2
0

user_settings_platformio.h 27 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791
  1. /* examples/configs/user_settings_platformio.h
  2. *
  3. * Copyright (C) 2006-2024 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. /* This is a sample PlatformIO user_settings.h for wolfSSL
  22. *
  23. * Do not include any wolfssl headers here
  24. *
  25. * When editing this file:
  26. * ensure wolfssl_test and wolfssl_benchmark settings match.
  27. */
  28. /* Define a macro to display user settings version in example code: */
  29. #define WOLFSSL_USER_SETTINGS_ID "PlatformIO user_settings.h v5.7.0-test.rev02"
  30. /*
  31. * For other platforms see:
  32. * https://github.com/wolfSSL/wolfssl/tree/master/examples/configs
  33. */
  34. #if defined(ESP_IDF_VERSION_MAJOR) || defined(WOLFSSL_ESPIDF) || \
  35. defined(ESP_PLATFORM) || defined(WOLFSSL_ESP32)
  36. #include "sdkconfig.h"
  37. /* The #include "protocol_examples_common.h" fails for PlatformIO,
  38. * so disable the WiFi *not needed for test and benchmark examples. */
  39. #define NO_ESP_SDK_WIFI
  40. #endif
  41. /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
  42. /* #define USE_WOLFSSL_ESP_SDK_WIFI */
  43. /* Experimental Kyber */
  44. #if 0
  45. /* Kyber typically needs a minimum 10K stack */
  46. #define WOLFSSL_EXPERIMENTAL_SETTINGS
  47. #define WOLFSSL_HAVE_KYBER
  48. #define WOLFSSL_WC_KYBER
  49. #define WOLFSSL_SHA3
  50. #endif
  51. /* Used only by benchmark: */
  52. #define BENCH_EMBEDDED
  53. #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
  54. #define HAVE_VERSION_EXTENDED_INFO
  55. /* Due to limited build control, we'll ignore file warnings. */
  56. /* See github.com/arduino/arduino-cli/issues/631 */
  57. #undef WOLFSSL_IGNORE_FILE_WARN
  58. #define WOLFSSL_IGNORE_FILE_WARN
  59. /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
  60. /* TODO: known PlatformIO problem if SINGLE_THREADED is not enabled. */
  61. /* See https://github.com/wolfSSL/wolfssl/issues/7533 */
  62. #define SINGLE_THREADED
  63. /* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
  64. * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
  65. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
  66. * When really desperate or no TLS used, try NO_SESSION_CACHE. */
  67. #define NO_SESSION_CACHE
  68. /* Small Stack uses more heap. */
  69. #define WOLFSSL_SMALL_STACK
  70. /* Full debugging turned off, but show malloc failure detail */
  71. /* #define DEBUG_WOLFSSL */
  72. #define DEBUG_WOLFSSL_MALLOC
  73. /* See test.c that sets cert buffers; we'll set them here: */
  74. #define USE_CERT_BUFFERS_256
  75. #define USE_CERT_BUFFERS_2048
  76. /* RSA_LOW_MEM: Half as much memory but twice as slow. */
  77. #define RSA_LOW_MEM
  78. /* Uncommon settings for testing only */
  79. #define TEST_ESPIDF_ALL_WOLFSSL
  80. #ifdef TEST_ESPIDF_ALL_WOLFSSL
  81. #define WOLFSSL_MD2
  82. #define HAVE_BLAKE2
  83. #define HAVE_BLAKE2B
  84. #define HAVE_BLAKE2S
  85. #define WC_RC2
  86. #define WOLFSSL_ALLOW_RC4
  87. #define HAVE_POLY1305
  88. #define WOLFSSL_AES_128
  89. #define WOLFSSL_AES_OFB
  90. #define WOLFSSL_AES_CFB
  91. #define WOLFSSL_AES_XTS
  92. #define WOLFSSL_WOLFSSH
  93. #define HAVE_AESGCM
  94. #define WOLFSSL_AES_COUNTER
  95. #define HAVE_FFDHE
  96. #define HAVE_FFDHE_2048
  97. #if defined(CONFIG_IDF_TARGET_ESP8266)
  98. /* TODO Full size SRP is disabled on the ESP8266 at this time.
