mbed TLS v2.2.0
|
mbed TLS configuration for Silicon Labs CRYPTO hardware acceleration
mbed TLS configuration is composed of settings in this Silicon Labs specific CRYPTO hardware acceleration file located in mbedtls/configs and the mbed TLS configuration file in mbedtls/include/mbedtls/config.h. This configuration can be used as a starting point to evaluate hardware acceleration available on Silicon Labs devices.
SECTION: System support | |
#define | MBEDTLS_HAVE_ASM |
The compiler has support for asm(). More... | |
#define | MBEDTLS_HAVE_SSE2 |
CPU supports SSE2 instruction set. More... | |
#define | MBEDTLS_HAVE_TIME |
System has time.h and time(). More... | |
#define | MBEDTLS_HAVE_TIME_DATE |
System has time.h and time(), gmtime() and the clock is correct. More... | |
#define | MBEDTLS_PLATFORM_MEMORY |
Enable the memory allocation layer. More... | |
#define | MBEDTLS_PLATFORM_NO_STD_FUNCTIONS |
Do not assign standard functions in the platform layer (e.g. More... | |
#define | MBEDTLS_PLATFORM_XXX_ALT |
Uncomment a macro to let mbed TLS support the function in the platform abstraction layer. More... | |
#define | MBEDTLS_DEPRECATED_WARNING |
Mark deprecated functions so that they generate a warning if used. More... | |
#define | MBEDTLS_DEPRECATED_REMOVED |
Remove deprecated functions so that they generate an error if used. More... | |
SECTION: mbed TLS feature support | |
This section sets support for features that are or are not needed within the modules that are enabled. | |
#define | MBEDTLS__MODULE_NAME__ALT |
Uncomment a macro to let mbed TLS use your alternate core implementation of a symmetric crypto or hash module (e.g. More... | |
#define | MBEDTLS__FUNCTION_NAME__ALT |
Uncomment a macro to let mbed TLS use you alternate core implementation of symmetric crypto or hash function. More... | |
#define | MBEDTLS_ENTROPY_HARDWARE_ALT |
Uncomment this macro to let mbed TLS use your own implementation of a hardware entropy collector. More... | |
#define | MBEDTLS_AES_ROM_TABLES |
Store the AES tables in ROM. More... | |
#define | MBEDTLS_CAMELLIA_SMALL_MEMORY |
Use less ROM for the Camellia implementation (saves about 768 bytes). More... | |
#define | MBEDTLS_CIPHER_MODE_CBC |
Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. More... | |
#define | MBEDTLS_CIPHER_MODE_CFB |
Enable Cipher Feedback mode (CFB) for symmetric ciphers. More... | |
#define | MBEDTLS_CIPHER_MODE_CTR |
Enable Counter Block Cipher mode (CTR) for symmetric ciphers. More... | |
#define | MBEDTLS_CIPHER_NULL_CIPHER |
Enable NULL cipher. More... | |
#define | MBEDTLS_CIPHER_PADDING_XXX |
Uncomment or comment macros to add support for specific padding modes in the cipher layer with cipher modes that support padding (e.g. More... | |
#define | MBEDTLS_CIPHER_PADDING_PKCS7 |
#define | MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS |
#define | MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN |
#define | MBEDTLS_CIPHER_PADDING_ZEROS |
#define | MBEDTLS_ENABLE_WEAK_CIPHERSUITES |
Enable weak ciphersuites in SSL / TLS. More... | |
#define | MBEDTLS_REMOVE_ARC4_CIPHERSUITES |
Remove RC4 ciphersuites by default in SSL / TLS. More... | |
#define | MBEDTLS_ECP_XXXX_ENABLED |
Enables specific curves within the Elliptic Curve module. More... | |
#define | MBEDTLS_ECP_DP_SECP192R1_ENABLED |
#define | MBEDTLS_ECP_DP_SECP224R1_ENABLED |
#define | MBEDTLS_ECP_DP_SECP256R1_ENABLED |
#define | MBEDTLS_ECP_DP_SECP384R1_ENABLED |
#define | MBEDTLS_ECP_DP_SECP521R1_ENABLED |
#define | MBEDTLS_ECP_DP_SECP192K1_ENABLED |
#define | MBEDTLS_ECP_DP_SECP224K1_ENABLED |
#define | MBEDTLS_ECP_DP_SECP256K1_ENABLED |
#define | MBEDTLS_ECP_DP_BP256R1_ENABLED |
#define | MBEDTLS_ECP_DP_BP384R1_ENABLED |
#define | MBEDTLS_ECP_DP_BP512R1_ENABLED |
#define | MBEDTLS_ECP_DP_CURVE25519_ENABLED |
#define | MBEDTLS_ECP_NIST_OPTIM |
Enable specific 'modulo p' routines for each NIST prime. More... | |
#define | MBEDTLS_ECDSA_DETERMINISTIC |
Enable deterministic ECDSA (RFC 6979). More... | |
#define | MBEDTLS_KEY_EXCHANGE_PSK_ENABLED |
Enable the PSK based ciphersuite modes in SSL / TLS. More... | |
#define | MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED |
Enable the DHE-PSK based ciphersuite modes in SSL / TLS. More... | |
#define | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED |
Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. More... | |
#define | MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
Enable the RSA-PSK based ciphersuite modes in SSL / TLS. More... | |
#define | MBEDTLS_KEY_EXCHANGE_RSA_ENABLED |
Enable the RSA-only based ciphersuite modes in SSL / TLS. More... | |
#define | MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED |
Enable the DHE-RSA based ciphersuite modes in SSL / TLS. More... | |
#define | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. More... | |
#define | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. More... | |
#define | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED |
Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. More... | |
#define | MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED |
Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. More... | |
#define | MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED |
Enable the ECJPAKE based ciphersuite modes in SSL / TLS. More... | |
#define | MBEDTLS_PK_PARSE_EC_EXTENDED |
Enhance support for reading EC keys using variants of SEC1 not allowed by RFC 5915 and RFC 5480. More... | |
#define | MBEDTLS_ERROR_STRERROR_DUMMY |
Enable a dummy error function to make use of mbedtls_strerror() in third party libraries easier when MBEDTLS_ERROR_C is disabled (no effect when MBEDTLS_ERROR_C is enabled). More... | |
#define | MBEDTLS_GENPRIME |
Enable the prime-number generation code. More... | |
#define | MBEDTLS_FS_IO |
Enable functions that use the filesystem. More... | |
#define | MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES |
Do not add default entropy sources. More... | |
#define | MBEDTLS_ENTROPY_FORCE_SHA256 |
Force the entropy accumulator to use a SHA-256 accumulator instead of the default SHA-512 based one (if both are available). More... | |
#define | MBEDTLS_MEMORY_DEBUG |
Enable debugging of buffer allocator memory issues. More... | |
#define | MBEDTLS_MEMORY_BACKTRACE |
Include backtrace information with each allocated block. More... | |
#define | MBEDTLS_PK_RSA_ALT_SUPPORT |
Support external private RSA keys (eg from a HSM) in the PK layer. More... | |
#define | MBEDTLS_PKCS1_V15 |
Enable support for PKCS#1 v1.5 encoding. More... | |
#define | MBEDTLS_PKCS1_V21 |
Enable support for PKCS#1 v2.1 encoding. More... | |
