leo hendrickson
/
example-Ethernet-mbed-Cloud-connect
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
mbedTLSConfig_FreeRTOS.h
00001 // ---------------------------------------------------------------------------- 00002 // Copyright 2018-2019 ARM Ltd. 00003 // 00004 // SPDX-License-Identifier: Apache-2.0 00005 // 00006 // Licensed under the Apache License, Version 2.0 (the "License"); 00007 // you may not use this file except in compliance with the License. 00008 // You may obtain a copy of the License at 00009 // 00010 // http://www.apache.org/licenses/LICENSE-2.0 00011 // 00012 // Unless required by applicable law or agreed to in writing, software 00013 // distributed under the License is distributed on an "AS IS" BASIS, 00014 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00015 // See the License for the specific language governing permissions and 00016 // limitations under the License. 00017 // ---------------------------------------------------------------------------- 00018 00019 /* 00020 * This set of compile-time options may be used to enable 00021 * or disable features selectively, and reduce the global 00022 * memory footprint. 00023 */ 00024 #ifndef KSDK_MBEDTLS_CONFIG_H 00025 #define KSDK_MBEDTLS_CONFIG_H 00026 00027 00028 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00029 #define _CRT_SECURE_NO_DEPRECATE 1 00030 #endif 00031 00032 /**************************** KSDK ********************************************/ 00033 00034 #include "fsl_device_registers.h" 00035 00036 /* Enable LTC use in library if there is LTC on chip. */ 00037 #if defined(FSL_FEATURE_SOC_LTC_COUNT) && (FSL_FEATURE_SOC_LTC_COUNT > 0) 00038 #include "fsl_ltc.h" 00039 00040 #define LTC_INSTANCE LTC0 /* LTC base register.*/ 00041 00042 #if defined(FSL_FEATURE_LTC_HAS_DES) && FSL_FEATURE_LTC_HAS_DES 00043 #define MBEDTLS_FREESCALE_LTC_DES /* Enable use of LTC DES.*/ 00044 #endif 00045 #define MBEDTLS_FREESCALE_LTC_AES /* Enable use of LTC AES.*/ 00046 #if defined(FSL_FEATURE_LTC_HAS_GCM) && FSL_FEATURE_LTC_HAS_GCM 00047 #define MBEDTLS_FREESCALE_LTC_AES_GCM /* Enable use of LTC AES GCM.*/ 00048 #endif 00049 #if defined(FSL_FEATURE_LTC_HAS_PKHA) && FSL_FEATURE_LTC_HAS_PKHA 00050 #define MBEDTLS_FREESCALE_LTC_PKHA /* Enable use of LTC PKHA.*/ 00051 #endif 00052 #endif 00053 00054 /* Enable MMCAU use in library if there is MMCAU on chip. */ 00055 #if defined(FSL_FEATURE_SOC_MMCAU_COUNT) && (FSL_FEATURE_SOC_MMCAU_COUNT > 0) 00056 #include "fsl_mmcau.h" 00057 00058 #define MBEDTLS_FREESCALE_MMCAU_MD5 /* Enable use of MMCAU MD5.*/ 00059 #define MBEDTLS_FREESCALE_MMCAU_SHA1 /* Enable use of MMCAU SHA1.*/ 00060 #define MBEDTLS_FREESCALE_MMCAU_SHA256 /* Enable use of MMCAU SHA256.*/ 00061 #define MBEDTLS_FREESCALE_MMCAU_DES /* Enable use of MMCAU DES, when LTC is disabled.*/ 00062 #define MBEDTLS_FREESCALE_MMCAU_AES /* Enable use of MMCAU AES, when LTC is disabled.*/ 00063 #endif 00064 00065 /* Define ALT MMCAU & LTC functions. Do not change it. */ 00066 #if defined(MBEDTLS_FREESCALE_MMCAU_DES) || defined(MBEDTLS_FREESCALE_LTC_DES) 00067 #define MBEDTLS_DES_SETKEY_ENC_ALT 00068 #define MBEDTLS_DES_SETKEY_DEC_ALT 00069 #define MBEDTLS_DES_CRYPT_ECB_ALT 00070 #define MBEDTLS_DES3_CRYPT_ECB_ALT 00071 #endif 00072 #if defined(MBEDTLS_FREESCALE_LTC_DES) 00073 #define MBEDTLS_DES_CRYPT_CBC_ALT 00074 #define MBEDTLS_DES3_CRYPT_CBC_ALT 00075 #endif 00076 #if defined(MBEDTLS_FREESCALE_LTC_AES) || defined(MBEDTLS_FREESCALE_MMCAU_AES) 00077 #define MBEDTLS_AES_SETKEY_ENC_ALT 00078 #define MBEDTLS_AES_SETKEY_DEC_ALT 00079 #define MBEDTLS_AES_ENCRYPT_ALT 00080 #define MBEDTLS_AES_DECRYPT_ALT 00081 #endif 00082 #if defined(MBEDTLS_FREESCALE_LTC_AES) 00083 #define MBEDTLS_AES_CRYPT_CBC_ALT 00084 #define MBEDTLS_AES_CRYPT_CTR_ALT 00085 #define MBEDTLS_CCM_CRYPT_ALT 00086 #endif 00087 #if defined(MBEDTLS_FREESCALE_LTC_AES_GCM) 00088 #define MBEDTLS_GCM_CRYPT_ALT 00089 #endif 00090 #if defined(MBEDTLS_FREESCALE_LTC_PKHA) 00091 #define MBEDTLS_MPI_ADD_ABS_ALT 00092 #define MBEDTLS_MPI_SUB_ABS_ALT 00093 #define MBEDTLS_MPI_MUL_MPI_ALT 00094 #define MBEDTLS_MPI_MOD_MPI_ALT 00095 #define MBEDTLS_MPI_EXP_MOD_ALT 00096 #define MBEDTLS_MPI_GCD_ALT 00097 #define MBEDTLS_MPI_INV_MOD_ALT 00098 #define MBEDTLS_MPI_IS_PRIME_ALT 00099 #define MBEDTLS_ECP_MUL_COMB_ALT 00100 #define MBEDTLS_ECP_ADD_ALT 00101 #endif 00102 #if defined(MBEDTLS_FREESCALE_MMCAU_MD5) 00103 #define MBEDTLS_MD5_PROCESS_ALT 00104 #endif 00105 #if defined(MBEDTLS_FREESCALE_MMCAU_SHA1) 00106 #define MBEDTLS_SHA1_PROCESS_ALT 00107 #endif 00108 #if defined(MBEDTLS_FREESCALE_MMCAU_SHA256) 00109 #define MBEDTLS_SHA256_PROCESS_ALT 00110 #endif 00111 /**************************** KSDK end ****************************************/ 00112 00113 /** 00114 * \name SECTION: System support 00115 * 00116 * This section sets system specific settings. 00117 * \{ 00118 */ 00119 #if 1 //Please set to 1 if you are using secure time 00120 /** 00121 * \def MBEDTLS_HAVE_ASM 00122 * 00123 * The compiler has support for asm(). 00124 * 00125 * Requires support for asm() in compiler. 00126 * 00127 * Used in: 00128 * library/timing.c 00129 * library/padlock.c 00130 * include/mbedtls/bn_mul.h 00131 * 00132 * Comment to disable the use of assembly code. 00133 */ 00134 #define MBEDTLS_HAVE_ASM 00135 00136 /** 00137 * \def MBEDTLS_HAVE_SSE2 00138 * 00139 * CPU supports SSE2 instruction set. 00140 * 00141 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00142 */ 00143 //#define MBEDTLS_HAVE_SSE2 00144 00145 /** 00146 * \def MBEDTLS_HAVE_TIME 00147 * 00148 * System has time.h and time(). 00149 * The time does not need to be correct, only time differences are used, 00150 * by contrast with MBEDTLS_HAVE_TIME_DATE 00151 * 00152 * Comment if your system does not support time functions 00153 */ 00154 #define MBEDTLS_HAVE_TIME 00155 00156 /** 00157 * \def MBEDTLS_HAVE_TIME_DATE 00158 * 00159 * System has time.h and time(), gmtime() and the clock is correct. 00160 * The time needs to be correct (not necesarily very accurate, but at least 00161 * the date should be correct). This is used to verify the validity period of 00162 * X.509 certificates. 00163 * 00164 * Comment if your system does not have a correct clock. 00165 */ 00166 #define MBEDTLS_HAVE_TIME_DATE 00167 #define MBEDTLS_PLATFORM_TIME_ALT 00168 #endif //0 00169 /** 00170 * \def MBEDTLS_PLATFORM_MEMORY 00171 * 00172 * Enable the memory allocation layer. 00173 * 00174 * By default mbed TLS uses the system-provided calloc() and free(). 00175 * This allows different allocators (self-implemented or provided) to be 00176 * provided to the platform abstraction layer. 00177 * 00178 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00179 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00180 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00181 * free() function pointer at runtime. 00182 * 00183 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00184 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00185 * alternate function at compile time. 00186 * 00187 * Requires: MBEDTLS_PLATFORM_C 00188 * 00189 * Enable this layer to allow use of alternative memory allocators. 00190 */ 00191 //#define MBEDTLS_PLATFORM_MEMORY 00192 00193 /** 00194 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00195 * 00196 * Do not assign standard functions in the platform layer (e.g. calloc() to 00197 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00198 * 00199 * This makes sure there are no linking errors on platforms that do not support 00200 * these functions. You will HAVE to provide alternatives, either at runtime 00201 * via the platform_set_xxx() functions or at compile time by setting 00202 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00203 * MBEDTLS_PLATFORM_XXX_MACRO. 00204 * 00205 * Requires: MBEDTLS_PLATFORM_C 00206 * 00207 * Uncomment to prevent default assignment of standard functions in the 00208 * platform layer. 00209 */ 00210 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00211 00212 /** 00213 * \def MBEDTLS_PLATFORM_XXX_ALT 00214 * 00215 * Uncomment a macro to let mbed TLS support the function in the platform 00216 * abstraction layer. 00217 * 00218 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00219 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00220 * alternative printf function pointer. 00221 * 00222 * All these define require MBEDTLS_PLATFORM_C to be defined! 00223 * 00224 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00225 * it will be enabled automatically by check_config.h 00226 * 00227 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00228 * MBEDTLS_PLATFORM_XXX_MACRO! 00229 * 00230 * Uncomment a macro to enable alternate implementation of specific base 00231 * platform function 00232 */ 00233 //#define MBEDTLS_PLATFORM_EXIT_ALT 00234 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00235 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00236 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00237 00238 /** 00239 * \def MBEDTLS_DEPRECATED_WARNING 00240 * 00241 * Mark deprecated functions so that they generate a warning if used. 00242 * Functions deprecated in one version will usually be removed in the next 00243 * version. You can enable this to help you prepare the transition to a new 00244 * major version by making sure your code is not using these functions. 00245 * 00246 * This only works with GCC and Clang. With other compilers, you may want to 00247 * use MBEDTLS_DEPRECATED_REMOVED 00248 * 00249 * Uncomment to get warnings on using deprecated functions. 00250 */ 00251 //#define MBEDTLS_DEPRECATED_WARNING 00252 00253 /** 00254 * \def MBEDTLS_DEPRECATED_REMOVED 00255 * 00256 * Remove deprecated functions so that they generate an error if used. 00257 * Functions deprecated in one version will usually be removed in the next 00258 * version. You can enable this to help you prepare the transition to a new 00259 * major version by making sure your code is not using these functions. 00260 * 00261 * Uncomment to get errors on using deprecated functions. 00262 */ 00263 //#define MBEDTLS_DEPRECATED_REMOVED 00264 00265 /* \} name SECTION: System support */ 00266 00267 /** 00268 * \name SECTION: mbed TLS feature support 00269 * 00270 * This section sets support for features that are or are not needed 00271 * within the modules that are enabled. 00272 * \{ 00273 */ 00274 00275 /** 00276 * \def MBEDTLS_TIMING_ALT 00277 * 00278 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00279 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00280 * 00281 * Only works if you have MBEDTLS_TIMING_C enabled. 