mbedTLS library

MBEDTLS_ERR_ECP_BAD_INPUT_DATA

crypto_struct.h:300

ecp.h:35

mbedtls_cipher_type_t

cipher.h:84

MBEDTLS_SSL_DEBUG_BUF

debug.h:63

psa_ecc_family_t

crypto_types.h:97

The type of PSA elliptic curve family identifiers. Values of this type are generally constructed by macros called `PSA_ECC_FAMILY_xxx`. The curve identifier is required to create an ECC key using the PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY() macros. Values defined by this standard will never be in the range 0x80-0xff. Vendors who define additional families must use an encoding in this range.

mbedtls_ssl_transform

ssl_misc.h:1117

sha512.c:607

MBEDTLS_SSL_TRANSPORT_DATAGRAM

ssl.h:266

DTLS

mbedtls_x509_time

x509.h:246

Container for date and time (precision in seconds).

mbedtls_gcm_context

gcm.h:68

The GCM context structure.

mbedtls_ssl_protocol_version

ssl.h:1214

grp

ecp.h:429

mbedtls_hmac_drbg_context

hmac_drbg.h:74

HMAC_DRBG context.

MBEDTLS_ERR_ASN1_LENGTH_MISMATCH

asn1.h:43

psa_pake_operation_s

crypto_extra.h:1843

The type of the state data structure for PAKE operations. Before calling any function on a PAKE operation object, the application must initialize it by any of the following means: - Set the structure to all-bits-zero, for example:

   psa_pake_operation_t operation;
   memset(&operation, 0, sizeof(operation));
   

- Initialize the structure to logical zero values, for example:

psa_pake_operation_t operation = {0};

- Initialize the structure to the initializer #PSA_PAKE_OPERATION_INIT, for example:

psa_pake_operation_t operation = PSA_PAKE_OPERATION_INIT;

- Assign the result of the function psa_pake_operation_init() to the structure, for example:

   psa_pake_operation_t operation;
   operation = psa_pake_operation_init();
   

This is an implementation-defined \c struct. Applications should not make any assumptions about the content of this structure. Implementation details can change in future versions without notice.

key_exchange

ssl_ciphersuites.h:454

mbedtls_ecjpake_context

ecjpake.h:60

EC J-PAKE context structure. J-PAKE is a symmetric protocol, except for the identifiers used in Zero-Knowledge Proofs, and the serialization of the second message (KeyExchange) as defined by the Thread spec. In order to benefit from this symmetry, we choose a different naming convention from the Thread v1.0 spec. Correspondence is indicated in the description as a pair C: client name, S: server name

data_len

ssl_misc.h:1235

MBEDTLS_X509_CRT_PARSE_C

esp_config.h:2740

\def MBEDTLS_X509_CRT_PARSE_C Enable X.509 certificate parsing. Module: library/x509_crt.c Caller: library/ssl_tls.c library/ssl*_client.c library/ssl*_server.c Requires: MBEDTLS_X509_USE_C This module is required for X.509 certificate parsing.

MBEDTLS_BYTE_0

alignment.h:268

Byte Reading Macros Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th byte from x, where byte 0 is the least significant byte.

ecp.h:235

The prime modulus of the base field.

state

sha256_alt.h:47

intermediate digest state

MBEDTLS_SELF_TEST

esp_config.h:961

Uncomment to enable p256-m. This is an alternative implementation of key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. Compared to the default implementation: - p256-m has a much smaller code size and RAM footprint. - p256-m is only available via the PSA API. This includes the pk module when #MBEDTLS_USE_PSA_CRYPTO is enabled. - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols over the core arithmetic, or deterministic derivation of keys. We recommend enabling this option if your application uses the PSA API and the only elliptic curve support it needs is ECDH and ECDSA over SECP256R1. If you enable this option, you do not need to enable any ECC-related MBEDTLS_xxx option. You do need to separately request support for the cryptographic mechanisms through the PSA API: - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based configuration; - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS; - #PSA_WANT_ECC_SECP_R1_256; - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed; - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. \def MBEDTLS_PSA_INJECT_ENTROPY Enable support for entropy injection at first boot. This feature is required on systems that do not have a built-in entropy source (TRNG). This feature is currently not supported on systems that have a built-in entropy source. Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS Assume all buffers passed to PSA functions are owned exclusively by the PSA function and are not stored in shared memory. This option may be enabled if all buffers passed to any PSA function reside in memory that is accessible only to the PSA function during its execution. This option MUST be disabled whenever buffer arguments are in memory shared with an untrusted party, for example where arguments to PSA calls are passed across a trust boundary. \def MBEDTLS_RSA_NO_CRT Do not use the Chinese Remainder Theorem for the RSA private operation. Uncomment this macro to disable the use of CRT in RSA. \def MBEDTLS_SELF_TEST Enable the checkup functions (*_self_test).

MBEDTLS_DEPRECATED_REMOVED

esp_config.h:3065

mbedtls_cipher_mode_t

cipher.h:172

MBEDTLS_HAVE_TIME

esp_config.h:58

\def MBEDTLS_NO_UDBL_DIVISION The platform lacks support for double-width integer division (64-bit division on a 32-bit platform, 128-bit division on a 64-bit platform). Used in: include/mbedtls/bignum.h library/bignum.c The bignum code uses double-width division to speed up some operations. Double-width division is often implemented in software that needs to be linked with the program. The presence of a double-width integer type is usually detected automatically through preprocessor macros, but the automatic detection cannot know whether the code needs to and can be linked with an implementation of division for that type. By default division is assumed to be usable if the type is present. Uncomment this option to prevent the use of double-width division. Note that division for the native integer type is always required. Furthermore, a 64-bit type is always required even on a 32-bit platform, but it need not support multiplication or division. In some cases it is also desirable to disable some double-width operations. For example, if double-width division is implemented in software, disabling it can reduce code size in some embedded targets. \def MBEDTLS_NO_64BIT_MULTIPLICATION The platform lacks support for 32x32 -> 64-bit multiplication. Used in: library/poly1305.c Some parts of the library may use multiplication of two unsigned 32-bit operands with a 64-bit result in order to speed up computations. On some platforms, this is not available in hardware and has to be implemented in software, usually in a library provided by the toolchain. Sometimes it is not desirable to have to link to that library. This option removes the dependency of that library on platforms that lack a hardware 64-bit multiplier by embedding a software implementation in Mbed TLS. Note that depending on the compiler, this may decrease performance compared to using the library function provided by the toolchain. \def MBEDTLS_HAVE_SSE2 CPU supports SSE2 instruction set. Uncomment if the CPU supports SSE2 (IA-32 specific). \def MBEDTLS_HAVE_TIME System has time.h and time(). The time does not need to be correct, only time differences are used, by contrast with MBEDTLS_HAVE_TIME_DATE Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME. Comment if your system does not support time functions.

MBEDTLS_SSL_DTLS_CONNECTION_ID

mbedtls_config.h:1588

\def MBEDTLS_SSL_DTLS_CONNECTION_ID Enable support for the DTLS Connection ID (CID) extension, which allows to identify DTLS connections across changes in the underlying transport. The CID functionality is described in RFC 9146. Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`, mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`. See the corresponding documentation for more information. The maximum lengths of outgoing and incoming CIDs can be configured through the options - MBEDTLS_SSL_CID_OUT_LEN_MAX - MBEDTLS_SSL_CID_IN_LEN_MAX. Requires: MBEDTLS_SSL_PROTO_DTLS Uncomment to enable the Connection ID extension.

MBEDTLS_SSL_RENEGOTIATION

esp_config.h:1183

\def MBEDTLS_SSL_RENEGOTIATION Enable support for TLS renegotiation. The two main uses of renegotiation are (1) refresh keys on long-lived connections and (2) client authentication after the initial handshake. If you don't need renegotiation, it's probably better to disable it, since it has been associated with security issues in the past and is easy to misuse/misunderstand. Requires: MBEDTLS_SSL_PROTO_TLS1_2 Comment this to disable support for renegotiation.

psa_pake_cipher_suite_s

crypto_extra.h:1718

The type of the data structure for PAKE cipher suites. This is an implementation-defined \c struct. Applications should not make any assumptions about the content of this structure. Implementation details can change in future versions without notice.

MBEDTLS_MD_SHA1

md.h:51

The SHA-1 message digest.

\def MBEDTLS_SSL_CLI_C Enable the SSL/TLS client code. Module: library/ssl*_client.c Caller: Requires: MBEDTLS_SSL_TLS_C This module is required for SSL/TLS client support.

mbedtls_net_context

net_sockets.h:83

Wrapper type for sockets. Currently backed by just a file descriptor, but might be more in the future (eg two file descriptors for combined IPv4 + IPv6 support, or additional structures for hand-made UDP demultiplexing).

MBEDTLS_SSL_SESSION_TICKETS

esp_config.h:1541

\def MBEDTLS_SSL_SESSION_TICKETS Enable support for RFC 5077 session tickets in SSL. Client-side, provides full support for session tickets (maintenance of a session store remains the responsibility of the application, though). Server-side, you also need to provide callbacks for writing and parsing tickets, including authenticated encryption and key management. Example callbacks are provided by MBEDTLS_SSL_TICKET_C. Comment this macro to disable support for SSL session tickets

psa_mac_operation_s

crypto_struct.h:131

The type of the state data structure for multipart MAC operations. Before calling any function on a MAC operation object, the application must initialize it by any of the following means: - Set the structure to all-bits-zero, for example:

   psa_mac_operation_t operation;
   memset(&operation, 0, sizeof(operation));
   

- Initialize the structure to logical zero values, for example:

psa_mac_operation_t operation = {0};

- Initialize the structure to the initializer #PSA_MAC_OPERATION_INIT, for example:

psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;

- Assign the result of the function psa_mac_operation_init() to the structure, for example:

   psa_mac_operation_t operation;
   operation = psa_mac_operation_init();
   

This is an implementation-defined \c struct. Applications should not make any assumptions about the content of this structure. Implementation details can change in future versions without notice.

The AES XTS context-type definition.

psa_cipher_operation_s

crypto_struct.h:95

The type of the state data structure for multipart cipher operations. Before calling any function on a cipher operation object, the application must initialize it by any of the following means: - Set the structure to all-bits-zero, for example:

   psa_cipher_operation_t operation;
   memset(&operation, 0, sizeof(operation));
   

- Initialize the structure to logical zero values, for example:

psa_cipher_operation_t operation = {0};

- Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT, for example:

psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;

- Assign the result of the function psa_cipher_operation_init() to the structure, for example:

   psa_cipher_operation_t operation;
   operation = psa_cipher_operation_init();
   

This is an implementation-defined \c struct. Applications should not make any assumptions about the content of this structure. Implementation details can change in future versions without notice.

None.

The digest-specific context (legacy) or the PSA operation.

The ARIA context-type definition.

MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED

psa_crypto_core.h:934

mbedtls_x509write_csr

x509_csr.h:66

Container for writing a CSR

MBEDTLS_IV_SIZE_SHIFT

cipher.h:312

MBEDTLS_KEY_BITLEN_SHIFT

cipher.h:311

mbedtls_x509_crt_profile

x509_crt.h:125

Security profile for certificate verification. All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG(). The fields of this structure are part of the public API and can be manipulated directly by applications. Future versions of the library may add extra fields or reorder existing fields. You can create custom profiles by starting from a copy of an existing profile, such as mbedtls_x509_crt_profile_default or mbedtls_x509_ctr_profile_none and then tune it to your needs. For example to allow SHA-224 in addition to the default: mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ); Or to allow only RSA-3072+ with SHA-256: mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none; my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ); my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ); my_profile.rsa_min_bitlen = 3072;

MBEDTLS_BYTE_1

alignment.h:269

esp_config.h:835

mbedtls_psa_aead_operation_t

crypto_builtin_composites.h:79

mbedtls_pk_info_t

pk_wrap.h:22

Public key information and operations

MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR

ssl.h:548

MBEDTLS_GET_UINT16_BE

alignment.h:521

Get the unsigned 16 bits integer corresponding to two bytes in big-endian order (MSB first).

psa_drv_se_context_t

crypto_se_driver.h:44

Driver context structure Driver functions receive a pointer to this structure. Each registered driver has one instance of this structure. Implementations must include the fields specified here and may include other fields.

\def MBEDTLS_AES_C Enable the AES block cipher. Module: library/aes.c Caller: library/cipher.c library/pem.c library/ctr_drbg.c This module enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA PEM_PARSE uses AES for decrypting encrypted keys.

MBEDTLS_PSA_CRYPTO_C

mbedtls_config.h:3225

\def MBEDTLS_PSA_CRYPTO_C Enable the Platform Security Architecture cryptography API. Module: library/psa_crypto.c Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C, or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. Auto-enables: MBEDTLS_CIPHER_C if any unauthenticated (ie, non-AEAD) cipher is enabled in PSA (unless it's fully accelerated, see docs/driver-only-builds.md about that).

psa_key_derivation_step_t

crypto_types.h:456

Encoding of the step of a key derivation. Values of this type are generally constructed by macros called `PSA_KEY_DERIVATION_INPUT_xxx`.

psa_crypto_driver_pake_inputs_s

crypto_extra.h:1787

The type of input values for PAKE operations.

MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

pk.h:46

ctx

crypto_builtin_primitives.h:54

pk_info

pk.h:221

MBEDTLS_ARIA_BLOCKSIZE

aria.h:31

ARIA block size in bytes.

\def MBEDTLS_ECDSA_C Enable the elliptic curve DSA library. Module: library/ecdsa.c Caller: This module is used by the following key exchanges: ECDHE-ECDSA Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C, and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a short Weierstrass curve.

MBEDTLS_CIPHER_MODE_CBC

esp_config.h:270

\def MBEDTLS_TIMING_ALT Uncomment to provide your own alternate implementation for mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() Only works if you have MBEDTLS_TIMING_C enabled. You will need to provide a header "timing_alt.h" and an implementation at compile time. \def MBEDTLS_AES_ALT MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your alternate core implementation of a symmetric crypto, an arithmetic or hash module (e.g. platform specific assembly optimized implementations). Keep in mind that the function prototypes should remain the same. This replaces the whole module. If you only want to replace one of the functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer provide the "struct mbedtls_aes_context" definition and omit the base function declarations and implementations. "aes_alt.h" will be included from "aes.h" to include the new function definitions. Uncomment a macro to enable alternate implementation of the corresponding module. \warning MD5, DES and SHA-1 are considered weak and their use constitutes a security risk. If possible, we recommend avoiding dependencies on them, and considering stronger message digests and ciphers instead. \def MBEDTLS_SHA256_PROCESS_ALT MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you alternate core implementation of symmetric crypto or hash function. Keep in mind that function prototypes should remain the same. This replaces only one function. The header file from Mbed TLS is still used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will no longer provide the mbedtls_sha1_process() function, but it will still provide the other function (using your mbedtls_sha1_process() function) and the definition of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible with this definition. Uncomment a macro to enable alternate implementation of the corresponding function. \warning MD5, DES and SHA-1 are considered weak and their use constitutes a security risk. If possible, we recommend avoiding dependencies on them, and considering stronger message digests and ciphers instead. \warning If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are enabled, then the deterministic ECDH signature functions pass the the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore alternative implementations should use the RNG only for generating the ephemeral key and nothing else. If this is not possible, then MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative implementation should be provided for mbedtls_ecdsa_sign_det_ext(). \def MBEDTLS_ECP_INTERNAL_ALT Expose a part of the internal interface of the Elliptic Curve Point module. MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your alternative core implementation of elliptic curve arithmetic. Keep in mind that function prototypes should remain the same. This partially replaces one function. The header file from Mbed TLS is still used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation is still present and it is used for group structures not supported by the alternative. The original implementation can in addition be removed by setting the MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be able to fallback to curves not supported by the alternative implementation. Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT and implementing the following functions: unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp ) int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) The mbedtls_internal_ecp_grp_capable function should return 1 if the replacement functions implement arithmetic for the given group and 0 otherwise. The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are called before and after each point operation and provide an opportunity to implement optimized set up and tear down instructions. Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac() function, but will use your mbedtls_internal_ecp_double_jac() if the group for the operation is supported by your implementation (i.e. your mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the group is not supported by your implementation, then the original Mbed TLS implementation of ecp_double_jac() is used instead, unless this fallback behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE). The function prototypes and the definition of mbedtls_ecp_group and mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your implementation of mbedtls_internal_ecp__function_name__ must be compatible with their definitions. Uncomment a macro to enable alternate implementation of the corresponding function. \def MBEDTLS_ENTROPY_HARDWARE_ALT Uncomment this macro to let Mbed TLS use your own implementation of a hardware entropy collector. Your function must be called \c mbedtls_hardware_poll(), have the same prototype as declared in library/entropy_poll.h, and accept NULL as first argument. Uncomment to use your own hardware entropy collector. \def MBEDTLS_AES_ROM_TABLES Use precomputed AES tables stored in ROM. Uncomment this macro to use precomputed AES tables stored in ROM. Comment this macro to generate AES tables in RAM at runtime. Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the initialization time before the first AES operation can be performed. It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded performance if ROM access is slower than RAM access. This option is independent of \c MBEDTLS_AES_FEWER_TABLES. \def MBEDTLS_AES_FEWER_TABLES Use less ROM/RAM for AES tables. Uncommenting this macro omits 75% of the AES tables from ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) by computing their values on the fly during operations (the tables are entry-wise rotations of one another). Tradeoff: Uncommenting this reduces the RAM / ROM footprint by ~6kb but at the cost of more arithmetic operations during runtime. Specifically, one has to compare 4 accesses within different tables to 4 accesses with additional arithmetic operations within the same table. The performance gain/loss depends on the system and memory details. This option is independent of \c MBEDTLS_AES_ROM_TABLES. \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH Use only 128-bit keys in AES operations to save ROM. Uncomment this macro to remove support for AES operations that use 192- or 256-bit keys. Uncommenting this macro reduces the size of AES code by ~300 bytes on v8-M/Thumb2. Module: library/aes.c Requires: MBEDTLS_AES_C \def MBEDTLS_CAMELLIA_SMALL_MEMORY Use less ROM for the Camellia implementation (saves about 768 bytes). Uncomment this macro to use less memory for Camellia. \def MBEDTLS_CHECK_RETURN_WARNING If this macro is defined, emit a compile-time warning if application code calls a function without checking its return value, but the return value should generally be checked in portable applications. This is only supported on platforms where #MBEDTLS_CHECK_RETURN is implemented. Otherwise this option has no effect. Uncomment to get warnings on using fallible functions without checking their return value. \def MBEDTLS_CIPHER_MODE_CBC Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.

MBEDTLS_PK_RSA

pk.h:75

PSA_CRYPTO_MBED_TLS_DRIVER_ID

psa_crypto_driver_wrappers.h:51

PSA_ERROR_BUFFER_TOO_SMALL

crypto_values.h:98

An output buffer is too small. Applications can call the \c PSA_xxx_SIZE macro listed in the function description to determine a sufficient buffer size. Implementations should preferably return this error code only in cases when performing the operation with a larger output buffer would succeed. However implementations may return this error if a function has invalid or unsupported parameters in addition

in_hslen

ssl.h:1818

data

psa_crypto_core.h:158

bytes

psa_crypto_core.h:159

mbedtls_x509_csr

x509_csr.h:38

Certificate Signing Request (CSR) structure. Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields point to is unspecified.

MBEDTLS_PK_HAVE_ECC_KEYS

config_adjust_legacy_crypto.h:408

MBEDTLS_SSL_HAVE_CBC

config_adjust_legacy_crypto.h:453

mbedtls_psa_mac_operation_t

crypto_builtin_composites.h:57

MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA

cipher.h:40

MBEDTLS_ERR_ASN1_UNEXPECTED_TAG

asn1.h:39

MBEDTLS_SSL_MSG_HANDSHAKE

ssl.h:525

MBEDTLS_PUT_UINT32_BE

alignment.h:427

Put in memory a 32 bits unsigned integer in big-endian order.

mbedtls_aes_xts_context

aes.h:87

The AES XTS context-type definition.

MBEDTLS_FS_IO

esp_config.h:905

\def MBEDTLS_FS_IO Enable functions that use the filesystem.

The order of \p G.

The generator of the subgroup used.

mbedtls_ssl_handshake_params

ssl_misc.h:641

MBEDTLS_CHECK_RETURN_TYPICAL

Callback for getting (pseudo-)random numbers

\def MBEDTLS_ECP_C Enable the elliptic curve over GF(p) library. Module: library/ecp.c Caller: library/ecdh.c library/ecdsa.c library/ecjpake.c Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED

MBEDTLS_GCM_C

esp_config.h:2134

\def MBEDTLS_GCM_C Enable the Galois/Counter Mode (GCM). Module: library/gcm.c Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other requisites are enabled as well.

mbedtls_psa_cipher_operation_t

crypto_builtin_primitives.h:101

psa_crypto_driver_pake_step

The named value.

Information about the associated message digest.

PEM context structure

psa_se_drv_table_entry_s

psa_crypto_se.h:69

A structure that describes a registered secure element driver. A secure element driver table entry contains a pointer to the driver's method table as well as the driver context structure.

FSb

aes.c:78

mbedtls_ecp_curve_info

ecp.h:140

Curve information, for use by other modules. The fields of this structure are part of the public API and can be accessed directly by applications. Future versions of the library may add extra fields or reorder existing fields.

MBEDTLS_PK_ECKEY

pk.h:76

PSA_KEY_LIFETIME_GET_LOCATION

crypto_values.h:2345

MBEDTLS_ASN1_CONTEXT_SPECIFIC

MBEDTLS_LMOTS_SHA256_N32_W8

lms.h:84

mbedtls_ssl_cache_context

ssl_cache.h:67

Cache context

MBEDTLS_CIPHER_MODE_CFB

esp_config.h:277

\def MBEDTLS_CIPHER_MODE_CFB Enable Cipher Feedback mode (CFB) for symmetric ciphers.

MBEDTLS_CIPHER_MODE_CTR

esp_config.h:284

\def MBEDTLS_CIPHER_MODE_CTR Enable Counter Block Cipher mode (CTR) for symmetric ciphers.

MBEDTLS_CIPHER_C

esp_config.h:1921

\def MBEDTLS_CIPHER_C Enable the generic cipher layer. Module: library/cipher.c Caller: library/ccm.c library/cmac.c library/gcm.c library/nist_kw.c library/pkcs12.c library/pkcs5.c library/psa_crypto_aead.c library/psa_crypto_mac.c library/ssl_ciphersuites.c library/ssl_msg.c library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled) Auto-enabled by: MBEDTLS_PSA_CRYPTO_C depending on which ciphers are enabled (see the documentation of that option for details). Uncomment to enable generic cipher wrappers.

MBEDTLS_PSA_CRYPTO_CLIENT

config_adjust_legacy_crypto.h:359

MBEDTLS_SSL_HAVE_GCM

config_adjust_legacy_crypto.h:458

ecp.h:430

psa_sign_hash_interruptible_operation_s

cipher.h:288

The cipher mode (as per mbedtls_cipher_mode_t). For example, MBEDTLS_MODE_CBC.

endpoint

ssl.h:1426

mbedtls_mpi_mod_residue

bignum_mod.h:105

ecp.h:234

An internal group identifier.

crypto_struct.h:450

The context for PSA interruptible hash signing.

psa_verify_hash_interruptible_operation_s

crypto_struct.h:488

The context for PSA interruptible hash verification.

PSA_ERROR_INSUFFICIENT_MEMORY

crypto_values.h:143

There is not enough runtime memory. If the action is carried out across multiple security realms, this

Maximum TLS version to be negotiated, then negotiated TLS version. It is initialized as the configured maximum TLS version to be negotiated by mbedtls_ssl_setup(). When renegotiating or resuming a session, it is overwritten in the ClientHello writing preparation stage with the previously negotiated TLS version. On client side, it is updated to the TLS version selected by the server for the handshake when the ServerHello is received. On server side, it is updated to the TLS version the server selects for the handshake when the ClientHello is received.

MBEDTLS_SSL_SERVER_NAME_INDICATION

psa_crypto_core.h:964

mbedtls_ssl_cache_entry

ssl_cache.h:50

This structure is used for storing cache entries

Curve not defined.

Build flag from an algorithm/curve identifier (pk, md, ecp) Since 0 is always XXX_NONE, ignore it.

AES decryption.

\def MBEDTLS_PLATFORM_C Enable the platform abstraction layer that allows you to re-assign functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned above to be specified at runtime or compile time respectively. Module: library/platform.c Caller: Most other .c files This module enables abstraction of common (libc) functions.

asn1.h:189

The next entry in the sequence. The details of memory management for named data sequences are not documented and may change in future versions. Set this field to \p NULL when initializing a structure, and do not modify it except via Mbed TLS library functions.

\def MBEDTLS_CCM_C Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. Module: library/ccm.c Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C This module enables the AES-CCM ciphersuites, if other requisites are enabled as well.

MBEDTLS_AES_ENCRYPT

aes.h:39

AES encryption.

esp_config.h:1565

\def MBEDTLS_SSL_SERVER_NAME_INDICATION Enable support for RFC 6066 server name indication (SNI) in SSL. Requires: MBEDTLS_X509_CRT_PARSE_C Comment this macro to disable support for server name indication in SSL

MBEDTLS_MD_CAN_SHA1

config_adjust_legacy_crypto.h:169

mbedtls_psa_hash_operation_t

crypto_builtin_primitives.h:52

asn1.h:171

The next entry in the sequence. The details of memory management for sequences are not documented and may change in future versions. Set this field to \p NULL when initializing a structure, and do not modify it except via Mbed TLS library functions.

Number of Bytes that have not been processed yet.

The buf working value.

MBEDTLS_GET_UINT32_BE

alignment.h:412

Get the unsigned 32 bits integer corresponding to four bytes in big-endian order (MSB first).

The buf working value.

MBEDTLS_ERR_ASN1_BUF_TOO_SMALL

asn1.h:49

MBEDTLS_VERSION_NUMBER

build_info.h:36

The single version number has the following structure: MMNNPP00 Major version | Minor version | Patch version

MBEDTLS_SSL_KEEP_PEER_CERTIFICATE

esp_config.h:1141

\def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE This option controls the availability of the API mbedtls_ssl_get_peer_cert() giving access to the peer's certificate after completion of the handshake. Unless you need mbedtls_ssl_peer_cert() in your application, it is recommended to disable this option for reduced RAM usage. Comment this macro to disable storing the peer's certificate after the handshake.

mbedtls_psa_pake_operation_t

crypto_builtin_composites.h:191

mbedtls_ssl_ticket_context

ssl_ticket.h:71

Context for session ticket handling functions

MBEDTLS_SSL_OUT_CONTENT_LEN

esp_config.h:2954

\def MBEDTLS_SSL_OUT_CONTENT_LEN Maximum outgoing fragment length in bytes. Uncomment to set the size of the outward TLS buffer independently of the inward buffer. It is possible to save RAM by setting a smaller outward buffer, while keeping the default inward 16384 byte buffer to conform to the TLS specification. The minimum required outward buffer size is determined by the handshake protocol's usage. Handshaking will fail if the outward buffer is too small. The specific size requirement depends on the configured ciphers and any certificate data which is sent during the handshake. For absolute minimum RAM usage, it's best to enable MBEDTLS_SSL_MAX_FRAGMENT_LENGTH and reduce MBEDTLS_SSL_MAX_CONTENT_LEN. This reduces both incoming and outgoing buffer sizes. However this is only guaranteed if the other end of the connection also supports the TLS max_fragment_len extension. Otherwise the connection may fail.

MBEDTLS_BIGNUM_C

esp_config.h:1768

\def MBEDTLS_BLOCK_CIPHER_NO_DECRYPT Remove decryption operation for AES, ARIA and Camellia block cipher. Module: library/aes.c library/aesce.c library/aesni.c library/aria.c library/camellia.c library/cipher.c \def MBEDTLS_BIGNUM_C Enable the multi-precision integer library. Module: library/bignum.c library/bignum_core.c library/bignum_mod.c library/bignum_mod_raw.c Caller: library/dhm.c library/ecp.c library/ecdsa.c library/rsa.c library/rsa_alt_helpers.c library/ssl_tls.c This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.

MBEDTLS_DES_C

mbedtls_config.h:2699

\def MBEDTLS_DES_C Enable the DES block cipher. Module: library/des.c Caller: library/pem.c library/cipher.c PEM_PARSE uses DES/3DES for decrypting encrypted keys. \warning DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

MBEDTLS_PEM_PARSE_C

esp_config.h:2295

\def MBEDTLS_PEM_PARSE_C Enable PEM decoding / parsing. Module: library/pem.c Caller: library/dhm.c library/pkparse.c library/x509_crl.c library/x509_crt.c library/x509_csr.c Requires: MBEDTLS_BASE64_C optionally MBEDTLS_MD5_C, or PSA Crypto with MD5 (see below) \warning When parsing password-protected files, if MD5 is provided only by a PSA driver, you must call psa_crypto_init() before the first file. This modules adds support for decoding / parsing PEM files.

mbedtls_mpi_sint

bignum.h:170

PSA_KEY_LOCATION_LOCAL_STORAGE

crypto_values.h:2408

The local storage area for persistent keys. This storage area is available on all systems that can store persistent keys without delegating the storage to a third-party cryptoprocessor. See ::psa_key_location_t for more information.

IV length

MBEDTLS_GET_UINT32_LE

alignment.h:448

Get the unsigned 32 bits integer corresponding to four bytes in little-endian order (LSB first).

MBEDTLS_SSL_CHK_BUF_PTR

ssl_misc.h:543

This macro checks if the remaining size in a buffer is greater or equal than a needed space. If it is not the case, it returns an SSL_BUFFER_TOO_SMALL error.

ecp_curves.c:4856

MBEDTLS_ERR_MPI_BAD_INPUT_DATA

bignum.h:26

MBEDTLS_ERR_PK_BAD_INPUT_DATA

pk.h:40

MBEDTLS_MD_SHA512

md.h:55

The SHA-512 message digest.

MBEDTLS_CIPHER_MODE_XTS

esp_config.h:298

\def MBEDTLS_CIPHER_MODE_XTS Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.

MBEDTLS_CHACHAPOLY_C

mbedtls_config.h:2595

\def MBEDTLS_CHACHAPOLY_C Enable the ChaCha20-Poly1305 AEAD algorithm. Module: library/chachapoly.c This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C

san

x509.h:294

A union of the supported SAN types

PSA_ALG_HMAC_GET_HASH

crypto_values.h:1000

MBEDTLS_ERR_AES_BAD_INPUT_DATA

MAC(CBC) len

The underlying file descriptor. This field is only guaranteed to be present on POSIX/Unix-like platforms. On other platforms, it may have a different type, have a different meaning, or be absent altogether.

MBEDTLS_SSL_MAX_FRAGMENT_LENGTH

esp_config.h:1195

\def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH Enable support for RFC 6066 max_fragment_length extension in SSL. Comment this macro to disable support for the max_fragment_length extension

MBEDTLS_MD_C

build_info.h:163

\def MBEDTLS_MD_C Enable the generic layer for message digest (hashing) and HMAC. Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, MBEDTLS_SHA512_C, or MBEDTLS_PSA_CRYPTO_C with at least one hash. Module: library/md.c Caller: library/constant_time.c library/ecdsa.c library/ecjpake.c library/hkdf.c library/hmac_drbg.c library/pk.c library/pkcs5.c library/pkcs12.c library/psa_crypto_ecp.c library/psa_crypto_rsa.c library/rsa.c library/ssl_cookie.c library/ssl_msg.c library/ssl_tls.c library/x509.c library/x509_crt.c library/x509write_crt.c library/x509write_csr.c Uncomment to enable generic message digest wrappers.

psa_key_lifetime_t

crypto_types.h:183

Encoding of key lifetimes. The lifetime of a key indicates where it is stored and what system actions may create and destroy it. Lifetime values have the following structure: - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)): persistence level. This value indicates what device management actions can cause it to be destroyed. In particular, it indicates whether the key is _volatile_ or _persistent_. See ::psa_key_persistence_t for more information. - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)): location indicator. This value indicates which part of the system has access to the key material and can perform operations using the key. See ::psa_key_location_t for more information. Volatile keys are automatically destroyed when the application instance terminates or on a power reset of the device. Persistent keys are preserved until the application explicitly destroys them or until an integration-specific device management event occurs (for example, a factory reset). Persistent keys have a key identifier of type #mbedtls_svc_key_id_t. This identifier remains valid throughout the lifetime of the key, even if the application instance that created the key terminates. The application can call psa_open_key() to open a persistent key that it created previously. The default lifetime of a key is #PSA_KEY_LIFETIME_VOLATILE. The lifetime #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is available. Other lifetime values may be supported depending on the library configuration. Values of this type are generally constructed by macros called `PSA_KEY_LIFETIME_xxx`.

A type for UIDs used for identifying data

MBEDTLS_ERR_X509_INVALID_ALG

x509.h:55

mbedtls_ssl_cookie_ctx

ssl_cookie.h:44

Context for the default cookie functions.

MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA

ssl_ciphersuites.h:262

oid

asn1.h:179

The object identifier.

MBEDTLS_ERR_RSA_KEY_CHECK_FAILED

rsa.h:39

cipher_ctx

cipher.h:350

The cipher-specific context.

mbedtls_mpi_mod_modulus

bignum_mod.h:121

mbedtls_pkcs7_signer_info

pkcs7.h:108

Structure holding PKCS #7 signer info

MBEDTLS_ERR_SSL_ALLOC_FAILED

ssl.h:109

MBEDTLS_SHA256_C

esp_config.h:2540

\def MBEDTLS_SHA256_C Enable the SHA-256 cryptographic hash algorithm. Module: library/sha256.c Caller: library/entropy.c library/md.c library/ssl_tls.c library/ssl*_client.c library/ssl*_server.c This module adds support for SHA-256. This module is required for the SSL/TLS 1.2 PRF function.

MBEDTLS_SSL_IS_CLIENT

ssl.h:282

mbedtls_tls_prf_types

ssl.h:1334

MBEDTLS_MD_CAN_SHA512

config_adjust_legacy_crypto.h:185

psa_custom_key_parameters_s

crypto_struct.h:226

Custom parameters for key generation or key derivation. This is a structure type with at least the following field: - \c flags: an unsigned integer type. 0 for the default production parameters. Functions that take such a structure as input also take an associated input buffer \c custom_data of length \c custom_data_length. The interpretation of this structure and the associated \c custom_data parameter depend on the type of the created key. - #PSA_KEY_TYPE_RSA_KEY_PAIR: - \c flags: must be 0. - \c custom_data: the public exponent, in little-endian order. This must be an odd integer and must not be 1. Implementations must support 65537, should support 3 and may support other values. When not using a driver, Mbed TLS supports values up to \c INT_MAX. If this is empty, the default value 65537 is used. - Other key types: reserved for future use. \c flags must be 0.

MBEDTLS_KEY_EXCHANGE_DHE_RSA

x509_crt.h:44

The raw certificate data (DER).

ssl_ciphersuites.h:260

buf

asn1.h:162

Buffer containing the given ASN.1 item.

PSA_ALG_HASH_MASK

crypto_values.h:914

MBEDTLS_ASN1_OCTET_STRING

asn1.h:67

MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE

The Y working buffer

The ARIA round keys.

MBEDTLS_ERR_PK_TYPE_MISMATCH

pk.h:38

MBEDTLS_ERR_X509_BAD_INPUT_DATA

x509.h:75

MBEDTLS_SHA512_C

esp_config.h:2557

\def MBEDTLS_SHA512_C Enable SHA-512 cryptographic hash algorithms. Module: library/sha512.c Caller: library/entropy.c library/md.c library/ssl_tls.c library/ssl_cookie.c This module adds support for SHA-512.

MBEDTLS_AES_BLOCK_SIZE

cmac.h:27

MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED

esp_config.h:758

\def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA) MBEDTLS_X509_CRT_PARSE_C This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256

MBEDTLS_PKCS1_V15

esp_config.h:943

\def MBEDTLS_PKCS1_V15 Enable support for PKCS#1 v1.5 encoding. Requires: MBEDTLS_RSA_C This enables support for PKCS#1 v1.5 operations.

MBEDTLS_ASN1_PARSE_C

esp_config.h:1722

\def MBEDTLS_ASN1_PARSE_C Enable the generic ASN1 parser. Module: library/asn1.c Caller: library/x509.c library/dhm.c library/pkcs12.c library/pkcs5.c library/pkparse.c

MBEDTLS_CAMELLIA_C

mbedtls_config.h:2508

\def MBEDTLS_CAMELLIA_C Enable the Camellia block cipher. Module: library/camellia.c Caller: library/cipher.c This module enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256

MBEDTLS_DHM_C

mbedtls_config.h:2721

\def MBEDTLS_DHM_C Enable the Diffie-Hellman-Merkle module. Module: library/dhm.c Caller: library/ssl_tls.c library/ssl*_client.c library/ssl*_server.c This module is used by the following key exchanges: DHE-RSA, DHE-PSK \warning Using DHE constitutes a security risk as it is not possible to validate custom DH parameters. If possible, it is recommended users should consider preferring other methods of key exchange. See dhm.h for more details.

mbedtls_x509_subject_alternative_name

x509.h:292

A structure for holding the parsed Subject Alternative Name, according to type. Future versions of the library may add new fields to this structure or to its embedded union and structure.

MBEDTLS_ERR_ASN1_INVALID_DATA

asn1.h:45

MBEDTLS_ASN1_UTF8_STRING

asn1.h:71

mbedtls_pkcs7

pkcs7.h:138

Structure holding PKCS #7 structure, only signed data for now

global_data

psa_crypto_slot_management.c:193

mbedtls_ssl_flight_item

ssl_misc.h:1258

MBEDTLS_ERR_X509_INVALID_FORMAT

x509.h:49

MBEDTLS_CIPHER_AES_128_CBC

cipher.h:90

AES cipher with 128-bit CBC mode.

MBEDTLS_CIPHER_AES_256_CBC

cipher.h:92

AES cipher with 256-bit CBC mode.

esp_sha256.c:167

total

sha256_alt.h:46

number of bytes processed

MBEDTLS_SSL_ENCRYPT_THEN_MAC

esp_config.h:1075

\def MBEDTLS_SSL_DEBUG_ALL Enable the debug messages in SSL module for all issues. Debug messages have been disabled in some places to prevent timing attacks due to (unbalanced) debugging function calls. If you need all error reporting you should enable this during debugging, but remove this for production servers that should log as well. Uncomment this macro to report all debug messages on errors introducing a timing side-channel. \def MBEDTLS_SSL_ENCRYPT_THEN_MAC Enable support for Encrypt-then-MAC, RFC 7366. This allows peers that both support it to use a more robust protection for ciphersuites using CBC, providing deep resistance against timing attacks on the padding or underlying cipher. This only affects CBC ciphersuites, and is useless if none is defined. Requires: MBEDTLS_SSL_PROTO_TLS1_2 Comment this macro to disable support for Encrypt-then-MAC

MBEDTLS_DEBUG_C

mbedtls_config.h:2683

\def MBEDTLS_DEBUG_C Enable the debug functions. Module: library/debug.c Caller: library/ssl_msg.c library/ssl_tls.c library/ssl_tls12_*.c library/ssl_tls13_*.c This module provides debugging functions.

MBEDTLS_SHA224_C

esp_config.h:2523

\def MBEDTLS_SHA224_C Enable the SHA-224 cryptographic hash algorithm. Module: library/sha256.c Caller: library/md.c library/ssl_cookie.c This module adds support for SHA-224.

MBEDTLS_SHA384_C

esp_config.h:2556

\def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms with the ARMv8 cryptographic extensions if they are available at runtime. If not, the library will fall back to the C implementation. \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT cannot be defined at the same time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY. Requires: MBEDTLS_SHA256_C. Module: library/sha256.c Uncomment to have the library check for the Armv8-A SHA-256 crypto extensions and use them if available. \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT. This name is now deprecated, but may still be used as an alternative form for this option. \def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms with the ARMv8 cryptographic extensions, which must be available at runtime or else an illegal instruction fault will occur. \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY cannot be defined at the same time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT. Requires: MBEDTLS_SHA256_C. Module: library/sha256.c Uncomment to have the library use the Armv8-A SHA-256 crypto extensions unconditionally. \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY. This name is now deprecated, but may still be used as an alternative form for this option. \def MBEDTLS_SHA384_C Enable the SHA-384 cryptographic hash algorithm. Module: library/sha512.c Caller: library/md.c library/psa_crypto_hash.c library/ssl_tls.c library/ssl*_client.c library/ssl*_server.c Comment to disable SHA-384

psa_tls12_prf_key_derivation_s

crypto_builtin_key_derivation.h:64

number of bytes processed

MBEDTLS_KEY_EXCHANGE_PSK

ssl_ciphersuites.h:263

mbedtls_ecdh_context_mbed

ecdh.h:86

The context used by the default ECDH implementation. Later versions might change the structure of this context, therefore users should not make any assumptions about the structure of mbedtls_ecdh_context_mbed.

mbedtls_time_t

platform_time.h:27

MBEDTLS_ERR_MD_BAD_INPUT_DATA

md.h:26

MBEDTLS_MD_MAX_SIZE

md.h:71

MBEDTLS_ERR_GCM_BAD_INPUT

gcm.h:39

psa_storage_info_t

psa_crypto_its.h:36

A container for metadata associated with a specific uid

Container for the public key context.

