123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791 |
- /* examples/configs/user_settings_platformio.h
- *
- * Copyright (C) 2006-2024 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- /* This is a sample PlatformIO user_settings.h for wolfSSL
- *
- * Do not include any wolfssl headers here
- *
- * When editing this file:
- * ensure wolfssl_test and wolfssl_benchmark settings match.
- */
- /* Define a macro to display user settings version in example code: */
- #define WOLFSSL_USER_SETTINGS_ID "PlatformIO user_settings.h v5.7.0-test.rev02"
- /*
- * For other platforms see:
- * https://github.com/wolfSSL/wolfssl/tree/master/examples/configs
- */
- #if defined(ESP_IDF_VERSION_MAJOR) || defined(WOLFSSL_ESPIDF) || \
- defined(ESP_PLATFORM) || defined(WOLFSSL_ESP32)
- #include "sdkconfig.h"
- /* The #include "protocol_examples_common.h" fails for PlatformIO,
- * so disable the WiFi *not needed for test and benchmark examples. */
- #define NO_ESP_SDK_WIFI
- #endif
- /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
- /* #define USE_WOLFSSL_ESP_SDK_WIFI */
- /* Experimental Kyber */
- #if 0
- /* Kyber typically needs a minimum 10K stack */
- #define WOLFSSL_EXPERIMENTAL_SETTINGS
- #define WOLFSSL_HAVE_KYBER
- #define WOLFSSL_WC_KYBER
- #define WOLFSSL_SHA3
- #endif
- /* Used only by benchmark: */
- #define BENCH_EMBEDDED
- #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
- #define HAVE_VERSION_EXTENDED_INFO
- /* Due to limited build control, we'll ignore file warnings. */
- /* See github.com/arduino/arduino-cli/issues/631 */
- #undef WOLFSSL_IGNORE_FILE_WARN
- #define WOLFSSL_IGNORE_FILE_WARN
- /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
- /* TODO: known PlatformIO problem if SINGLE_THREADED is not enabled. */
- /* See https://github.com/wolfSSL/wolfssl/issues/7533 */
- #define SINGLE_THREADED
- /* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
- * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
- * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
- * When really desperate or no TLS used, try NO_SESSION_CACHE. */
- #define NO_SESSION_CACHE
- /* Small Stack uses more heap. */
- #define WOLFSSL_SMALL_STACK
- /* Full debugging turned off, but show malloc failure detail */
- /* #define DEBUG_WOLFSSL */
- #define DEBUG_WOLFSSL_MALLOC
- /* See test.c that sets cert buffers; we'll set them here: */
- #define USE_CERT_BUFFERS_256
- #define USE_CERT_BUFFERS_2048
- /* RSA_LOW_MEM: Half as much memory but twice as slow. */
- #define RSA_LOW_MEM
- /* Uncommon settings for testing only */
- #define TEST_ESPIDF_ALL_WOLFSSL
- #ifdef TEST_ESPIDF_ALL_WOLFSSL
- #define WOLFSSL_MD2
- #define HAVE_BLAKE2
- #define HAVE_BLAKE2B
- #define HAVE_BLAKE2S
- #define WC_RC2
- #define WOLFSSL_ALLOW_RC4
- #define HAVE_POLY1305
- #define WOLFSSL_AES_128
- #define WOLFSSL_AES_OFB
- #define WOLFSSL_AES_CFB
- #define WOLFSSL_AES_XTS
- #define WOLFSSL_WOLFSSH
- #define HAVE_AESGCM
- #define WOLFSSL_AES_COUNTER
- #define HAVE_FFDHE
- #define HAVE_FFDHE_2048
- #if defined(CONFIG_IDF_TARGET_ESP8266)
- /* TODO Full size SRP is disabled on the ESP8266 at this time.
