Mark Radbourne
/
mbedtls
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: Encrypt_Decrypt1 mbed_blink_tls encrypt encrypt
Embed:
(wiki syntax)
Show/hide line numbers
config.h
Go to the documentation of this file.
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * This set of compile-time options may be used to enable 00007 * or disable features selectively, and reduce the global 00008 * memory footprint. 00009 * 00010 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00011 * SPDX-License-Identifier: Apache-2.0 00012 * 00013 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00014 * not use this file except in compliance with the License. 00015 * You may obtain a copy of the License at 00016 * 00017 * http://www.apache.org/licenses/LICENSE-2.0 00018 * 00019 * Unless required by applicable law or agreed to in writing, software 00020 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00021 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00022 * See the License for the specific language governing permissions and 00023 * limitations under the License. 00024 * 00025 * This file is part of mbed TLS (https://tls.mbed.org) 00026 */ 00027 00028 #ifndef MBEDTLS_CONFIG_H 00029 #define MBEDTLS_CONFIG_H 00030 00031 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00032 #define _CRT_SECURE_NO_DEPRECATE 1 00033 #endif 00034 00035 /** 00036 * \name SECTION: System support 00037 * 00038 * This section sets system specific settings. 00039 * \{ 00040 */ 00041 00042 /** 00043 * \def MBEDTLS_HAVE_ASM 00044 * 00045 * The compiler has support for asm(). 00046 * 00047 * Requires support for asm() in compiler. 00048 * 00049 * Used in: 00050 * library/timing.c 00051 * library/padlock.c 00052 * include/mbedtls/bn_mul.h 00053 * 00054 * Comment to disable the use of assembly code. 00055 */ 00056 #define MBEDTLS_HAVE_ASM 00057 00058 /** 00059 * \def MBEDTLS_HAVE_SSE2 00060 * 00061 * CPU supports SSE2 instruction set. 00062 * 00063 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00064 */ 00065 //#define MBEDTLS_HAVE_SSE2 00066 00067 /** 00068 * \def MBEDTLS_HAVE_TIME 00069 * 00070 * System has time.h and time(). 00071 * The time does not need to be correct, only time differences are used, 00072 * by contrast with MBEDTLS_HAVE_TIME_DATE 00073 * 00074 * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, 00075 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and 00076 * MBEDTLS_PLATFORM_STD_TIME. 00077 * 00078 * Comment if your system does not support time functions 00079 */ 00080 #define MBEDTLS_HAVE_TIME 00081 00082 /** 00083 * \def MBEDTLS_HAVE_TIME_DATE 00084 * 00085 * System has time.h and time(), gmtime() and the clock is correct. 00086 * The time needs to be correct (not necesarily very accurate, but at least 00087 * the date should be correct). This is used to verify the validity period of 00088 * X.509 certificates. 00089 * 00090 * Comment if your system does not have a correct clock. 00091 */ 00092 #define MBEDTLS_HAVE_TIME_DATE 00093 00094 /** 00095 * \def MBEDTLS_PLATFORM_MEMORY 00096 * 00097 * Enable the memory allocation layer. 00098 * 00099 * By default mbed TLS uses the system-provided calloc() and free(). 00100 * This allows different allocators (self-implemented or provided) to be 00101 * provided to the platform abstraction layer. 00102 * 00103 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00104 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00105 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00106 * free() function pointer at runtime. 00107 * 00108 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00109 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00110 * alternate function at compile time. 00111 * 00112 * Requires: MBEDTLS_PLATFORM_C 00113 * 00114 * Enable this layer to allow use of alternative memory allocators. 00115 */ 00116 //#define MBEDTLS_PLATFORM_MEMORY 00117 00118 /** 00119 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00120 * 00121 * Do not assign standard functions in the platform layer (e.g. calloc() to 00122 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00123 * 00124 * This makes sure there are no linking errors on platforms that do not support 00125 * these functions. You will HAVE to provide alternatives, either at runtime 00126 * via the platform_set_xxx() functions or at compile time by setting 00127 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00128 * MBEDTLS_PLATFORM_XXX_MACRO. 00129 * 00130 * Requires: MBEDTLS_PLATFORM_C 00131 * 00132 * Uncomment to prevent default assignment of standard functions in the 00133 * platform layer. 00134 */ 00135 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00136 00137 /** 00138 * \def MBEDTLS_PLATFORM_EXIT_ALT 00139 * 00140 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the 00141 * function in the platform abstraction layer. 00142 * 00143 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00144 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00145 * alternative printf function pointer. 00146 * 00147 * All these define require MBEDTLS_PLATFORM_C to be defined! 00148 * 00149 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00150 * it will be enabled automatically by check_config.h 00151 * 00152 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00153 * MBEDTLS_PLATFORM_XXX_MACRO! 00154 * 00155 * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME 00156 * 00157 * Uncomment a macro to enable alternate implementation of specific base 00158 * platform function 00159 */ 00160 //#define MBEDTLS_PLATFORM_EXIT_ALT 00161 //#define MBEDTLS_PLATFORM_TIME_ALT 00162 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00163 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00164 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00165 //#define MBEDTLS_PLATFORM_NV_SEED_ALT 00166 00167 /** 00168 * \def MBEDTLS_DEPRECATED_WARNING 00169 * 00170 * Mark deprecated functions so that they generate a warning if used. 00171 * Functions deprecated in one version will usually be removed in the next 00172 * version. You can enable this to help you prepare the transition to a new 00173 * major version by making sure your code is not using these functions. 00174 * 00175 * This only works with GCC and Clang. With other compilers, you may want to 00176 * use MBEDTLS_DEPRECATED_REMOVED 00177 * 00178 * Uncomment to get warnings on using deprecated functions. 00179 */ 00180 //#define MBEDTLS_DEPRECATED_WARNING 00181 00182 /** 00183 * \def MBEDTLS_DEPRECATED_REMOVED 00184 * 00185 * Remove deprecated functions so that they generate an error if used. 00186 * Functions deprecated in one version will usually be removed in the next 00187 * version. You can enable this to help you prepare the transition to a new 00188 * major version by making sure your code is not using these functions. 00189 * 00190 * Uncomment to get errors on using deprecated functions. 00191 */ 00192 //#define MBEDTLS_DEPRECATED_REMOVED 00193 00194 /* \} name SECTION: System support */ 00195 00196 /** 00197 * \name SECTION: mbed TLS feature support 00198 * 00199 * This section sets support for features that are or are not needed 00200 * within the modules that are enabled. 00201 * \{ 00202 */ 00203 00204 /** 00205 * \def MBEDTLS_TIMING_ALT 00206 * 00207 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00208 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00209 * 00210 * Only works if you have MBEDTLS_TIMING_C enabled. 00211 * 00212 * You will need to provide a header "timing_alt.h" and an implementation at 00213 * compile time. 00214 */ 00215 //#define MBEDTLS_TIMING_ALT 00216 00217 /** 00218 * \def MBEDTLS_AES_ALT 00219 * 00220 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your 00221 * alternate core implementation of a symmetric crypto or hash module (e.g. 00222 * platform specific assembly optimized implementations). Keep in mind that 00223 * the function prototypes should remain the same. 00224 * 00225 * This replaces the whole module. If you only want to replace one of the 00226 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00227 * 00228 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00229 * provide the "struct mbedtls_aes_context" definition and omit the base function 00230 * declarations and implementations. "aes_alt.h" will be included from 00231 * "aes.h" to include the new function definitions. 00232 * 00233 * Uncomment a macro to enable alternate implementation of the corresponding 00234 * module. 00235 */ 00236 //#define MBEDTLS_AES_ALT 00237 //#define MBEDTLS_ARC4_ALT 00238 //#define MBEDTLS_BLOWFISH_ALT 00239 //#define MBEDTLS_CAMELLIA_ALT 00240 //#define MBEDTLS_DES_ALT 00241 //#define MBEDTLS_XTEA_ALT 00242 //#define MBEDTLS_MD2_ALT 00243 //#define MBEDTLS_MD4_ALT 00244 //#define MBEDTLS_MD5_ALT 00245 //#define MBEDTLS_RIPEMD160_ALT 00246 //#define MBEDTLS_SHA1_ALT 00247 //#define MBEDTLS_SHA256_ALT 00248 //#define MBEDTLS_SHA512_ALT 00249 00250 /** 00251 * \def MBEDTLS_MD2_PROCESS_ALT 00252 * 00253 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you 00254 * alternate core implementation of symmetric crypto or hash function. Keep in 00255 * mind that function prototypes should remain the same. 00256 * 00257 * This replaces only one function. The header file from mbed TLS is still 00258 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00259 * 00260 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00261 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00262 * the other function (using your mbedtls_sha1_process() function) and the definition 00263 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00264 * with this definition. 00265 * 00266 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set 00267 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00268 * tables. 00269 * 00270 * Uncomment a macro to enable alternate implementation of the corresponding 00271 * function. 00272 */ 00273 //#define MBEDTLS_MD2_PROCESS_ALT 00274 //#define MBEDTLS_MD4_PROCESS_ALT 00275 //#define MBEDTLS_MD5_PROCESS_ALT 00276 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00277 //#define MBEDTLS_SHA1_PROCESS_ALT 00278 //#define MBEDTLS_SHA256_PROCESS_ALT 00279 //#define MBEDTLS_SHA512_PROCESS_ALT 00280 //#define MBEDTLS_DES_SETKEY_ALT 00281 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00282 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00283 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00284 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00285 //#define MBEDTLS_AES_ENCRYPT_ALT 00286 //#define MBEDTLS_AES_DECRYPT_ALT 00287 00288 /** 00289 * \def MBEDTLS_TEST_NULL_ENTROPY 00290 * 00291 * Enables testing and use of mbed TLS without any configured entropy sources. 00292 * This permits use of the library on platforms before an entropy source has 00293 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the 00294 * MBEDTLS_ENTROPY_NV_SEED switches). 00295 * 00296 * WARNING! This switch MUST be disabled in production builds, and is suitable 00297 * only for development. 00298 * Enabling the switch negates any security provided by the library. 