBEDTLS_SSL_CACHE_C 02222 * 02223 * Enable simple SSL cache implementation. 02224 * 02225 * Module: library/ssl_cache.c 02226 * Caller: 02227 * 02228 * Requires: MBEDTLS_SSL_CACHE_C 02229 */ 02230 #define MBEDTLS_SSL_CACHE_C 02231 02232 /** 02233 * \def MBEDTLS_SSL_COOKIE_C 02234 * 02235 * Enable basic implementation of DTLS cookies for hello verification. 02236 * 02237 * Module: library/ssl_cookie.c 02238 * Caller: 02239 */ 02240 #define MBEDTLS_SSL_COOKIE_C 02241 02242 /** 02243 * \def MBEDTLS_SSL_TICKET_C 02244 * 02245 * Enable an implementation of TLS server-side callbacks for session tickets. 02246 * 02247 * Module: library/ssl_ticket.c 02248 * Caller: 02249 * 02250 * Requires: MBEDTLS_CIPHER_C 02251 */ 02252 #define MBEDTLS_SSL_TICKET_C 02253 02254 /** 02255 * \def MBEDTLS_SSL_CLI_C 02256 * 02257 * Enable the SSL/TLS client code. 02258 * 02259 * Module: library/ssl_cli.c 02260 * Caller: 02261 * 02262 * Requires: MBEDTLS_SSL_TLS_C 02263 * 02264 * This module is required for SSL/TLS client support. 02265 */ 02266 #define MBEDTLS_SSL_CLI_C 02267 02268 /** 02269 * \def MBEDTLS_SSL_SRV_C 02270 * 02271 * Enable the SSL/TLS server code. 02272 * 02273 * Module: library/ssl_srv.c 02274 * Caller: 02275 * 02276 * Requires: MBEDTLS_SSL_TLS_C 02277 * 02278 * This module is required for SSL/TLS server support. 02279 */ 02280 #define MBEDTLS_SSL_SRV_C 02281 02282 /** 02283 * \def MBEDTLS_SSL_TLS_C 02284 * 02285 * Enable the generic SSL/TLS code. 02286 * 02287 * Module: library/ssl_tls.c 02288 * Caller: library/ssl_cli.c 02289 * library/ssl_srv.c 02290 * 02291 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02292 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02293 * 02294 * This module is required for SSL/TLS. 02295 */ 02296 #define MBEDTLS_SSL_TLS_C 02297 02298 /** 02299 * \def MBEDTLS_THREADING_C 02300 * 02301 * Enable the threading abstraction layer. 02302 * By default mbed TLS assumes it is used in a non-threaded environment or that 02303 * contexts are not shared between threads. If you do intend to use contexts 02304 * between threads, you will need to enable this layer to prevent race 02305 * conditions. See also our Knowledge Base article about threading: 02306 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading 02307 * 02308 * Module: library/threading.c 02309 * 02310 * This allows different threading implementations (self-implemented or 02311 * provided). 02312 * 02313 * You will have to enable either MBEDTLS_THREADING_ALT or 02314 * MBEDTLS_THREADING_PTHREAD. 02315 * 02316 * Enable this layer to allow use of mutexes within mbed TLS 02317 */ 02318 //#define MBEDTLS_THREADING_C 02319 02320 /** 02321 * \def MBEDTLS_TIMING_C 02322 * 02323 * Enable the semi-portable timing interface. 02324 * 02325 * \note The provided implementation only works on POSIX/Unix (including Linux, 02326 * BSD and OS X) and Windows. On other platforms, you can either disable that 02327 * module and provide your own implementations of the callbacks needed by 02328 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide 02329 * your own implementation of the whole module by setting 02330 * \c MBEDTLS_TIMING_ALT in the current file. 02331 * 02332 * \note See also our Knowledge Base article about porting to a new 02333 * environment: 02334 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02335 * 02336 * Module: library/timing.c 02337 * Caller: library/havege.c 02338 * 02339 * This module is used by the HAVEGE random number generator. 02340 */ 02341 //#define MBEDTLS_TIMING_C 02342 02343 /** 02344 * \def MBEDTLS_VERSION_C 02345 * 02346 * Enable run-time version information. 02347 * 02348 * Module: library/version.c 02349 * 02350 * This module provides run-time version information. 02351 */ 02352 #define MBEDTLS_VERSION_C 02353 02354 /** 02355 * \def MBEDTLS_X509_USE_C 02356 * 02357 * Enable X.509 core for using certificates. 02358 * 02359 * Module: library/x509.c 02360 * Caller: library/mbedtls_x509_crl.c 02361 * library/mbedtls_x509_crt.c 02362 * library/mbedtls_x509_csr.c 02363 * 02364 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02365 * MBEDTLS_PK_PARSE_C 02366 * 02367 * This module is required for the X.509 parsing modules. 02368 */ 02369 #define MBEDTLS_X509_USE_C 02370 02371 /** 02372 * \def MBEDTLS_X509_CRT_PARSE_C 02373 * 02374 * Enable X.509 certificate parsing. 02375 * 02376 * Module: library/mbedtls_x509_crt.c 02377 * Caller: library/ssl_cli.c 02378 * library/ssl_srv.c 02379 * library/ssl_tls.c 02380 * 02381 * Requires: MBEDTLS_X509_USE_C 02382 * 02383 * This module is required for X.509 certificate parsing. 02384 */ 02385 #define MBEDTLS_X509_CRT_PARSE_C 02386 02387 /** 02388 * \def MBEDTLS_X509_CRL_PARSE_C 02389 * 02390 * Enable X.509 CRL parsing. 02391 * 02392 * Module: library/mbedtls_x509_crl.c 02393 * Caller: library/mbedtls_x509_crt.c 02394 * 02395 * Requires: MBEDTLS_X509_USE_C 02396 * 02397 * This module is required for X.509 CRL parsing. 02398 */ 02399 #define MBEDTLS_X509_CRL_PARSE_C 02400 02401 /** 02402 * \def MBEDTLS_X509_CSR_PARSE_C 02403 * 02404 * Enable X.509 Certificate Signing Request (CSR) parsing. 02405 * 02406 * Module: library/mbedtls_x509_csr.c 02407 * Caller: library/x509_crt_write.c 02408 * 02409 * Requires: MBEDTLS_X509_USE_C 02410 * 02411 * This module is used for reading X.509 certificate request. 02412 */ 02413 //#define MBEDTLS_X509_CSR_PARSE_C 02414 02415 /** 02416 * \def MBEDTLS_X509_CREATE_C 02417 * 02418 * Enable X.509 core for creating certificates. 02419 * 02420 * Module: library/x509_create.c 02421 * 02422 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02423 * 02424 * This module is the basis for creating X.509 certificates and CSRs. 02425 */ 02426 //#define MBEDTLS_X509_CREATE_C 02427 02428 /** 02429 * \def MBEDTLS_X509_CRT_WRITE_C 02430 * 02431 * Enable creating X.509 certificates. 02432 * 02433 * Module: library/x509_crt_write.c 02434 * 02435 * Requires: MBEDTLS_X509_CREATE_C 02436 * 02437 * This module is required for X.509 certificate creation. 