MBEDTLS_CIPHER_MODE_OFB

esp_config.h:291

\def MBEDTLS_CIPHER_MODE_OFB Enable Output Feedback mode (OFB) for symmetric ciphers.

MBEDTLS_ARIA_C

mbedtls_config.h:2560

\def MBEDTLS_ARIA_C Enable the ARIA block cipher. Module: library/aria.c Caller: library/cipher.c This module enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384

nbits

ecp.h:246

For Short Weierstrass: The number of bits in \p P. For Montgomery curves: the number of bits in the private keys.

mbedtls_ecp_restart_ctx

ecp.h:416

MBEDTLS_KEY_EXCHANGE_RSA

ssl_ciphersuites.h:259

MBEDTLS_KEY_EXCHANGE_ECDHE_RSA

ssl_ciphersuites.h:261

MBEDTLS_KEY_EXCHANGE_RSA_PSK

ssl_ciphersuites.h:265

mbedtls_cipher_base_t

cipher_wrap.h:74

Base cipher information. The non-mode specific functions and values.

MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED

ssl_ciphersuites.h:317

MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE

ssl.h:74

MBEDTLS_CTR_DRBG_BLOCKSIZE

ctr_drbg.h:73

The block size used by the cipher.

modp

ecp.h:252

The function for fast pseudo-reduction mod \p P (see above).

LMS public context structure. A LMS public key is the hash output that is the root of the Merkle tree, and the applicable parameter set The context must be initialized before it is used. A public key must either be imported or generated from a private context. \dot digraph lms_public_t { UNINITIALIZED -> INIT [label="init"]; HAVE_PUBLIC_KEY -> INIT [label="free"]; INIT -> HAVE_PUBLIC_KEY [label="import_public_key"]; INIT -> HAVE_PUBLIC_KEY [label="calculate_public_key from private key"]; HAVE_PUBLIC_KEY -> HAVE_PUBLIC_KEY [label="export_public_key"]; } \enddot

mbedtls_lmots_public_t

lms.h:121

LMOTS public context structure. A LMOTS public key is a hash output, and the applicable parameter set. The context must be initialized before it is used. A public key must either be imported or generated from a private context. \dot digraph lmots_public_t { UNINITIALIZED -> INIT [label="init"]; HAVE_PUBLIC_KEY -> INIT [label="free"]; INIT -> HAVE_PUBLIC_KEY [label="import_public_key"]; INIT -> HAVE_PUBLIC_KEY [label="calculate_public_key from private key"]; HAVE_PUBLIC_KEY -> HAVE_PUBLIC_KEY [label="export_public_key"]; } \enddot

MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT

pem.h:25

\name PEM Error codes These error codes are returned in case of errors reading the PEM data.

psa_key_slot_number_t

crypto_se_driver.h:137

An internal designation of a key slot between the core part of the PSA Crypto implementation and the driver. The meaning of this value is driver-dependent.

MBEDTLS_SSL_TLS_C

esp_config.h:2668

\def MBEDTLS_SSL_TLS_C Enable the generic SSL/TLS code. Module: library/ssl_tls.c Caller: library/ssl*_client.c library/ssl*_server.c Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C and at least one of the MBEDTLS_SSL_PROTO_XXX defines This module is required for SSL/TLS.

MBEDTLS_ERR_X509_INVALID_NAME

x509.h:57

MBEDTLS_ENCRYPT

cipher.h:202

mbedtls_aes_setkey_enc

aes_alt.h:37

MBEDTLS_ERR_SSL_WANT_READ

ssl.h:136

MBEDTLS_PKCS1_V21

esp_config.h:954

\def MBEDTLS_PKCS1_V21 Enable support for PKCS#1 v2.1 encoding. Requires: MBEDTLS_RSA_C \warning If using a hash that is only provided by PSA drivers, you must call psa_crypto_init() before doing any PKCS#1 v2.1 operation. This enables support for RSAES-OAEP and RSASSA-PSS operations.

MBEDTLS_SSL_ALPN

esp_config.h:1427

\def MBEDTLS_SSL_ALPN Enable support for RFC 7301 Application Layer Protocol Negotiation. Comment this macro to disable support for ALPN.

unstructured_name

x509.h:297

The buffer for the unstructured types. rfc822Name, dnsName and uniformResourceIdentifier are currently supported.

total

sha512_alt.h:48

number of bytes processed

MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE

crypto_builtin_composites.h:198

MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL

ecp.h:37

MBEDTLS_MD_MD5

md.h:49

The MD5 message digest.

MBEDTLS_ECP_DP_SECP256R1

ecp.h:106

Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1.

MBEDTLS_PSA_KEY_STORE_DYNAMIC

mbedtls_config.h:1432

\def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS Enable support for platform built-in keys. If you enable this feature, you must implement the function mbedtls_psa_platform_get_builtin_key(). See the documentation of that function for more information. Built-in keys are typically derived from a hardware unique key or stored in a secure element. Requires: MBEDTLS_PSA_CRYPTO_C. \warning This interface is experimental and may change or be removed without notice. \def MBEDTLS_PSA_CRYPTO_CLIENT Enable support for PSA crypto client. \warning This interface is experimental and may change or be removed without notice. \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Make the PSA Crypto module use an external random generator provided by a driver, instead of Mbed TLS's entropy and DRBG modules. If you enable this option, you must configure the type ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h and define a function called mbedtls_psa_external_get_random() with the following prototype: ``` psa_status_t mbedtls_psa_external_get_random( mbedtls_psa_external_random_context_t *context, uint8_t *output, size_t output_size, size_t *output_length); ); ``` The \c context value is initialized to 0 before the first call. The function must fill the \c output buffer with \c output_size bytes of random data and set \c *output_length to \c output_size. Requires: MBEDTLS_PSA_CRYPTO_C \warning If you enable this option, code that uses the PSA cryptography interface will not use any of the entropy sources set up for the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED enables. \def MBEDTLS_PSA_CRYPTO_SPM When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure Partition Manager) integration which separates the code into two parts: a NSPE (Non-Secure Process Environment) and an SPE (Secure Process Environment). If you enable this option, your build environment must include a header file `"crypto_spe.h"` (either in the `psa` subdirectory of the Mbed TLS header files, or in another directory on the compiler's include search path). Alternatively, your platform may customize the header `psa/crypto_platform.h`, in which case it can skip or replace the inclusion of `"crypto_spe.h"`. Module: library/psa_crypto.c Requires: MBEDTLS_PSA_CRYPTO_C \def MBEDTLS_PSA_KEY_STORE_DYNAMIC Dynamically resize the PSA key store to accommodate any number of volatile keys (until the heap memory is exhausted). If this option is disabled, the key store has a fixed size #MBEDTLS_PSA_KEY_SLOT_COUNT for volatile keys and loaded persistent keys together. This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled. Module: library/psa_crypto.c Requires: MBEDTLS_PSA_CRYPTO_C

MBEDTLS_SSL_DTLS_SRTP

esp_config.h:1503

mbedtls_chachapoly_context

chachapoly.h:48

mbedtls_psa_sign_hash_interruptible_operation_t

crypto_builtin_composites.h:108

mbedtls_psa_verify_hash_interruptible_operation_t

crypto_builtin_composites.h:142

MBEDTLS_KEY_EXCHANGE_ECDH_RSA

ssl_ciphersuites.h:267

MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA

ssl_ciphersuites.h:268

PSA_ALG_AEAD_WITH_SHORTENED_TAG

crypto_values.h:1327

Macro to build a shortened AEAD algorithm. A shortened AEAD algorithm is similar to the corresponding AEAD algorithm, but has an authentication tag that consists of fewer bytes. Depending on the algorithm, the tag length may affect the calculation of the ciphertext.

MBEDTLS_CIPHER_VARIABLE_IV_LEN

cipher.h:52

Cipher accepts IVs of variable length.

MBEDTLS_ERR_ASN1_OUT_OF_DATA

asn1.h:37

\name ASN1 Error codes These error codes are combined with other error codes for higher error granularity. e.g. X.509 and PKCS #7 error codes ASN1 is a standard to specify data structures.

MBEDTLS_PUT_UINT32_LE

alignment.h:464

Put in memory a 32 bits unsigned integer in little-endian order.

mbedtls_x25519_context

x25519.h:44

The x25519 context structure.

mbedtls_ecdh_context_everest

everest.h:40

MBEDTLS_LMS_SHA256_M32_H10

lms.h:76

MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE

lms.h:167

ssl.h:538

MBEDTLS_SSL_IS_SERVER

ssl.h:283

MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG

ssl_misc.h:356

MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED

mbedtls_config.h:928

\def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256

MBEDTLS_SSL_EXTENDED_MASTER_SECRET

esp_config.h:1095

\def MBEDTLS_SSL_EXTENDED_MASTER_SECRET Enable support for RFC 7627: Session Hash and Extended Master Secret Extension. This was introduced as "the proper fix" to the Triple Handshake family of attacks, but it is recommended to always use it (even if you disable renegotiation), since it actually fixes a more fundamental issue in the original SSL/TLS design, and has implications beyond Triple Handshake. Requires: MBEDTLS_SSL_PROTO_TLS1_2 Comment this macro to disable support for Extended Master Secret.

MBEDTLS_SSL_DTLS_ANTI_REPLAY

mbedtls_config.h:1933

\def MBEDTLS_SSL_DTLS_ANTI_REPLAY Enable support for the anti-replay mechanism in DTLS. Requires: MBEDTLS_SSL_TLS_C MBEDTLS_SSL_PROTO_DTLS \warning Disabling this is often a security risk! See mbedtls_ssl_conf_dtls_anti_replay() for details. Comment this to disable anti-replay in DTLS.

MBEDTLS_PK_C

esp_config.h:2338

\def MBEDTLS_PK_C Enable the generic public (asymmetric) key layer. Module: library/pk.c Caller: library/psa_crypto_rsa.c library/ssl_tls.c library/ssl*_client.c library/ssl*_server.c library/x509.c Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C or MBEDTLS_ECP_C Uncomment to enable generic public key wrappers.

psa_key_policy_s

crypto_struct.h:268

ctx

crypto_builtin_composites.h:87

psa_pake_step_t

crypto_extra.h:739

Encoding of input and output indicators for PAKE. Some PAKE algorithms need to exchange more data than just a single key share. This type is for encoding additional input and output data for such algorithms.

mbedtls_x509_crl_entry

x509_crl.h:39

Certificate revocation list entry. Contains the CA-specific serial numbers and revocation dates. Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields points to is unspecified.

MBEDTLS_ERR_MPI_NOT_ACCEPTABLE

bignum.h:36

MBEDTLS_ERR_ECP_INVALID_KEY

ecp.h:47

PSA_ERROR_INVALID_SIGNATURE

crypto_values.h:260

The signature, MAC or hash is incorrect. Verification functions return this error if the verification calculations completed successfully, and the value to be verified was determined to be incorrect. If the value to verify has an invalid size, implementations may return

PSA_ALG_CCM

crypto_values.h:1264

The CCM authenticated encryption algorithm. The underlying block cipher is determined by the key type.

MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED

ssl_ciphersuites.h:292

MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED

ssl_ciphersuites.h:381

rsa.h:95

operation

cipher.h:326

Operation that the key of the context has been initialized for.

session identifier

Outgoing record sequence number.

mbedtls_lmots_parameters_t

lms.h:93

LMOTS parameters structure. This contains the metadata associated with an LMOTS key, detailing the algorithm type, the key ID, and the leaf identifier should be key be part of a LMS key.

MBEDTLS_LMOTS_N_HASH_LEN

The SHA-224 message digest.

pbits

ecp.h:245

The number of bits in \p P.

MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED

mbedtls_config.h:951

\def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED Enable the RSA-PSK based ciphersuite modes in SSL / TLS. Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, MBEDTLS_X509_CRT_PARSE_C This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256

MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED

mbedtls_config.h:1008

\def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED Enable the DHE-RSA based ciphersuite modes in SSL / TLS. Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, MBEDTLS_X509_CRT_PARSE_C This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA \warning Using DHE constitutes a security risk as it is not possible to validate custom DH parameters. If possible, it is recommended users should consider preferring other methods of key exchange. See dhm.h for more details.

MBEDTLS_X509_RSASSA_PSS_SUPPORT

esp_config.h:1605

\def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()` and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure the set of trusted certificates through a callback instead of a linked list. This is useful for example in environments where a large number of trusted certificates is present and storing them in a linked list isn't efficient enough, or when the set of trusted certificates changes frequently. See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and `mbedtls_ssl_conf_ca_cb()` for more information. Requires: MBEDTLS_X509_CRT_PARSE_C Uncomment to enable trusted certificate callbacks. \def MBEDTLS_X509_REMOVE_INFO Disable mbedtls_x509_*_info() and related APIs. Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt() and other functions/constants only used by these functions, thus reducing the code footprint by several KB. \def MBEDTLS_X509_RSASSA_PSS_SUPPORT Enable parsing and verification of X.509 certificates, CRLs and CSRS signed with RSASSA-PSS (aka PKCS#1 v2.1). Requires: MBEDTLS_PKCS1_V21 Comment this macro to disallow using RSASSA-PSS in certificates.

MBEDTLS_PEM_WRITE_C

esp_config.h:2315

\def MBEDTLS_PEM_WRITE_C Enable PEM encoding / writing. Module: library/pem.c Caller: library/pkwrite.c library/x509write_crt.c library/x509write_csr.c Requires: MBEDTLS_BASE64_C This modules adds support for encoding / writing PEM files.

MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA

config_adjust_psa_from_legacy.h:62

The GCM cipher mode.

mbedtls_ripemd160_context

ripemd160.h:30

RIPEMD-160 context structure

MBEDTLS_ERR_CCM_BAD_INPUT

ccm.h:53

MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER

ssl.h:148

tag_length

crypto_builtin_composites.h:85

psa_util_internal.h:42

Error translation

update_checksum

ssl_misc.h:719

MBEDTLS_PSA_RANDOM_STATE

psa_util.h:67

The random generator state for the PSA subsystem. This macro always expands to NULL because the `p_rng` parameter is unused in mbedtls_psa_get_random(), but it's kept for interface's backward compatibility.

mbedtls_des3_context

des.h:60

Triple-DES context structure \warning DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

mbedtls_camellia_context

camellia.h:41

CAMELLIA context structure

ecjpake_ctx

ssl_misc.h:797

EC J-PAKE key exchange

buffer_length

crypto_builtin_composites.h:199

MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE

cipher.h:38

MBEDTLS_SHA1_C

esp_config.h:2507

\def MBEDTLS_SHA1_C Enable the SHA1 cryptographic hash algorithm. Module: library/sha1.c Caller: library/md.c library/psa_crypto_hash.c This module is required for TLS 1.2 depending on the handshake parameters, and for SHA1-signed certificates. \warning SHA-1 is considered a weak message digest and its use constitutes a security risk. If possible, we recommend avoiding dependencies on it, and considering stronger message digests instead.

MBEDTLS_MPI_MAX_SIZE

bignum.h:73

Maximum number of bytes for usable MPIs.

mbedtls_aes_init

aes_alt.h:35

MBEDTLS_ECP_DP_SECP256R1_ENABLED

esp_config.h:445

MBEDTLS_ECP_DP_CURVE25519_ENABLED

esp_config.h:491

MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED

mbedtls_config.h:910

\def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED Enable the DHE-PSK based ciphersuite modes in SSL / TLS. Requires: MBEDTLS_DHM_C This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \warning Using DHE constitutes a security risk as it is not possible to validate custom DH parameters. If possible, it is recommended users should consider preferring other methods of key exchange. See dhm.h for more details.

MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED

esp_config.h:731

\def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) MBEDTLS_RSA_C MBEDTLS_PKCS1_V15 MBEDTLS_X509_CRT_PARSE_C This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256

MBEDTLS_SSL_DTLS_HELLO_VERIFY

mbedtls_config.h:1951

\def MBEDTLS_SSL_DTLS_HELLO_VERIFY Enable support for HelloVerifyRequest on DTLS servers. This feature is highly recommended to prevent DTLS servers being used as amplifiers in DoS attacks against other hosts. It should always be enabled unless you know for sure amplification cannot be a problem in the environment in which your server operates. \warning Disabling this can be a security risk! (see above) Requires: MBEDTLS_SSL_PROTO_DTLS Comment this to disable support for HelloVerifyRequest.

MBEDTLS_PSA_BUILTIN_ALG_ECDSA

config_adjust_psa_from_legacy.h:56

year

x509.h:247

MBEDTLS_KEY_EXCHANGE_ECDHE_PSK

ssl_ciphersuites.h:266

mbedtls_x509_san_list

x509.h:303

MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED

id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}

hash_id

rsa.h:114

crypto_struct.h:169

Unique ID indicating which driver got assigned to do the operation. Since driver contexts are driver-specific, swapping drivers halfway through the operation is not supported. ID values are auto-generated in psa_crypto_driver_wrappers.h ID value zero means the context is not valid or not assigned to any driver (i.e. none of the driver contexts are active).

ECDH key exchange

MBEDTLS_ERR_LMS_BAD_INPUT_DATA

lms.h:24

Bad data has been input to an LMS function

mbedtls_config.h:2917

\def MBEDTLS_LMS_PRIVATE Enable LMS private-key operations and signing code. Functions enabled by this option are experimental, and should not be used in production. Requires: MBEDTLS_LMS_C Uncomment to enable the LMS signature algorithm and private key operations. \def MBEDTLS_NIST_KW_C Enable the Key Wrapping mode for 128-bit block ciphers, as defined in NIST SP 800-38F. Only KW and KWP modes are supported. At the moment, only AES is approved by NIST. Module: library/nist_kw.c Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C

MBEDTLS_ERR_X509_ALLOC_FAILED

x509.h:77

MBEDTLS_ERR_SSL_INVALID_MAC

ssl.h:53

MBEDTLS_DECRYPT

cipher.h:201

MBEDTLS_ECP_DP_CURVE25519

ecp.h:112

Domain parameters for Curve25519.

mbedtls_gcm_update

gcm_alt.h:32

mbedtls_ssl_key_export_type

ssl.h:1343

MBEDTLS_KEY_EXCHANGE_RSA_ENABLED

esp_config.h:673

\def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED Enable the RSA-only based ciphersuite modes in SSL / TLS. Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, MBEDTLS_X509_CRT_PARSE_C This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED

esp_config.h:785

\def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA) MBEDTLS_X509_CRT_PARSE_C This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384

MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED

esp_config.h:812

\def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) MBEDTLS_RSA_C MBEDTLS_X509_CRT_PARSE_C This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384

MBEDTLS_CHACHA20_C

mbedtls_config.h:2584

\def MBEDTLS_CHACHA20_C Enable the ChaCha20 stream cipher. Module: library/chacha20.c

mbedtls_sha3_context

sha3.h:50

The SHA-3 context structure. The structure is used SHA-3 checksum calculations.

mbedtls_cmac_context_t

cmac.h:59

The CMAC context structure.

psa_jpake_computation_stage_s

crypto_extra.h:1825

The type of computation stage for J-PAKE operations.

PSA_ALG_GCM

crypto_values.h:1281

The GCM authenticated encryption algorithm. The underlying block cipher is determined by the key type.

MBEDTLS_OID_SIZE

asn1.h:113

name DER constants

MBEDTLS_CTR_DRBG_KEYSIZE

ctr_drbg.h:83

The key size in bytes used by the cipher. Compile-time choice: 32 bytes (256 bits) because \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled.

add_padding

cipher.h:332

Padding functions to use, if relevant for the specific cipher mode.

crypto_builtin_composites.h:80

The Y working value.

premaster secret

TAG(AEAD) len

MBEDTLS_CIPHER_BASE_INDEX_AES

cipher_wrap.c:63

MBEDTLS_LMOTS_I_KEY_ID_LEN

lms.h:34

esp_sha256.c:138

mbedtls_ssl_ticket_key

ssl_ticket.h:47

Information for session ticket protection

The Y working value.

session resume indicator

MBEDTLS_ECP_PF_UNCOMPRESSED

ecp.h:439

The uncompressed point format for Short Weierstrass curves (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX).

MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE

x509.h:45

\name X509 Error codes

mbedtls_gcm_free

gcm_alt.h:28

MBEDTLS_ERR_SSL_WANT_WRITE

ssl.h:138

MBEDTLS_CIPHER_PADDING_PKCS7

sha256_alt.h:48

data block being processed

MBEDTLS_HAVE_TIME_DATE

mbedtls_config.h:152

\def MBEDTLS_HAVE_TIME_DATE System has time.h, time(), and an implementation for mbedtls_platform_gmtime_r() (see below). The time needs to be correct (not necessarily very accurate, but at least the date should be correct). This is used to verify the validity period of X.509 certificates. Comment if your system does not have a correct clock.

esp_config.h:311

\def MBEDTLS_CIPHER_NULL_CIPHER Enable NULL cipher. Warning: Only do so when you know what you are doing. This allows for encryption or channels without any security! To enable the following ciphersuites: MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_RSA_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_WITH_NULL_SHA MBEDTLS_TLS_RSA_WITH_NULL_MD5 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA MBEDTLS_TLS_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_PSK_WITH_NULL_SHA Uncomment this macro to enable the NULL cipher and ciphersuites \def MBEDTLS_CIPHER_PADDING_PKCS7 MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for specific padding modes in the cipher layer with cipher modes that support padding (e.g. CBC) If you disable all padding modes, only full blocks can be used with CBC. Enable padding modes in the cipher layer.

MBEDTLS_ECP_DP_SECP192R1_ENABLED

esp_config.h:435

\def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY Uncomment this macro to use a 128-bit key in the CTR_DRBG module. Without this, CTR_DRBG uses a 256-bit key unless \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set. Enable the verified implementations of ECDH primitives from Project Everest (currently only Curve25519). This feature changes the layout of ECDH contexts and therefore is a compatibility break for applications that access fields of a mbedtls_ecdh_context structure directly. See also MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. The Everest code is provided under the Apache 2.0 license only; therefore enabling this option is not compatible with taking the library under the GPL v2.0-or-later license. \def MBEDTLS_ECP_DP_SECP192R1_ENABLED MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve module. By default all supported curves are enabled. Comment macros to disable the curve and functions for it

MBEDTLS_ECP_DP_SECP224R1_ENABLED

esp_config.h:440

MBEDTLS_ECP_DP_SECP384R1_ENABLED

esp_config.h:450

MBEDTLS_ECP_DP_SECP521R1_ENABLED

esp_config.h:455

MBEDTLS_ECP_DP_SECP192K1_ENABLED

esp_config.h:460

MBEDTLS_ECP_DP_SECP224K1_ENABLED

esp_config.h:465

MBEDTLS_ECP_DP_SECP256K1_ENABLED

esp_config.h:470

MBEDTLS_CTR_DRBG_C

esp_config.h:1935

\def MBEDTLS_CTR_DRBG_C Enable the CTR_DRBG AES-based random generator. The CTR_DRBG generator uses AES-256 by default. To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above. AES support can either be achieved through builtin (MBEDTLS_AES_C) or PSA. Builtin is the default option when MBEDTLS_AES_C is defined otherwise PSA is used. \warning When using PSA, the user should call `psa_crypto_init()` before using any CTR_DRBG operation (except `mbedtls_ctr_drbg_init()`). Module: library/ctr_drbg.c Caller: Requires: MBEDTLS_AES_C or (PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING and MBEDTLS_PSA_CRYPTO_C) This module provides the CTR_DRBG AES random number generator.

MBEDTLS_SHA3_C

mbedtls_config.h:3473

\def MBEDTLS_SHA3_C Enable the SHA3 cryptographic hash algorithm. Module: library/sha3.c This module adds support for SHA3.

The CBC cipher mode.

data block being processed

mbedtls_t_udbl

bignum.h:174

mbedtls_ecdsa_restart_ctx

ecdsa.h:111

mbedtls_poly1305_context

poly1305.h:38

mbedtls_chacha20_context

mbedtls_asn1_bitstring

asn1.h:151

Container for ASN1 bit strings.

MBEDTLS_ERR_RSA_INVALID_PADDING

sha512_alt.h:50

data block being processed

rsa.h:35

PSA_ALG_JPAKE

crypto_extra.h:709

The Password-authenticated key exchange by juggling (J-PAKE) algorithm. This is J-PAKE as defined by RFC 8236, instantiated with the following parameters: - The group can be either an elliptic curve or defined over a finite field. - Schnorr NIZK proof as defined by RFC 8235 and using the same group as the J-PAKE algorithm. - A cryptographic hash function. To select these parameters and set up the cipher suite, call these functions in any order:

 psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE);
 psa_pake_cs_set_primitive(cipher_suite,
                           PSA_PAKE_PRIMITIVE(type, family, bits));
 psa_pake_cs_set_hash(cipher_suite, hash);
 

For more information on how to set a specific curve or field, refer to the documentation of the individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. After initializing a J-PAKE operation, call

 psa_pake_setup(operation, cipher_suite);
 psa_pake_set_user(operation, ...);
 psa_pake_set_peer(operation, ...);
 psa_pake_set_password_key(operation, ...);
 

The password is provided as a key. This can be the password text itself, in an agreed character encoding, or some value derived from the password as required by a higher level protocol. (The implementation converts the key material to a number as described in Section 2.3.8 of _SEC 1: Elliptic Curve Cryptography_ (https://www.secg.org/sec1-v2.pdf), before reducing it modulo \c q. Here \c q is order of the group defined by the primitive set in the cipher suite. The \c psa_pake_set_password_key() function returns an error if the result of the reduction is 0.) The key exchange flow for J-PAKE is as follows: -# To get the first round data that needs to be sent to the peer, call

    // Get g1
    psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
    // Get the ZKP public key for x1
    psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
    // Get the ZKP proof for x1
    psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
    // Get g2
    psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
    // Get the ZKP public key for x2
    psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
    // Get the ZKP proof for x2
    psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
    

-# To provide the first round data received from the peer to the operation, call

    // Set g3
    psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
    // Set the ZKP public key for x3
    psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
    // Set the ZKP proof for x3
    psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
    // Set g4
    psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
    // Set the ZKP public key for x4
    psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
    // Set the ZKP proof for x4
    psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
    

-# To get the second round data that needs to be sent to the peer, call

    // Get A
    psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
    // Get ZKP public key for x2*s
    psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
    // Get ZKP proof for x2*s
    psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
    

-# To provide the second round data received from the peer to the operation, call

    // Set B
    psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
    // Set ZKP public key for x4*s
    psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
    // Set ZKP proof for x4*s
    psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
    

-# To access the shared secret call

    // Get Ka=Kb=K
    psa_pake_get_implicit_key()
    

For more information consult the documentation of the individual \c PSA_PAKE_STEP_XXX constants. At this point there is a cryptographic guarantee that only the authenticated party who used the same password is able to compute the key. But there is no guarantee that the peer is the party it claims to be and was able to do so. That is, the authentication is only implicit (the peer is not authenticated at this point, and no action should be taken that assume that they are - like for example accessing restricted files). To make the authentication explicit there are various methods, see Section 5 of RFC 8236 for two examples.

MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL

ssl.h:133

MBEDTLS_ENTROPY_BLOCK_SIZE

entropy.h:23

Block size of entropy accumulator (SHA-512)

MBEDTLS_ERR_AES_INVALID_KEY_LENGTH

aes.h:44

crypto_builtin_composites.h:58

tls12_prf

crypto_driver_contexts_key_derivation.h:41

MBEDTLS_SSL_INITIAL_HANDSHAKE

ssl_misc.h:60

MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS

Allocate a new context

initialized

psa_crypto.c:116

key_slices

psa_crypto_slot_management.c:185

SHR

esp_sha256.c:157

MBEDTLS_TLS_SRTP_UNSET

ssl.h:1197

MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE

ecp.h:39

MBEDTLS_SSL_SIG_ECDSA

ssl.h:476

MBEDTLS_KEY_EXCHANGE_PSK_ENABLED

mbedtls_config.h:881

\def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED Enable the PSK based ciphersuite modes in SSL / TLS. This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256

MBEDTLS_PKCS12_C

esp_config.h:2419

\def MBEDTLS_PKCS12_C Enable PKCS#12 PBE functions. Adds algorithms for parsing PKCS#8 encrypted private keys Module: library/pkcs12.c Caller: library/pkparse.c Requires: MBEDTLS_ASN1_PARSE_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C. \warning If using a hash that is only provided by PSA drivers, you must call psa_crypto_init() before doing any PKCS12 operations. This module enables PKCS#12 functions.

MBEDTLS_PSA_CRYPTO_STORAGE_C

mbedtls_config.h:3257

\def MBEDTLS_PSA_CRYPTO_SE_C Enable dynamic secure element support in the Platform Security Architecture cryptography API. \deprecated This feature is deprecated. Please switch to the PSA driver interface. \warning This feature is not thread-safe, and should not be used in a multi-threaded environment. Module: library/psa_crypto_se.c Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C \def MBEDTLS_PSA_CRYPTO_STORAGE_C Enable the Platform Security Architecture persistent key storage. Module: library/psa_crypto_storage.c Requires: MBEDTLS_PSA_CRYPTO_C, either MBEDTLS_PSA_ITS_FILE_C or a native implementation of the PSA ITS interface

MBEDTLS_ECP_FIXED_POINT_OPTIM

esp_config.h:524

sha256

crypto_builtin_primitives.h:67

sha512

crypto_builtin_primitives.h:71

mbedtls_pk_rsassa_pss_options

sha1_alt.h:50

pk.h:88

Options for RSASSA-PSS signature verification. See \c mbedtls_rsa_rsassa_pss_verify_ext()

version

x509_crt.h:47

The X.509 version. (1=v1, 2=v2, 3=v3)

x509_crt.h:90

Next certificate in the linked list that constitutes the CA chain. \p NULL indicates the end of the list. Do not modify this field directly.

mbedtls_ms_time_t

platform_time.h:35

PSA_ERROR_DOES_NOT_EXIST

crypto_values.h:110

Asking for an item that doesn't exist Implementations should return this error, if a requested item (like

PSA_ECC_FAMILY_SECP_R1

crypto_values.h:617

SEC random curves over prime fields. This family comprises the following curves: secp192r1, secp224r1, secp256r1, secp384r1, secp521r1. They are defined in _Standards for Efficient Cryptography_, _SEC 2: Recommended Elliptic Curve Domain Parameters_. https://www.secg.org/sec2-v2.pdf

MBEDTLS_ERR_SSL_INVALID_RECORD

The HMAC part of the context.

gcm.h:75

Precalculated HTable.

mbedtls_ssl_hs_buffer

DES context structure \warning DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

mbedtls_rsa_alt_context

pk_wrap.h:99

state

psa_crypto_core.h:85

mbedtls_ssl_srtp_profile

ssl.h:1199

gcm.h:75

Precalculated HTable.

sha512.c:606

MBEDTLS_CMAC_MAX_BLOCK_SIZE

cmac.h:32

The longest block used by CMAC is that of AES.

MBEDTLS_ERR_X509_INVALID_DATE

x509.h:59

MBEDTLS_ERR_X509_BUFFER_TOO_SMALL

x509.h:81

MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE

pk.h:60

MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED

ssl_ciphersuites.h:280

mbedtls_aes_crypt_ecb

aes_alt.h:39

MBEDTLS_ECP_DP_CURVE448_ENABLED

sha256_alt.h:50

mbedtls_config.h:773

MBEDTLS_ENTROPY_C

esp_config.h:2102

\def MBEDTLS_ENTROPY_C Enable the platform-specific entropy code. Module: library/entropy.c Caller: Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C This module provides a generic entropy pool

MBEDTLS_MD5_C

esp_config.h:2218

\def MBEDTLS_MD5_C Enable the MD5 hash algorithm. Module: library/md5.c Caller: library/md.c library/pem.c library/ssl_tls.c This module is required for TLS 1.2 depending on the handshake parameters. Further, it is used for checking MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded encrypted keys. \warning MD5 is considered a weak message digest and its use constitutes a security risk. If possible, we recommend avoiding dependencies on it, and considering stronger message digests instead.

MBEDTLS_RIPEMD160_C

mbedtls_config.h:3280

\def MBEDTLS_RIPEMD160_C Enable the RIPEMD-160 hash algorithm. Module: library/ripemd160.c Caller: library/md.c

MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK

esp_config.h:160

MBEDTLS_PSA_BUILTIN_ALG_CCM

config_adjust_psa_from_legacy.h:37

MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS

config_adjust_psa_from_legacy.h:139

MBEDTLS_MD_CAN_MD5

config_adjust_legacy_crypto.h:165

MBEDTLS_MD_CAN_SHA224

config_adjust_legacy_crypto.h:173

mbedtls_psa_hmac_operation_t

crypto_builtin_composites.h:45

MBEDTLS_MODE_ECB

cipher.h:174

The ECB cipher mode.

mbedtls_cipher_padding_t

cipher.h:190

ecp.h:236

For Short Weierstrass: \p A in the equation. Note that \p A is not set to the authentic value in some cases. Refer to detailed description of ::mbedtls_ecp_group if using domain parameters in the structure. For Montgomery curves: (A + 2) / 4.

mbedtls_x509_crt_restart_ctx

x509_crt.h:306

MBEDTLS_ECP_MONTGOMERY_ENABLED

sha512_alt.h:52

ecp.h:70

MBEDTLS_RSA_PKCS_V21

rsa.h:56

Use PKCS#1 v2.1 encoding.

MBEDTLS_ERR_ASN1_INVALID_LENGTH

asn1.h:41

mbedtls_time

platform_time.h:71

MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER

ssl.h:545

MBEDTLS_CTR_DRBG_SEEDLEN

ctr_drbg.h:92

The seed length, calculated as (counter + AES key).

crypto_builtin_key_derivation.h:76

crypto_struct.h:315

crypto_struct.h:80

Unique ID indicating which driver got assigned to do the operation. Since driver contexts are driver-specific, swapping drivers halfway through the operation is not supported. ID values are auto-generated in psa_driver_wrappers.h. ID value zero means the context is not valid or not assigned to any driver (i.e. the driver context is not active, in use).

crypto_struct.h:105

unprocessed_len

cmac.h:68

The length of data pending processing.

random bytes

MBEDTLS_IS_BIG_ENDIAN

alignment.h:398

MBEDTLS_SSL_SOME_SUITES_USE_MAC

ssl_misc.h:278

mbedtls_cipher_definition_t

cipher_wrap.h:142

MBEDTLS_CIPHER_BASE_INDEX_ARIA

cipher_wrap.c:66

buflen

pem.h:54

MBEDTLS_ERR_LMS_VERIFY_FAILED

lms.h:26

LMS signature verification failed

Check public-private key pair

ctx_free_func

pk_wrap.h:83

Free the given context

var

psa_crypto_core.h:103

DHM key exchange

Retransmission state

MBEDTLS_ECP_DP_BP256R1_ENABLED

esp_config.h:475

MBEDTLS_ECP_DP_BP384R1_ENABLED

esp_config.h:480

MBEDTLS_ECP_DP_BP512R1_ENABLED

esp_config.h:485

MBEDTLS_ECDSA_DETERMINISTIC

esp_config.h:540

\def MBEDTLS_ECP_RESTARTABLE Enable "non-blocking" ECC operations that can return early and be resumed. This allows various functions to pause by returning #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in order to further progress and eventually complete their operation. This is controlled through mbedtls_ecp_set_max_ops() which limits the maximum number of ECC operations a function may perform before pausing; see mbedtls_ecp_set_max_ops() for more information. This is useful in non-threaded environments if you want to avoid blocking for too long on ECC (and, hence, X.509 or SSL/TLS) operations. This option: - Adds xxx_restartable() variants of existing operations in the following modules, with corresponding restart context types: - ECP (for Short Weierstrass curves only): scalar multiplication (mul), linear combination (muladd); - ECDSA: signature generation & verification; - PK: signature generation & verification; - X509: certificate chain verification. - Adds mbedtls_ecdh_enable_restart() in the ECDH module. - Changes the behaviour of TLS 1.2 clients (not servers) when using the ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC computations restartable: - ECDH operations from the key exchange, only for Short Weierstrass curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled. - verification of the server's key exchange signature; - verification of the server's certificate chain; - generation of the client's signature if client authentication is used, with an ECC key/certificate. Requires: MBEDTLS_ECP_C Uncomment this macro to enable restartable ECC computations. Uncomment to enable using new bignum code in the ECC modules. \warning This is currently experimental, incomplete and therefore should not be used in production. \def MBEDTLS_ECDSA_DETERMINISTIC Enable deterministic ECDSA (RFC 6979). Standard ECDSA is "fragile" in the sense that lack of entropy when signing may result in a compromise of the long-term signing key. This is avoided by the deterministic variant. Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C Comment this macro to disable deterministic ECDSA.

MBEDTLS_ASN1_WRITE_C

esp_config.h:1736

\def MBEDTLS_ASN1_WRITE_C Enable the generic ASN1 writer. Module: library/asn1write.c Caller: library/ecdsa.c library/pkwrite.c library/x509_create.c library/x509write_crt.c library/x509write_csr.c

MBEDTLS_PKCS5_C

esp_config.h:2380

\def MBEDTLS_PKCS5_C Enable PKCS#5 functions. Module: library/pkcs5.c Auto-enables: MBEDTLS_MD_C \warning If using a hash that is only provided by PSA drivers, you must call psa_crypto_init() before doing any PKCS5 operations. This module adds support for the PKCS#5 functions.

MBEDTLS_X509_USE_C

esp_config.h:2724

\def MBEDTLS_X509_USE_C Enable X.509 core for using certificates. Module: library/x509.c Caller: library/x509_crl.c library/x509_crt.c library/x509_csr.c Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO) \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call psa_crypto_init() before doing any X.509 operation. This module is required for the X.509 parsing modules.

MBEDTLS_SSL_IN_CONTENT_LEN

esp_config.h:2886

\def MBEDTLS_SSL_IN_CONTENT_LEN Maximum incoming fragment length in bytes. Uncomment to set the size of the inward TLS buffer independently of the outward buffer.

MBEDTLS_PSA_BUILTIN_ALG_GCM

config_adjust_psa_from_legacy.h:113

MBEDTLS_SSL_HAVE_AES

config_adjust_legacy_crypto.h:439

psa_key_persistence_t

crypto_types.h:219

Encoding of key persistence levels. What distinguishes different persistence levels is what device management events may cause keys to be destroyed. _Volatile_ keys are destroyed by a power reset. Persistent keys may be destroyed by events such as a transfer of ownership or a factory reset. What management events actually affect persistent keys at different levels is outside the scope of the PSA Cryptography specification. The PSA Cryptography specification defines the following values of persistence levels: - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key. A volatile key is automatically destroyed by the implementation when the application instance terminates. In particular, a volatile key is automatically destroyed on a power reset of the device. - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT: persistent key with a default lifetime. - \c 2-254: currently not supported by Mbed TLS. - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY: read-only or write-once key. A key with this persistence level cannot be destroyed. Mbed TLS does not currently offer a way to create such keys, but integrations of Mbed TLS can use it for built-in keys that the application cannot modify (for example, a hardware unique key (HUK)).

MBEDTLS_MODE_CCM

cipher.h:181

The CCM cipher mode.

mbedtls_pk_debug_item

pk.h:197

Item to send to the debug module

MBEDTLS_KEY_EXCHANGE_ECJPAKE

ssl_ciphersuites.h:269

MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED

x509.h:293

The SAN type, value of MBEDTLS_X509_SAN_XXX.

error.h:105

PSA_KEY_TYPE_IS_ECC

crypto_values.h:574

PSA_EXPORT_PUBLIC_KEY_MAX_SIZE

crypto_sizes.h:1017

Sufficient buffer size for exporting any asymmetric public key. This macro expands to a compile-time constant integer. This value is a sufficient buffer size when calling psa_export_key() or psa_export_public_key() to export any asymmetric public key, regardless of the exact key type and key size. See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).

MBEDTLS_ASN1_PRINTABLE_STRING

asn1.h:74

MBEDTLS_SSL_SEQUENCE_NUMBER_LEN

ssl.h:694

rsa.h:109

crypto_struct.h:141

Unique ID indicating which driver got assigned to do the operation. Since driver contexts are driver-specific, swapping drivers halfway through the operation is not supported. ID values are auto-generated in psa_driver_wrappers.h ID value zero means the context is not valid or not assigned to any driver (i.e. none of the driver contexts are active).

accumulator

entropy.h:106

cipher

crypto_builtin_primitives.h:108

ctx

crypto_builtin_primitives.h:106

premaster length

MAC (encryption)

MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM

ssl_misc.h:284

MBEDTLS_SSL_DEBUG_MPI

debug.h:64

mbedtls_nist_kw_context

nist_kw.h:51

The key wrapping context-type definition. The key wrapping context is passed to the APIs called.