- * Low memory issue? */
- #define WOLFCRYPT_HAVE_SRP
- /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
- #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
- #elif defined(CONFIG_IDF_TARGET_ESP32) || \
- defined(CONFIG_IDF_TARGET_ESP32S2) || \
- defined(CONFIG_IDF_TARGET_ESP32S3)
- /* SRP Known to be working on this target:*/
- #define WOLFCRYPT_HAVE_SRP
- #define FP_MAX_BITS (8192 * 2)
- #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
- defined(CONFIG_IDF_TARGET_ESP32H2)
- /* SRP Known to be working on this target:*/
- #define WOLFCRYPT_HAVE_SRP
- #define FP_MAX_BITS (8192 * 2)
- #else
- /* For everything else, give a try and see if SRP working: */
- #define WOLFCRYPT_HAVE_SRP
- #define FP_MAX_BITS (8192 * 2)
- #endif
- #define HAVE_DH
- /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
- * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
- /* #define HAVE_CAMELLIA */
- /* DSA requires old SHA */
- #define HAVE_DSA
- /* Needs SHA512 ? */
- #define HAVE_HPKE
- /* Not for Espressif? */
- #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
- defined(CONFIG_IDF_TARGET_ESP8684) || \
- defined(CONFIG_IDF_TARGET_ESP32H2) || \
- defined(CONFIG_IDF_TARGET_ESP8266)
- #if defined(CONFIG_IDF_TARGET_ESP8266)
- #undef HAVE_ECC
- #undef HAVE_ECC_CDH
- #undef HAVE_CURVE25519
- /* TODO does CHACHA also need alignment? Failing on ESP8266
- * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
- #ifdef HAVE_CHACHA
- #error "HAVE_CHACHA not supported on ESP8266"
- #endif
- #ifdef HAVE_XCHACHA
- #error "HAVE_XCHACHA not supported on ESP8266"
- #endif
- #else
- #define HAVE_XCHACHA
- #define HAVE_CHACHA
- /* TODO Not enabled at this time, needs further testing:
- * #define WC_SRTP_KDF
- * #define HAVE_COMP_KEY
- * #define WOLFSSL_HAVE_XMSS
- */
- #endif
- /* TODO AES-EAX not working on this platform */
- /* Optionally disable DH
- * #undef HAVE_DH
- * #undef HAVE_FFDHE
- */
- /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */
- #ifndef HAVE_ECC
- #define ECC_SHAMIR
- #endif
- #else
- #define WOLFSSL_AES_EAX
- #define ECC_SHAMIR
- #endif
- /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
- /* #define WOLFSSL_CAAM */
- /* #define WOLFSSL_CAAM_BLOB */
- #define WOLFSSL_AES_SIV
- #define WOLFSSL_CMAC
- #define WOLFSSL_CERT_PIV
- /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
- /* #define HAVE_SCRYPT */
- #define SCRYPT_TEST_ALL
- #define HAVE_X963_KDF
- #endif
- /* optionally turn off SHA512/224 SHA512/256 */
- /* #define WOLFSSL_NOSHA512_224 */
- /* #define WOLFSSL_NOSHA512_256 */
- /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
- /* #define SINGLE_THREADED */
- /* When you don't want to use the old SHA */
- /* #define NO_SHA */
- /* #define NO_OLD_TLS */
- /* Cannot use WOLFSSL_NO_MALLOC with small stack */
- /* #define WOLFSSL_NO_MALLOC */
- #define BENCH_EMBEDDED
- /* TLS 1.3 */
- #define WOLFSSL_TLS13
- #define HAVE_TLS_EXTENSIONS
- #define WC_RSA_PSS
- #define HAVE_HKDF
- #define HAVE_AEAD
- #define HAVE_SUPPORTED_CURVES
- #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
- #define NO_FILESYSTEM
- /* To further reduce size, client or server functionality can be disabled.
- * Here, we check if the example code gave us a hint.