00299 * 00300 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00301 * 00302 */ 00303 //#define MBEDTLS_TEST_NULL_ENTROPY 00304 00305 /** 00306 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00307 * 00308 * Uncomment this macro to let mbed TLS use your own implementation of a 00309 * hardware entropy collector. 00310 * 00311 * Your function must be called \c mbedtls_hardware_poll(), have the same 00312 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00313 * 00314 * Uncomment to use your own hardware entropy collector. 00315 */ 00316 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00317 00318 /** 00319 * \def MBEDTLS_AES_ROM_TABLES 00320 * 00321 * Store the AES tables in ROM. 00322 * 00323 * Uncomment this macro to store the AES tables in ROM. 00324 */ 00325 //#define MBEDTLS_AES_ROM_TABLES 00326 00327 /** 00328 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00329 * 00330 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00331 * 00332 * Uncomment this macro to use less memory for Camellia. 00333 */ 00334 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00335 00336 /** 00337 * \def MBEDTLS_CIPHER_MODE_CBC 00338 * 00339 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00340 */ 00341 #define MBEDTLS_CIPHER_MODE_CBC 00342 00343 /** 00344 * \def MBEDTLS_CIPHER_MODE_CFB 00345 * 00346 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00347 */ 00348 #define MBEDTLS_CIPHER_MODE_CFB 00349 00350 /** 00351 * \def MBEDTLS_CIPHER_MODE_CTR 00352 * 00353 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00354 */ 00355 #define MBEDTLS_CIPHER_MODE_CTR 00356 00357 /** 00358 * \def MBEDTLS_CIPHER_NULL_CIPHER 00359 * 00360 * Enable NULL cipher. 00361 * Warning: Only do so when you know what you are doing. This allows for 00362 * encryption or channels without any security! 00363 * 00364 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00365 * the following ciphersuites: 00366 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00367 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00368 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00369 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00370 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00371 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00372 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00373 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00374 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00375 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00376 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00377 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00378 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00379 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00380 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00381 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00382 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00383 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00384 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00385 * 00386 * Uncomment this macro to enable the NULL cipher and ciphersuites 00387 */ 00388 //#define MBEDTLS_CIPHER_NULL_CIPHER 00389 00390 /** 00391 * \def MBEDTLS_CIPHER_PADDING_PKCS7 00392 * 00393 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for 00394 * specific padding modes in the cipher layer with cipher modes that support 00395 * padding (e.g. CBC) 00396 * 00397 * If you disable all padding modes, only full blocks can be used with CBC. 00398 * 00399 * Enable padding modes in the cipher layer. 00400 */ 00401 #define MBEDTLS_CIPHER_PADDING_PKCS7 00402 #define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00403 #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00404 #define MBEDTLS_CIPHER_PADDING_ZEROS 00405 00406 /** 00407 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00408 * 00409 * Enable weak ciphersuites in SSL / TLS. 00410 * Warning: Only do so when you know what you are doing. This allows for 00411 * channels with virtually no security at all! 00412 * 00413 * This enables the following ciphersuites: 00414 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00415 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00416 * 00417 * Uncomment this macro to enable weak ciphersuites 00418 */ 00419 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00420 00421 /** 00422 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00423 * 00424 * Remove RC4 ciphersuites by default in SSL / TLS. 00425 * This flag removes the ciphersuites based on RC4 from the default list as 00426 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00427 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00428 * explicitly. 00429 * 00430 * Uncomment this macro to remove RC4 ciphersuites by default. 00431 */ 00432 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00433 00434 /** 00435 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED 00436 * 00437 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve 00438 * module. By default all supported curves are enabled. 00439 * 00440 * Comment macros to disable the curve and functions for it 00441 */ 00442 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00443 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00444 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00445 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00446 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00447 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00448 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00449 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00450 #define MBEDTLS_ECP_DP_BP256R1_ENABLED 00451 #define MBEDTLS_ECP_DP_BP384R1_ENABLED 00452 #define MBEDTLS_ECP_DP_BP512R1_ENABLED 00453 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00454 00455 /** 00456 * \def MBEDTLS_ECP_NIST_OPTIM 00457 * 00458 * Enable specific 'modulo p' routines for each NIST prime. 00459 * Depending on the prime and architecture, makes operations 4 to 8 times 00460 * faster on the corresponding curve. 00461 * 00462 * Comment this macro to disable NIST curves optimisation. 00463 */ 00464 #define MBEDTLS_ECP_NIST_OPTIM 00465 00466 /** 00467 * \def MBEDTLS_ECDSA_DETERMINISTIC 00468 * 00469 * Enable deterministic ECDSA (RFC 6979). 00470 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00471 * may result in a compromise of the long-term signing key. This is avoided by 00472 * the deterministic variant. 00473 * 00474 * Requires: MBEDTLS_HMAC_DRBG_C 00475 * 00476 * Comment this macro to disable deterministic ECDSA. 00477 */ 00478 #define MBEDTLS_ECDSA_DETERMINISTIC 00479 00480 /** 00481 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00482 * 00483 * Enable the PSK based ciphersuite modes in SSL / TLS. 00484 * 00485 * This enables the following ciphersuites (if other requisites are 00486 * enabled as well): 00487 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00488 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00489 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00490 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00491 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00492 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00493 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00494 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00495 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00496 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00497 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00498 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00499 */ 00500 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00501 00502 /** 00503 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00504 * 00505 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00506 * 00507 * Requires: MBEDTLS_DHM_C 00508 * 00509 * This enables the following ciphersuites (if other requisites are 00510 * enabled as well): 00511 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00512 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00513 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00514 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00515 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00516 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00517 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00518 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00519 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00520 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00521 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00522 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00523 */ 00524 #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00525 00526 /** 00527 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00528 * 00529 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00530 * 00531 * Requires: MBEDTLS_ECDH_C 00532 * 00533 * This enables the following ciphersuites (if other requisites are 00534 * enabled as well): 00535 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00536 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00537 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00538 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00539 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00540 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00541 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00542 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00543 */ 00544 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00545 00546 /** 00547 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00548 * 00549 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00550 * 00551 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00552 * MBEDTLS_X509_CRT_PARSE_C 00553 * 00554 * This enables the following ciphersuites (if other requisites are 00555 * enabled as well): 00556 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00557 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00558 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00559 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00560 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00561 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00562 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00563 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00564 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00565 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00566 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00567 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00568 */ 00569 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00570 00571 /** 00572 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00573 * 00574 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00575 * 00576 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00577 * MBEDTLS_X509_CRT_PARSE_C 00578 * 00579 * This enables the following ciphersuites (if other requisites are 00580 * enabled as well): 00581 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00582 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00583 