MBEDTLS_CT_SIZE_32

constant_time_internal.h:83

mbedtls_block_cipher_context_t

block_cipher.h:52

NULL_OID_DESCRIPTOR

oid.c:34

FN_OID_TYPED_FROM_ASN1

Get key size in bits

Tell if the context implements this type (e.g. ECKEY can do ECDSA)

Make signature

Interface with the debug module

mbedtls_timing_delay_context

timing.h:36

Context for mbedtls_timing_set/get_delay()

ticket protection keys

PSA_WANT_ALG_JPAKE

config_adjust_psa_from_legacy.h:151

MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED

ssl_ciphersuites.h:362

psk

ssl.h:1600

MBEDTLS_CIPHER_ID_AES

The AES cipher.

MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8

ssl_ciphersuites.h:236

experimental

MBEDTLS_PK_RSA_ALT_SUPPORT

esp_config.h:932

\def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES Do not add default entropy sources in mbedtls_entropy_init(). This is useful to have more control over the added entropy sources in an application. Uncomment this macro to prevent loading of default entropy functions. \def MBEDTLS_NO_PLATFORM_ENTROPY Do not use built-in platform entropy functions. This is useful if your platform does not support standards like the /dev/urandom or Windows CryptoAPI. Uncomment this macro to disable the built-in platform entropy functions. \def MBEDTLS_ENTROPY_FORCE_SHA256 Force the entropy accumulator to use a SHA-256 accumulator instead of the default SHA-512 based one (if both are available). Requires: MBEDTLS_SHA256_C On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option if you have performance concerns. This option is only useful if both MBEDTLS_SHA256_C and MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. \def MBEDTLS_ENTROPY_NV_SEED Enable the non-volatile (NV) seed file-based entropy source. (Also enables the NV seed read/write functions in the platform layer) This is crucial (if not required) on systems that do not have a cryptographic entropy source (in hardware or kernel) available. Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C \def MBEDTLS_MEMORY_DEBUG Enable debugging of buffer allocator memory issues. Automatically prints (to stderr) all (fatal) messages on memory allocation issues. Enables function for 'debug output' of allocated memory. Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C Uncomment this macro to let the buffer allocator print out error messages. \def MBEDTLS_MEMORY_BACKTRACE Include backtrace information with each allocated block. Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C GLIBC-compatible backtrace() and backtrace_symbols() support Uncomment this macro to include backtrace information \def MBEDTLS_PK_RSA_ALT_SUPPORT Support external private RSA keys (eg from a HSM) in the PK layer. Comment this macro to disable support for external private RSA keys.

MBEDTLS_OID_C

esp_config.h:2262

\def MBEDTLS_OID_C Enable the OID database. Module: library/oid.c Caller: library/asn1write.c library/pkcs5.c library/pkparse.c library/pkwrite.c library/rsa.c library/x509.c library/x509_create.c library/x509_crl.c library/x509_crt.c library/x509_csr.c library/x509write_crt.c library/x509write_csr.c This modules translates between OIDs and internal values.

MBEDTLS_PK_PARSE_C

esp_config.h:2353

\def MBEDTLS_PK_PARSE_C Enable the generic public (asymmetric) key parser. Module: library/pkparse.c Caller: library/x509_crt.c library/x509_csr.c Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_C Uncomment to enable generic public key parse functions.

MBEDTLS_X509_CREATE_C

esp_config.h:2790

\def MBEDTLS_X509_CREATE_C Enable X.509 core for creating certificates. Module: library/x509_create.c Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO) \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call psa_crypto_init() before doing any X.509 create operation. This module is the basis for creating X.509 certificates and CSRs.

MBEDTLS_CIPHER_AES_128_CCM

cipher.h:123

AES cipher with 128-bit CCM mode.

MBEDTLS_CIPHER_ARIA_128_CBC

cipher.h:138

Aria cipher with 128-bit key and CBC mode.

MBEDTLS_CIPHER_ARIA_256_CBC

cipher.h:140

Aria cipher with 256-bit key and CBC mode.

psa_key_production_parameters_s

crypto_struct.h:252

Custom parameters for key generation or key derivation. This is a structure type with at least the following fields: - \c flags: an unsigned integer type. 0 for the default production parameters. - \c data: a flexible array of bytes. The interpretation of this structure depend on the type of the created key. - #PSA_KEY_TYPE_RSA_KEY_PAIR: - \c flags: must be 0. - \c data: the public exponent, in little-endian order. This must be an odd integer and must not be 1. Implementations must support 65537, should support 3 and may support other values. When not using a driver, Mbed TLS supports values up to \c INT_MAX. If this is empty or if the custom production parameters are omitted altogether, the default value 65537 is used. - Other key types: reserved for future use. \c flags must be 0.

mbedtls_x509_san_other_name

x509.h:261

From RFC 5280 section 4.2.1.6: OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } Future versions of the library may add new fields to this structure or to its embedded union and structure.

psa_jpake_io_mode

crypto_extra.h:1820

MBEDTLS_PK_RSASSA_PSS

pk.h:80

mbedtls_x509_crt_verify_chain

x509_crt.h:263

Verification chain as built by \c mbedtls_crt_verify_chain()

mbedtls_key_exchange_type_t

ssl_ciphersuites.h:257

MBEDTLS_RSA_PKCS_V15

rsa.h:55

Use PKCS#1 v1.5 encoding.

PSA_ERROR_DATA_INVALID

crypto_values.h:329

Data read from storage is not valid for the implementation. This error indicates that some data read from storage does not have a valid format. It does not indicate the following situations, which have specific error codes: - When the storage or stored data is corrupted - use #PSA_ERROR_DATA_CORRUPT - When the storage fails for other reasons - use #PSA_ERROR_STORAGE_FAILURE - An invalid argument to the API - use #PSA_ERROR_INVALID_ARGUMENT This error is typically a result of either storage corruption on a cleartext storage backend, or an attempt to read data that was written by an incompatible version of the library.

PSA_KEY_TYPE_IS_KEY_PAIR

crypto_values.h:400

Whether a key type is a key pair containing a private part and a public

PSA_ALG_FULL_LENGTH_MAC

crypto_values.h:1085

Macro to build the base MAC algorithm corresponding to a truncated MAC algorithm.

PSA_HASH_MAX_SIZE

crypto_sizes.h:142

MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED

ssl_ciphersuites.h:310

MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED

ssl_ciphersuites.h:330

MBEDTLS_ASN1_INTEGER

asn1.h:65

MBEDTLS_TLS1_3_MD_MAX_SIZE

crypto_builtin_composites.h:59

Fixed part of IV (AEAD)

buf

ssl_misc.h:1232

MBEDTLS_GET_UINT24_BE

alignment.h:557

Get the unsigned 24 bits integer corresponding to three bytes in big-endian order (MSB first).

MBEDTLS_SSL_CHK_BUF_READ_PTR

ssl_misc.h:565

This macro checks if the remaining length in an input buffer is greater or equal than a needed length. If it is not the case, it returns #MBEDTLS_ERR_SSL_DECODE_ERROR error and pends a #MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR alert message. This is a function-like macro. It is guaranteed to evaluate each argument exactly once.

MBEDTLS_ERR_PKCS5_INVALID_FORMAT

pkcs5.h:28

MBEDTLS_CT_FALSE

constant_time_internal.h:86

MBEDTLS_BYTES_TO_T_UINT_2

bn_mul.h:44

mbedtls_lmots_algorithm_type_t

lms.h:83

otstype

lms.h:164

MBEDTLS_LMS_M_NODE_BYTES

Verify signature

psa_key_creation_method_t

crypto_se_driver.h:806

dhm.h:109

MBEDTLS_ERR_DHM_BAD_INPUT_DATA

dhm.h:62

KEY_SLOT_VOLATILE_SLICE_COUNT

psa_crypto_slot_management.c:95

buffer_offset

crypto_builtin_composites.h:200

ssl_misc.h:1259

message, including handshake headers

chosen_dtls_srtp_profile

ssl.h:1203

The SRTP profile that was negotiated.

MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL

bignum.h:30

MBEDTLS_ERR_MPI_ALLOC_FAILED

bignum.h:38

MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG

\def MBEDTLS_CMAC_C Enable the CMAC (Cipher-based Message Authentication Code) mode for block ciphers. Module: library/cmac.c Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C

MBEDTLS_ECP_DP_SECP384R1

ecp.h:107

Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1.

MBEDTLS_CIPHER_NONE

cipher.h:85

Placeholder to mark the end of cipher-pair lists.

MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED

mbedtls_config.h:1864

\def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED Enable TLS 1.3 ephemeral key exchange mode. Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH MBEDTLS_X509_CRT_PARSE_C and at least one of: MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA) MBEDTLS_PKCS1_V21 Comment to disable support for the ephemeral key exchange mode in TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any effect on the build.

MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE

mbedtls_config.h:1998

\def MBEDTLS_SSL_DTLS_SRTP Enable support for negotiation of DTLS-SRTP (RFC 5764) through the use_srtp extension. Setting this option enables the runtime API mbedtls_ssl_conf_dtls_srtp_protection_profiles() through which the supported DTLS-SRTP protection profiles can be configured. You must call this API at runtime if you wish to negotiate the use of DTLS-SRTP. Requires: MBEDTLS_SSL_PROTO_DTLS Uncomment this to enable support for use_srtp extension. \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE Enable server-side support for clients that reconnect from the same port. Some clients unexpectedly close the connection and try to reconnect using the same source port. This needs special support from the server to handle the new connection securely, as described in section 4.2.8 of RFC 6347. This flag enables that support. Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY Comment this to disable support for clients reusing the source port.

MBEDTLS_LMS_C

mbedtls_config.h:2892

\def MBEDTLS_LMS_C Enable the LMS stateful-hash asymmetric signature algorithm. Module: library/lms.c Caller: Requires: MBEDTLS_PSA_CRYPTO_C Uncomment to enable the LMS verification algorithm and public key operations.

MBEDTLS_PSA_BUILTIN_ALG_CMAC

config_adjust_psa_from_legacy.h:46

MBEDTLS_PSA_BUILTIN_ALG_HMAC

config_adjust_psa_from_legacy.h:132

MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF

config_adjust_psa_from_legacy.h:137

key

esp_aes.h:45

esp_aes_gcm.h:32

MBEDTLS_CIPHER_AES_128_GCM

cipher.h:99

AES cipher with 128-bit GCM mode.

MBEDTLS_CIPHER_AES_256_GCM

cipher.h:101

AES cipher with 256-bit GCM mode.

MBEDTLS_CIPHER_AES_256_CCM

cipher.h:125

AES cipher with 256-bit CCM mode.

MBEDTLS_CIPHER_ARIA_128_GCM

cipher.h:147

Aria cipher with 128-bit key and GCM mode.

MBEDTLS_CIPHER_ARIA_256_GCM

cipher.h:149

Aria cipher with 256-bit key and GCM mode.

The CFB cipher mode.

The CTR cipher mode.

MBEDTLS_MODE_CCM_STAR_NO_TAG

cipher.h:182

The CCM*-no-tag cipher mode.

MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS

ecp.h:129

MBEDTLS_ECP_TYPE_MONTGOMERY

Date.

Time.

mbedtls_platform_context

platform.h:440

The platform context structure.

psa_pake_primitive_t

crypto_extra.h:762

Encoding of the primitive associated with the PAKE. For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro.

valid_from

x509_crt.h:57

Start time of certificate validity.

valid_to

x509_crt.h:58

End time of certificate validity.

mbedtls_ecdh_side

ecdh.h:59

x509_crl.h:91

Next element in the linked list of CRL. \p NULL indicates the end of the list. Do not modify this field directly.

PSA_KEY_TYPE_IS_PUBLIC_KEY

crypto_values.h:396

PSA_ALG_CATEGORY_MASK

crypto_values.h:783

PSA_KEY_LIFETIME_IS_VOLATILE

crypto_values.h:2364

Whether a key lifetime indicates that the key is volatile. A volatile key is automatically destroyed by the implementation when the application instance terminates. In particular, a volatile key is automatically destroyed on a power reset of the device. A key that is not volatile is persistent. Persistent keys are preserved until the application explicitly destroys them or until an implementation-specific device management event occurs (for example, a factory reset).

PSA_VENDOR_ECC_MAX_CURVE_BITS

crypto_sizes.h:245

MBEDTLS_CIPHERSUITE_SHORT_TAG

ssl_ciphersuites.h:437

Short authentication tag, eg for CCM_8

MBEDTLS_OID_CMP

asn1.h:121

Compares an mbedtls_asn1_buf structure to a reference OID. Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a 'unsigned char *oid' here!

MBEDTLS_X509_RFC5280_UTC_TIME_LEN

x509_crt.h:140

MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE

crypto_builtin_primitives.h:53

unprocessed_data

cipher.h:337

Buffer for input that has not been processed yet.

cmac_ctx

cipher.h:354

CMAC-specific context.

ccm

crypto_builtin_composites.h:90

md_type

ecjpake.h:61

other_secret_length

crypto_builtin_key_derivation.h:86

encryption context

MBEDTLS_PUT_UINT64_BE

alignment.h:636

Put in memory a 64 bits unsigned integer in big-endian order.

MBEDTLS_STATIC_TESTABLE

common.h:48

MBEDTLS_DES_KEY_SIZE

des.h:31

MBEDTLS_BYTES_TO_T_UINT_4

bn_mul.h:38

ctx_alloc_func

cipher_wrap.h:135

Allocate a new context

info

cipher_wrap.h:144

NB_CMAC_TESTS_PER_KEY

cmac.c:442

hmac_drbg.h:78

V in the spec

MBEDTLS_LMOTS_Q_LEAF_ID_LEN

Block length of the digest function in bytes

Decrypt message

psa_crypto_core.h:151

occupied

psa_crypto_core.h:123

mbedtls_psa_random_context_t

psa_crypto_random_impl.h:68

x509_attr_descriptor_t

x509_create.c:25

MBEDTLS_PSA_BUILTIN_ALG_JPAKE

config_adjust_psa_from_legacy.h:150

dtls_srtp_profile_list

ssl.h:1641

ordered list of supported srtp profile

dtls_srtp_profile_list_len

ssl.h:1643

number of supported profiles

ecjpake_cache

ssl_misc.h:800

Cache for ClientHello ext

ssl_misc.h:866

HelloVerifyRequest cookie for DTLS HelloRetryRequest cookie for TLS 1.3

in_msg_seq

ssl_misc.h:894

Incoming handshake sequence number

mki_len

ssl.h:1205

The length of mki_value.

Unaligned data buffer. This buffer can hold 32 extra Bytes, which can be used for one of the following purposes: Alignment if VIA padlock is used. Simplifying key expansion in the 256-bit case by generating an extra round key.

sha512_put_uint64_be

sha512.c:218

mbedtls_gcm_crypt_and_tag

gcm_alt.h:35

MBEDTLS_TLS_SIG_NONE

ssl_misc.h:353

MBEDTLS_ERR_PK_ALLOC_FAILED

pk.h:36

MBEDTLS_ERR_PK_UNKNOWN_PK_ALG

pk.h:48

mbedtls_gcm_starts

gcm_alt.h:30

MBEDTLS_ECP_DP_SECP521R1

ecp.h:108

Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1.

ecp.h:241

For Short Weierstrass: \p B in the equation. For Montgomery curves: unused.

MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0

ecdh.h:73

The default Mbed TLS implementation

MBEDTLS_SSL_HASH_SHA256

ssl.h:470

MBEDTLS_SSL_HASH_SHA384

ssl.h:471

MBEDTLS_SSL_HANDSHAKE_OVER

ssl.h:731

MBEDTLS_SSL_CONTEXT_SERIALIZATION

mbedtls_config.h:1652

\def MBEDTLS_SSL_ASYNC_PRIVATE Enable asynchronous external private key operations in SSL. This allows you to configure an SSL connection to call an external cryptographic module to perform private key operations instead of performing the operation inside the library. Requires: MBEDTLS_X509_CRT_PARSE_C \def MBEDTLS_SSL_CONTEXT_SERIALIZATION Enable serialization of the TLS context structures, through use of the functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load(). This pair of functions allows one side of a connection to serialize the context associated with the connection, then free or re-use that context while the serialized state is persisted elsewhere, and finally deserialize that state to a live context for resuming read/write operations on the connection. From a protocol perspective, the state of the connection is unaffected, in particular this is entirely transparent to the peer. Note: this is distinct from TLS session resumption, which is part of the protocol and fully visible by the peer. TLS session resumption enables establishing new connections associated to a saved session with shorter, lighter handshakes, while context serialization is a local optimization in handling a single, potentially long-lived connection. Enabling these APIs makes some SSL structures larger, as 64 extra bytes are saved after the handshake to allow for more efficient serialization, so if you don't need this feature you'll save RAM by disabling it. Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C Comment to disable the context serialization APIs.

MBEDTLS_AESNI_C

esp_config.h:1629

\def MBEDTLS_AESNI_C Enable AES-NI support on x86-64 or x86-32. Module: library/aesni.c Caller: library/aes.c Requires: MBEDTLS_HAVE_ASM (on some platforms, see note) This modules adds support for the AES-NI instructions on x86.

MBEDTLS_ECDH_C

esp_config.h:2022

\def MBEDTLS_ECDH_C Enable the elliptic curve Diffie-Hellman library. Module: library/ecdh.c Caller: library/psa_crypto.c library/ssl_tls.c library/ssl*_client.c library/ssl*_server.c This module is used by the following key exchanges: ECDHE-ECDSA, ECDHE-RSA, DHE-PSK Requires: MBEDTLS_ECP_C

MBEDTLS_PLATFORM_MEMORY

esp_config.h:128

\def MBEDTLS_PLATFORM_MEMORY Enable the memory allocation layer. By default mbed TLS uses the system-provided calloc() and free(). This allows different allocators (self-implemented or provided) to be provided to the platform abstraction layer. Enabling MBEDTLS_PLATFORM_MEMORY without the MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and free() function pointer at runtime. Enabling MBEDTLS_PLATFORM_MEMORY and specifying MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the alternate function at compile time. Requires: MBEDTLS_PLATFORM_C Enable this layer to allow use of alternative memory allocators.

MBEDTLS_CONFIG_FILES_READ

build_info.h:149

PSA_WANT_ALG_CCM

config_adjust_psa_from_legacy.h:38

PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY

config_adjust_psa_from_legacy.h:84

BASIC -> corresponding PUBLIC

MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS

config_adjust_psa_from_legacy.h:244

crypto_driver_contexts_composites.h:125

psa_tls12_ecjpake_to_pms_t

crypto_builtin_key_derivation.h:48

esp_aes_gcm.h:33

Precalculated HTable low.

esp_aes_gcm.h:34

Precalculated HTable high.

hash_ctx

crypto_builtin_composites.h:49

The hash context.

mbedtls_x509_crt_verify_chain_item

x509_crt.h:250

Item in a verification chain: cert and flags for it

hardware_module_name

x509.h:275

From RFC 4108 section 5: HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING }

CRL version (1=v1, 2=v2)

PSA_ERROR_STORAGE_FAILURE

crypto_values.h:194

There was a storage failure that may have led to data loss. This error indicates that some persistent storage is corrupted. It should not be used for a corruption of volatile memory (use #PSA_ERROR_CORRUPTION_DETECTED), for a communication error between the cryptoprocessor and its external storage (use #PSA_ERROR_COMMUNICATION_FAILURE), or when the storage is in a valid state but is full (use #PSA_ERROR_INSUFFICIENT_STORAGE). Note that a storage failure does not indicate that any data that was previously read is invalid. However this previously read data may no longer be readable from storage. When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data may or may not fail even if the data is still readable but its integrity cannot be guaranteed. Implementations should only use this error code to report a permanent storage corruption. However application writers should keep in mind that transient errors while reading the storage may be

PSA_KEY_TYPE_RSA_KEY_PAIR

crypto_values.h:542

RSA key pair (private and public key). The size of an RSA key is the bit size of the modulus.

PSA_KEY_TYPE_ECC_GET_FAMILY

In a hash-and-sign algorithm policy, allow any hash algorithm. This value may be used to form the algorithm usage field of a policy for a signature algorithm that is parametrized by a hash. The key may then be used to perform operations using the same signature algorithm parametrized with any supported hash. That is, suppose that `PSA_xxx_SIGNATURE` is one of the following macros: - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS, #PSA_ALG_RSA_PSS_ANY_SALT, - #PSA_ALG_ECDSA, #PSA_ALG_DETERMINISTIC_ECDSA. Then you may create and use a key as follows: - Set the key usage field using #PSA_ALG_ANY_HASH, for example: ``` psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); // or VERIFY psa_set_key_algorithm(&attributes, PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH)); ``` - Import or generate key material. - Call psa_sign_hash() or psa_verify_hash(), passing an algorithm built from `PSA_xxx_SIGNATURE` and a specific hash. Each call to sign or verify a message may use a different hash. ``` psa_sign_hash(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...); psa_sign_hash(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...); psa_sign_hash(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...); ``` This value may not be used to build other algorithms that are parametrized over a hash. For any valid use of this macro to build an algorithm \c alg, #PSA_ALG_IS_HASH_AND_SIGN(\c alg) is true. This value may not be used to build an algorithm specification to perform an operation. It is only valid to build policies.

PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG

crypto_values.h:1033

PSA_ALG_CMAC

crypto_values.h:1139

PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG

crypto_values.h:1307

PSA_ALG_IS_SIGN_HASH

crypto_values.h:1686

Whether the specified algorithm is a signature algorithm that can be used with psa_sign_hash() and psa_verify_hash(). This encompasses all strict hash-and-sign algorithms categorized by PSA_ALG_IS_HASH_AND_SIGN(), as well as algorithms that follow the paradigm more loosely: - #PSA_ALG_RSA_PKCS1V15_SIGN_RAW (expects its input to be an encoded hash) - #PSA_ALG_ECDSA_ANY (doesn't specify what kind of hash the input is)

PSA_ALG_SIGN_GET_HASH

crypto_values.h:1753

Get the hash used by a hash-and-sign signature algorithm. A hash-and-sign algorithm is a signature algorithm which is composed of two phases: first a hashing phase which does not use the key and produces a hash of the input message, then a signing phase which only uses the hash and the key and not the message itself.

PSA_KEY_USAGE_ENCRYPT

crypto_values.h:2573

Whether the key may be used to encrypt a message. This flag allows the key to be used for a symmetric encryption operation, for an AEAD encryption-and-authentication operation, or for an asymmetric encryption operation, if otherwise permitted by the key's type and policy. For a key pair, this concerns the public key.

PSA_KEY_USAGE_VERIFY_MESSAGE

crypto_values.h:2604

Whether the key may be used to verify a message. This flag allows the key to be used for a MAC verification operation or for an asymmetric message signature verification operation, if otherwise permitted by the key’s type and policy. For a key pair, this concerns the public key.

PSA_EXPORT_KEY_PAIR_MAX_SIZE

crypto_sizes.h:984

Sufficient buffer size for exporting any asymmetric key pair. This macro expands to a compile-time constant integer. This value is a sufficient buffer size when calling psa_export_key() to export any asymmetric key pair, regardless of the exact key type and key size. See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).

MBEDTLS_PSA_BUILTIN_CIPHER

crypto_builtin_primitives.h:98

mbedtls_gcm_update_ad

gcm_alt.h:31

MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED

ssl_ciphersuites.h:323

MBEDTLS_ERR_ASN1_ALLOC_FAILED

asn1.h:47

MBEDTLS_CTR_DRBG_MAX_SEED_INPUT

ctr_drbg.h:142

The maximum size of seed or reseed buffer in bytes.

MBEDTLS_ERR_OID_NOT_FOUND

oid.h:28

MBEDTLS_OID_PKCS1

oid.h:221

pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }

ecp.h:257

gcm

crypto_builtin_composites.h:93

The counter buffer

use NewSessionTicket?

Cumulative size of heap allocated buffers used for message buffering.

MAC (decryption)

MBEDTLS_STATIC_ASSERT

common.h:361

MBEDTLS_ASSUME

common.h:389

MBEDTLS_SSL_DEBUG_ECDH

Set key for encryption purposes

setkey_dec_func

cipher_wrap.h:130

Set key for decryption purposes

ctx_free_func

cipher_wrap.h:138

Free the given context

MBEDTLS_LMOTS_TYPE_LEN

Digest identifier

Public key type

Encrypt message

psa_persistent_key_storage_format

psa_crypto_storage.c:225

Callback for getting (pseudo-)random numbers

mbedtls_dtls_srtp_info_t

ssl.h:1201

f_cookie_write

ssl.h:1529

Callback to create & write a cookie for ClientHello verification

f_cookie_check

ssl.h:1532

Callback to verify validity of a ClientHello cookie

Current value of timeout

flight

ssl_misc.h:897

Current outgoing flight

psk

ssl_misc.h:816

PSK from the callback

MBEDTLS_ECP_DP_BP256R1

ecp.h:109

Domain parameters for 256-bit Brainpool curve.

MBEDTLS_ECP_DP_BP384R1

ecp.h:110

Domain parameters for 384-bit Brainpool curve.

MBEDTLS_ECP_DP_BP512R1

ecp.h:111

Domain parameters for 512-bit Brainpool curve.

MBEDTLS_SSL_CLIENT_HELLO

ssl.h:705

MBEDTLS_ASN1_BIT_STRING

asn1.h:66

MBEDTLS_ECP_MAX_BYTES

ecp.h:354

MBEDTLS_CIPHER_AES_128_ECB

cipher.h:87

AES cipher with 128-bit ECB mode.

MBEDTLS_ERR_SSL_TIMEOUT

ssl.h:140

MBEDTLS_SSL_COOKIE_C

esp_config.h:2598

\def MBEDTLS_SSL_COOKIE_C Enable basic implementation of DTLS cookies for hello verification. Module: library/ssl_cookie.c Caller:

ESP_MBEDTLS_SHA256_HARDWARE

sha256_alt.h:38

MBEDTLS_ECJPAKE_C

mbedtls_config.h:2778

\def MBEDTLS_ECJPAKE_C Enable the elliptic curve J-PAKE library. Module: library/ecjpake.c Caller: This module is used by the following key exchanges: ECJPAKE Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C \warning If using a hash that is only provided by PSA drivers, you must call psa_crypto_init() before doing any EC J-PAKE operations.

MBEDTLS_HMAC_DRBG_C

esp_config.h:2170

\def MBEDTLS_HMAC_DRBG_C Enable the HMAC_DRBG random generator. Module: library/hmac_drbg.c Caller: Requires: MBEDTLS_MD_C Uncomment to enable the HMAC_DRBG random number generator.

MBEDTLS_X509_CRL_PARSE_C

esp_config.h:2755

\def MBEDTLS_X509_CRL_PARSE_C Enable X.509 CRL parsing. Module: library/x509_crl.c Caller: library/x509_crt.c Requires: MBEDTLS_X509_USE_C This module is required for X.509 CRL parsing.

MBEDTLS_GCM_ALT

esp_config.h:157

MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP

config_adjust_psa_from_legacy.h:168

MBEDTLS_PSA_BUILTIN_ALG_SHA_256

config_adjust_psa_from_legacy.h:198

MBEDTLS_SSL_HAVE_CCM

config_adjust_legacy_crypto.h:463

ESP_MBEDTLS_SHA1_HARDWARE

The parsed subject data (named information object).

MBEDTLS_KEY_EXCHANGE_DHE_PSK

ssl_ciphersuites.h:264

len

asn1.h:152

ASN1 length, in octets.

MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC

ssl.h:716

mbedtls_ssl_user_data_t

ESP_MBEDTLS_SHA512_HARDWARE

sha512_alt.h:40

MBEDTLS_ECP_BUDGET

ecp.h:413

MBEDTLS_ERR_RSA_VERIFY_FAILED

rsa.h:45

PSA_ERROR_NOT_PERMITTED

crypto_values.h:86

The requested action is denied by a policy. Implementations should return this error code when the parameters are recognized as valid and supported, and a policy explicitly denies the requested operation. If a subset of the parameters of a function call identify a forbidden operation, and another subset of the parameters are not valid or not supported, it is unspecified whether the function returns #PSA_ERROR_NOT_PERMITTED, #PSA_ERROR_NOT_SUPPORTED or

PSA_ERROR_INVALID_HANDLE

crypto_values.h:289

The key identifier is not valid. See also :ref:\`key-handles\`.

PSA_ECC_FAMILY_BRAINPOOL_P_R1

crypto_values.h:667

Brainpool P random curves. This family comprises the following curves: brainpoolP160r1, brainpoolP192r1, brainpoolP224r1, brainpoolP256r1, brainpoolP320r1, brainpoolP384r1, brainpoolP512r1. It is defined in RFC 5639.

PSA_BLOCK_CIPHER_BLOCK_LENGTH

crypto_values.h:764

The block size of a block cipher. \warning This macro may evaluate its argument multiple times.

PSA_ALG_IS_AEAD

crypto_values.h:842

Whether the specified algorithm is an authenticated encryption with associated data (AEAD) algorithm.

MBEDTLS_SVC_KEY_ID_INIT

crypto_values.h:2438

PSA_KEY_USAGE_DECRYPT

crypto_values.h:2584

Whether the key may be used to decrypt a message. This flag allows the key to be used for a symmetric decryption operation, for an AEAD decryption-and-verification operation, or for an asymmetric decryption operation, if otherwise permitted by the key's type and policy. For a key pair, this concerns the private key.

PSA_KEY_USAGE_SIGN_MESSAGE

crypto_values.h:2594

Whether the key may be used to sign a message. This flag allows the key to be used for a MAC calculation operation or for an asymmetric message signature operation, if otherwise permitted by the key’s type and policy. For a key pair, this concerns the private key.

PSA_KEY_USAGE_SIGN_HASH

crypto_values.h:2614

Whether the key may be used to sign a message. This flag allows the key to be used for a MAC calculation operation or for an asymmetric signature operation, if otherwise permitted by the key's type and policy. For a key pair, this concerns the private key.

PSA_KEY_USAGE_VERIFY_HASH

crypto_values.h:2624

Whether the key may be used to verify a message signature. This flag allows the key to be used for a MAC verification operation or for an asymmetric signature verification operation, if otherwise permitted by the key's type and policy. For a key pair, this concerns the public key.

PSA_HASH_LENGTH

crypto_sizes.h:60

The size of the output of psa_hash_finish(), in bytes. This is also the hash size that psa_hash_verify() expects.

PSA_VENDOR_RSA_MAX_KEY_BITS

crypto_sizes.h:212

PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS

crypto_extra.h:421

MBEDTLS_PK_SIGNATURE_MAX_SIZE

pk.h:122

Maximum size of a signature made by mbedtls_pk_sign().

MBEDTLS_ASN1_NULL

asn1.h:68

MBEDTLS_ASN1_IA5_STRING

asn1.h:76

MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED

ssl.h:70

MBEDTLS_ERR_SSL_EARLY_MESSAGE

ssl.h:154

MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC

ssl.h:523

MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH

aes.h:46

MBEDTLS_OID_RSA_COMPANY

oid.h:72

cipher.h:344

Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number for XTS-mode.

crypto_builtin_composites.h:203

Unprocessed data - either data that was not block aligned and is still pending processing, or the final block.

TLS version negotiated in the session. Used if and when renegotiating or resuming a session instead of the configured minor TLS version.

ciphersuite_list

ssl.h:1486

Allowed ciphersuites for (D)TLS 1.2 (0-terminated)

List of TLS IDs of supported elliptic curves

MBEDTLS_ASN1_CHK_CLEANUP_ADD

asn1write.h:26

MBEDTLS_SSL_OUT_BUFFER_LEN

ssl_misc.h:400

ARIA_SELF_TEST_ASSERT

aria.c:796

asn1_get_sequence_of_cb_ctx_t

Encrypt using CBC

mbedtls_lms_algorithm_type_t

lms.h:75

mbedtls_lms_parameters_t

lms.h:161

LMS parameters structure. This contains the metadata associated with an LMS key, detailing the algorithm type, the type of the underlying OTS algorithm, and the key ID.

MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO

pkcs7.h:53

The PKCS #7 content info is invalid or cannot be parsed.

crypto_se_driver.h:1278

A structure containing pointers to all the entry points of a secure element driver. Future versions of this specification may add extra substructures at the end of this structure.

rng

psa_crypto.c:118

dhm.h:103

KEY_SLOT_CACHE_SLICE_INDEX

psa_crypto_slot_management.c:97

psa_its_file_header_t

psa_its_file.c:56

esp_sha512.c:166

ssl_serialized_session_header

ssl_tls.c:4171

cur_msg_p

ssl_misc.h:899

Position in current message

jpake

crypto_builtin_composites.h:206

ssl_misc.h:1262

next handshake message(s)

MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED

ssl_ciphersuites.h:393

sha512.c:299

MBEDTLS_CIPHER_AES_192_ECB

cipher.h:88

AES cipher with 192-bit ECB mode.

grp_id

ecp.h:141

An internal identifier.

MBEDTLS_ENTROPY_HARDWARE_ALT

esp_config.h:253

\def MBEDTLS_ENTROPY_HARDWARE_ALT Uncomment this macro to let mbed TLS use your own implementation of a hardware entropy collector. Your function must be called \c mbedtls_hardware_poll(), have the same prototype as declared in entropy_poll.h, and accept NULL as first argument. Uncomment to use your own hardware entropy collector.

MBEDTLS_ERR_PK_PASSWORD_MISMATCH

pk.h:52

MBEDTLS_ERR_PK_INVALID_PUBKEY

pk.h:54

MBEDTLS_ERR_ENTROPY_SOURCE_FAILED

entropy.h:38

MBEDTLS_SSL_VERIFY_REQUIRED

ssl.h:298

MBEDTLS_HAVE_ASM

mbedtls_config.h:52

\def MBEDTLS_HAVE_ASM The compiler has support for asm(). Requires support for asm() in compiler. Used in: library/aesni.h library/aria.c library/bn_mul.h library/constant_time.c library/padlock.h Required by: MBEDTLS_AESCE_C MBEDTLS_AESNI_C (on some platforms) MBEDTLS_PADLOCK_C Comment to disable the use of assembly code.

MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED

mbedtls_config.h:1878

\def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED Enable TLS 1.3 PSK ephemeral key exchange mode. Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH Comment to disable support for the PSK ephemeral key exchange mode in TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any effect on the build.

MBEDTLS_AESCE_C

mbedtls_config.h:2296

\def MBEDTLS_AESCE_C Enable AES cryptographic extension support on Armv8. Module: library/aesce.c Caller: library/aes.c Requires: MBEDTLS_AES_C \warning Runtime detection only works on Linux. For non-Linux operating system, Armv8-A Cryptographic Extensions must be supported by the CPU when this option is enabled. This module adds support for the AES Armv8-A Cryptographic Extensions on Armv8 systems.

MBEDTLS_BASE64_C

esp_config.h:1748

\def MBEDTLS_BASE64_C Enable the Base64 module. Module: library/base64.c Caller: library/pem.c This module is required for PEM support (required by X.509).

MBEDTLS_HKDF_C

mbedtls_config.h:2864

\def MBEDTLS_GCM_LARGE_TABLE Enable large pre-computed tables for Galois/Counter Mode (GCM). Can significantly increase throughput on systems without GCM hardware acceleration (e.g., AESNI, AESCE). The mbedtls_gcm_context size will increase by 3840 bytes. The code size will increase by roughly 344 bytes. Module: library/gcm.c Requires: MBEDTLS_GCM_C \def MBEDTLS_HKDF_C Enable the HKDF algorithm (RFC 5869). Module: library/hkdf.c Caller: Requires: MBEDTLS_MD_C This module adds support for the Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF).

MBEDTLS_NET_C

mbedtls_config.h:3006

\def MBEDTLS_MEMORY_BUFFER_ALLOC_C Enable the buffer allocator implementation that makes use of a (stack) based buffer to 'allocate' dynamic memory. (replaces calloc() and free() calls) Module: library/memory_buffer_alloc.c Requires: MBEDTLS_PLATFORM_C MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS) Enable this module to enable the buffer memory allocator. \def MBEDTLS_NET_C Enable the TCP and UDP over IPv6/IPv4 networking routines. Module: library/net_sockets.c This module provides networking routines.

PSA_WANT_ALG_ECDH

config_adjust_psa_from_legacy.h:52

PSA_WANT_ALG_GCM

config_adjust_psa_from_legacy.h:114

MBEDTLS_PSA_BUILTIN_ALG_MD5

config_adjust_psa_from_legacy.h:144

MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT

config_adjust_psa_from_legacy.h:161

MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS

config_adjust_psa_from_legacy.h:170

PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC

config_adjust_psa_from_legacy.h:180

MBEDTLS_PSA_BUILTIN_ALG_SHA_1

config_adjust_psa_from_legacy.h:188

MBEDTLS_PSA_BUILTIN_ALG_SHA_224

config_adjust_psa_from_legacy.h:193

MBEDTLS_PSA_BUILTIN_ALG_SHA_384

config_adjust_psa_from_legacy.h:203

MBEDTLS_PSA_BUILTIN_ALG_SHA_512

config_adjust_psa_from_legacy.h:208

PSA_WANT_KEY_TYPE_AES

config_adjust_psa_from_legacy.h:224

MBEDTLS_MD_LIGHT

config_adjust_legacy_crypto.h:70

MBEDTLS_CCM_GCM_CAN_AES

config_adjust_legacy_crypto.h:271

MBEDTLS_ECP_LIGHT

config_adjust_legacy_crypto.h:304

MBEDTLS_PK_CAN_ECDSA_SIGN

config_adjust_legacy_crypto.h:337

md5

crypto_builtin_primitives.h:57

sha1

crypto_builtin_primitives.h:63

GHASH value.

The OFB cipher mode.

esp_mbedtls_sha1_mode

sha1_alt.h:37

MBEDTLS_ECP_DP_SECP192R1

ecp.h:104

Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1.

MBEDTLS_ECP_DP_SECP256K1

ecp.h:115

Domain parameters for 256-bit "Koblitz" curve.

psa_key_bits_t

crypto_struct.h:284

mbedtls_chachapoly_mode_t

chachapoly.h:38

tbs

x509_crt.h:45

The raw certificate body (DER). The part that is To Be Signed.

revocation_date

x509_crl.h:45

The revocation date of this entry.

x509_crl.h:56

Next element in the linked list of entries. \p NULL indicates the end of the list. Do not modify this field directly.

MBEDTLS_ERR_ECP_VERIFY_FAILED

x509_crl.h:65

The raw certificate data (DER).

ecp.h:41

MBEDTLS_ERR_ECP_RANDOM_FAILED

ecp.h:45

MBEDTLS_ERR_RSA_RNG_FAILED

rsa.h:49

PSA_ERROR_GENERIC_ERROR

crypto_values.h:64

An error occurred that does not correspond to any defined failure cause. Implementations may use this error code if none of the other standard

PSA_KEY_TYPE_CATEGORY_MASK

crypto_values.h:367

PSA_KEY_TYPE_IS_RSA

crypto_values.h:544

PSA_ECC_FAMILY_SECP_K1

crypto_values.h:607

SEC Koblitz curves over prime fields. This family comprises the following curves: secp192k1, secp224k1, secp256k1. They are defined in _Standards for Efficient Cryptography_, _SEC 2: Recommended Elliptic Curve Domain Parameters_. https://www.secg.org/sec2-v2.pdf

PSA_KEY_TYPE_IS_DH

crypto_values.h:718

PSA_ALG_CATEGORY_HASH

crypto_values.h:784

PSA_ALG_IS_HASH

crypto_values.h:808

Whether the specified algorithm is a hash algorithm.

PSA_ALG_NONE

crypto_values.h:911

An invalid algorithm identifier value.

Whether the specified algorithm is an HMAC algorithm. HMAC is a family of MAC algorithms that are based on a hash function.

PSA_KEY_DERIVATION_INPUT_SECRET

crypto_values.h:2679

A secret input for key derivation. This should be a key of type #PSA_KEY_TYPE_DERIVE (passed to psa_key_derivation_input_key()) or the shared secret resulting from a key agreement (obtained via psa_key_derivation_key_agreement()). The secret can also be a direct input (passed to key_derivation_input_bytes()). In this case, the derivation operation may not be used to derive keys: the operation will only allow psa_key_derivation_output_bytes(), psa_key_derivation_verify_bytes(), or psa_key_derivation_verify_key(), but not psa_key_derivation_output_key().

PSA_BYTES_TO_BITS

crypto_sizes.h:41

PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE

crypto_sizes.h:1075

Maximum size of the output from psa_raw_key_agreement(). This macro expands to a compile-time constant integer. This value is the maximum size of the output any raw key agreement algorithm, in bytes. See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits).