00282 * 00283 * You will need to provide a header "timing_alt.h" and an implementation at 00284 * compile time. 00285 */ 00286 //#define MBEDTLS_TIMING_ALT 00287 00288 /** 00289 * \def MBEDTLS__MODULE_NAME__ALT 00290 * 00291 * Uncomment a macro to let mbed TLS use your alternate core implementation of 00292 * a symmetric crypto or hash module (e.g. platform specific assembly 00293 * optimized implementations). Keep in mind that the function prototypes 00294 * should remain the same. 00295 * 00296 * This replaces the whole module. If you only want to replace one of the 00297 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00298 * 00299 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00300 * provide the "struct mbedtls_aes_context" definition and omit the base function 00301 * declarations and implementations. "aes_alt.h" will be included from 00302 * "aes.h" to include the new function definitions. 00303 * 00304 * Uncomment a macro to enable alternate implementation of the corresponding 00305 * module. 00306 */ 00307 //#define MBEDTLS_AES_ALT 00308 //#define MBEDTLS_ARC4_ALT 00309 //#define MBEDTLS_BLOWFISH_ALT 00310 //#define MBEDTLS_CAMELLIA_ALT 00311 //#define MBEDTLS_DES_ALT 00312 //#define MBEDTLS_XTEA_ALT 00313 //#define MBEDTLS_MD2_ALT 00314 //#define MBEDTLS_MD4_ALT 00315 //#define MBEDTLS_MD5_ALT 00316 //#define MBEDTLS_RIPEMD160_ALT 00317 //#define MBEDTLS_SHA1_ALT 00318 //#define MBEDTLS_SHA256_ALT 00319 //#define MBEDTLS_SHA512_ALT 00320 00321 /** 00322 * \def MBEDTLS__FUNCTION_NAME__ALT 00323 * 00324 * Uncomment a macro to let mbed TLS use you alternate core implementation of 00325 * symmetric crypto or hash function. Keep in mind that function prototypes 00326 * should remain the same. 00327 * 00328 * This replaces only one function. The header file from mbed TLS is still 00329 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00330 * 00331 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00332 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00333 * the other function (using your mbedtls_sha1_process() function) and the definition 00334 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00335 * with this definition. 00336 * 00337 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set 00338 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00339 * tables. 00340 * 00341 * Uncomment a macro to enable alternate implementation of the corresponding 00342 * function. 00343 */ 00344 //#define MBEDTLS_MD2_PROCESS_ALT 00345 //#define MBEDTLS_MD4_PROCESS_ALT 00346 //#define MBEDTLS_MD5_PROCESS_ALT 00347 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00348 //#define MBEDTLS_SHA1_PROCESS_ALT 00349 //#define MBEDTLS_SHA256_PROCESS_ALT 00350 //#define MBEDTLS_SHA512_PROCESS_ALT 00351 //#define MBEDTLS_DES_SETKEY_ALT 00352 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00353 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00354 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00355 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00356 //#define MBEDTLS_AES_ENCRYPT_ALT 00357 //#define MBEDTLS_AES_DECRYPT_ALT 00358 00359 /** 00360 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00361 * 00362 * Uncomment this macro to let mbed TLS use your own implementation of a 00363 * hardware entropy collector. 00364 * 00365 * Your function must be called \c mbedtls_hardware_poll(), have the same 00366 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00367 * 00368 * Uncomment to use your own hardware entropy collector. 00369 */ 00370 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00371 00372 /** 00373 * \def MBEDTLS_AES_ROM_TABLES 00374 * 00375 * Store the AES tables in ROM. 00376 * 00377 * Uncomment this macro to store the AES tables in ROM. 00378 */ 00379 //#define MBEDTLS_AES_ROM_TABLES 00380 00381 /** 00382 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00383 * 00384 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00385 * 00386 * Uncomment this macro to use less memory for Camellia. 00387 */ 00388 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00389 00390 /** 00391 * \def MBEDTLS_CIPHER_MODE_CBC 00392 * 00393 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00394 */ 00395 #define MBEDTLS_CIPHER_MODE_CBC 00396 00397 /** 00398 * \def MBEDTLS_CIPHER_MODE_CFB 00399 * 00400 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00401 */ 00402 //#define MBEDTLS_CIPHER_MODE_CFB 00403 00404 /** 00405 * \def MBEDTLS_CIPHER_MODE_CTR 00406 * 00407 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00408 */ 00409 #define MBEDTLS_CIPHER_MODE_CTR 00410 00411 /** 00412 * \def MBEDTLS_CIPHER_NULL_CIPHER 00413 * 00414 * Enable NULL cipher. 00415 * Warning: Only do so when you know what you are doing. This allows for 00416 * encryption or channels without any security! 00417 * 00418 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00419 * the following ciphersuites: 00420 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00421 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00422 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00423 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00424 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00425 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00426 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00427 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00428 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00429 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00430 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00431 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00432 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00433 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00434 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00435 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00436 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00437 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00438 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00439 * 00440 * Uncomment this macro to enable the NULL cipher and ciphersuites 00441 */ 00442 //#define MBEDTLS_CIPHER_NULL_CIPHER 00443 00444 /** 00445 * \def MBEDTLS_CIPHER_PADDING_XXX 00446 * 00447 * Uncomment or comment macros to add support for specific padding modes 00448 * in the cipher layer with cipher modes that support padding (e.g. CBC) 00449 * 00450 * If you disable all padding modes, only full blocks can be used with CBC. 00451 * 00452 * Enable padding modes in the cipher layer. 00453 */ 00454 #define MBEDTLS_CIPHER_PADDING_PKCS7 00455 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00456 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00457 //#define MBEDTLS_CIPHER_PADDING_ZEROS 00458 00459 /** 00460 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00461 * 00462 * Enable weak ciphersuites in SSL / TLS. 00463 * Warning: Only do so when you know what you are doing. This allows for 00464 * channels with virtually no security at all! 00465 * 00466 * This enables the following ciphersuites: 00467 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00468 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00469 * 00470 * Uncomment this macro to enable weak ciphersuites 00471 */ 00472 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00473 00474 /** 00475 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00476 * 00477 * Remove RC4 ciphersuites by default in SSL / TLS. 00478 * This flag removes the ciphersuites based on RC4 from the default list as 00479 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00480 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00481 * explicitly. 00482 * 00483 * Uncomment this macro to remove RC4 ciphersuites by default. 00484 */ 00485 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00486 00487 /** 00488 * \def MBEDTLS_ECP_XXXX_ENABLED 00489 * 00490 * Enables specific curves within the Elliptic Curve module. 00491 * By default all supported curves are enabled. 00492 * 00493 * Comment macros to disable the curve and functions for it 00494 */ 00495 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00496 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00497 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00498 //#define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00499 //#ifndef MBEDTLS_FREESCALE_LTC_PKHA /* PKHA suports only <=512 */ 00500 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00501 //#endif 00502 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00503 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00504 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00505 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED 00506 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED 00507 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED 00508 //#define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00509 00510 /** 00511 * \def MBEDTLS_ECP_NIST_OPTIM 00512 * 00513 * Enable specific 'modulo p' routines for each NIST prime. 00514 * Depending on the prime and architecture, makes operations 4 to 8 times 00515 * faster on the corresponding curve. 00516 * 00517 * Comment this macro to disable NIST curves optimisation. 00518 */ 00519 #define MBEDTLS_ECP_NIST_OPTIM 00520 00521 /** 00522 * \def MBEDTLS_ECDSA_DETERMINISTIC 00523 * 00524 * Enable deterministic ECDSA (RFC 6979). 00525 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00526 * may result in a compromise of the long-term signing key. This is avoided by 00527 * the deterministic variant. 00528 * 00529 * Requires: MBEDTLS_HMAC_DRBG_C 00530 * 00531 * Comment this macro to disable deterministic ECDSA. 00532 */ 00533 #define MBEDTLS_ECDSA_DETERMINISTIC 00534 00535 /** 00536 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00537 * 00538 * Enable the PSK based ciphersuite modes in SSL / TLS. 00539 * 00540 * This enables the following ciphersuites (if other requisites are 00541 * enabled as well): 00542 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00543 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00544 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00545 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00546 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00547 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00548 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00549 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00550 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00551 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00552 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00553 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00554 */ 00555 //#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00556 00557 /** 00558 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00559 * 00560 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00561 * 00562 * Requires: MBEDTLS_DHM_C 00563 * 00564 * This enables the following ciphersuites (if other requisites are 00565 * enabled as well): 00566 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00567 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00568 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00569 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00570 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00571 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00572 