|
@@ -1,6 +1,6 @@
|
|
|
/* user_settings.h
|
|
|
*
|
|
|
- * Copyright (C) 2006-2023 wolfSSL Inc.
|
|
|
+ * Copyright (C) 2006-2024 wolfSSL Inc.
|
|
|
*
|
|
|
* This file is part of wolfSSL.
|
|
|
*
|
|
@@ -19,12 +19,22 @@
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
|
|
*/
|
|
|
|
|
|
-/* This user_settings.h is for Espressif ESP-IDF */
|
|
|
-#include <sdkconfig.h>
|
|
|
+/* This user_settings.h is for Espressif ESP-IDF
|
|
|
+ *
|
|
|
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
|
|
|
+ *
|
|
|
+ * Do not include any wolfssl headers here
|
|
|
+ *
|
|
|
+ * When editing this file:
|
|
|
+ * ensure wolfssl_test and wolfssl_benchmark settings match.
|
|
|
+ */
|
|
|
+
|
|
|
+/* The Espressif project config file. See also sdkconfig.defaults */
|
|
|
+#include "sdkconfig.h"
|
|
|
|
|
|
/* The Espressif sdkconfig will have chipset info.
|
|
|
**
|
|
|
-** Possible values:
|
|
|
+** Some possible values:
|
|
|
**
|
|
|
** CONFIG_IDF_TARGET_ESP32
|
|
|
** CONFIG_IDF_TARGET_ESP32S2
|
|
@@ -36,18 +46,175 @@
|
|
|
#undef WOLFSSL_ESPIDF
|
|
|
#define WOLFSSL_ESPIDF
|
|
|
|
|
|
+/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
|
|
|
+#define NO_ESP_SDK_WIFI
|
|
|
+
|
|
|
+/* Experimental Kyber */
|
|
|
+#if 0
|
|
|
+ /* Kyber typically needs a minimum 10K stack */
|
|
|
+ #define WOLFSSL_EXPERIMENTAL_SETTINGS
|
|
|
+ #define WOLFSSL_HAVE_KYBER
|
|
|
+ #define WOLFSSL_WC_KYBER
|
|
|
+ #define WOLFSSL_SHA3
|
|
|
+#endif
|
|
|
+
|
|
|
/*
|
|
|
- * choose ONE of these Espressif chips to define:
|
|
|
+ * ONE of these Espressif chip families will be detected from sdkconfig:
|
|
|
*
|
|
|
* WOLFSSL_ESP32
|
|
|
- * WOLFSSL_ESPWROOM32SE
|
|
|
* WOLFSSL_ESP8266
|
|
|
*/
|
|
|
#undef WOLFSSL_ESPWROOM32SE
|
|
|
#undef WOLFSSL_ESP8266
|
|
|
#undef WOLFSSL_ESP32
|
|
|
+/* See below for chipset detection from sdkconfig.h */
|
|
|
+
|
|
|
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
|
|
|
+/* #define SINGLE_THREADED */
|
|
|
|
|
|
-#define WOLFSSL_ESP32
|
|
|
+/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
|
|
|
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
|
|
|
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
|
|
|
+ * When really desperate or no TLS used, try NO_SESSION_CACHE. */
|
|
|
+#define NO_SESSION_CACHE
|
|
|
+
|
|
|
+/* Small Stack uses more heap. */
|
|
|
+#define WOLFSSL_SMALL_STACK
|
|
|
+
|
|
|
+/* Full debugging turned off, but show malloc failure detail */
|
|
|
+/* #define DEBUG_WOLFSSL */
|
|
|
+#define DEBUG_WOLFSSL_MALLOC
|
|
|
+
|
|
|
+/* See test.c that sets cert buffers; we'll set them here: */
