iPXE
crypto.h
Go to the documentation of this file.
1 #ifndef CONFIG_CRYPTO_H
2 #define CONFIG_CRYPTO_H
3 
4 /** @file
5  *
6  * Cryptographic configuration
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 
12 /** Minimum TLS version */
13 #define TLS_VERSION_MIN TLS_VERSION_TLS_1_1
14 
15 /** RSA public-key algorithm */
16 #define CRYPTO_PUBKEY_RSA
17 
18 /** AES-CBC block cipher */
19 #define CRYPTO_CIPHER_AES_CBC
20 
21 /** AES-GCM block cipher */
22 #define CRYPTO_CIPHER_AES_GCM
23 
24 /** MD4 digest algorithm */
25 //#define CRYPTO_DIGEST_MD4
26 
27 /** MD5 digest algorithm */
28 //#define CRYPTO_DIGEST_MD5
29 
30 /** SHA-1 digest algorithm */
31 #define CRYPTO_DIGEST_SHA1
32 
33 /** SHA-224 digest algorithm */
34 #define CRYPTO_DIGEST_SHA224
35 
36 /** SHA-256 digest algorithm */
37 #define CRYPTO_DIGEST_SHA256
38 
39 /** SHA-384 digest algorithm */
40 #define CRYPTO_DIGEST_SHA384
41 
42 /** SHA-512 digest algorithm */
43 #define CRYPTO_DIGEST_SHA512
44 
45 /** SHA-512/224 digest algorithm */
46 //#define CRYPTO_DIGEST_SHA512_224
47 
48 /** SHA-512/256 digest algorithm */
49 //#define CRYPTO_DIGEST_SHA512_256
50 
51 /** Margin of error (in seconds) allowed in signed timestamps
52  *
53  * We default to allowing a reasonable margin of error: 12 hours to
54  * allow for the local time zone being non-GMT, plus 30 minutes to
55  * allow for general clock drift.
56  */
57 #define TIMESTAMP_ERROR_MARGIN ( ( 12 * 60 + 30 ) * 60 )
58 
59 /** Default cross-signed certificate source
60  *
61  * This is the default location from which iPXE will attempt to
62  * download cross-signed certificates in order to complete a
63  * certificate chain.
64  */
65 #define CROSSCERT "http://ca.ipxe.org/auto"
66 
67 /** Perform OCSP checks when applicable
68  *
69  * Some CAs provide non-functional OCSP servers, and some clients are
70  * forced to operate on networks without access to the OCSP servers.
71  * Allow the user to explicitly disable the use of OCSP checks.
72  */
73 #define OCSP_CHECK
74 
75 #include <config/named.h>
76 #include NAMED_CONFIG(crypto.h)
77 #include <config/local/crypto.h>
78 #include LOCAL_NAMED_CONFIG(crypto.h)
79 
80 #endif /* CONFIG_CRYPTO_H */
Named configurations.
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)