iPXE
Macros | Functions
crypto.h File Reference

Cryptographic configuration. More...

#include <config/named.h>
#include <NAMED_CONFIG(crypto.h)>
#include <config/local/crypto.h>
#include <LOCAL_NAMED_CONFIG(crypto.h)>

Go to the source code of this file.

Macros

#define TLS_VERSION_MIN   TLS_VERSION_TLS_1_1
 Minimum TLS version.
#define CRYPTO_EXCHANGE_PUBKEY
 Public-key exchange algorithm.
#define CRYPTO_EXCHANGE_DHE
 DHE key exchange algorithm.
#define CRYPTO_EXCHANGE_ECDHE
 ECDHE key exchange algorithm.
#define CRYPTO_PUBKEY_RSA
 RSA public-key algorithm.
#define CRYPTO_PUBKEY_ECDSA
 ECDSA public-key algorithm.
#define CRYPTO_CIPHER_AES_CBC
 AES-CBC block cipher.
#define CRYPTO_CIPHER_AES_GCM
 AES-GCM block cipher.
#define CRYPTO_DIGEST_SHA1
 MD4 digest algorithm.
#define CRYPTO_DIGEST_SHA224
 SHA-224 digest algorithm.
#define CRYPTO_DIGEST_SHA256
 SHA-256 digest algorithm.
#define CRYPTO_DIGEST_SHA384
 SHA-384 digest algorithm.
#define CRYPTO_DIGEST_SHA512
 SHA-512 digest algorithm.
#define CRYPTO_CURVE_X25519
 SHA-512/224 digest algorithm.
#define CRYPTO_CURVE_P256
 P-256 elliptic curve.
#define CRYPTO_CURVE_P384
 P-384 elliptic curve.
#define TIMESTAMP_ERROR_MARGIN   ( ( 12 * 60 + 30 ) * 60 )
 Margin of error (in seconds) allowed in signed timestamps.
#define CROSSCERT   "http://ca.ipxe.org/auto"
 Default cross-signed certificate source.
#define OCSP_CHECK
 Perform OCSP checks when applicable.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 FILE_SECBOOT (PERMITTED)

Detailed Description

Cryptographic configuration.

Definition in file crypto.h.

Macro Definition Documentation

◆ TLS_VERSION_MIN

#define TLS_VERSION_MIN   TLS_VERSION_TLS_1_1

Minimum TLS version.

Definition at line 14 of file crypto.h.

Referenced by tls_new_server_hello(), and tls_version().

◆ CRYPTO_EXCHANGE_PUBKEY

#define CRYPTO_EXCHANGE_PUBKEY

Public-key exchange algorithm.

Definition at line 17 of file crypto.h.

◆ CRYPTO_EXCHANGE_DHE

#define CRYPTO_EXCHANGE_DHE

DHE key exchange algorithm.

Definition at line 20 of file crypto.h.

◆ CRYPTO_EXCHANGE_ECDHE

#define CRYPTO_EXCHANGE_ECDHE

ECDHE key exchange algorithm.

Definition at line 23 of file crypto.h.

◆ CRYPTO_PUBKEY_RSA

#define CRYPTO_PUBKEY_RSA

RSA public-key algorithm.

Definition at line 26 of file crypto.h.

◆ CRYPTO_PUBKEY_ECDSA

#define CRYPTO_PUBKEY_ECDSA

ECDSA public-key algorithm.

Definition at line 29 of file crypto.h.

◆ CRYPTO_CIPHER_AES_CBC

#define CRYPTO_CIPHER_AES_CBC

AES-CBC block cipher.

Definition at line 32 of file crypto.h.

◆ CRYPTO_CIPHER_AES_GCM

#define CRYPTO_CIPHER_AES_GCM

AES-GCM block cipher.

Definition at line 35 of file crypto.h.

◆ CRYPTO_DIGEST_SHA1

#define CRYPTO_DIGEST_SHA1

MD4 digest algorithm.

MD5 digest algorithm SHA-1 digest algorithm

Definition at line 44 of file crypto.h.

◆ CRYPTO_DIGEST_SHA224

#define CRYPTO_DIGEST_SHA224

SHA-224 digest algorithm.

Definition at line 47 of file crypto.h.

◆ CRYPTO_DIGEST_SHA256

#define CRYPTO_DIGEST_SHA256

SHA-256 digest algorithm.

Definition at line 50 of file crypto.h.

◆ CRYPTO_DIGEST_SHA384

#define CRYPTO_DIGEST_SHA384

SHA-384 digest algorithm.

Definition at line 53 of file crypto.h.

◆ CRYPTO_DIGEST_SHA512

#define CRYPTO_DIGEST_SHA512

SHA-512 digest algorithm.

Definition at line 56 of file crypto.h.

◆ CRYPTO_CURVE_X25519

#define CRYPTO_CURVE_X25519

SHA-512/224 digest algorithm.

SHA-512/256 digest algorithm X25519 elliptic curve

Definition at line 65 of file crypto.h.

◆ CRYPTO_CURVE_P256

#define CRYPTO_CURVE_P256

P-256 elliptic curve.

Definition at line 68 of file crypto.h.

◆ CRYPTO_CURVE_P384

#define CRYPTO_CURVE_P384

P-384 elliptic curve.

Definition at line 71 of file crypto.h.

◆ TIMESTAMP_ERROR_MARGIN

#define TIMESTAMP_ERROR_MARGIN   ( ( 12 * 60 + 30 ) * 60 )

Margin of error (in seconds) allowed in signed timestamps.

We default to allowing a reasonable margin of error: 12 hours to allow for the local time zone being non-GMT, plus 30 minutes to allow for general clock drift.

Definition at line 79 of file crypto.h.

Referenced by ocsp_validate(), and x509_check_time().

◆ CROSSCERT

#define CROSSCERT   "http://ca.ipxe.org/auto"

Default cross-signed certificate source.

This is the default location from which iPXE will attempt to download cross-signed certificates in order to complete a certificate chain.

Definition at line 87 of file crypto.h.

◆ OCSP_CHECK

#define OCSP_CHECK

Perform OCSP checks when applicable.

Some CAs provide non-functional OCSP servers, and some clients are forced to operate on networks without access to the OCSP servers. Allow the user to explicitly disable the use of OCSP checks.

Definition at line 95 of file crypto.h.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ FILE_SECBOOT()

FILE_SECBOOT ( PERMITTED )
Generated by doxygen 1.14.0