|
|
|
+#define USE_CERT_BUFFERS_256
|
|
|
+#define USE_CERT_BUFFERS_2048
|
|
|
+
|
|
|
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
|
|
|
+#define RSA_LOW_MEM
|
|
|
+
|
|
|
+/* Uncommon settings for testing only */
|
|
|
+#define TEST_ESPIDF_ALL_WOLFSSL
|
|
|
+#ifdef TEST_ESPIDF_ALL_WOLFSSL
|
|
|
+ #define WOLFSSL_MD2
|
|
|
+ #define HAVE_BLAKE2
|
|
|
+ #define HAVE_BLAKE2B
|
|
|
+ #define HAVE_BLAKE2S
|
|
|
+
|
|
|
+ #define WC_RC2
|
|
|
+ #define WOLFSSL_ALLOW_RC4
|
|
|
+
|
|
|
+ #define HAVE_POLY1305
|
|
|
+
|
|
|
+ #define WOLFSSL_AES_128
|
|
|
+ #define WOLFSSL_AES_OFB
|
|
|
+ #define WOLFSSL_AES_CFB
|
|
|
+ #define WOLFSSL_AES_XTS
|
|
|
+
|
|
|
+ /* #define WC_SRTP_KDF */
|
|
|
+ /* TODO Causes failure with Espressif AES HW Enabled */
|
|
|
+ /* #define HAVE_AES_ECB */
|
|
|
+ /* #define HAVE_AESCCM */
|
|
|
+ /* TODO sanity check when missing HAVE_AES_ECB */
|
|
|
+ #define WOLFSSL_WOLFSSH
|
|
|
+
|
|
|
+ #define HAVE_AESGCM
|
|
|
+ #define WOLFSSL_AES_COUNTER
|
|
|
+
|
|
|
+ #define HAVE_FFDHE
|
|
|
+ #define HAVE_FFDHE_2048
|
|
|
+ #if defined(CONFIG_IDF_TARGET_ESP8266)
|
|
|
+ /* TODO Full size SRP is disabled on the ESP8266 at this time.
|
|
|
+ * Low memory issue? */
|
|
|
+ #define WOLFCRYPT_HAVE_SRP
|
|
|
+ /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
|
|
|
+ #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
|
|
|
+ #elif defined(CONFIG_IDF_TARGET_ESP32) || \
|
|
|
+ defined(CONFIG_IDF_TARGET_ESP32S2) || \
|
|
|
+ defined(CONFIG_IDF_TARGET_ESP32S3)
|
|
|
+ /* TODO: SRP Not enabled, known to fail on this target
|
|
|
+ * See https://github.com/wolfSSL/wolfssl/issues/7210 */
|
|
|
+ #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
|
|
|
+ defined(CONFIG_IDF_TARGET_ESP32H2)
|
|
|
+ /* SRP Known to be working on this target::*/
|
|
|
+ #define WOLFCRYPT_HAVE_SRP
|
|
|
+ #define FP_MAX_BITS (8192 * 2)
|
|
|
+ #else
|
|
|
+ /* For everything else, give a try and see if SRP working: */
|
|
|
+ #define WOLFCRYPT_HAVE_SRP
|
|
|
+ #define FP_MAX_BITS (8192 * 2)
|
|
|
+ #endif
|
|
|
+
|
|
|
+ #define HAVE_DH
|
|
|
+
|
|
|
+ /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
|
|
|
+ * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
|
|
|
+ /* #define HAVE_CAMELLIA */
|
|
|
+
|
|
|
+ /* DSA requires old SHA */
|
|
|
+ #define HAVE_DSA
|
|
|
+
|
|
|
+ /* Needs SHA512 ? */
|
|
|
+ #define HAVE_HPKE
|
|
|
+
|
|
|
+ /* Not for Espressif? */
|
|
|
+ #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
|
|
|
+ defined(CONFIG_IDF_TARGET_ESP8684) || \
|
|
|
+ defined(CONFIG_IDF_TARGET_ESP32H2) || \