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00584 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00585 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00586 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00587 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00588 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00589 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00590 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00591 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00592 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00593 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00594 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00595 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00596 */ 00597 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00598 00599 /** 00600 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00601 * 00602 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00603 * 00604 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00605 * MBEDTLS_X509_CRT_PARSE_C 00606 * 00607 * This enables the following ciphersuites (if other requisites are 00608 * enabled as well): 00609 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00610 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00611 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00612 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00613 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00614 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00615 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00616 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00617 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00618 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00619 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00620 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00621 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00622 */ 00623 #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00624 00625 /** 00626 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00627 * 00628 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00629 * 00630 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00631 * MBEDTLS_X509_CRT_PARSE_C 00632 * 00633 * This enables the following ciphersuites (if other requisites are 00634 * enabled as well): 00635 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00636 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00637 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00638 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00639 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00640 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00641 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00642 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00643 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00644 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00645 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00646 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00647 */ 00648 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00649 00650 /** 00651 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00652 * 00653 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00654 * 00655 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00656 * 00657 * This enables the following ciphersuites (if other requisites are 00658 * enabled as well): 00659 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00660 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00661 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00662 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00663 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00664 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00665 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00666 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00667 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00668 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00669 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00670 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00671 */ 00672 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00673 00674 /** 00675 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00676 * 00677 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00678 * 00679 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00680 * 00681 * This enables the following ciphersuites (if other requisites are 00682 * enabled as well): 00683 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00684 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00685 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00686 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00687 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00688 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00689 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00690 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00691 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00692 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00693 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00694 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00695 */ 00696 #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00697 00698 /** 00699 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00700 * 00701 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00702 * 00703 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00704 * 00705 * This enables the following ciphersuites (if other requisites are 00706 * enabled as well): 00707 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00708 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00709 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00710 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00711 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00712 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00713 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00714 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00715 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00716 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00717 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00718 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00719 */ 00720 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00721 00722 /** 00723 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00724 * 00725 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. 00726 * 00727 * \warning This is currently experimental. EC J-PAKE support is based on the 00728 * Thread v1.0.0 specification; incompatible changes to the specification 00729 * might still happen. For this reason, this is disabled by default. 00730 * 00731 * Requires: MBEDTLS_ECJPAKE_C 00732 * MBEDTLS_SHA256_C 00733 * MBEDTLS_ECP_DP_SECP256R1_ENABLED 00734 * 00735 * This enables the following ciphersuites (if other requisites are 00736 * enabled as well): 00737 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 00738 */ 00739 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00740 00741 /** 00742 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00743 * 00744 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00745 * RFC 5915 and RFC 5480. 00746 * 00747 * Currently this means parsing the SpecifiedECDomain choice of EC 00748 * parameters (only known groups are supported, not arbitrary domains, to 00749 * avoid validation issues). 00750 * 00751 * Disable if you only need to support RFC 5915 + 5480 key formats. 00752 */ 00753 #define MBEDTLS_PK_PARSE_EC_EXTENDED 00754 00755 /** 00756 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00757 * 00758 * Enable a dummy error function to make use of mbedtls_strerror() in 00759 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00760 * (no effect when MBEDTLS_ERROR_C is enabled). 00761 * 00762 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00763 * not using mbedtls_strerror() or error_strerror() in your application. 00764 * 00765 * Disable if you run into name conflicts and want to really remove the 00766 * mbedtls_strerror() 00767 */ 00768 #define MBEDTLS_ERROR_STRERROR_DUMMY 00769 00770 /** 00771 * \def MBEDTLS_GENPRIME 00772 * 00773 * Enable the prime-number generation code. 00774 * 00775 * Requires: MBEDTLS_BIGNUM_C 00776 */ 00777 #define MBEDTLS_GENPRIME 00778 00779 /** 00780 * \def MBEDTLS_FS_IO 00781 * 00782 * Enable functions that use the filesystem. 00783 */ 00784 //#define MBEDTLS_FS_IO 00785 00786 /** 00787 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00788 * 00789 * Do not add default entropy sources. These are the platform specific, 00790 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00791 * 00792 * This is useful to have more control over the added entropy sources in an 00793 * application. 00794 * 00795 * Uncomment this macro to prevent loading of default entropy functions. 00796 */ 00797 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00798 00799 /** 00800 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00801 * 00802 * Do not use built-in platform entropy functions. 00803 * This is useful if your platform does not support 00804 * standards like the /dev/urandom or Windows CryptoAPI. 00805 * 00806 * Uncomment this macro to disable the built-in platform entropy functions. 00807 */ 00808 #define MBEDTLS_NO_PLATFORM_ENTROPY 00809 00810 /** 00811 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00812 * 00813 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00814 * default SHA-512 based one (if both are available). 00815 * 00816 * Requires: MBEDTLS_SHA256_C 00817 * 00818 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00819 * if you have performance concerns. 00820 * 00821 * This option is only useful if both MBEDTLS_SHA256_C and 00822 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00823 */ 00824 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00825 00826 /** 00827 * \def MBEDTLS_ENTROPY_NV_SEED 00828 * 00829 * Enable the non-volatile (NV) seed file-based entropy source. 00830 * (Also enables the NV seed read/write functions in the platform layer) 00831 * 00832 * This is crucial (if not required) on systems that do not have a 00833 * cryptographic entropy source (in hardware or kernel) available. 00834 * 00835 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C 00836 * 00837 * \note The read/write functions that are used by the entropy source are 00838 * determined in the platform layer, and can be modified at runtime and/or 00839 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. 00840 * 00841 * \note If you use the default implementation functions that read a seedfile 00842 * with regular fopen(), please make sure you make a seedfile with the 00843 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at 00844 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from 00845 * and written to or you will get an entropy source error! The default 00846 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE 00847 * bytes from the file. 00848 * 00849 * \note The entropy collector will write to the seed file before entropy is 00850 * given to an external source, to update it. 00851 */ 00852 //#define MBEDTLS_ENTROPY_NV_SEED 00853 00854 /** 00855 * \def MBEDTLS_MEMORY_DEBUG 00856 * 00857 * Enable debugging of buffer allocator memory issues. Automatically prints 00858 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00859 * function for 'debug output' of allocated memory. 