iPXE
crypto.h
Go to the documentation of this file.
1#ifndef CONFIG_CRYPTO_H
2#define CONFIG_CRYPTO_H
3
4/** @file
5 *
6 * Cryptographic configuration
7 *
8 */
9
10FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11FILE_SECBOOT ( PERMITTED );
12
13/** Minimum TLS version */
14#define TLS_VERSION_MIN TLS_VERSION_TLS_1_1
15
16/** Public-key exchange algorithm */
17#define CRYPTO_EXCHANGE_PUBKEY
18
19/** DHE key exchange algorithm */
20#define CRYPTO_EXCHANGE_DHE
21
22/** ECDHE key exchange algorithm */
23#define CRYPTO_EXCHANGE_ECDHE
24
25/** RSA public-key algorithm */
26#define CRYPTO_PUBKEY_RSA
27
28/** ECDSA public-key algorithm */
29#define CRYPTO_PUBKEY_ECDSA
30
31/** AES-CBC block cipher */
32#define CRYPTO_CIPHER_AES_CBC
33
34/** AES-GCM block cipher */
35#define CRYPTO_CIPHER_AES_GCM
36
37/** MD4 digest algorithm */
38//#define CRYPTO_DIGEST_MD4
39
40/** MD5 digest algorithm */
41//#define CRYPTO_DIGEST_MD5
42
43/** SHA-1 digest algorithm */
44#define CRYPTO_DIGEST_SHA1
45
46/** SHA-224 digest algorithm */
47#define CRYPTO_DIGEST_SHA224
48
49/** SHA-256 digest algorithm */
50#define CRYPTO_DIGEST_SHA256
51
52/** SHA-384 digest algorithm */
53#define CRYPTO_DIGEST_SHA384
54
55/** SHA-512 digest algorithm */
56#define CRYPTO_DIGEST_SHA512
57
58/** SHA-512/224 digest algorithm */
59//#define CRYPTO_DIGEST_SHA512_224
60
61/** SHA-512/256 digest algorithm */
62//#define CRYPTO_DIGEST_SHA512_256
63
64/** X25519 elliptic curve */
65#define CRYPTO_CURVE_X25519
66
67/** P-256 elliptic curve */
68#define CRYPTO_CURVE_P256
69
70/** P-384 elliptic curve */
71#define CRYPTO_CURVE_P384
72
73/** Margin of error (in seconds) allowed in signed timestamps
74 *
75 * We default to allowing a reasonable margin of error: 12 hours to
76 * allow for the local time zone being non-GMT, plus 30 minutes to
77 * allow for general clock drift.
78 */
79#define TIMESTAMP_ERROR_MARGIN ( ( 12 * 60 + 30 ) * 60 )
80
81/** Default cross-signed certificate source
82 *
83 * This is the default location from which iPXE will attempt to
84 * download cross-signed certificates in order to complete a
85 * certificate chain.
86 */
87#define CROSSCERT "http://ca.ipxe.org/auto"
88
89/** Perform OCSP checks when applicable
90 *
91 * Some CAs provide non-functional OCSP servers, and some clients are
92 * forced to operate on networks without access to the OCSP servers.
93 * Allow the user to explicitly disable the use of OCSP checks.
94 */
95#define OCSP_CHECK
96
97#include <config/named.h>
98#include NAMED_CONFIG(crypto.h)
99#include <config/local/crypto.h>
100#include LOCAL_NAMED_CONFIG(crypto.h)
101
102#endif /* CONFIG_CRYPTO_H */
FILE_LICENCE
#define FILE_LICENCE(_licence)
Declare a particular licence as applying to a file.
Definition compiler.h:896
FILE_SECBOOT
#define FILE_SECBOOT(_status)
Declare a file's UEFI Secure Boot permission status.
Definition compiler.h:926
named.h
Named configurations.
Generated by doxygen 1.14.0