|
|
|
+ defined(CONFIG_IDF_TARGET_ESP8266)
|
|
|
+
|
|
|
+ #if defined(CONFIG_IDF_TARGET_ESP8266)
|
|
|
+ #undef HAVE_ECC
|
|
|
+ #undef HAVE_ECC_CDH
|
|
|
+ #undef HAVE_CURVE25519
|
|
|
+
|
|
|
+ /* TODO does CHACHA also need alignment? Failing on ESP8266
|
|
|
+ * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
|
|
|
+ #ifdef HAVE_CHACHA
|
|
|
+ #error "HAVE_CHACHA not supported on ESP8266"
|
|
|
+ #endif
|
|
|
+ #ifdef HAVE_XCHACHA
|
|
|
+ #error "HAVE_XCHACHA not supported on ESP8266"
|
|
|
+ #endif
|
|
|
+ #else
|
|
|
+ #define HAVE_XCHACHA
|
|
|
+ #define HAVE_CHACHA
|
|
|
+ /* TODO Not enabled at this time, needs further testing:
|
|
|
+ * #define WC_SRTP_KDF
|
|
|
+ * #define HAVE_COMP_KEY
|
|
|
+ * #define WOLFSSL_HAVE_XMSS
|
|
|
+ */
|
|
|
+ #endif
|
|
|
+ /* TODO AES-EAX not working on this platform */
|
|
|
+
|
|
|
+ /* Optionally disable DH
|
|
|
+ * #undef HAVE_DH
|
|
|
+ * #undef HAVE_FFDHE
|
|
|
+ */
|
|
|
+
|
|
|
+ /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */
|
|
|
+ #ifndef HAVE_ECC
|
|
|
+ #define ECC_SHAMIR
|
|
|
+ #endif
|
|
|
+ #else
|
|
|
+ #define WOLFSSL_AES_EAX
|
|
|
+
|
|
|
+ #define ECC_SHAMIR
|
|
|
+ #endif
|
|
|
+
|
|
|
+ /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
|
|
|
+ /* #define WOLFSSL_CAAM */
|
|
|
+ /* #define WOLFSSL_CAAM_BLOB */
|
|
|
+
|
|
|
+ #define WOLFSSL_AES_SIV
|
|
|
+ #define WOLFSSL_CMAC
|
|
|
+
|
|
|
+ #define WOLFSSL_CERT_PIV
|
|
|
+
|
|
|
+ /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
|
|
|
+ /* #define HAVE_SCRYPT */
|
|
|
+ #define SCRYPT_TEST_ALL
|
|
|
+ #define HAVE_X963_KDF
|
|
|
+#endif
|
|
|
|
|
|
/* optionally turn off SHA512/224 SHA512/256 */
|
|
|
/* #define WOLFSSL_NOSHA512_224 */
|
|
@@ -61,7 +228,6 @@
|
|
|
/* #define NO_OLD_TLS */
|
|
|
|
|
|
#define BENCH_EMBEDDED
|
|
|
-#define USE_CERT_BUFFERS_2048
|
|
|
|
|
|
/* TLS 1.3 */
|
|
|
#define WOLFSSL_TLS13
|
|
@@ -79,7 +245,9 @@
|
|
|
|
|
|
#define HAVE_AESGCM
|
|
|
|
|
|
-#define WOLFSSL_RIPEMD
|
|
|
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
|
|
|
+/* #define WOLFSSL_RIPEMD */
|
|
|
+
|
|
|
/* when you want to use SHA224 */
|
|
|
#define WOLFSSL_SHA224
|
|
|
|
|
@@ -95,24 +263,34 @@
|
|
|
/* ED25519 requires SHA512 */
|
|
|
#define HAVE_ED25519
|
|
|
|
|
|
-#define HAVE_ECC
|
|
|
-#define HAVE_CURVE25519
|
|
|
-#define CURVE25519_SMALL
|
|
|
+/* Some features not enabled for ESP8266: */
|
|
|
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
|
|
|
+ defined(CONFIG_IDF_TARGET_ESP32C2)
|
|
|
+ /* TODO determine low memory configuration for ECC. */
|