#define | MBEDTLS_RSA_NO_CRT |
Do not use the Chinese Remainder Theorem for the RSA private operation. More... | |
#define | MBEDTLS_SELF_TEST |
Enable the checkup functions (*_self_test). More... | |
#define | MBEDTLS_SHA256_SMALLER |
Enable an implementation of SHA-256 that has lower ROM footprint but also lower performance. More... | |
#define | MBEDTLS_SSL_AEAD_RANDOM_IV |
Generate a random IV rather than using the record sequence number as a nonce for ciphersuites using and AEAD algorithm (GCM or CCM). More... | |
#define | MBEDTLS_SSL_ALL_ALERT_MESSAGES |
Enable sending of alert messages in case of encountered errors as per RFC. More... | |
#define | MBEDTLS_SSL_DEBUG_ALL |
Enable the debug messages in SSL module for all issues. More... | |
#define | MBEDTLS_SSL_ENCRYPT_THEN_MAC |
Enable support for Encrypt-then-MAC, RFC 7366. More... | |
#define | MBEDTLS_SSL_EXTENDED_MASTER_SECRET |
Enable support for Extended Master Secret, aka Session Hash (draft-ietf-tls-session-hash-02). More... | |
#define | MBEDTLS_SSL_FALLBACK_SCSV |
Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). More... | |
#define | MBEDTLS_SSL_HW_RECORD_ACCEL |
Enable hooking functions in SSL module for hardware acceleration of individual records. More... | |
#define | MBEDTLS_SSL_CBC_RECORD_SPLITTING |
Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. More... | |
#define | MBEDTLS_SSL_RENEGOTIATION |
Disable support for TLS renegotiation. More... | |
#define | MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO |
Enable support for receiving and parsing SSLv2 Client Hello messages for the SSL Server module (MBEDTLS_SSL_SRV_C). More... | |
#define | MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE |
Pick the ciphersuite according to the client's preferences rather than ours in the SSL Server module (MBEDTLS_SSL_SRV_C). More... | |
#define | MBEDTLS_SSL_MAX_FRAGMENT_LENGTH |
Enable support for RFC 6066 max_fragment_length extension in SSL. More... | |
#define | MBEDTLS_SSL_PROTO_SSL3 |
Enable support for SSL 3.0. More... | |
#define | MBEDTLS_SSL_PROTO_TLS1 |
Enable support for TLS 1.0. More... | |
#define | MBEDTLS_SSL_PROTO_TLS1_1 |
Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). More... | |
#define | MBEDTLS_SSL_PROTO_TLS1_2 |
Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). More... | |
#define | MBEDTLS_SSL_PROTO_DTLS |
Enable support for DTLS (all available versions). More... | |
#define | MBEDTLS_SSL_ALPN |
Enable support for RFC 7301 Application Layer Protocol Negotiation. More... | |
#define | MBEDTLS_SSL_DTLS_ANTI_REPLAY |
Enable support for the anti-replay mechanism in DTLS. More... | |
#define | MBEDTLS_SSL_DTLS_HELLO_VERIFY |
Enable support for HelloVerifyRequest on DTLS servers. More... | |
#define | MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE |
Enable server-side support for clients that reconnect from the same port. More... | |
#define | MBEDTLS_SSL_DTLS_BADMAC_LIMIT |
Enable support for a limit of records with bad MAC. More... | |
#define | MBEDTLS_SSL_SESSION_TICKETS |
Enable support for RFC 5077 session tickets in SSL. More... | |
#define | MBEDTLS_SSL_EXPORT_KEYS |
Enable support for exporting key block and master secret. More... | |
#define | MBEDTLS_SSL_SERVER_NAME_INDICATION |
Enable support for RFC 6066 server name indication (SNI) in SSL. More... | |
#define | MBEDTLS_SSL_TRUNCATED_HMAC |
Enable support for RFC 6066 truncated HMAC in SSL. More... | |
#define | MBEDTLS_THREADING_ALT |
Provide your own alternate threading implementation. More... | |
#define | MBEDTLS_THREADING_PTHREAD |
Enable the pthread wrapper layer for the threading layer. More... | |
#define | MBEDTLS_VERSION_FEATURES |
Allow run-time checking of compile-time enabled features. More... | |
#define | MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 |
If set, the X509 parser will not break-off when parsing an X509 certificate and encountering an extension in a v1 or v2 certificate. More... | |
#define | MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION |
If set, the X509 parser will not break-off when parsing an X509 certificate and encountering an unknown critical extension. More... | |
#define | MBEDTLS_X509_CHECK_KEY_USAGE |
Enable verification of the keyUsage extension (CA and leaf certificates). More... | |
#define | MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE |
Enable verification of the extendedKeyUsage extension (leaf certificates). More... | |
#define | MBEDTLS_X509_RSASSA_PSS_SUPPORT |
Enable parsing and verification of X.509 certificates, CRLs and CSRS signed with RSASSA-PSS (aka PKCS#1 v2.1). More... | |
#define | MBEDTLS_ZLIB_SUPPORT |
If set, the SSL/TLS module uses ZLIB to support compression and decompression of packet data. More... | |
SECTION: mbed TLS modules | |
#define | MBEDTLS_AESNI_C |
Enable AES-NI support on x86-64. More... | |
#define | MBEDTLS_AES_C |
Enable the AES block cipher. More... | |
#define | MBEDTLS_ARC4_C |
Enable the ARCFOUR stream cipher. More... | |
#define | MBEDTLS_ASN1_PARSE_C |
Enable the generic ASN1 parser. More... | |
#define | MBEDTLS_ASN1_WRITE_C |
Enable the generic ASN1 writer. More... | |
#define | MBEDTLS_BASE64_C |
Enable the Base64 module. More... | |
#define | MBEDTLS_BIGNUM_C |
Enable the multi-precision integer library. More... | |
#define | MBEDTLS_BLOWFISH_C |
Enable the Blowfish block cipher. More... | |
#define | MBEDTLS_CAMELLIA_C |
Enable the Camellia block cipher. More... | |
#define | MBEDTLS_CCM_C |
Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. More... | |
#define | MBEDTLS_CERTS_C |
Enable the test certificates. More... | |
#define | MBEDTLS_CIPHER_C |
Enable the generic cipher layer. More... | |
#define | MBEDTLS_CTR_DRBG_C |
Enable the CTR_DRBG AES-256-based random generator. More... | |
#define | MBEDTLS_DEBUG_C |
Enable the debug functions. More... | |
#define | MBEDTLS_DES_C |
Enable the DES block cipher. More... | |
#define | MBEDTLS_DHM_C |
Enable the Diffie-Hellman-Merkle module. More... | |
#define | MBEDTLS_ECDH_C |
Enable the elliptic curve Diffie-Hellman library. More... | |
#define | MBEDTLS_ECDSA_C |
Enable the elliptic curve DSA library. More... | |
#define | MBEDTLS_ECJPAKE_C |
Enable the elliptic curve J-PAKE library. More... | |
#define | MBEDTLS_ECP_C |
Enable the elliptic curve over GF(p) library. More... | |
#define | MBEDTLS_ENTROPY_C |
Enable the platform-specific entropy code. More... | |
#define | MBEDTLS_ERROR_C |
Enable error code to error string conversion. More... | |
#define | MBEDTLS_GCM_C |
Enable the Galois/Counter Mode (GCM) for AES. More... | |
#define | MBEDTLS_HAVEGE_C |
Enable the HAVEGE random generator. More... | |