- *
- * The calling application can define either one of these macros before
- * including the Arduino wolfssl.h library file:
- *
- * WOLFSSL_CLIENT_EXAMPLE
- * WOLFSSL_SERVER_EXAMPLE
- */
- #if defined(WOLFSSL_CLIENT_EXAMPLE)
- #define NO_WOLFSSL_SERVER
- #elif defined(WOLFSSL_SERVER_EXAMPLE)
- #define NO_WOLFSSL_CLIENT
- #else
- /* Provide a hint to application that neither WOLFSSL_CLIENT_EXAMPLE
- * or WOLFSSL_SERVER_EXAMPLE macro hint was desired but not found. */
- #define NO_WOLFSSL_SERVER_CLIENT_MISSING
- /* Both can be disabled in wolfssl test & benchmark */
- #endif
- #define NO_OLD_TLS
- #define HAVE_AESGCM
- /* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
- /* #define WOLFSSL_RIPEMD */
- /* when you want to use SHA224 */
- #define WOLFSSL_SHA224
- /* when you want to use SHA384 */
- #define WOLFSSL_SHA384
- /* when you want to use SHA512 */
- #define WOLFSSL_SHA512
- /* when you want to use SHA3 */
- #define WOLFSSL_SHA3
- /* ED25519 requires SHA512 */
- #define HAVE_ED25519
- /* Some features not enabled for ESP8266: */
- #if defined(CONFIG_IDF_TARGET_ESP8266) || \
- defined(CONFIG_IDF_TARGET_ESP32C2)
- /* TODO determine low memory configuration for ECC. */
- #else
- #define HAVE_ECC
- #define HAVE_CURVE25519
- #define CURVE25519_SMALL
- #endif
- #define HAVE_ED25519
- /* Optional OPENSSL compatibility */
- #define OPENSSL_EXTRA
- /* #Optional HAVE_PKCS7 */
- #define HAVE_PKCS7
- #if defined(HAVE_PKCS7)
- /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
- #define NO_PBKDF2
- #define HAVE_AES_KEYWRAP
- #define HAVE_X963_KDF
- #define WOLFSSL_AES_DIRECT
- #endif
- /* when you want to use AES counter mode */
- /* #define WOLFSSL_AES_DIRECT */
- /* #define WOLFSSL_AES_COUNTER */
- /* esp32-wroom-32se specific definition */
- #if defined(WOLFSSL_ESPWROOM32SE)
- #define WOLFSSL_ATECC508A
- #define HAVE_PK_CALLBACKS
- /* when you want to use a custom slot allocation for ATECC608A */
- /* unless your configuration is unusual, you can use default */
- /* implementation. */
- /* #define CUSTOM_SLOT_ALLOCATION */
- #endif
- /* WC_NO_CACHE_RESISTANT: slower but more secure */
- /* #define WC_NO_CACHE_RESISTANT */
- /* TFM_TIMING_RESISTANT: slower but more secure */
- /* #define TFM_TIMING_RESISTANT */
- /* #define WOLFSSL_ATECC508A_DEBUG */
- /* date/time */
- /* if it cannot adjust time in the device, */
- /* enable macro below */
- /* #define NO_ASN_TIME */
- /* #define XTIME time */
- /* adjust wait-timeout count if you see timeout in RSA HW acceleration */
- #define ESP_RSA_TIMEOUT_CNT 0x349F00
- /* hash limit for test.c */
- #define HASH_SIZE_LIMIT
- /* USE_FAST_MATH is default */
- #define USE_FAST_MATH
- /***** Use SP_MATH *****/
- /* #undef USE_FAST_MATH */
- /* #define SP_MATH */
- /* #define WOLFSSL_SP_MATH_ALL */
- /* #define WOLFSSL_SP_RISCV32 */
- /***** Use Integer Heap Math *****/
- /* #undef USE_FAST_MATH */
- /* #define USE_INTEGER_HEAP_MATH */
- #define WOLFSSL_SMALL_STACK
- #define HAVE_VERSION_EXTENDED_INFO
- /* #define HAVE_WC_INTROSPECTION */
- #define HAVE_SESSION_TICKET
- /* #define HAVE_HASHDRBG */
- #define WOLFSSL_KEY_GEN
- #define WOLFSSL_CERT_REQ
- #define WOLFSSL_CERT_GEN
- #define WOLFSSL_CERT_EXT
- #define WOLFSSL_SYS_CA_CERTS
- #define WOLFSSL_CERT_TEXT
- #define WOLFSSL_ASN_TEMPLATE
- /*
- #undef WOLFSSL_KEY_GEN
- #undef WOLFSSL_CERT_REQ
- #undef WOLFSSL_CERT_GEN
- #undef WOLFSSL_CERT_EXT
- #undef WOLFSSL_SYS_CA_CERTS
- */
- /* command-line options
- --enable-keygen
- --enable-certgen
- --enable-certreq
- --enable-certext
- --enable-asn-template
- */
- /* Chipset detection from sdkconfig.h
- * Default is HW enabled unless turned off.