|
|
+#else
|
|
|
+ #define HAVE_ECC
|
|
|
+ #define HAVE_CURVE25519
|
|
|
+ #define CURVE25519_SMALL
|
|
|
+#endif
|
|
|
+
|
|
|
#define HAVE_ED25519
|
|
|
|
|
|
+/* Optional OPENSSL compatibility */
|
|
|
#define OPENSSL_EXTRA
|
|
|
-/* when you want to use pkcs7 */
|
|
|
-/* #define HAVE_PKCS7 */
|
|
|
|
|
|
+/* #Optional HAVE_PKCS7 */
|
|
|
#define HAVE_PKCS7
|
|
|
|
|
|
#if defined(HAVE_PKCS7)
|
|
|
+ /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
|
|
|
+ #define NO_PBKDF2
|
|
|
+
|
|
|
#define HAVE_AES_KEYWRAP
|
|
|
#define HAVE_X963_KDF
|
|
|
#define WOLFSSL_AES_DIRECT
|
|
|
#endif
|
|
|
|
|
|
-/* when you want to use aes counter mode */
|
|
|
+/* when you want to use AES counter mode */
|
|
|
/* #define WOLFSSL_AES_DIRECT */
|
|
|
/* #define WOLFSSL_AES_COUNTER */
|
|
|
|
|
@@ -126,27 +304,11 @@
|
|
|
/* #define CUSTOM_SLOT_ALLOCATION */
|
|
|
#endif
|
|
|
|
|
|
-/* rsa primitive specific definition */
|
|
|
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
|
|
|
- /* Define USE_FAST_MATH and SMALL_STACK */
|
|
|
- #define ESP32_USE_RSA_PRIMITIVE
|
|
|
-
|
|
|
- #if defined(CONFIG_IDF_TARGET_ESP32)
|
|
|
-
|
|
|
- /* NOTE HW unreliable for small values! */
|
|
|
- /* threshold for performance adjustment for HW primitive use */
|
|
|
- /* X bits of G^X mod P greater than */
|
|
|
- #undef ESP_RSA_EXPT_XBITS
|
|
|
- #define ESP_RSA_EXPT_XBITS 32
|
|
|
-
|
|
|
- /* X and Y of X * Y mod P greater than */
|
|
|
- #undef ESP_RSA_MULM_BITS
|
|
|
- #define ESP_RSA_MULM_BITS 16
|
|
|
-
|
|
|
- #endif
|
|
|
-#endif
|
|
|
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
|
|
|
+/* #define WC_NO_CACHE_RESISTANT */
|
|
|
|
|
|
-#define RSA_LOW_MEM
|
|
|
+/* TFM_TIMING_RESISTANT: slower but more secure */
|
|
|
+/* #define TFM_TIMING_RESISTANT */
|
|
|
|
|
|
/* #define WOLFSSL_ATECC508A_DEBUG */
|
|
|
|
|
@@ -158,7 +320,7 @@
|
|
|
|
|
|
|
|
|
/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
|
|
|
-#define ESP_RSA_TIMEOUT_CNT 0x249F00
|
|
|
+#define ESP_RSA_TIMEOUT_CNT 0x349F00
|
|
|
|
|
|
/* hash limit for test.c */
|
|
|
#define HASH_SIZE_LIMIT
|
|
@@ -206,7 +368,7 @@
|
|
|
#undef WOLFSSL_SYS_CA_CERTS
|
|
|
*/
|
|
|
|
|
|
-/*
|
|
|
+/* command-line options
|
|
|
--enable-keygen
|
|
|
--enable-certgen
|
|
|
--enable-certreq
|
|
@@ -214,10 +376,14 @@
|
|
|
--enable-asn-template
|
|
|
*/
|
|
|
|
|
|
-/* Default is HW enabled unless turned off.
|
|
|
-** Uncomment these lines to force SW instead of HW acceleration */
|
|
|
-
|
|
|
+/* Chipset detection from sdkconfig.h
|
|
|
+ * Default is HW enabled unless turned off.