  99. * Low memory issue? */
  100. #define WOLFCRYPT_HAVE_SRP
  101. /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
  102. #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
  103. #elif defined(CONFIG_IDF_TARGET_ESP32) || \
  104. defined(CONFIG_IDF_TARGET_ESP32S2) || \
  105. defined(CONFIG_IDF_TARGET_ESP32S3)
  106. /* SRP Known to be working on this target:*/
  107. #define WOLFCRYPT_HAVE_SRP
  108. #define FP_MAX_BITS (8192 * 2)
  109. #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
  110. defined(CONFIG_IDF_TARGET_ESP32H2)
  111. /* SRP Known to be working on this target:*/
  112. #define WOLFCRYPT_HAVE_SRP
  113. #define FP_MAX_BITS (8192 * 2)
  114. #else
  115. /* For everything else, give a try and see if SRP working: */
  116. #define WOLFCRYPT_HAVE_SRP
  117. #define FP_MAX_BITS (8192 * 2)
  118. #endif
  119. #define HAVE_DH
  120. /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
  121. * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
  122. /* #define HAVE_CAMELLIA */
  123. /* DSA requires old SHA */
  124. #define HAVE_DSA
  125. /* Needs SHA512 ? */
  126. #define HAVE_HPKE
  127. /* Not for Espressif? */
  128. #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
  129. defined(CONFIG_IDF_TARGET_ESP8684) || \
  130. defined(CONFIG_IDF_TARGET_ESP32H2) || \
  131. defined(CONFIG_IDF_TARGET_ESP8266)
  132. #if defined(CONFIG_IDF_TARGET_ESP8266)
  133. #undef HAVE_ECC
  134. #undef HAVE_ECC_CDH
  135. #undef HAVE_CURVE25519
  136. /* TODO does CHACHA also need alignment? Failing on ESP8266
  137. * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
  138. #ifdef HAVE_CHACHA
  139. #error "HAVE_CHACHA not supported on ESP8266"
  140. #endif
  141. #ifdef HAVE_XCHACHA
  142. #error "HAVE_XCHACHA not supported on ESP8266"
  143. #endif
  144. #else
  145. #define HAVE_XCHACHA
  146. #define HAVE_CHACHA
  147. /* TODO Not enabled at this time, needs further testing:
  148. * #define WC_SRTP_KDF
  149. * #define HAVE_COMP_KEY
  150. * #define WOLFSSL_HAVE_XMSS
  151. */
  152. #endif
  153. /* TODO AES-EAX not working on this platform */
  154. /* Optionally disable DH
  155. * #undef HAVE_DH
  156. * #undef HAVE_FFDHE
  157. */
  158. /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */
  159. #ifndef HAVE_ECC
  160. #define ECC_SHAMIR
  161. #endif
  162. #else
  163. #define WOLFSSL_AES_EAX
  164. #define ECC_SHAMIR
  165. #endif
  166. /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
  167. /* #define WOLFSSL_CAAM */
  168. /* #define WOLFSSL_CAAM_BLOB */
  169. #define WOLFSSL_AES_SIV
  170. #define WOLFSSL_CMAC
  171. #define WOLFSSL_CERT_PIV
  172. /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
  173. /* #define HAVE_SCRYPT */
  174. #define SCRYPT_TEST_ALL
  175. #define HAVE_X963_KDF
  176. #endif
  177. /* optionally turn off SHA512/224 SHA512/256 */
  178. /* #define WOLFSSL_NOSHA512_224 */
  179. /* #define WOLFSSL_NOSHA512_256 */
  180. /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
  181. /* #define SINGLE_THREADED */
  182. /* When you don't want to use the old SHA */
  183. /* #define NO_SHA */
  184. /* #define NO_OLD_TLS */
  185. /* Cannot use WOLFSSL_NO_MALLOC with small stack */
  186. /* #define WOLFSSL_NO_MALLOC */
  187. #define BENCH_EMBEDDED
  188. /* TLS 1.3 */
  189. #define WOLFSSL_TLS13
  190. #define HAVE_TLS_EXTENSIONS
  191. #define WC_RSA_PSS
  192. #define HAVE_HKDF
  193. #define HAVE_AEAD
  194. #define HAVE_SUPPORTED_CURVES
  195. #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
  196. #define NO_FILESYSTEM
  197. /* To further reduce size, client or server functionality can be disabled.