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00573 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00574 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00575 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00576 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00577 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00578 */ 00579 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00580 00581 /** 00582 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00583 * 00584 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00585 * 00586 * Requires: MBEDTLS_ECDH_C 00587 * 00588 * This enables the following ciphersuites (if other requisites are 00589 * enabled as well): 00590 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00591 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00592 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00593 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00594 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00595 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00596 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00597 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00598 */ 00599 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00600 00601 /** 00602 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00603 * 00604 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00605 * 00606 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00607 * MBEDTLS_X509_CRT_PARSE_C 00608 * 00609 * This enables the following ciphersuites (if other requisites are 00610 * enabled as well): 00611 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00612 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00613 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00614 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00615 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00616 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00617 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00618 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00619 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00620 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00621 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00622 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00623 */ 00624 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00625 /** 00626 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00627 * 00628 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00629 * 00630 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00631 * MBEDTLS_X509_CRT_PARSE_C 00632 * 00633 * This enables the following ciphersuites (if other requisites are 00634 * enabled as well): 00635 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00636 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00637 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00638 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00639 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00640 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00641 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00642 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00643 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00644 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00645 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00646 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00647 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00648 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00649 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00650 */ 00651 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00652 00653 /** 00654 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00655 * 00656 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00657 * 00658 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00659 * MBEDTLS_X509_CRT_PARSE_C 00660 * 00661 * This enables the following ciphersuites (if other requisites are 00662 * enabled as well): 00663 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00664 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00665 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00666 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00667 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00668 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00669 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00670 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00671 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00672 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00673 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00674 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00675 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00676 */ 00677 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00678 00679 /** 00680 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00681 * 00682 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00683 * 00684 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00685 * MBEDTLS_X509_CRT_PARSE_C 00686 * 00687 * This enables the following ciphersuites (if other requisites are 00688 * enabled as well): 00689 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00690 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00691 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00692 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00693 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00694 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00695 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00696 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00697 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00698 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00699 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00700 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00701 */ 00702 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00703 00704 /** 00705 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00706 * 00707 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00708 * 00709 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00710 * 00711 * This enables the following ciphersuites (if other requisites are 00712 * enabled as well): 00713 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00714 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00715 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00716 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00717 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00718 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00719 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00720 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00721 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00722 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00723 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00724 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00725 */ 00726 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00727 /** 00728 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00729 * 00730 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00731 * 00732 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00733 * 00734 * This enables the following ciphersuites (if other requisites are 00735 * enabled as well): 00736 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00737 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00738 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00739 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00740 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00741 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00742 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00743 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00744 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00745 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00746 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00747 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00748 */ 00749 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00750 00751 /** 00752 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00753 * 00754 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00755 * 00756 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00757 * 00758 * This enables the following ciphersuites (if other requisites are 00759 * enabled as well): 00760 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00761 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00762 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00763 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00764 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00765 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00766 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00767 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00768 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00769 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00770 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00771 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00772 */ 00773 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00774 00775 /** 00776 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00777 * 00778 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00779 * RFC 5915 and RFC 5480. 00780 * 00781 * Currently this means parsing the SpecifiedECDomain choice of EC 00782 * parameters (only known groups are supported, not arbitrary domains, to 00783 * avoid validation issues). 00784 * 00785 * Disable if you only need to support RFC 5915 + 5480 key formats. 00786 */ 00787 //#define MBEDTLS_PK_PARSE_EC_EXTENDED 00788 00789 /** 00790 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00791 * 00792 * Enable a dummy error function to make use of mbedtls_strerror() in 00793 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00794 * (no effect when MBEDTLS_ERROR_C is enabled). 00795 * 00796 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00797 * not using mbedtls_strerror() or error_strerror() in your application. 00798 * 00799 * Disable if you run into name conflicts and want to really remove the 00800 * mbedtls_strerror() 00801 */ 00802 //#define MBEDTLS_ERROR_STRERROR_DUMMY 00803 00804 /** 00805 * \def MBEDTLS_GENPRIME 00806 * 00807 * Enable the prime-number generation code. 00808 * 00809 * Requires: MBEDTLS_BIGNUM_C 00810 */ 00811 //#define MBEDTLS_GENPRIME 00812 00813 /** 00814 * \def MBEDTLS_FS_IO 00815 * 00816 * Enable functions that use the filesystem. 00817 */ 00818 //#define MBEDTLS_FS_IO 00819 00820 /** 00821 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00822 * 00823 * Do not add default entropy sources. These are the platform specific, 00824 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00825 * 00826 * This is useful to have more control over the added entropy sources in an 00827 * application. 