#define | MBEDTLS_HMAC_DRBG_C |
Enable the HMAC_DRBG random generator. More... | |
#define | MBEDTLS_MD_C |
Enable the generic message digest layer. More... | |
#define | MBEDTLS_MD2_C |
Enable the MD2 hash algorithm. More... | |
#define | MBEDTLS_MD4_C |
Enable the MD4 hash algorithm. More... | |
#define | MBEDTLS_MD5_C |
Enable the MD5 hash algorithm. More... | |
#define | MBEDTLS_MEMORY_BUFFER_ALLOC_C |
Enable the buffer allocator implementation that makes use of a (stack) based buffer to 'allocate' dynamic memory. More... | |
#define | MBEDTLS_NET_C |
Enable the TCP/IP networking routines. More... | |
#define | MBEDTLS_OID_C |
Enable the OID database. More... | |
#define | MBEDTLS_PADLOCK_C |
Enable VIA Padlock support on x86. More... | |
#define | MBEDTLS_PEM_PARSE_C |
Enable PEM decoding / parsing. More... | |
#define | MBEDTLS_PEM_WRITE_C |
Enable PEM encoding / writing. More... | |
#define | MBEDTLS_PK_C |
Enable the generic public (asymetric) key layer. More... | |
#define | MBEDTLS_PK_PARSE_C |
Enable the generic public (asymetric) key parser. More... | |
#define | MBEDTLS_PK_WRITE_C |
Enable the generic public (asymetric) key writer. More... | |
#define | MBEDTLS_PKCS5_C |
Enable PKCS#5 functions. More... | |
#define | MBEDTLS_PKCS11_C |
Enable wrapper for PKCS#11 smartcard support. More... | |
#define | MBEDTLS_PKCS12_C |
Enable PKCS#12 PBE functions. More... | |
#define | MBEDTLS_PLATFORM_C |
Enable the platform abstraction layer that allows you to re-assign functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). More... | |
#define | MBEDTLS_RIPEMD160_C |
Enable the RIPEMD-160 hash algorithm. More... | |
#define | MBEDTLS_RSA_C |
Enable the RSA public-key cryptosystem. More... | |
#define | MBEDTLS_SHA1_C |
Enable the SHA1 cryptographic hash algorithm. More... | |
#define | MBEDTLS_SHA256_C |
Enable the SHA-224 and SHA-256 cryptographic hash algorithms. More... | |
#define | MBEDTLS_SHA512_C |
Enable the SHA-384 and SHA-512 cryptographic hash algorithms. More... | |
#define | MBEDTLS_SSL_CACHE_C |
Enable simple SSL cache implementation. More... | |
#define | MBEDTLS_SSL_COOKIE_C |
Enable basic implementation of DTLS cookies for hello verification. More... | |
#define | MBEDTLS_SSL_TICKET_C |
Enable an implementation of TLS server-side callbacks for session tickets. More... | |
#define | MBEDTLS_SSL_CLI_C |
Enable the SSL/TLS client code. More... | |
#define | MBEDTLS_SSL_SRV_C |
Enable the SSL/TLS server code. More... | |
#define | MBEDTLS_SSL_TLS_C |
Enable the generic SSL/TLS code. More... | |
#define | MBEDTLS_THREADING_C |
Enable the threading abstraction layer. More... | |
#define | MBEDTLS_TIMING_C |
Enable the portable timing interface. More... | |
#define | MBEDTLS_VERSION_C |
Enable run-time version information. More... | |
#define | MBEDTLS_X509_USE_C |
Enable X.509 core for using certificates. More... | |
#define | MBEDTLS_X509_CRT_PARSE_C |
Enable X.509 certificate parsing. More... | |
#define | MBEDTLS_X509_CRL_PARSE_C |
Enable X.509 CRL parsing. More... | |
#define | MBEDTLS_X509_CSR_PARSE_C |
Enable X.509 Certificate Signing Request (CSR) parsing. More... | |
#define | MBEDTLS_X509_CREATE_C |
Enable X.509 core for creating certificates. More... | |
#define | MBEDTLS_X509_CRT_WRITE_C |
Enable creating X.509 certificates. More... | |
#define | MBEDTLS_X509_CSR_WRITE_C |
Enable creating X.509 Certificate Signing Requests (CSR). More... | |
#define | MBEDTLS_XTEA_C |
Enable the XTEA block cipher. More... | |
SECTION: Silicon Labs Acceleration settings | |
#define | MBEDTLS_TIMING_ALT |
Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() More... | |
#define | MBEDTLS_NO_PLATFORM_ENTROPY |
Do not use built-in platform entropy functions. More... | |
#define | MBEDTLS_SLCL_PLUGINS |
Enable class 2 (slcl_xxx.c) plugins including support for CRYPTO preemption, yield when device busy, DMA I/O mode, and support for classic EFM32 devices with AES module, EFM32GG, etc. More... | |
#define | MBEDTLS_CRYPTO_DEVICE_PREEMPTION |
Enable CRYPTO preemption. More... | |
#define | MBEDTLS_AES_ALT |
Enable hardware acceleration for the AES block cipher. More... | |
#define | MBEDTLS_CCM_ALT |
Enable hardware acceleration for the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. More... | |
#define | MBEDTLS_CMAC_C |
Enable Cipher-based Message Authentication Code (CMAC) based on AES-128. More... | |
#define | MBEDTLS_CMAC_ALT |
Enable hardware acceleration for the Cipher-based Message Authentication Code (CMAC) based on AES-128. More... | |
#define | MBEDTLS_DEVICE_YIELD_WHEN_BUSY |
Enable class 2 plugin slcl_ecp.c to yield the CPU core when CRYPTO device is busy. More... | |
#define | MBEDTLS_ECP_DEVICE_ALT |
#define | MBEDTLS_ECP_DOUBLE_JAC_ALT |
#define | MBEDTLS_ECP_DEVICE_ADD_MIXED_ALT |
#define | MBEDTLS_ECP_NORMALIZE_JAC_ALT |
#define | MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT |
#define | MBEDTLS_MPI_MODULAR_DIVISION_ALT |
Enable hardware acceleration for the elliptic curve over GF(p) library. More... | |
#define | MBEDTLS_ECP_ALT |
#define | MBEDTLS_ECP_GROUP_LOAD_ALT |
Enable CRYPTO preemption for the elliptic curve over GF(p) library. More... | |
#define | MBEDTLS_ECP_CRITICAL_SHORT |
Enable shorter critical regions in the class 2 plugin slcl_ecp.c. More... | |
#define | MBEDTLS_INCLUDE_IO_MODE_DMA |
Enable support for moving data to/from CRYPTO with DMA. More... | |
#define | MBEDTLS_SHA1_ALT |
Enable hardware acceleration for the SHA1 cryptographic hash algorithm. More... | |
#define | MBEDTLS_SHA256_ALT |
Enable hardware acceleration for the SHA-224 and SHA-256 cryptographic hash algorithms. More... | |
#define | MBEDTLS_TRNG_C |
Enable software support for the True Random Number Generator (TRNG) incorporated from Series 1 Configuration 2 devices (EFR32MG12, etc.) from Silicon Labs. More... | |
#define | MBEDTLS_TRNG_IGNORE_NOISE_ALARMS |
Ignore AIS-31 Noise Alarms and AIS-31 Preliminary Noise Alarms from the TRNG. More... | |
#define | MBEDTLS_ENTROPY_ALT |
#define | MBEDTLS_ENTROPY_INIT_ALT |
#define | MBEDTLS_ENTROPY_FREE_ALT |
Enable the TRNG as an entropy source which can serve the entropy module of mbedtls with random data. More... | |
#define | MBEDTLS_ECP_DP_SECP192R1_ENABLED |
#define | MBEDTLS_ECP_DP_SECP224R1_ENABLED |
#define | MBEDTLS_ECP_DP_SECP256R1_ENABLED |
#define | MBEDTLS_ECP_MAX_BITS 256 |
#define | MBEDTLS_MPI_MAX_SIZE 32 |
#define | MBEDTLS_ECP_WINDOW_SIZE 3 |
#define | MBEDTLS_ECP_FIXED_POINT_OPTIM 0 |
#define | MBEDTLS_ECP_NIST_OPTIM |
#define MBEDTLS__FUNCTION_NAME__ALT |
Uncomment a macro to let mbed TLS use you alternate core implementation of symmetric crypto or hash function.