  198. * Here, we check if the example code gave us a hint.
  199. *
  200. * The calling application can define either one of these macros before
  201. * including the Arduino wolfssl.h library file:
  202. *
  203. * WOLFSSL_CLIENT_EXAMPLE
  204. * WOLFSSL_SERVER_EXAMPLE
  205. */
  206. #if defined(WOLFSSL_CLIENT_EXAMPLE)
  207. #define NO_WOLFSSL_SERVER
  208. #elif defined(WOLFSSL_SERVER_EXAMPLE)
  209. #define NO_WOLFSSL_CLIENT
  210. #else
  211. /* Provide a hint to application that neither WOLFSSL_CLIENT_EXAMPLE
  212. * or WOLFSSL_SERVER_EXAMPLE macro hint was desired but not found. */
  213. #define NO_WOLFSSL_SERVER_CLIENT_MISSING
  214. /* Both can be disabled in wolfssl test & benchmark */
  215. #endif
  216. #define NO_OLD_TLS
  217. #define HAVE_AESGCM
  218. /* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
  219. /* #define WOLFSSL_RIPEMD */
  220. /* when you want to use SHA224 */
  221. #define WOLFSSL_SHA224
  222. /* when you want to use SHA384 */
  223. #define WOLFSSL_SHA384
  224. /* when you want to use SHA512 */
  225. #define WOLFSSL_SHA512
  226. /* when you want to use SHA3 */
  227. #define WOLFSSL_SHA3
  228. /* ED25519 requires SHA512 */
  229. #define HAVE_ED25519
  230. /* Some features not enabled for ESP8266: */
  231. #if defined(CONFIG_IDF_TARGET_ESP8266) || \
  232. defined(CONFIG_IDF_TARGET_ESP32C2)
  233. /* TODO determine low memory configuration for ECC. */
  234. #else
  235. #define HAVE_ECC
  236. #define HAVE_CURVE25519
  237. #define CURVE25519_SMALL
  238. #endif
  239. #define HAVE_ED25519
  240. /* Optional OPENSSL compatibility */
  241. #define OPENSSL_EXTRA
  242. /* #Optional HAVE_PKCS7 */
  243. #define HAVE_PKCS7
  244. #if defined(HAVE_PKCS7)
  245. /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
  246. #define NO_PBKDF2
  247. #define HAVE_AES_KEYWRAP
  248. #define HAVE_X963_KDF
  249. #define WOLFSSL_AES_DIRECT
  250. #endif
  251. /* when you want to use AES counter mode */
  252. /* #define WOLFSSL_AES_DIRECT */
  253. /* #define WOLFSSL_AES_COUNTER */
  254. /* esp32-wroom-32se specific definition */
  255. #if defined(WOLFSSL_ESPWROOM32SE)
  256. #define WOLFSSL_ATECC508A
  257. #define HAVE_PK_CALLBACKS
  258. /* when you want to use a custom slot allocation for ATECC608A */
  259. /* unless your configuration is unusual, you can use default */
  260. /* implementation. */
  261. /* #define CUSTOM_SLOT_ALLOCATION */
  262. #endif
  263. /* WC_NO_CACHE_RESISTANT: slower but more secure */
  264. /* #define WC_NO_CACHE_RESISTANT */
  265. /* TFM_TIMING_RESISTANT: slower but more secure */
  266. /* #define TFM_TIMING_RESISTANT */
  267. /* #define WOLFSSL_ATECC508A_DEBUG */
  268. /* date/time */
  269. /* if it cannot adjust time in the device, */
  270. /* enable macro below */
  271. /* #define NO_ASN_TIME */
  272. /* #define XTIME time */
  273. /* adjust wait-timeout count if you see timeout in RSA HW acceleration */
  274. #define ESP_RSA_TIMEOUT_CNT 0x349F00
  275. /* hash limit for test.c */
  276. #define HASH_SIZE_LIMIT
  277. /* USE_FAST_MATH is default */
  278. #define USE_FAST_MATH
  279. /***** Use SP_MATH *****/
  280. /* #undef USE_FAST_MATH */
  281. /* #define SP_MATH */
  282. /* #define WOLFSSL_SP_MATH_ALL */
  283. /* #define WOLFSSL_SP_RISCV32 */
  284. /***** Use Integer Heap Math *****/
  285. /* #undef USE_FAST_MATH */
  286. /* #define USE_INTEGER_HEAP_MATH */