00828 * 00829 * Uncomment this macro to prevent loading of default entropy functions. 00830 */ 00831 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00832 00833 /** 00834 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00835 * 00836 * Do not use built-in platform entropy functions. 00837 * This is useful if your platform does not support 00838 * standards like the /dev/urandom or Windows CryptoAPI. 00839 * 00840 * Uncomment this macro to disable the built-in platform entropy functions. 00841 */ 00842 #define MBEDTLS_NO_PLATFORM_ENTROPY 00843 00844 /** 00845 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00846 * 00847 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00848 * default SHA-512 based one (if both are available). 00849 * 00850 * Requires: MBEDTLS_SHA256_C 00851 * 00852 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00853 * if you have performance concerns. 00854 * 00855 * This option is only useful if both MBEDTLS_SHA256_C and 00856 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00857 */ 00858 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00859 00860 /** 00861 * \def MBEDTLS_MEMORY_DEBUG 00862 * 00863 * Enable debugging of buffer allocator memory issues. Automatically prints 00864 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00865 * function for 'debug output' of allocated memory. 00866 * 00867 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00868 * 00869 * Uncomment this macro to let the buffer allocator print out error messages. 00870 */ 00871 //#define MBEDTLS_MEMORY_DEBUG 00872 00873 /** 00874 * \def MBEDTLS_MEMORY_BACKTRACE 00875 * 00876 * Include backtrace information with each allocated block. 00877 * 00878 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00879 * GLIBC-compatible backtrace() an backtrace_symbols() support 00880 * 00881 * Uncomment this macro to include backtrace information 00882 */ 00883 //#define MBEDTLS_MEMORY_BACKTRACE 00884 00885 /** 00886 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00887 * 00888 * Support external private RSA keys (eg from a HSM) in the PK layer. 00889 * 00890 * Comment this macro to disable support for external private RSA keys. 00891 */ 00892 //#define MBEDTLS_PK_RSA_ALT_SUPPORT 00893 00894 /** 00895 * \def MBEDTLS_PKCS1_V15 00896 * 00897 * Enable support for PKCS#1 v1.5 encoding. 00898 * 00899 * Requires: MBEDTLS_RSA_C 00900 * 00901 * This enables support for PKCS#1 v1.5 operations. 00902 */ 00903 #define MBEDTLS_PKCS1_V15 00904 00905 /** 00906 * \def MBEDTLS_PKCS1_V21 00907 * 00908 * Enable support for PKCS#1 v2.1 encoding. 00909 * 00910 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 00911 * 00912 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00913 */ 00914 #define MBEDTLS_PKCS1_V21 00915 00916 /** 00917 * \def MBEDTLS_RSA_NO_CRT 00918 * 00919 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00920 * 00921 * Uncomment this macro to disable the use of CRT in RSA. 00922 * 00923 */ 00924 //#define MBEDTLS_RSA_NO_CRT 00925 00926 /** 00927 * \def MBEDTLS_SELF_TEST 00928 * 00929 * Enable the checkup functions (*_self_test). 00930 */ 00931 //#define MBEDTLS_SELF_TEST 00932 00933 /** 00934 * \def MBEDTLS_SHA256_SMALLER 00935 * 00936 * Enable an implementation of SHA-256 that has lower ROM footprint but also 00937 * lower performance. 00938 * 00939 * The default implementation is meant to be a reasonnable compromise between 00940 * performance and size. This version optimizes more aggressively for size at 00941 * the expense of performance. Eg on Cortex-M4 it reduces the size of 00942 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 00943 * 30%. 00944 * 00945 * Uncomment to enable the smaller implementation of SHA256. 00946 */ 00947 //#define MBEDTLS_SHA256_SMALLER 00948 00949 /** 00950 * \def MBEDTLS_SSL_AEAD_RANDOM_IV 00951 * 00952 * Generate a random IV rather than using the record sequence number as a 00953 * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). 00954 * 00955 * Using the sequence number is generally recommended. 00956 * 00957 * Uncomment this macro to always use random IVs with AEAD ciphersuites. 00958 */ 00959 //#define MBEDTLS_SSL_AEAD_RANDOM_IV 00960 00961 /** 00962 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 00963 * 00964 * Enable sending of alert messages in case of encountered errors as per RFC. 00965 * If you choose not to send the alert messages, mbed TLS can still communicate 00966 * with other servers, only debugging of failures is harder. 00967 * 00968 * The advantage of not sending alert messages, is that no information is given 00969 * about reasons for failures thus preventing adversaries of gaining intel. 00970 * 00971 * Enable sending of all alert messages 00972 */ 00973 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 00974 00975 /** 00976 * \def MBEDTLS_SSL_DEBUG_ALL 00977 * 00978 * Enable the debug messages in SSL module for all issues. 00979 * Debug messages have been disabled in some places to prevent timing 00980 * attacks due to (unbalanced) debugging function calls. 00981 * 00982 * If you need all error reporting you should enable this during debugging, 00983 * but remove this for production servers that should log as well. 00984 * 00985 * Uncomment this macro to report all debug messages on errors introducing 00986 * a timing side-channel. 00987 * 00988 */ 00989 //#define MBEDTLS_SSL_DEBUG_ALL 00990 00991 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 00992 * 00993 * Enable support for Encrypt-then-MAC, RFC 7366. 00994 * 00995 * This allows peers that both support it to use a more robust protection for 00996 * ciphersuites using CBC, providing deep resistance against timing attacks 00997 * on the padding or underlying cipher. 00998 * 00999 * This only affects CBC ciphersuites, and is useless if none is defined. 01000 * 01001 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01002 * MBEDTLS_SSL_PROTO_TLS1_1 or 01003 * MBEDTLS_SSL_PROTO_TLS1_2 01004 * 01005 * Comment this macro to disable support for Encrypt-then-MAC 01006 */ 01007 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 01008 01009 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01010 * 01011 * Enable support for Extended Master Secret, aka Session Hash 01012 * (draft-ietf-tls-session-hash-02). 01013 * 01014 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01015 * attacks, but it is recommended to always use it (even if you disable 01016 * renegotiation), since it actually fixes a more fundamental issue in the 01017 * original SSL/TLS design, and has implications beyond Triple Handshake. 01018 * 01019 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01020 * MBEDTLS_SSL_PROTO_TLS1_1 or 01021 * MBEDTLS_SSL_PROTO_TLS1_2 01022 * 01023 * Comment this macro to disable support for Extended Master Secret. 01024 */ 01025 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01026 01027 /** 01028 * \def MBEDTLS_SSL_FALLBACK_SCSV 01029 * 01030 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01031 * 01032 * For servers, it is recommended to always enable this, unless you support 01033 * only one version of TLS, or know for sure that none of your clients 01034 * implements a fallback strategy. 01035 * 01036 * For clients, you only need this if you're using a fallback strategy, which 01037 * is not recommended in the first place, unless you absolutely need it to 01038 * interoperate with buggy (version-intolerant) servers. 01039 * 01040 * Comment this macro to disable support for FALLBACK_SCSV 01041 */ 01042 //#define MBEDTLS_SSL_FALLBACK_SCSV 01043 01044 /** 01045 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01046 * 01047 * Enable hooking functions in SSL module for hardware acceleration of 01048 * individual records. 01049 * 01050 * Uncomment this macro to enable hooking functions. 01051 */ 01052 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01053 01054 /** 01055 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01056 * 01057 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01058 * 01059 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01060 * of interoperability issues compared to sending 0-length records. 01061 * 01062 * Comment this macro to disable 1/n-1 record splitting. 01063 */ 01064 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01065 01066 /** 01067 * \def MBEDTLS_SSL_RENEGOTIATION 01068 * 01069 * Enable support for TLS renegotiation. 01070 * 01071 * The two main uses of renegotiation are (1) refresh keys on long-lived 01072 * connections and (2) client authentication after the initial handshake. 01073 * If you don't need renegotiation, it's probably better to disable it, since 01074 * it has been associated with security issues in the past and is easy to 01075 * misuse/misunderstand. 01076 * 01077 * Comment this to disable support for renegotiation. 01078 * 01079 * \note Even if this option is disabled, both client and server are aware 01080 * of the Renegotiation Indication Extension (RFC 5746) used to 01081 * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). 01082 * (See \c mbedtls_ssl_conf_legacy_renegotiation for the 01083 * configuration of this extension). 01084 * 01085 * \note This feature is required by Device Management Client for Client-side 01086 * certificate expiration verification. Disabling it will also require 01087 * setting PAL_USE_SECURE_TIME to 0. 01088 * 01089 */ 01090 #define MBEDTLS_SSL_RENEGOTIATION 01091 01092 /** 01093 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01094 * 01095 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01096 * SSL Server module (MBEDTLS_SSL_SRV_C). 01097 * 01098 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01099 */ 01100 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01101 01102 /** 01103 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01104 * 01105 * Pick the ciphersuite according to the client's preferences rather than ours 01106 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01107 * 01108 * Uncomment this macro to respect client's ciphersuite order 01109 */ 01110 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01111 01112 /** 01113 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01114 * 01115 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01116 * 01117 * Comment this macro to disable support for the max_fragment_length extension 01118 */ 01119 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01120 01121 /** 01122 * \def MBEDTLS_SSL_PROTO_SSL3 01123 * 01124 * Enable support for SSL 3.0. 01125 * 01126 * Requires: MBEDTLS_MD5_C 01127 * MBEDTLS_SHA1_C 01128 * 01129 * Comment this macro to disable support for SSL 3.0 01130 */ 01131 //#define MBEDTLS_SSL_PROTO_SSL3 01132 01133 /** 01134 * \def MBEDTLS_SSL_PROTO_TLS1 01135 * 01136 * Enable support for TLS 1.0. 