Keep in mind that function prototypes should remain the same.
This replaces only one function. The header file from mbed TLS is still used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will no longer provide the mbedtls_sha1_process() function, but it will still provide the other function (using your mbedtls_sha1_process() function) and the definition of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible with this definition.
Note: if you use the AES_xxx_ALT macros, then is is recommended to also set MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES tables.
Uncomment a macro to enable alternate implementation of the corresponding function.
#define MBEDTLS__MODULE_NAME__ALT |
Uncomment a macro to let mbed TLS use your alternate core implementation of a symmetric crypto or hash module (e.g.
platform specific assembly optimized implementations). Keep in mind that the function prototypes should remain the same.
This replaces the whole module. If you only want to replace one of the functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer provide the "struct mbedtls_aes_context" definition and omit the base function declarations and implementations. "aes_alt.h" will be included from "aes.h" to include the new function definitions.
Uncomment a macro to enable alternate implementation of the corresponding module.
#define MBEDTLS_AES_ALT |
Enable hardware acceleration for the AES block cipher.
Module: sl_crypto/src/sl_aes.c or sl_crypto/src/slcl_aes.c if MBEDTLS_SLCL_PLUGINS is defined.
See MBEDTLS_AES_C for more information.
Definition at line 99 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_AES_C |
Enable the AES block cipher.
Module: library/aes.c Caller: library/ssl_tls.c library/pem.c library/ctr_drbg.c
This module enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
PEM_PARSE uses AES for decrypting encrypted keys.
#define MBEDTLS_AES_ROM_TABLES |
Store the AES tables in ROM.
Uncomment this macro to store the AES tables in ROM.
#define MBEDTLS_AESNI_C |
#define MBEDTLS_ARC4_C |
Enable the ARCFOUR stream cipher.
Module: library/arc4.c Caller: library/ssl_tls.c
This module enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
#define MBEDTLS_ASN1_PARSE_C |
#define MBEDTLS_ASN1_WRITE_C |
#define MBEDTLS_BASE64_C |
#define MBEDTLS_BIGNUM_C |
#define MBEDTLS_BLOWFISH_C |
#define MBEDTLS_CAMELLIA_C |
Enable the Camellia block cipher.
Module: library/camellia.c Caller: library/ssl_tls.c
This module enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
#define MBEDTLS_CAMELLIA_SMALL_MEMORY |
Use less ROM for the Camellia implementation (saves about 768 bytes).
Uncomment this macro to use less memory for Camellia.
#define MBEDTLS_CCM_ALT |
Enable hardware acceleration for the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
Module: sl_crypto/src/slcl_ccm.c
Requires: MBEDTLS_SLCL_PLUGINS
See MBEDTLS_CCM_C for more information.
#define MBEDTLS_CCM_C |
#define MBEDTLS_CERTS_C |
#define MBEDTLS_CIPHER_C |
#define MBEDTLS_CIPHER_MODE_CBC |
#define MBEDTLS_CIPHER_MODE_CFB |
#define MBEDTLS_CIPHER_MODE_CTR |
#define MBEDTLS_CIPHER_NULL_CIPHER |
Enable NULL cipher.
Warning: Only do so when you know what you are doing. This allows for encryption or channels without any security!
Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable the following ciphersuites: MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_RSA_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_WITH_NULL_SHA MBEDTLS_TLS_RSA_WITH_NULL_MD5 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA MBEDTLS_TLS_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_PSK_WITH_NULL_SHA
Uncomment this macro to enable the NULL cipher and ciphersuites
#define MBEDTLS_CIPHER_PADDING_XXX |
Uncomment or comment macros to add support for specific padding modes in the cipher layer with cipher modes that support padding (e.g.
CBC)
If you disable all padding modes, only full blocks can be used with CBC.
Enable padding modes in the cipher layer.
#define MBEDTLS_CMAC_ALT |
Enable hardware acceleration for the Cipher-based Message Authentication Code (CMAC) based on AES-128.
Module: sl_crypto/src/slcl_cmac.c
Requires: MBEDTLS_SLCL_PLUGINS, MBEDTLS_CMAC_C and (CRYPTO_COUNT > 0)
#define MBEDTLS_CMAC_C |
Enable Cipher-based Message Authentication Code (CMAC) based on AES-128.
Note: MBEDTLS_CMAC_ALT is required to enable the API since a pure C implementation of CMAC is not supported.
Module: sl_crypto/src/slcl_cmac.c
Requires: MBEDTLS_SLCL_PLUGINS, MBEDTLS_CMAC_ALT and (CRYPTO_COUNT > 0)
#define MBEDTLS_CRYPTO_DEVICE_PREEMPTION |
Enable CRYPTO preemption.
The CRYPTO preemption support allows a higher priority thread to preempt a lower priority thread that currently owns the CRYPTO module. The context of the lower priority thread will be saved and restored when the higher priority thread is done and releases the ownership of CRYPTO.
Module: sl_crypto/src/cryptodrv.c
Caller: sl_crypto/src/slcl_aes.c sl_crypto/src/slcl_ccm.c sl_crypto/src/slcl_cmac.c sl_crypto/src/slcl_ecp.c sl_crypto/src/slcl_sha1.c sl_crypto/src/slcl_sha256.c
Requires: MBEDTLS_SLCL_PLUGINS and (CRYPTO_COUNT > 0)
Comment/uncomment macros to disable/enable
#define MBEDTLS_CTR_DRBG_C |
#define MBEDTLS_DEBUG_C |
#define MBEDTLS_DEPRECATED_REMOVED |
Remove deprecated functions so that they generate an error if used.
Functions deprecated in one version will usually be removed in the next version. You can enable this to help you prepare the transition to a new major version by making sure your code is not using these functions.
Uncomment to get errors on using deprecated functions.
#define MBEDTLS_DEPRECATED_WARNING |
Mark deprecated functions so that they generate a warning if used.
Functions deprecated in one version will usually be removed in the next version. You can enable this to help you prepare the transition to a new major version by making sure your code is not using these functions.