|
|
|
+ * Uncomment lines to force SW instead of HW acceleration */
|
|
|
#if defined(CONFIG_IDF_TARGET_ESP32)
|
|
|
+ #define WOLFSSL_ESP32
|
|
|
+ /* Alternatively, if there's an ECC Secure Element present: */
|
|
|
+ /* #define WOLFSSL_ESPWROOM32SE */
|
|
|
+
|
|
|
/* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
|
|
|
/* #define NO_ESP32_CRYPT */
|
|
|
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
|
|
@@ -235,6 +401,7 @@
|
|
|
/***** END CONFIG_IDF_TARGET_ESP32 *****/
|
|
|
|
|
|
#elif defined(CONFIG_IDF_TARGET_ESP32S2)
|
|
|
+ #define WOLFSSL_ESP32
|
|
|
/* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
|
|
|
/* #define NO_ESP32_CRYPT */
|
|
|
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
|
|
@@ -247,6 +414,7 @@
|
|
|
/***** END CONFIG_IDF_TARGET_ESP32S2 *****/
|
|
|
|
|
|
#elif defined(CONFIG_IDF_TARGET_ESP32S3)
|
|
|
+ #define WOLFSSL_ESP32
|
|
|
/* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
|
|
|
/* #define NO_ESP32_CRYPT */
|
|
|
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
|
|
@@ -260,6 +428,7 @@
|
|
|
|
|
|
#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
|
|
|
defined(CONFIG_IDF_TARGET_ESP8684)
|
|
|
+ #define WOLFSSL_ESP32
|
|
|
/* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
|
|
|
* single QFN 4x4 mm package. Out of released documentation, Technical
|
|
|
* Reference Manual as well as ESP-IDF Programming Guide is applicable
|
|
@@ -285,6 +454,7 @@
|
|
|
/***** END CONFIG_IDF_TARGET_ESP32C2 *****/
|
|
|
|
|
|
#elif defined(CONFIG_IDF_TARGET_ESP32C3)
|
|
|
+ #define WOLFSSL_ESP32
|
|
|
/* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
|
|
|
|
|
|
/* #define NO_ESP32_CRYPT */
|
|
@@ -302,6 +472,7 @@
|
|
|
/***** END CONFIG_IDF_TARGET_ESP32C3 *****/
|
|
|
|
|
|
#elif defined(CONFIG_IDF_TARGET_ESP32C6)
|
|
|
+ #define WOLFSSL_ESP32
|
|
|
/* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
|
|
|
|
|
|
/* #define NO_ESP32_CRYPT */
|
|
@@ -318,6 +489,7 @@
|
|
|
/***** END CONFIG_IDF_TARGET_ESP32C6 *****/
|
|
|
|
|
|
#elif defined(CONFIG_IDF_TARGET_ESP32H2)
|
|
|
+ #define WOLFSSL_ESP32
|
|
|
/* wolfSSL Hardware Acceleration not yet implemented */
|
|
|
#define NO_ESP32_CRYPT
|
|
|
#define NO_WOLFSSL_ESP32_CRYPT_HASH
|
|
@@ -326,7 +498,11 @@
|
|
|
/***** END CONFIG_IDF_TARGET_ESP32H2 *****/
|
|
|
|
|
|
#elif defined(CONFIG_IDF_TARGET_ESP8266)
|
|
|
- /* TODO: Revisit ESP8266 */
|
|
|
+ #define WOLFSSL_ESP8266
|
|
|
+
|
|
|
+ /* There's no hardware encryption on the ESP8266 */
|
|
|
+ /* Consider using the ESP32-C2/C3/C6
|
|
|
+ * See https://www.espressif.com/en/products/socs/esp32-c2 */
|
|
|
#define NO_ESP32_CRYPT
|
|
|
#define NO_WOLFSSL_ESP32_CRYPT_HASH
|
|
|
#define NO_WOLFSSL_ESP32_CRYPT_AES
|
|
@@ -343,13 +519,42 @@
|
|
|
|
|
|
#else
|
|
|
/* Anything else encountered, disable HW accleration */
|
|
|
+ #warning "Unexpected CONFIG_IDF_TARGET_NN value"
|
|
|
#define NO_ESP32_CRYPT
|
|
|
#define NO_WOLFSSL_ESP32_CRYPT_HASH
|
|
|
#define NO_WOLFSSL_ESP32_CRYPT_AES
|
|
|
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
|
|
|
#endif /* CONFIG_IDF_TARGET Check */
|
|
|
|
|
|
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
|
|
|
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
|
|
|
+ /* Consider USE_FAST_MATH and SMALL_STACK */