01137 * 01138 * Requires: MBEDTLS_MD5_C 01139 * MBEDTLS_SHA1_C 01140 * 01141 * Comment this macro to disable support for TLS 1.0 01142 */ 01143 //#define MBEDTLS_SSL_PROTO_TLS1 01144 01145 /** 01146 * \def MBEDTLS_SSL_PROTO_TLS1_1 01147 * 01148 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01149 * 01150 * Requires: MBEDTLS_MD5_C 01151 * MBEDTLS_SHA1_C 01152 * 01153 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01154 */ 01155 //#define MBEDTLS_SSL_PROTO_TLS1_1 01156 01157 /** 01158 * \def MBEDTLS_SSL_PROTO_TLS1_2 01159 * 01160 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01161 * 01162 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01163 * (Depends on ciphersuites) 01164 * 01165 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01166 */ 01167 #define MBEDTLS_SSL_PROTO_TLS1_2 01168 01169 /** 01170 * \def MBEDTLS_SSL_PROTO_DTLS 01171 * 01172 * Enable support for DTLS (all available versions). 01173 * 01174 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01175 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01176 * 01177 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01178 * or MBEDTLS_SSL_PROTO_TLS1_2 01179 * 01180 * Comment this macro to disable support for DTLS 01181 */ 01182 #define MBEDTLS_SSL_PROTO_DTLS 01183 01184 /** 01185 * \def MBEDTLS_SSL_ALPN 01186 * 01187 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01188 * 01189 * Comment this macro to disable support for ALPN. 01190 */ 01191 #define MBEDTLS_SSL_ALPN 01192 01193 /** 01194 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01195 * 01196 * Enable support for the anti-replay mechanism in DTLS. 01197 * 01198 * Requires: MBEDTLS_SSL_TLS_C 01199 * MBEDTLS_SSL_PROTO_DTLS 01200 * 01201 * \warning Disabling this is often a security risk! 01202 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01203 * 01204 * Comment this to disable anti-replay in DTLS. 01205 */ 01206 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01207 01208 /** 01209 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01210 * 01211 * Enable support for HelloVerifyRequest on DTLS servers. 01212 * 01213 * This feature is highly recommended to prevent DTLS servers being used as 01214 * amplifiers in DoS attacks against other hosts. It should always be enabled 01215 * unless you know for sure amplification cannot be a problem in the 01216 * environment in which your server operates. 01217 * 01218 * \warning Disabling this can ba a security risk! (see above) 01219 * 01220 * Requires: MBEDTLS_SSL_PROTO_DTLS 01221 * 01222 * Comment this to disable support for HelloVerifyRequest. 01223 */ 01224 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01225 01226 /** 01227 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01228 * 01229 * Enable server-side support for clients that reconnect from the same port. 01230 * 01231 * Some clients unexpectedly close the connection and try to reconnect using the 01232 * same source port. This needs special support from the server to handle the 01233 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01234 * flag enables that support. 01235 * 01236 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01237 * 01238 * Comment this to disable support for clients reusing the source port. 01239 */ 01240 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01241 01242 /** 01243 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01244 * 01245 * Enable support for a limit of records with bad MAC. 01246 * 01247 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01248 * 01249 * Requires: MBEDTLS_SSL_PROTO_DTLS 01250 */ 01251 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01252 01253 /** 01254 * \def MBEDTLS_SSL_SESSION_TICKETS 01255 * 01256 * Enable support for RFC 5077 session tickets in SSL. 01257 * Client-side, provides full support for session tickets (maintainance of a 01258 * session store remains the responsibility of the application, though). 01259 * Server-side, you also need to provide callbacks for writing and parsing 01260 * tickets, including authenticated encryption and key management. Example 01261 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01262 * 01263 * Comment this macro to disable support for SSL session tickets 01264 */ 01265 #define MBEDTLS_SSL_SESSION_TICKETS 01266 01267 /** 01268 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01269 * 01270 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01271 * 01272 * Requires: MBEDTLS_X509_CRT_PARSE_C 01273 * 01274 * Comment this macro to disable support for server name indication in SSL 01275 */ 01276 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 01277 /** 01278 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01279 * 01280 * Enable support for RFC 6066 truncated HMAC in SSL. 01281 * 01282 * Comment this macro to disable support for truncated HMAC in SSL 01283 */ 01284 //#define MBEDTLS_SSL_TRUNCATED_HMAC 01285 01286 /** 01287 * \def MBEDTLS_THREADING_ALT 01288 * 01289 * Provide your own alternate threading implementation. 01290 * 01291 * Requires: MBEDTLS_THREADING_C 01292 * 01293 * Uncomment this to allow your own alternate threading implementation. 01294 */ 01295 //#define MBEDTLS_THREADING_ALT 01296 01297 /** 01298 * \def MBEDTLS_THREADING_PTHREAD 01299 * 01300 * Enable the pthread wrapper layer for the threading layer. 01301 * 01302 * Requires: MBEDTLS_THREADING_C 01303 * 01304 * Uncomment this to enable pthread mutexes. 01305 */ 01306 //#define MBEDTLS_THREADING_PTHREAD 01307 01308 /** 01309 * \def MBEDTLS_VERSION_FEATURES 01310 * 01311 * Allow run-time checking of compile-time enabled features. Thus allowing users 01312 * to check at run-time if the library is for instance compiled with threading 01313 * support via mbedtls_version_check_feature(). 01314 * 01315 * Requires: MBEDTLS_VERSION_C 01316 * 01317 * Comment this to disable run-time checking and save ROM space 01318 */ 01319 //#define MBEDTLS_VERSION_FEATURES 01320 01321 /** 01322 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01323 * 01324 * If set, the X509 parser will not break-off when parsing an X509 certificate 01325 * and encountering an extension in a v1 or v2 certificate. 01326 * 01327 * Uncomment to prevent an error. 01328 */ 01329 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01330 01331 /** 01332 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01333 * 01334 * If set, the X509 parser will not break-off when parsing an X509 certificate 01335 * and encountering an unknown critical extension. 01336 * 01337 * Uncomment to prevent an error. 01338 */ 01339 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01340 01341 /** 01342 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01343 * 01344 * Enable verification of the keyUsage extension (CA and leaf certificates). 01345 * 01346 * Disabling this avoids problems with mis-issued and/or misused 01347 * (intermediate) CA and leaf certificates. 01348 * 01349 * \warning Depending on your PKI use, disabling this can be a security risk! 01350 * 01351 * Comment to skip keyUsage checking for both CA and leaf certificates. 01352 */ 01353 #define MBEDTLS_X509_CHECK_KEY_USAGE 01354 01355 /** 01356 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01357 * 01358 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01359 * 01360 * Disabling this avoids problems with mis-issued and/or misused certificates. 01361 * 01362 * \warning Depending on your PKI use, disabling this can be a security risk! 01363 * 01364 * Comment to skip extendedKeyUsage checking for certificates. 01365 */ 01366 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01367 01368 /** 01369 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01370 * 01371 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01372 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01373 * 01374 * Comment this macro to disallow using RSASSA-PSS in certificates. 01375 */ 01376 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01377 /** 01378 * \def MBEDTLS_ZLIB_SUPPORT 01379 * 01380 * If set, the SSL/TLS module uses ZLIB to support compression and 01381 * decompression of packet data. 01382 * 01383 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01384 * CRIME attack. Before enabling this option, you should examine with care if 01385 * CRIME or similar exploits may be a applicable to your use case. 01386 * 01387 * \note Currently compression can't be used with DTLS. 01388 * 01389 * Used in: library/ssl_tls.c 01390 * library/ssl_cli.c 01391 * library/ssl_srv.c 01392 * 01393 * This feature requires zlib library and headers to be present. 01394 * 01395 * Uncomment to enable use of ZLIB 01396 */ 01397 //#define MBEDTLS_ZLIB_SUPPORT 01398 /* \} name SECTION: mbed TLS feature support */ 01399 01400 /** 01401 * \name SECTION: mbed TLS modules 01402 * 01403 * This section enables or disables entire modules in mbed TLS 01404 * \{ 01405 */ 01406 01407 /** 01408 * \def MBEDTLS_AESNI_C 01409 * 01410 * Enable AES-NI support on x86-64. 01411 * 01412 * Module: library/aesni.c 01413 * Caller: library/aes.c 01414 * 01415 * Requires: MBEDTLS_HAVE_ASM 01416 * 01417 * This modules adds support for the AES-NI instructions on x86-64 01418 */ 01419 //#define MBEDTLS_AESNI_C 01420 01421 /** 01422 * \def MBEDTLS_AES_C 01423 * 01424 * Enable the AES block cipher. 01425 * 01426 * Module: library/aes.c 01427 * Caller: library/ssl_tls.c 01428 * library/pem.c 01429 * library/ctr_drbg.c 01430 * 01431 * This module enables the following ciphersuites (if other requisites are 01432 * enabled as well): 01433 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01434 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01435 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01436 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01437 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01438 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01439 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01440 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01441 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01442 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01443 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01444 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01445 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01446 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01447 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01448 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01449 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01450 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01451 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01452 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01453 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01454 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01455 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01456 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01457 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01458 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01459 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01460 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01461 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01462 