This only works with GCC and Clang. With other compilers, you may want to use MBEDTLS_DEPRECATED_REMOVED
Uncomment to get warnings on using deprecated functions.
#define MBEDTLS_DES_C |
Enable the DES block cipher.
Module: library/des.c Caller: library/pem.c library/ssl_tls.c
This module enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
PEM_PARSE uses DES/3DES for decrypting encrypted keys.
#define MBEDTLS_DEVICE_YIELD_WHEN_BUSY |
Enable class 2 plugin slcl_ecp.c to yield the CPU core when CRYPTO device is busy.
The slcl_ecp.c plugin accelerates ECC algorithms and needs some rather lengthy CRYPTO instruction sequences. The longest instruction sequences will consume more than 1000 clock cycles and in order to utilize these cycles the slcl_ecp.c plugin can yield the CPU core to other thread(s) while waiting for the CRYPTO hardware to complete the instruction sequence.
Module: sl_crypto/src/slcl_ecp.c
Caller: library/ecp.c library/ecdh.c library/ecdsa.c library/ecjpake.c
Requires: MBEDTLS_SLCL_PLUGINS and (CRYPTO_COUNT > 0)
Comment/uncomment macros to disable/enable
#define MBEDTLS_DHM_C |
#define MBEDTLS_ECDH_C |
#define MBEDTLS_ECDSA_C |
#define MBEDTLS_ECDSA_DETERMINISTIC |
Enable deterministic ECDSA (RFC 6979).
Standard ECDSA is "fragile" in the sense that lack of entropy when signing may result in a compromise of the long-term signing key. This is avoided by the deterministic variant.
Requires: MBEDTLS_HMAC_DRBG_C
Comment this macro to disable deterministic ECDSA.
#define MBEDTLS_ECJPAKE_C |
Enable the elliptic curve J-PAKE library.
Module: library/ecjpake.c Caller:
This module is used by the following key exchanges: ECJPAKE
Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
#define MBEDTLS_ECP_ALT |
#define MBEDTLS_ECP_C |
#define MBEDTLS_ECP_CRITICAL_SHORT |
Enable shorter critical regions in the class 2 plugin slcl_ecp.c.
By defalt the slcl_ecp.c plugin implements rather lengthy critical regions in order to optimize for speed. However the long critical regions will block higher priority threads from accessing CRYPTO for a substantial amount of time. The lengthiest critical regions consume more than 50000 clock cycles when compiling with IAR High Speed Optimization and ARM GCC -O3. MBEDTLS_ECP_CRITICAL_SHORT will split up the long critical regions into shorter critical regions which should be less than 1500 clock cycles. when compiling with IAR High Speed Optimization and ARM GCC -O3.
Module: sl_crypto/src/slcl_ecp.c
Caller: library/ecp.c library/ecdh.c library/ecdsa.c library/ecjpake.c
Requires: MBEDTLS_SLCL_PLUGINS MBEDTLS_CRYPTO_DEVICE_PREEMPTION and (CRYPTO_COUNT > 0)
Comment/uncomment macros to disable/enable
#define MBEDTLS_ECP_DEVICE_ADD_MIXED_ALT |
Definition at line 198 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ECP_DEVICE_ALT |
Definition at line 196 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ECP_DOUBLE_JAC_ALT |
Definition at line 197 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED |
Definition at line 417 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED |
Definition at line 418 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED |
Definition at line 419 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 |
Definition at line 435 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ECP_GROUP_LOAD_ALT |
Enable CRYPTO preemption for the elliptic curve over GF(p) library.
Module: sl_crypto/src/slcl_ecp.c
Caller: library/ecp.c library/ecdh.c library/ecdsa.c library/ecjpake.c
Requires: MBEDTLS_BIGNUM_C, MBEDTLS_ECP_C, MBEDTLS_ECP_DEVICE_ALT, MBEDTLS_SLCL_PLUGINS MBEDTLS_CRYPTO_DEVICE_PREEMPTION at least one MBEDTLS_ECP_DP_XXX_ENABLED and (CRYPTO_COUNT > 0)
Comment/uncomment macros to disable/enable
#define MBEDTLS_ECP_MAX_BITS 256 |
Definition at line 422 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ECP_NIST_OPTIM |
Definition at line 438 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ECP_NIST_OPTIM |
#define MBEDTLS_ECP_NORMALIZE_JAC_ALT |
Definition at line 199 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT |
Definition at line 200 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ECP_WINDOW_SIZE 3 |
Definition at line 434 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ECP_XXXX_ENABLED |
Enables specific curves within the Elliptic Curve module.
By default all supported curves are enabled.
Comment macros to disable the curve and functions for it
#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES |
Enable weak ciphersuites in SSL / TLS.
Warning: Only do so when you know what you are doing. This allows for channels with virtually no security at all!
This enables the following ciphersuites: MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
Uncomment this macro to enable weak ciphersuites
#define MBEDTLS_ENTROPY_ALT |
Definition at line 409 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ENTROPY_C |
#define MBEDTLS_ENTROPY_FORCE_SHA256 |
Force the entropy accumulator to use a SHA-256 accumulator instead of the default SHA-512 based one (if both are available).
Requires: MBEDTLS_SHA256_C
On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option if you have performance concerns.
This option is only useful if both MBEDTLS_SHA256_C and MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
#define MBEDTLS_ENTROPY_FREE_ALT |
Enable the TRNG as an entropy source which can serve the entropy module of mbedtls with random data.
Requires TRNG_COUNT>0 and MBEDTLS_TRNG_C.
Definition at line 411 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ENTROPY_HARDWARE_ALT |
Uncomment this macro to let mbed TLS use your own implementation of a hardware entropy collector.
Your function must be called mbedtls_hardware_poll()
, have the same prototype as declared in entropy_poll.h, and accept NULL as first argument.
Uncomment to use your own hardware entropy collector.
#define MBEDTLS_ENTROPY_INIT_ALT |
Definition at line 410 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_ERROR_C |
Enable error code to error string conversion.
Module: library/error.c Caller:
This module enables mbedtls_strerror().
#define MBEDTLS_ERROR_STRERROR_DUMMY |
Enable a dummy error function to make use of mbedtls_strerror() in third party libraries easier when MBEDTLS_ERROR_C is disabled (no effect when MBEDTLS_ERROR_C is enabled).
You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're not using mbedtls_strerror() or error_strerror() in your application.
Disable if you run into name conflicts and want to really remove the mbedtls_strerror()
#define MBEDTLS_FS_IO |
#define MBEDTLS_GCM_C |
#define MBEDTLS_GENPRIME |
#define MBEDTLS_HAVE_ASM |
The compiler has support for asm().
Requires support for asm() in compiler.
Used in: library/timing.c library/padlock.c include/mbedtls/bn_mul.h
Comment to disable the use of assembly code.
#define MBEDTLS_HAVE_SSE2 |
CPU supports SSE2 instruction set.
Uncomment if the CPU supports SSE2 (IA-32 specific).
#define MBEDTLS_HAVE_TIME |
#define MBEDTLS_HAVE_TIME_DATE |
System has time.h and time(), gmtime() and the clock is correct.
The time needs to be correct (not necesarily very accurate, but at least the date should be correct). This is used to verify the validity period of X.509 certificates.
Comment if your system does not have a correct clock.
