Define AVS_COMMONS_WITH_AVS_CRYPTO_PKI_ENGINE

• Defined in File avs_commons_config.h

Define Documentation

AVS_COMMONS_WITH_AVS_CRYPTO_PKI_ENGINE

Enables high-level support for hardware-based PKI security, i.e. loading, generating and managing key pairs and certificates via external engines.

Requires AVS_COMMONS_WITH_AVS_CRYPTO_PKI to be enabled.

An actual implementation is required to use this feature. You may provide your own, or use one of the default ones that come with the HSM engine commercial feature (see AVS_COMMONS_WITH_MBEDTLS_PKCS11_ENGINE, AVS_COMMONS_WITH_MBEDTLS_PSA_ENGINE and AVS_COMMONS_WITH_OPENSSL_PKCS11_ENGINE).

The functions that need to be provided in case of a custom implementation:

• avs_crypto_pki_engine_certificate_rm()

• avs_crypto_pki_engine_certificate_store()

• avs_crypto_pki_engine_key_gen()

• avs_crypto_pki_engine_key_rm()

• avs_crypto_pki_engine_key_store()

• When targeting the Mbed TLS backend:

  • _avs_crypto_mbedtls_engine_initialize_global_state()

  • _avs_crypto_mbedtls_engine_cleanup_global_state()

  • _avs_crypto_mbedtls_engine_append_cert()

  • _avs_crypto_mbedtls_engine_append_crl()

  • _avs_crypto_mbedtls_engine_load_private_key()

• When targeting the OpenSSL backend:

  • _avs_crypto_openssl_engine_initialize_global_state()

  • _avs_crypto_openssl_engine_cleanup_global_state()

  • _avs_crypto_openssl_engine_load_certs()

  • _avs_crypto_openssl_engine_load_crls()

  • _avs_crypto_openssl_engine_load_private_key()

External PKI engines are NOT supported in the TinyDTLS backend.