iPXE
crypto.h
Go to the documentation of this file.
1 #ifndef CONFIG_CRYPTO_H
2 #define CONFIG_CRYPTO_H
3 
4 /** @file
5  *
6  * Cryptographic configuration
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 
12 /** Minimum TLS version */
13 #define TLS_VERSION_MIN TLS_VERSION_TLS_1_1
14 
15 /** RSA public-key algorithm */
16 #define CRYPTO_PUBKEY_RSA
17 
18 /** AES-CBC block cipher */
19 #define CRYPTO_CIPHER_AES_CBC
20 
21 /** MD4 digest algorithm */
22 //#define CRYPTO_DIGEST_MD4
23 
24 /** MD5 digest algorithm */
25 //#define CRYPTO_DIGEST_MD5
26 
27 /** SHA-1 digest algorithm */
28 #define CRYPTO_DIGEST_SHA1
29 
30 /** SHA-224 digest algorithm */
31 #define CRYPTO_DIGEST_SHA224
32 
33 /** SHA-256 digest algorithm */
34 #define CRYPTO_DIGEST_SHA256
35 
36 /** SHA-384 digest algorithm */
37 #define CRYPTO_DIGEST_SHA384
38 
39 /** SHA-512 digest algorithm */
40 #define CRYPTO_DIGEST_SHA512
41 
42 /** SHA-512/224 digest algorithm */
43 //#define CRYPTO_DIGEST_SHA512_224
44 
45 /** SHA-512/256 digest algorithm */
46 //#define CRYPTO_DIGEST_SHA512_256
47 
48 /** Margin of error (in seconds) allowed in signed timestamps
49  *
50  * We default to allowing a reasonable margin of error: 12 hours to
51  * allow for the local time zone being non-GMT, plus 30 minutes to
52  * allow for general clock drift.
53  */
54 #define TIMESTAMP_ERROR_MARGIN ( ( 12 * 60 + 30 ) * 60 )
55 
56 /** Default cross-signed certificate source
57  *
58  * This is the default location from which iPXE will attempt to
59  * download cross-signed certificates in order to complete a
60  * certificate chain.
61  */
62 #define CROSSCERT "http://ca.ipxe.org/auto"
63 
64 /** Perform OCSP checks when applicable
65  *
66  * Some CAs provide non-functional OCSP servers, and some clients are
67  * forced to operate on networks without access to the OCSP servers.
68  * Allow the user to explicitly disable the use of OCSP checks.
69  */
70 #define OCSP_CHECK
71 
72 #include <config/named.h>
73 #include NAMED_CONFIG(crypto.h)
74 #include <config/local/crypto.h>
75 #include LOCAL_NAMED_CONFIG(crypto.h)
76 
77 #endif /* CONFIG_CRYPTO_H */
Named configurations.
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)