MBEDTLS_PSA_BUILTIN_HASH

crypto_builtin_primitives.h:49

MBEDTLS_CIPHER_MODE_WITH_PADDING

cipher.h:29

MBEDTLS_ERR_CIPHER_INVALID_PADDING

cipher.h:44

MBEDTLS_ERR_CIPHER_AUTH_FAILED

cipher.h:48

MBEDTLS_PSA_BUILTIN_MAC

crypto_builtin_composites.h:41

MBEDTLS_PSA_BUILTIN_AEAD

crypto_builtin_composites.h:75

MBEDTLS_X509_SAN_DNS_NAME

x509.h:129

MBEDTLS_X509_SAN_DIRECTORY_NAME

x509.h:131

MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER

x509.h:133

MBEDTLS_X509_SAN_IP_ADDRESS

x509.h:134

MBEDTLS_ERR_SSL_BAD_CERTIFICATE

ssl.h:84

MBEDTLS_ERR_SSL_UNEXPECTED_RECORD

ssl.h:144

MBEDTLS_ERR_SSL_CONTINUE_PROCESSING

ssl.h:150

MBEDTLS_SSL_LEGACY_RENEGOTIATION

ssl.h:301

MBEDTLS_SSL_SECURE_RENEGOTIATION

ssl.h:302

MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR

ssl.h:553

MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR

ctr_drbg.h:71

MBEDTLS_ERR_BASE64_INVALID_CHARACTER

id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}

role

ecjpake.h:63

password

crypto_builtin_composites.h:194

nonce_set

crypto_struct.h:177

secret

crypto_builtin_key_derivation.h:78

seed

crypto_builtin_key_derivation.h:80

label

crypto_builtin_key_derivation.h:82

other_secret

crypto_builtin_key_derivation.h:85

decryption context

MBEDTLS_SSL_MODE_CBC_ETM

ssl_misc.h:2765

MBEDTLS_SSL_RENEGOTIATION_PENDING

ssl_misc.h:63

MBEDTLS_SSL_SOME_SUITES_USE_CBC

MBEDTLS_CIPHER_BASE_INDEX_CCM_AES

cipher_wrap.c:72

MBEDTLS_CIPHER_BASE_INDEX_CCM_ARIA

MBEDTLS_ERR_PKCS7_INVALID_FORMAT

pkcs7.h:50

The format is invalid, e.g. different type expected.

MBEDTLS_LMOTS_SIG_TYPE_OFFSET

lmots.h:32

PUBLIC_KEY_I_KEY_ID_OFFSET

PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED

psa_crypto.c:106

mbedtls_dhm_parameter

TICKET_KEY_NAME_BYTES

The raw CSR data (DER).

CHECK_OVERFLOW_ADD

x509write.c:31

MBEDTLS_PSA_BUILTIN_PAKE

config_adjust_psa_from_legacy.h:149

The mki_value used, with max size of 256 bytes.

psk_len

ssl_misc.h:817

Length of PSK from callback

cipher_ctx

gcm.h:73

MBEDTLS_SSL_SERVER_HELLO

ssl.h:706

MBEDTLS_GCM_ENCRYPT

gcm.h:33

mbedtls_gcm_auth_decrypt

gcm_alt.h:34

MBEDTLS_ERR_PK_FILE_IO_ERROR

pk.h:42

MBEDTLS_SSL_HASH_SHA1

ssl.h:468

MBEDTLS_SSL_HASH_SHA512

ssl.h:472

mbedtls_aes_setkey_dec

aes_alt.h:38

mbedtls_aes_crypt_ctr

aes_alt.h:48

MBEDTLS_SSL_TRANSPORT_STREAM

ssl.h:265

TLS

is224

sha256_alt.h:49

0 => SHA-256, else SHA-224

MBEDTLS_GENPRIME

esp_config.h:897

\def MBEDTLS_GENPRIME Enable the prime-number generation code. Requires: MBEDTLS_BIGNUM_C

MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT

mbedtls_config.h:1611

\def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT Defines whether RFC 9146 (default) or the legacy version (version draft-ietf-tls-dtls-connection-id-05, https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) is used. Set the value to 0 for the standard version, and 1 for the legacy draft version. \deprecated Support for the legacy version of the DTLS Connection ID feature is deprecated. Please switch to the standardized version defined in RFC 9146 enabled by utilizing MBEDTLS_SSL_DTLS_CONNECTION_ID without use of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID

MBEDTLS_ERROR_C

esp_config.h:2115

\def MBEDTLS_ERROR_C Enable error code to error string conversion. Module: library/error.c Caller: This module enables mbedtls_strerror().

MBEDTLS_PADLOCK_C

esp_config.h:2276

\def MBEDTLS_PADLOCK_C Enable VIA Padlock support on x86. Module: library/padlock.c Caller: library/aes.c Requires: MBEDTLS_HAVE_ASM This modules adds support for the VIA PadLock on x86.

MBEDTLS_PK_WRITE_C

esp_config.h:2367

\def MBEDTLS_PK_WRITE_C Enable the generic public (asymmetric) key writer. Module: library/pkwrite.c Caller: library/x509write.c Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_OID_C, MBEDTLS_PK_C Uncomment to enable generic public key write functions.

MBEDTLS_PKCS7_C

esp_config.h:2401

\def MBEDTLS_PKCS7_C Enable PKCS #7 core for using PKCS #7-formatted signatures. RFC Link - https://tools.ietf.org/html/rfc2315 Module: library/pkcs7.c Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_MD_C This module is required for the PKCS #7 parsing modules.

MBEDTLS_POLY1305_C

mbedtls_config.h:3209

\def MBEDTLS_POLY1305_C Enable the Poly1305 MAC algorithm. Module: library/poly1305.c Caller: library/chachapoly.c

MBEDTLS_PSA_ITS_FILE_C

mbedtls_config.h:3269

\def MBEDTLS_PSA_ITS_FILE_C Enable the emulation of the Platform Security Architecture Internal Trusted Storage (PSA ITS) over files. Module: library/psa_its_file.c Requires: MBEDTLS_FS_IO

MBEDTLS_SSL_TICKET_C

esp_config.h:2612

\def MBEDTLS_SSL_TICKET_C Enable an implementation of TLS server-side callbacks for session tickets. Module: library/ssl_ticket.c Caller: Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) && (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)

MBEDTLS_VERSION_C

esp_config.h:2707

\def MBEDTLS_VERSION_C Enable run-time version information. Module: library/version.c This module provides run-time version information.

MBEDTLS_X509_CSR_PARSE_C

esp_config.h:2773

\def MBEDTLS_X509_CSR_PARSE_C Enable X.509 Certificate Signing Request (CSR) parsing. Module: library/x509_csr.c Caller: library/x509_crt_write.c Requires: MBEDTLS_X509_USE_C This module is used for reading X.509 certificate request.

MBEDTLS_X509_CRT_WRITE_C

esp_config.h:2803

\def MBEDTLS_X509_CRT_WRITE_C Enable creating X.509 certificates. Module: library/x509_crt_write.c Requires: MBEDTLS_X509_CREATE_C This module is required for X.509 certificate creation.

MBEDTLS_X509_CSR_WRITE_C

esp_config.h:2839

\def MBEDTLS_X509_CSR_WRITE_C Enable creating X.509 Certificate Signing Requests (CSR). Module: library/x509_csr_write.c Requires: MBEDTLS_X509_CREATE_C This module is required for X.509 certificate request writing.

MBEDTLS_PLATFORM_STD_CALLOC

esp_config.h:133

MBEDTLS_PLATFORM_STD_FREE

esp_config.h:134

MBEDTLS_AES_ALT

esp_config.h:151

\name SECTION: mbed TLS feature support This section sets support for features that are or are not needed within the modules that are enabled.

MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN

config_adjust_psa_from_legacy.h:163

MBEDTLS_ECP_HAVE_SECP384R1

config_adjust_legacy_crypto.h:376

MBEDTLS_ECP_HAVE_SECP256R1

config_adjust_legacy_crypto.h:385

MBEDTLS_PSA_UTIL_HAVE_ECDSA

config_adjust_legacy_crypto.h:433

mbedtls_sha3_id

sha3.h:37

crypto_driver_contexts_composites.h:116

crypt

esp_aes.h:53

The AES context to use for AES block encryption or decryption.

aes_ctx

esp_aes_gcm.h:42

MBEDTLS_CIPHER_ID_ARIA

cipher.h:73

The Aria cipher.

crypto_driver_contexts_primitives.h:89

crypto_driver_contexts_primitives.h:97

MBEDTLS_ECP_DP_SECP224R1

ecp.h:105

Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1.

MBEDTLS_ECP_DP_SECP192K1

ecp.h:113

Domain parameters for 192-bit "Koblitz" curve.

mbedtls_ecp_curve_type

ecp.h:127

MBEDTLS_ECJPAKE_CLIENT

ecjpake.h:43

Client

MBEDTLS_ECJPAKE_SERVER

ecjpake.h:44

Server

mbedtls_psa_stats_s

crypto_extra.h:221

Statistics about resource consumption related to the PSA keystore.

mbedtls_x509_authority

Signature algorithm, e.g. sha1RSA

issuer

x509_crt.h:54

The parsed issuer data (named information object).

mbedtls_pk_restart_ctx

pk.h:277

MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC

ssl.h:714

MBEDTLS_SSL_HANDSHAKE_WRAPUP

ssl.h:719

sig_oid

x509_crl.h:69

CRL signature type identifier

is384

sha512_alt.h:51

0 => SHA-512, else SHA-384

psa_encrypt_or_decrypt_t

crypto_driver_common.h:39

MBEDTLS_ERR_MPI_NEGATIVE_VALUE

bignum.h:32

MBEDTLS_ECP_WINDOW_SIZE

ecp.h:291

The maximum window size used.

MBEDTLS_ECP_PF_COMPRESSED

ecp.h:450

The compressed point format for Short Weierstrass curves (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX). \warning While this format is supported for all concerned curves for writing, when it comes to parsing, it is not supported for all curves. Specifically, parsing compressed points on MBEDTLS_ECP_DP_SECP224R1 and MBEDTLS_ECP_DP_SECP224K1 is not supported.

MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE

rsa.h:47

MBEDTLS_RSA_SALT_LEN_ANY

rsa.h:61

PSA_ERROR_INSUFFICIENT_ENTROPY

crypto_values.h:250

There is not enough entropy to generate random data needed for the requested action. This error indicates a failure of a hardware random generator. Application writers should note that this error can be returned not only by functions whose purpose is to generate random data, such as key, IV or nonce generation, but also by functions that execute an algorithm with a randomized result, as well as functions that use randomization of intermediate computations as a countermeasure to certain attacks. Implementations should avoid returning this error after psa_crypto_init() has succeeded. Implementations should generate sufficient entropy during initialization and subsequently use a cryptographically secure pseudorandom generator (PRNG). However implementations may return this error at any time if a policy requires the PRNG to be reseeded

PSA_KEY_TYPE_NONE

crypto_values.h:356

An invalid key type value. Zero is not the encoding of any key type.

PSA_KEY_TYPE_RSA_PUBLIC_KEY

crypto_values.h:537

RSA public key. The size of an RSA key is the bit size of the modulus.

PSA_ECC_FAMILY_MONTGOMERY

crypto_values.h:679

Curve25519 and Curve448. This family comprises the following Montgomery curves: - 255-bit: Bernstein et al., _Curve25519: new Diffie-Hellman speed records_, LNCS 3958, 2006. The algorithm #PSA_ALG_ECDH performs X25519 when used with this curve. - 448-bit: Hamburg, _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015. The algorithm #PSA_ALG_ECDH performs X448 when used with this curve.

PSA_ALG_IS_MAC

crypto_values.h:819

Whether the specified algorithm is a MAC algorithm.

PSA_ALG_IS_KEY_AGREEMENT

crypto_values.h:877

Whether the specified algorithm is a key agreement algorithm.

PSA_ALG_AEAD_GET_TAG_LENGTH

crypto_values.h:1343

Retrieve the tag length of a specified AEAD algorithm

PSA_ALG_IS_RSA_PKCS1V15_SIGN

crypto_values.h:1419

PSA_ALG_IS_RSA_PSS

crypto_values.h:1508

Whether the specified algorithm is RSA PSS. This includes any of the RSA PSS algorithm variants, regardless of the constraints on salt length.

PSA_ALG_IS_RSA_OAEP

crypto_values.h:1786

PSA_ALG_TLS12_ECJPAKE_TO_PMS

crypto_values.h:2069

PSA_KEY_ID_VENDOR_MIN

crypto_values.h:2430

The minimum value for a key identifier chosen by the implementation.

PSA_KEY_USAGE_DERIVE

crypto_values.h:2638

Whether the key may be used to derive other keys or produce a password hash. This flag allows the key to be used for a key derivation operation or for a key agreement operation, if otherwise permitted by the key's type and policy. If this flag is present on all keys used in calls to psa_key_derivation_input_key() for a key derivation operation, then it permits calling psa_key_derivation_output_bytes() or psa_key_derivation_output_key() at the end of the operation.

PSA_VENDOR_FFDH_MAX_KEY_BITS

crypto_sizes.h:239

PSA_MAC_LENGTH

crypto_sizes.h:328

The size of the output of psa_mac_sign_finish(), in bytes. This is also the MAC size that psa_mac_verify_finish() expects. \warning This macro may evaluate its arguments multiple times or zero times, so you should not pass arguments that contain side effects.

PSA_SIGNATURE_MAX_SIZE

crypto_sizes.h:661

\def PSA_SIGNATURE_MAX_SIZE Maximum size of an asymmetric signature. This macro expands to a compile-time constant integer. This value is the maximum size of a signature in bytes.

MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED

cipher.h:46

MBEDTLS_GCM_HTABLE_SIZE

gcm.h:62

PSA_PAKE_STEP_KEY_SHARE

crypto_extra.h:876

The key share being sent to or received from the peer. The format for both input and output at this step is the same as for public keys on the group determined by the primitive (::psa_pake_primitive_t) would be. For more information on the format, consult the documentation of psa_export_public_key(). For information regarding how the group is determined, consult the documentation #PSA_PAKE_PRIMITIVE.

MBEDTLS_ERR_PK_BUFFER_TOO_SMALL

MBEDTLS_X509_BADCERT_BAD_KEY

x509.h:107

The certificate is signed with an unacceptable key (eg bad curve, RSA too short).

MBEDTLS_ERR_SSL_BAD_CONFIG

ssl.h:168

MBEDTLS_SSL_MSG_APPLICATION_DATA

ssl.h:526

MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT

ssl.h:541

MBEDTLS_SSL_HS_HELLO_REQUEST

ssl.h:564

MBEDTLS_SSL_HS_CLIENT_HELLO

ssl.h:565

MBEDTLS_CTR_DRBG_MAX_INPUT

ctr_drbg.h:132

The maximum number of additional input Bytes.

MBEDTLS_OID_ISO_IDENTIFIED_ORG

oid.h:63

MBEDTLS_OID_KP

oid.h:198

id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }

MBEDTLS_OID_PKCS7

oid.h:223

pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 }

rsa.h:103

opad

crypto_builtin_composites.h:51

The HMAC part of the context.

cmac

crypto_builtin_composites.h:65

crypto_builtin_composites.h:192

crypto_builtin_key_derivation.h:71

The entropy callback function.

block_size

cipher.h:271

The block size, in bytes.

crypto_builtin_primitives.h:103

iv_length

crypto_builtin_primitives.h:104

The internal state of the CMAC algorithm.

the master secret

allow_legacy_renegotiation

authmode from SNI callback

min. ciphertext length

IV (encryption)

next key/cert pair

MBEDTLS_SSL_MAX_BUFFERED_HS

ssl_misc.h:328

MBEDTLS_SSL_PEND_FATAL_ALERT

ssl_misc.h:1856

mbedtls_nist_kw_mode_t

nist_kw.h:35

MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE

ARIA decryption.

MBEDTLS_ERR_ARIA_BAD_INPUT_DATA

mbedtls_cipher_definitions

cipher_wrap.c:2252

MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA

cipher_wrap.h:35

MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA

cipher_wrap.h:45

f_entropy

hmac_drbg.h:88

entropy function

mbedtls_mpi_mod_ext_rep

mbedtls_pkcs7_signed_data

pkcs7.h:123

Structure holding the signed data section

MBEDTLS_ERR_PEM_INVALID_DATA

pem.h:27

MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA

pkcs12.h:22

MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO

pkcs7.h:57

Error parsing the signer's info

MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA

Input invalid.

Type name

psa_crypto_random_impl.h:69

entropy_free

psa_crypto_random_impl.h:70

first_free_slot_index

psa_crypto_slot_management.c:186

policy

psa_crypto_storage.c:231

Lifetime of the key in seconds. This is also the lifetime of the tickets created under that key.

TICKET_AUTH_TAG_BYTES

config_adjust_psa_from_legacy.h:93

dtls_srtp_mki_support

Length of cached data

cur_msg

ssl_misc.h:898

Current message in flight

role

crypto_builtin_composites.h:197

length of p

MBEDTLS_CIPHER_AES_256_ECB

cipher.h:89

AES cipher with 256-bit ECB mode.

MBEDTLS_NO_PLATFORM_ENTROPY

esp_config.h:922

\def MBEDTLS_NO_PLATFORM_ENTROPY Do not use built-in platform entropy functions. This is useful if your platform does not support standards like the /dev/urandom or Windows CryptoAPI. Uncomment this macro to disable the built-in platform entropy functions.

MBEDTLS_ERR_PK_PASSWORD_REQUIRED

pk.h:50

MBEDTLS_ERR_PK_INVALID_ALG

pk.h:56

MBEDTLS_ERR_PK_SIG_LEN_MISMATCH

pk.h:62

MBEDTLS_ERR_X509_INVALID_VERSION

x509.h:51

MBEDTLS_ERR_X509_UNKNOWN_VERSION

x509.h:65

MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG

x509.h:67

MBEDTLS_ERR_X509_CERT_VERIFY_FAILED

x509.h:71

MBEDTLS_ERR_X509_FATAL_ERROR

x509.h:83

MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED

ctr_drbg.h:65

MBEDTLS_CIPHER_AES_192_CBC

cipher.h:91

AES cipher with 192-bit CBC mode.

MBEDTLS_GCM_DECRYPT

gcm.h:34

mbedtls_aes_crypt_cbc

aes_alt.h:41

MBEDTLS_PADDING_NONE

cipher.h:195

Never pad (full blocks only).

MBEDTLS_SSL_VERIFY_NONE

ssl.h:296

MBEDTLS_SSL_PRESET_DEFAULT

ssl.h:327

MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED

mbedtls_config.h:1846

\def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED Enable TLS 1.3 PSK key exchange mode. Comment to disable support for the PSK key exchange mode in TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any effect on the build.

MBEDTLS_TIMING_C

mbedtls_config.h:3654

\def MBEDTLS_THREADING_C Enable the threading abstraction layer. By default Mbed TLS assumes it is used in a non-threaded environment or that contexts are not shared between threads. If you do intend to use contexts between threads, you will need to enable this layer to prevent race conditions. See also our Knowledge Base article about threading: https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading Module: library/threading.c This allows different threading implementations (self-implemented or provided). You will have to enable either MBEDTLS_THREADING_ALT or MBEDTLS_THREADING_PTHREAD. Enable this layer to allow use of mutexes within Mbed TLS \def MBEDTLS_TIMING_C Enable the semi-portable timing interface. Module: library/timing.c

MBEDTLS_MD5_ALT

esp_config.h:189

MBEDTLS_MPI_EXP_MOD_ALT

esp_config.h:204

PSA_WANT_ECC_SECP_R1_521

config_adjust_psa_superset_legacy.h:129

MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT

config_adjust_psa_from_legacy.h:179

MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY

config_adjust_psa_from_legacy.h:183

PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY

config_adjust_psa_from_legacy.h:184

MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING

config_adjust_psa_from_legacy.h:274

MBEDTLS_MD_SOME_LEGACY

config_adjust_legacy_crypto.h:166

MBEDTLS_CAN_ECDH

config_adjust_legacy_crypto.h:328

MBEDTLS_PK_CAN_ECDSA_VERIFY

config_adjust_legacy_crypto.h:338

MBEDTLS_ECP_HAVE_CURVE25519

config_adjust_legacy_crypto.h:388

MBEDTLS_SSL_HAVE_AEAD

config_adjust_legacy_crypto.h:473

psa_driver_mac_context_t

crypto_driver_contexts_composites.h:114

psa_driver_aead_context_t

crypto_driver_contexts_composites.h:123

psa_driver_sign_hash_interruptible_context_t

crypto_driver_contexts_composites.h:131

psa_driver_verify_hash_interruptible_context_t

crypto_driver_contexts_composites.h:136

psa_driver_pake_context_t

crypto_driver_contexts_composites.h:141

crypto_driver_contexts_composites.h:143

psa_tls12_prf_key_derivation_state_t

crypto_builtin_key_derivation.h:55

psa_driver_key_derivation_context_t

crypto_driver_contexts_key_derivation.h:32

tweak

esp_aes.h:55

The AES context used for tweak computation.

esp_aes_gcm.h:30

Initial hash value

iv_len

esp_aes_gcm.h:37

The length of IV.

psa_driver_hash_context_t

crypto_driver_contexts_primitives.h:87

psa_driver_cipher_context_t

crypto_driver_contexts_primitives.h:95

MBEDTLS_ECP_DP_CURVE448

ecp.h:116

Domain parameters for Curve448.

The expected length of the salt, in bytes. This may be #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.

mbedtls_pk_debug_type

pk.h:187

serial

x509_crt.h:48

Unique id for certificate issued by a specific CA.

issuer_raw

x509_crt.h:51

The raw issuer data (DER). Used for quick comparison.

subject_raw

x509_crt.h:52

The raw subject data (DER). Used for quick comparison.

mbedtls_x509_crt_ext_cb_t

x509_crt.h:402

The type of certificate extension callbacks. Callbacks of this type are passed to and used by the mbedtls_x509_crt_parse_der_with_ext_cb() routine when it encounters either an unsupported extension or a "certificate policies" extension containing any unsupported certificate policies. Future versions of the library may invoke the callback in other cases, if and when the need arises.

MBEDTLS_SSL_HELLO_REQUEST

ssl.h:704

mbedtls_ssl_send_t

ssl.h:769

Callback type: send data on the network.

mbedtls_ssl_recv_t

ssl.h:793

Callback type: receive data from the network.

mbedtls_ssl_recv_timeout_t

ssl.h:819

Callback type: receive data from the network, with timeout

mbedtls_ssl_set_timer_t

ssl.h:845

Callback type: set a pair of timers/delays to watch

mbedtls_ssl_get_timer_t

ssl.h:860

Callback type: get status of timers/delays

mbedtls_ssl_cache_get_t

ssl.h:914

Callback type: server-side session cache getter The session cache is logically a key value store, with keys being session IDs and values being instances of mbedtls_ssl_session. This callback retrieves an entry in this key-value store.

mbedtls_ssl_cache_set_t

ssl.h:936

Callback type: server-side session cache setter The session cache is logically a key value store, with keys being session IDs and values being instances of mbedtls_ssl_session. This callback sets an entry in this key-value store.

mbedtls_ssl_export_keys_t

ssl.h:1370

Callback type: Export key alongside random values for session identification, and PRF for implementation of TLS key exporters.

The named value.

The serial number of the revoked certificate.

tbs

x509_crl.h:66

The raw certificate body (DER). The part that is To Be Signed.

mbedtls_entropy_source_state

entropy.h:93

Entropy source state

MBEDTLS_HAVE_INT32

bignum.h:168

MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE

md.h:24

MBEDTLS_ERR_MD_ALLOC_FAILED

md.h:28

PSA_KEY_TYPE_DERIVE

crypto_values.h:454

A secret for key derivation. This key type is for high-entropy secrets only. For low-entropy secrets, #PSA_KEY_TYPE_PASSWORD should be used instead. These keys can be used as the #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD input of key derivation algorithms. The key policy determines which key derivation algorithm the key can be used for.

PSA_KEY_TYPE_IS_ECC_KEY_PAIR

crypto_values.h:578

PSA_ALG_IS_CIPHER

crypto_values.h:830

Whether the specified algorithm is a symmetric cipher algorithm.

PSA_ALG_MAC_TRUNCATION_MASK

crypto_values.h:1024

PSA_MAC_TRUNCATED_LENGTH

crypto_values.h:1100

Length to which a MAC algorithm is truncated.

PSA_ALG_ECB_NO_PADDING

crypto_values.h:1226

The Electronic Code Book (ECB) mode of a block cipher, with no padding. \warning ECB mode does not protect the confidentiality of the encrypted data except in extremely narrow circumstances. It is recommended that applications only use ECB if they need to construct an operating mode that the implementation does not provide. Implementations are encouraged to provide the modes that applications need in preference to supporting direct access to ECB. The underlying block cipher is determined by the key type. This symmetric cipher mode can only be used with messages whose lengths are a multiple of the block size of the chosen block cipher. ECB mode does not accept an initialization vector (IV). When using a multi-part cipher operation with this algorithm, psa_cipher_generate_iv() and psa_cipher_set_iv() must not be called.

PSA_ALG_CBC_NO_PADDING

crypto_values.h:1235

The CBC block cipher chaining mode, with no padding. The underlying block cipher is determined by the key type. This symmetric cipher mode can only be used with messages whose lengths are whole number of blocks for the chosen block cipher.

Whether the specified algorithm is a TLS-1.2 PRF algorithm.

PSA_ALG_IS_TLS12_PSK_TO_MS

crypto_values.h:2052

Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm.

PSA_KEY_ID_VENDOR_MAX

crypto_values.h:2433

The maximum value for a key identifier chosen by the implementation.

MBEDTLS_SVC_KEY_ID_GET_KEY_ID

crypto_values.h:2439

MBEDTLS_CIPHER_MODE_AEAD

cipher.h:25

MBEDTLS_ERR_CIPHER_ALLOC_FAILED

cipher.h:42

PSA_HASH_OPERATION_INIT

crypto_struct.h:87

MBEDTLS_ERR_GCM_AUTH_FAILED

gcm.h:37

PSA_PAKE_OPERATION_STAGE_COMPUTATION

crypto_extra.h:422

MBEDTLS_ASN1_TAG_VALUE_MASK

asn1.h:108

MBEDTLS_X509_BADCERT_NOT_TRUSTED

x509.h:94

The certificate is not correctly signed by the trusted CA.

MBEDTLS_X509_SAN_RFC822_NAME

x509.h:128

MBEDTLS_X509_EXT_KEY_USAGE

x509.h:176

MBEDTLS_X509_EXT_SUBJECT_ALT_NAME

x509.h:179

MBEDTLS_X509_MAX_DN_NAME_SIZE

x509.h:198

Maximum value size of a DN entry

MBEDTLS_ERR_SSL_CONN_EOF

ssl.h:57

MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION

ssl.h:66

MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH

ssl.h:121

MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY

ssl.h:123

MBEDTLS_ERR_SSL_COUNTER_WRAPPING

ssl.h:127

MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO

ssl.h:129

MBEDTLS_SSL_EXTENDED_MS_ENABLED

ssl.h:286

MBEDTLS_SSL_ETM_DISABLED

ssl.h:291

MBEDTLS_SSL_ETM_ENABLED

ssl.h:292

MBEDTLS_SSL_DTLS_MAX_BUFFERING

ssl.h:408

MBEDTLS_SSL_HS_FINISHED

ssl.h:577

MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH

ssl.h:586

MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS

ssl.h:593

MBEDTLS_TLS_EXT_USE_SRTP

ssl.h:596

MBEDTLS_TLS_EXT_ALPN

ssl.h:598

MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC

ssl.h:604

MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET

ssl.h:605

MBEDTLS_TLS_EXT_SESSION_TICKET

ssl.h:609

MBEDTLS_PSK_MAX_LEN

ssl.h:650

MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR

entropy.h:46

MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL

base64.h:18

MBEDTLS_OID_ANSI_X9_62

oid.h:75

MBEDTLS_OID_NIST_ALG

oid.h:112

MBEDTLS_OID_KEY_USAGE

oid.h:153

id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }

MBEDTLS_OID_NS_CERT_TYPE

oid.h:176

MBEDTLS_OID_PKCS

oid.h:220

pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 }

hmac

crypto_builtin_composites.h:62

is_encrypt

crypto_builtin_composites.h:83

crypto_builtin_composites.h:195

The counter (V).

ssl_ciphersuites.h:449

mac

ssl_ciphersuites.h:453

next_merged

asn1.h:196

Merge next item into the current one? This field exists for the sake of Mbed TLS's X.509 certificate parsing code and may change in future versions of the library.

value of the record counters that triggers renegotiation

previous handshake verify data

peer_verify_data

ssl.h:1919

previous handshake verify data

mbedtls_ssl_tls_prf_cb

ssl_misc.h:581

min_tls_version

ssl_misc.h:684

Minimum TLS version to be negotiated. It is set up in the ClientHello writing preparation stage and used throughout the ClientHello writing. Not relevant anymore as soon as the protocol version has been negotiated thus as soon as the ServerHello is received. For a fresh handshake not linked to any previous handshake, it is equal to the configured minimum minor version to be negotiated. When renegotiating or resuming a session, it is equal to the previously negotiated minor version. There is no maximum TLS version field in this handshake context. From the start of the handshake, we need to define a current protocol version for the record layer which we define as the maximum TLS version to be negotiated. The `tls_version` field of the SSL context is used to store this maximum value until it contains the actual negotiated value.

key_cert

ssl_misc.h:827

chosen key/cert pair (server)

sni_ca_chain

ssl_misc.h:830

trusted CAs from SNI callback

IV (decryption)

cert

MBEDTLS_SSL_MODE_STREAM

ssl_misc.h:2763

MBEDTLS_SSL_MODE_AEAD

ssl_misc.h:2766

psa_to_lms_errors

psa_util.c:74

MBEDTLS_PK_HAVE_RFC8410_CURVES

pk_internal.h:118

MBEDTLS_GET_UINT64_BE

alignment.h:621

Get the unsigned 64 bits integer corresponding to eight bytes in big-endian order (MSB first).

MBEDTLS_SSL_PROC_CHK

ssl_misc.h:216

MBEDTLS_SSL_RETRANS_SENDING

ssl_misc.h:245

MBEDTLS_SSL_IN_BUFFER_LEN

ssl_misc.h:391

MBEDTLS_CLIENT_HELLO_RANDOM_LEN

ssl_misc.h:408

MBEDTLS_CT_TRUE

constant_time_internal.h:84

biH

bignum_core.h:81

MBEDTLS_MPI_IS_PUBLIC

bignum_core.h:111

TO_SIGN

bignum.c:372

MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR

MBEDTLS_LMOTS_N_HASH_LEN_MAX

lms.h:31

MBEDTLS_LMS_TYPE_LEN

lms.h:46

MBEDTLS_ERR_PEM_PASSWORD_MISMATCH

pem.h:37

MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT

pkcs12.h:26

MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE

pkcs7.h:51

Unavailable feature, e.g. anything other than signed data.

MBEDTLS_ERR_PKCS7_INVALID_ALG

pkcs7.h:54

The algorithm tag or value is invalid or cannot be parsed.

MBEDTLS_ERR_PKCS7_VERIFY_FAIL

pkcs7.h:60

Verification Failed

iv_len_test_data

gcm.c:834

PUBLIC_KEY_TYPE_OFFSET

lmots.c:46

PSA_SLOT_FILLING

psa_crypto_core.h:53

PSA_SLOT_PENDING_DELETION

psa_crypto_core.h:55

length

psa_crypto_core.h:965

mbedtls_psa_crypto_subsystem

psa_crypto.c:98

PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED

psa_crypto.c:107

PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED

psa_crypto.c:108

MBEDTLS_ERR_DHM_INVALID_FORMAT

dhm.h:74

KEY_ID_SLOT_INDEX_WIDTH

psa_crypto_slot_management.c:91

psa_storage_create_flags_t

psa_crypto_its.h:24

Flags used when creating a data entry

random key identifier

tls_id

ssl_tls.c:6253

mbedtls_x509_csr_ext_cb_t

x509_csr.h:123

The type of certificate extension callbacks. Callbacks of this type are passed to and used by the mbedtls_x509_csr_parse_der_with_ext_cb() routine when it encounters either an unsupported extension. Future versions of the library may invoke the callback in other cases, if and when the need arises.

key

x509_csr.h:67

MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY

config_adjust_psa_from_legacy.h:104

Alternative transform for resending messages

alt_out_ctr

ssl_misc.h:904

Alternative record epoch/counter for resending messages

mtu

ssl_misc.h:919

Handshake mtu, used to fragment outgoing messages

MBEDTLS_ERR_PK_KEY_INVALID_VERSION

ssl_misc.h:1261

type of the message: handshake or CCS

f_psk

ssl.h:1522

Callback to retrieve PSK key from identity

Our key.

The key of the peer.

pk.h:44

MBEDTLS_ERR_X509_INVALID_SERIAL

x509.h:53

MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED

ssl.h:131

MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1

MBEDTLS_SSL_HASH_SHA224

ssl.h:469

mbedtls_aes_xts_init

aes_alt.h:55

mbedtls_aes_crypt_xts

aes_alt.h:59

mbedtls_aes_crypt_cfb128

aes_alt.h:44

MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY

ssl.h:80

esp_mbedtls_sha256_mode

sha256_alt.h:36

MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS

esp_config.h:312

MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN

esp_config.h:313

MBEDTLS_CIPHER_PADDING_ZEROS

esp_config.h:314

MBEDTLS_ECP_NIST_OPTIM

esp_config.h:509

\def MBEDTLS_ECP_NIST_OPTIM Enable specific 'modulo p' routines for each NIST prime. Depending on the prime and architecture, makes operations 4 to 8 times faster on the corresponding curve. Comment this macro to disable NIST curves optimisation.

MBEDTLS_PK_PARSE_EC_EXTENDED

esp_config.h:853

\def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED Enable the ECJPAKE based ciphersuite modes in SSL / TLS. \warning This is currently experimental. EC J-PAKE support is based on the Thread v1.0.0 specification; incompatible changes to the specification might still happen. For this reason, this is disabled by default. Requires: MBEDTLS_ECJPAKE_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_JPAKE) SHA-256 (via MBEDTLS_SHA256_C or a PSA driver) MBEDTLS_ECP_DP_SECP256R1_ENABLED \warning If SHA-256 is provided only by a PSA driver, you must call psa_crypto_init() before the first handshake (even if MBEDTLS_USE_PSA_CRYPTO is disabled). This enables the following ciphersuites (if other requisites are enabled as well): MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 \def MBEDTLS_PK_PARSE_EC_EXTENDED Enhance support for reading EC keys using variants of SEC1 not allowed by RFC 5915 and RFC 5480. Currently this means parsing the SpecifiedECDomain choice of EC parameters (only known groups are supported, not arbitrary domains, to avoid validation issues). Disable if you only need to support RFC 5915 + 5480 key formats.

MBEDTLS_PK_PARSE_EC_COMPRESSED

esp_config.h:870

\def MBEDTLS_PK_PARSE_EC_COMPRESSED Enable the support for parsing public keys of type Short Weierstrass (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX) which are using the compressed point format. This parsing is done through ECP module's functions.

MBEDTLS_SSL_ALL_ALERT_MESSAGES

esp_config.h:975

\def MBEDTLS_SHA256_SMALLER Enable an implementation of SHA-256 that has lower ROM footprint but also lower performance. The default implementation is meant to be a reasonable compromise between performance and size. This version optimizes more aggressively for size at the expense of performance. Eg on Cortex-M4 it reduces the size of mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 30%. Uncomment to enable the smaller implementation of SHA256. \def MBEDTLS_SHA512_SMALLER Enable an implementation of SHA-512 that has lower ROM footprint but also lower performance. Uncomment to enable the smaller implementation of SHA512. \def MBEDTLS_SSL_ALL_ALERT_MESSAGES Enable sending of alert messages in case of encountered errors as per RFC. If you choose not to send the alert messages, Mbed TLS can still communicate with other servers, only debugging of failures is harder. The advantage of not sending alert messages, is that no information is given about reasons for failures thus preventing adversaries of gaining intel. Enable sending of all alert messages

MBEDTLS_VERSION_FEATURES

esp_config.h:1594

\def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH When this option is enabled, the SSL buffer will be resized automatically based on the negotiated maximum fragment length in each direction. Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN Enable testing of the constant-flow nature of some sensitive functions with clang's MemorySanitizer. This causes some existing tests to also test this non-functional property of the code under test. This setting requires compiling with clang -fsanitize=memory. The test suites can then be run normally. \warning This macro is only used for extended testing; it is not considered part of the library's API, so it may change or disappear at any time. Uncomment to enable testing of the constant-flow nature of selected code. \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND Enable testing of the constant-flow nature of some sensitive functions with valgrind's memcheck tool. This causes some existing tests to also test this non-functional property of the code under test. This setting requires valgrind headers for building, and is only useful for testing if the tests suites are run with valgrind's memcheck. This can be done for an individual test suite with 'valgrind ./test_suite_xxx', or when using CMake, this can be done for all test suites with 'make memcheck'. \warning This macro is only used for extended testing; it is not considered part of the library's API, so it may change or disappear at any time. Uncomment to enable testing of the constant-flow nature of selected code. \def MBEDTLS_TEST_HOOKS Enable features for invasive testing such as introspection functions and hooks for fault injection. This enables additional unit tests. Merely enabling this feature should not change the behavior of the product. It only adds new code, and new branching points where the default behavior is the same as when this feature is disabled. However, this feature increases the attack surface: there is an added risk of vulnerabilities, and more gadgets that can make exploits easier. Therefore this feature must never be enabled in production. See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more information. Uncomment to enable invasive tests. \def MBEDTLS_THREADING_ALT Provide your own alternate threading implementation. Requires: MBEDTLS_THREADING_C Uncomment this to allow your own alternate threading implementation. \def MBEDTLS_THREADING_PTHREAD Enable the pthread wrapper layer for the threading layer. Requires: MBEDTLS_THREADING_C Uncomment this to enable pthread mutexes. \def MBEDTLS_USE_PSA_CRYPTO Make the X.509 and TLS libraries use PSA for cryptographic operations as much as possible, and enable new APIs for using keys handled by PSA Crypto. \warning If you enable this option, you need to call `psa_crypto_init()` before calling any function from the SSL/TLS, X.509 or PK modules, except for the various mbedtls_xxx_init() functions which can be called at any time. Requires: MBEDTLS_PSA_CRYPTO_C. Uncomment this to enable internal use of PSA Crypto and new associated APIs. \def MBEDTLS_PSA_CRYPTO_CONFIG This setting allows support for cryptographic mechanisms through the PSA API to be configured separately from support through the mbedtls API. When this option is disabled, the PSA API exposes the cryptographic mechanisms that can be implemented on top of the `mbedtls_xxx` API configured with `MBEDTLS_XXX` symbols. When this option is enabled, the PSA API exposes the cryptographic mechanisms requested by the `PSA_WANT_XXX` symbols defined in include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are automatically enabled if required (i.e. if no PSA driver provides the mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols in mbedtls_config.h. If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies an alternative header to include instead of include/psa/crypto_config.h. \warning This option is experimental, in that the set of `PSA_WANT_XXX` symbols is not completely finalized yet, and the configuration tooling is not ideally adapted to having two separate configuration files. Future minor releases of Mbed TLS may make minor changes to those symbols, but we will endeavor to provide a transition path. Nonetheless, this option is considered mature enough to use in production, as long as you accept that you may need to make minor changes to psa/crypto_config.h when upgrading Mbed TLS. \def MBEDTLS_VERSION_FEATURES Allow run-time checking of compile-time enabled features. Thus allowing users to check at run-time if the library is for instance compiled with threading support via mbedtls_version_check_feature(). Requires: MBEDTLS_VERSION_C Comment this to disable run-time checking and save ROM space

MBEDTLS_PLATFORM_MS_TIME_ALT

esp_config.h:64

\def MBEDTLS_PLATFORM_MS_TIME_ALT Define platform specific function to get time since boot up in milliseconds.

MBEDTLS_SSL_MAX_EARLY_DATA_SIZE

esp_config.h:1399

\def MBEDTLS_SSL_EARLY_DATA Enable support for RFC 8446 TLS 1.3 early data. Requires: MBEDTLS_SSL_SESSION_TICKETS and either MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any effect on the build. This feature is experimental, not completed and thus not ready for production. \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE The default maximum amount of 0-RTT data. See the documentation of \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information. It must be positive and smaller than UINT32_MAX. If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not have any impact on the build. This feature is experimental, not completed and thus not ready for production.

MBEDTLS_SSL_CID_IN_LEN_MAX

ssl.h:415

MBEDTLS_SSL_CID_OUT_LEN_MAX

ssl.h:419

MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY

ssl.h:423

PSA_WANT_ECC_SECP_R1_256

config_adjust_psa_superset_legacy.h:117

PSA_WANT_ECC_SECP_R1_384

config_adjust_psa_superset_legacy.h:123

PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC

config_adjust_psa_from_legacy.h:69

MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY

config_adjust_psa_from_legacy.h:83

PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE

config_adjust_psa_from_legacy.h:175

MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING

config_adjust_psa_from_legacy.h:263

MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7

config_adjust_psa_from_legacy.h:266

MBEDTLS_PK_CAN_ECDSA_SOME

config_adjust_legacy_crypto.h:352

MBEDTLS_ECP_HAVE_SECP521R1

config_adjust_legacy_crypto.h:364

MBEDTLS_ECP_HAVE_BP512R1

config_adjust_legacy_crypto.h:367

MBEDTLS_ECP_HAVE_BP384R1

config_adjust_legacy_crypto.h:373

MBEDTLS_ECP_HAVE_BP256R1

config_adjust_legacy_crypto.h:379

MBEDTLS_SSL_TLS1_2_SOME_ECC

config_adjust_ssl.h:88

crypto_driver_contexts_composites.h:133

crypto_driver_contexts_composites.h:138

PSA_TLS12_PRF_STATE_OTHER_KEY_SET

crypto_builtin_key_derivation.h:58

The total length of the additional data.