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01463 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01464 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01465 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01466 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01467 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01468 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01469 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01470 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01471 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01472 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01473 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01474 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01475 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01476 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01477 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01478 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01479 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01480 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01481 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01482 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01483 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01484 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01485 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01486 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01487 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01488 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01489 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01490 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01491 * 01492 * PEM_PARSE uses AES for decrypting encrypted keys. 01493 */ 01494 #define MBEDTLS_AES_C 01495 01496 /** 01497 * \def MBEDTLS_ARC4_C 01498 * 01499 * Enable the ARCFOUR stream cipher. 01500 * 01501 * Module: library/arc4.c 01502 * Caller: library/ssl_tls.c 01503 * 01504 * This module enables the following ciphersuites (if other requisites are 01505 * enabled as well): 01506 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01507 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01508 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01509 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01510 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01511 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01512 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01513 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01514 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01515 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01516 */ 01517 //#define MBEDTLS_ARC4_C 01518 01519 /** 01520 * \def MBEDTLS_ASN1_PARSE_C 01521 * 01522 * Enable the generic ASN1 parser. 01523 * 01524 * Module: library/asn1.c 01525 * Caller: library/x509.c 01526 * library/dhm.c 01527 * library/pkcs12.c 01528 * library/pkcs5.c 01529 * library/pkparse.c 01530 */ 01531 #define MBEDTLS_ASN1_PARSE_C 01532 01533 /** 01534 * \def MBEDTLS_ASN1_WRITE_C 01535 * 01536 * Enable the generic ASN1 writer. 01537 * 01538 * Module: library/asn1write.c 01539 * Caller: library/ecdsa.c 01540 * library/pkwrite.c 01541 * library/x509_create.c 01542 * library/x509write_crt.c 01543 * library/mbedtls_x509write_csr.c 01544 */ 01545 #define MBEDTLS_ASN1_WRITE_C 01546 01547 /** 01548 * \def MBEDTLS_BASE64_C 01549 * 01550 * Enable the Base64 module. 01551 * 01552 * Module: library/base64.c 01553 * Caller: library/pem.c 01554 * 01555 * This module is required for PEM support (required by X.509). 01556 */ 01557 // needed for Base64 encoding Opaque data for 01558 // registration payload, adds 500 bytes to flash. 01559 #define MBEDTLS_BASE64_C 01560 01561 /** 01562 * \def MBEDTLS_BIGNUM_C 01563 * 01564 * Enable the multi-precision integer library. 01565 * 01566 * Module: library/bignum.c 01567 * Caller: library/dhm.c 01568 * library/ecp.c 01569 * library/ecdsa.c 01570 * library/rsa.c 01571 * library/ssl_tls.c 01572 * 01573 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01574 */ 01575 #define MBEDTLS_BIGNUM_C 01576 01577 /** 01578 * \def MBEDTLS_BLOWFISH_C 01579 * 01580 * Enable the Blowfish block cipher. 01581 * 01582 * Module: library/blowfish.c 01583 */ 01584 //#define MBEDTLS_BLOWFISH_C 01585 01586 /** 01587 * \def MBEDTLS_CAMELLIA_C 01588 * 01589 * Enable the Camellia block cipher. 01590 * 01591 * Module: library/camellia.c 01592 * Caller: library/ssl_tls.c 01593 * 01594 * This module enables the following ciphersuites (if other requisites are 01595 * enabled as well): 01596 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01597 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01598 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01599 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01600 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01601 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01602 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01603 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01604 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01605 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01606 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01607 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01608 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01609 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01610 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01611 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01612 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01613 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01614 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01615 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01616 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01617 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01618 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01619 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01620 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01621 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01622 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01623 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01624 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01625 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01626 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01627 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01628 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01629 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01630 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01631 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01632 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01633 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01634 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01635 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01636 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01637 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01638 */ 01639 //#define MBEDTLS_CAMELLIA_C 01640 01641 /** 01642 * \def MBEDTLS_CCM_C 01643 * 01644 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01645 * 01646 * Module: library/ccm.c 01647 * 01648 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01649 * 01650 * This module enables the AES-CCM ciphersuites, if other requisites are 01651 * enabled as well. 01652 */ 01653 #define MBEDTLS_CCM_C 01654 01655 /** 01656 * \def MBEDTLS_CERTS_C 01657 * 01658 * Enable the test certificates. 01659 * 01660 * Module: library/certs.c 01661 * Caller: 01662 * 01663 * This module is used for testing (ssl_client/server). 01664 */ 01665 //#define MBEDTLS_CERTS_C 01666 01667 /** 01668 * \def MBEDTLS_CIPHER_C 01669 * 01670 * Enable the generic cipher layer. 01671 * 01672 * Module: library/cipher.c 01673 * Caller: library/ssl_tls.c 01674 * 01675 * Uncomment to enable generic cipher wrappers. 01676 */ 01677 #define MBEDTLS_CIPHER_C 01678 01679 /** 01680 * \def MBEDTLS_CMAC_C 01681 * 01682 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block 01683 * ciphers. 01684 * 01685 * Module: library/cmac.c 01686 * 01687 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C 01688 * 01689 */ 01690 #define MBEDTLS_CMAC_C 01691 01692 /** 01693 * \def MBEDTLS_CTR_DRBG_C 01694 * 01695 * Enable the CTR_DRBG AES-256-based random generator. 01696 * 01697 * Module: library/ctr_drbg.c 01698 * Caller: 01699 * 01700 * Requires: MBEDTLS_AES_C 01701 * 01702 * This module provides the CTR_DRBG AES-256 random number generator. 01703 */ 01704 #define MBEDTLS_CTR_DRBG_C 01705 01706 /** 01707 * \def MBEDTLS_DEBUG_C 01708 * 01709 * Enable the debug functions. 01710 * 01711 * Module: library/debug.c 01712 * Caller: library/ssl_cli.c 01713 * library/ssl_srv.c 01714 * library/ssl_tls.c 01715 * 01716 * This module provides debugging functions. 01717 */ 01718 //#define MBEDTLS_DEBUG_C 01719 01720 /** 01721 * \def MBEDTLS_DES_C 01722 * 01723 * Enable the DES block cipher. 01724 * 01725 * Module: library/des.c 01726 * Caller: library/pem.c 01727 * library/ssl_tls.c 01728 * 01729 * This module enables the following ciphersuites (if other requisites are 01730 * enabled as well): 01731 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01732 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01733 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01734 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01735 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01736 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01737 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01738 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01739 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01740 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01741 * 01742 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01743 */ 01744 //#define MBEDTLS_DES_C 01745 01746 /** 01747 * \def MBEDTLS_DHM_C 01748 * 01749 * Enable the Diffie-Hellman-Merkle module. 01750 * 01751 * Module: library/dhm.c 01752 * Caller: library/ssl_cli.c 01753 * library/ssl_srv.c 01754 * 01755 * This module is used by the following key exchanges: 01756 * DHE-RSA, DHE-PSK 01757 */ 01758 //#define MBEDTLS_DHM_C 01759 01760 /** 01761 * \def MBEDTLS_ECDH_C 01762 * 01763 * Enable the elliptic curve Diffie-Hellman library. 01764 * 01765 * Module: library/ecdh.c 01766 * Caller: library/ssl_cli.c 01767 * library/ssl_srv.c 01768 * 01769 * This module is used by the following key exchanges: 01770 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01771 * 01772 * Requires: MBEDTLS_ECP_C 01773 */ 01774 #define MBEDTLS_ECDH_C 01775 01776 /** 01777 * \def MBEDTLS_ECDSA_C 01778 * 01779 * Enable the elliptic curve DSA library. 01780 * 01781 * Module: library/ecdsa.c 01782 * Caller: 01783 * 01784 * This module is used by the following key exchanges: 01785 * ECDHE-ECDSA 01786 * 01787 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01788 */ 01789 #define MBEDTLS_ECDSA_C 01790 01791 /** 01792 * \def MBEDTLS_ECP_C 01793 * 01794 * Enable the elliptic curve over GF(p) library. 