#define MBEDTLS_HAVEGE_C |
Enable the HAVEGE random generator.
Warning: the HAVEGE random generator is not suitable for virtualized environments
Warning: the HAVEGE random generator is dependent on timing and specific processor traits. It is therefore not advised to use HAVEGE as your applications primary random generator or primary entropy pool input. As a secondary input to your entropy pool, it IS able add the (limited) extra entropy it provides.
Module: library/havege.c Caller:
Requires: MBEDTLS_TIMING_C
Uncomment to enable the HAVEGE random generator.
#define MBEDTLS_HMAC_DRBG_C |
#define MBEDTLS_INCLUDE_IO_MODE_DMA |
Enable support for moving data to/from CRYPTO with DMA.
Module: sl_crypto/src/slcl_aes.c sl_crypto/src/slcl_ccm.c
Requires: MBEDTLS_SLCL_PLUGINS MBEDTLS_AES_ALT or MBEDTLS_CCM_ALT and (CRYPTO_COUNT > 0)
Comment/uncomment macros to disable/enable
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED |
Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
Requires: MBEDTLS_DHM_C
This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED |
Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, MBEDTLS_X509_CRT_PARSE_C
This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED |
Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED |
Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED |
Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
Requires: MBEDTLS_ECDH_C
This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, MBEDTLS_X509_CRT_PARSE_C
This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED |
Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
Requires: MBEDTLS_ECJPAKE_C MBEDTLS_SHA256_C MBEDTLS_ECP_DP_SECP256R1_ENABLED
This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED |
Enable the PSK based ciphersuite modes in SSL / TLS.
This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED |
Enable the RSA-only based ciphersuite modes in SSL / TLS.
Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, MBEDTLS_X509_CRT_PARSE_C
This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, MBEDTLS_X509_CRT_PARSE_C
This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
#define MBEDTLS_MD2_C |
Enable the MD2 hash algorithm.
Module: library/mbedtls_md2.c Caller:
Uncomment to enable support for (rare) MD2-signed X.509 certs.
#define MBEDTLS_MD4_C |
Enable the MD4 hash algorithm.
Module: library/mbedtls_md4.c Caller:
Uncomment to enable support for (rare) MD4-signed X.509 certs.
#define MBEDTLS_MD5_C |
#define MBEDTLS_MD_C |
#define MBEDTLS_MEMORY_BACKTRACE |
Include backtrace information with each allocated block.
Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C GLIBC-compatible backtrace() an backtrace_symbols() support
Uncomment this macro to include backtrace information
#define MBEDTLS_MEMORY_BUFFER_ALLOC_C |
Enable the buffer allocator implementation that makes use of a (stack) based buffer to 'allocate' dynamic memory.
(replaces calloc() and free() calls)
Module: library/memory_buffer_alloc.c
Requires: MBEDTLS_PLATFORM_C MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
Enable this module to enable the buffer memory allocator.
#define MBEDTLS_MEMORY_DEBUG |
Enable debugging of buffer allocator memory issues.
Automatically prints (to stderr) all (fatal) messages on memory allocation issues. Enables function for 'debug output' of allocated memory.
Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
Uncomment this macro to let the buffer allocator print out error messages.
#define MBEDTLS_MPI_MAX_SIZE 32 |
Definition at line 424 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_MPI_MODULAR_DIVISION_ALT |
Enable hardware acceleration for the elliptic curve over GF(p) library.
Module: sl_crypto/src/sl_ecp.c or sl_crypto/src/slcl_ecp.c if MBEDTLS_SLCL_PLUGINS is defined. Caller: library/ecp.c library/ecdh.c library/ecdsa.c library/ecjpake.c
Requires: MBEDTLS_BIGNUM_C, MBEDTLS_ECP_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED and (CRYPTO_COUNT > 0)
Definition at line 201 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_NET_C |
#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES |
Do not add default entropy sources.
These are the platform specific, mbedtls_timing_hardclock and HAVEGE based poll functions.
This is useful to have more control over the added entropy sources in an application.
Uncomment this macro to prevent loading of default entropy functions.
#define MBEDTLS_NO_PLATFORM_ENTROPY |
Do not use built-in platform entropy functions.
This is useful if your platform does not support standards like the /dev/urandom or Windows CryptoAPI.
Uncomment this macro to disable the built-in platform entropy functions.
Definition at line 444 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_OID_C |
Enable the OID database.
Module: library/oid.c Caller: library/asn1write.c library/pkcs5.c library/pkparse.c library/pkwrite.c library/rsa.c library/x509.c library/x509_create.c library/mbedtls_x509_crl.c library/mbedtls_x509_crt.c library/mbedtls_x509_csr.c library/x509write_crt.c library/mbedtls_x509write_csr.c
This modules translates between OIDs and internal values.
#define MBEDTLS_PADLOCK_C |
#define MBEDTLS_PEM_PARSE_C |
Enable PEM decoding / parsing.
Module: library/pem.c Caller: library/dhm.c library/pkparse.c library/mbedtls_x509_crl.c library/mbedtls_x509_crt.c library/mbedtls_x509_csr.c
Requires: MBEDTLS_BASE64_C
This modules adds support for decoding / parsing PEM files.
#define MBEDTLS_PEM_WRITE_C |
#define MBEDTLS_PK_C |
#define MBEDTLS_PK_PARSE_C |
#define MBEDTLS_PK_PARSE_EC_EXTENDED |
Enhance support for reading EC keys using variants of SEC1 not allowed by RFC 5915 and RFC 5480.
Currently this means parsing the SpecifiedECDomain choice of EC parameters (only known groups are supported, not arbitrary domains, to avoid validation issues).
Disable if you only need to support RFC 5915 + 5480 key formats.
#define MBEDTLS_PK_RSA_ALT_SUPPORT |
#define MBEDTLS_PK_WRITE_C |
#define MBEDTLS_PKCS11_C |
Enable wrapper for PKCS#11 smartcard support.
Module: library/pkcs11.c Caller: library/pk.c
Requires: MBEDTLS_PK_C
This module enables SSL/TLS PKCS #11 smartcard support. Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
#define MBEDTLS_PKCS12_C |
Enable PKCS#12 PBE functions.
Adds algorithms for parsing PKCS#8 encrypted private keys
Module: library/pkcs12.c Caller: library/pkparse.c
Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C Can use: MBEDTLS_ARC4_C
This module enables PKCS#12 functions.
#define MBEDTLS_PKCS1_V15 |
#define MBEDTLS_PKCS1_V21 |
#define MBEDTLS_PKCS5_C |
#define MBEDTLS_PLATFORM_C |
Enable the platform abstraction layer that allows you to re-assign functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned above to be specified at runtime or compile time respectively.
Module: library/platform.c Caller: Most other .c files
This module enables abstraction of common (libc) functions.
#define MBEDTLS_PLATFORM_MEMORY |
Enable the memory allocation layer.
By default mbed TLS uses the system-provided calloc() and free(). This allows different allocators (self-implemented or provided) to be provided to the platform abstraction layer.
Enabling MBEDTLS_PLATFORM_MEMORY without the MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and free() function pointer at runtime.
Enabling MBEDTLS_PLATFORM_MEMORY and specifying MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the alternate function at compile time.
Requires: MBEDTLS_PLATFORM_C
Enable this layer to allow use of alternative memory allocators.