- * Uncomment lines to force SW instead of HW acceleration */
- #if defined(CONFIG_IDF_TARGET_ESP32)
- /* Alternatively, if there's an ECC Secure Element present: */
- /* #define WOLFSSL_ESPWROOM32SE */
- /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
- /* #define NO_ESP32_CRYPT */
- /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
- /* #define NO_WOLFSSL_ESP32_CRYPT_AES */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
- /* These are defined automatically in esp32-crypt.h, here for clarity: */
- #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32 */
- #undef ESP_RSA_MULM_BITS
- #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */
- /***** END CONFIG_IDF_TARGET_ESP32 *****/
- #elif defined(CONFIG_IDF_TARGET_ESP32S2)
- /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
- /* #define NO_ESP32_CRYPT */
- /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
- /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */
- /* #define NO_WOLFSSL_ESP32_CRYPT_AES */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
- /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
- #elif defined(CONFIG_IDF_TARGET_ESP32S3)
- /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
- /* #define NO_ESP32_CRYPT */
- /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
- /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */
- /* #define NO_WOLFSSL_ESP32_CRYPT_AES */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
- /***** END CONFIG_IDF_TARGET_ESP32S3 *****/
- #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
- defined(CONFIG_IDF_TARGET_ESP8684)
- /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
- * single QFN 4x4 mm package. Out of released documentation, Technical
- * Reference Manual as well as ESP-IDF Programming Guide is applicable
- * to both ESP32-C2 and ESP8684.
- *
- * See: www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */
- /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */
- /* #define NO_ESP32_CRYPT */
- /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */
- /* These are defined automatically in esp32-crypt.h, here for clarity */
- #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */
- #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */
- /* There's no AES or RSA/Math accelerator on the ESP32-C2
- * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */
- #define NO_WOLFSSL_ESP32_CRYPT_AES
- #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
- #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
- #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
- #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
- /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
- #elif defined(CONFIG_IDF_TARGET_ESP32C3)
- /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
- /* #define NO_ESP32_CRYPT */
- /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */
- /* These are defined automatically in esp32-crypt.h, here for clarity: */
- #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */
- #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */
- /* #define NO_WOLFSSL_ESP32_CRYPT_AES */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
- /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
- #elif defined(CONFIG_IDF_TARGET_ESP32C6)
- /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
- /* #define NO_ESP32_CRYPT */
- /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
- /* These are defined automatically in esp32-crypt.h, here for clarity: */
- #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */
- #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */
- /* #define NO_WOLFSSL_ESP32_CRYPT_AES */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
- /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
- #elif defined(CONFIG_IDF_TARGET_ESP32H2)
- /* wolfSSL Hardware Acceleration not yet implemented */
- #define NO_ESP32_CRYPT
- #define NO_WOLFSSL_ESP32_CRYPT_HASH
- #define NO_WOLFSSL_ESP32_CRYPT_AES
- #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
- /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
- #elif defined(CONFIG_IDF_TARGET_ESP8266)