  287. #define WOLFSSL_SMALL_STACK
  288. #define HAVE_VERSION_EXTENDED_INFO
  289. /* #define HAVE_WC_INTROSPECTION */
  290. #define HAVE_SESSION_TICKET
  291. /* #define HAVE_HASHDRBG */
  292. #define WOLFSSL_KEY_GEN
  293. #define WOLFSSL_CERT_REQ
  294. #define WOLFSSL_CERT_GEN
  295. #define WOLFSSL_CERT_EXT
  296. #define WOLFSSL_SYS_CA_CERTS
  297. #define WOLFSSL_CERT_TEXT
  298. #define WOLFSSL_ASN_TEMPLATE
  299. /*
  300. #undef WOLFSSL_KEY_GEN
  301. #undef WOLFSSL_CERT_REQ
  302. #undef WOLFSSL_CERT_GEN
  303. #undef WOLFSSL_CERT_EXT
  304. #undef WOLFSSL_SYS_CA_CERTS
  305. */
  306. /* command-line options
  307. --enable-keygen
  308. --enable-certgen
  309. --enable-certreq
  310. --enable-certext
  311. --enable-asn-template
  312. */
  313. /* Chipset detection from sdkconfig.h
  314. * Default is HW enabled unless turned off.
  315. * Uncomment lines to force SW instead of HW acceleration */
  316. #if defined(CONFIG_IDF_TARGET_ESP32)
  317. /* Alternatively, if there's an ECC Secure Element present: */
  318. /* #define WOLFSSL_ESPWROOM32SE */
  319. /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
  320. /* #define NO_ESP32_CRYPT */
  321. /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
  322. /* #define NO_WOLFSSL_ESP32_CRYPT_AES */
  323. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
  324. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
  325. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
  326. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
  327. /* These are defined automatically in esp32-crypt.h, here for clarity: */
  328. #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32 */
  329. #undef ESP_RSA_MULM_BITS
  330. #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */
  331. /***** END CONFIG_IDF_TARGET_ESP32 *****/
  332. #elif defined(CONFIG_IDF_TARGET_ESP32S2)
  333. /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
  334. /* #define NO_ESP32_CRYPT */
  335. /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
  336. /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */
  337. /* #define NO_WOLFSSL_ESP32_CRYPT_AES */
  338. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
  339. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
  340. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
  341. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
  342. /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
  343. #elif defined(CONFIG_IDF_TARGET_ESP32S3)
  344. /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
  345. /* #define NO_ESP32_CRYPT */
  346. /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
  347. /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */
  348. /* #define NO_WOLFSSL_ESP32_CRYPT_AES */
  349. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
  350. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
  351. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
  352. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
  353. /***** END CONFIG_IDF_TARGET_ESP32S3 *****/
  354. #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
  355. defined(CONFIG_IDF_TARGET_ESP8684)
  356. /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
  357. * single QFN 4x4 mm package. Out of released documentation, Technical
  358. * Reference Manual as well as ESP-IDF Programming Guide is applicable
  359. * to both ESP32-C2 and ESP8684.