02438 */ 02439 //#define MBEDTLS_X509_CRT_WRITE_C 02440 02441 /** 02442 * \def MBEDTLS_X509_CSR_WRITE_C 02443 * 02444 * Enable creating X.509 Certificate Signing Requests (CSR). 02445 * 02446 * Module: library/x509_csr_write.c 02447 * 02448 * Requires: MBEDTLS_X509_CREATE_C 02449 * 02450 * This module is required for X.509 certificate request writing. 02451 */ 02452 //#define MBEDTLS_X509_CSR_WRITE_C 02453 02454 /** 02455 * \def MBEDTLS_XTEA_C 02456 * 02457 * Enable the XTEA block cipher. 02458 * 02459 * Module: library/xtea.c 02460 * Caller: 02461 */ 02462 //#define MBEDTLS_XTEA_C 02463 02464 /* \} name SECTION: mbed TLS modules */ 02465 02466 /** 02467 * \name SECTION: Module configuration options 02468 * 02469 * This section allows for the setting of module specific sizes and 02470 * configuration options. The default values are already present in the 02471 * relevant header files and should suffice for the regular use cases. 02472 * 02473 * Our advice is to enable options and change their values here 02474 * only if you have a good reason and know the consequences. 02475 * 02476 * Please check the respective header file for documentation on these 02477 * parameters (to prevent duplicate documentation). 02478 * \{ 02479 */ 02480 02481 /* MPI / BIGNUM options */ 02482 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02483 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02484 02485 /* CTR_DRBG options */ 02486 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02487 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02488 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02489 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02490 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02491 02492 /* HMAC_DRBG options */ 02493 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02494 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02495 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02496 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02497 02498 /* ECP options */ 02499 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02500 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02501 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02502 02503 /* Entropy options */ 02504 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02505 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02506 02507 /* Memory buffer allocator options */ 02508 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02509 02510 /* Platform options */ 02511 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02512 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02513 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02514 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02515 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined */ 02516 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02517 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02518 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02519 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02520 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ 02521 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ 02522 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02523 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02524 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ 02525 02526 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02527 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02528 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02529 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02530 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02531 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined */ 02532 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined */ 02533 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02534 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02535 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02536 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02537 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02538 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02539 02540 /* SSL Cache options */ 02541 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02542 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02543 02544 /* SSL options */ 02545 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02546 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02547 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02548 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02549 02550 /** 02551 * Complete list of ciphersuites to use, in order of preference. 02552 * 02553 * \warning No dependency checking is done on that field! This option can only 02554 * be used to restrict the set of available ciphersuites. It is your 02555 * responsibility to make sure the needed modules are active. 02556 * 02557 * Use this to save a few hundred bytes of ROM (default ordering of all 02558 * available ciphersuites) and a few to a few hundred bytes of RAM. 02559 * 02560 * The value below is only an example, not the default. 02561 */ 02562 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 02563 02564 /* X509 options */ 02565 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02566 02567 /* \} name SECTION: Customisation configuration options */ 02568 02569 /* Target and application specific configurations */ 02570 //#define YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE "target_config.h" 02571 02572 /* 02573 * Allow user to override any previous default. 02574 * 02575 * Use two macro names for that, as: 02576 * - with yotta the prefix YOTTA_CFG_ is forced 02577 * - without yotta is looks weird to have a YOTTA prefix. 02578 */ 02579 #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) 02580 #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE 02581 #elif defined(MBEDTLS_USER_CONFIG_FILE) 02582 #include MBEDTLS_USER_CONFIG_FILE 02583 #endif 02584 02585 #include "check_config.h" 02586 02587 #endif /* MBEDTLS_CONFIG_H */
Generated on Tue Jul 12 2022 12:28:28 by
1.7.2