- #define WOLFSSL_ESP8266
- /* There's no hardware encryption on the ESP8266 */
- /* Consider using the ESP32-C2/C3/C6
- * See www.espressif.com/en/products/socs/esp32-c2 */
- #define NO_ESP32_CRYPT
- #define NO_WOLFSSL_ESP32_CRYPT_HASH
- #define NO_WOLFSSL_ESP32_CRYPT_AES
- #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
- /***** END CONFIG_IDF_TARGET_ESP266 *****/
- #elif defined(CONFIG_IDF_TARGET_ESP8684)
- /* There's no Hardware Acceleration available on ESP8684 */
- #define NO_ESP32_CRYPT
- #define NO_WOLFSSL_ESP32_CRYPT_HASH
- #define NO_WOLFSSL_ESP32_CRYPT_AES
- #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
- /***** END CONFIG_IDF_TARGET_ESP8684 *****/
- #else
- /* Anything else encountered, disable HW acceleration */
- #define NO_ESP32_CRYPT
- #define NO_WOLFSSL_ESP32_CRYPT_HASH
- #define NO_WOLFSSL_ESP32_CRYPT_AES
- #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
- #endif /* CONFIG_IDF_TARGET Check */
- /* RSA primitive specific definition, listed AFTER the Chipset detection */
- #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
- /* Consider USE_FAST_MATH and SMALL_STACK */
- #ifndef NO_RSA
- #define ESP32_USE_RSA_PRIMITIVE
- #if defined(CONFIG_IDF_TARGET_ESP32)
- #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
- #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
- #warning "RSA may be difficult with less than 10KB Stack "/
- #endif
- #endif
- /* NOTE HW unreliable for small values! */
- /* threshold for performance adjustment for HW primitive use */
- /* X bits of G^X mod P greater than */
- #undef ESP_RSA_EXPT_XBITS
- #define ESP_RSA_EXPT_XBITS 32
- /* X and Y of X * Y mod P greater than */
- #undef ESP_RSA_MULM_BITS
- #define ESP_RSA_MULM_BITS 16
- #endif
- #endif
- #endif
- /* Debug options:
- See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
- #define ESP_VERIFY_MEMBLOCK
- #define DEBUG_WOLFSSL
- #define DEBUG_WOLFSSL_VERBOSE
- #define DEBUG_WOLFSSL_SHA_MUTEX
- #define WOLFSSL_ESP32_CRYPT_DEBUG
- #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
- #define NO_RECOVER_SOFTWARE_CALC
- #define WOLFSSL_TEST_STRAY 1
- #define USE_ESP_DPORT_ACCESS_READ_BUFFER
- #define WOLFSSL_ESP32_HW_LOCK_DEBUG
- #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
- #define ESP_DISABLE_HW_TASK_LOCK
- See wolfcrypt/benchmark/benchmark.c for debug and other settings:
- Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
- #define DEBUG_WOLFSSL_BENCHMARK_TIMING
- Turn on timer debugging (used when CPU cycles not available)
- #define WOLFSSL_BENCHMARK_TIMER_DEBUG
- */
- /* Pause in a loop rather than exit. */
- #define WOLFSSL_ESPIDF_ERROR_PAUSE
- #define WOLFSSL_HW_METRICS
- #define ALT_ECC_SIZE
- /* for test.c: */
- /* #define HASH_SIZE_LIMIT */
- /* Optionally turn off HW math checks */
- /* #define NO_HW_MATH_TEST */
- /* Optionally include alternate HW test library: alt_hw_test.h */
- /* When enabling, the ./components/wolfssl/CMakeLists.txt file
- * will need the name of the library in the idf_component_register
- * for the PRIV_REQUIRES list. */
- /* #define INCLUDE_ALT_HW_TEST */
- /* optionally turn off individual math HW acceleration features */
- /* Turn off Large Number ESP32 HW Multiplication:
- ** [Z = X * Y] in esp_mp_mul() */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
- /* Turn off Large Number ESP32 HW Modular Exponentiation:
- ** [Z = X^Y mod M] in esp_mp_exptmod() */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
- /* Turn off Large Number ESP32 HW Modular Multiplication
- ** [Z = X * Y mod M] in esp_mp_mulmod() */
- /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
- /* used by benchmark: */
- #define WOLFSSL_PUBLIC_MP
- /* when turning on ECC508 / ECC608 support
- #define WOLFSSL_ESPWROOM32SE
- #define HAVE_PK_CALLBACKS
- #define WOLFSSL_ATECC508A
- #define ATCA_WOLFSSL
- */
- /* optional SM4 Ciphers. See github.com/wolfSSL/wolfsm */
- /***************************** Certificate Macros *****************************
- *
- * The section below defines macros used in typically all of the wolfSSL
- * examples such as the client and server for certs stored in header files.