  360. *
  361. * See: www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */
  362. /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */
  363. /* #define NO_ESP32_CRYPT */
  364. /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */
  365. /* These are defined automatically in esp32-crypt.h, here for clarity */
  366. #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */
  367. #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */
  368. /* There's no AES or RSA/Math accelerator on the ESP32-C2
  369. * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */
  370. #define NO_WOLFSSL_ESP32_CRYPT_AES
  371. #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
  372. #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
  373. #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
  374. #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
  375. /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
  376. #elif defined(CONFIG_IDF_TARGET_ESP32C3)
  377. /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
  378. /* #define NO_ESP32_CRYPT */
  379. /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */
  380. /* These are defined automatically in esp32-crypt.h, here for clarity: */
  381. #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */
  382. #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */
  383. /* #define NO_WOLFSSL_ESP32_CRYPT_AES */
  384. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
  385. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
  386. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
  387. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
  388. /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
  389. #elif defined(CONFIG_IDF_TARGET_ESP32C6)
  390. /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
  391. /* #define NO_ESP32_CRYPT */
  392. /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
  393. /* These are defined automatically in esp32-crypt.h, here for clarity: */
  394. #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */
  395. #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */
  396. /* #define NO_WOLFSSL_ESP32_CRYPT_AES */
  397. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
  398. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
  399. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
  400. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
  401. /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
  402. #elif defined(CONFIG_IDF_TARGET_ESP32H2)
  403. /* wolfSSL Hardware Acceleration not yet implemented */
  404. #define NO_ESP32_CRYPT
  405. #define NO_WOLFSSL_ESP32_CRYPT_HASH
  406. #define NO_WOLFSSL_ESP32_CRYPT_AES
  407. #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
  408. /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
  409. #elif defined(CONFIG_IDF_TARGET_ESP8266)
  410. #define WOLFSSL_ESP8266
  411. /* There's no hardware encryption on the ESP8266 */
  412. /* Consider using the ESP32-C2/C3/C6
  413. * See www.espressif.com/en/products/socs/esp32-c2 */
  414. #define NO_ESP32_CRYPT
  415. #define NO_WOLFSSL_ESP32_CRYPT_HASH
  416. #define NO_WOLFSSL_ESP32_CRYPT_AES
  417. #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
  418. /***** END CONFIG_IDF_TARGET_ESP266 *****/
  419. #elif defined(CONFIG_IDF_TARGET_ESP8684)
  420. /* There's no Hardware Acceleration available on ESP8684 */
  421. #define NO_ESP32_CRYPT
  422. #define NO_WOLFSSL_ESP32_CRYPT_HASH
  423. #define NO_WOLFSSL_ESP32_CRYPT_AES
  424. #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
  425. /***** END CONFIG_IDF_TARGET_ESP8684 *****/
  426. #else
  427. /* Anything else encountered, disable HW acceleration */
  428. #define NO_ESP32_CRYPT
  429. #define NO_WOLFSSL_ESP32_CRYPT_HASH
  430. #define NO_WOLFSSL_ESP32_CRYPT_AES
  431. #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
  432. #endif /* CONFIG_IDF_TARGET Check */
  433. /* RSA primitive specific definition, listed AFTER the Chipset detection */
  434. #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
  435. /* Consider USE_FAST_MATH and SMALL_STACK */
  436. #ifndef NO_RSA
  437. #define ESP32_USE_RSA_PRIMITIVE
  438. #if defined(CONFIG_IDF_TARGET_ESP32)