|
|
|
+
|
|
|
+ #ifndef NO_RSA
|
|
|
+ #define ESP32_USE_RSA_PRIMITIVE
|
|
|
+
|
|
|
+ #if defined(CONFIG_IDF_TARGET_ESP32)
|
|
|
+ #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
|
|
|
+ #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
|
|
|
+ #warning "RSA may be difficult with less than 10KB Stack "/
|
|
|
+ #endif
|
|
|
+ #endif
|
|
|
+
|
|
|
+ /* NOTE HW unreliable for small values! */
|
|
|
+ /* threshold for performance adjustment for HW primitive use */
|
|
|
+ /* X bits of G^X mod P greater than */
|
|
|
+ #undef ESP_RSA_EXPT_XBITS
|
|
|
+ #define ESP_RSA_EXPT_XBITS 32
|
|
|
+
|
|
|
+ /* X and Y of X * Y mod P greater than */
|
|
|
+ #undef ESP_RSA_MULM_BITS
|
|
|
+ #define ESP_RSA_MULM_BITS 16
|
|
|
+ #endif
|
|
|
+ #endif
|
|
|
+#endif
|
|
|
+
|
|
|
/* Debug options:
|
|
|
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
|
|
|
|
|
|
#define ESP_VERIFY_MEMBLOCK
|
|
|
#define DEBUG_WOLFSSL
|
|
@@ -363,6 +568,14 @@
|
|
|
#define WOLFSSL_ESP32_HW_LOCK_DEBUG
|
|
|
#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
|
|
|
#define ESP_DISABLE_HW_TASK_LOCK
|
|
|
+
|
|
|
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
|
|
|
+
|
|
|
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
|
|
|
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
|
|
|
+
|
|
|
+Turn on timer debugging (used when CPU cycles not available)
|
|
|
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
|
|
|
*/
|
|
|
|
|
|
/* Pause in a loop rather than exit. */
|
|
@@ -396,8 +609,9 @@
|
|
|
** [Z = X * Y mod M] in esp_mp_mulmod() */
|
|
|
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
|
|
|
|
|
|
-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
|
|
|
-#define USE_CERT_BUFFERS_2048
|
|
|
+
|
|
|
+/* used by benchmark: */
|
|
|
+#define WOLFSSL_PUBLIC_MP
|
|
|
|
|
|
/* when turning on ECC508 / ECC608 support
|
|
|
#define WOLFSSL_ESPWROOM32SE
|
|
@@ -406,12 +620,75 @@
|
|
|
#define ATCA_WOLFSSL
|
|
|
*/
|
|
|
|
|
|
-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
|
|
|
+/***************************** Certificate Macros *****************************
|
|
|
+ *
|
|
|
+ * The section below defines macros used in typically all of the wolfSSL
|
|
|
+ * examples such as the client and server for certs stored in header files.
|
|
|
+ *
|
|
|
+ * There are various certificate examples in this header file:
|
|
|
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
|
|
|
+ *
|
|
|
+ * To use the sets of macros below, define *one* of these:
|
|
|
+ *
|
|
|
+ * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1
|
|
|
+ * USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1
|
|
|
+ * WOLFSSL_SM[2,3,4] - SM Ciphers
|
|
|
+ *
|
|
|
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
|
|
|
+ * wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
|
|
|
+ *
|
|
|
+ * ret = wolfSSL_CTX_load_verify_buffer(ctx,
|
|
|
+ * CTX_CA_CERT,
|
|
|
+ * CTX_CA_CERT_SIZE,
|
|
|
+ * CTX_CA_CERT_TYPE);
|
|
|
+ *
|
|
|
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
|
|
|
+ *
|
|
|
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
|
|
|
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
|
|
|
+ *
|
|
|
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
|
|
|
+ * array size and cert type respectively.