00860 * 00861 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00862 * 00863 * Uncomment this macro to let the buffer allocator print out error messages. 00864 */ 00865 //#define MBEDTLS_MEMORY_DEBUG 00866 00867 /** 00868 * \def MBEDTLS_MEMORY_BACKTRACE 00869 * 00870 * Include backtrace information with each allocated block. 00871 * 00872 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00873 * GLIBC-compatible backtrace() an backtrace_symbols() support 00874 * 00875 * Uncomment this macro to include backtrace information 00876 */ 00877 //#define MBEDTLS_MEMORY_BACKTRACE 00878 00879 /** 00880 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00881 * 00882 * Support external private RSA keys (eg from a HSM) in the PK layer. 00883 * 00884 * Comment this macro to disable support for external private RSA keys. 00885 */ 00886 #define MBEDTLS_PK_RSA_ALT_SUPPORT 00887 00888 /** 00889 * \def MBEDTLS_PKCS1_V15 00890 * 00891 * Enable support for PKCS#1 v1.5 encoding. 00892 * 00893 * Requires: MBEDTLS_RSA_C 00894 * 00895 * This enables support for PKCS#1 v1.5 operations. 00896 */ 00897 #define MBEDTLS_PKCS1_V15 00898 00899 /** 00900 * \def MBEDTLS_PKCS1_V21 00901 * 00902 * Enable support for PKCS#1 v2.1 encoding. 00903 * 00904 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 00905 * 00906 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00907 */ 00908 #define MBEDTLS_PKCS1_V21 00909 00910 /** 00911 * \def MBEDTLS_RSA_NO_CRT 00912 * 00913 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00914 * 00915 * Uncomment this macro to disable the use of CRT in RSA. 00916 * 00917 */ 00918 //#define MBEDTLS_RSA_NO_CRT 00919 00920 /** 00921 * \def MBEDTLS_SELF_TEST 00922 * 00923 * Enable the checkup functions (*_self_test). 00924 */ 00925 #define MBEDTLS_SELF_TEST 00926 00927 /** 00928 * \def MBEDTLS_SHA256_SMALLER 00929 * 00930 * Enable an implementation of SHA-256 that has lower ROM footprint but also 00931 * lower performance. 00932 * 00933 * The default implementation is meant to be a reasonnable compromise between 00934 * performance and size. This version optimizes more aggressively for size at 00935 * the expense of performance. Eg on Cortex-M4 it reduces the size of 00936 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 00937 * 30%. 00938 * 00939 * Uncomment to enable the smaller implementation of SHA256. 00940 */ 00941 //#define MBEDTLS_SHA256_SMALLER 00942 00943 /** 00944 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 00945 * 00946 * Enable sending of alert messages in case of encountered errors as per RFC. 00947 * If you choose not to send the alert messages, mbed TLS can still communicate 00948 * with other servers, only debugging of failures is harder. 00949 * 00950 * The advantage of not sending alert messages, is that no information is given 00951 * about reasons for failures thus preventing adversaries of gaining intel. 00952 * 00953 * Enable sending of all alert messages 00954 */ 00955 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 00956 00957 /** 00958 * \def MBEDTLS_SSL_DEBUG_ALL 00959 * 00960 * Enable the debug messages in SSL module for all issues. 00961 * Debug messages have been disabled in some places to prevent timing 00962 * attacks due to (unbalanced) debugging function calls. 00963 * 00964 * If you need all error reporting you should enable this during debugging, 00965 * but remove this for production servers that should log as well. 00966 * 00967 * Uncomment this macro to report all debug messages on errors introducing 00968 * a timing side-channel. 00969 * 00970 */ 00971 //#define MBEDTLS_SSL_DEBUG_ALL 00972 00973 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 00974 * 00975 * Enable support for Encrypt-then-MAC, RFC 7366. 00976 * 00977 * This allows peers that both support it to use a more robust protection for 00978 * ciphersuites using CBC, providing deep resistance against timing attacks 00979 * on the padding or underlying cipher. 00980 * 00981 * This only affects CBC ciphersuites, and is useless if none is defined. 00982 * 00983 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 00984 * MBEDTLS_SSL_PROTO_TLS1_1 or 00985 * MBEDTLS_SSL_PROTO_TLS1_2 00986 * 00987 * Comment this macro to disable support for Encrypt-then-MAC 00988 */ 00989 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 00990 00991 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 00992 * 00993 * Enable support for Extended Master Secret, aka Session Hash 00994 * (draft-ietf-tls-session-hash-02). 00995 * 00996 * This was introduced as "the proper fix" to the Triple Handshake familiy of 00997 * attacks, but it is recommended to always use it (even if you disable 00998 * renegotiation), since it actually fixes a more fundamental issue in the 00999 * original SSL/TLS design, and has implications beyond Triple Handshake. 01000 * 01001 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01002 * MBEDTLS_SSL_PROTO_TLS1_1 or 01003 * MBEDTLS_SSL_PROTO_TLS1_2 01004 * 01005 * Comment this macro to disable support for Extended Master Secret. 01006 */ 01007 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01008 01009 /** 01010 * \def MBEDTLS_SSL_FALLBACK_SCSV 01011 * 01012 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01013 * 01014 * For servers, it is recommended to always enable this, unless you support 01015 * only one version of TLS, or know for sure that none of your clients 01016 * implements a fallback strategy. 01017 * 01018 * For clients, you only need this if you're using a fallback strategy, which 01019 * is not recommended in the first place, unless you absolutely need it to 01020 * interoperate with buggy (version-intolerant) servers. 01021 * 01022 * Comment this macro to disable support for FALLBACK_SCSV 01023 */ 01024 #define MBEDTLS_SSL_FALLBACK_SCSV 01025 01026 /** 01027 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01028 * 01029 * Enable hooking functions in SSL module for hardware acceleration of 01030 * individual records. 01031 * 01032 * Uncomment this macro to enable hooking functions. 01033 */ 01034 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01035 01036 /** 01037 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01038 * 01039 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01040 * 01041 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01042 * of interoperability issues compared to sending 0-length records. 01043 * 01044 * Comment this macro to disable 1/n-1 record splitting. 01045 */ 01046 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01047 01048 /** 01049 * \def MBEDTLS_SSL_RENEGOTIATION 01050 * 01051 * Disable support for TLS renegotiation. 01052 * 01053 * The two main uses of renegotiation are (1) refresh keys on long-lived 01054 * connections and (2) client authentication after the initial handshake. 01055 * If you don't need renegotiation, it's probably better to disable it, since 01056 * it has been associated with security issues in the past and is easy to 01057 * misuse/misunderstand. 01058 * 01059 * Comment this to disable support for renegotiation. 01060 */ 01061 #define MBEDTLS_SSL_RENEGOTIATION 01062 01063 /** 01064 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01065 * 01066 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01067 * SSL Server module (MBEDTLS_SSL_SRV_C). 01068 * 01069 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01070 */ 01071 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01072 01073 /** 01074 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01075 * 01076 * Pick the ciphersuite according to the client's preferences rather than ours 01077 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01078 * 01079 * Uncomment this macro to respect client's ciphersuite order 01080 */ 01081 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01082 01083 /** 01084 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01085 * 01086 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01087 * 01088 * Comment this macro to disable support for the max_fragment_length extension 01089 */ 01090 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01091 01092 /** 01093 * \def MBEDTLS_SSL_PROTO_SSL3 01094 * 01095 * Enable support for SSL 3.0. 01096 * 01097 * Requires: MBEDTLS_MD5_C 01098 * MBEDTLS_SHA1_C 01099 * 01100 * Comment this macro to disable support for SSL 3.0 01101 */ 01102 //#define MBEDTLS_SSL_PROTO_SSL3 01103 01104 /** 01105 * \def MBEDTLS_SSL_PROTO_TLS1 01106 * 01107 * Enable support for TLS 1.0. 01108 * 01109 * Requires: MBEDTLS_MD5_C 01110 * MBEDTLS_SHA1_C 01111 * 01112 * Comment this macro to disable support for TLS 1.0 01113 */ 01114 #define MBEDTLS_SSL_PROTO_TLS1 01115 01116 /** 01117 * \def MBEDTLS_SSL_PROTO_TLS1_1 01118 * 01119 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01120 * 01121 * Requires: MBEDTLS_MD5_C 01122 * MBEDTLS_SHA1_C 01123 * 01124 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01125 */ 01126 #define MBEDTLS_SSL_PROTO_TLS1_1 01127 01128 /** 01129 * \def MBEDTLS_SSL_PROTO_TLS1_2 01130 * 01131 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01132 * 01133 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01134 * (Depends on ciphersuites) 01135 * 01136 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01137 */ 01138 #define MBEDTLS_SSL_PROTO_TLS1_2 01139 01140 /** 01141 * \def MBEDTLS_SSL_PROTO_DTLS 01142 * 01143 * Enable support for DTLS (all available versions). 01144 * 01145 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01146 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01147 * 01148 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01149 * or MBEDTLS_SSL_PROTO_TLS1_2 01150 * 01151 * Comment this macro to disable support for DTLS 01152 */ 01153 #define MBEDTLS_SSL_PROTO_DTLS 01154 01155 /** 01156 * \def MBEDTLS_SSL_ALPN 01157 * 01158 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01159 * 01160 * Comment this macro to disable support for ALPN. 01161 */ 01162 #define MBEDTLS_SSL_ALPN 01163 01164 /** 01165 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01166 * 01167 * Enable support for the anti-replay mechanism in DTLS. 01168 * 01169 * Requires: MBEDTLS_SSL_TLS_C 01170 * MBEDTLS_SSL_PROTO_DTLS 01171 * 01172 * \warning Disabling this is often a security risk! 01173 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01174 * 01175 * Comment this to disable anti-replay in DTLS. 01176 */ 01177 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01178 01179 /** 01180 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01181 * 01182 * Enable support for HelloVerifyRequest on DTLS servers. 