iPXE
crypto.h
Go to the documentation of this file.
1 #ifndef CONFIG_CRYPTO_H
2 #define CONFIG_CRYPTO_H
3 
4 /** @file
5  *
6  * Cryptographic configuration
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 
12 /** Minimum TLS version */
13 #define TLS_VERSION_MIN TLS_VERSION_TLS_1_1
14 
15 /** Public-key exchange algorithm */
16 #define CRYPTO_EXCHANGE_PUBKEY
17 
18 /** DHE key exchange algorithm */
19 #define CRYPTO_EXCHANGE_DHE
20 
21 /** ECDHE key exchange algorithm */
22 #define CRYPTO_EXCHANGE_ECDHE
23 
24 /** RSA public-key algorithm */
25 #define CRYPTO_PUBKEY_RSA
26 
27 /** AES-CBC block cipher */
28 #define CRYPTO_CIPHER_AES_CBC
29 
30 /** AES-GCM block cipher */
31 #define CRYPTO_CIPHER_AES_GCM
32 
33 /** MD4 digest algorithm */
34 //#define CRYPTO_DIGEST_MD4
35 
36 /** MD5 digest algorithm */
37 //#define CRYPTO_DIGEST_MD5
38 
39 /** SHA-1 digest algorithm */
40 #define CRYPTO_DIGEST_SHA1
41 
42 /** SHA-224 digest algorithm */
43 #define CRYPTO_DIGEST_SHA224
44 
45 /** SHA-256 digest algorithm */
46 #define CRYPTO_DIGEST_SHA256
47 
48 /** SHA-384 digest algorithm */
49 #define CRYPTO_DIGEST_SHA384
50 
51 /** SHA-512 digest algorithm */
52 #define CRYPTO_DIGEST_SHA512
53 
54 /** SHA-512/224 digest algorithm */
55 //#define CRYPTO_DIGEST_SHA512_224
56 
57 /** SHA-512/256 digest algorithm */
58 //#define CRYPTO_DIGEST_SHA512_256
59 
60 /** X25519 elliptic curve */
61 #define CRYPTO_CURVE_X25519
62 
63 /** Margin of error (in seconds) allowed in signed timestamps
64  *
65  * We default to allowing a reasonable margin of error: 12 hours to
66  * allow for the local time zone being non-GMT, plus 30 minutes to
67  * allow for general clock drift.
68  */
69 #define TIMESTAMP_ERROR_MARGIN ( ( 12 * 60 + 30 ) * 60 )
70 
71 /** Default cross-signed certificate source
72  *
73  * This is the default location from which iPXE will attempt to
74  * download cross-signed certificates in order to complete a
75  * certificate chain.
76  */
77 #define CROSSCERT "http://ca.ipxe.org/auto"
78 
79 /** Perform OCSP checks when applicable
80  *
81  * Some CAs provide non-functional OCSP servers, and some clients are
82  * forced to operate on networks without access to the OCSP servers.
83  * Allow the user to explicitly disable the use of OCSP checks.
84  */
85 #define OCSP_CHECK
86 
87 #include <config/named.h>
88 #include NAMED_CONFIG(crypto.h)
89 #include <config/local/crypto.h>
90 #include LOCAL_NAMED_CONFIG(crypto.h)
91 
92 #endif /* CONFIG_CRYPTO_H */
named.h
Named configurations.
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
Generated by   doxygen 1.8.15