/* examples/configs/user_settings_arduino.h * * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ /* This is a sample Arduino user_settings.h for wolfSSL >> Edit with caution. This is the file copied to wolfSSL Arduino library. >> at publish time. (lines with ">>" are removed) */ /* Define a macro to display user settings version in example code: */ #define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.6.7" /* Due to limited build control, we'll ignore file warnings. */ /* See https://github.com/arduino/arduino-cli/issues/631 */ #undef WOLFSSL_IGNORE_FILE_WARN #define WOLFSSL_IGNORE_FILE_WARN #define NO_FILESYSTEM #define USE_CERT_BUFFERS_2048 /* Make sure this is not an ESP-IDF file */ #undef WOLFSSL_ESPIDF #define HAVE_ECC #define WOLFSSL_SMALL_STACK /* #define WOLFSSL_SMALL_STACK_EXTRA */ /* #define WOLFSSL_SMALL_STACK_CIPHERS */ /* #define NO_DH */ #define MICRO_SESSION_CACHE /* RSA must be enabled for examples, but can be disabled like this: */ /* #define NO_RSA */ #define RSA_LOW_MEM #define NO_OLD_TLS /* TLS 1.3 */ /* #define WOLFSSL_TLS13 */ #if defined(WOLFSSL_TLS13) #define HAVE_TLS_EXTENSIONS #define WC_RSA_PSS #define HAVE_HKDF #define HAVE_AEAD #endif /* #define HAVE_SUPPORTED_CURVES */ /* Cannot use WOLFSSL_NO_MALLOC with small stack */ /* #define WOLFSSL_NO_MALLOC */ #define HAVE_TLS_EXTENSIONS #define HAVE_SUPPORTED_CURVES /* To further reduce size, client or server functionality can be disabled. * Here, we check if the example code gave us a hint. * * The calling application can define either one of these macros before * including the Arduino wolfssl.h library file: * * WOLFSSL_CLIENT_EXAMPLE * WOLFSSL_SERVER_EXAMPLE */ #if defined(WOLFSSL_CLIENT_EXAMPLE) #define NO_WOLFSSL_SERVER #elif defined(WOLFSSL_SERVER_EXAMPLE) #define NO_WOLFSSL_CLIENT #else /* Provide a hint to application that neither WOLFSSL_CLIENT_EXAMPLE * or WOLFSSL_SERVER_EXAMPLE macro hint was desired but not found. */ #define NO_WOLFSSL_SERVER_CLIENT_MISSING #warning "Define WOLFSSL_CLIENT_EXAMPLE or WOLFSSL_SERVER_EXAMPLE to" \ " optimize memory for small embedded devices." /* Both can be disabled in wolfssl test & benchmark */ #endif #define NO_DH #define NO_DSA #define USE_FAST_MATH #define WOLFSSL_SMALL_STACK #define SINGLE_THREADED #define WOLFSSL_LOW_MEMORY #define HAVE_AESGCM /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ /* #define WOLFSSL_NOSHA512_256 */ /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ #define SINGLE_THREADED /* Optional OPENSSL compatibility */ /* #define OPENSSL_EXTRA */ /* #define OPENSSL_ALL */ /* when you want to use pkcs7 */ /* #define HAVE_PKCS7 */ /* when you want to use AES counter mode */ /* #define WOLFSSL_AES_DIRECT */ /* #define WOLFSSL_AES_COUNTER */ /* esp32-wroom-32se specific definition */ #if defined(WOLFSSL_ESPWROOM32SE) #define WOLFSSL_ATECC508A #define HAVE_PK_CALLBACKS /* when you want to use a custom slot allocation for ATECC608A */ /* unless your configuration is unusual, you can use default */ /* implementation. */ /* #define CUSTOM_SLOT_ALLOCATION */ #endif /* RSA primitive specific definition */ #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) /* Define USE_FAST_MATH and SMALL_STACK */ #define ESP32_USE_RSA_PRIMITIVE #if defined(CONFIG_IDF_TARGET_ESP32) /* NOTE HW unreliable for small values! */ /* threshold for performance adjustment for HW primitive use */ /* X bits of G^X mod P greater than */ #undef ESP_RSA_EXPT_XBITS #define ESP_RSA_EXPT_XBITS 32 /* X and Y of X * Y mod P greater than */ #undef ESP_RSA_MULM_BITS #define ESP_RSA_MULM_BITS 16 #endif #endif /* #define WOLFSSL_ATECC508A_DEBUG */ /* date/time */ /* if it cannot adjust time in the device, */ /* enable macro below */ /* #define NO_ASN_TIME */ /* #define XTIME time */ /* adjust wait-timeout count if you see timeout in RSA HW acceleration */ #define ESP_RSA_TIMEOUT_CNT 0x249F00 #define HASH_SIZE_LIMIT /* for test.c */ /* USE_FAST_MATH is default */ #define USE_FAST_MATH /***** Use SP_MATH *****/ /* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ /***** Use Integer Heap Math *****/ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ /* Default is HW enabled unless turned off. ** Uncomment these lines to force SW instead of HW acceleration */ #if defined(CONFIG_IDF_TARGET_ESP32) /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /* These are defined automatically in esp32-crypt.h, here for clarity: */ #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32 */ #undef ESP_RSA_MULM_BITS #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */ /***** END CONFIG_IDF_TARGET_ESP32 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S2) /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */ /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S3) /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */ /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32S3 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP8684) /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a * single QFN 4x4 mm package. Out of released documentation, Technical * Reference Manual as well as ESP-IDF Programming Guide is applicable * to both ESP32-C2 and ESP8684. * * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */ /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ /* These are defined automatically in esp32-crypt.h, here for clarity */ #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */ #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */ /* There's no AES or RSA/Math accelerator on the ESP32-C2 * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */ #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD /***** END CONFIG_IDF_TARGET_ESP32C2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C3) /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */ /* These are defined automatically in esp32-crypt.h, here for clarity: */ #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32C3 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32C6) /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* These are defined automatically in esp32-crypt.h, here for clarity: */ #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */ #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */ /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /***** END CONFIG_IDF_TARGET_ESP32C6 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32H2) /* wolfSSL Hardware Acceleration not yet implemented */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI /***** END CONFIG_IDF_TARGET_ESP32H2 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8266) /* TODO: Revisit ESP8266 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI /***** END CONFIG_IDF_TARGET_ESP266 *****/ #else /* Anything else encountered, disable HW acceleration */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ #define DEBUG_WOLFSSL /* Debug options: #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER #define WOLFSSL_ESP32_HW_LOCK_DEBUG #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS #define ESP_DISABLE_HW_TASK_LOCK */ #define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ #define WOLFSSL_HW_METRICS #define ALT_ECC_SIZE /* #define HASH_SIZE_LIMIT */ /* for test.c */ /* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file * will need the name of the library in the idf_component_register * for the PRIV_REQUIRES list. */ /* #define INCLUDE_ALT_HW_TEST */ /* optionally turn off individual math HW acceleration features */ /* Turn off Large Number ESP32 HW Multiplication: ** [Z = X * Y] in esp_mp_mul() */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ /* Turn off Large Number ESP32 HW Modular Exponentiation: ** [Z = X^Y mod M] in esp_mp_exptmod() */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ /* Turn off Large Number ESP32 HW Modular Multiplication ** [Z = X * Y mod M] in esp_mp_mulmod() */ /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ #define WOLFSSL_PUBLIC_MP /* used by benchmark */ /* when turning on ECC508 / ECC608 support #define WOLFSSL_ESPWROOM32SE #define HAVE_PK_CALLBACKS #define WOLFSSL_ATECC508A #define ATCA_WOLFSSL */ /* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm /* The section below defines macros used in typically all of the wolfSSL * examples such as the client and server for certs stored in header files. * * There are various certificate examples in this header file: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * * To use the sets of macros below, define *one* of these: * * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 * USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1 * WOLFSSL_SM[2,3,4] - SM Ciphers * * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this * wolfSSL function for the `ca_cert_der_2048` buffer, size and types: * * ret = wolfSSL_CTX_load_verify_buffer(ctx, * CTX_CA_CERT, * CTX_CA_CERT_SIZE, * CTX_CA_CERT_TYPE); * * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer * * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference * array size and cert type respectively. * * Similarly for loading the private client key: * * ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, * CTX_CLIENT_KEY, * CTX_CLIENT_KEY_SIZE, * CTX_CLIENT_KEY_TYPE); * * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer * * Similarly, the other macros are for server certificates and keys: * `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available. * * The certificate and key names are typically `static const unsigned char` * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM). * * See `SSL_FILETYPE_[name]` in * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h * * See Abstract Syntax Notation One (ASN.1) in: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h * * Optional SM4 Ciphers: * * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet * be available. See: * https://github.com/wolfSSL/wolfssl/pull/6825 * https://github.com/wolfSSL/wolfsm * * Uncomment these 3 macros to enable the SM Ciphers and use the macros below. */ /* #define WOLFSSL_SM2 #define WOLFSSL_SM3 #define WOLFSSL_SM4 */ /* Conditional macros used in wolfSSL TLS client and server examples */ #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) #include #define CTX_CA_CERT root_sm2 #define CTX_CA_CERT_SIZE sizeof_root_sm2 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM #define CTX_SERVER_CERT server_sm2 #define CTX_SERVER_CERT_SIZE sizeof_server_sm2 #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM #define CTX_SERVER_KEY server_sm2_priv #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM #undef WOLFSSL_BASE16 #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) #ifdef USE_CERT_BUFFERS_1024 #error "USE_CERT_BUFFERS_1024 is already defined. Pick one." #endif #include #define CTX_CA_CERT ca_cert_der_2048 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 #define CTX_SERVER_CERT server_cert_der_2048 #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048 #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 #define CTX_SERVER_KEY server_key_der_2048 #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048 #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #define CTX_CLIENT_CERT client_cert_der_2048 #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048 #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 #define CTX_CLIENT_KEY client_key_der_2048 #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048 #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) #ifdef USE_CERT_BUFFERS_2048 #error "USE_CERT_BUFFERS_2048 is already defined. Pick one." #endif #include #define CTX_CA_CERT ca_cert_der_1024 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 #define CTX_CLIENT_CERT client_cert_der_1024 #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024 #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1 #define CTX_CLIENT_KEY client_key_der_1024 #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024 #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #define CTX_SERVER_CERT server_cert_der_1024 #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024 #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1 #define CTX_SERVER_KEY server_key_der_1024 #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024 #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #else #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" #endif #endif