01183 * 01184 * This feature is highly recommended to prevent DTLS servers being used as 01185 * amplifiers in DoS attacks against other hosts. It should always be enabled 01186 * unless you know for sure amplification cannot be a problem in the 01187 * environment in which your server operates. 01188 * 01189 * \warning Disabling this can ba a security risk! (see above) 01190 * 01191 * Requires: MBEDTLS_SSL_PROTO_DTLS 01192 * 01193 * Comment this to disable support for HelloVerifyRequest. 01194 */ 01195 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01196 01197 /** 01198 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01199 * 01200 * Enable server-side support for clients that reconnect from the same port. 01201 * 01202 * Some clients unexpectedly close the connection and try to reconnect using the 01203 * same source port. This needs special support from the server to handle the 01204 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01205 * flag enables that support. 01206 * 01207 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01208 * 01209 * Comment this to disable support for clients reusing the source port. 01210 */ 01211 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01212 01213 /** 01214 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01215 * 01216 * Enable support for a limit of records with bad MAC. 01217 * 01218 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01219 * 01220 * Requires: MBEDTLS_SSL_PROTO_DTLS 01221 */ 01222 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01223 01224 /** 01225 * \def MBEDTLS_SSL_SESSION_TICKETS 01226 * 01227 * Enable support for RFC 5077 session tickets in SSL. 01228 * Client-side, provides full support for session tickets (maintainance of a 01229 * session store remains the responsibility of the application, though). 01230 * Server-side, you also need to provide callbacks for writing and parsing 01231 * tickets, including authenticated encryption and key management. Example 01232 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01233 * 01234 * Comment this macro to disable support for SSL session tickets 01235 */ 01236 #define MBEDTLS_SSL_SESSION_TICKETS 01237 01238 /** 01239 * \def MBEDTLS_SSL_EXPORT_KEYS 01240 * 01241 * Enable support for exporting key block and master secret. 01242 * This is required for certain users of TLS, e.g. EAP-TLS. 01243 * 01244 * Comment this macro to disable support for key export 01245 */ 01246 #define MBEDTLS_SSL_EXPORT_KEYS 01247 01248 /** 01249 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01250 * 01251 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01252 * 01253 * Requires: MBEDTLS_X509_CRT_PARSE_C 01254 * 01255 * Comment this macro to disable support for server name indication in SSL 01256 */ 01257 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 01258 01259 /** 01260 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01261 * 01262 * Enable support for RFC 6066 truncated HMAC in SSL. 01263 * 01264 * Comment this macro to disable support for truncated HMAC in SSL 01265 */ 01266 #define MBEDTLS_SSL_TRUNCATED_HMAC 01267 01268 /** 01269 * \def MBEDTLS_THREADING_ALT 01270 * 01271 * Provide your own alternate threading implementation. 01272 * 01273 * Requires: MBEDTLS_THREADING_C 01274 * 01275 * Uncomment this to allow your own alternate threading implementation. 01276 */ 01277 //#define MBEDTLS_THREADING_ALT 01278 01279 /** 01280 * \def MBEDTLS_THREADING_PTHREAD 01281 * 01282 * Enable the pthread wrapper layer for the threading layer. 01283 * 01284 * Requires: MBEDTLS_THREADING_C 01285 * 01286 * Uncomment this to enable pthread mutexes. 01287 */ 01288 //#define MBEDTLS_THREADING_PTHREAD 01289 01290 /** 01291 * \def MBEDTLS_VERSION_FEATURES 01292 * 01293 * Allow run-time checking of compile-time enabled features. Thus allowing users 01294 * to check at run-time if the library is for instance compiled with threading 01295 * support via mbedtls_version_check_feature(). 01296 * 01297 * Requires: MBEDTLS_VERSION_C 01298 * 01299 * Comment this to disable run-time checking and save ROM space 01300 */ 01301 #define MBEDTLS_VERSION_FEATURES 01302 01303 /** 01304 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01305 * 01306 * If set, the X509 parser will not break-off when parsing an X509 certificate 01307 * and encountering an extension in a v1 or v2 certificate. 01308 * 01309 * Uncomment to prevent an error. 01310 */ 01311 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01312 01313 /** 01314 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01315 * 01316 * If set, the X509 parser will not break-off when parsing an X509 certificate 01317 * and encountering an unknown critical extension. 01318 * 01319 * \warning Depending on your PKI use, enabling this can be a security risk! 01320 * 01321 * Uncomment to prevent an error. 01322 */ 01323 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01324 01325 /** 01326 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01327 * 01328 * Enable verification of the keyUsage extension (CA and leaf certificates). 01329 * 01330 * Disabling this avoids problems with mis-issued and/or misused 01331 * (intermediate) CA and leaf certificates. 01332 * 01333 * \warning Depending on your PKI use, disabling this can be a security risk! 01334 * 01335 * Comment to skip keyUsage checking for both CA and leaf certificates. 01336 */ 01337 #define MBEDTLS_X509_CHECK_KEY_USAGE 01338 01339 /** 01340 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01341 * 01342 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01343 * 01344 * Disabling this avoids problems with mis-issued and/or misused certificates. 01345 * 01346 * \warning Depending on your PKI use, disabling this can be a security risk! 01347 * 01348 * Comment to skip extendedKeyUsage checking for certificates. 01349 */ 01350 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01351 01352 /** 01353 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01354 * 01355 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01356 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01357 * 01358 * Comment this macro to disallow using RSASSA-PSS in certificates. 01359 */ 01360 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01361 01362 /** 01363 * \def MBEDTLS_ZLIB_SUPPORT 01364 * 01365 * If set, the SSL/TLS module uses ZLIB to support compression and 01366 * decompression of packet data. 01367 * 01368 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01369 * CRIME attack. Before enabling this option, you should examine with care if 01370 * CRIME or similar exploits may be a applicable to your use case. 01371 * 01372 * \note Currently compression can't be used with DTLS. 01373 * 01374 * Used in: library/ssl_tls.c 01375 * library/ssl_cli.c 01376 * library/ssl_srv.c 01377 * 01378 * This feature requires zlib library and headers to be present. 01379 * 01380 * Uncomment to enable use of ZLIB 01381 */ 01382 //#define MBEDTLS_ZLIB_SUPPORT 01383 /* \} name SECTION: mbed TLS feature support */ 01384 01385 /** 01386 * \name SECTION: mbed TLS modules 01387 * 01388 * This section enables or disables entire modules in mbed TLS 01389 * \{ 01390 */ 01391 01392 /** 01393 * \def MBEDTLS_AESNI_C 01394 * 01395 * Enable AES-NI support on x86-64. 01396 * 01397 * Module: library/aesni.c 01398 * Caller: library/aes.c 01399 * 01400 * Requires: MBEDTLS_HAVE_ASM 01401 * 01402 * This modules adds support for the AES-NI instructions on x86-64 01403 */ 01404 #define MBEDTLS_AESNI_C 01405 01406 /** 01407 * \def MBEDTLS_AES_C 01408 * 01409 * Enable the AES block cipher. 01410 * 01411 * Module: library/aes.c 01412 * Caller: library/ssl_tls.c 01413 * library/pem.c 01414 * library/ctr_drbg.c 01415 * 01416 * This module enables the following ciphersuites (if other requisites are 01417 * enabled as well): 01418 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01419 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01420 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01421 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01422 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01423 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01424 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01425 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01426 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01427 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01428 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01429 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01430 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01431 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01432 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01433 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01434 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01435 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01436 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01437 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01438 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01439 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01440 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01441 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01442 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01443 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01444 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01445 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01446 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01447 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01448 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01449 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01450 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01451 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01452 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01453 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01454 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01455 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01456 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01457 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01458 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01459 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01460 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01461 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01462 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01463 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01464 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01465 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01466 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01467 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01468 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01469 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01470 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01471 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01472 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01473 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01474 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01475 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01476 * 01477 * PEM_PARSE uses AES for decrypting encrypted keys. 01478 */ 01479 #define MBEDTLS_AES_C 01480 01481 /** 01482 * \def MBEDTLS_ARC4_C 01483 * 01484 * Enable the ARCFOUR stream cipher. 