#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS |
Do not assign standard functions in the platform layer (e.g.
calloc() to MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
This makes sure there are no linking errors on platforms that do not support these functions. You will HAVE to provide alternatives, either at runtime via the platform_set_xxx() functions or at compile time by setting the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a MBEDTLS_PLATFORM_XXX_MACRO.
Requires: MBEDTLS_PLATFORM_C
Uncomment to prevent default assignment of standard functions in the platform layer.
#define MBEDTLS_PLATFORM_XXX_ALT |
Uncomment a macro to let mbed TLS support the function in the platform abstraction layer.
Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will provide a function "mbedtls_platform_set_printf()" that allows you to set an alternative printf function pointer.
All these define require MBEDTLS_PLATFORM_C to be defined!
Uncomment a macro to enable alternate implementation of specific base platform function
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES |
Remove RC4 ciphersuites by default in SSL / TLS.
This flag removes the ciphersuites based on RC4 from the default list as returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them explicitly.
Uncomment this macro to remove RC4 ciphersuites by default.
#define MBEDTLS_RIPEMD160_C |
#define MBEDTLS_RSA_C |
Enable the RSA public-key cryptosystem.
Module: library/rsa.c Caller: library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c library/x509.c
This module is used by the following key exchanges: RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
#define MBEDTLS_RSA_NO_CRT |
Do not use the Chinese Remainder Theorem for the RSA private operation.
Uncomment this macro to disable the use of CRT in RSA.
#define MBEDTLS_SELF_TEST |
#define MBEDTLS_SHA1_ALT |
Enable hardware acceleration for the SHA1 cryptographic hash algorithm.
Module: sl_crypto/src/sl_sha1.c or sl_crypto/src/slcl_sha1.c if MBEDTLS_SLCL_PLUGINS is defined. Caller: library/mbedtls_md.c library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c library/x509write_crt.c
Requires: MBEDTLS_SHA1_C and (CRYPTO_COUNT > 0) See MBEDTLS_SHA1_C for more information.
Definition at line 300 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_SHA1_C |
#define MBEDTLS_SHA256_ALT |
Enable hardware acceleration for the SHA-224 and SHA-256 cryptographic hash algorithms.
Module: sl_crypto/src/sl_sha256.c or sl_crypto/src/slcl_sha256.c if MBEDTLS_SLCL_PLUGINS is defined. Caller: library/entropy.c library/mbedtls_md.c library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c
Requires: MBEDTLS_SHA256_C and (CRYPTO_COUNT > 0) See MBEDTLS_SHA256_C for more information.
Definition at line 322 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_SHA256_C |
Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
Module: library/mbedtls_sha256.c Caller: library/entropy.c library/mbedtls_md.c library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c
This module adds support for SHA-224 and SHA-256. This module is required for the SSL/TLS 1.2 PRF function.
#define MBEDTLS_SHA256_SMALLER |
Enable an implementation of SHA-256 that has lower ROM footprint but also lower performance.
The default implementation is meant to be a reasonnable compromise between performance and size. This version optimizes more aggressively for size at the expense of performance. Eg on Cortex-M4 it reduces the size of mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 30%.
Uncomment to enable the smaller implementation of SHA256.
#define MBEDTLS_SHA512_C |
#define MBEDTLS_SLCL_PLUGINS |
Enable class 2 (slcl_xxx.c) plugins including support for CRYPTO preemption, yield when device busy, DMA I/O mode, and support for classic EFM32 devices with AES module, EFM32GG, etc.
Module: sl_crypto/src/slcl_xxx.c
Comment/uncomment to disable/enable.
#define MBEDTLS_SSL_AEAD_RANDOM_IV |
Generate a random IV rather than using the record sequence number as a nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
Using the sequence number is generally recommended.
Uncomment this macro to always use random IVs with AEAD ciphersuites.
#define MBEDTLS_SSL_ALL_ALERT_MESSAGES |
Enable sending of alert messages in case of encountered errors as per RFC.
If you choose not to send the alert messages, mbed TLS can still communicate with other servers, only debugging of failures is harder.
The advantage of not sending alert messages, is that no information is given about reasons for failures thus preventing adversaries of gaining intel.
Enable sending of all alert messages
#define MBEDTLS_SSL_ALPN |
#define MBEDTLS_SSL_CACHE_C |
#define MBEDTLS_SSL_CBC_RECORD_SPLITTING |
Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
This is a countermeasure to the BEAST attack, which also minimizes the risk of interoperability issues compared to sending 0-length records.
Comment this macro to disable 1/n-1 record splitting.
#define MBEDTLS_SSL_CLI_C |
#define MBEDTLS_SSL_COOKIE_C |
#define MBEDTLS_SSL_DEBUG_ALL |
Enable the debug messages in SSL module for all issues.
Debug messages have been disabled in some places to prevent timing attacks due to (unbalanced) debugging function calls.
If you need all error reporting you should enable this during debugging, but remove this for production servers that should log as well.
Uncomment this macro to report all debug messages on errors introducing a timing side-channel.
#define MBEDTLS_SSL_DTLS_ANTI_REPLAY |
#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT |
#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE |
Enable server-side support for clients that reconnect from the same port.
Some clients unexpectedly close the connection and try to reconnect using the same source port. This needs special support from the server to handle the new connection securely, as described in section 4.2.8 of RFC 6347. This flag enables that support.
Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
Comment this to disable support for clients reusing the source port.
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY |
Enable support for HelloVerifyRequest on DTLS servers.
This feature is highly recommended to prevent DTLS servers being used as amplifiers in DoS attacks against other hosts. It should always be enabled unless you know for sure amplification cannot be a problem in the environment in which your server operates.
Requires: MBEDTLS_SSL_PROTO_DTLS
Comment this to disable support for HelloVerifyRequest.
#define MBEDTLS_SSL_ENCRYPT_THEN_MAC |
Enable support for Encrypt-then-MAC, RFC 7366.
This allows peers that both support it to use a more robust protection for ciphersuites using CBC, providing deep resistance against timing attacks on the padding or underlying cipher.
This only affects CBC ciphersuites, and is useless if none is defined.
Requires: MBEDTLS_SSL_PROTO_TLS1 or MBEDTLS_SSL_PROTO_TLS1_1 or MBEDTLS_SSL_PROTO_TLS1_2
Comment this macro to disable support for Encrypt-then-MAC
#define MBEDTLS_SSL_EXPORT_KEYS |
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET |
Enable support for Extended Master Secret, aka Session Hash (draft-ietf-tls-session-hash-02).
This was introduced as "the proper fix" to the Triple Handshake familiy of attacks, but it is recommended to always use it (even if you disable renegotiation), since it actually fixes a more fundamental issue in the original SSL/TLS design, and has implications beyond Triple Handshake.
Requires: MBEDTLS_SSL_PROTO_TLS1 or MBEDTLS_SSL_PROTO_TLS1_1 or MBEDTLS_SSL_PROTO_TLS1_2
Comment this macro to disable support for Extended Master Secret.
#define MBEDTLS_SSL_FALLBACK_SCSV |
Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
For servers, it is recommended to always enable this, unless you support only one version of TLS, or know for sure that none of your clients implements a fallback strategy.
For clients, you only need this if you're using a fallback strategy, which is not recommended in the first place, unless you absolutely need it to interoperate with buggy (version-intolerant) servers.
