2
0

user_settings_wolftpm.h 5.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226
  1. /* user_settings_wolftpm.h
  2. *
  3. * Copyright (C) 2006-2024 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. /* To use the rename file to user_settings.h and define WOLFSSL_USER_SETTINGS */
  22. /* Test using:
  23. cp ./examples/configs/user_settings_wolftpm.h user_settings.h
  24. ./configure --enable-usersettings --disable-examples CFLAGS="-Os"
  25. make
  26. */
  27. /* Options generated from configure and wolfssl/options.h using:
  28. ./configure --enable-wolftpm --disable-dh --disable-oldtls \
  29. --disable-sha3 --disable-sha512 --disable-sha384 --disable-sha224 \
  30. --disable-pkcs12 --disable-chacha --disable-poly1305 \
  31. --disable-sys-ca-certs --disable-examples
  32. */
  33. /* Options for USE_LOW_RESOURCE generated with configure and wolfssl/options.h
  34. * using:
  35. ./configure --enable-lowresource --enable-cryptonly --enable-aescfb \
  36. --enable-hmac --enable-cryptocb --enable-singlethreaded \
  37. --enable-sp=smallrsa2048 --enable-sp-math --disable-sp-asm \
  38. --disable-filesystem --disable-asm --disable-pkcs8 --disable-pkcs12 \
  39. --disable-ecc --disable-dh \
  40. --disable-sha224 --disable-sha384 --disable-sha512 \
  41. --disable-md5 --disable-sha3 \
  42. --disable-aescbc --disable-aesgcm --disable-aesccm \
  43. --disable-poly1305 --disable-chacha \
  44. --disable-hashdrbg \
  45. --disable-sys-ca-certs --disable-error-queue-per-thread \
  46. --disable-oldtls --disable-errorstrings --disable-memory --disable-coding \
  47. --disable-examples --disable-optflags \
  48. CFLAGS="-Os -DNO_SIG_WRAPPER -DNO_AES_192 -DNO_AES_256 \
  49. -DWOLFSSL_RSA_PUBLIC_ONLY -DWOLFSSL_RSA_VERIFY_INLINE -DNO_CHECK_PRIVATE_KEY"
  50. */
  51. /* For the wolfTPM build:
  52. ./configure --enable-swtpm CFLAGS="-Os" && make
  53. */
  54. #ifndef WOLF_USER_SETTINGS_TPM_H
  55. #define WOLF_USER_SETTINGS_TPM_H
  56. #ifdef __cplusplus
  57. extern "C" {
  58. #endif
  59. /* enable for low resource options */
  60. #if 0
  61. #define USE_LOW_RESOURCE
  62. #endif
  63. #ifdef USE_LOW_RESOURCE
  64. /* wolfCrypt only (no SSL/TLS) */
  65. #define WOLFCRYPT_ONLY
  66. #else
  67. /* wolfTPM with TLS example (v1.3 only) */
  68. #define WOLFSSL_TLS13
  69. #define WOLFSSL_NO_TLS12
  70. #define NO_OLD_TLS
  71. #define HAVE_TLS_EXTENSIONS
  72. #define HAVE_SUPPORTED_CURVES
  73. #define HAVE_SERVER_RENEGOTIATION_INFO
  74. #define HAVE_ENCRYPT_THEN_MAC
  75. #define HAVE_HKDF
  76. #define WC_RSA_PSS
  77. #define WOLFSSL_PSS_LONG_SALT
  78. #endif
  79. /* No threading or file system */
  80. #define SINGLE_THREADED
  81. /* Enable crypto callbacks */
  82. #define WOLF_CRYPTO_CB
  83. #ifdef USE_LOW_RESOURCE
  84. /* Single Precision math for RSA 2048 only (small) */
  85. #define WOLFSSL_HAVE_SP_RSA
  86. #define WOLFSSL_SP_MATH
  87. #define WOLFSSL_SP_SMALL
  88. #define WOLFSSL_SP_NO_3072 /* 2048-only */
  89. #else
  90. /* Enable SP math all (sp_int.c) with multi-precision support */