01485 * 01486 * Module: library/arc4.c 01487 * Caller: library/ssl_tls.c 01488 * 01489 * This module enables the following ciphersuites (if other requisites are 01490 * enabled as well): 01491 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01492 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01493 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01494 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01495 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01496 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01497 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01498 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01499 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01500 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01501 */ 01502 #define MBEDTLS_ARC4_C 01503 01504 /** 01505 * \def MBEDTLS_ASN1_PARSE_C 01506 * 01507 * Enable the generic ASN1 parser. 01508 * 01509 * Module: library/asn1.c 01510 * Caller: library/x509.c 01511 * library/dhm.c 01512 * library/pkcs12.c 01513 * library/pkcs5.c 01514 * library/pkparse.c 01515 */ 01516 #define MBEDTLS_ASN1_PARSE_C 01517 01518 /** 01519 * \def MBEDTLS_ASN1_WRITE_C 01520 * 01521 * Enable the generic ASN1 writer. 01522 * 01523 * Module: library/asn1write.c 01524 * Caller: library/ecdsa.c 01525 * library/pkwrite.c 01526 * library/x509_create.c 01527 * library/x509write_crt.c 01528 * library/x509write_csr.c 01529 */ 01530 #define MBEDTLS_ASN1_WRITE_C 01531 01532 /** 01533 * \def MBEDTLS_BASE64_C 01534 * 01535 * Enable the Base64 module. 01536 * 01537 * Module: library/base64.c 01538 * Caller: library/pem.c 01539 * 01540 * This module is required for PEM support (required by X.509). 01541 */ 01542 #define MBEDTLS_BASE64_C 01543 01544 /** 01545 * \def MBEDTLS_BIGNUM_C 01546 * 01547 * Enable the multi-precision integer library. 01548 * 01549 * Module: library/bignum.c 01550 * Caller: library/dhm.c 01551 * library/ecp.c 01552 * library/ecdsa.c 01553 * library/rsa.c 01554 * library/ssl_tls.c 01555 * 01556 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01557 */ 01558 #define MBEDTLS_BIGNUM_C 01559 01560 /** 01561 * \def MBEDTLS_BLOWFISH_C 01562 * 01563 * Enable the Blowfish block cipher. 01564 * 01565 * Module: library/blowfish.c 01566 */ 01567 #define MBEDTLS_BLOWFISH_C 01568 01569 /** 01570 * \def MBEDTLS_CAMELLIA_C 01571 * 01572 * Enable the Camellia block cipher. 01573 * 01574 * Module: library/camellia.c 01575 * Caller: library/ssl_tls.c 01576 * 01577 * This module enables the following ciphersuites (if other requisites are 01578 * enabled as well): 01579 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01580 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01581 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01582 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01583 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01584 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01585 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01586 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01587 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01588 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01589 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01590 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01591 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01592 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01593 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01594 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01595 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01596 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01597 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01598 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01599 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01600 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01601 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01602 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01603 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01604 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01605 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01606 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01607 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01608 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01609 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01610 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01611 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01612 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01613 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01614 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01615 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01616 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01617 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01618 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01619 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01620 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01621 */ 01622 #define MBEDTLS_CAMELLIA_C 01623 01624 /** 01625 * \def MBEDTLS_CCM_C 01626 * 01627 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01628 * 01629 * Module: library/ccm.c 01630 * 01631 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01632 * 01633 * This module enables the AES-CCM ciphersuites, if other requisites are 01634 * enabled as well. 01635 */ 01636 #define MBEDTLS_CCM_C 01637 01638 /** 01639 * \def MBEDTLS_CERTS_C 01640 * 01641 * Enable the test certificates. 01642 * 01643 * Module: library/certs.c 01644 * Caller: 01645 * 01646 * This module is used for testing (ssl_client/server). 01647 */ 01648 #define MBEDTLS_CERTS_C 01649 01650 /** 01651 * \def MBEDTLS_CIPHER_C 01652 * 01653 * Enable the generic cipher layer. 01654 * 01655 * Module: library/cipher.c 01656 * Caller: library/ssl_tls.c 01657 * 01658 * Uncomment to enable generic cipher wrappers. 01659 */ 01660 #define MBEDTLS_CIPHER_C 01661 01662 /** 01663 * \def MBEDTLS_CMAC_C 01664 * 01665 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block 01666 * ciphers. 01667 * 01668 * Module: library/cmac.c 01669 * 01670 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C 01671 * 01672 */ 01673 //#define MBEDTLS_CMAC_C 01674 01675 /** 01676 * \def MBEDTLS_CTR_DRBG_C 01677 * 01678 * Enable the CTR_DRBG AES-256-based random generator. 01679 * 01680 * Module: library/ctr_drbg.c 01681 * Caller: 01682 * 01683 * Requires: MBEDTLS_AES_C 01684 * 01685 * This module provides the CTR_DRBG AES-256 random number generator. 01686 */ 01687 #define MBEDTLS_CTR_DRBG_C 01688 01689 /** 01690 * \def MBEDTLS_DEBUG_C 01691 * 01692 * Enable the debug functions. 01693 * 01694 * Module: library/debug.c 01695 * Caller: library/ssl_cli.c 01696 * library/ssl_srv.c 01697 * library/ssl_tls.c 01698 * 01699 * This module provides debugging functions. 01700 */ 01701 #define MBEDTLS_DEBUG_C 01702 01703 /** 01704 * \def MBEDTLS_DES_C 01705 * 01706 * Enable the DES block cipher. 01707 * 01708 * Module: library/des.c 01709 * Caller: library/pem.c 01710 * library/ssl_tls.c 01711 * 01712 * This module enables the following ciphersuites (if other requisites are 01713 * enabled as well): 01714 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01715 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01716 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01717 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01718 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01719 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01720 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01721 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01722 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01723 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01724 * 01725 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01726 */ 01727 #define MBEDTLS_DES_C 01728 01729 /** 01730 * \def MBEDTLS_DHM_C 01731 * 01732 * Enable the Diffie-Hellman-Merkle module. 01733 * 01734 * Module: library/dhm.c 01735 * Caller: library/ssl_cli.c 01736 * library/ssl_srv.c 01737 * 01738 * This module is used by the following key exchanges: 01739 * DHE-RSA, DHE-PSK 01740 */ 01741 #define MBEDTLS_DHM_C 01742 01743 /** 01744 * \def MBEDTLS_ECDH_C 01745 * 01746 * Enable the elliptic curve Diffie-Hellman library. 01747 * 01748 * Module: library/ecdh.c 01749 * Caller: library/ssl_cli.c 01750 * library/ssl_srv.c 01751 * 01752 * This module is used by the following key exchanges: 01753 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01754 * 01755 * Requires: MBEDTLS_ECP_C 01756 */ 01757 #define MBEDTLS_ECDH_C 01758 01759 /** 01760 * \def MBEDTLS_ECDSA_C 01761 * 01762 * Enable the elliptic curve DSA library. 01763 * 01764 * Module: library/ecdsa.c 01765 * Caller: 01766 * 01767 * This module is used by the following key exchanges: 01768 * ECDHE-ECDSA 01769 * 01770 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01771 */ 01772 #define MBEDTLS_ECDSA_C 01773 01774 /** 01775 * \def MBEDTLS_ECJPAKE_C 01776 * 01777 * Enable the elliptic curve J-PAKE library. 01778 * 01779 * \warning This is currently experimental. EC J-PAKE support is based on the 01780 * Thread v1.0.0 specification; incompatible changes to the specification 01781 * might still happen. For this reason, this is disabled by default. 01782 * 01783 * Module: library/ecjpake.c 01784 * Caller: 01785 * 01786 * This module is used by the following key exchanges: 01787 * ECJPAKE 01788 * 01789 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C 01790 */ 01791 //#define MBEDTLS_ECJPAKE_C 01792 01793 /** 01794 * \def MBEDTLS_ECP_C 01795 * 01796 * Enable the elliptic curve over GF(p) library. 01797 * 01798 * Module: library/ecp.c 01799 * Caller: library/ecdh.c 01800 * library/ecdsa.c 01801 * library/ecjpake.c 01802 * 01803 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01804 */ 01805 #define MBEDTLS_ECP_C 01806 01807 /** 01808 * \def MBEDTLS_ENTROPY_C 01809 * 01810 * Enable the platform-specific entropy code. 01811 * 01812 * Module: library/entropy.c 01813 * Caller: 01814 * 01815 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01816 * 01817 * This module provides a generic entropy pool 01818 */ 01819 #define MBEDTLS_ENTROPY_C 01820 01821 /** 01822 * \def MBEDTLS_ERROR_C 01823 * 01824 * Enable error code to error string conversion. 01825 * 01826 * Module: library/error.c 01827 * Caller: 01828 * 01829 * This module enables mbedtls_strerror(). 01830 */ 01831 #define MBEDTLS_ERROR_C 01832 01833 /** 01834 * \def MBEDTLS_GCM_C 01835 * 01836 * Enable the Galois/Counter Mode (GCM) for AES. 01837 * 01838 * Module: library/gcm.c 01839 * 01840 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01841 * 01842 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01843 * requisites are enabled as well. 01844 */ 01845 #define MBEDTLS_GCM_C 01846 01847 /** 01848 * \def MBEDTLS_HAVEGE_C 01849 * 01850 * Enable the HAVEGE random generator. 