- *
- * There are various certificate examples in this header file:
- * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
- *
- * To use the sets of macros below, define *one* of these:
- *
- * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1
- * USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1
- * WOLFSSL_SM[2,3,4] - SM Ciphers
- *
- * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
- * wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
- *
- * ret = wolfSSL_CTX_load_verify_buffer(ctx,
- * CTX_CA_CERT,
- * CTX_CA_CERT_SIZE,
- * CTX_CA_CERT_TYPE);
- *
- * See www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
- *
- * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
- * defined here: github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
- *
- * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
- * array size and cert type respectively.
- *
- * Similarly for loading the private client key:
- *
- * ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
- * CTX_CLIENT_KEY,
- * CTX_CLIENT_KEY_SIZE,
- * CTX_CLIENT_KEY_TYPE);
- *
- * see www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
- *
- * Similarly, the other macros are for server certificates and keys:
- * `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
- *
- * The certificate and key names are typically `static const unsigned char`
- * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
- * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
- *
- * See `SSL_FILETYPE_[name]` in
- * github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
- *
- * See Abstract Syntax Notation One (ASN.1) in:
- * github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
- *
- * Optional SM4 Ciphers:
- *
- * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
- * be available. See:
- * github.com/wolfSSL/wolfssl/pull/6825
- * github.com/wolfSSL/wolfsm
- *
- * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
- */
- /*
- #define WOLFSSL_SM2
- #define WOLFSSL_SM3
- #define WOLFSSL_SM4
- */
- /* Conditional macros used in wolfSSL TLS client and server examples */
- #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
- #define CTX_CA_CERT root_sm2
- #define CTX_CA_CERT_SIZE sizeof_root_sm2
- #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM
- #define CTX_SERVER_CERT server_sm2
- #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
- #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
- #define CTX_SERVER_KEY server_sm2_priv
- #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv
- #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM
- #undef WOLFSSL_BASE16
- #define WOLFSSL_BASE16
- #else
- #if defined(USE_CERT_BUFFERS_2048)
- #ifdef USE_CERT_BUFFERS_1024
- #error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
- #endif
- #include <wolfssl/certs_test.h>
- #define CTX_CA_CERT ca_cert_der_2048
- #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
- #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
- #define CTX_SERVER_CERT server_cert_der_2048
- #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
- #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
- #define CTX_SERVER_KEY server_key_der_2048
- #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048
- #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1
- #define CTX_CLIENT_CERT client_cert_der_2048
- #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
- #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
- #define CTX_CLIENT_KEY client_key_der_2048
- #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048
- #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
- #elif defined(USE_CERT_BUFFERS_1024)
- #ifdef USE_CERT_BUFFERS_2048
- #error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
- #endif
- #define CTX_CA_CERT ca_cert_der_1024
- #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
- #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
- #define CTX_CLIENT_CERT client_cert_der_1024
- #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
- #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
- #define CTX_CLIENT_KEY client_key_der_1024
- #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024
- #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
- #define CTX_SERVER_CERT server_cert_der_1024
- #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
- #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
- #define CTX_SERVER_KEY server_key_der_1024
- #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024
- #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1
- #else
- /* Optionally define custom cert arrays, sizes, and types here */
- #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
- #endif
- #endif /* Conditional key and cert constant names */
- /******************************************************************************
- ** Sanity Checks
- ******************************************************************************/
- #if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
- #if defined(WOLFCRYPT_HAVE_SRP)
- #if defined(FP_MAX_BITS)
- #if FP_MAX_BITS < (8192 * 2)
- #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
- #else
- #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
- #endif
- #else
- #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
- #endif
- #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
- #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
- #endif
- #endif
- #else
- #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
- #endif
|