01795 * 01796 * Module: library/ecp.c 01797 * Caller: library/ecdh.c 01798 * library/ecdsa.c 01799 * 01800 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01801 */ 01802 #define MBEDTLS_ECP_C 01803 01804 /** 01805 * \def MBEDTLS_ENTROPY_C 01806 * 01807 * Enable the platform-specific entropy code. 01808 * 01809 * Module: library/entropy.c 01810 * Caller: 01811 * 01812 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01813 * 01814 * This module provides a generic entropy pool 01815 */ 01816 #define MBEDTLS_ENTROPY_C 01817 01818 /** 01819 * \def MBEDTLS_ERROR_C 01820 * 01821 * Enable error code to error string conversion. 01822 * 01823 * Module: library/error.c 01824 * Caller: 01825 * 01826 * This module enables mbedtls_strerror(). 01827 */ 01828 //#define MBEDTLS_ERROR_C 01829 01830 /** 01831 * \def MBEDTLS_GCM_C 01832 * 01833 * Enable the Galois/Counter Mode (GCM) for AES. 01834 * 01835 * Module: library/gcm.c 01836 * 01837 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01838 * 01839 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01840 * requisites are enabled as well. 01841 */ 01842 #define MBEDTLS_GCM_C 01843 01844 /** 01845 * \def MBEDTLS_HAVEGE_C 01846 * 01847 * Enable the HAVEGE random generator. 01848 * 01849 * Warning: the HAVEGE random generator is not suitable for virtualized 01850 * environments 01851 * 01852 * Warning: the HAVEGE random generator is dependent on timing and specific 01853 * processor traits. It is therefore not advised to use HAVEGE as 01854 * your applications primary random generator or primary entropy pool 01855 * input. As a secondary input to your entropy pool, it IS able add 01856 * the (limited) extra entropy it provides. 01857 * 01858 * Module: library/havege.c 01859 * Caller: 01860 * 01861 * Requires: MBEDTLS_TIMING_C 01862 * 01863 * Uncomment to enable the HAVEGE random generator. 01864 */ 01865 //#define MBEDTLS_HAVEGE_C 01866 01867 /** 01868 * \def MBEDTLS_HMAC_DRBG_C 01869 * 01870 * Enable the HMAC_DRBG random generator. 01871 * 01872 * Module: library/hmac_drbg.c 01873 * Caller: 01874 * 01875 * Requires: MBEDTLS_MD_C 01876 * 01877 * Uncomment to enable the HMAC_DRBG random number geerator. 01878 */ 01879 #define MBEDTLS_HMAC_DRBG_C 01880 01881 /** 01882 * \def MBEDTLS_MD_C 01883 * 01884 * Enable the generic message digest layer. 01885 * 01886 * Module: library/mbedtls_md.c 01887 * Caller: 01888 * 01889 * Uncomment to enable generic message digest wrappers. 01890 */ 01891 #define MBEDTLS_MD_C 01892 01893 /** 01894 * \def MBEDTLS_MD2_C 01895 * 01896 * Enable the MD2 hash algorithm. 01897 * 01898 * Module: library/mbedtls_md2.c 01899 * Caller: 01900 * 01901 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01902 */ 01903 //#define MBEDTLS_MD2_C 01904 01905 /** 01906 * \def MBEDTLS_MD4_C 01907 * 01908 * Enable the MD4 hash algorithm. 01909 * 01910 * Module: library/mbedtls_md4.c 01911 * Caller: 01912 * 01913 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01914 */ 01915 //#define MBEDTLS_MD4_C 01916 01917 /** 01918 * \def MBEDTLS_MD5_C 01919 * 01920 * Enable the MD5 hash algorithm. 01921 * 01922 * Module: library/mbedtls_md5.c 01923 * Caller: library/mbedtls_md.c 01924 * library/pem.c 01925 * library/ssl_tls.c 01926 * 01927 * This module is required for SSL/TLS and X.509. 01928 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01929 */ 01930 //#define MBEDTLS_MD5_C 01931 01932 /** 01933 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 01934 * 01935 * Enable the buffer allocator implementation that makes use of a (stack) 01936 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 01937 * calls) 01938 * 01939 * Module: library/memory_buffer_alloc.c 01940 * 01941 * Requires: MBEDTLS_PLATFORM_C 01942 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 01943 * 01944 * Enable this module to enable the buffer memory allocator. 01945 */ 01946 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 01947 01948 /** 01949 * \def MBEDTLS_NET_C 01950 * 01951 * Enable the TCP/IP networking routines. 01952 * 01953 * Module: library/net.c 01954 * 01955 * This module provides TCP/IP networking routines. 01956 */ 01957 //#define MBEDTLS_NET_C 01958 01959 /** 01960 * \def MBEDTLS_OID_C 01961 * 01962 * Enable the OID database. 01963 * 01964 * Module: library/oid.c 01965 * Caller: library/asn1write.c 01966 * library/pkcs5.c 01967 * library/pkparse.c 01968 * library/pkwrite.c 01969 * library/rsa.c 01970 * library/x509.c 01971 * library/x509_create.c 01972 * library/mbedtls_x509_crl.c 01973 * library/mbedtls_x509_crt.c 01974 * library/mbedtls_x509_csr.c 01975 * library/x509write_crt.c 01976 * library/mbedtls_x509write_csr.c 01977 * 01978 * This modules translates between OIDs and internal values. 01979 */ 01980 #define MBEDTLS_OID_C 01981 01982 /** 01983 * \def MBEDTLS_PADLOCK_C 01984 * 01985 * Enable VIA Padlock support on x86. 01986 * 01987 * Module: library/padlock.c 01988 * Caller: library/aes.c 01989 * 01990 * Requires: MBEDTLS_HAVE_ASM 01991 * 01992 * This modules adds support for the VIA PadLock on x86. 01993 */ 01994 //#define MBEDTLS_PADLOCK_C 01995 01996 /** 01997 * \def MBEDTLS_PEM_PARSE_C 01998 * 01999 * Enable PEM decoding / parsing. 02000 * 02001 * Module: library/pem.c 02002 * Caller: library/dhm.c 02003 * library/pkparse.c 02004 * library/mbedtls_x509_crl.c 02005 * library/mbedtls_x509_crt.c 02006 * library/mbedtls_x509_csr.c 02007 * 02008 * Requires: MBEDTLS_BASE64_C 02009 * 02010 * This modules adds support for decoding / parsing PEM files. 02011 */ 02012 //#define MBEDTLS_PEM_PARSE_C 02013 02014 /** 02015 * \def MBEDTLS_PEM_WRITE_C 02016 * 02017 * Enable PEM encoding / writing. 02018 * 02019 * Module: library/pem.c 02020 * Caller: library/pkwrite.c 02021 * library/x509write_crt.c 02022 * library/mbedtls_x509write_csr.c 02023 * 02024 * Requires: MBEDTLS_BASE64_C 02025 * 02026 * This modules adds support for encoding / writing PEM files. 02027 */ 02028 //#define MBEDTLS_PEM_WRITE_C 02029 02030 /** 02031 * \def MBEDTLS_PK_C 02032 * 02033 * Enable the generic public (asymetric) key layer. 02034 * 02035 * Module: library/pk.c 02036 * Caller: library/ssl_tls.c 02037 * library/ssl_cli.c 02038 * library/ssl_srv.c 02039 * 02040 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02041 * 02042 * Uncomment to enable generic public key wrappers. 02043 */ 02044 #define MBEDTLS_PK_C 02045 02046 /** 02047 * \def MBEDTLS_PK_PARSE_C 02048 * 02049 * Enable the generic public (asymetric) key parser. 02050 * 02051 * Module: library/pkparse.c 02052 * Caller: library/mbedtls_x509_crt.c 02053 * library/mbedtls_x509_csr.c 02054 * 02055 * Requires: MBEDTLS_PK_C 02056 * 02057 * Uncomment to enable generic public key parse functions. 02058 */ 02059 #define MBEDTLS_PK_PARSE_C 02060 02061 /** 02062 * \def MBEDTLS_PK_WRITE_C 02063 * 02064 * Enable the generic public (asymetric) key writer. 02065 * 02066 * Module: library/pkwrite.c 02067 * Caller: library/x509write.c 02068 * 02069 * Requires: MBEDTLS_PK_C 02070 * 02071 * Uncomment to enable generic public key write functions. 02072 */ 02073 #define MBEDTLS_PK_WRITE_C 02074 02075 /** 02076 * \def MBEDTLS_PKCS5_C 02077 * 02078 * Enable PKCS#5 functions. 02079 * 02080 * Module: library/pkcs5.c 02081 * 02082 * Requires: MBEDTLS_MD_C 02083 * 02084 * This module adds support for the PKCS#5 functions. 02085 */ 02086 //#define MBEDTLS_PKCS5_C 02087 02088 /** 02089 * \def MBEDTLS_PKCS11_C 02090 * 02091 * Enable wrapper for PKCS#11 smartcard support. 02092 * 02093 * Module: library/pkcs11.c 02094 * Caller: library/pk.c 02095 * 02096 * Requires: MBEDTLS_PK_C 02097 * 02098 * This module enables SSL/TLS PKCS #11 smartcard support. 02099 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02100 */ 02101 //#define MBEDTLS_PKCS11_C 02102 02103 /** 02104 * \def MBEDTLS_PKCS12_C 02105 * 02106 * Enable PKCS#12 PBE functions. 02107 * Adds algorithms for parsing PKCS#8 encrypted private keys 02108 * 02109 * Module: library/pkcs12.c 02110 * Caller: library/pkparse.c 02111 * 02112 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02113 * Can use: MBEDTLS_ARC4_C 02114 * 02115 * This module enables PKCS#12 functions. 02116 */ 02117 //#define MBEDTLS_PKCS12_C 02118 02119 /** 02120 * \def MBEDTLS_PLATFORM_C 02121 * 02122 * Enable the platform abstraction layer that allows you to re-assign 02123 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02124 * 02125 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02126 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02127 * above to be specified at runtime or compile time respectively. 02128 * 02129 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02130 * as other module rely on it for a fixed snprintf implementation. 02131 * 02132 * Module: library/platform.c 02133 * Caller: Most other .c files 02134 * 02135 * This module enables abstraction of common (libc) functions. 02136 */ 02137 #define MBEDTLS_PLATFORM_C 02138 02139 /** 02140 * \def MBEDTLS_RIPEMD160_C 02141 * 02142 * Enable the RIPEMD-160 hash algorithm. 02143 * 02144 * Module: library/mbedtls_ripemd160.c 02145 * Caller: library/mbedtls_md.c 02146 * 02147 */ 02148 //#define MBEDTLS_RIPEMD160_C 02149 02150 /** 02151 * \def MBEDTLS_RSA_C 02152 * 02153 * Enable the RSA public-key cryptosystem. 02154 * 02155 * Module: library/rsa.c 02156 * Caller: library/ssl_cli.c 02157 * library/ssl_srv.c 02158 * library/ssl_tls.c 02159 * library/x509.c 02160 * 02161 * This module is used by the following key exchanges: 02162 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02163 * 02164 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02165 */ 02166 //#define MBEDTLS_RSA_C 02167 02168 /** 02169 * \def MBEDTLS_SHA1_C 02170 * 02171 * Enable the SHA1 cryptographic hash algorithm. 02172 * 02173 * Module: library/mbedtls_sha1.c 02174 * Caller: library/mbedtls_md.c 02175 * library/ssl_cli.c 02176 * library/ssl_srv.c 02177 * library/ssl_tls.c 02178 * library/x509write_crt.c 02179 * 02180 * This module is required for SSL/TLS and SHA1-signed certificates. 02181 */ 02182 //#define MBEDTLS_SHA1_C 02183 02184 /** 02185 * \def MBEDTLS_SHA256_C 02186 * 02187 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02188 * 02189 * Module: library/mbedtls_sha256.c 02190 * Caller: library/entropy.c 02191 * library/mbedtls_md.c 02192 * library/ssl_cli.c 02193 * library/ssl_srv.c 02194 * library/ssl_tls.c 02195 * 02196 * This module adds support for SHA-224 and SHA-256. 02197 * This module is required for the SSL/TLS 1.2 PRF function. 02198 */ 02199 #define MBEDTLS_SHA256_C 02200 02201 /** 02202 * \def MBEDTLS_SHA512_C 02203 * 02204 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02205 * 02206 * Module: library/mbedtls_sha512.c 02207 * Caller: library/entropy.c 02208 * library/mbedtls_md.c 02209 * library/ssl_cli.c 02210 * library/ssl_srv.c 02211 * 02212 * This module adds support for SHA-384 and SHA-512. 