01851 * 01852 * Warning: the HAVEGE random generator is not suitable for virtualized 01853 * environments 01854 * 01855 * Warning: the HAVEGE random generator is dependent on timing and specific 01856 * processor traits. It is therefore not advised to use HAVEGE as 01857 * your applications primary random generator or primary entropy pool 01858 * input. As a secondary input to your entropy pool, it IS able add 01859 * the (limited) extra entropy it provides. 01860 * 01861 * Module: library/havege.c 01862 * Caller: 01863 * 01864 * Requires: MBEDTLS_TIMING_C 01865 * 01866 * Uncomment to enable the HAVEGE random generator. 01867 */ 01868 //#define MBEDTLS_HAVEGE_C 01869 01870 /** 01871 * \def MBEDTLS_HMAC_DRBG_C 01872 * 01873 * Enable the HMAC_DRBG random generator. 01874 * 01875 * Module: library/hmac_drbg.c 01876 * Caller: 01877 * 01878 * Requires: MBEDTLS_MD_C 01879 * 01880 * Uncomment to enable the HMAC_DRBG random number geerator. 01881 */ 01882 #define MBEDTLS_HMAC_DRBG_C 01883 01884 /** 01885 * \def MBEDTLS_MD_C 01886 * 01887 * Enable the generic message digest layer. 01888 * 01889 * Module: library/md.c 01890 * Caller: 01891 * 01892 * Uncomment to enable generic message digest wrappers. 01893 */ 01894 #define MBEDTLS_MD_C 01895 01896 /** 01897 * \def MBEDTLS_MD2_C 01898 * 01899 * Enable the MD2 hash algorithm. 01900 * 01901 * Module: library/md2.c 01902 * Caller: 01903 * 01904 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01905 */ 01906 //#define MBEDTLS_MD2_C 01907 01908 /** 01909 * \def MBEDTLS_MD4_C 01910 * 01911 * Enable the MD4 hash algorithm. 01912 * 01913 * Module: library/md4.c 01914 * Caller: 01915 * 01916 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01917 */ 01918 //#define MBEDTLS_MD4_C 01919 01920 /** 01921 * \def MBEDTLS_MD5_C 01922 * 01923 * Enable the MD5 hash algorithm. 01924 * 01925 * Module: library/md5.c 01926 * Caller: library/md.c 01927 * library/pem.c 01928 * library/ssl_tls.c 01929 * 01930 * This module is required for SSL/TLS and X.509. 01931 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01932 */ 01933 #define MBEDTLS_MD5_C 01934 01935 /** 01936 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 01937 * 01938 * Enable the buffer allocator implementation that makes use of a (stack) 01939 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 01940 * calls) 01941 * 01942 * Module: library/memory_buffer_alloc.c 01943 * 01944 * Requires: MBEDTLS_PLATFORM_C 01945 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 01946 * 01947 * Enable this module to enable the buffer memory allocator. 01948 */ 01949 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 01950 01951 /** 01952 * \def MBEDTLS_NET_C 01953 * 01954 * Enable the TCP and UDP over IPv6/IPv4 networking routines. 01955 * 01956 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) 01957 * and Windows. For other platforms, you'll want to disable it, and write your 01958 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). 01959 * 01960 * \note See also our Knowledge Base article about porting to a new 01961 * environment: 01962 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 01963 * 01964 * Module: library/net_sockets.c 01965 * 01966 * This module provides networking routines. 01967 */ 01968 //#define MBEDTLS_NET_C 01969 01970 /** 01971 * \def MBEDTLS_OID_C 01972 * 01973 * Enable the OID database. 01974 * 01975 * Module: library/oid.c 01976 * Caller: library/asn1write.c 01977 * library/pkcs5.c 01978 * library/pkparse.c 01979 * library/pkwrite.c 01980 * library/rsa.c 01981 * library/x509.c 01982 * library/x509_create.c 01983 * library/x509_crl.c 01984 * library/x509_crt.c 01985 * library/x509_csr.c 01986 * library/x509write_crt.c 01987 * library/x509write_csr.c 01988 * 01989 * This modules translates between OIDs and internal values. 01990 */ 01991 #define MBEDTLS_OID_C 01992 01993 /** 01994 * \def MBEDTLS_PADLOCK_C 01995 * 01996 * Enable VIA Padlock support on x86. 01997 * 01998 * Module: library/padlock.c 01999 * Caller: library/aes.c 02000 * 02001 * Requires: MBEDTLS_HAVE_ASM 02002 * 02003 * This modules adds support for the VIA PadLock on x86. 02004 */ 02005 #define MBEDTLS_PADLOCK_C 02006 02007 /** 02008 * \def MBEDTLS_PEM_PARSE_C 02009 * 02010 * Enable PEM decoding / parsing. 02011 * 02012 * Module: library/pem.c 02013 * Caller: library/dhm.c 02014 * library/pkparse.c 02015 * library/x509_crl.c 02016 * library/x509_crt.c 02017 * library/x509_csr.c 02018 * 02019 * Requires: MBEDTLS_BASE64_C 02020 * 02021 * This modules adds support for decoding / parsing PEM files. 02022 */ 02023 #define MBEDTLS_PEM_PARSE_C 02024 02025 /** 02026 * \def MBEDTLS_PEM_WRITE_C 02027 * 02028 * Enable PEM encoding / writing. 02029 * 02030 * Module: library/pem.c 02031 * Caller: library/pkwrite.c 02032 * library/x509write_crt.c 02033 * library/x509write_csr.c 02034 * 02035 * Requires: MBEDTLS_BASE64_C 02036 * 02037 * This modules adds support for encoding / writing PEM files. 02038 */ 02039 #define MBEDTLS_PEM_WRITE_C 02040 02041 /** 02042 * \def MBEDTLS_PK_C 02043 * 02044 * Enable the generic public (asymetric) key layer. 02045 * 02046 * Module: library/pk.c 02047 * Caller: library/ssl_tls.c 02048 * library/ssl_cli.c 02049 * library/ssl_srv.c 02050 * 02051 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02052 * 02053 * Uncomment to enable generic public key wrappers. 02054 */ 02055 #define MBEDTLS_PK_C 02056 02057 /** 02058 * \def MBEDTLS_PK_PARSE_C 02059 * 02060 * Enable the generic public (asymetric) key parser. 02061 * 02062 * Module: library/pkparse.c 02063 * Caller: library/x509_crt.c 02064 * library/x509_csr.c 02065 * 02066 * Requires: MBEDTLS_PK_C 02067 * 02068 * Uncomment to enable generic public key parse functions. 02069 */ 02070 #define MBEDTLS_PK_PARSE_C 02071 02072 /** 02073 * \def MBEDTLS_PK_WRITE_C 02074 * 02075 * Enable the generic public (asymetric) key writer. 02076 * 02077 * Module: library/pkwrite.c 02078 * Caller: library/x509write.c 02079 * 02080 * Requires: MBEDTLS_PK_C 02081 * 02082 * Uncomment to enable generic public key write functions. 02083 */ 02084 #define MBEDTLS_PK_WRITE_C 02085 02086 /** 02087 * \def MBEDTLS_PKCS5_C 02088 * 02089 * Enable PKCS#5 functions. 02090 * 02091 * Module: library/pkcs5.c 02092 * 02093 * Requires: MBEDTLS_MD_C 02094 * 02095 * This module adds support for the PKCS#5 functions. 02096 */ 02097 #define MBEDTLS_PKCS5_C 02098 02099 /** 02100 * \def MBEDTLS_PKCS11_C 02101 * 02102 * Enable wrapper for PKCS#11 smartcard support. 02103 * 02104 * Module: library/pkcs11.c 02105 * Caller: library/pk.c 02106 * 02107 * Requires: MBEDTLS_PK_C 02108 * 02109 * This module enables SSL/TLS PKCS #11 smartcard support. 02110 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02111 */ 02112 //#define MBEDTLS_PKCS11_C 02113 02114 /** 02115 * \def MBEDTLS_PKCS12_C 02116 * 02117 * Enable PKCS#12 PBE functions. 02118 * Adds algorithms for parsing PKCS#8 encrypted private keys 02119 * 02120 * Module: library/pkcs12.c 02121 * Caller: library/pkparse.c 02122 * 02123 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02124 * Can use: MBEDTLS_ARC4_C 02125 * 02126 * This module enables PKCS#12 functions. 02127 */ 02128 #define MBEDTLS_PKCS12_C 02129 02130 /** 02131 * \def MBEDTLS_PLATFORM_C 02132 * 02133 * Enable the platform abstraction layer that allows you to re-assign 02134 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02135 * 02136 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02137 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02138 * above to be specified at runtime or compile time respectively. 02139 * 02140 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02141 * as other module rely on it for a fixed snprintf implementation. 02142 * 02143 * Module: library/platform.c 02144 * Caller: Most other .c files 02145 * 02146 * This module enables abstraction of common (libc) functions. 02147 */ 02148 #define MBEDTLS_PLATFORM_C 02149 02150 /** 02151 * \def MBEDTLS_RIPEMD160_C 02152 * 02153 * Enable the RIPEMD-160 hash algorithm. 02154 * 02155 * Module: library/ripemd160.c 02156 * Caller: library/md.c 02157 * 02158 */ 02159 #define MBEDTLS_RIPEMD160_C 02160 02161 /** 02162 * \def MBEDTLS_RSA_C 02163 * 02164 * Enable the RSA public-key cryptosystem. 02165 * 02166 * Module: library/rsa.c 02167 * Caller: library/ssl_cli.c 02168 * library/ssl_srv.c 02169 * library/ssl_tls.c 02170 * library/x509.c 02171 * 02172 * This module is used by the following key exchanges: 02173 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02174 * 02175 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02176 */ 02177 #define MBEDTLS_RSA_C 02178 02179 /** 02180 * \def MBEDTLS_SHA1_C 02181 * 02182 * Enable the SHA1 cryptographic hash algorithm. 02183 * 02184 * Module: library/sha1.c 02185 * Caller: library/md.c 02186 * library/ssl_cli.c 02187 * library/ssl_srv.c 02188 * library/ssl_tls.c 02189 * library/x509write_crt.c 02190 * 02191 * This module is required for SSL/TLS and SHA1-signed certificates. 02192 */ 02193 #define MBEDTLS_SHA1_C 02194 02195 /** 02196 * \def MBEDTLS_SHA256_C 02197 * 02198 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02199 * 02200 * Module: library/sha256.c 02201 * Caller: library/entropy.c 02202 * library/md.c 02203 * library/ssl_cli.c 02204 * library/ssl_srv.c 02205 * library/ssl_tls.c 02206 * 02207 * This module adds support for SHA-224 and SHA-256. 02208 * This module is required for the SSL/TLS 1.2 PRF function. 02209 */ 02210 #define MBEDTLS_SHA256_C 02211 02212 /** 02213 * \def MBEDTLS_SHA512_C 02214 * 02215 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02216 * 02217 * Module: library/sha512.c 02218 * Caller: library/entropy.c 02219 * library/md.c 02220 * library/ssl_cli.c 02221 * library/ssl_srv.c 02222 * 02223 * This module adds support for SHA-384 and SHA-512. 02224 */ 02225 #define MBEDTLS_SHA512_C 02226 02227 /** 02228 * \def MBEDTLS_SSL_CACHE_C 02229 * 02230 * Enable simple SSL cache implementation. 02231 * 02232 * Module: library/ssl_cache.c 02233 * Caller: 02234 * 02235 * Requires: MBEDTLS_SSL_CACHE_C 02236 */ 02237 #define MBEDTLS_SSL_CACHE_C 02238 02239 /** 02240 * \def MBEDTLS_SSL_COOKIE_C 02241 * 02242 * Enable basic implementation of DTLS cookies for hello verification. 02243 * 02244 * Module: library/ssl_cookie.c 02245 * Caller: 02246 */ 02247 #define MBEDTLS_SSL_COOKIE_C 02248 02249 /** 02250 * \def MBEDTLS_SSL_TICKET_C 02251 * 02252 * Enable an implementation of TLS server-side callbacks for session tickets. 02253 * 02254 * Module: library/ssl_ticket.c 02255 * Caller: 02256 * 02257 * Requires: MBEDTLS_CIPHER_C 02258 */ 02259 #define MBEDTLS_SSL_TICKET_C 02260 02261 /** 02262 * \def MBEDTLS_SSL_CLI_C 02263 * 02264 * Enable the SSL/TLS client code. 02265 * 02266 * Module: library/ssl_cli.c 02267 * Caller: 02268 * 02269 * Requires: MBEDTLS_SSL_TLS_C 02270 * 02271 * This module is required for SSL/TLS client support. 