Comment this macro to disable support for FALLBACK_SCSV
#define MBEDTLS_SSL_HW_RECORD_ACCEL |
Enable hooking functions in SSL module for hardware acceleration of individual records.
Uncomment this macro to enable hooking functions.
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH |
#define MBEDTLS_SSL_PROTO_DTLS |
Enable support for DTLS (all available versions).
Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
Requires: MBEDTLS_SSL_PROTO_TLS1_1 or MBEDTLS_SSL_PROTO_TLS1_2
Comment this macro to disable support for DTLS
#define MBEDTLS_SSL_PROTO_SSL3 |
#define MBEDTLS_SSL_PROTO_TLS1 |
#define MBEDTLS_SSL_PROTO_TLS1_1 |
#define MBEDTLS_SSL_PROTO_TLS1_2 |
#define MBEDTLS_SSL_RENEGOTIATION |
Disable support for TLS renegotiation.
The two main uses of renegotiation are (1) refresh keys on long-lived connections and (2) client authentication after the initial handshake. If you don't need renegotiation, it's probably better to disable it, since it has been associated with security issues in the past and is easy to misuse/misunderstand.
Comment this to disable support for renegotiation.
#define MBEDTLS_SSL_SERVER_NAME_INDICATION |
#define MBEDTLS_SSL_SESSION_TICKETS |
Enable support for RFC 5077 session tickets in SSL.
Client-side, provides full support for session tickets (maintainance of a session store remains the responsibility of the application, though). Server-side, you also need to provide callbacks for writing and parsing tickets, including authenticated encryption and key management. Example callbacks are provided by MBEDTLS_SSL_TICKET_C.
Comment this macro to disable support for SSL session tickets
#define MBEDTLS_SSL_SRV_C |
#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE |
Pick the ciphersuite according to the client's preferences rather than ours in the SSL Server module (MBEDTLS_SSL_SRV_C).
Uncomment this macro to respect client's ciphersuite order
#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO |
Enable support for receiving and parsing SSLv2 Client Hello messages for the SSL Server module (MBEDTLS_SSL_SRV_C).
Uncomment this macro to enable support for SSLv2 Client Hello messages.
#define MBEDTLS_SSL_TICKET_C |
#define MBEDTLS_SSL_TLS_C |
#define MBEDTLS_SSL_TRUNCATED_HMAC |
#define MBEDTLS_THREADING_ALT |
Provide your own alternate threading implementation.
Requires: MBEDTLS_THREADING_C
Uncomment this to allow your own alternate threading implementation.
#define MBEDTLS_THREADING_C |
Enable the threading abstraction layer.
By default mbed TLS assumes it is used in a non-threaded environment or that contexts are not shared between threads. If you do intend to use contexts between threads, you will need to enable this layer to prevent race conditions.
Module: library/threading.c
This allows different threading implementations (self-implemented or provided).
You will have to enable either MBEDTLS_THREADING_ALT or MBEDTLS_THREADING_PTHREAD.
Enable this layer to allow use of mutexes within mbed TLS
#define MBEDTLS_THREADING_PTHREAD |
Enable the pthread wrapper layer for the threading layer.
Requires: MBEDTLS_THREADING_C
Uncomment this to enable pthread mutexes.
#define MBEDTLS_TIMING_ALT |
Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
Enable timing support for SiliconLabs devices including mbedtls_timing_init(), mbedtls_timing_free() and mbedtls_timing_hardclock() using the DWT cycle counter to return timestamps.
Only works if you have MBEDTLS_TIMING_C enabled.
You will need to provide a header "timing_alt.h" and an implementation at compile time.
Requires MBEDTLS_TIMING_C and DWT (defined by ARM CMSIS interface for some Cortex-M cores).
#define MBEDTLS_TIMING_C |
#define MBEDTLS_TRNG_C |
Enable software support for the True Random Number Generator (TRNG) incorporated from Series 1 Configuration 2 devices (EFR32MG12, etc.) from Silicon Labs.
Requires TRNG_COUNT>0
Definition at line 352 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_TRNG_IGNORE_NOISE_ALARMS |
Ignore AIS-31 Noise Alarms and AIS-31 Preliminary Noise Alarms from the TRNG.
The TRNG runs an online AIS-31 test that reports a Preliminary Noise Alarm if one AIS-31 test suite fails (including up to 8KiB of random data). If 3 test suites in a row fail, the TRNG will report a Noise Alarm. The probability of a Noise Alarm is non-zero and the application should assess whether the frequency of Noise Alarms is critical. If MBEDTLS_TRNG_IGNORE_NOISE_ALARMS is not defined the TRNG module will return an error code when the mbedtls entropy module requests random data which may prevent the application from collecting random data. The MBEDTLS_TRNG_IGNORE_NOISE_ALARMS does not disable the noise alarms. The purpose of MBEDTLS_TRNG_IGNORE_NOISE_ALARMS is to not return an error code from the mbedtls_trng_poll function which will prevent the entropy accumulator from collecting data.
Requires TRNG_COUNT>0 and MBEDTLS_TRNG_C.
Definition at line 375 of file config-sl-crypto-all-acceleration.h.
#define MBEDTLS_VERSION_C |
#define MBEDTLS_VERSION_FEATURES |
Allow run-time checking of compile-time enabled features.
Thus allowing users to check at run-time if the library is for instance compiled with threading support via mbedtls_version_check_feature().
Requires: MBEDTLS_VERSION_C
Comment this to disable run-time checking and save ROM space
#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 |
If set, the X509 parser will not break-off when parsing an X509 certificate and encountering an extension in a v1 or v2 certificate.
Uncomment to prevent an error.
#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION |
If set, the X509 parser will not break-off when parsing an X509 certificate and encountering an unknown critical extension.
Uncomment to prevent an error.
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE |
Enable verification of the extendedKeyUsage extension (leaf certificates).
Disabling this avoids problems with mis-issued and/or misused certificates.
Comment to skip extendedKeyUsage checking for certificates.
#define MBEDTLS_X509_CHECK_KEY_USAGE |
Enable verification of the keyUsage extension (CA and leaf certificates).
Disabling this avoids problems with mis-issued and/or misused (intermediate) CA and leaf certificates.
Comment to skip keyUsage checking for both CA and leaf certificates.
#define MBEDTLS_X509_CREATE_C |
#define MBEDTLS_X509_CRL_PARSE_C |
#define MBEDTLS_X509_CRT_PARSE_C |
#define MBEDTLS_X509_CRT_WRITE_C |
#define MBEDTLS_X509_CSR_PARSE_C |
#define MBEDTLS_X509_CSR_WRITE_C |
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT |
#define MBEDTLS_X509_USE_C |
Enable X.509 core for using certificates.
Module: library/x509.c Caller: library/mbedtls_x509_crl.c library/mbedtls_x509_crt.c library/mbedtls_x509_csr.c
Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C
This module is required for the X.509 parsing modules.
#define MBEDTLS_XTEA_C |
#define MBEDTLS_ZLIB_SUPPORT |
If set, the SSL/TLS module uses ZLIB to support compression and decompression of packet data.
Used in: library/ssl_tls.c library/ssl_cli.c library/ssl_srv.c
This feature requires zlib library and headers to be present.
Uncomment to enable use of ZLIB