  439. #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
  440. #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
  441. #warning "RSA may be difficult with less than 10KB Stack "/
  442. #endif
  443. #endif
  444. /* NOTE HW unreliable for small values! */
  445. /* threshold for performance adjustment for HW primitive use */
  446. /* X bits of G^X mod P greater than */
  447. #undef ESP_RSA_EXPT_XBITS
  448. #define ESP_RSA_EXPT_XBITS 32
  449. /* X and Y of X * Y mod P greater than */
  450. #undef ESP_RSA_MULM_BITS
  451. #define ESP_RSA_MULM_BITS 16
  452. #endif
  453. #endif
  454. #endif
  455. /* Debug options:
  456. See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
  457. #define ESP_VERIFY_MEMBLOCK
  458. #define DEBUG_WOLFSSL
  459. #define DEBUG_WOLFSSL_VERBOSE
  460. #define DEBUG_WOLFSSL_SHA_MUTEX
  461. #define WOLFSSL_ESP32_CRYPT_DEBUG
  462. #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
  463. #define NO_RECOVER_SOFTWARE_CALC
  464. #define WOLFSSL_TEST_STRAY 1
  465. #define USE_ESP_DPORT_ACCESS_READ_BUFFER
  466. #define WOLFSSL_ESP32_HW_LOCK_DEBUG
  467. #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
  468. #define ESP_DISABLE_HW_TASK_LOCK
  469. See wolfcrypt/benchmark/benchmark.c for debug and other settings:
  470. Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
  471. #define DEBUG_WOLFSSL_BENCHMARK_TIMING
  472. Turn on timer debugging (used when CPU cycles not available)
  473. #define WOLFSSL_BENCHMARK_TIMER_DEBUG
  474. */
  475. /* Pause in a loop rather than exit. */
  476. #define WOLFSSL_ESPIDF_ERROR_PAUSE
  477. #define WOLFSSL_HW_METRICS
  478. #define ALT_ECC_SIZE
  479. /* for test.c: */
  480. /* #define HASH_SIZE_LIMIT */
  481. /* Optionally turn off HW math checks */
  482. /* #define NO_HW_MATH_TEST */
  483. /* Optionally include alternate HW test library: alt_hw_test.h */
  484. /* When enabling, the ./components/wolfssl/CMakeLists.txt file
  485. * will need the name of the library in the idf_component_register
  486. * for the PRIV_REQUIRES list. */
  487. /* #define INCLUDE_ALT_HW_TEST */
  488. /* optionally turn off individual math HW acceleration features */
  489. /* Turn off Large Number ESP32 HW Multiplication:
  490. ** [Z = X * Y] in esp_mp_mul() */
  491. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
  492. /* Turn off Large Number ESP32 HW Modular Exponentiation:
  493. ** [Z = X^Y mod M] in esp_mp_exptmod() */
  494. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
  495. /* Turn off Large Number ESP32 HW Modular Multiplication
  496. ** [Z = X * Y mod M] in esp_mp_mulmod() */
  497. /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
  498. /* used by benchmark: */
  499. #define WOLFSSL_PUBLIC_MP
  500. /* when turning on ECC508 / ECC608 support
  501. #define WOLFSSL_ESPWROOM32SE
  502. #define HAVE_PK_CALLBACKS
  503. #define WOLFSSL_ATECC508A
  504. #define ATCA_WOLFSSL
  505. */
  506. /* optional SM4 Ciphers. See github.com/wolfSSL/wolfsm */
  507. /***************************** Certificate Macros *****************************
  508. *
  509. * The section below defines macros used in typically all of the wolfSSL
  510. * examples such as the client and server for certs stored in header files.
  511. *
  512. * There are various certificate examples in this header file:
  513. * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
  514. *
  515. * To use the sets of macros below, define *one* of these:
  516. *
  517. * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1
  518. * USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1
  519. * WOLFSSL_SM[2,3,4] - SM Ciphers
  520. *
  521. * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
  522. * wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
  523. *
  524. * ret = wolfSSL_CTX_load_verify_buffer(ctx,
  525. * CTX_CA_CERT,
  526. * CTX_CA_CERT_SIZE,
  527. * CTX_CA_CERT_TYPE);
  528. *
  529. * See www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
  530. *
  531. * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
  532. * defined here: github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
  533. *
  534. * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
  535. * array size and cert type respectively.