|
|
|
+ *
|
|
|
+ * Similarly for loading the private client key:
|
|
|
+ *
|
|
|
+ * ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
|
|
|
+ * CTX_CLIENT_KEY,
|
|
|
+ * CTX_CLIENT_KEY_SIZE,
|
|
|
+ * CTX_CLIENT_KEY_TYPE);
|
|
|
+ *
|
|
|
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
|
|
|
+ *
|
|
|
+ * Similarly, the other macros are for server certificates and keys:
|
|
|
+ * `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
|
|
|
+ *
|
|
|
+ * The certificate and key names are typically `static const unsigned char`
|
|
|
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
|
|
|
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
|
|
|
+ *
|
|
|
+ * See `SSL_FILETYPE_[name]` in
|
|
|
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
|
|
|
+ *
|
|
|
+ * See Abstract Syntax Notation One (ASN.1) in:
|
|
|
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
|
|
|
+ *
|
|
|
+ * Optional SM4 Ciphers:
|
|
|
+ *
|
|
|
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
|
|
|
+ * be available. See:
|
|
|
+ * https://github.com/wolfSSL/wolfssl/pull/6825
|
|
|
+ * https://github.com/wolfSSL/wolfsm
|
|
|
+ *
|
|
|
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
|
|
|
+ */
|
|
|
+
|
|
|
+/*
|
|
|
#define WOLFSSL_SM2
|
|
|
#define WOLFSSL_SM3
|
|
|
#define WOLFSSL_SM4
|
|
|
*/
|
|
|
|
|
|
+/* Conditional macros used in wolfSSL TLS client and server examples */
|
|
|
#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
|
|
|
#include <wolfssl/certs_test_sm.h>
|
|
|
#define CTX_CA_CERT root_sm2
|
|
@@ -427,24 +704,49 @@
|
|
|
#undef WOLFSSL_BASE16
|
|
|
#define WOLFSSL_BASE16
|
|
|
#else
|
|
|
- #define USE_CERT_BUFFERS_2048
|
|
|
- #define USE_CERT_BUFFERS_256
|
|
|
- #define CTX_CA_CERT ca_cert_der_2048
|
|
|
- #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
|
|
|
- #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
|
|
|
- #define CTX_SERVER_CERT server_cert_der_2048
|
|
|
- #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
|
|
|
- #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
|
|
|
- #define CTX_SERVER_KEY server_key_der_2048
|
|
|
- #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048
|
|
|
- #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1
|
|
|
-#endif
|
|
|
-
|
|
|
-/* See settings.h for some of the possible hardening options:
|
|
|
- *
|
|
|
- * #define NO_ESPIDF_DEFAULT
|
|
|
- * #define WC_NO_CACHE_RESISTANT
|
|
|
- * #define WC_AES_BITSLICED
|
|
|
- * #define HAVE_AES_ECB
|
|
|
- * #define HAVE_AES_DIRECT
|
|
|
- */
|
|
|
+ #if defined(USE_CERT_BUFFERS_2048)
|
|
|
+ /* Be sure to include in app when using example certs: */
|
|
|
+ /* #include <wolfssl/certs_test.h> */
|
|
|
+ #define CTX_CA_CERT ca_cert_der_2048
|
|
|
+ #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
|
|
|
+ #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
|
|
|
+
|
|
|
+ #define CTX_SERVER_CERT server_cert_der_2048
|
|
|
+ #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
|
|
|
+ #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
|
|
|
+ #define CTX_SERVER_KEY server_key_der_2048
|
|
|
+ #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048
|
|
|
+ #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1
|
|
|
+
|
|
|
+ #define CTX_CLIENT_CERT client_cert_der_2048
|
|
|
+ #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
|
|
|
+ #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
|
|
|
+ #define CTX_CLIENT_KEY client_key_der_2048
|
|
|
+ #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048
|
|
|
+ #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
|
|
|
+
|
|
|
+ #elif defined(USE_CERT_BUFFERS_1024)
|
|
|
+ /* Be sure to include in app when using example certs: */
|
|
|
+ /* #include <wolfssl/certs_test.h> */
|
|
|
+ #define CTX_CA_CERT ca_cert_der_1024
|
|
|
+ #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
|
|
|
+ #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
|
|
|
+
|
|
|
+ #define CTX_CLIENT_CERT client_cert_der_1024
|
|
|
+ #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
|
|
|
+ #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
|
|
|
+ #define CTX_CLIENT_KEY client_key_der_1024
|
|
|
+ #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024
|
|
|
+ #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
|
|
|
+
|
|
|
+ #define CTX_SERVER_CERT server_cert_der_1024
|
|
|
+ #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
|
|
|
+ #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
|
|
|
+ #define CTX_SERVER_KEY server_key_der_1024
|
|
|
+ #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024
|
|
|
+ #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1
|
|
|
+ #else
|
|
|
+ /* Optionally define custom cert arrays, sizes, and types here */
|
|
|
+ #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
|
|
|
+ #endif
|
|
|
+#endif /* Conditional key and cert constant names */
|