02272 */ 02273 #define MBEDTLS_SSL_CLI_C 02274 02275 /** 02276 * \def MBEDTLS_SSL_SRV_C 02277 * 02278 * Enable the SSL/TLS server code. 02279 * 02280 * Module: library/ssl_srv.c 02281 * Caller: 02282 * 02283 * Requires: MBEDTLS_SSL_TLS_C 02284 * 02285 * This module is required for SSL/TLS server support. 02286 */ 02287 #define MBEDTLS_SSL_SRV_C 02288 02289 /** 02290 * \def MBEDTLS_SSL_TLS_C 02291 * 02292 * Enable the generic SSL/TLS code. 02293 * 02294 * Module: library/ssl_tls.c 02295 * Caller: library/ssl_cli.c 02296 * library/ssl_srv.c 02297 * 02298 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02299 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02300 * 02301 * This module is required for SSL/TLS. 02302 */ 02303 #define MBEDTLS_SSL_TLS_C 02304 02305 /** 02306 * \def MBEDTLS_THREADING_C 02307 * 02308 * Enable the threading abstraction layer. 02309 * By default mbed TLS assumes it is used in a non-threaded environment or that 02310 * contexts are not shared between threads. If you do intend to use contexts 02311 * between threads, you will need to enable this layer to prevent race 02312 * conditions. See also our Knowledge Base article about threading: 02313 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading 02314 * 02315 * Module: library/threading.c 02316 * 02317 * This allows different threading implementations (self-implemented or 02318 * provided). 02319 * 02320 * You will have to enable either MBEDTLS_THREADING_ALT or 02321 * MBEDTLS_THREADING_PTHREAD. 02322 * 02323 * Enable this layer to allow use of mutexes within mbed TLS 02324 */ 02325 //#define MBEDTLS_THREADING_C 02326 02327 /** 02328 * \def MBEDTLS_TIMING_C 02329 * 02330 * Enable the semi-portable timing interface. 02331 * 02332 * \note The provided implementation only works on POSIX/Unix (including Linux, 02333 * BSD and OS X) and Windows. On other platforms, you can either disable that 02334 * module and provide your own implementations of the callbacks needed by 02335 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide 02336 * your own implementation of the whole module by setting 02337 * \c MBEDTLS_TIMING_ALT in the current file. 02338 * 02339 * \note See also our Knowledge Base article about porting to a new 02340 * environment: 02341 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02342 * 02343 * Module: library/timing.c 02344 * Caller: library/havege.c 02345 * 02346 * This module is used by the HAVEGE random number generator. 02347 */ 02348 //#define MBEDTLS_TIMING_C 02349 02350 /** 02351 * \def MBEDTLS_VERSION_C 02352 * 02353 * Enable run-time version information. 02354 * 02355 * Module: library/version.c 02356 * 02357 * This module provides run-time version information. 02358 */ 02359 #define MBEDTLS_VERSION_C 02360 02361 /** 02362 * \def MBEDTLS_X509_USE_C 02363 * 02364 * Enable X.509 core for using certificates. 02365 * 02366 * Module: library/x509.c 02367 * Caller: library/x509_crl.c 02368 * library/x509_crt.c 02369 * library/x509_csr.c 02370 * 02371 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02372 * MBEDTLS_PK_PARSE_C 02373 * 02374 * This module is required for the X.509 parsing modules. 02375 */ 02376 #define MBEDTLS_X509_USE_C 02377 02378 /** 02379 * \def MBEDTLS_X509_CRT_PARSE_C 02380 * 02381 * Enable X.509 certificate parsing. 02382 * 02383 * Module: library/x509_crt.c 02384 * Caller: library/ssl_cli.c 02385 * library/ssl_srv.c 02386 * library/ssl_tls.c 02387 * 02388 * Requires: MBEDTLS_X509_USE_C 02389 * 02390 * This module is required for X.509 certificate parsing. 02391 */ 02392 #define MBEDTLS_X509_CRT_PARSE_C 02393 02394 /** 02395 * \def MBEDTLS_X509_CRL_PARSE_C 02396 * 02397 * Enable X.509 CRL parsing. 02398 * 02399 * Module: library/x509_crl.c 02400 * Caller: library/x509_crt.c 02401 * 02402 * Requires: MBEDTLS_X509_USE_C 02403 * 02404 * This module is required for X.509 CRL parsing. 02405 */ 02406 #define MBEDTLS_X509_CRL_PARSE_C 02407 02408 /** 02409 * \def MBEDTLS_X509_CSR_PARSE_C 02410 * 02411 * Enable X.509 Certificate Signing Request (CSR) parsing. 02412 * 02413 * Module: library/x509_csr.c 02414 * Caller: library/x509_crt_write.c 02415 * 02416 * Requires: MBEDTLS_X509_USE_C 02417 * 02418 * This module is used for reading X.509 certificate request. 02419 */ 02420 #define MBEDTLS_X509_CSR_PARSE_C 02421 02422 /** 02423 * \def MBEDTLS_X509_CREATE_C 02424 * 02425 * Enable X.509 core for creating certificates. 02426 * 02427 * Module: library/x509_create.c 02428 * 02429 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02430 * 02431 * This module is the basis for creating X.509 certificates and CSRs. 02432 */ 02433 #define MBEDTLS_X509_CREATE_C 02434 02435 /** 02436 * \def MBEDTLS_X509_CRT_WRITE_C 02437 * 02438 * Enable creating X.509 certificates. 02439 * 02440 * Module: library/x509_crt_write.c 02441 * 02442 * Requires: MBEDTLS_X509_CREATE_C 02443 * 02444 * This module is required for X.509 certificate creation. 02445 */ 02446 #define MBEDTLS_X509_CRT_WRITE_C 02447 02448 /** 02449 * \def MBEDTLS_X509_CSR_WRITE_C 02450 * 02451 * Enable creating X.509 Certificate Signing Requests (CSR). 02452 * 02453 * Module: library/x509_csr_write.c 02454 * 02455 * Requires: MBEDTLS_X509_CREATE_C 02456 * 02457 * This module is required for X.509 certificate request writing. 02458 */ 02459 #define MBEDTLS_X509_CSR_WRITE_C 02460 02461 /** 02462 * \def MBEDTLS_XTEA_C 02463 * 02464 * Enable the XTEA block cipher. 02465 * 02466 * Module: library/xtea.c 02467 * Caller: 02468 */ 02469 #define MBEDTLS_XTEA_C 02470 02471 /* \} name SECTION: mbed TLS modules */ 02472 02473 /** 02474 * \name SECTION: Module configuration options 02475 * 02476 * This section allows for the setting of module specific sizes and 02477 * configuration options. The default values are already present in the 02478 * relevant header files and should suffice for the regular use cases. 02479 * 02480 * Our advice is to enable options and change their values here 02481 * only if you have a good reason and know the consequences. 02482 * 02483 * Please check the respective header file for documentation on these 02484 * parameters (to prevent duplicate documentation). 02485 * \{ 02486 */ 02487 02488 /* MPI / BIGNUM options */ 02489 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02490 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02491 02492 /* CTR_DRBG options */ 02493 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02494 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02495 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02496 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02497 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02498 02499 /* HMAC_DRBG options */ 02500 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02501 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02502 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02503 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02504 02505 /* ECP options */ 02506 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02507 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02508 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02509 02510 /* Entropy options */ 02511 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02512 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02513 //#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ 02514 02515 /* Memory buffer allocator options */ 02516 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02517 02518 /* Platform options */ 02519 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02520 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02521 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02522 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02523 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02524 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02525 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02526 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02527 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02528 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ 02529 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ 02530 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02531 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02532 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ 02533 02534 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02535 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02536 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02537 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02538 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02539 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02540 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02541 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02542 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02543 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02544 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02545 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02546 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02547 02548 /* SSL Cache options */ 02549 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02550 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02551 02552 /* SSL options */ 02553 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02554 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02555 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02556 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02557 02558 /** 02559 * Complete list of ciphersuites to use, in order of preference. 02560 * 02561 * \warning No dependency checking is done on that field! This option can only 02562 * be used to restrict the set of available ciphersuites. It is your 02563 * responsibility to make sure the needed modules are active. 02564 * 02565 * Use this to save a few hundred bytes of ROM (default ordering of all 02566 * available ciphersuites) and a few to a few hundred bytes of RAM. 02567 * 02568 * The value below is only an example, not the default. 02569 */ 02570 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 02571 02572 /* X509 options */ 02573 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02574 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ 02575 02576 /* \} name SECTION: Customisation configuration options */ 02577 02578 /* Target and application specific configurations */ 02579 //#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h" 02580 02581 #if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE) 02582 #include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE 02583 #endif 02584 02585 /* 02586 * Allow user to override any previous default. 02587 * 02588 * Use two macro names for that, as: 02589 * - with yotta the prefix YOTTA_CFG_ is forced 02590 * - without yotta is looks weird to have a YOTTA prefix. 02591 */ 02592 #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) 02593 #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE 02594 #elif defined(MBEDTLS_USER_CONFIG_FILE) 02595 #include MBEDTLS_USER_CONFIG_FILE 02596 #endif 02597 02598 #include "check_config.h" 02599 02600 #endif /* MBEDTLS_CONFIG_H */
Generated on Tue Jul 12 2022 11:22:34 by
1.7.2