  536. *
  537. * Similarly for loading the private client key:
  538. *
  539. * ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
  540. * CTX_CLIENT_KEY,
  541. * CTX_CLIENT_KEY_SIZE,
  542. * CTX_CLIENT_KEY_TYPE);
  543. *
  544. * see www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
  545. *
  546. * Similarly, the other macros are for server certificates and keys:
  547. * `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
  548. *
  549. * The certificate and key names are typically `static const unsigned char`
  550. * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
  551. * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
  552. *
  553. * See `SSL_FILETYPE_[name]` in
  554. * github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
  555. *
  556. * See Abstract Syntax Notation One (ASN.1) in:
  557. * github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
  558. *
  559. * Optional SM4 Ciphers:
  560. *
  561. * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
  562. * be available. See:
  563. * github.com/wolfSSL/wolfssl/pull/6825
  564. * github.com/wolfSSL/wolfsm
  565. *
  566. * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
  567. */
  568. /*
  569. #define WOLFSSL_SM2
  570. #define WOLFSSL_SM3
  571. #define WOLFSSL_SM4
  572. */
  573. /* Conditional macros used in wolfSSL TLS client and server examples */
  574. #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
  575. #define CTX_CA_CERT root_sm2
  576. #define CTX_CA_CERT_SIZE sizeof_root_sm2
  577. #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM
  578. #define CTX_SERVER_CERT server_sm2
  579. #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
  580. #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
  581. #define CTX_SERVER_KEY server_sm2_priv
  582. #define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv
  583. #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM
  584. #undef WOLFSSL_BASE16
  585. #define WOLFSSL_BASE16
  586. #else
  587. #if defined(USE_CERT_BUFFERS_2048)
  588. #ifdef USE_CERT_BUFFERS_1024
  589. #error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
  590. #endif
  591. #include <wolfssl/certs_test.h>
  592. #define CTX_CA_CERT ca_cert_der_2048
  593. #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
  594. #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
  595. #define CTX_SERVER_CERT server_cert_der_2048
  596. #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
  597. #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
  598. #define CTX_SERVER_KEY server_key_der_2048
  599. #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048
  600. #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1
  601. #define CTX_CLIENT_CERT client_cert_der_2048
  602. #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
  603. #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
  604. #define CTX_CLIENT_KEY client_key_der_2048
  605. #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048
  606. #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
  607. #elif defined(USE_CERT_BUFFERS_1024)
  608. #ifdef USE_CERT_BUFFERS_2048
  609. #error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
  610. #endif
  611. #define CTX_CA_CERT ca_cert_der_1024
  612. #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
  613. #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
  614. #define CTX_CLIENT_CERT client_cert_der_1024
  615. #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
  616. #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
  617. #define CTX_CLIENT_KEY client_key_der_1024
  618. #define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024
  619. #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
  620. #define CTX_SERVER_CERT server_cert_der_1024
  621. #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
  622. #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
  623. #define CTX_SERVER_KEY server_key_der_1024
  624. #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024
  625. #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1
  626. #else
  627. /* Optionally define custom cert arrays, sizes, and types here */
  628. #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
  629. #endif
  630. #endif /* Conditional key and cert constant names */
  631. /******************************************************************************
  632. ** Sanity Checks
  633. ******************************************************************************/
  634. #if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
  635. #if defined(WOLFCRYPT_HAVE_SRP)
  636. #if defined(FP_MAX_BITS)
  637. #if FP_MAX_BITS < (8192 * 2)
  638. #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
  639. #else
  640. #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
  641. #endif
  642. #else
  643. #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
  644. #endif
  645. #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
  646. #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
  647. #endif
  648. #endif
  649. #else
  650. #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
  651. #endif