  91. #define WOLFSSL_SP_MATH_ALL
  92. #endif
  93. /* Enable hardening (timing resistance) */
  94. #define TFM_TIMING_RESISTANT
  95. #define ECC_TIMING_RESISTANT
  96. #define WC_RSA_BLINDING
  97. /* Enable PRNG (SHA2-256) */
  98. #ifdef USE_LOW_RESOURCE
  99. /* use TPM TRNG */
  100. #define WC_NO_HASHDRBG
  101. #else
  102. #define HAVE_HASHDRBG
  103. #endif
  104. /* Asymmetric */
  105. #if 1 /* RSA - needed to encrypt salt */
  106. #undef NO_RSA
  107. #ifdef USE_LOW_RESOURCE
  108. #define WOLFSSL_RSA_PUBLIC_ONLY
  109. #define WOLFSSL_RSA_VERIFY_INLINE
  110. #define NO_CHECK_PRIVATE_KEY
  111. #endif
  112. #else
  113. #define NO_RSA
  114. #endif
  115. #if 1 /* ECC - needed for encrypt ECC salt */
  116. #define HAVE_ECC
  117. #define ECC_USER_CURVES /* default to only SECP256R1 */
  118. #endif
  119. #ifndef USE_LOW_RESOURCE /* DH */
  120. #undef NO_DH
  121. #define HAVE_FFDHE_2048
  122. #define HAVE_DH_DEFAULT_PARAMS
  123. #else
  124. #define NO_DH
  125. #endif
  126. /* Symmetric Hash */
  127. #undef NO_SHA
  128. #undef NO_SHA256
  129. #ifndef USE_LOW_RESOURCE
  130. #define WOLFSSL_SHA512
  131. #define WOLFSSL_SHA384
  132. #endif
  133. /* Symmetric Cipher */
  134. #define WOLFSSL_AES_CFB
  135. #define HAVE_AES_DECRYPT
  136. #ifndef USE_LOW_RESOURCE
  137. #define HAVE_AES_KEYWRAP
  138. #define WOLFSSL_AES_DIRECT
  139. #define HAVE_AESGCM
  140. #define GCM_TABLE_4BIT
  141. #else
  142. #define NO_AES_CBC
  143. #endif
  144. #if 0 /* ChaCha20 / Poly1305 */
  145. #define HAVE_POLY1305
  146. #define HAVE_CHACHA
  147. #endif
  148. /* Features */
  149. #define WOLFSSL_ASN_TEMPLATE
  150. #define WOLFSSL_USER_IO /* user recv/send callbacks for network IO */
  151. #ifndef USE_LOW_RESOURCE
  152. #define WOLFSSL_CERT_GEN
  153. #define WOLFSSL_CERT_REQ
  154. #define WOLFSSL_CERT_EXT
  155. #define HAVE_PKCS7
  156. #define HAVE_X963_KDF
  157. #define WOLFSSL_BASE64_ENCODE
  158. #endif
  159. /* Disables */
  160. #define NO_PKCS8
  161. #define NO_PKCS12
  162. #define NO_PWDBASED
  163. #define NO_DSA
  164. #define NO_DES3
  165. #define NO_RC4
  166. #define NO_PSK
  167. #define NO_MD4
  168. #define NO_MD5
  169. #define WOLFSSL_NO_SHAKE128
  170. #define WOLFSSL_NO_SHAKE256
  171. #define NO_WRITEV
  172. /* Low Resource Options */
  173. #ifdef USE_LOW_RESOURCE
  174. #define NO_FILESYSTEM /* File system disable */
  175. #define NO_ERROR_STRINGS
  176. #define WOLFSSL_NO_ASM
  177. #define TFM_NO_ASM
  178. #define NO_WOLFSSL_MEMORY
  179. #define NO_SESSION_CACHE
  180. #define RSA_LOW_MEM
  181. #define WOLFSSL_AES_SMALL_TABLES
  182. #define WOLFSSL_AES_NO_UNROLL
  183. #define GCM_SMALL
  184. #undef GCM_TABLE_4BIT
  185. #define NO_AES_192
  186. #define NO_AES_256
  187. #define USE_SLOW_SHA
  188. #define USE_SLOW_SHA256
  189. #define USE_SLOW_SHA512
  190. #define NO_SIG_WRAPPER
  191. #define NO_ASN_TIME
  192. #define NO_CODING
  193. #define NO_BIG_INT
  194. #endif
  195. #ifdef __cplusplus
  196. }
  197. #endif
  198. #endif /* WOLF_USER_SETTINGS_TPM_H */