02213 */ 02214 //#define MBEDTLS_SHA512_C 02215 02216 /** 02217 * \def MBEDTLS_SSL_CACHE_C 02218 * 02219 * Enable simple SSL cache implementation. 02220 * 02221 * Module: library/ssl_cache.c 02222 * Caller: 02223 * 02224 * Requires: MBEDTLS_SSL_CACHE_C 02225 */ 02226 #define MBEDTLS_SSL_CACHE_C 02227 02228 /** 02229 * \def MBEDTLS_SSL_COOKIE_C 02230 * 02231 * Enable basic implementation of DTLS cookies for hello verification. 02232 * 02233 * Module: library/ssl_cookie.c 02234 * Caller: 02235 */ 02236 #define MBEDTLS_SSL_COOKIE_C 02237 02238 /** 02239 * \def MBEDTLS_SSL_TICKET_C 02240 * 02241 * Enable an implementation of TLS server-side callbacks for session tickets. 02242 * 02243 * Module: library/ssl_ticket.c 02244 * Caller: 02245 * 02246 * Requires: MBEDTLS_CIPHER_C 02247 */ 02248 #define MBEDTLS_SSL_TICKET_C 02249 02250 /** 02251 * \def MBEDTLS_SSL_CLI_C 02252 * 02253 * Enable the SSL/TLS client code. 02254 * 02255 * Module: library/ssl_cli.c 02256 * Caller: 02257 * 02258 * Requires: MBEDTLS_SSL_TLS_C 02259 * 02260 * This module is required for SSL/TLS client support. 02261 */ 02262 #define MBEDTLS_SSL_CLI_C 02263 02264 /** 02265 * \def MBEDTLS_SSL_SRV_C 02266 * 02267 * Enable the SSL/TLS server code. 02268 * 02269 * Module: library/ssl_srv.c 02270 * Caller: 02271 * 02272 * Requires: MBEDTLS_SSL_TLS_C 02273 * 02274 * This module is required for SSL/TLS server support. 02275 */ 02276 //#define MBEDTLS_SSL_SRV_C 02277 02278 /** 02279 * \def MBEDTLS_SSL_TLS_C 02280 * 02281 * Enable the generic SSL/TLS code. 02282 * 02283 * Module: library/ssl_tls.c 02284 * Caller: library/ssl_cli.c 02285 * library/ssl_srv.c 02286 * 02287 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02288 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02289 * 02290 * This module is required for SSL/TLS. 02291 */ 02292 #define MBEDTLS_SSL_TLS_C 02293 02294 /** 02295 * \def MBEDTLS_THREADING_C 02296 * 02297 * Enable the threading abstraction layer. 02298 * By default mbed TLS assumes it is used in a non-threaded environment or that 02299 * contexts are not shared between threads. If you do intend to use contexts 02300 * between threads, you will need to enable this layer to prevent race 02301 * conditions. 02302 * 02303 * Module: library/threading.c 02304 * 02305 * This allows different threading implementations (self-implemented or 02306 * provided). 02307 * 02308 * You will have to enable either MBEDTLS_THREADING_ALT or 02309 * MBEDTLS_THREADING_PTHREAD. 02310 * 02311 * Enable this layer to allow use of mutexes within mbed TLS 02312 */ 02313 //#define MBEDTLS_THREADING_C 02314 02315 /** 02316 * \def MBEDTLS_TIMING_C 02317 * 02318 * Enable the portable timing interface. 02319 * 02320 * Module: library/timing.c 02321 * Caller: library/havege.c 02322 * 02323 * This module is used by the HAVEGE random number generator. 02324 */ 02325 //#define MBEDTLS_TIMING_C 02326 02327 /** 02328 * \def MBEDTLS_VERSION_C 02329 * 02330 * Enable run-time version information. 02331 * 02332 * Module: library/version.c 02333 * 02334 * This module provides run-time version information. 02335 */ 02336 #define MBEDTLS_VERSION_C 02337 02338 /** 02339 * \def MBEDTLS_X509_USE_C 02340 * 02341 * Enable X.509 core for using certificates. 02342 * 02343 * Module: library/x509.c 02344 * Caller: library/mbedtls_x509_crl.c 02345 * library/mbedtls_x509_crt.c 02346 * library/mbedtls_x509_csr.c 02347 * 02348 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02349 * MBEDTLS_PK_PARSE_C 02350 * 02351 * This module is required for the X.509 parsing modules. 02352 */ 02353 #define MBEDTLS_X509_USE_C 02354 02355 /** 02356 * \def MBEDTLS_X509_CRT_PARSE_C 02357 * 02358 * Enable X.509 certificate parsing. 02359 * 02360 * Module: library/mbedtls_x509_crt.c 02361 * Caller: library/ssl_cli.c 02362 * library/ssl_srv.c 02363 * library/ssl_tls.c 02364 * 02365 * Requires: MBEDTLS_X509_USE_C 02366 * 02367 * This module is required for X.509 certificate parsing. 02368 */ 02369 02370 #define MBEDTLS_X509_CRT_PARSE_C 02371 02372 /** 02373 * \def MBEDTLS_X509_CRL_PARSE_C 02374 * 02375 * Enable X.509 CRL parsing. 02376 * 02377 * Module: library/mbedtls_x509_crl.c 02378 * Caller: library/mbedtls_x509_crt.c 02379 * 02380 * Requires: MBEDTLS_X509_USE_C 02381 * 02382 * This module is required for X.509 CRL parsing. 02383 */ 02384 #define MBEDTLS_X509_CRL_PARSE_C 02385 02386 /** 02387 * \def MBEDTLS_X509_CSR_PARSE_C 02388 * 02389 * Enable X.509 Certificate Signing Request (CSR) parsing. 02390 * 02391 * Module: library/mbedtls_x509_csr.c 02392 * Caller: library/x509_crt_write.c 02393 * 02394 * Requires: MBEDTLS_X509_USE_C 02395 * 02396 * This module is used for reading X.509 certificate request. 02397 */ 02398 #define MBEDTLS_X509_CSR_PARSE_C 02399 02400 /** 02401 * \def MBEDTLS_X509_CREATE_C 02402 * 02403 * Enable X.509 core for creating certificates. 02404 * 02405 * Module: library/x509_create.c 02406 * 02407 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02408 * 02409 * This module is the basis for creating X.509 certificates and CSRs. 02410 */ 02411 #define MBEDTLS_X509_CREATE_C 02412 02413 /** 02414 * \def MBEDTLS_X509_CRT_WRITE_C 02415 * 02416 * Enable creating X.509 certificates. 02417 * 02418 * Module: library/x509_crt_write.c 02419 * 02420 * Requires: MBEDTLS_X509_CREATE_C 02421 * 02422 * This module is required for X.509 certificate creation. 02423 */ 02424 //#define MBEDTLS_X509_CRT_WRITE_C 02425 02426 /** 02427 * \def MBEDTLS_X509_CSR_WRITE_C 02428 * 02429 * Enable creating X.509 Certificate Signing Requests (CSR). 02430 * 02431 * Module: library/x509_csr_write.c 02432 * 02433 * Requires: MBEDTLS_X509_CREATE_C 02434 * 02435 * This module is required for X.509 certificate request writing. 02436 */ 02437 #define MBEDTLS_X509_CSR_WRITE_C 02438 /** 02439 * \def MBEDTLS_XTEA_C 02440 * 02441 * Enable the XTEA block cipher. 02442 * 02443 * Module: library/xtea.c 02444 * Caller: 02445 */ 02446 //#define MBEDTLS_XTEA_C 02447 02448 /* \} name SECTION: mbed TLS modules */ 02449 02450 /** 02451 * \name SECTION: Module configuration options 02452 * 02453 * This section allows for the setting of module specific sizes and 02454 * configuration options. The default values are already present in the 02455 * relevant header files and should suffice for the regular use cases. 02456 * 02457 * Our advice is to enable options and change their values here 02458 * only if you have a good reason and know the consequences. 02459 * 02460 * Please check the respective header file for documentation on these 02461 * parameters (to prevent duplicate documentation). 02462 * \{ 02463 */ 02464 02465 /* MPI / BIGNUM options */ 02466 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02467 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02468 02469 /* CTR_DRBG options */ 02470 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02471 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02472 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02473 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02474 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02475 02476 /* HMAC_DRBG options */ 02477 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02478 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02479 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02480 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02481 02482 /* ECP options */ 02483 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02484 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02485 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02486 02487 /* Entropy options */ 02488 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02489 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02490 02491 /* Memory buffer allocator options */ 02492 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02493 02494 /* Platform options */ 02495 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02496 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02497 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02498 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02499 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02500 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02501 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02502 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02503 02504 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02505 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02506 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02507 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02508 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02509 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02510 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02511 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02512 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02513 02514 /* SSL Cache options */ 02515 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02516 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02517 02518 /* SSL options */ 02519 02520 #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096 02521 02522 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02523 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02524 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02525 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02526 02527 /** 02528 * Complete list of ciphersuites to use, in order of preference. 02529 * 02530 * \warning No dependency checking is done on that field! This option can only 02531 * be used to restrict the set of available ciphersuites. It is your 02532 * responsibility to make sure the needed modules are active. 02533 * 02534 * Use this to save a few hundred bytes of ROM (default ordering of all 02535 * available ciphersuites) and a few to a few hundred bytes of RAM. 02536 * 02537 * The value below is only an example, not the default. 02538 */ 02539 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, \ 02540 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \ 02541 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ 02542 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, \ 02543 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 02544 /* X509 options */ 02545 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02546 02547 /* \} name SECTION: Module configuration options */ 02548 02549 // Reduces size particularly in case PSA crypto is used 02550 #undef MBEDTLS_CHACHA20_C 02551 #undef MBEDTLS_CHACHAPOLY_C 02552 #undef MBEDTLS_POLY1305_C 02553 02554 #if defined(TARGET_LIKE_MBED) 02555 #include "mbedtls/target_config.h" 02556 #endif 02557 02558 /* 02559 * Allow user to override any previous default. 02560 */ 02561 02562 #if defined(MBEDTLS_USER_CONFIG_FILE) 02563 #include MBEDTLS_USER_CONFIG_FILE 02564 #endif 02565 02566 #include "mbedtls/check_config.h" 02567 02568 #endif /* KSDK_MBEDTLS_CONFIG_H */
Generated on Mon Aug 29 2022 19:53:40 by
1.7.2