|
|
@@ -0,0 +1,132 @@
|
|
|
+/* user_settings_wolftpm.h
|
|
|
+ *
|
|
|
+ * Copyright (C) 2006-2023 wolfSSL Inc.
|
|
|
+ *
|
|
|
+ * This file is part of wolfSSL.
|
|
|
+ *
|
|
|
+ * wolfSSL is free software; you can redistribute it and/or modify
|
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
|
+ * the Free Software Foundation; either version 2 of the License, or
|
|
|
+ * (at your option) any later version.
|
|
|
+ *
|
|
|
+ * wolfSSL is distributed in the hope that it will be useful,
|
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
+ * GNU General Public License for more details.
|
|
|
+ *
|
|
|
+ * You should have received a copy of the GNU General Public License
|
|
|
+ * along with this program; if not, write to the Free Software
|
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
|
|
+ */
|
|
|
+
|
|
|
+
|
|
|
+/* should be renamed to user_settings.h for customer use
|
|
|
+ * generated from configure and wolfssl/options.h using:
|
|
|
+ * ./configure --enable-wolftpm --disable-dh --disable-oldtls \
|
|
|
+ * --disable-sha3 --disable-sha512 --disable-sha384 --disable-sha224 \
|
|
|
+ * --disable-pkcs12 --disable-chacha --disable-poly1305 \
|
|
|
+ * --disable-sys-ca-certs --disable-examples
|
|
|
+ *
|
|
|
+ * Cleaned up by David Garske
|
|
|
+ */
|
|
|
+
|
|
|
+
|
|
|
+#ifndef WOLF_USER_SETTINGS_TPM_H
|
|
|
+#define WOLF_USER_SETTINGS_TPM_H
|
|
|
+
|
|
|
+#ifdef __cplusplus
|
|
|
+extern "C" {
|
|
|
+#endif
|
|
|
+
|
|
|
+#if 1
|
|
|
+ /* wolfTPM with TLS example (v1.3 only) */
|
|
|
+ #define WOLFSSL_TLS13
|
|
|
+ #define WOLFSSL_NO_TLS12
|
|
|
+ #define NO_OLD_TLS
|
|
|
+
|
|
|
+ #define HAVE_TLS_EXTENSIONS
|
|
|
+ #define HAVE_SUPPORTED_CURVES
|
|
|
+ #define HAVE_SERVER_RENEGOTIATION_INFO
|
|
|
+ #define HAVE_ENCRYPT_THEN_MAC
|
|
|
+
|
|
|
+ #define HAVE_HKDF
|
|
|
+ #define WC_RSA_PSS
|
|
|
+ #define WOLFSSL_PSS_LONG_SALT
|
|
|
+#else
|
|
|
+ /* wolfCrypt only (no SSL/TLS) */
|
|
|
+ #define WOLFCRYPT_ONLY
|
|
|
+#endif
|
|
|
+
|
|
|
+/* No threading or file system */
|
|
|
+#define SINGLE_THREADED
|
|
|
+/* File system disable */
|
|
|
+#if 0
|
|
|
+ #define NO_FILESYSTEM
|
|
|
+#endif
|
|
|
+
|
|
|
+/* Enable crypto callbacks */
|
|
|
+#define WOLF_CRYPTO_CB
|
|
|
+
|
|
|
+/* Enable PRNG (SHA2-256) */
|
|
|
+#define HAVE_HASHDRBG
|
|
|
+
|
|
|
+/* Enable SP math all (sp_int.c) with multi-precision support */
|
|
|
+#define WOLFSSL_SP_MATH_ALL
|
|
|
+
|
|
|
+/* Enable hardening (timing resistance) */
|
|
|
+#define TFM_TIMING_RESISTANT
|
|
|
+#define ECC_TIMING_RESISTANT
|
|
|
+#define WC_RSA_BLINDING
|
|
|
+
|
|
|
+/* Asymmetric */
|
|
|
+#define HAVE_ECC
|
|
|
+#undef NO_RSA
|
|
|
+#define NO_DH
|
|
|
+#ifndef NO_DH
|
|
|
+ #define HAVE_FFDHE_2048
|
|
|
+ #define HAVE_DH_DEFAULT_PARAMS
|
|
|
+#endif
|
|
|
+
|
|
|
+/* Symmetric Hash */
|
|
|
+#undef NO_SHA
|
|
|
+#undef NO_SHA256
|
|
|
+#define WOLFSSL_SHA512
|
|
|
+#define WOLFSSL_SHA384
|
|
|
+
|
|
|
+/* Symmetric Cipher */
|
|
|
+#define HAVE_AES_KEYWRAP
|
|
|
+#define WOLFSSL_AES_DIRECT
|
|
|
+#define WOLFSSL_AES_CFB
|
|
|
+#define HAVE_AESGCM
|
|
|
+#define GCM_TABLE_4BIT
|
|
|
+
|
|
|
+#if 0
|
|
|
+ #define HAVE_POLY1305
|
|
|
+ #define HAVE_CHACHA
|
|
|
+#endif
|
|
|
+
|
|
|
+/* Features */
|
|
|
+#define WOLFSSL_CERT_GEN
|
|
|
+#define WOLFSSL_CERT_REQ
|
|
|
+#define WOLFSSL_CERT_EXT
|
|
|
+
|
|
|
+#define HAVE_PKCS7
|
|
|
+#define HAVE_X963_KDF
|
|
|
+#define WOLFSSL_BASE64_ENCODE
|
|
|
+
|
|
|
+
|
|
|
+/* Disables */
|
|
|
+#define NO_DSA
|
|
|
+#define NO_DES3
|
|
|
+#define NO_RC4
|
|
|
+#define NO_PSK
|
|
|
+#define NO_MD4
|
|
|
+#define WOLFSSL_NO_SHAKE128
|
|
|
+#define WOLFSSL_NO_SHAKE256
|
|
|
+
|
|
|
+
|
|
|
+#ifdef __cplusplus
|
|
|
+}
|
|
|
+#endif
|
|
|
+
|
|
|
+#endif /* WOLF_USER_SETTINGS_TPM_H */
|
David Garske