MBEDTLS_MODE_XTS

cipher.h:183

The XTS cipher mode.

MBEDTLS_MODE_CHACHAPOLY

cipher.h:184

The ChaCha-Poly cipher mode.

MBEDTLS_PADDING_PKCS7

cipher.h:191

PKCS7 padding (default).

MBEDTLS_ECP_DP_SECP224K1

ecp.h:114

Domain parameters for 224-bit "Koblitz" curve.

mbedtls_ssl_ticket_write_t

crypto_extra.h:1720

ssl.h:2614

Callback type: generate and write session ticket

mbedtls_ssl_ticket_parse_t

ssl.h:2644

Callback type: parse and load session ticket

mbedtls_ssl_cookie_write_t

ssl.h:2976

Callback type: generate a cookie

mbedtls_ssl_cookie_check_t

ssl.h:2993

Callback type: verify a cookie

The digest to use for MGF1 in PSS.

psa_pake_role_t

crypto_extra.h:731

Encoding of the application role of PAKE Encodes the application's role in the algorithm is being executed. For more information see the documentation of individual \c PSA_PAKE_ROLE_XXX constants.

psa_pake_primitive_type_t

crypto_extra.h:749

Encoding of the type of the PAKE's primitive. Values defined by this standard will never be in the range 0x80-0xff. Vendors who define additional types must use an encoding in this range. For more information see the documentation of individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.

psa_pake_family_t

crypto_extra.h:756

Encoding of the family of the primitive associated with the PAKE. For more information see the documentation of individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.

subject_alt_names

x509_crt.h:66

Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name.

ext_key_usage

x509_crt.h:78

Optional list of extended key usage OIDs.

The object identifier.

MBEDTLS_ERR_ERROR_GENERIC_ERROR

x509_crl.h:41

Direct access to the whole entry inside the containing buffer.

issuer

x509_crl.h:73

The parsed issuer data (named information object).

entry

x509_crl.h:78

The CRL entries containing the certificate revocation times for this CA.

esp_mbedtls_sha512_mode

sha512_alt.h:38

error.h:98

MBEDTLS_ERR_MPI_FILE_IO_ERROR

bignum.h:24

MBEDTLS_ERR_MPI_DIVISION_BY_ZERO

bignum.h:34

MBEDTLS_MPI_WINDOW_SIZE

bignum.h:62

Maximum window size used.

MBEDTLS_MPI_MAX_BITS

bignum.h:76

Maximum number of bits for usable MPIs.

MBEDTLS_ERR_ECP_ALLOC_FAILED

ecp.h:43

MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH

ecp.h:49

MBEDTLS_ERR_MD_FILE_IO_ERROR

md.h:30

MBEDTLS_ERR_RSA_PRIVATE_FAILED

rsa.h:43

PSA_ERROR_DATA_CORRUPT

crypto_values.h:313

Stored data has been corrupted. This error indicates that some persistent storage has suffered corruption. It does not indicate the following situations, which have specific error codes: - A corruption of volatile memory - use #PSA_ERROR_CORRUPTION_DETECTED. - A communication error between the cryptoprocessor and its external storage - use #PSA_ERROR_COMMUNICATION_FAILURE. - When the storage is in a valid state but is full - use #PSA_ERROR_INSUFFICIENT_STORAGE. - When the storage fails for other reasons - use #PSA_ERROR_STORAGE_FAILURE. - When the stored data is not valid - use #PSA_ERROR_DATA_INVALID. When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore.

PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR

crypto_values.h:424

The public key type corresponding to a key pair type. You may also pass a public key type as \p type, it will be left unchanged.

PSA_KEY_TYPE_AES

crypto_values.h:499

Key for a cipher, AEAD or MAC algorithm based on the AES block cipher. The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or 32 bytes (AES-256).

PSA_KEY_TYPE_ARIA

crypto_values.h:503

Key for a cipher, AEAD or MAC algorithm based on the

PSA_KEY_TYPE_CHACHA20

crypto_values.h:531

Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm. ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539.

PSA_KEY_TYPE_ECC_CURVE_MASK

crypto_values.h:549

PSA_KEY_TYPE_ECC_PUBLIC_KEY

crypto_values.h:570

Elliptic curve public key. The size of an elliptic curve public key is the same as the corresponding private key (see #PSA_KEY_TYPE_ECC_KEY_PAIR and the documentation of `PSA_ECC_FAMILY_xxx` curve families).

PSA_ALG_CBC_PKCS7

crypto_values.h:1243

The CBC block cipher chaining mode with PKCS#7 padding. The underlying block cipher is determined by the key type. This is the padding method defined by PKCS#7 (RFC 2315) §10.3.

PSA_ALG_CHACHA20_POLY1305

crypto_values.h:1292

The Chacha20-Poly1305 AEAD algorithm. The ChaCha20_Poly1305 construction is defined in RFC 7539. Implementations must support 12-byte nonces, may support 8-byte nonces, and should reject other sizes. Implementations must support 16-byte tags and should reject other sizes.

PSA_ALG_AEAD_TAG_LENGTH_MASK

crypto_values.h:1298

PSA_ALG_RSA_PKCS1V15_CRYPT

crypto_values.h:1767

RSA PKCS#1 v1.5 encryption. \warning Calling psa_asymmetric_decrypt() with this algorithm as a parameter is considered an inherently dangerous function (CWE-242). Unless it is used in a side channel free and safe way (eg. implementing the TLS protocol as per 7.4.7.1 of RFC 5246), the calling code is vulnerable.

PSA_ALG_KEY_AGREEMENT_GET_BASE

crypto_values.h:2160

PSA_ALG_ECDH

crypto_values.h:2233

The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm. The shared secret produced by key agreement is the x-coordinate of the shared secret point. It is always `ceiling(m / 8)` bytes long where `m` is the bit size associated with the curve, i.e. the bit size of the order of the curve's coordinate field. When `m` is not a multiple of 8, the byte containing the most significant bit of the shared secret is padded with zero bits. The byte order is either little-endian or big-endian depending on the curve type. - For Montgomery curves (curve types `PSA_ECC_FAMILY_CURVEXXX`), the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A` in little-endian byte order. The bit size is 448 for Curve448 and 255 for Curve25519. - For Weierstrass curves over prime fields (curve types `PSA_ECC_FAMILY_SECPXXX` and `PSA_ECC_FAMILY_BRAINPOOL_PXXX`), the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A` in big-endian byte order. The bit size is `m = ceiling(log_2(p))` for the field `F_p`. - For Weierstrass curves over binary fields (curve types `PSA_ECC_FAMILY_SECTXXX`), the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A` in big-endian byte order. The bit size is `m` for the field `F_{2^m}`.

PSA_KEY_USAGE_EXPORT

crypto_values.h:2546

Whether the key may be exported. A public key or the public part of a key pair may always be exported regardless of the value of this permission flag. If a key does not have export permission, implementations shall not allow the key to be exported in plain form from the cryptoprocessor, whether through psa_export_key() or through a proprietary interface. The key may however be exportable in a wrapped form, i.e. in a form where it is encrypted by another key.

PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE

crypto_sizes.h:763

PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE

crypto_sizes.h:802

PSA_CIPHER_IV_LENGTH

crypto_sizes.h:1112

The default IV size for a cipher algorithm, in bytes. The IV that is generated as part of a call to #psa_cipher_encrypt() is always the default IV length for the algorithm. This macro can be used to allocate a buffer of sufficient size to store the IV output from #psa_cipher_generate_iv() when using a multi-part cipher operation. See also #PSA_CIPHER_IV_MAX_SIZE. \warning This macro may evaluate its arguments multiple times or zero times, so you should not pass arguments that contain side effects.

PSA_CIPHER_IV_MAX_SIZE

crypto_sizes.h:1129

The maximum IV size for all supported cipher algorithms, in bytes. See also #PSA_CIPHER_IV_LENGTH().

mbedtls_md5_free

md5_alt.h:25

MBEDTLS_CCM_STAR_DECRYPT

ccm.h:49

MBEDTLS_CCM_STAR_ENCRYPT

ccm.h:50

MBEDTLS_ERR_CCM_AUTH_FAILED

ccm.h:55

PSA_MAX_KEY_BITS

crypto_struct.h:293

MBEDTLS_PSA_KEY_ID_BUILTIN_MIN

crypto_extra.h:493

The minimum value for a key identifier that is built into the implementation. The range of key identifiers from #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN to #MBEDTLS_PSA_KEY_ID_BUILTIN_MAX within the range from #PSA_KEY_ID_VENDOR_MIN and #PSA_KEY_ID_VENDOR_MAX and must not intersect with any other set of implementation-chosen key identifiers. This value is part of the library's API since changing it would invalidate the values of built-in key identifiers in applications.

MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED

ssl_ciphersuites.h:336

MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED

ssl_ciphersuites.h:411

MBEDTLS_X509_BADCRL_NOT_TRUSTED

x509.h:95

The CRL is not correctly signed by the trusted CA.

MBEDTLS_X509_BADCERT_BAD_PK

x509.h:106

The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).

MBEDTLS_X509_SAN_OTHER_NAME

x509.h:127

addtogroup x509_module

MBEDTLS_X509_KU_DIGITAL_SIGNATURE

x509.h:141

MBEDTLS_X509_EXT_NS_CERT_TYPE

x509.h:189

MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION

ssl.h:115

MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED

ssl.h:119

MBEDTLS_ERR_SSL_NON_FATAL

ssl.h:146

MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1

ssl.h:206

MBEDTLS_SSL_MAX_FRAG_LEN_NONE

ssl.h:275

don't use this extension

MBEDTLS_SSL_COMPRESS_NULL

ssl.h:294

MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED

ssl.h:337

MBEDTLS_SSL_VERIFY_DATA_MAX_LEN

ssl.h:455

MBEDTLS_SSL_HASH_NONE

ssl.h:466

MBEDTLS_SSL_MSG_ALERT

ssl.h:524

MBEDTLS_SSL_ALERT_LEVEL_WARNING

ssl.h:529

MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT

ssl.h:558

MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST

ssl.h:567

MBEDTLS_TLS_EXT_ECJPAKE_KKPP

ssl.h:629

MBEDTLS_TLS_EXT_RENEGOTIATION_INFO

ssl.h:631

MBEDTLS_ERR_NET_SOCKET_FAILED

net_sockets.h:38

MBEDTLS_ERR_NET_UNKNOWN_HOST

net_sockets.h:54

MBEDTLS_NET_PROTO_UDP

net_sockets.h:67

The UDP transport protocol

MBEDTLS_ENTROPY_MD

entropy.h:22

MBEDTLS_CTR_DRBG_KEYBITS

ctr_drbg.h:91

The key size for the DRBG operation, in bits.

bundle_t

esp_crt_bundle.c:62

MBEDTLS_ERR_OID_BUF_TOO_SMALL

oid.h:30

MBEDTLS_OID_AT_CN

oid.h:127

id-at-commonName AttributeType:= {id-at 3}

MBEDTLS_OID_EXTENDED_KEY_USAGE

oid.h:162

id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }

MBEDTLS_OID_ANSI_X9_62_SIG_SHA2

crypto_builtin_key_derivation.h:49

secret_length

crypto_builtin_key_derivation.h:79

seed_length

crypto_builtin_key_derivation.h:81

label_length

crypto_builtin_key_derivation.h:83

tls12_ecjpake_to_pms

crypto_driver_contexts_key_derivation.h:44

Full cipher identifier (as per mbedtls_cipher_type_t). For example, MBEDTLS_CIPHER_AES_256_CBC. This could be 7 bits, but 8 bits retains byte alignment for the next field, which reduces code size to access that field.

MBEDTLS_PK_IS_RFC8410_GROUP_ID

cipher.h:302

Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the cipher supports variable IV or variable key sizes, respectively.

When a ticket is created by a TLS server as part of an established TLS session, the ticket creation time may need to be saved for the ticket module to be able to check the ticket age when the ticket is used. That's the purpose of this field. Before creating a new ticket, an Mbed TLS server set this field with its current time in milliseconds. This time may then be saved in the session ticket data by the session ticket writing function and recovered by the ticket parsing function later when the ticket is used. The ticket module may then use this time to compute the ticket age and determine if it has expired or not. The Mbed TLS implementations of the session ticket writing and parsing functions save and retrieve the ticket creation time as part of the session ticket data. The session ticket parsing function relies on the mbedtls_ssl_session_get_ticket_creation_time() API to get the ticket creation time from the session ticket data.

f_get_cache

ssl.h:1502

Callback to retrieve a session from the cache

f_set_cache

ssl.h:1504

Callback to store a session into the cache

f_sni

ssl.h:1509

Callback for setting cert according to SNI extension

f_ticket_write

ssl.h:1539

Callback to create & write a session ticket

f_ticket_parse

ssl.h:1543

Callback to parse a session ticket into a session structure

Callback to export key block and master secret

cli_exts

ssl_misc.h:645

client extension presence

extended_ms

ssl_misc.h:688

use Extended Master Secret?

sni_key_cert

ssl_misc.h:829

key/cert list from SNI

seen_ccs

ssl_misc.h:844

Indicates if a CCS message has been seen in the current flight.

used to check if CertificateRequest has been received from server side. If CertificateRequest has been received, Certificate and CertificateVerify should be sent to server

PSA_PK_TO_MBEDTLS_ERR

pk_internal.h:24

pk_internal.h:121

MBEDTLS_TEST_HOOK_TEST_ASSERT

common.h:61

MBEDTLS_SSL_DEBUG_CRT

debug.h:66

mbedtls_x25519_ecdh_side

x25519.h:35

mbedtls_everest_ecdh_side

ARIA encryption.

mbedtls_mpi_zeroize_and_free

bignum.c:176

mbedtls_block_cipher_id_t

block_cipher.h:35

CCM_SELFTEST_PT_MAX_LEN

Encrypt using ECB

Encrypt using CFB (Full length)

ctr_func

cipher_wrap.h:106

Encrypt using CTR

MBEDTLS_CIPHER_BASE_INDEX_GCM_AES

cipher_wrap.c:96

MBEDTLS_CIPHER_BASE_INDEX_GCM_ARIA

MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG

hmac_drbg.h:32

MBEDTLS_HMAC_DRBG_MAX_INPUT

hmac_drbg.h:51

Maximum number of additional input bytes

mbedtls_mpi_mod_rep_selector

bignum_mod.h:83

mbedtls_mpi_mont_struct

bignum_mod.h:110

mbedtls_mpi_opt_red_struct

digest_alg_identifiers

MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL

lms.h:28

Input/output buffer is too small to contain requited data

MBEDTLS_LMOTS_SIG_LEN

lms.h:40

MBEDTLS_LMS_H_TREE_HEIGHT

lms.h:47

MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG

pem.h:33

MBEDTLS_ERR_PEM_PASSWORD_REQUIRED

pem.h:35

MBEDTLS_ERR_PEM_BAD_INPUT_DATA

pem.h:41

MBEDTLS_ERR_PKCS7_INVALID_CERT

pkcs7.h:55

The certificate tag or value is invalid or cannot be parsed.

MBEDTLS_ERR_PKCS7_ALLOC_FAILED

pkcs7.h:59

Allocation of memory failed.

FN_OID_GET_OID_BY_ATTR1

crypto_se_driver.h:498

A struct containing all of the function pointers needed to implement cipher operations using secure elements. PSA Crypto API implementations should populate instances of the table as appropriate upon startup or at build time. If one of the functions is not implemented (such as `psa_drv_se_cipher_ecb_t`), it should be set to NULL.

psa_drv_se_mac_t

crypto_se_driver.h:311

A struct containing all of the function pointers needed to perform secure element MAC operations PSA Crypto API implementations should populate the table as appropriate upon startup. If one of the functions is not implemented (such as `psa_drv_se_mac_generate_t`), it should be set to NULL. Driver implementers should ensure that they implement all of the functions that make sense for their hardware, and that they provide a full solution (for example, if they support `p_setup`, they should also support `p_update` and at least one of `p_finish` or `p_finish_verify`).

psa_drv_se_aead_t

crypto_se_driver.h:788

A struct containing all of the function pointers needed to implement secure element Authenticated Encryption with Additional Data operations PSA Crypto API implementations should populate instances of the table as appropriate upon startup. If one of the functions is not implemented, it should be set to NULL.

psa_drv_se_asymmetric_t

crypto_se_driver.h:671

A struct containing all of the function pointers needed to implement asymmetric cryptographic operations using secure elements. PSA Crypto API implementations should populate instances of the table as appropriate upon startup or at build time. If one of the functions is not implemented, it should be set to NULL.

psa_drv_se_key_derivation_t

crypto_se_driver.h:1252

A struct containing all of the function pointers needed to for secure element key derivation and agreement PSA Crypto API implementations should populate instances of the table as appropriate upon startup. If one of the functions is not implemented, it should be set to NULL.

psa_drv_se_key_management_t

crypto_se_driver.h:1109

A struct containing all of the function pointers needed to for secure element key management PSA Crypto API implementations should populate instances of the table as appropriate upon startup or at build time. If one of the functions is not implemented, it should be set to NULL.

length

psa_crypto_core.h:935

drbg

psa_crypto_random_impl.h:72

PSA_KEY_ID_VOLATILE_MIN

psa_crypto_slot_management.h:28

Range of volatile key identifiers. The first #MBEDTLS_PSA_KEY_SLOT_COUNT identifiers of the implementation range of key identifiers are reserved for volatile key identifiers. If \c id is a a volatile key identifier, #PSA_KEY_ID_VOLATILE_MIN - \c id indicates the key slot containing the volatile key definition. See psa_crypto_slot_management.c for details. The minimum value for a volatile key identifier.

PSA_KEY_ID_VOLATILE_MAX

psa_crypto_slot_management.h:33

The maximum value for a volatile key identifier.

RNG_NOT_INITIALIZED

psa_crypto.c:92

dhm.h:108

MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED

dhm.h:66

MBEDTLS_ERR_DHM_FILE_IO_ERROR

dhm.h:78

PERSISTENT_KEY_CACHE_COUNT

psa_crypto_slot_management.c:81

KEY_ID_SLICE_INDEX_WIDTH

psa_crypto_slot_management.c:92

size

psa_crypto_its.h:37

The size of the data associated with a uid *

PSA_ITS_STORAGE_FILENAME_LENGTH

psa_its_file.c:32

mbedtls_timing_hr_time

timer structure

session ID

ciphersuite_definitions

ssl_ciphersuites.c:280

mbedtls_debug_ecdh_attr

TICKET_CRYPT_LEN_BYTES

x509_crt_verify_string

CSR version (1=v1).

Container for the public key context.

PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC

config_adjust_psa_from_legacy.h:88

Outgoing handshake sequence number

ecjpake_id

ecjpake.c:28

ecjpake_test_password

ecjpake.c:838

ecjpake_test_shared_key

ESP_MBEDTLS_SHA1_SOFTWARE

sha1_alt.h:40

mbedtls_aes_xts_setkey_enc

aes_alt.h:57

mbedtls_aes_xts_setkey_dec

aes_alt.h:58

MBEDTLS_ERR_MPI_INVALID_CHARACTER

bignum.h:28

MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE

pk.h:58

MBEDTLS_ERR_X509_INVALID_SIGNATURE

x509.h:61

MBEDTLS_ERR_X509_SIG_MISMATCH

x509.h:69

MBEDTLS_ERR_X509_FILE_IO_ERROR

x509.h:79

MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE

ssl.h:76

MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED

entropy.h:42

MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE

entropy.h:44

MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG

ctr_drbg.h:67

MBEDTLS_ERR_PEM_ALLOC_FAILED

pem.h:29

mbedtls_md5_init

md5_alt.h:20

ESP_MBEDTLS_SHA256_SOFTWARE

sha256_alt.h:39

MBEDTLS_ERROR_STRERROR_DUMMY

esp_config.h:888

\def MBEDTLS_ERROR_STRERROR_DUMMY Enable a dummy error function to make use of mbedtls_strerror() in third party libraries easier when MBEDTLS_ERROR_C is disabled (no effect when MBEDTLS_ERROR_C is enabled). You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're not using mbedtls_strerror() or error_strerror() in your application. Disable if you run into name conflicts and want to really remove the mbedtls_strerror()

MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE

mbedtls_config.h:1834

\def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE Enable TLS 1.3 middlebox compatibility mode. As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility mode to make a TLS 1.3 connection more likely to pass through middle boxes expecting TLS 1.2 traffic. Turning on the compatibility mode comes at the cost of a few added bytes on the wire, but it doesn't affect compatibility with TLS 1.3 implementations that don't use it. Therefore, unless transmission bandwidth is critical and you know that middlebox compatibility issues won't occur, it is therefore recommended to set this option. Comment to disable compatibility mode for TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any effect on the build.

MBEDTLS_SSL_CACHE_C

esp_config.h:2588

\def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms with the ARMv8 cryptographic extensions if they are available at runtime. If not, the library will fall back to the C implementation. \warning MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the same time as MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. Requires: MBEDTLS_SHA512_C. Module: library/sha512.c Uncomment to have the library check for the A64 SHA-512 crypto extensions and use them if available. \def MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms with the ARMv8 cryptographic extensions, which must be available at runtime or else an illegal instruction fault will occur. \warning MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY cannot be defined at the same time as MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT. Requires: MBEDTLS_SHA512_C. Module: library/sha512.c Uncomment to have the library use the A64 SHA-512 crypto extensions unconditionally. \def MBEDTLS_SSL_CACHE_C Enable simple SSL cache implementation. Module: library/ssl_cache.c Caller: Requires: MBEDTLS_SSL_CACHE_C

MBEDTLS_MPI_MUL_MPI_ALT

esp_config.h:206

MBEDTLS_AES_ROM_TABLES

esp_config.h:263

\def MBEDTLS_AES_ROM_TABLES Store the AES tables in ROM. Uncomment this macro to store the AES tables in ROM.

MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH

esp_config.h:1354

\def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH Size in bytes of a ticket nonce. This is not used in TLS 1.2. This must be less than 256.

PSA_WANT_ALG_SHA_256

config_adjust_psa_superset_legacy.h:53

PSA_WANT_ALG_SHA_512

config_adjust_psa_superset_legacy.h:61

PSA_WANT_ECC_BRAINPOOL_P_R1_256

config_adjust_psa_superset_legacy.h:75

PSA_WANT_ECC_BRAINPOOL_P_R1_384

config_adjust_psa_superset_legacy.h:81

PSA_WANT_ECC_BRAINPOOL_P_R1_512

config_adjust_psa_superset_legacy.h:87

PSA_WANT_ECC_MONTGOMERY_255

config_adjust_psa_superset_legacy.h:93

PSA_WANT_ECC_SECP_R1_192

config_adjust_psa_superset_legacy.h:105

PSA_WANT_ECC_SECP_R1_224

config_adjust_psa_superset_legacy.h:111

PSA_WANT_ECC_SECP_K1_192

config_adjust_psa_superset_legacy.h:135

PSA_WANT_ECC_SECP_K1_256

config_adjust_psa_superset_legacy.h:148

MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG

config_adjust_psa_from_legacy.h:40

PSA_WANT_ALG_CCM_STAR_NO_TAG

config_adjust_psa_from_legacy.h:41

MBEDTLS_PSA_BUILTIN_ALG_ECDH

config_adjust_psa_from_legacy.h:51

PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE

config_adjust_psa_from_legacy.h:76

MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT

config_adjust_psa_from_legacy.h:78

MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT

config_adjust_psa_from_legacy.h:79

MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE

config_adjust_psa_from_legacy.h:82

MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT

config_adjust_psa_from_legacy.h:178

PSA_WANT_KEY_TYPE_ARIA

config_adjust_psa_from_legacy.h:229

MBEDTLS_PSA_BUILTIN_ALG_CFB

config_adjust_psa_from_legacy.h:279

MBEDTLS_PSA_BUILTIN_ALG_CTR

config_adjust_psa_from_legacy.h:284

MBEDTLS_PSA_BUILTIN_ALG_OFB

config_adjust_psa_from_legacy.h:289

MBEDTLS_ECP_HAVE_SECP256K1

config_adjust_legacy_crypto.h:382

MBEDTLS_ECP_HAVE_SECP224K1

config_adjust_legacy_crypto.h:391

MBEDTLS_ECP_HAVE_SECP224R1

config_adjust_legacy_crypto.h:394

MBEDTLS_ECP_HAVE_SECP192K1

config_adjust_legacy_crypto.h:397

MBEDTLS_ECP_HAVE_SECP192R1

config_adjust_legacy_crypto.h:400

MBEDTLS_ERR_SHA256_BAD_INPUT_DATA

sha256.h:23

PSA_TLS12_PRF_STATE_SEED_SET

crypto_builtin_key_derivation.h:57

ESP_AES_GCM_STATE_START

The additional data.

authorityCertSerialNumber

x509.h:240

PSA_JPAKE_STEP_INVALID

crypto_extra.h:1799

PSA_JPAKE_X2S_STEP_KEY_SHARE

crypto_extra.h:1806

psa_drv_slot_number_t

crypto_extra.h:506

A slot number identifying a key in a driver. Values of this type are used to identify built-in keys.

Optional X.509 v3 extensions.

certificate_policies

x509_crt.h:70

Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).

asn1.h:154

Raw ASN1 data for the bit string

mbedtls_pk_rsa_alt_decrypt_func

pk.h:284

Types for RSA-alt abstraction

mbedtls_pk_rsa_alt_sign_func

pk.h:287

mbedtls_pk_rsa_alt_key_len_func

pk.h:292

mbedtls_ssl_premaster_secret

ssl.h:655

MBEDTLS_SSL_SERVER_HELLO_DONE

ssl.h:710

MBEDTLS_SSL_CLIENT_FINISHED

ssl.h:715

MBEDTLS_SSL_SERVER_FINISHED

ssl.h:717

issuer_raw

x509_crl.h:71

The raw issuer data (DER).

mbedtls_entropy_f_source_ptr

entropy.h:87

Entropy poll callback pointer

ESP_MBEDTLS_SHA512_SOFTWARE

sha512_alt.h:41

mbedtls_x509_crt_profile_default

x509_crt.c:89

Default security profile. Should provide a good balance between security and compatibility with current deployments. This profile permits: - SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512. - Elliptic curves with 255 bits and above except secp256k1. - RSA with 2048 bits and above. New minor versions of Mbed TLS may extend this profile, for example if new algorithms are added to the library. New minor versions of Mbed TLS will not reduce this profile unless serious security concerns require it.

MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED

error.h:103

MBEDTLS_MPI_MAX_LIMBS

MBEDTLS_ERR_RSA_KEY_GEN_FAILED

rsa.h:37

MBEDTLS_ERR_RSA_PUBLIC_FAILED

rsa.h:41

PSA_ERROR_INSUFFICIENT_STORAGE

crypto_values.h:152

There is not enough persistent storage. Functions that modify the key storage return this error code if there is insufficient storage space on the host media. In addition, many functions that do not otherwise access storage may return this error code if the implementation requires a mandatory log entry for

PSA_ERROR_HARDWARE_FAILURE

crypto_values.h:200

A hardware failure was detected. A hardware failure may be transient or permanent depending on the

PSA_ERROR_INVALID_PADDING

crypto_values.h:276

The decrypted padding is incorrect. \warning In some protocols, when decrypting data, it is essential that the behavior of the application does not depend on whether the padding is correct, down to precise timing. Applications should prefer protocols that use authenticated encryption rather than plain encryption. If the application must perform a decryption of unauthenticated data, the application writer should take care not to reveal whether the padding is invalid. Implementations should strive to make valid and invalid padding as close as possible to indistinguishable to an external observer. In particular, the timing of a decryption operation should not

PSA_KEY_TYPE_CATEGORY_SYMMETRIC

crypto_values.h:369

PSA_KEY_TYPE_HMAC

crypto_values.h:441

HMAC key. The key policy determines which underlying hash algorithm the key can be used for. HMAC keys should generally have the same size as the underlying hash. This size can be calculated with #PSA_HASH_LENGTH(\c alg) where

PSA_KEY_TYPE_PASSWORD

crypto_values.h:477

A low-entropy secret for password hashing or key derivation. This key type is suitable for passwords and passphrases which are typically intended to be memorizable by humans, and have a low entropy relative to their size. It can be used for randomly generated or derived keys with maximum or near-maximum entropy, but #PSA_KEY_TYPE_DERIVE is more suitable for such keys. It is not suitable for passwords with extremely low entropy, such as numerical PINs. These keys can be used as the #PSA_KEY_DERIVATION_INPUT_PASSWORD input of key derivation algorithms. Algorithms that accept such an input were designed to accept low-entropy secret and are known as password hashing or key stretching algorithms. These keys cannot be used as the #PSA_KEY_DERIVATION_INPUT_SECRET input of key derivation algorithms, as the algorithms that take such an input expect it to be high-entropy. The key policy determines which key derivation algorithm the key can be used for, among the permissible subset defined above.

PSA_KEY_TYPE_CAMELLIA

crypto_values.h:518

Key for a cipher, AEAD or MAC algorithm based on the

PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE

crypto_values.h:547

PSA_KEY_TYPE_ECC_KEY_PAIR

crypto_values.h:559

Elliptic curve key pair. The size of an elliptic curve key is the bit size associated with the curve, i.e. the bit size of *q* for a curve over a field *Fq*. See the documentation of `PSA_ECC_FAMILY_xxx` curve families for details.

PSA_ALG_CATEGORY_KEY_DERIVATION

crypto_values.h:790

PSA_ALG_STREAM_CIPHER

crypto_values.h:1177

The stream cipher mode of a stream cipher algorithm. The underlying stream cipher is determined by the key type. - To use ChaCha20, use a key type of #PSA_KEY_TYPE_CHACHA20.

PSA_ALG_CTR

crypto_values.h:1186

The CTR stream cipher mode. CTR is a stream cipher which is built from a block cipher. The underlying block cipher is determined by the key type. For example, to use AES-128-CTR, use this algorithm with a key of type #PSA_KEY_TYPE_AES and a length of 128 bits (16 bytes).

PSA_ALG_CFB

crypto_values.h:1192

The CFB stream cipher mode. The underlying block cipher is determined by the key type.

PSA_ALG_OFB

crypto_values.h:1198

The OFB stream cipher mode. The underlying block cipher is determined by the key type.

PSA_ALG_XTS

crypto_values.h:1206

The XTS cipher mode. XTS is a cipher mode which is built from a block cipher. It requires at least one full block of input, but beyond this minimum the input does not need to be a whole number of blocks.

PSA_ALG_CCM_STAR_NO_TAG

crypto_values.h:1275

The CCM* cipher mode without authentication. This is CCM* as specified in IEEE 802.15.4 §7, with a tag length of 0. For CCM* with a nonzero tag length, use the AEAD algorithm #PSA_ALG_CCM. The underlying block cipher is determined by the key type. Currently only 13-byte long IV's are supported.

PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE

crypto_values.h:1361

PSA_ALG_RSA_PKCS1V15_SIGN_BASE

crypto_values.h:1394

PSA_ALG_ECDSA_DETERMINISTIC_FLAG

crypto_values.h:1570

PSA_ALG_IS_VENDOR_HASH_AND_SIGN

crypto_values.h:1667

PSA_ALG_KEY_AGREEMENT_GET_KDF

crypto_values.h:2157

PSA_ALG_IS_RAW_KEY_AGREEMENT

crypto_values.h:2177

Whether the specified algorithm is a raw key agreement algorithm. A raw key agreement algorithm is one that does not specify a key derivation function. Usually, raw key agreement algorithms are constructed directly with a \c PSA_ALG_xxx macro while non-raw key agreement algorithms are constructed with #PSA_ALG_KEY_AGREEMENT().

PSA_KEY_ID_USER_MIN

crypto_values.h:2424

The minimum value for a key identifier chosen by the application.

PSA_KEY_ID_USER_MAX

crypto_values.h:2427

The maximum value for a key identifier chosen by the application.

PSA_KEY_USAGE_COPY

crypto_values.h:2562

Whether the key may be copied. This flag allows the use of psa_copy_key() to make a copy of the key with the same policy or a more restrictive policy. For lifetimes for which the key is located in a secure element which enforce the non-exportability of keys, copying a key outside the secure element also requires the usage flag #PSA_KEY_USAGE_EXPORT. Copying the key inside the secure element is permitted with just #PSA_KEY_USAGE_COPY if the secure element supports it. For keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE or #PSA_KEY_LIFETIME_PERSISTENT, the usage flag #PSA_KEY_USAGE_COPY is sufficient to permit the copy.

MBEDTLS_PSA_ALG_AEAD_EQUAL

crypto_values.h:2763

Check if two AEAD algorithm identifiers refer to the same AEAD algorithm regardless of the tag length they encode.

PSA_MAC_MAX_SIZE

crypto_sizes.h:165

\def PSA_MAC_MAX_SIZE Maximum size of a MAC. This macro expands to a compile-time constant integer. This value is the maximum size of a MAC in bytes.

PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE

crypto_sizes.h:298

PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE

crypto_sizes.h:651

PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE

crypto_sizes.h:777

PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE

crypto_sizes.h:853

PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE

crypto_sizes.h:860

mbedtls_md5_clone

md5_alt.h:26

MBEDTLS_ERR_SHA512_BAD_INPUT_DATA

sha512.h:22

MBEDTLS_ERR_CIPHER_INVALID_CONTEXT

cipher.h:50

MBEDTLS_MAX_IV_LENGTH

cipher.h:220

Maximum length of any IV, in Bytes.

MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL

PSA_KEY_ATTRIBUTES_INIT

crypto_struct.h:323

MBEDTLS_PSA_KEY_ID_BUILTIN_MAX

crypto_extra.h:500

The maximum value for a key identifier that is built into the implementation. See #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN for more information.

PSA_PAKE_PRIMITIVE

crypto_extra.h:859

Construct a PAKE primitive from type, family and bit-size.

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

ssl_ciphersuites.h:119

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

ssl_ciphersuites.h:120

TLS 1.2

MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED

ssl_ciphersuites.h:344

MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED

ssl_ciphersuites.h:375

MBEDTLS_ASN1_TAG_CLASS_MASK

asn1.h:106

MBEDTLS_X509_BADCERT_EXPIRED

x509.h:91

The certificate validity has expired.

MBEDTLS_X509_BADCERT_REVOKED

x509.h:92

The certificate has been revoked (is on a CRL).

MBEDTLS_X509_BADCERT_CN_MISMATCH

x509.h:93

The certificate Common Name (CN) does not match with the expected CN.

MBEDTLS_X509_BADCERT_KEY_USAGE

x509.h:102

Usage does not match the keyUsage extension.

MBEDTLS_X509_BADCERT_EXT_KEY_USAGE

x509.h:103

Usage does not match the extendedKeyUsage extension.

MBEDTLS_X509_BADCERT_BAD_MD

x509.h:105

The certificate is signed with an unacceptable hash.

MBEDTLS_X509_KU_KEY_ENCIPHERMENT

x509.h:143

MBEDTLS_X509_KU_KEY_AGREEMENT

x509.h:145

MBEDTLS_X509_KU_KEY_CERT_SIGN

x509.h:146

MBEDTLS_X509_KU_CRL_SIGN

x509.h:147

MBEDTLS_X509_KU_ENCIPHER_ONLY

x509.h:148

MBEDTLS_X509_KU_DECIPHER_ONLY

x509.h:149

MBEDTLS_X509_EXT_BASIC_CONSTRAINTS

x509.h:182

MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE

x509.h:185

MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE

ssl.h:64

MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL

ssl.h:68

MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME

ssl.h:78

MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1

ssl.h:207

MBEDTLS_SSL_IANA_TLS_GROUP_X25519

ssl.h:211

MBEDTLS_SSL_EXTENDED_MS_DISABLED

ssl.h:285

MBEDTLS_SSL_VERIFY_UNSET

ssl.h:299

MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION

ssl.h:313

MBEDTLS_SSL_SESSION_TICKETS_DISABLED

MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256

ssl.h:494

MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384

ssl.h:495

MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512

ssl.h:496

MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION

ssl.h:551

MBEDTLS_SSL_HS_CERTIFICATE

ssl.h:571

MBEDTLS_TLS_EXT_SERVERNAME

ssl.h:583

MBEDTLS_TLS_EXT_SUPPORTED_GROUPS

ssl.h:592

MBEDTLS_TLS_EXT_SIG_ALG

ssl.h:595

MBEDTLS_PREMASTER_SIZE

ssl.h:688

MBEDTLS_ERR_NET_ACCEPT_FAILED

net_sockets.h:46

MBEDTLS_ERR_NET_INVALID_CONTEXT

net_sockets.h:58

MBEDTLS_ENTROPY_MAX_SOURCES

entropy.h:57

Maximum number of sources supported

MBEDTLS_ENTROPY_MAX_SEED_SIZE

entropy.h:66

Maximum size of seed we read from seed file

MBEDTLS_ENTROPY_SOURCE_STRONG

entropy.h:69

Entropy source is strong

mbedtls_aes_crypt_ofb

aes_alt.h:51

mbedtls_aes_xts_free

aes_alt.h:56

MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES

oid.h:40

MBEDTLS_OID_COUNTRY_US

oid.h:70

MBEDTLS_OID_AT_SUR_NAME

oid.h:128

id-at-surName AttributeType:= {id-at 4}

MBEDTLS_OID_AT_COUNTRY

oid.h:130

id-at-countryName AttributeType:= {id-at 6}

MBEDTLS_OID_AT_LOCALITY

oid.h:131

id-at-locality AttributeType:= {id-at 7}

MBEDTLS_OID_AT_STATE

oid.h:132

id-at-state AttributeType:= {id-at 8}

MBEDTLS_OID_AT_ORGANIZATION

oid.h:133

id-at-organizationName AttributeType:= {id-at 10}

MBEDTLS_OID_AT_ORG_UNIT

oid.h:134

id-at-organizationalUnitName AttributeType:= {id-at 11}

MBEDTLS_OID_AT_GIVEN_NAME

oid.h:138

id-at-givenName AttributeType:= {id-at 42}

MBEDTLS_OID_DOMAIN_COMPONENT

oid.h:146

MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER

oid.h:151

id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }

MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER

oid.h:152

id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }

MBEDTLS_OID_SUBJECT_ALT_NAME

oid.h:156

id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }

MBEDTLS_OID_BASIC_CONSTRAINTS

oid.h:159

id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }

MBEDTLS_OID_SERVER_AUTH

oid.h:199

id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }

MBEDTLS_OID_CLIENT_AUTH

oid.h:200

id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }

MBEDTLS_OID_PKCS9_EMAIL

oid.h:240

emailAddress AttributeType ::= { pkcs-9 1 }

MBEDTLS_OID_AES

oid.h:298

MBEDTLS_OID_PKCS9_CSR_EXT_REQ

oid.h:343

extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14}

MBEDTLS_OID_EC_BRAINPOOL_V1

IV size in Bytes, for ciphers with variable-length IVs.

crypto_builtin_composites.h:47

The HMAC algorithm in use

ad_started

crypto_struct.h:179

block_number

crypto_builtin_key_derivation.h:74

crypto_builtin_key_derivation.h:89

Name of the cipher.

Key length to use.

crypto_builtin_primitives.h:105

ssl_ciphersuites.h:450

cipher

ssl_ciphersuites.h:452

disable_renegotiation

ssl.h:1445

session_tickets

ssl.h:1455

Encodes two booleans, one stating whether TLS 1.2 session tickets are enabled or not, the other one whether the handling of TLS 1.3 NewSessionTicket messages is enabled or not. They are respectively set by mbedtls_ssl_conf_session_tickets() and mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets().

Callback to customize X.509 certificate chain verification

mbedtls_ssl_key_set

ssl_misc.h:610

The data structure holding the cryptographic material (key and IV) used for record protection in TLS 1.3.

raw SNI

raw SNI len

acceptable client cert issuers

description

oid.h:481

MBEDTLS_PUT_UINT16_LE

alignment.h:500

Put in memory a 16 bits unsigned integer in little-endian order.

ARRAY_LENGTH

common.h:93

MBEDTLS_SSL_RETRANS_WAITING

ssl_misc.h:246

MBEDTLS_SSL_RETRANS_FINISHED

ssl_misc.h:247

MBEDTLS_TLS_EXT_ADV_CONTENT_LEN

ssl_misc.h:334

MBEDTLS_RECEIVED_SIG_ALGS_SIZE

ssl_misc.h:349

MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH

constant_time_impl.h:57

MBEDTLS_CT_SIZE

constant_time_impl.h:69

half limb size

CCM_STATE__AUTH_DATA_FINISHED

ccm.c:117

CCM_SELFTEST_CT_MAX_LEN

ccm.c:638

ofb_func

cipher_wrap.h:98

Encrypt using OFB (Full length)

xts_func

cipher_wrap.h:113

Encrypt or decrypt using XTS.

MBEDTLS_CIPHER_BASE_INDEX_XTS_AES

cipher_wrap.h:143

mbedtls_cipher_supported

cipher_wrap.c:2426

MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED

hmac_drbg.h:36

MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT

hmac_drbg.h:59

Maximum size of (re)seed buffer

ECP_CURVE25519_KEY_SIZE

The public key, in the form of the Merkle tree root node.

MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT

lms.h:37

MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN

lms.h:38

MBEDTLS_LMS_PUBLIC_KEY_LEN

lms.h:61

MBEDTLS_ERR_PEM_INVALID_ENC_IV

pem.h:31

MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE

pkcs12.h:24

MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH

pkcs12.h:28

MBEDTLS_ERR_PKCS7_INVALID_VERSION

pkcs7.h:52

The PKCS #7 version element is invalid or cannot be parsed.

last4

gcm.c:320

MBEDTLS_LMOTS_PUBLIC_KEY_LEN

lmots.h:27

PUBLIC_KEY_Q_LEAF_ID_OFFSET

lmots.c:49

SIG_TYPE_OFFSET

lms.c:50

PUBLIC_KEY_OTSTYPE_OFFSET

Output length of the digest function in bytes

MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES

pkwrite.h:39

MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES

Public functions for wrinting private/public PEM keys.

slice_index

psa_crypto_core.h:100

next_free_relative_to_next

psa_crypto_core.h:120

free

psa_crypto_core.h:104

original

psa_crypto_core.h:963

entropy

psa_crypto_random_impl.h:71

PSA_CRYPTO_MAX_STORAGE_SIZE

psa_crypto_storage.h:26

AT_LEAST_ONE_BUILTIN_KDF

psa_crypto.c:5467

dhm.h:111

MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED

dhm.h:70

key_slots_initialized

psa_crypto_slot_management.c:190

KEY_SLOT_VOLATILE_SLICE_BASE_LENGTH

psa_crypto_slot_management.c:94

KEY_SLICE_COUNT

psa_crypto_slot_management.c:96

PSA_KEY_STORAGE_MAGIC_HEADER

psa_crypto_storage.c:222

Persistent key storage magic header.

PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH

psa_crypto_storage.c:223

PSA_ITS_STORAGE_PREFIX

psa_its_file.c:27

PSA_ITS_STORAGE_SUFFIX

supported_ciphersuites

ssl_ciphersuites.c:1803

The raw CertificateRequestInfo body (DER).

subject_raw

x509_csr.h:44

The raw subject data (DER).

subject

x509_csr.h:45

The parsed subject data (named information object).

subject_alt_names

x509_csr.h:51

Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name.

PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE

config_adjust_psa_from_legacy.h:91

MBEDTLS_PSA_BUILTIN_ALG_FFDH

config_adjust_psa_from_legacy.h:99

MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT

config_adjust_psa_from_legacy.h:101

MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT

config_adjust_psa_from_legacy.h:102

MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE

config_adjust_psa_from_legacy.h:103

MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED

ssl_ciphersuites.h:368

MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH

ssl.h:1181

MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH

Srv: flag for sending a cookie

psa_crypto_pake.c:153

MBEDTLS_SSL_VERSION_TLS1_3

ssl.h:1217

(D)TLS 1.3

MBEDTLS_ECP_MAX_PT_LEN

ecp.h:355

MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT

x509.h:73

MBEDTLS_SSL_IANA_TLS_GROUP_NONE

ssl.h:199

MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256

ssl.h:489

MBEDTLS_TLS1_3_SIG_NONE

ssl.h:511

MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC

ssl.h:534

MBEDTLS_ERR_ENTROPY_MAX_SOURCES

entropy.h:40

MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384

ssl_ciphersuites.h:62

TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

ssl_ciphersuites.h:114

TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256

ssl_ciphersuites.h:144

TLS 1.2

MBEDTLS_NET_PROTO_TCP

net_sockets.h:66

The TCP transport protocol

ESP_MBEDTLS_SHA256_UNUSED

sha256_alt.h:37

MBEDTLS_VERSION_STRING

build_info.h:37

MBEDTLS_VERSION_STRING_FULL

build_info.h:38

PSA_WANT_ALG_SHA_384

config_adjust_psa_superset_legacy.h:57

PSA_WANT_ALG_ECDSA

config_adjust_psa_from_legacy.h:57

PSA_WANT_ALG_DETERMINISTIC_ECDSA

config_adjust_psa_from_legacy.h:63

PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT

config_adjust_psa_from_legacy.h:70

BASIC -> IMPORT+EXPORT (Implementation-specific, may change in the future.)

PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT

config_adjust_psa_from_legacy.h:71

PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE

config_adjust_psa_from_legacy.h:72

MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE

config_adjust_psa_from_legacy.h:80

MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE

config_adjust_psa_from_legacy.h:174

PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT

config_adjust_psa_from_legacy.h:181

PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT

config_adjust_psa_from_legacy.h:182

PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS

config_adjust_psa_from_legacy.h:245

PSA_WANT_ALG_CBC_NO_PADDING

config_adjust_psa_from_legacy.h:264

PSA_WANT_ALG_ECB_NO_PADDING

config_adjust_psa_from_legacy.h:275

MBEDTLS_CCM_GCM_CAN_ARIA

config_adjust_legacy_crypto.h:276

MBEDTLS_SSL_HAVE_ARIA

config_adjust_legacy_crypto.h:443

PSA_TLS12_PRF_STATE_KEY_SET

crypto_builtin_key_derivation.h:59

PSA_TLS12_PRF_STATE_LABEL_SET

crypto_builtin_key_derivation.h:60

PSA_TLS12_PRF_STATE_OUTPUT

crypto_builtin_key_derivation.h:61

ESP_AES_GCM_STATE_INIT

esp_aes_gcm.h:21

ESP_AES_GCM_STATE_UPDATE

esp_aes_gcm.h:23

ori_j0

esp_aes_gcm.h:35

J0 from first iteration.

MBEDTLS_CIPHER_AES_128_CFB128

cipher.h:93

AES cipher with 128-bit CFB128 mode.

MBEDTLS_CIPHER_AES_192_CFB128

cipher.h:94

AES cipher with 192-bit CFB128 mode.

MBEDTLS_CIPHER_AES_256_CFB128

cipher.h:95

AES cipher with 256-bit CFB128 mode.

MBEDTLS_CIPHER_AES_128_CTR

cipher.h:96

AES cipher with 128-bit CTR mode.

MBEDTLS_CIPHER_AES_192_CTR

cipher.h:97

AES cipher with 192-bit CTR mode.

MBEDTLS_CIPHER_AES_256_CTR

cipher.h:98

AES cipher with 256-bit CTR mode.

MBEDTLS_CIPHER_AES_192_GCM

cipher.h:100

AES cipher with 192-bit GCM mode.

MBEDTLS_CIPHER_DES_EDE3_ECB

cipher.h:121

DES cipher with EDE3 ECB mode. \warning 3DES is considered weak.

MBEDTLS_CIPHER_DES_EDE3_CBC

cipher.h:122

DES cipher with EDE3 CBC mode. \warning 3DES is considered weak.

MBEDTLS_CIPHER_AES_192_CCM

cipher.h:124

AES cipher with 192-bit CCM mode.

MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG

cipher.h:126

AES cipher with 128-bit CCM_STAR_NO_TAG mode.

MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG

cipher.h:127

AES cipher with 192-bit CCM_STAR_NO_TAG mode.

MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG

cipher.h:128

AES cipher with 256-bit CCM_STAR_NO_TAG mode.

MBEDTLS_CIPHER_ARIA_128_ECB

cipher.h:135

Aria cipher with 128-bit key and ECB mode.

MBEDTLS_CIPHER_ARIA_192_ECB

cipher.h:136

Aria cipher with 192-bit key and ECB mode.

MBEDTLS_CIPHER_ARIA_256_ECB

cipher.h:137

Aria cipher with 256-bit key and ECB mode.

MBEDTLS_CIPHER_ARIA_192_CBC

cipher.h:139

Aria cipher with 192-bit key and CBC mode.

MBEDTLS_CIPHER_ARIA_128_CFB128

cipher.h:141

Aria cipher with 128-bit key and CFB-128 mode.

MBEDTLS_CIPHER_ARIA_192_CFB128

cipher.h:142

Aria cipher with 192-bit key and CFB-128 mode.

MBEDTLS_CIPHER_ARIA_256_CFB128

cipher.h:143

Aria cipher with 256-bit key and CFB-128 mode.

MBEDTLS_CIPHER_ARIA_128_CTR

cipher.h:144

Aria cipher with 128-bit key and CTR mode.

MBEDTLS_CIPHER_ARIA_192_CTR

cipher.h:145

Aria cipher with 192-bit key and CTR mode.

MBEDTLS_CIPHER_ARIA_256_CTR

cipher.h:146

Aria cipher with 256-bit key and CTR mode.

MBEDTLS_CIPHER_ARIA_192_GCM

cipher.h:148

Aria cipher with 192-bit key and GCM mode.

MBEDTLS_CIPHER_ARIA_128_CCM

cipher.h:150

Aria cipher with 128-bit key and CCM mode.

MBEDTLS_CIPHER_ARIA_192_CCM

cipher.h:151

Aria cipher with 192-bit key and CCM mode.

MBEDTLS_CIPHER_ARIA_256_CCM

cipher.h:152

Aria cipher with 256-bit key and CCM mode.

MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG

cipher.h:153

Aria cipher with 128-bit key and CCM_STAR_NO_TAG mode.

MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG

cipher.h:154

Aria cipher with 192-bit key and CCM_STAR_NO_TAG mode.

MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG

cipher.h:155

Aria cipher with 256-bit key and CCM_STAR_NO_TAG mode.

MBEDTLS_CIPHER_AES_128_OFB

cipher.h:156

AES 128-bit cipher in OFB mode.

MBEDTLS_CIPHER_AES_192_OFB

cipher.h:157

AES 192-bit cipher in OFB mode.

MBEDTLS_CIPHER_AES_256_OFB

cipher.h:158

AES 256-bit cipher in OFB mode.

MBEDTLS_CIPHER_AES_128_XTS

cipher.h:159

AES 128-bit cipher in XTS block mode.

MBEDTLS_CIPHER_AES_256_XTS

cipher.h:160

AES 256-bit cipher in XTS block mode.

None.

The stream cipher mode.

ESP_MBEDTLS_SHA1_UNUSED

sha1_alt.h:38

mbedtls_mpi_gen_prime_flag_t

bignum.h:1043

MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR

bignum.h:1045

lower error rate from 2-80 to 2-128

tls_id

ecp.h:142

The TLS NamedCurve identifier.

The type_id is an OID as defined in RFC 5280. To check the value of the type id, you should use \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. The type id.

PSA_JPAKE_X1_STEP_KEY_SHARE

crypto_extra.h:1800

PSA_JPAKE_X2_STEP_ZK_PROOF

crypto_extra.h:1805

PSA_JPAKE_X4S_STEP_KEY_SHARE

Optional X.509 v3 extension authority key identifier.

MBEDTLS_KEY_EXCHANGE_NONE

ssl_ciphersuites.h:258

unused_bits

asn1.h:153

Number of unused bits at the end of the string

mbedtls_x509_crt_ca_cb_t

x509_crt.h:784

The type of trusted certificate callbacks. Callbacks of this type are passed to and used by the CRT verification routine mbedtls_x509_crt_verify_with_ca_cb() when looking for trusted signers of a given certificate. On success, the callback returns a list of trusted certificates to be considered as potential signers for the input certificate.

MBEDTLS_ECDH_VARIANT_NONE

ecdh.h:72

Implementation not defined.

MBEDTLS_SSL_SERVER_CERTIFICATE

ssl.h:707

MBEDTLS_SSL_SERVER_KEY_EXCHANGE

ssl.h:708

MBEDTLS_SSL_CERTIFICATE_REQUEST

ssl.h:709

MBEDTLS_SSL_CLIENT_CERTIFICATE

ssl.h:711

MBEDTLS_SSL_CLIENT_KEY_EXCHANGE

ssl.h:712

MBEDTLS_SSL_CERTIFICATE_VERIFY

ssl.h:713

MBEDTLS_SSL_FLUSH_BUFFERS

ssl.h:718

MBEDTLS_SSL_NEW_SESSION_TICKET

ssl.h:720

MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT

ssl.h:721

mbedtls_ssl_tls13_application_secrets

ssl.h:1172

MBEDTLS_SSL_TLS_PRF_SHA384

ssl.h:1336

MBEDTLS_SSL_TLS_PRF_SHA256

ssl.h:1337

mbedtls_ssl_hs_cb_t

ssl.h:1394

Callback type: generic handshake callback

other_name

x509.h:295

x509.h:305

ESP_MBEDTLS_SHA512_UNUSED

sha512_alt.h:39

mbedtls_x509_crt_profile_suiteb

x509_crt.c:140

NSA Suite B profile.

mbedtls_ssl_sig_hash_set_t

ssl.h:870

MBEDTLS_LN_2_DIV_LN_10_SCALE100

bignum.h:97

MBEDTLS_MPI_RW_BUFFER_SIZE

The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE.

MBEDTLS_ECP_TLS_NAMED_CURVE

ecp.h:455

The named_curve of ECCurveType.

MBEDTLS_RSA_CRYPT

rsa.h:59

Identifier for RSA encryption and decryption operations.

MBEDTLS_RSA_GEN_KEY_MIN_BITS

rsa.h:77

MBEDTLS_ECDSA_MAX_LEN

ecdsa.h:50

PSA_ERROR_ALREADY_EXISTS

crypto_values.h:104

Asking for an item that already exists Implementations should return this error, when attempting

PSA_ERROR_INSUFFICIENT_DATA

crypto_values.h:280

Return this error when there's insufficient data when attempting

PSA_OPERATION_INCOMPLETE

crypto_values.h:336

The function that returns this status is defined as interruptible and still has work to do, thus the user should call the function again with the same operation context until it either returns #PSA_SUCCESS or any other error. This is not an error per se, more a notification of status.

PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY

crypto_values.h:370

PSA_KEY_TYPE_CATEGORY_FLAG_PAIR

crypto_values.h:373

PSA_KEY_TYPE_IS_UNSTRUCTURED

crypto_values.h:386

Whether a key type is an unstructured array of bytes. This encompasses both symmetric keys and non-key data.

PSA_KEY_TYPE_IS_ASYMMETRIC

crypto_values.h:391

PSA_KEY_TYPE_RAW_DATA

crypto_values.h:431

Raw data. A "key" of this type cannot be used for any cryptographic operation.

PSA_KEY_TYPE_PASSWORD_HASH

crypto_values.h:485

A secret value that can be used to verify a password hash. The key policy determines which key derivation algorithm the key can be used for, among the same permissible subset as for #PSA_KEY_TYPE_PASSWORD.

PSA_KEY_TYPE_DES

crypto_values.h:514

Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES). The size of the key can be 64 bits (single DES), 128 bits (2-key 3DES) or 192 bits (3-key 3DES). Note that single DES and 2-key 3DES are weak and strongly deprecated and should only be used to decrypt legacy data. 3-key 3DES is weak and deprecated and should only be used in legacy protocols.

PSA_KEY_TYPE_ECC_KEY_PAIR_BASE

crypto_values.h:548

PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY

crypto_values.h:582

PSA_KEY_TYPE_DH_GROUP_MASK

crypto_values.h:701

PSA_KEY_TYPE_IS_DH_KEY_PAIR

crypto_values.h:722

PSA_ALG_CATEGORY_CIPHER

crypto_values.h:786

PSA_ALG_CATEGORY_KEY_AGREEMENT

PSA_ALG_MAC_SUBCATEGORY_MASK

crypto_values.h:984

PSA_ALG_HMAC_BASE

crypto_values.h:985

PSA_MAC_TRUNCATION_OFFSET

crypto_values.h:1025

PSA_ALG_TRUNCATED_MAC

crypto_values.h:1068

Macro to build a truncated MAC algorithm. A truncated MAC algorithm is identical to the corresponding MAC algorithm except that the MAC value for the truncated algorithm consists of only the first \p mac_length bytes of the MAC value for the untruncated algorithm.

PSA_ALG_IS_BLOCK_CIPHER_MAC

crypto_values.h:1149

Whether the specified algorithm is a MAC algorithm based on a block cipher.

PSA_ALG_CIPHER_STREAM_FLAG

crypto_values.h:1153

PSA_ALG_IS_STREAM_CIPHER

crypto_values.h:1168

Whether the specified algorithm is a stream cipher. A stream cipher is a symmetric cipher that encrypts or decrypts messages by applying a bitwise-xor with a stream of bytes that is generated from a key.

PSA_AEAD_TAG_LENGTH_OFFSET

crypto_values.h:1299

PSA_ALG_RSA_PSS_ANY_SALT_BASE

crypto_values.h:1423

PSA_ALG_IS_RSA_PSS_ANY_SALT

crypto_values.h:1490

Whether the specified algorithm is RSA PSS with any salt.

PSA_ALG_IS_HASH_AND_SIGN

crypto_values.h:1731

Whether the specified algorithm is a hash-and-sign algorithm. Hash-and-sign algorithms are asymmetric (public-key) signature algorithms structured in two parts: first the calculation of a hash in a way that does not depend on the key, then the calculation of a signature from the hash value and the key. Hash-and-sign algorithms encode the hash used for the hashing step, and you can call #PSA_ALG_SIGN_GET_HASH to extract this algorithm. Thus, for a hash-and-sign algorithm, `psa_sign_message(key, alg, input, ...)` is equivalent to ``` psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), input, ..., hash, ...); psa_sign_hash(key, alg, hash, ..., signature, ...); ``` Most usefully, separating the hash from the signature allows the hash to be calculated in multiple steps with psa_hash_setup(), psa_hash_update() and psa_hash_finish(). Likewise psa_verify_message() is equivalent to calculating the hash and then calling psa_verify_hash().

PSA_ALG_RSA_OAEP_BASE

crypto_values.h:1769

PSA_ALG_FFDH

crypto_values.h:2191

The finite-field Diffie-Hellman (DH) key agreement algorithm. The shared secret produced by key agreement is `g^{ab}` in big-endian format. It is `ceiling(m / 8)` bytes long where `m` is the size of the prime `p` in bits.

PSA_ALG_IS_WILDCARD

crypto_values.h:2265

Whether the specified algorithm encoding is a wildcard. Wildcard values may only be used to set the usage algorithm field in a policy, not to perform an operation.

PSA_ALG_GET_HASH

crypto_values.h:2283

Get the hash used by a composite algorithm.

PSA_KEY_LIFETIME_PERSISTENT

crypto_values.h:2322

The default lifetime for persistent keys. A persistent key remains in storage until it is explicitly destroyed or until the corresponding storage area is wiped. This specification does not define any mechanism to wipe a storage area, but integrations may provide their own mechanism (for example to perform a factory reset, to prepare for device refurbishment, or to uninstall an application). This lifetime value is the default storage area for the calling application. Integrations of Mbed TLS may support other persistent lifetimes. See ::psa_key_lifetime_t for more information.

PSA_KEY_LIFETIME_GET_PERSISTENCE

crypto_values.h:2342

PSA_KEY_LIFETIME_IS_READ_ONLY

crypto_values.h:2385

Whether a key lifetime indicates that the key is read-only. Read-only keys cannot be created or destroyed through the PSA Crypto API. They must be created through platform-specific means that bypass the API. Some platforms may offer ways to destroy read-only keys. For example, consider a platform with multiple levels of privilege, where a low-privilege application can use a key but is not allowed to destroy it, and the platform exposes the key to the application with a read-only lifetime. High-privilege code can destroy the key even though the application sees the key as read-only.

PSA_KEY_DERIVATION_INPUT_PASSWORD

crypto_values.h:2697

A low-entropy secret input for password hashing / key stretching. This is usually a key of type #PSA_KEY_TYPE_PASSWORD (passed to psa_key_derivation_input_key()) or a direct input (passed to psa_key_derivation_input_bytes()) that is a password or passphrase. It can also be high-entropy secret such as a key of type #PSA_KEY_TYPE_DERIVE or the shared secret resulting from a key agreement. The secret can also be a direct input (passed to key_derivation_input_bytes()). In this case, the derivation operation may not be used to derive keys: the operation will only allow psa_key_derivation_output_bytes(), psa_key_derivation_verify_bytes(), or psa_key_derivation_verify_key(), but not psa_key_derivation_output_key().

PSA_KEY_DERIVATION_INPUT_OTHER_SECRET

crypto_values.h:2706

A high-entropy additional secret input for key derivation. This is typically the shared secret resulting from a key agreement obtained via `psa_key_derivation_key_agreement()`. It may alternatively be a key of type `PSA_KEY_TYPE_DERIVE` passed to `psa_key_derivation_input_key()`, or a direct input passed to `psa_key_derivation_input_bytes()`.

PSA_KEY_DERIVATION_INPUT_LABEL

crypto_values.h:2714

A label for key derivation. This should be a direct input. It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.

PSA_KEY_DERIVATION_INPUT_SEED

crypto_values.h:2736

A seed for key derivation. This should be a direct input. It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.

PSA_HASH_BLOCK_LENGTH

crypto_sizes.h:92

The input block size of a hash algorithm, in bytes. Hash algorithms process their input data in blocks. Hash operations will retain any partial blocks until they have enough input to fill the block or until the operation is finished. This affects the output from psa_hash_suspend().

PSA_HMAC_MAX_HASH_BLOCK_SIZE

crypto_sizes.h:126

PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS

crypto_sizes.h:221

PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE

crypto_sizes.h:872

MBEDTLS_CIPHER_VARIABLE_KEY_LEN

cipher.h:53

Cipher accepts keys of variable length.

MBEDTLS_MAX_BLOCK_LENGTH

cipher.h:226

Maximum block size of any cipher, in Bytes.

MBEDTLS_PSA_CIPHER_OPERATION_INIT

crypto_builtin_primitives.h:112

MBEDTLS_PSA_AEAD_OPERATION_INIT

crypto_builtin_composites.h:103

MBEDTLS_PSA_JPAKE_BUFFER_SIZE

crypto_builtin_composites.h:189

PSA_MAC_OPERATION_INIT

MBEDTLS_PSA_KEY_SLOT_COUNT

crypto_extra.h:32

PSA_PAKE_OPERATION_STAGE_SETUP

crypto_extra.h:420

PSA_ALG_IS_PAKE

crypto_extra.h:591

Whether the specified algorithm is a password-authenticated key exchange.

PSA_PAKE_PRIMITIVE_TYPE_ECC

crypto_extra.h:818

The PAKE primitive type indicating the use of elliptic curves. The values of the \c family and \c bits fields of the cipher suite identify a specific elliptic curve, using the same mapping that is used for ECC (::psa_ecc_family_t) keys. (Here \c family means the value returned by psa_pake_cs_get_family() and \c bits means the value returned by psa_pake_cs_get_bits().) Input and output during the operation can involve group elements and scalar values: -# The format for group elements is the same as for public keys on the specific curve would be. For more information, consult the documentation of psa_export_public_key(). -# The format for scalars is the same as for private keys on the specific curve would be. For more information, consult the documentation of psa_export_key().

PSA_PAKE_STEP_ZK_PUBLIC

crypto_extra.h:893

A Schnorr NIZKP public key. This is the ephemeral public key in the Schnorr Non-Interactive Zero-Knowledge Proof (the value denoted by the letter 'V' in RFC 8235). The format for both input and output at this step is the same as for public keys on the group determined by the primitive (::psa_pake_primitive_t) would be. For more information on the format, consult the documentation of psa_export_public_key(). For information regarding how the group is determined, consult the documentation #PSA_PAKE_PRIMITIVE.

PSA_PAKE_STEP_ZK_PROOF

crypto_extra.h:914

A Schnorr NIZKP proof. This is the proof in the Schnorr Non-Interactive Zero-Knowledge Proof (the value denoted by the letter 'r' in RFC 8235). Both for input and output, the value at this step is an integer less than the order of the group selected in the cipher suite. The format depends on the group as well: - For Montgomery curves, the encoding is little endian. - For everything else the encoding is big endian (see Section 2.3.8 of _SEC 1: Elliptic Curve Cryptography_ at https://www.secg.org/sec1-v2.pdf). In both cases leading zeroes are allowed as long as the length in bytes does not exceed the byte length of the group order. For information regarding how the group is determined, consult the documentation #PSA_PAKE_PRIMITIVE.

PSA_JPAKE_EXPECTED_INPUTS

crypto_extra.h:1838

PSA_JPAKE_EXPECTED_OUTPUTS

crypto_extra.h:1840

MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA

ssl_ciphersuites.h:33

MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA

ssl_ciphersuites.h:35

MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA

ssl_ciphersuites.h:36

MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA

ssl_ciphersuites.h:37

MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256

ssl_ciphersuites.h:40

TLS 1.2

MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256

ssl_ciphersuites.h:41

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

ssl_ciphersuites.h:46

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

ssl_ciphersuites.h:47

TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA

ssl_ciphersuites.h:52

MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA

ssl_ciphersuites.h:53

MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA

ssl_ciphersuites.h:58

MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA

ssl_ciphersuites.h:59

MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256

ssl_ciphersuites.h:61

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

ssl_ciphersuites.h:63

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

ssl_ciphersuites.h:64

TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256

ssl_ciphersuites.h:66

TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384

ssl_ciphersuites.h:67

TLS 1.2

MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256

ssl_ciphersuites.h:70

TLS 1.2

MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384

ssl_ciphersuites.h:71

TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256

ssl_ciphersuites.h:73

MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384

ssl_ciphersuites.h:74

MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256

ssl_ciphersuites.h:83

MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384

ssl_ciphersuites.h:84

MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

ssl_ciphersuites.h:95

MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

ssl_ciphersuites.h:96

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

ssl_ciphersuites.h:99

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

ssl_ciphersuites.h:100

MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

ssl_ciphersuites.h:103

MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

ssl_ciphersuites.h:104

MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

ssl_ciphersuites.h:107

MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

ssl_ciphersuites.h:108

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

ssl_ciphersuites.h:110

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

ssl_ciphersuites.h:111

TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

ssl_ciphersuites.h:112

TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

ssl_ciphersuites.h:113

TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

ssl_ciphersuites.h:115

TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256

ssl_ciphersuites.h:116

TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

ssl_ciphersuites.h:117

TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256

ssl_ciphersuites.h:121

TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384

ssl_ciphersuites.h:122

TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

ssl_ciphersuites.h:123

TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

ssl_ciphersuites.h:124

TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256

ssl_ciphersuites.h:125

TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384

ssl_ciphersuites.h:126

TLS 1.2

MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA

ssl_ciphersuites.h:128

MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA

ssl_ciphersuites.h:129

MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256

ssl_ciphersuites.h:130

MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384

ssl_ciphersuites.h:131

MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256

ssl_ciphersuites.h:136

TLS 1.2

MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384

ssl_ciphersuites.h:137

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256

ssl_ciphersuites.h:138

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384

ssl_ciphersuites.h:139

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256

ssl_ciphersuites.h:140

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384

ssl_ciphersuites.h:141

TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256

ssl_ciphersuites.h:142

TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384

ssl_ciphersuites.h:143

TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384

ssl_ciphersuites.h:145

TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256

ssl_ciphersuites.h:146

TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384

ssl_ciphersuites.h:147

TLS 1.2

MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256

ssl_ciphersuites.h:148

TLS 1.2

MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384

ssl_ciphersuites.h:149

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256

ssl_ciphersuites.h:150

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384

ssl_ciphersuites.h:151

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256

ssl_ciphersuites.h:152

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384

ssl_ciphersuites.h:153

TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256

ssl_ciphersuites.h:154

TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384

ssl_ciphersuites.h:155

TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256

ssl_ciphersuites.h:156

TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384

ssl_ciphersuites.h:157

TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256

ssl_ciphersuites.h:158

TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384

ssl_ciphersuites.h:159

TLS 1.2

MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256

ssl_ciphersuites.h:160

TLS 1.2

MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384

ssl_ciphersuites.h:161

TLS 1.2

MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256

ssl_ciphersuites.h:164

TLS 1.2

MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384

ssl_ciphersuites.h:165

TLS 1.2

MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256

ssl_ciphersuites.h:166

TLS 1.2

MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384

ssl_ciphersuites.h:167

TLS 1.2

MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256

ssl_ciphersuites.h:170

TLS 1.2

MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384

ssl_ciphersuites.h:171

TLS 1.2

MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256

ssl_ciphersuites.h:172

TLS 1.2

MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384

ssl_ciphersuites.h:173

TLS 1.2

MBEDTLS_TLS_RSA_WITH_AES_128_CCM

ssl_ciphersuites.h:213

TLS 1.2

MBEDTLS_TLS_RSA_WITH_AES_256_CCM

ssl_ciphersuites.h:214

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM

ssl_ciphersuites.h:215

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM

ssl_ciphersuites.h:216

TLS 1.2

MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8

ssl_ciphersuites.h:217

TLS 1.2

MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8

ssl_ciphersuites.h:218

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8

ssl_ciphersuites.h:219

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8

ssl_ciphersuites.h:220

TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_128_CCM

ssl_ciphersuites.h:221

TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_256_CCM

ssl_ciphersuites.h:222

TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8

ssl_ciphersuites.h:225

TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8

ssl_ciphersuites.h:226

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM

ssl_ciphersuites.h:231

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM

ssl_ciphersuites.h:232

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8

ssl_ciphersuites.h:233

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8

ssl_ciphersuites.h:234

TLS 1.2

MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED

ssl_ciphersuites.h:354

MBEDTLS_ASN1_BOOLEAN

asn1.h:64

\name DER constants These constants comply with the DER encoded ASN.1 type tags. DER encoding uses hexadecimal representation. An example DER sequence is:\n - 0x02 -- tag indicating INTEGER - 0x01 -- length in octets - 0x05 -- value Such sequences are typically read into \c ::mbedtls_x509_buf.

MBEDTLS_ASN1_ENUMERATED

asn1.h:70

MBEDTLS_ASN1_T61_STRING

asn1.h:75

MBEDTLS_ASN1_UTC_TIME

asn1.h:77

MBEDTLS_ASN1_GENERALIZED_TIME

asn1.h:78

MBEDTLS_ASN1_UNIVERSAL_STRING

asn1.h:79

MBEDTLS_ASN1_BMP_STRING

asn1.h:80

MBEDTLS_X509_MAX_INTERMEDIATE_CA

x509.h:37

Maximum number of intermediate CAs in a verification chain. That is, maximum length of the chain, excluding the end-entity certificate and the trusted root certificate. Set this to a low value to prevent an adversary from making you waste resources verifying an overlong certificate chain.

MBEDTLS_X509_BADCRL_EXPIRED

x509.h:96

The CRL is expired.

MBEDTLS_X509_BADCERT_MISSING

x509.h:97

Certificate was missing.

MBEDTLS_X509_BADCERT_SKIP_VERIFY

x509.h:98

Certificate verification was skipped.

MBEDTLS_X509_BADCERT_OTHER

x509.h:99

Other reason (can be used by verify callback)

MBEDTLS_X509_BADCERT_FUTURE

x509.h:100

The certificate validity starts in the future.

MBEDTLS_X509_BADCRL_FUTURE

x509.h:101

The CRL is from the future

MBEDTLS_X509_BADCRL_BAD_MD

x509.h:108

The CRL is signed with an unacceptable hash.

MBEDTLS_X509_BADCRL_BAD_PK

x509.h:109

The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).

MBEDTLS_X509_KU_NON_REPUDIATION

x509.h:142

MBEDTLS_X509_KU_DATA_ENCIPHERMENT

x509.h:144

MBEDTLS_X509_FORMAT_DER

x509.h:195

MBEDTLS_X509_FORMAT_PEM

x509.h:196

MBEDTLS_X509_CRT_VERSION_3

x509_crt.h:137

MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN

x509_crt.h:139

MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE

x509_crt.h:258

Max size of verification chain: end-entity + intermediates + trusted root

MBEDTLS_ERR_SSL_NO_RNG

ssl.h:62

MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED

ssl.h:72

MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND

ssl.h:107

MBEDTLS_ERR_SSL_CLIENT_RECONNECT

ssl.h:142

MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS

ssl.h:152

MBEDTLS_ERR_SSL_UNEXPECTED_CID

ssl.h:164

MBEDTLS_ERR_SSL_VERSION_MISMATCH

ssl.h:166

MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1

ssl.h:208

MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1

ssl.h:209

MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1

ssl.h:210

MBEDTLS_SSL_IANA_TLS_GROUP_X448

ssl.h:212

MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048

ssl.h:214

MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192

ssl.h:218

MBEDTLS_SSL_MAX_FRAG_LEN_INVALID

ssl.h:280

first invalid value

MBEDTLS_SSL_VERIFY_OPTIONAL

ssl.h:297

MBEDTLS_SSL_RENEGOTIATION_DISABLED

ssl.h:304

MBEDTLS_SSL_ANTI_REPLAY_DISABLED

ssl.h:307

MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE

ssl.h:315

MBEDTLS_SSL_SESSION_TICKETS_ENABLED

ssl.h:322

MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED

ssl.h:330

MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO

ssl.h:460

renegotiation info ext

MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384

ssl.h:490

MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY

ssl.h:532

MBEDTLS_SSL_ALERT_MSG_BAD_CERT

ssl.h:540

MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED

ssl.h:547

MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR

ssl.h:549

MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION

ssl.h:556

MBEDTLS_SSL_HS_SERVER_HELLO

ssl.h:566

MBEDTLS_SSL_HS_NEW_SESSION_TICKET

ssl.h:568

MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE

ssl.h:572

MBEDTLS_SSL_HS_CERTIFICATE_REQUEST

ssl.h:573

MBEDTLS_SSL_HS_SERVER_HELLO_DONE

ssl.h:574

MBEDTLS_SSL_HS_CERTIFICATE_VERIFY

ssl.h:575

MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE

ssl.h:576

MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME

ssl.h:584

MBEDTLS_ERR_NET_BIND_FAILED

net_sockets.h:42

MBEDTLS_ERR_NET_RECV_FAILED

net_sockets.h:48

MBEDTLS_ERR_NET_CONN_RESET

net_sockets.h:52

MBEDTLS_ERR_NET_BUFFER_TOO_SMALL

net_sockets.h:56

MBEDTLS_ENTROPY_MAX_GATHER

entropy.h:61

Maximum amount requested from entropy sources

MBEDTLS_CTR_DRBG_ENTROPY_LEN

ctr_drbg.h:111

\def MBEDTLS_CTR_DRBG_ENTROPY_LEN The amount of entropy used per seed by default, in bytes. This is 48 bytes because the entropy module uses SHA-512.

MBEDTLS_CTR_DRBG_RESEED_INTERVAL

ctr_drbg.h:127

The interval before reseed is performed by default.

MBEDTLS_CTR_DRBG_MAX_REQUEST

ctr_drbg.h:137

The maximum number of requested Bytes per call.

s_dummy_crt

esp_crt_bundle.c:57

x509_crt_imported_bundle_bin_start

esp_crt_bundle.c:59

MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER

oid.h:37

MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER

oid.h:38

MBEDTLS_OID_X509_EXT_KEY_USAGE

oid.h:39

MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME

oid.h:42

MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS

oid.h:45

MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE

oid.h:48

MBEDTLS_OID_X509_EXT_NS_CERT_TYPE

oid.h:52

MBEDTLS_OID_ISO_MEMBER_BODIES

oid.h:62

MBEDTLS_OID_ISO_CCITT_DS

oid.h:64

MBEDTLS_OID_OIW_SECSIG_ALG

oid.h:84

MBEDTLS_OID_ISO_ITU_US_ORG

oid.h:100

MBEDTLS_OID_INTERNET

oid.h:119

{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) Private Internet Extensions { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) }

MBEDTLS_OID_PKIX

oid.h:121

MBEDTLS_OID_AT_SERIAL_NUMBER

oid.h:129

id-at-serialNumber AttributeType:= {id-at 5}

MBEDTLS_OID_AT_TITLE

oid.h:135

id-at-title AttributeType:= {id-at 12}

MBEDTLS_OID_AT_POSTAL_ADDRESS

oid.h:136

id-at-postalAddress AttributeType:= {id-at 16}

MBEDTLS_OID_AT_POSTAL_CODE

oid.h:137

id-at-postalCode AttributeType:= {id-at 17}

MBEDTLS_OID_AT_INITIALS

oid.h:139

id-at-initials AttributeType:= {id-at 43}

MBEDTLS_OID_AT_GENERATION_QUALIFIER

oid.h:140

id-at-generationQualifier AttributeType:= {id-at 44}

MBEDTLS_OID_AT_DN_QUALIFIER

oid.h:142

id-at-dnQualifier AttributeType:= {id-at 46}

MBEDTLS_OID_AT_PSEUDONYM

oid.h:143

id-at-pseudonym AttributeType:= {id-at 65}

MBEDTLS_OID_CERTIFICATE_POLICIES

oid.h:154

id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }

MBEDTLS_OID_ANY_POLICY

oid.h:170

anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }

MBEDTLS_OID_ON_HW_MODULE_NAME

oid.h:214

id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 }

MBEDTLS_OID_PKCS5

oid.h:222

pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 }

MBEDTLS_OID_PKCS9

oid.h:224

pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }

MBEDTLS_OID_PKCS7_DATA

oid.h:333

Content type is Data OBJECT IDENTIFIER ::= {pkcs-7 1}

MBEDTLS_OID_PKCS12_PBE

oid.h:348

pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1}

MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD

oid.h:428

MBEDTLS_OID_ANSI_X9_62_SIG

crypto_builtin_key_derivation.h:92

prediction_resistance

The first ECTR for tag.

max_open_internal_key_id

crypto_extra.h:240

Largest key id value among open keys in internal persistent storage.

max_open_external_key_id

crypto_extra.h:242

Largest key id value among open keys in secure elements.

ssl_ciphersuites.h:457

max_tls_version

ssl_ciphersuites.h:458

Callback to customize X.509 certificate chain verification

mbedtls_ssl_tls13_early_secrets

ssl_misc.h:627

mbedtls_ssl_tls13_handshake_secrets

ssl_misc.h:633

sni_ca_crl

ssl_misc.h:831

trusted CAs CRLs from SNI

flag for EtM activation

private key

PEM_BEGIN_PRIVATE_KEY_RSA

pk_internal.h:36

PEM_END_PRIVATE_KEY_RSA

pk_internal.h:37

PEM_BEGIN_PRIVATE_KEY_EC

pk_internal.h:40

PEM_END_PRIVATE_KEY_EC

pk_internal.h:41

PEM_BEGIN_PRIVATE_KEY_PKCS8

pk_internal.h:42

PEM_END_PRIVATE_KEY_PKCS8

pk_internal.h:43

MBEDTLS_GET_UINT16_LE

alignment.h:485

Get the unsigned 16 bits integer corresponding to two bytes in little-endian order (LSB first).

MBEDTLS_GET_UINT64_LE

alignment.h:657

Get the unsigned 64 bits integer corresponding to eight bytes in little-endian order (LSB first).

MBEDTLS_PUT_UINT64_LE

alignment.h:672

Put in memory a 64 bits unsigned integer in little-endian order.

MBEDTLS_HAS_BUILTIN

common.h:371

MBEDTLS_OPTIMIZE_FOR_PERFORMANCE

common.h:407

MBEDTLS_SSL_RETRANS_PREPARING

ssl_misc.h:244

MBEDTLS_SSL_PAYLOAD_OVERHEAD

ssl_misc.h:315

MBEDTLS_SSL_IN_PAYLOAD_LEN

ssl_misc.h:321

MBEDTLS_SSL_OUT_PAYLOAD_LEN

ssl_misc.h:324

MBEDTLS_SSL_HEADER_LEN

ssl_misc.h:388

MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT

ssl_misc.h:488

MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK

ssl_misc.h:489

MBEDTLS_SSL_MAX_IV_LENGTH

ssl_misc.h:603

MBEDTLS_SSL_MAX_KEY_LENGTH

ssl_misc.h:604

MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_BIT

ssl_misc.h:2976

MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_MASK

ssl_misc.h:2979

MBEDTLS_PKCS5_DECRYPT

pkcs5.h:34

MBEDTLS_X25519_KEY_SIZE_BYTES

MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH

constant_time_internal.h:82

small_prime_gaps

bignum.c:2022

MBEDTLS_MPI_IS_SECRET

mbedtls_block_cipher_engine_t

CCM_STATE__LENGTHS_SET

ccm.c:115

CCM_STATE__AUTH_DATA_STARTED

ccm.c:116

supported_init

cipher.c:56

mbedtls_cipher_base_lookup_table

cipher_wrap.c:2428

MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_AES_VIA_LEGACY_OR_USE_PSA

SELF_TEST_OUTPUT_DISCARD_LENGTH

ctr_drbg.c:944

prediction_resistance

hmac_drbg.h:83

MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG

hmac_drbg.h:30

MBEDTLS_HMAC_DRBG_RESEED_INTERVAL

hmac_drbg.h:47

Interval before reseed is performed by default

MBEDTLS_HMAC_DRBG_PR_ON

hmac_drbg.h:65

Prediction resistance enabled

mbedtls_ecp_modulus_type

ECP_CURVE448_KEY_SIZE

MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX

lms.h:32

MBEDTLS_LMS_M_NODE_BYTES_MAX

lms.h:53

MBEDTLS_PKCS12_PBE_DECRYPT

pkcs12.h:34

MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID

pkcs7.h:61

The PKCS #7 date issued/expired dates are invalid

MBEDTLS_GCM_ACC_SMALLTABLE

gcm.c:71

MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET

lmots.h:33

PUBLIC_KEY_KEY_HASH_OFFSET

PUBLIC_KEY_ROOT_NODE_OFFSET

lms.c:60

MERKLE_TREE_INTERNAL_NODE_AM

MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES

pkwrite.h:58

MBEDTLS_PK_MAX_ECC_BYTES

pkwrite.h:79

MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES

psa_se_key_data_storage_t

psa_crypto_se.h:188

The storage representation of a key whose data is in a secure element.

psa_drv_se_export_key_t

crypto_se_driver.h:1042

A function that exports a secure element key in binary format The output of this function can be passed to psa_import_key() to create an equivalent object. If a key is created with `psa_import_key()` and then exported with this function, it is not guaranteed that the resulting data is identical: the implementation may choose a different representation of the same key if the format permits it. This function should generate output in the same format that `psa_export_key()` does. Refer to the documentation of `psa_export_key()` for the format for each key type.

PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS

psa_crypto.c:99

PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS

psa_crypto.c:100

PSA_CRYPTO_SUBSYSTEM_RNG

psa_crypto.c:101

PSA_CRYPTO_SUBSYSTEM_TRANSACTION

psa_crypto.c:102

default_custom_production

psa_crypto.c:6442

psa_interruptible_max_ops

psa_crypto.c:3465

PSA_CRYPTO_LOCAL_INPUT_INIT

psa_crypto_core.h:938

PSA_CRYPTO_LOCAL_OUTPUT_INIT

psa_crypto_core.h:968

MBEDTLS_PSA_RANDOM_MAX_REQUEST

psa_crypto_random_impl.h:57

The prime modulus.

The generator.

MBEDTLS_ERR_DHM_READ_PARAMS_FAILED

dhm.h:64

MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED

dhm.h:68

MBEDTLS_ERR_DHM_CALC_SECRET_FAILED

dhm.h:72

MBEDTLS_ERR_DHM_ALLOC_FAILED

dhm.h:76

MBEDTLS_ERR_DHM_SET_GROUP_FAILED

dhm.h:80

FREE_SLOT_INDEX_NONE

psa_crypto_slot_management.c:157

version

psa_crypto_storage.c:227

lifetime

psa_crypto_storage.c:228

SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_2_FLAG

psa_crypto_storage.c:229

bits

psa_crypto_storage.c:230

data_len

psa_crypto_storage.c:232

key_data

psa_crypto_storage.c:233

RSA_EXPONENT_BLINDING

ssl_ciphersuites.c:1804

MAX_CIPHERSUITES

ssl_ciphersuites.c:1801

MBEDTLS_SSL_TICKET_KEY_NAME_BYTES

ssl_ticket.h:42

key name length in bytes

SSL_SERIALIZED_SESSION_CONFIG_BITFLAG

ssl_tls.c:4152

oid

x509_create.c:29

x509_crt_verify_chain_item

Optional key usage extension value: See the values in x509.h

ns_cert_type

x509_csr.h:50

Optional Netscape certificate type extension value: See the values in x509.h

PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT

config_adjust_psa_from_legacy.h:89

PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT

config_adjust_psa_from_legacy.h:90

PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY

config_adjust_psa_from_legacy.h:92

PSA_WANT_DH_RFC7919_8192

config_adjust_psa_from_legacy.h:98

MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048

config_adjust_psa_from_legacy.h:105

MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072

config_adjust_psa_from_legacy.h:106

MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096

config_adjust_psa_from_legacy.h:107

MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144

config_adjust_psa_from_legacy.h:108

MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192

config_adjust_psa_from_legacy.h:109

mbedtls_test_dhm_params

dhm.c:650

disable_datagram_packing

ssl.h:1839

in_flight_start_seq

ssl_misc.h:900

Minimum message sequence in the flight being received

psa_crypto_pake.c:152

PLATFORM_UTIL_USE_GMTIME

The first ECTR for tag.

mbedtls_internal_sha256_process_c

sha256.c:452

mbedtls_internal_sha512_process_c

sha512.c:588

MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET

ssl.h:87

MBEDTLS_SSL_RENEGOTIATION_ENABLED

ssl.h:305

MBEDTLS_SSL_PRESET_SUITEB

ssl.h:328

MBEDTLS_ALLOW_PRIVATE_ACCESS

common.h:107

Allow library to access its structs' private members. Although structs defined in header files are publicly available, their members are private and should not be accessed by the user.

MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET

ssl.h:1344

MBEDTLS_ERR_X509_UNKNOWN_OID

x509.h:47

MBEDTLS_ERR_NET_SEND_FAILED

net_sockets.h:50

_POSIX_C_SOURCE

platform_util.c:15

MBEDTLS_VERSION_MAJOR

build_info.h:27

The version number x.y.z is split into three parts. Major, Minor, Patchlevel

MBEDTLS_VERSION_MINOR

build_info.h:28

MBEDTLS_VERSION_PATCH

build_info.h:29

MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE

esp_config.h:1345

\def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE Maximum time difference in milliseconds tolerated between the age of a ticket from the server and client point of view. From the client point of view, the age of a ticket is the time difference between the time when the client proposes to the server to use the ticket (time of writing of the Pre-Shared Key Extension including the ticket) and the time the client received the ticket from the server. From the server point of view, the age of a ticket is the time difference between the time when the server receives a proposition from the client to use the ticket and the time when the ticket was created by the server. The server age is expected to be always greater than the client one and MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the maximum difference tolerated for the server to accept the ticket. This is not used in TLS 1.2.

MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS

esp_config.h:1364

\def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS Default number of NewSessionTicket messages to be sent by a TLS 1.3 server after handshake completion. This is not used in TLS 1.2 and relevant only if the MBEDTLS_SSL_SESSION_TICKETS option is enabled.

PSA_WANT_ALG_MD5

config_adjust_psa_superset_legacy.h:37

PSA_WANT_ALG_SHA_1

config_adjust_psa_superset_legacy.h:45

PSA_WANT_ALG_SHA_224

config_adjust_psa_superset_legacy.h:49

PSA_WANT_ALG_CMAC

config_adjust_psa_from_legacy.h:47

MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC

config_adjust_psa_from_legacy.h:77

PSA_WANT_ALG_TLS12_PRF

config_adjust_psa_from_legacy.h:138

PSA_WANT_ALG_TLS12_PSK_TO_MS

config_adjust_psa_from_legacy.h:140

PSA_WANT_ALG_RSA_PKCS1V15_SIGN

config_adjust_psa_from_legacy.h:164

PSA_WANT_ALG_RSA_PSS

config_adjust_psa_from_legacy.h:171

MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES

config_adjust_psa_from_legacy.h:225

MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA

config_adjust_psa_from_legacy.h:230

PSA_WANT_ALG_CBC_PKCS7

config_adjust_psa_from_legacy.h:267

PSA_WANT_ALG_CFB

config_adjust_psa_from_legacy.h:280

PSA_WANT_ALG_CTR

config_adjust_psa_from_legacy.h:285

PSA_WANT_ALG_OFB

config_adjust_psa_from_legacy.h:290

MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY

config_adjust_legacy_crypto.h:233

MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY

config_adjust_legacy_crypto.h:236

MBEDTLS_BLOCK_CIPHER_CAN_AES

config_adjust_legacy_crypto.h:246

MBEDTLS_BLOCK_CIPHER_CAN_ARIA

config_adjust_legacy_crypto.h:250

MBEDTLS_CONFIG_IS_FINALIZED

build_info.h:190

PSA_TLS12_PRF_STATE_INIT

crypto_builtin_key_derivation.h:56

MBEDTLS_CIPHER_ID_NONE

cipher.h:67

Placeholder to mark the end of cipher ID lists.

MBEDTLS_CIPHER_DES_CBC

cipher.h:118

DES cipher with CBC mode. \warning DES is considered weak.

MBEDTLS_CIPHER_DES_EDE_CBC

cipher.h:120

DES cipher with EDE CBC mode. \warning 3DES is considered weak.

MBEDTLS_CIPHER_CHACHA20

cipher.h:161

ChaCha20 stream cipher.

MBEDTLS_CIPHER_CHACHA20_POLY1305

cipher.h:162

ChaCha20-Poly1305 AEAD cipher.

MBEDTLS_PADDING_ONE_AND_ZEROS

cipher.h:192

ISO/IEC 7816-4 padding.

MBEDTLS_PADDING_ZEROS_AND_LEN

cipher.h:193

ANSI X.923 padding.

MBEDTLS_MPI_GEN_PRIME_FLAG_DH

bignum.h:1044

(X-1)/2 is prime too

MBEDTLS_ECP_TYPE_NONE

ecp.h:128

name

ecp.h:144

A human-friendly name.

MBEDTLS_PADDING_ZEROS

cipher.h:194

Zero padding (not reversible).

MBEDTLS_OPERATION_NONE

cipher.h:200

MBEDTLS_KEY_LENGTH_NONE

cipher.h:207

Undefined key length.

MBEDTLS_ECJPAKE_NONE

ecjpake.h:45

Undefined

PSA_JPAKE_X2_STEP_KEY_SHARE

crypto_extra.h:1803

PSA_JPAKE_X2S_STEP_ZK_PROOF

crypto_extra.h:1808

PSA_JPAKE_X4S_STEP_ZK_PROOF

Optional X.509 v2/v3 issuer unique identifier.

subject_id

x509_crt.h:64

Optional X.509 v2/v3 subject unique identifier.

subject_key_id

x509_crt.h:67

Optional X.509 v3 extension subject key identifier.

MDs for signatures

PK algs for public keys; this applies to all certificates in the provided chain.

allowed_curves

x509_crt.h:130

Elliptic curves for ECDSA

rsa_min_bitlen

x509_crt.h:131

Minimum size for RSA keys

MBEDTLS_SSL_TLS_PRF_NONE

ssl.h:1335

entry_ext

x509_crl.h:51

Direct access to the list of CRL entry extensions (an ASN.1 constructed sequence). If there are no extensions, `entry_ext.len == 0` and `entry_ext.p == NULL`.

crl_ext

x509_crl.h:80

mbedtls_x509_crt_profile_next

x509_crt.c:115

Expected next default profile. Recommended for new deployments. Currently targets a 128-bit security level, except for allowing RSA-2048. This profile may change at any time.

mbedtls_x509_crt_profile_none

x509_crt.c:161

Empty profile that allows nothing. Useful as a basis for constructing custom profiles.

MBEDTLS_CHECK_RETURN

platform_util.h:52

MBEDTLS_MPI_MAX_BITS_SCALE100

bignum.h:96

MBEDTLS_ERR_ECP_IN_PROGRESS

ecp.h:51

MBEDTLS_RSA_SIGN

rsa.h:58

Identifier for RSA signature operations.

MBEDTLS_ECDSA_MAX_SIG_LEN

ecdsa.h:44

Maximum ECDSA signature size for a given curve bit size

PSA_ERROR_COMMUNICATION_FAILURE

crypto_values.h:169

There was a communication failure inside the implementation. This can indicate a communication failure between the application and an external cryptoprocessor or between the cryptoprocessor and an external volatile or persistent memory. A communication failure may be transient or permanent depending on the cause. \warning If a function returns this error, it is undetermined whether the requested action has completed or not. Implementations should return #PSA_SUCCESS on successful completion whenever possible, however functions may return #PSA_ERROR_COMMUNICATION_FAILURE if the requested action was completed successfully in an external cryptoprocessor but there was a breakdown of communication before the cryptoprocessor could report the status to the application.

PSA_KEY_TYPE_CATEGORY_RAW

crypto_values.h:368

PSA_KEY_TYPE_CATEGORY_KEY_PAIR

crypto_values.h:371

PSA_ECC_FAMILY_IS_WEIERSTRASS

crypto_values.h:593

PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE

crypto_values.h:699

PSA_KEY_TYPE_DH_KEY_PAIR_BASE

crypto_values.h:700

PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT

crypto_values.h:744

PSA_ALG_CATEGORY_MAC

crypto_values.h:785

PSA_ALG_CATEGORY_AEAD

crypto_values.h:787

PSA_ALG_IS_KEY_DERIVATION

crypto_values.h:888

Whether the specified algorithm is a key derivation algorithm.

PSA_ALG_HMAC

crypto_values.h:997

Macro to build an HMAC algorithm. For example, #PSA_ALG_HMAC(#PSA_ALG_SHA_256) is HMAC-SHA-256.

PSA_ALG_AT_LEAST_THIS_LENGTH_MAC

crypto_values.h:1127

Macro to build a MAC minimum-MAC-length wildcard algorithm. A minimum-MAC-length MAC wildcard algorithm permits all MAC algorithms sharing the same base algorithm, and where the (potentially truncated) MAC length of the specific algorithm is equal to or larger then the wildcard algorithm's minimum MAC length.

PSA_ALG_CIPHER_MAC_BASE

crypto_values.h:1131

PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG

crypto_values.h:1355

Calculate the corresponding AEAD algorithm with the default tag length.

PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG

crypto_values.h:1390

Macro to build an AEAD minimum-tag-length wildcard algorithm. A minimum-tag-length AEAD wildcard algorithm permits all AEAD algorithms sharing the same base algorithm, and where the tag length of the specific algorithm is equal to or larger then the minimum tag length specified by the wildcard algorithm.

PSA_ALG_RSA_PKCS1V15_SIGN

crypto_values.h:1410

RSA PKCS#1 v1.5 signature with hashing. This is the signature scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PKCS1-v1_5.

PSA_ALG_RSA_PKCS1V15_SIGN_RAW

crypto_values.h:1418

Raw PKCS#1 v1.5 signature. The input to this algorithm is the DigestInfo structure used by RFC 8017 (PKCS#1: RSA Cryptography Specifications), §9.2 steps 3–6.

PSA_ALG_RSA_PSS_BASE

crypto_values.h:1422

PSA_ALG_RSA_PSS_ANY_SALT

crypto_values.h:1462

RSA PSS signature with hashing with relaxed verification. This algorithm has the same behavior as #PSA_ALG_RSA_PSS when signing, but allows an arbitrary salt length (including \c 0) when verifying a signature.

PSA_ALG_IS_RSA_PSS_STANDARD_SALT

crypto_values.h:1476

Whether the specified algorithm is RSA PSS with standard salt.

PSA_ALG_ECDSA_BASE

crypto_values.h:1512

PSA_ALG_DETERMINISTIC_ECDSA_BASE

crypto_values.h:1545

PSA_ALG_DETERMINISTIC_ECDSA

crypto_values.h:1568

Deterministic ECDSA signature with hashing. This is the deterministic ECDSA signature scheme defined by RFC 6979. The representation of a signature is the same as with #PSA_ALG_ECDSA(). Note that when this algorithm is used for verification, signatures made with randomized ECDSA (#PSA_ALG_ECDSA(\p hash_alg)) with the same private key are accepted. In other words, #PSA_ALG_DETERMINISTIC_ECDSA(\p hash_alg) differs from #PSA_ALG_ECDSA(\p hash_alg) only for signature, not for verification.

PSA_ALG_ECDSA_IS_DETERMINISTIC

crypto_values.h:1574

PSA_ALG_PURE_EDDSA

crypto_values.h:1609

Edwards-curve digital signature algorithm without prehashing (PureEdDSA), using standard parameters. Contexts are not supported in the current version of this specification because there is no suitable signature interface that can take the context as a parameter. A future version of this specification may add suitable functions and extend this algorithm to support contexts. PureEdDSA requires an elliptic curve key on a twisted Edwards curve. In this specification, the following curves are supported: - #PSA_ECC_FAMILY_TWISTED_EDWARDS, 255-bit: Ed25519 as specified in RFC 8032. The curve is Edwards25519. The hash function used internally is SHA-512. - #PSA_ECC_FAMILY_TWISTED_EDWARDS, 448-bit: Ed448 as specified in RFC 8032. The curve is Edwards448. The hash function used internally is the first 114 bytes of the SHAKE256 output. This algorithm can be used with psa_sign_message() and psa_verify_message(). Since there is no prehashing, it cannot be used with psa_sign_hash() or psa_verify_hash(). The signature format is the concatenation of R and S as defined by RFC 8032 §5.1.6 and §5.2.6 (a 64-byte string for Ed25519, a 114-byte string for Ed448).

PSA_ALG_HASH_EDDSA_BASE

crypto_values.h:1611

PSA_ALG_IS_HASH_EDDSA

crypto_values.h:1612

PSA_ALG_IS_SIGN_MESSAGE

crypto_values.h:1702

Whether the specified algorithm is a signature algorithm that can be used with psa_sign_message() and psa_verify_message().

PSA_ALG_RSA_OAEP

crypto_values.h:1784

RSA OAEP encryption. This is the encryption scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSAES-OAEP, with the message generation function MGF1.

PSA_ALG_RSA_OAEP_GET_HASH

crypto_values.h:1788

PSA_ALG_HKDF_GET_HASH

crypto_values.h:1835

PSA_ALG_TLS12_PRF_BASE

crypto_values.h:1944

PSA_ALG_TLS12_PRF_GET_HASH

crypto_values.h:1984

PSA_ALG_TLS12_PSK_TO_MS_BASE

crypto_values.h:1987

PSA_ALG_KEY_DERIVATION_MASK

crypto_values.h:2137

PSA_ALG_KEY_AGREEMENT_MASK

crypto_values.h:2138

PSA_ALG_IS_ECDH

crypto_values.h:2249

Whether the specified algorithm is an elliptic curve Diffie-Hellman algorithm. This includes the raw elliptic curve Diffie-Hellman algorithm as well as elliptic curve Diffie-Hellman followed by any supporter key derivation algorithm.

PSA_KEY_LIFETIME_VOLATILE

crypto_values.h:2308

The default lifetime for volatile keys. A volatile key only exists as long as the identifier to it is not destroyed. The key material is guaranteed to be erased on a power reset. A key with this lifetime is typically stored in the RAM area of the PSA Crypto subsystem. However this is an implementation choice. If an implementation stores data about the key in a non-volatile memory, it must release all the resources associated with the key and erase the key material if the calling application terminates.

PSA_KEY_PERSISTENCE_VOLATILE

crypto_values.h:2328

The persistence level of volatile keys. See ::psa_key_persistence_t for more information.

PSA_KEY_PERSISTENCE_READ_ONLY

crypto_values.h:2340

A persistence level indicating that a key is never destroyed. See ::psa_key_persistence_t for more information.

PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION

crypto_values.h:2398

Construct a lifetime from a persistence level and a location.

PSA_KEY_USAGE_VERIFY_DERIVATION

crypto_values.h:2653

Whether the key may be used to verify the result of a key derivation, including password hashing. This flag allows the key to be used: This flag allows the key to be used in a key derivation operation, if otherwise permitted by the key's type and policy. If this flag is present on all keys used in calls to psa_key_derivation_input_key() for a key derivation operation, then it permits calling psa_key_derivation_verify_bytes() or psa_key_derivation_verify_key() at the end of the operation.

PSA_KEY_DERIVATION_INPUT_SALT

crypto_values.h:2722

A salt for key derivation. This should be a direct input. It can also be a key of type #PSA_KEY_TYPE_RAW_DATA or #PSA_KEY_TYPE_PEPPER.

PSA_KEY_DERIVATION_INPUT_INFO

crypto_values.h:2729

An information string for key derivation. This should be a direct input. It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.

PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED

crypto_values.h:2779

Maximum value for use with \c psa_interruptible_set_max_ops() to determine the maximum number of ops allowed to be executed by an interruptible function in a single call.

PSA_AEAD_TAG_MAX_SIZE

crypto_sizes.h:197

The maximum tag size for all supported AEAD algorithms, in bytes. See also #PSA_AEAD_TAG_LENGTH(\p key_type, \p key_bits, \p alg).

PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE

crypto_sizes.h:289

This macro returns the maximum supported length of the PSK for the TLS-1.2 PSK-to-MS key derivation (#PSA_ALG_TLS12_PSK_TO_MS(\c hash_alg)). The maximum supported length does not depend on the chosen hash algorithm. Quoting RFC 4279, Sect 5.3: TLS implementations supporting these ciphersuites MUST support arbitrary PSK identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length. Supporting longer identities and keys is RECOMMENDED. Therefore, no implementation should define a value smaller than 64 for #PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE.

PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE

crypto_sizes.h:293

PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE

crypto_sizes.h:305

PSA_AEAD_NONCE_LENGTH

crypto_sizes.h:465

The default nonce size for an AEAD algorithm, in bytes. This macro can be used to allocate a buffer of sufficient size to store the nonce output from #psa_aead_generate_nonce(). See also #PSA_AEAD_NONCE_MAX_SIZE. \warning This macro may evaluate its arguments multiple times or zero times, so you should not pass arguments that contain side effects.

PSA_AEAD_NONCE_MAX_SIZE

crypto_sizes.h:485

The maximum default nonce size among all supported pairs of key types and AEAD algorithms, in bytes. This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH() may return.

PSA_ECDSA_SIGNATURE_SIZE

crypto_sizes.h:618

ECDSA signature size for a given curve bit size

PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE

crypto_sizes.h:821

PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE

crypto_sizes.h:840

PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE

crypto_sizes.h:867

PSA_EXPORT_KEY_OUTPUT_SIZE

crypto_sizes.h:914

Sufficient output buffer size for psa_export_key() or psa_export_public_key(). This macro returns a compile-time constant if its arguments are compile-time constants. \warning This macro may evaluate its arguments multiple times or zero times, so you should not pass arguments that contain side effects. The following code illustrates how to allocate enough memory to export a key by querying the key type and size at runtime.

{c}
 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 psa_status_t status;
 status = psa_get_key_attributes(key, &attributes);
 if (status != PSA_SUCCESS) handle_error(...);
 psa_key_type_t key_type = psa_get_key_type(&attributes);
 size_t key_bits = psa_get_key_bits(&attributes);
 size_t buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
 psa_reset_key_attributes(&attributes);
 uint8_t *buffer = malloc(buffer_size);
 if (buffer == NULL) handle_error(...);
 size_t buffer_length;
 status = psa_export_key(key, buffer, buffer_size, &buffer_length);
 if (status != PSA_SUCCESS) handle_error(...);
 

PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE

crypto_sizes.h:1064

Sufficient output buffer size for psa_raw_key_agreement(). This macro returns a compile-time constant if its arguments are compile-time constants. \warning This macro may evaluate its arguments multiple times or zero times, so you should not pass arguments that contain side effects. See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE.

mbedtls_internal_md5_process

md5_alt.h:27

MBEDTLS_ERR_SHA1_BAD_INPUT_DATA

sha1.h:27

MBEDTLS_PSA_HASH_OPERATION_INIT

crypto_builtin_primitives.h:82

PSA_CIPHER_OPERATION_INIT

crypto_struct.h:119

ERR_ESP_AES_INVALID_INPUT_LENGTH

esp_aes.h:36

Invalid data input length.

MBEDTLS_PSA_MAC_OPERATION_INIT

crypto_builtin_composites.h:70

PSA_AEAD_OPERATION_INIT

crypto_struct.h:190

PSA_KEY_DERIVATION_OPERATION_INIT

crypto_struct.h:217

PSA_CUSTOM_KEY_PARAMETERS_INIT

crypto_struct.h:238

The default production parameters for key generation or key derivation. Calling psa_generate_key_custom() or psa_key_derivation_output_key_custom() with `custom=PSA_CUSTOM_KEY_PARAMETERS_INIT` and `custom_data_length=0` is equivalent to calling psa_generate_key() or psa_key_derivation_output_key() respectively.

PSA_KEY_BITS_TOO_LARGE

crypto_struct.h:287

PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER

crypto_struct.h:321

PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT

crypto_struct.h:473

PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT

crypto_struct.h:511

PSA_KEY_TYPE_DSA_PUBLIC_KEY

crypto_extra.h:337

DSA public key. The import and export format is the representation of the public key `y = g^x mod p` as a big-endian byte string. The length of the byte string is the length of the base prime `p` in bytes.

PSA_KEY_TYPE_DSA_KEY_PAIR

crypto_extra.h:355

DSA key pair (private and public key). The import and export format is the representation of the private key `x` as a big-endian byte string. The length of the byte string is the private key size in bytes (leading zeroes are not stripped). Deterministic DSA key derivation with psa_generate_derived_key follows FIPS 186-4 §B.1.2: interpret the byte string as integer in big-endian order. Discard it if it is not in the range [0, *N* - 2] where *N* is the boundary of the private key domain (the prime *p* for Diffie-Hellman, the subprime *q* for DSA, or the order of the curve's base point for ECC). Add 1 to the resulting integer and use this as the private key *x*.

PSA_ALG_DSA_BASE

crypto_extra.h:361

PSA_ALG_DSA_DETERMINISTIC_FLAG

crypto_extra.h:379

PSA_ALG_IS_DSA

crypto_extra.h:396

PSA_ALG_CATEGORY_PAKE

crypto_extra.h:580

PSA_PAKE_ROLE_NONE

crypto_extra.h:768

A value to indicate no role in a PAKE algorithm. This value can be used in a call to psa_pake_set_role() for symmetric PAKE algorithms which do not assign roles.

PSA_PAKE_INPUT_SIZE

crypto_extra.h:1668

A sufficient input buffer size for psa_pake_input(). The value returned by this macro is guaranteed to be large enough for any valid input to psa_pake_input() in an operation with the specified parameters. See also #PSA_PAKE_INPUT_MAX_SIZE

PSA_PAKE_CIPHER_SUITE_INIT

crypto_extra.h:1706

Returns a suitable initializer for a PAKE cipher suite object of type psa_pake_cipher_suite_t.

PSA_PAKE_OPERATION_INIT

crypto_extra.h:1714

MBEDTLS_TLS_RSA_WITH_NULL_MD5

ssl_ciphersuites.h:27

Weak!

MBEDTLS_TLS_RSA_WITH_NULL_SHA

ssl_ciphersuites.h:28

Weak!

MBEDTLS_TLS_PSK_WITH_NULL_SHA

ssl_ciphersuites.h:30

Weak!

MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA

ssl_ciphersuites.h:31

Weak!

MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA

ssl_ciphersuites.h:32

Weak!

MBEDTLS_TLS_RSA_WITH_NULL_SHA256

ssl_ciphersuites.h:39

Weak!

MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

ssl_ciphersuites.h:43

MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA

ssl_ciphersuites.h:44

MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

ssl_ciphersuites.h:49

MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

ssl_ciphersuites.h:50

MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA

ssl_ciphersuites.h:55

MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA

ssl_ciphersuites.h:56

MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256

ssl_ciphersuites.h:68

TLS 1.2

MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384

ssl_ciphersuites.h:69

TLS 1.2

MBEDTLS_TLS_PSK_WITH_NULL_SHA256

ssl_ciphersuites.h:75

Weak!

MBEDTLS_TLS_PSK_WITH_NULL_SHA384

ssl_ciphersuites.h:76

Weak!

MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256

ssl_ciphersuites.h:78

MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384

ssl_ciphersuites.h:79

MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256

ssl_ciphersuites.h:80

Weak!

MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384

ssl_ciphersuites.h:81

Weak!

MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256

ssl_ciphersuites.h:85

Weak!

MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384

ssl_ciphersuites.h:86

Weak!

MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256

ssl_ciphersuites.h:88

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256

ssl_ciphersuites.h:89

TLS 1.2

MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256

ssl_ciphersuites.h:91

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256

ssl_ciphersuites.h:92

TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA

ssl_ciphersuites.h:94

Weak!

MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA

ssl_ciphersuites.h:98

Weak!

MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA

ssl_ciphersuites.h:102

Weak!

MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA

ssl_ciphersuites.h:106

Weak!

MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA

ssl_ciphersuites.h:132

MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256

ssl_ciphersuites.h:133

MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384

ssl_ciphersuites.h:134

MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256

ssl_ciphersuites.h:162

TLS 1.2

MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384

ssl_ciphersuites.h:163

TLS 1.2

MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256

ssl_ciphersuites.h:168

TLS 1.2

MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384

ssl_ciphersuites.h:169

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256

ssl_ciphersuites.h:175

MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384

ssl_ciphersuites.h:176

MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256

ssl_ciphersuites.h:177

MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384

ssl_ciphersuites.h:178

MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256

ssl_ciphersuites.h:179

MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384

ssl_ciphersuites.h:180

MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256

ssl_ciphersuites.h:181

MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384

ssl_ciphersuites.h:182

MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256

ssl_ciphersuites.h:184

TLS 1.2

MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384

ssl_ciphersuites.h:185

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256

ssl_ciphersuites.h:186

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384

ssl_ciphersuites.h:187

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256

ssl_ciphersuites.h:188

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384

ssl_ciphersuites.h:189

TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256

ssl_ciphersuites.h:190

TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384

ssl_ciphersuites.h:191

TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256

ssl_ciphersuites.h:192

TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384

ssl_ciphersuites.h:193

TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256

ssl_ciphersuites.h:194

TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384

ssl_ciphersuites.h:195

TLS 1.2

MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256

ssl_ciphersuites.h:197

TLS 1.2

MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384

ssl_ciphersuites.h:198

TLS 1.2

MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256

ssl_ciphersuites.h:199

TLS 1.2

MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384

ssl_ciphersuites.h:200

TLS 1.2

MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256

ssl_ciphersuites.h:201

TLS 1.2

MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384

ssl_ciphersuites.h:202

TLS 1.2

MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256

ssl_ciphersuites.h:204

MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384

ssl_ciphersuites.h:205

MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256

ssl_ciphersuites.h:206

MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384

ssl_ciphersuites.h:207

MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256

ssl_ciphersuites.h:208

MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384

ssl_ciphersuites.h:209

MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256

ssl_ciphersuites.h:210

MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384

ssl_ciphersuites.h:211

MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM

ssl_ciphersuites.h:223

TLS 1.2

MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM

ssl_ciphersuites.h:224

TLS 1.2

MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8

ssl_ciphersuites.h:227

TLS 1.2

MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8

ssl_ciphersuites.h:228

TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

ssl_ciphersuites.h:239

TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

ssl_ciphersuites.h:240

TLS 1.2

MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256

ssl_ciphersuites.h:241

TLS 1.2

MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256

ssl_ciphersuites.h:242

TLS 1.2

MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256

ssl_ciphersuites.h:243

TLS 1.2

MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256

ssl_ciphersuites.h:244

TLS 1.2

MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256

ssl_ciphersuites.h:245

TLS 1.2

MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED

ssl_ciphersuites.h:287

MBEDTLS_ASN1_PRIMITIVE

asn1.h:81

MBEDTLS_ASN1_IS_STRING_TAG

asn1.h:87

MBEDTLS_X509_BADCERT_NS_CERT_TYPE

x509.h:104

Usage does not match the nsCertType extension.

MBEDTLS_X509_BADCRL_BAD_KEY

x509.h:110

The CRL is signed with an unacceptable key (eg bad curve, RSA too short).

MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT

x509.h:156

MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER

x509.h:157

MBEDTLS_X509_NS_CERT_TYPE_EMAIL

x509.h:158

MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING

x509.h:159

MBEDTLS_X509_NS_CERT_TYPE_RESERVED

x509.h:160

MBEDTLS_X509_NS_CERT_TYPE_SSL_CA

x509.h:161

MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA

x509.h:162

MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA

x509.h:163

MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER

x509.h:174

MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER

x509.h:175

MBEDTLS_X509_CRT_VERSION_1

x509_crt.h:135

MBEDTLS_X509_MAX_FILE_PATH_LEN

x509_crt.h:143

MBEDTLS_X509_CRT_ERROR_INFO_LIST

x509_crt.h:152

MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS

ssl.h:47

MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA

ssl.h:89

MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA

ssl.h:99

Early data has been received as part of an on-going handshake. This error code can be returned only on server side if and only if early data has been enabled by means of the mbedtls_ssl_conf_early_data() API. This error code can then be returned by mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write() if early data has been received as part of the handshake sequence they triggered. To read the early data, call mbedtls_ssl_read_early_data().

MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA

ssl.h:101

MBEDTLS_ERR_SSL_HW_ACCEL_FAILED

ssl.h:111

MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH

ssl.h:113

MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1

ssl.h:200

MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1

ssl.h:201

MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1

ssl.h:202

MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1

ssl.h:203

MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1

ssl.h:204

MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072

ssl.h:215

MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096

ssl.h:216

MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144

ssl.h:217

MBEDTLS_SSL_MAX_HOST_NAME_LEN

ssl.h:268

Maximum host name defined in RFC 1035

MBEDTLS_SSL_MAX_ALPN_NAME_LEN

ssl.h:269

Maximum size in bytes of a protocol name in alpn ext., RFC 7301

MBEDTLS_SSL_MAX_ALPN_LIST_LEN

ssl.h:271

Maximum size in bytes of list in alpn ext., RFC 7301

MBEDTLS_SSL_MAX_FRAG_LEN_512

ssl.h:276

MaxFragmentLength 2^9

MBEDTLS_SSL_MAX_FRAG_LEN_1024

ssl.h:277

MaxFragmentLength 2^10

MBEDTLS_SSL_MAX_FRAG_LEN_2048

ssl.h:278

MaxFragmentLength 2^11

MBEDTLS_SSL_MAX_FRAG_LEN_4096

ssl.h:279

MaxFragmentLength 2^12

MBEDTLS_SSL_ANTI_REPLAY_ENABLED

ssl.h:308

MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT

ssl.h:311

MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED

ssl.h:336

MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT

ssl.h:339

MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER

ssl.h:340

MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN

ssl.h:353

MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX

ssl.h:354

MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256

ssl.h:484

MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384

ssl.h:485

MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512

ssl.h:486

MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512

ssl.h:491

MBEDTLS_SSL_CERT_TYPE_RSA_SIGN

ssl.h:517

MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN

ssl.h:518

MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED

ssl.h:542

MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED

ssl.h:543

MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN

ssl.h:544

MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA

ssl.h:546

MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME

ssl.h:559

MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY

ssl.h:560

MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL

ssl.h:562

MBEDTLS_TLS_EXT_TRUNCATED_HMAC

ssl.h:588

MBEDTLS_TLS_EXT_STATUS_REQUEST

ssl.h:589

MBEDTLS_TLS_EXT_HEARTBEAT

ssl.h:597

MBEDTLS_TLS_EXT_SCT

ssl.h:600

MBEDTLS_TLS_EXT_CLI_CERT_TYPE

ssl.h:601

MBEDTLS_TLS_EXT_SERV_CERT_TYPE

ssl.h:602

MBEDTLS_TLS_EXT_PADDING

ssl.h:603

MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT

ssl.h:607

MBEDTLS_TLS_EXT_PRE_SHARED_KEY

ssl.h:611

MBEDTLS_TLS_EXT_EARLY_DATA

ssl.h:612

MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS

ssl.h:613

MBEDTLS_TLS_EXT_COOKIE

ssl.h:614

MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES

ssl.h:615

MBEDTLS_TLS_EXT_CERT_AUTH

ssl.h:617

MBEDTLS_TLS_EXT_OID_FILTERS

ssl.h:618

MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH

ssl.h:619

MBEDTLS_TLS_EXT_SIG_ALG_CERT

ssl.h:620

MBEDTLS_TLS_EXT_KEY_SHARE

ssl.h:621

MBEDTLS_PLATFORM_STD_SNPRINTF

platform.h:67

The default \c snprintf function to use.

MBEDTLS_PLATFORM_STD_EXIT_SUCCESS

platform.h:99

The default exit value to use.

MBEDTLS_PLATFORM_STD_EXIT_FAILURE

platform.h:102

The default exit value to use.

MBEDTLS_ERR_NET_CONNECT_FAILED

net_sockets.h:40

MBEDTLS_ERR_NET_LISTEN_FAILED

net_sockets.h:44

MBEDTLS_NET_LISTEN_BACKLOG

net_sockets.h:64

The backlog that listen() should use.

MBEDTLS_ENTROPY_SHA512_ACCUMULATOR

entropy.h:21

MBEDTLS_ENTROPY_SOURCE_MANUAL

entropy.h:67

MBEDTLS_ENTROPY_SOURCE_WEAK

entropy.h:70

Entropy source is weak

mbedtls_aes_crypt_cfb8

aes_alt.h:45

mbedtls_internal_aes_encrypt

aes_alt.h:61

mbedtls_internal_aes_decrypt

aes_alt.h:62

MBEDTLS_CTR_DRBG_PR_ON

ctr_drbg.h:150

Prediction resistance is enabled.

MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN

ctr_drbg.h:164

The default length of the nonce read from the entropy source. This is \c 0 because a single read from the entropy source is sufficient to include a nonce. See the documentation of mbedtls_ctr_drbg_seed() for more information.

x509_crt_imported_bundle_bin_end

esp_crt_bundle.c:60

MBEDTLS_OID_MAX_COMPONENTS

oid.h:57

MBEDTLS_OID_ISO_ITU_COUNTRY

oid.h:65

MBEDTLS_OID_ORG_RSA_DATA_SECURITY

oid.h:71

MBEDTLS_OID_ORG_ANSI_X9_62

MBEDTLS_OID_OIW_SECSIG

oid.h:83

MBEDTLS_OID_OIW_SECSIG_SHA1

oid.h:85

MBEDTLS_OID_ORG_THAWTE

oid.h:86

MBEDTLS_OID_THAWTE

oid.h:87

MBEDTLS_OID_ORG_CERTICOM

oid.h:89

MBEDTLS_OID_ORG_TELETRUST

oid.h:92

MBEDTLS_OID_TELETRUST

oid.h:93

MBEDTLS_OID_ORGANIZATION

MBEDTLS_OID_ORG_NETSCAPE

oid.h:106

MBEDTLS_OID_NETSCAPE

oid.h:107

MBEDTLS_OID_AT_UNIQUE_IDENTIFIER

oid.h:141

id-at-uniqueIdentifier AttributeType:= {id-at 45}

MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE

oid.h:196

anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }

MBEDTLS_OID_CODE_SIGNING

oid.h:201

id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }

MBEDTLS_OID_EMAIL_PROTECTION

oid.h:202

id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }

MBEDTLS_OID_TIME_STAMPING

oid.h:203

id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }

MBEDTLS_OID_OCSP_SIGNING

oid.h:204

id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }

MBEDTLS_OID_WISUN_FAN

oid.h:211

Wi-SUN Alliance Field Area Network { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) }

MBEDTLS_OID_ON

oid.h:213

id-on OBJECT IDENTIFIER ::= { id-pkix 8 }

MBEDTLS_OID_PKCS12

oid.h:225

pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 }

MBEDTLS_OID_PKCS1_RSA

oid.h:230

rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }

MBEDTLS_OID_PKCS1_MD5

oid.h:231

md5WithRSAEncryption ::= { pkcs-1 4 }

MBEDTLS_OID_PKCS1_SHA1

oid.h:232

sha1WithRSAEncryption ::= { pkcs-1 5 }

MBEDTLS_OID_PKCS1_SHA224

oid.h:233

sha224WithRSAEncryption ::= { pkcs-1 14 }

MBEDTLS_OID_PKCS1_SHA256

oid.h:234

sha256WithRSAEncryption ::= { pkcs-1 11 }

MBEDTLS_OID_PKCS1_SHA384

oid.h:235

sha384WithRSAEncryption ::= { pkcs-1 12 }

MBEDTLS_OID_PKCS1_SHA512

oid.h:236

sha512WithRSAEncryption ::= { pkcs-1 13 }

MBEDTLS_OID_RSA_SHA_OBS

oid.h:238

MBEDTLS_OID_RSASSA_PSS

oid.h:243

id-RSASSA-PSS ::= { pkcs-1 10 }

MBEDTLS_OID_MGF1

oid.h:244

id-mgf1 ::= { pkcs-1 8 }

MBEDTLS_OID_DIGEST_ALG_MD5

oid.h:249

id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 }

MBEDTLS_OID_DIGEST_ALG_SHA1

oid.h:250

MBEDTLS_OID_DIGEST_ALG_SHA224

oid.h:252

id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 }

MBEDTLS_OID_DIGEST_ALG_SHA256

oid.h:253

id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 }

MBEDTLS_OID_DIGEST_ALG_SHA384

oid.h:255

id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 }

MBEDTLS_OID_DIGEST_ALG_SHA512

oid.h:257

id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 }

MBEDTLS_OID_HMAC_SHA1

oid.h:270

id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 }

MBEDTLS_OID_HMAC_SHA224

oid.h:272

id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 }

MBEDTLS_OID_HMAC_SHA256

oid.h:274

id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 }

MBEDTLS_OID_HMAC_SHA384

oid.h:276

id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 }

MBEDTLS_OID_HMAC_SHA512

oid.h:278

id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 }

MBEDTLS_OID_DES_CBC

oid.h:295

MBEDTLS_OID_DES_EDE3_CBC

oid.h:297

des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }

MBEDTLS_OID_AES_128_CBC

oid.h:299

MBEDTLS_OID_AES_192_CBC

oid.h:300

MBEDTLS_OID_AES_256_CBC

oid.h:301

MBEDTLS_OID_PKCS5_PBKDF2

oid.h:318

id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}

MBEDTLS_OID_PKCS5_PBES2

oid.h:319

id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}

MBEDTLS_OID_PKCS7_SIGNED_DATA

oid.h:334

Content type is Signed Data OBJECT IDENTIFIER ::= {pkcs-7 2}

MBEDTLS_OID_PKCS7_ENVELOPED_DATA

oid.h:335

Content type is Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 3}

MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA

oid.h:336

Content type is Signed and Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 4}

MBEDTLS_OID_PKCS7_DIGESTED_DATA

oid.h:337

Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 5}

MBEDTLS_OID_PKCS7_ENCRYPTED_DATA

oid.h:338

Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 6}

MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC

oid.h:350

pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3}

MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC

oid.h:351

pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4}

MBEDTLS_OID_EC_ALG_UNRESTRICTED

oid.h:361

MBEDTLS_OID_EC_ALG_ECDH

oid.h:366

MBEDTLS_OID_EC_GRP_SECP192R1

oid.h:374

MBEDTLS_OID_EC_GRP_SECP224R1

oid.h:378

MBEDTLS_OID_EC_GRP_SECP256R1

oid.h:382

MBEDTLS_OID_EC_GRP_SECP384R1

oid.h:386

MBEDTLS_OID_EC_GRP_SECP521R1

oid.h:390

MBEDTLS_OID_EC_GRP_SECP192K1

oid.h:394

MBEDTLS_OID_EC_GRP_SECP224K1

oid.h:398

MBEDTLS_OID_EC_GRP_SECP256K1

oid.h:402

MBEDTLS_OID_EC_GRP_BP256R1

oid.h:413

MBEDTLS_OID_EC_GRP_BP384R1

oid.h:416

MBEDTLS_OID_EC_GRP_BP512R1

oid.h:419

MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE

oid.h:427

MBEDTLS_OID_ECDSA_SHA1

oid.h:438

MBEDTLS_OID_ECDSA_SHA224

oid.h:443

MBEDTLS_OID_ECDSA_SHA256

oid.h:448

MBEDTLS_OID_ECDSA_SHA384

oid.h:453

MBEDTLS_OID_ECDSA_SHA512

oid.h:458

MBEDTLS_OID_X25519

oid.h:464

id-X25519 OBJECT IDENTIFIER ::= { 1 3 101 110 }

Unused.

Unused.

crypto_builtin_composites.h:81

base_idx

cipher.h:305

Index to LUT for base cipher information and functions.

volatile_slots

crypto_extra.h:223

Number of slots containing key material for a volatile key.

persistent_slots

crypto_extra.h:226

Number of slots containing key material for a key which is in internal persistent storage.

external_slots

crypto_extra.h:229

Number of slots containing a reference to a key in a secure element.

empty_slots

crypto_extra.h:236

Number of slots that are not used for anything.

locked_slots

crypto_extra.h:238

Number of slots that are locked.

PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8

ssl_ciphersuites.h:455

f_dbg

ssl.h:1494

Callback for printing debug output

psa_util_internal.h:44

mbedtls_error

psa_util_internal.h:48

psa_to_pk_rsa_errors

psa_util.c:98

PSA_TO_MBEDTLS_ERR_LIST

psa_util_internal.h:94

PEM_BEGIN_PUBLIC_KEY_RSA

pk_internal.h:38

PEM_END_PUBLIC_KEY_RSA

pk_internal.h:39

pk_internal.h:44

PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8

pk_internal.h:45

ARRAY_LENGTH_UNSAFE

common.h:73

\def ARRAY_LENGTH Return the number of elements of a static or stack array.

STATIC_ASSERT_THEN_RETURN

common.h:90

MBEDTLS_UNLIKELY

common.h:379

MBEDTLS_SSL_RENEGOTIATION_DONE

ssl_misc.h:62

MBEDTLS_SSL_EXT_ID_UNRECOGNIZED

ssl_misc.h:71

MBEDTLS_SSL_EXT_ID_SERVERNAME

ssl_misc.h:72

MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH

ssl_misc.h:74

MBEDTLS_SSL_EXT_ID_STATUS_REQUEST

ssl_misc.h:75

MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS

ssl_misc.h:76

MBEDTLS_SSL_EXT_ID_SIG_ALG

ssl_misc.h:78

MBEDTLS_SSL_EXT_ID_USE_SRTP

ssl_misc.h:79

MBEDTLS_SSL_EXT_ID_HEARTBEAT

ssl_misc.h:80

MBEDTLS_SSL_EXT_ID_ALPN

ssl_misc.h:81

MBEDTLS_SSL_EXT_ID_SCT

ssl_misc.h:82

MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE

ssl_misc.h:83

MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE

ssl_misc.h:84

MBEDTLS_SSL_EXT_ID_PADDING

ssl_misc.h:85

MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY

ssl_misc.h:86

MBEDTLS_SSL_EXT_ID_EARLY_DATA

ssl_misc.h:87

MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS

ssl_misc.h:88

MBEDTLS_SSL_EXT_ID_COOKIE

ssl_misc.h:89

MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES

ssl_misc.h:90

MBEDTLS_SSL_EXT_ID_CERT_AUTH

ssl_misc.h:91

MBEDTLS_SSL_EXT_ID_OID_FILTERS

ssl_misc.h:92

MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH

ssl_misc.h:93

MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT

ssl_misc.h:94

MBEDTLS_SSL_EXT_ID_KEY_SHARE

ssl_misc.h:95

MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC

ssl_misc.h:96

MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS

ssl_misc.h:97

MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC

ssl_misc.h:98

MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET

ssl_misc.h:99

MBEDTLS_SSL_EXT_ID_SESSION_TICKET

ssl_misc.h:100

MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT

ssl_misc.h:101

MBEDTLS_SSL_PADDING_ADD

ssl_misc.h:304

MBEDTLS_SSL_MAX_CID_EXPANSION

ssl_misc.h:312

MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG

ssl_misc.h:357

MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG

ssl_misc.h:358

MBEDTLS_SERVER_HELLO_RANDOM_LEN

ssl_misc.h:409

MBEDTLS_PRINTF_ATTRIBUTE

debug.h:89

MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA

pkcs5.h:26

MBEDTLS_PKCS5_ENCRYPT

aes_test_ctr_nonce_counter

aes_test_xts_data_unit

aes.c:1802

MBEDTLS_ARIA_MAX_ROUNDS

aria.h:32

Maximum number of rounds in ARIA.

CEIL_MAXUINT_DIV_SQRT2

Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES)

MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA

cipher_wrap.h:30

MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA

cipher_wrap.h:40

MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA

aes_128_ccm_star_no_tag_info

cipher_wrap.c:738

aes_192_ccm_star_no_tag_info

aes_256_ccm_star_no_tag_info

aria_128_ccm_star_no_tag_info

cipher_wrap.c:1574

aria_192_ccm_star_no_tag_info

aria_256_ccm_star_no_tag_info

aes_128_expected_result

aes_192_expected_result

cmac.c:530

aes_256_subkeys

cmac.c:563

aes_256_expected_result

MBEDTLS_HMAC_DRBG_MAX_REQUEST

hmac_drbg.h:55

Maximum number of requested bytes per call

ecp_x25519_bad_point_1

ecp.c:2957

ecp_x25519_bad_point_2

MBEDTLS_ENTROPY_POLL_H

entropy_poll.h:11

\file entropy_poll.h Platform-specific and custom entropy polling functions

MBEDTLS_ENTROPY_MIN_HARDWARE

entropy_poll.h:26

Minimum for the hardware source

ENTROPY_MAX_LOOP

entropy.c:25

Maximum amount to loop before error

info

pem.h:55

MBEDTLS_PKCS7_SIGNED_DATA

MBEDTLS_ERR_LMS_OUT_OF_PRIVATE_KEYS

lms.h:25

Specified LMS key has utilised all of its private keys

MBEDTLS_ERR_LMS_ALLOC_FAILED

lms.h:27

LMS failed to allocate space for a private key

MBEDTLS_LMS_SIG_LEN

lms.h:55

MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE

pem.h:39

MBEDTLS_PKCS12_DERIVE_KEY

pkcs12.h:30

encryption/decryption key

MBEDTLS_PKCS12_DERIVE_IV

pkcs12.h:31

initialization vector

MBEDTLS_PKCS12_PBE_ENCRYPT

pkcs12.h:35

MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE

pkcs7.h:56

Error parsing the signature

MBEDTLS_PKCS7_SUPPORTED_VERSION

pkcs7.h:68

\name PKCS #7 Supported Version

D_PUBLIC_CONSTANT_BYTES

lmots.c:65

D_MESSAGE_CONSTANT_BYTES

lmots.c:66

MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET

lmots.h:35

W_WINTERNITZ_PARAMETER

lmots.c:56

D_LEAF_CONSTANT_BYTES

lms.c:72

D_INTR_CONSTANT_BYTES

lms.c:73

MERKLE_TREE_LEAF_NODE_AM

Functions above this separator are part of MBEDTLS_MD_LIGHT, * functions below are only available when MBEDTLS_MD_C is set. *

oid_certificate_policies

FN_OID_GET_DESCRIPTOR_ATTR1

oid.c:68

FN_OID_GET_OID_BY_ATTR2

oid.c:130

MBEDTLS_MPI_MAX_SIZE_2

pkwrite.h:56

PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE

PK_MAX_EC_PUBLIC_KEY_SIZE

pkwrite.c:54

PK_MAX_EC_KEY_PAIR_SIZE

pkwrite.c:55

psa_drv_se_cipher_update_t

crypto_se_driver.h:422

A function that continues a previously started secure element cipher operation

psa_drv_se_cipher_finish_t

crypto_se_driver.h:443

A function that completes a previously started secure element cipher operation

psa_drv_se_cipher_abort_t

crypto_se_driver.h:454

A function that aborts a previously started secure element cipher operation

psa_drv_se_cipher_ecb_t

crypto_se_driver.h:479

A function that performs the ECB block mode for secure element cipher operations Note: this function should only be used with implementations that do not provide a needed higher-level operation.

psa_drv_se_asymmetric_sign_t

crypto_se_driver.h:547

A function that signs a hash or short message with a private key in a secure element

psa_drv_se_init_t

crypto_se_driver.h:124

A driver initialization function.

psa_drv_se_mac_setup_t

crypto_se_driver.h:173

A function that starts a secure element MAC operation for a PSA Crypto Driver implementation

psa_drv_se_mac_update_t

crypto_se_driver.h:188

A function that continues a previously started secure element MAC operation

psa_drv_se_mac_finish_t

crypto_se_driver.h:208

a function that completes a previously started secure element MAC operation by returning the resulting MAC.

psa_drv_se_mac_finish_verify_t

crypto_se_driver.h:229

A function that completes a previously started secure element MAC operation by comparing the resulting MAC against a provided value

psa_drv_se_mac_abort_t

crypto_se_driver.h:239

A function that aborts a previous started secure element MAC operation

psa_drv_se_mac_generate_t

crypto_se_driver.h:259

A function that performs a secure element MAC operation in one command and returns the calculated MAC

psa_drv_se_mac_verify_t

crypto_se_driver.h:288

A function that performs a secure element MAC operation in one command and compares the resulting MAC against a provided value

psa_drv_se_cipher_setup_t

crypto_se_driver.h:379

A function that provides the cipher setup function for a secure element driver

psa_drv_se_cipher_set_iv_t

crypto_se_driver.h:400

A function that sets the initialization vector (if necessary) for a secure element cipher operation Rationale: The `psa_se_cipher_*` operation in the PSA Cryptographic API has two IV functions: one to set the IV, and one to generate it internally. The generate function is not necessary for the drivers to implement as the PSA Crypto implementation can do the generation using its RNG features.

psa_drv_se_aead_decrypt_t

crypto_se_driver.h:766

A function that performs a secure element authenticated decryption operation

PSA_KEY_CREATION_IMPORT

crypto_se_driver.h:807

During psa_import_key()

PSA_KEY_CREATION_GENERATE

crypto_se_driver.h:808

During psa_generate_key()

PSA_KEY_CREATION_DERIVE

crypto_se_driver.h:809

During psa_key_derivation_output_key()

PSA_KEY_CREATION_COPY

crypto_se_driver.h:810

During psa_copy_key()

psa_drv_se_allocate_key_t

crypto_se_driver.h:898

A function that allocates a slot for a key. To create a key in a specific slot in a secure element, the core first calls this function to determine a valid slot number, then calls a function to create the key material in that slot. In nominal conditions (that is, if no error occurs), the effect of a call to a key creation function in the PSA Cryptography API with a lifetime that places the key in a secure element is the following: -# The core calls psa_drv_se_key_management_t::p_allocate (or in some implementations psa_drv_se_key_management_t::p_validate_slot_number). The driver selects (or validates) a suitable slot number given the key attributes and the state of the secure element. -# The core calls a key creation function in the driver. The key creation functions in the PSA Cryptography API are: - psa_import_key(), which causes a call to `p_allocate` with \p method = #PSA_KEY_CREATION_IMPORT then a call to psa_drv_se_key_management_t::p_import. - psa_generate_key(), which causes a call to `p_allocate` with \p method = #PSA_KEY_CREATION_GENERATE then a call to psa_drv_se_key_management_t::p_import. - psa_key_derivation_output_key(), which causes a call to `p_allocate` with \p method = #PSA_KEY_CREATION_DERIVE then a call to psa_drv_se_key_derivation_t::p_derive. - psa_copy_key(), which causes a call to `p_allocate` with \p method = #PSA_KEY_CREATION_COPY then a call to psa_drv_se_key_management_t::p_export. In case of errors, other behaviors are possible. - If the PSA Cryptography subsystem dies after the first step, for example because the device has lost power abruptly, the second step may never happen, or may happen after a reset and re-initialization. Alternatively, after a reset and re-initialization, the core may call psa_drv_se_key_management_t::p_destroy on the slot number that was allocated (or validated) instead of calling a key creation function. - If an error occurs, the core may call psa_drv_se_key_management_t::p_destroy on the slot number that was allocated (or validated) instead of calling a key creation function. Errors and system resets also have an impact on the driver's persistent data. If a reset happens before the overall key creation process is completed (before or after the second step above), it is unspecified whether the persistent data after the reset is identical to what it was before or after the call to `p_allocate` (or `p_validate_slot_number`).

psa_drv_se_validate_slot_number_t

crypto_se_driver.h:944

A function that determines whether a slot number is valid for a key. To create a key in a specific slot in a secure element, the core first calls this function to validate the choice of slot number, then calls a function to create the key material in that slot. See the documentation of #psa_drv_se_allocate_key_t for more details. As of the PSA Cryptography API specification version 1.0, there is no way for applications to trigger a call to this function. However some implementations offer the capability to create or declare a key in a specific slot via implementation-specific means, generally for the sake of initial device provisioning or onboarding. Such a mechanism may be added to a future version of the PSA Cryptography API specification. This function may update the driver's persistent data through \p persistent_data. The core will save the updated persistent data at the end of the key creation process. See the description of ::psa_drv_se_allocate_key_t for more information.

psa_drv_se_import_key_t

crypto_se_driver.h:980

A function that imports a key into a secure element in binary format This function can support any output from psa_export_key(). Refer to the documentation of psa_export_key() for the format for each key type.

psa_drv_se_destroy_key_t

crypto_se_driver.h:1006

A function that destroys a secure element key and restore the slot to its default state This function destroys the content of the key from a secure element. Implementations shall make a best effort to ensure that any previous content of the slot is unrecoverable. This function returns the specified slot to its default state.

psa_drv_se_asymmetric_verify_t

crypto_se_driver.h:573

A function that verifies the signature a hash or short message using an asymmetric public key in a secure element

psa_drv_se_asymmetric_encrypt_t

crypto_se_driver.h:611

A function that encrypts a short message with an asymmetric public key in a secure element

psa_drv_se_asymmetric_decrypt_t

crypto_se_driver.h:651

A function that decrypts a short message with an asymmetric private key in a secure element.

psa_drv_se_aead_encrypt_t

crypto_se_driver.h:724

A function that performs a secure element authenticated encryption operation

psa_drv_se_generate_key_t

crypto_se_driver.h:1094

A function that generates a symmetric or asymmetric key on a secure element If the key type \c type recorded in \p attributes is asymmetric (#PSA_KEY_TYPE_IS_ASYMMETRIC(\c type) = 1), the driver may export the public key at the time of generation, in the format documented for psa_export_public_key() by writing it to the \p pubkey buffer. This is optional, intended for secure elements that output the public key at generation time and that cannot export the public key later. Drivers that do not need this feature should leave \p *pubkey_length set to 0 and should implement the psa_drv_key_management_t::p_export_public function. Some implementations do not support this feature, in which case \p pubkey is \c NULL and \p pubkey_size is 0.

psa_drv_se_key_derivation_setup_t

crypto_se_driver.h:1189

A function that Sets up a secure element key derivation operation by specifying the algorithm and the source key sot

psa_drv_se_key_derivation_collateral_t

crypto_se_driver.h:1209

A function that provides collateral (parameters) needed for a secure element key derivation or key agreement operation Since many key derivation algorithms require multiple parameters, it is expected that this function may be called multiple times for the same operation, each with a different algorithm-specific `collateral_id`

psa_drv_se_key_derivation_derive_t

crypto_se_driver.h:1224

A function that performs the final secure element key derivation step and place the generated key material in a slot

psa_drv_se_key_derivation_export_t

crypto_se_driver.h:1238

A function that performs the final step of a secure element key agreement and place the generated key material in a buffer

key_data

psa_crypto_core.h:157

MBEDTLS_TEST_OPAQUE_DRIVER_ID

psa_crypto_driver_wrappers.h:52

MBEDTLS_TEST_TRANSPARENT_DRIVER_ID

psa_crypto_driver_wrappers.h:53

P256_TRANSPARENT_DRIVER_ID

psa_crypto_driver_wrappers.h:54

RNG_INITIALIZED

psa_crypto.c:93

PSA_CRYPTO_SUBSYSTEM_ALL_INITIALISED

psa_crypto.c:110

GUARD_MODULE_INITIALIZED

Our secret value.

Our public key = \c G^X mod \c P.

MBEDTLS_DHM_PARAM_GY

dhm.h:88

The public key of the peer = \c G^Y mod \c P.

MBEDTLS_DHM_PARAM_K

dhm.h:89

The shared secret = \c G^(XY) mod \c P.

MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN

dhm.h:428

RFC 3526, RFC 5114 and RFC 7919 standardize a number of Diffie-Hellman groups, some of which are included here for use within the SSL/TLS module and the user's convenience when configuring the Diffie-Hellman parameters by hand through \c mbedtls_ssl_conf_dh_param. The following lists the source of the above groups in the standards: - RFC 5114 section 2.2: 2048-bit MODP Group with 224-bit Prime Order Subgroup - RFC 3526 section 3: 2048-bit MODP Group - RFC 3526 section 4: 3072-bit MODP Group - RFC 3526 section 5: 4096-bit MODP Group - RFC 7919 section A.1: ffdhe2048 - RFC 7919 section A.2: ffdhe3072 - RFC 7919 section A.3: ffdhe4096 - RFC 7919 section A.4: ffdhe6144 - RFC 7919 section A.5: ffdhe8192 The constants with suffix "_p" denote the chosen prime moduli, while the constants with suffix "_g" denote the chosen generator of the associated prime field. The constants further suffixed with "_bin" are provided in binary format, while all other constants represent null-terminated strings holding the hexadecimal presentation of the respective numbers. The primes from RFC 3526 and RFC 7919 have been generating by the following trust-worthy procedure: - Fix N in { 2048, 3072, 4096, 6144, 8192 } and consider the N-bit number the first and last 64 bits are all 1, and the remaining N - 128 bits of which are 0x7ff...ff. - Add the smallest multiple of the first N - 129 bits of the binary expansion of pi (for RFC 5236) or e (for RFC 7919) to this intermediate bit-string such that the resulting integer is a safe-prime. - The result is the respective RFC 3526 / 7919 prime, and the corresponding generator is always chosen to be 2 (which is a square for these prime, hence the corresponding subgroup has order (p-1)/2 and avoids leaking a bit in the private exponent).

MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN

dhm.h:462

MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN

dhm.h:584

MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN

dhm.h:618

MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN

dhm.h:620

MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN

dhm.h:670

MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN

dhm.h:672

MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN

dhm.h:738

MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN

dhm.h:740

MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN

dhm.h:838

MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN

dhm.h:840

MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN

dhm.h:970

KEY_SLICE_LENGTH_MAX

psa_crypto_slot_management.c:117

magic

psa_crypto_storage.c:226

PSA_ITS_STORAGE_FILENAME_PATTERN

psa_crypto_its.h:38

The flags set when the uid was created *

psa_its_file.c:30

rename_replace_existing

version_features.c:16

MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT

ssl_cache.h:31

1 day

MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES

ssl_cache.h:35

Maximum entries in cache

ciphersuite_preference

ssl_ciphersuites.c:37

MBEDTLS_SSL_COOKIE_TIMEOUT

ssl_cookie.h:32

Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued

COOKIE_MD

ssl_cookie.c:44

MBEDTLS_SSL_TICKET_MAX_KEY_BYTES

ssl_ticket.h:41

Max supported key length in bytes

ssl_preset_default_groups

ssl_tls.c:5603

ssl_preset_suiteb_ciphersuites

ssl_tls.c:5638

ssl_preset_default_sig_algs

ssl_tls.c:5654

ssl_tls12_preset_default_sig_algs

ssl_tls.c:5706

ssl_preset_suiteb_sig_algs

ssl_tls.c:5749

ssl_tls12_preset_suiteb_sig_algs

ssl_tls.c:5770

ssl_preset_suiteb_groups

SSL_SERIALIZED_SESSION_CONFIG_TIME

ssl_tls.c:4074

SSL_SERIALIZED_SESSION_CONFIG_CRT

ssl_tls.c:4080

SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT

ssl_tls.c:4086

SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET

ssl_tls.c:4092

SSL_SERIALIZED_SESSION_CONFIG_MFL

ssl_tls.c:4098

SSL_SERIALIZED_SESSION_CONFIG_ETM

ssl_tls.c:4104

SSL_SERIALIZED_SESSION_CONFIG_TICKET

ssl_tls.c:4110

SSL_SERIALIZED_SESSION_CONFIG_SNI

ssl_tls.c:4116

SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA

ssl_tls.c:4124

SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE

ssl_tls.c:4130

SSL_SERIALIZED_SESSION_CONFIG_ALPN

ssl_tls.c:4137

SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT

ssl_tls.c:4140

SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT

ssl_tls.c:4141

SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT

ssl_tls.c:4142

SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT

ssl_tls.c:4143

SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT

ssl_tls.c:4144

SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT

ssl_tls.c:4145

SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT

ssl_tls.c:4146

SSL_SERIALIZED_SESSION_CONFIG_SNI_BIT

ssl_tls.c:4147

SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA_BIT

ssl_tls.c:4148

SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE_BIT

ssl_tls.c:4149

SSL_SERIALIZED_SESSION_CONFIG_ALPN_BIT

ssl_tls.c:4150

SSL_CERTIFICATE_EXPECTED

x509_crt_verify_strings

PSA_WANT_DH_RFC7919_2048

config_adjust_psa_from_legacy.h:94

PSA_WANT_DH_RFC7919_3072

config_adjust_psa_from_legacy.h:95

PSA_WANT_DH_RFC7919_4096

config_adjust_psa_from_legacy.h:96

PSA_WANT_DH_RFC7919_6144

config_adjust_psa_from_legacy.h:97

mbedtls_test_dhm_params_len

dhm.c:673

PSA_WANT_ALG_SOME_PAKE

config_psa.h:56

MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80

ssl.h:1192

MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32

ssl.h:1193

MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80

ssl.h:1194

MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32

mbedtls_internal_sha256_process_many_c

sha256.c:451

mbedtls_internal_sha512_process_many_c

sha512.c:587

MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET

ssl.h:732

MBEDTLS_SSL_EXPORT_KEYS

esp_config.h:1554

\def MBEDTLS_SSL_EXPORT_KEYS Enable support for exporting key block and master secret. This is required for certain users of TLS, e.g. EAP-TLS. Comment this macro to disable support for key export

MBEDTLS_ERR_THREADING_BAD_INPUT_DATA

threading.h:23

MBEDTLS_ERR_THREADING_MUTEX_ERROR

threading.h:25

_DEFAULT_SOURCE

Hacl_Curve25519_joined.c:28

mbedtls_iso_c_forbids_empty_translation_units

check_config.h:1138

MBEDTLS_SHA256_H

sha256.h:14

\file sha256.h This file contains SHA-224 and SHA-256 definitions and functions. The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS).

MBEDTLS_PRIVATE_ACCESS_H

private_access.h:12

\file private_access.h Macro wrapper for struct's members.

MBEDTLS_BUILD_INFO_H

build_info.h:15

\file mbedtls/build_info.h Build-time configuration info Include this file if you need to depend on the configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE

ESP_CONFIG_H

esp_config.h:26

Default mbedTLS configuration options for ESP-IDF This set of compile-time options may be used to enable or disable features selectively, and reduce the global memory footprint.

MBEDTLS_SSL_FALLBACK_SCSV

esp_config.h:1116

\def MBEDTLS_SSL_FALLBACK_SCSV Enable support for RFC 7507: Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks. For servers, it is recommended to always enable this, unless you support only one version of TLS, or know for sure that none of your clients implements a fallback strategy. For clients, you only need this if you're using a fallback strategy, which is not recommended in the first place, unless you absolutely need it to interoperate with buggy (version-intolerant) servers. Comment this macro to disable support for FALLBACK_SCSV

MBEDTLS_CERTS_C

esp_config.h:1871

\def MBEDTLS_CERTS_C Enable the test certificates. Module: library/certs.c Caller: This module is used for testing (ssl_client/server).

MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE

esp_config.h:2971

Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake signature and ciphersuite selection. Without this build-time option, SHA-1 support must be activated explicitly through mbedtls_ssl_conf_sig_hashes. The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by default. At the time of writing, there is no practical attack on the use of SHA-1 in handshake signatures, hence this option is turned on by default for compatibility with existing peers. \warning SHA-1 is considered a weak message digest and its use constitutes a security risk. If possible, we recommend avoiding dependencies on it, and considering stronger message digests instead.

MBEDTLS_CONFIG_PSA_H

config_psa.h:19

\file mbedtls/config_psa.h PSA crypto configuration options (set of defines) This set of compile-time options takes settings defined in include/mbedtls/mbedtls_config.h and include/psa/crypto_config.h and uses those definitions to define symbols used in the library code. Users and integrators should not edit this file, please edit include/mbedtls/mbedtls_config.h for MBEDTLS_XXX settings or include/psa/crypto_config.h for PSA_WANT_XXX settings.

MBEDTLS_PSA_CRYPTO_LEGACY_H

crypto_legacy.h:20

\file psa/crypto_legacy.h Add temporary suppport for deprecated symbols before they are removed from the library. PSA_WANT_KEY_TYPE_xxx_KEY_PAIR and MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR symbols are deprecated. New symols add a suffix to that base name in order to clearly state what is the expected use for the key (use, import, export, generate, derive). Here we define some backward compatibility support for uses stil using the legacy symbols.

PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H

crypto_adjust_config_synonyms.h:17

\file psa/crypto_adjust_config_synonyms.h Adjust PSA configuration: enable quasi-synonyms This is an internal header. Do not include it directly. When two features require almost the same code, we automatically enable both when either one is requested, to reduce the combinatorics of possible configurations.

PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H

crypto_adjust_config_dependencies.h:19

\file psa/crypto_adjust_config_dependencies.h Adjust PSA configuration by resolving some dependencies. This is an internal header. Do not include it directly. See docs/proposed/psa-conditional-inclusion-c.md. If the Mbed TLS implementation of a cryptographic mechanism A depends on a cryptographic mechanism B then if the cryptographic mechanism A is enabled and not accelerated enable B. Note that if A is enabled and accelerated, it is not necessary to enable B for A support.

MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H

config_adjust_psa_superset_legacy.h:20

\file mbedtls/config_adjust_psa_superset_legacy.h Adjust PSA configuration: automatic enablement from legacy This is an internal header. Do not include it directly. To simplify some edge cases, we automatically enable certain cryptographic mechanisms in the PSA API if they are enabled in the legacy API. The general idea is that if legacy module M uses mechanism A internally, and A has both a legacy and a PSA implementation, we enable A through PSA whenever it's enabled through legacy. This facilitates the transition to PSA implementations of A for users of M.

MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H

config_adjust_psa_from_legacy.h:21

\file mbedtls/config_adjust_psa_from_legacy.h Adjust PSA configuration: construct PSA configuration from legacy This is an internal header. Do not include it directly. When MBEDTLS_PSA_CRYPTO_CONFIG is disabled, we automatically enable cryptographic mechanisms through the PSA interface when the corresponding legacy mechanism is enabled. In many cases, this just enables the PSA wrapper code around the legacy implementation, but we also do this for some mechanisms where PSA has its own independent implementation so that high-level modules that can use either cryptographic API have the same feature set in both cases.

PSA_WANT_ALG_ECDSA_ANY

config_adjust_psa_from_legacy.h:58

PSA_WANT_ALG_HMAC

config_adjust_psa_from_legacy.h:133

PSA_WANT_KEY_TYPE_HMAC

config_adjust_psa_from_legacy.h:134

PSA_WANT_ALG_RSA_PKCS1V15_CRYPT

config_adjust_psa_from_legacy.h:162

PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW

config_adjust_psa_from_legacy.h:165

PSA_WANT_ALG_RSA_OAEP

config_adjust_psa_from_legacy.h:169

MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC

config_adjust_psa_from_legacy.h:177

MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256

config_adjust_psa_from_legacy.h:294

MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384

config_adjust_psa_from_legacy.h:299

MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512

config_adjust_psa_from_legacy.h:304

MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255

config_adjust_psa_from_legacy.h:309

MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192

config_adjust_psa_from_legacy.h:319

MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224

config_adjust_psa_from_legacy.h:324

MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256

config_adjust_psa_from_legacy.h:329

MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384

config_adjust_psa_from_legacy.h:334

MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521

config_adjust_psa_from_legacy.h:339

MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192

config_adjust_psa_from_legacy.h:344

MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256

config_adjust_psa_from_legacy.h:355

PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H

crypto_adjust_config_key_pair_types.h:22

\file psa/crypto_adjust_config_key_pair_types.h Adjust PSA configuration for key pair types. This is an internal header. Do not include it directly. See docs/proposed/psa-conditional-inclusion-c.md. - Support non-basic operations in a keypair type implicitly enables basic support for that keypair type. - Support for a keypair type implicitly enables the corresponding public key type. - Basic support for a keypair type implicilty enables import/export support for that keypair type. Warning: this is implementation-specific (mainly for the benefit of testing) and may change in the future!

PSA_CRYPTO_ADJUST_AUTO_ENABLED_H

crypto_adjust_auto_enabled.h:16

\file psa/crypto_adjust_auto_enabled.h Adjust PSA configuration: enable always-on features This is an internal header. Do not include it directly. Always enable certain features which require a negligible amount of code to implement, to avoid some edge cases in the configuration combinatorics.

PSA_WANT_KEY_TYPE_DERIVE

crypto_adjust_auto_enabled.h:26

PSA_WANT_KEY_TYPE_PASSWORD

crypto_adjust_auto_enabled.h:27

PSA_WANT_KEY_TYPE_PASSWORD_HASH

crypto_adjust_auto_enabled.h:28

PSA_WANT_KEY_TYPE_RAW_DATA

crypto_adjust_auto_enabled.h:29

MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H

config_adjust_legacy_crypto.h:25

\file mbedtls/config_adjust_legacy_crypto.h Adjust legacy configuration configuration This is an internal header. Do not include it directly. Automatically enable certain dependencies. Generally, MBEDTLS_xxx configurations need to be explicitly enabled by the user: enabling MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a compilation error. However, we do automatically enable certain options in some circumstances. One case is if MBEDTLS_xxx_B is an internal option used to identify parts of a module that are used by other module, and we don't want to make the symbol MBEDTLS_xxx_B part of the public API. Another case is if A didn't depend on B in earlier versions, and we want to use B in A but we need to preserve backward compatibility with configurations that explicitly activate MBEDTLS_xxx_A but not MBEDTLS_xxx_B.

MBEDTLS_CONFIG_ADJUST_X509_H

config_adjust_x509.h:25

\file mbedtls/config_adjust_x509.h Adjust X.509 configuration This is an internal header. Do not include it directly. Automatically enable certain dependencies. Generally, MBEDTLS_xxx configurations need to be explicitly enabled by the user: enabling MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a compilation error. However, we do automatically enable certain options in some circumstances. One case is if MBEDTLS_xxx_B is an internal option used to identify parts of a module that are used by other module, and we don't want to make the symbol MBEDTLS_xxx_B part of the public API. Another case is if A didn't depend on B in earlier versions, and we want to use B in A but we need to preserve backward compatibility with configurations that explicitly activate MBEDTLS_xxx_A but not MBEDTLS_xxx_B.

MBEDTLS_CONFIG_ADJUST_SSL_H

config_adjust_ssl.h:25

\file mbedtls/config_adjust_ssl.h Adjust TLS configuration This is an internal header. Do not include it directly. Automatically enable certain dependencies. Generally, MBEDTLS_xxx configurations need to be explicitly enabled by the user: enabling MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a compilation error. However, we do automatically enable certain options in some circumstances. One case is if MBEDTLS_xxx_B is an internal option used to identify parts of a module that are used by other module, and we don't want to make the symbol MBEDTLS_xxx_B part of the public API. Another case is if A didn't depend on B in earlier versions, and we want to use B in A but we need to preserve backward compatibility with configurations that explicitly activate MBEDTLS_xxx_A but not MBEDTLS_xxx_B.

MBEDTLS_CHECK_CONFIG_H

check_config.h:19

\file check_config.h Consistency checks for configuration options This is an internal header. Do not include it directly. This header is included automatically by all public Mbed TLS headers (via mbedtls/build_info.h). Do not include it directly in a configuration file such as mbedtls/mbedtls_config.h or #MBEDTLS_USER_CONFIG_FILE! It would run at the wrong time due to missing derived symbols.

The type of PSA Diffie-Hellman group family identifiers. Values of this type are generally constructed by macros called `PSA_DH_FAMILY_xxx`. The group identifier is required to create a Diffie-Hellman key using the PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY() macros. Values defined by this standard will never be in the range 0x80-0xff. Vendors who define additional families must use an encoding in this range.

MBEDTLS_SHA3_NONE

sha3.h:38

Operation not defined.

SHA3-224

SHA3-256

SHA3-384

SHA3-512

crypto_builtin_primitives.h:55

crypto_driver_contexts_composites.h:115

crypto_driver_contexts_composites.h:124

crypto_driver_contexts_composites.h:132

crypto_driver_contexts_composites.h:137

crypto_driver_contexts_composites.h:142

crypto_driver_contexts_key_derivation.h:33

ESP_AES_GCM_STATE_FINISH

esp_aes_gcm.h:24

crypto_builtin_composites.h:88

MBEDTLS_CIPHER_ID_NULL

cipher.h:68

The identity cipher, treated as a stream cipher.

MBEDTLS_CIPHER_ID_DES

cipher.h:70

The DES cipher. \warning DES is considered weak.

MBEDTLS_CIPHER_ID_3DES

cipher.h:71

The Triple DES cipher. \warning 3DES is considered weak.

MBEDTLS_CIPHER_ID_CAMELLIA

cipher.h:72

The Camellia cipher.

MBEDTLS_CIPHER_ID_CHACHA20

cipher.h:74

The ChaCha20 cipher.

MBEDTLS_CIPHER_NULL

cipher.h:86

The identity stream cipher.

MBEDTLS_CIPHER_CAMELLIA_128_ECB

cipher.h:102

Camellia cipher with 128-bit ECB mode.

MBEDTLS_CIPHER_CAMELLIA_192_ECB

cipher.h:103

Camellia cipher with 192-bit ECB mode.

MBEDTLS_CIPHER_CAMELLIA_256_ECB

cipher.h:104

Camellia cipher with 256-bit ECB mode.

MBEDTLS_CIPHER_CAMELLIA_128_CBC

cipher.h:105

Camellia cipher with 128-bit CBC mode.

MBEDTLS_CIPHER_CAMELLIA_192_CBC

cipher.h:106

Camellia cipher with 192-bit CBC mode.

MBEDTLS_CIPHER_CAMELLIA_256_CBC

cipher.h:107

Camellia cipher with 256-bit CBC mode.

MBEDTLS_CIPHER_CAMELLIA_128_CFB128

cipher.h:108

Camellia cipher with 128-bit CFB128 mode.

MBEDTLS_CIPHER_CAMELLIA_192_CFB128

cipher.h:109

Camellia cipher with 192-bit CFB128 mode.

MBEDTLS_CIPHER_CAMELLIA_256_CFB128

cipher.h:110

Camellia cipher with 256-bit CFB128 mode.

MBEDTLS_CIPHER_CAMELLIA_128_CTR

cipher.h:111

Camellia cipher with 128-bit CTR mode.

MBEDTLS_CIPHER_CAMELLIA_192_CTR

cipher.h:112

Camellia cipher with 192-bit CTR mode.

MBEDTLS_CIPHER_CAMELLIA_256_CTR

cipher.h:113

Camellia cipher with 256-bit CTR mode.

MBEDTLS_CIPHER_CAMELLIA_128_GCM

cipher.h:114

Camellia cipher with 128-bit GCM mode.

MBEDTLS_CIPHER_CAMELLIA_192_GCM

cipher.h:115

Camellia cipher with 192-bit GCM mode.

MBEDTLS_CIPHER_CAMELLIA_256_GCM

cipher.h:116

Camellia cipher with 256-bit GCM mode.

MBEDTLS_CIPHER_DES_ECB

cipher.h:117

DES cipher with ECB mode. \warning DES is considered weak.

MBEDTLS_CIPHER_DES_EDE_ECB

cipher.h:119

DES cipher with EDE ECB mode. \warning 3DES is considered weak.

MBEDTLS_CIPHER_CAMELLIA_128_CCM

cipher.h:129

Camellia cipher with 128-bit CCM mode.

MBEDTLS_CIPHER_CAMELLIA_192_CCM

cipher.h:130

Camellia cipher with 192-bit CCM mode.

MBEDTLS_CIPHER_CAMELLIA_256_CCM

cipher.h:131

Camellia cipher with 256-bit CCM mode.

MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG

cipher.h:132

Camellia cipher with 128-bit CCM_STAR_NO_TAG mode.

MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG

cipher.h:133

Camellia cipher with 192-bit CCM_STAR_NO_TAG mode.

MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG

cipher.h:134

Camellia cipher with 256-bit CCM_STAR_NO_TAG mode.

MBEDTLS_CIPHER_AES_128_KW

cipher.h:163

AES cipher with 128-bit NIST KW mode.

MBEDTLS_CIPHER_AES_192_KW

cipher.h:164

AES cipher with 192-bit NIST KW mode.

MBEDTLS_CIPHER_AES_256_KW

cipher.h:165

AES cipher with 256-bit NIST KW mode.

MBEDTLS_CIPHER_AES_128_KWP

cipher.h:166

AES cipher with 128-bit NIST KWP mode.

MBEDTLS_CIPHER_AES_192_KWP

cipher.h:167

AES cipher with 192-bit NIST KWP mode.

MBEDTLS_CIPHER_AES_256_KWP

cipher.h:168

AES cipher with 256-bit NIST KWP mode.

MBEDTLS_MODE_KW

cipher.h:185

The SP800-38F KW mode

MBEDTLS_MODE_KWP

cipher.h:186

The SP800-38F KWP mode

crypto_driver_contexts_primitives.h:88

crypto_driver_contexts_primitives.h:96

bit_size

ecp.h:143

The curve size in bits.

MBEDTLS_MD_RIPEMD160

md.h:50

The RIPEMD-160 message digest.

MBEDTLS_MD_SHA3_224

md.h:56

The SHA3-224 message digest.

MBEDTLS_MD_SHA3_256

md.h:57

The SHA3-256 message digest.

MBEDTLS_MD_SHA3_384

md.h:58

The SHA3-384 message digest.

MBEDTLS_MD_SHA3_512

md.h:59

The SHA3-512 message digest.

MBEDTLS_MD_ENGINE_LEGACY

md.h:115

MBEDTLS_MD_ENGINE_PSA

md.h:116

MBEDTLS_KEY_LENGTH_DES_EDE

crypto_struct.h:253

MBEDTLS_KEY_LENGTH_DES

cipher.h:209

Key length, in bits (including parity), for DES keys. \warning DES is considered weak.

cipher.h:211

Key length in bits, including parity, for DES in two-key EDE. \warning 3DES is considered weak.

MBEDTLS_KEY_LENGTH_DES_EDE3

cipher.h:213

Key length in bits, including parity, for DES in three-key EDE. \warning 3DES is considered weak.

MBEDTLS_CHACHAPOLY_ENCRYPT

chachapoly.h:39

The mode value for performing encryption.

MBEDTLS_CHACHAPOLY_DECRYPT

chachapoly.h:40

The mode value for performing decryption.