WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Improve Zephyr support. Cleanup user_settings.h mess. Add FIPS support.

pull/7325/head
David Garske 2024-03-12 12:00:01 -07:00
parent 81c5cf794c
commit 737fa53636
16 changed files with 445 additions and 424 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
zephyr/CMakeLists.txt
View File

@ -1,20 +1,22 @@
if(CONFIG_WOLFSSL)
zephyr_interface_library_named(wolfSSL)
if(CONFIG_WOLFSSL_BUILTIN)
target_compile_definitions(wolfSSL INTERFACE
WOLFSSL_SETTINGS_FILE="${CONFIG_WOLFSSL_SETTINGS_FILE}"
)
if(CONFIG_WOLFSSL_SETTINGS_FILE)
target_compile_definitions(wolfSSL INTERFACE
WOLFSSL_SETTINGS_FILE="${CONFIG_WOLFSSL_SETTINGS_FILE}"
)
endif()
zephyr_include_directories(
${ZEPHYR_CURRENT_MODULE_DIR}
${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl
${ZEPHYR_CURRENT_MODULE_DIR}/zephyr
)
zephyr_library()
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/zephyr/zephyr_init.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/crl.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/dtls13.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/internal.c)
@ -25,8 +27,29 @@ if(CONFIG_WOLFSSL)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/tls.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/tls13.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/wolfio.c)
# FIPS Boundary
if(CONFIG_WOLFCRYPT_FIPS)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfcrypt_first.c)
endif()
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/hmac.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/random.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/kdf.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/rsa.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ecc.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/aes.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha256.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha512.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha3.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dh.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/cmac.c)
if(CONFIG_WOLFCRYPT_FIPS)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fips.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fips_test.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfcrypt_last.c)
endif()
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/arc4.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/asm.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/asn.c)
@ -36,7 +59,6 @@ if(CONFIG_WOLFSSL)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/camellia.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/chacha.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/chacha20_poly1305.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/cmac.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/coding.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/compress.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/cpuid.c)
@ -44,10 +66,8 @@ if(CONFIG_WOLFSSL)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/curve25519.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/curve448.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/des3.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dh.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dilithium.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dsa.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ecc.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ecc_fp.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/eccsi.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ed25519.c)
@ -58,15 +78,11 @@ if(CONFIG_WOLFSSL)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_448.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_low_mem.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_operations.c)
#zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fips.c)
#zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fips_test.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ge_448.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ge_low_mem.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ge_operations.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/hash.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/hmac.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/integer.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/kdf.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/logging.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/md2.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/md4.c)
@ -77,15 +93,9 @@ if(CONFIG_WOLFSSL)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/pkcs7.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/poly1305.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/pwdbased.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/random.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ripemd.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/rsa.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sakke.c)
#zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/selftest.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha256.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha3.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha512.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/signature.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/siphash.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_arm32.c)
@ -104,8 +114,6 @@ if(CONFIG_WOLFSSL)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_encrypt.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_pkcs11.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_port.c)
#zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfcrypt_first.c)
#zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfcrypt_last.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfevent.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfmath.c)
@ -115,7 +123,7 @@ if(CONFIG_WOLFSSL)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa_hash.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa_pkcbs.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/st/stm32.c)
zephyr_library_link_libraries(wolfSSL)
target_compile_definitions(wolfSSL INTERFACE WOLFSSL_ZEPHYR)
@ -125,14 +133,14 @@ if(CONFIG_WOLFSSL)
endif()
else()
assert(CONFIG_WOLFSSL_LIBRARY "wolfSSL was enabled, but neither BUILTIN or LIBRARY was selected.")
# NB: CONFIG_WOLFSSL_LIBRARY is not regression tested and is
# therefore susceptible to bit rot
target_include_directories(wolfSSL INTERFACE
${CONFIG_WOLFSSL_INSTALL_PATH}
)
zephyr_link_libraries(
wolfssl_external
-L${CONFIG_WOLFSSL_INSTALL_PATH}
@ -142,7 +150,7 @@ if(CONFIG_WOLFSSL)
# wolfssl to link with gcc we need to ensure it is placed
# after wolfssl_external on the linkers command line.
endif()
target_link_libraries(wolfSSL INTERFACE zephyr_interface)
endif()

8
zephyr/Kconfig
View File

@ -53,7 +53,6 @@ endchoice
config WOLFSSL_SETTINGS_FILE
string "wolfSSL settings file"
depends on WOLFSSL_BUILTIN
default "user_settings-tls-generic.h"
help
Use a specific wolfSSL settings file. The default config file
file can be tweaked with Kconfig. The default settings is
@ -64,6 +63,13 @@ config WOLFSSL_SETTINGS_FILE
rsource "Kconfig.tls-generic"
config WOLFCRYPT_FIPS
bool "wolfCrypt FIPS support"
depends on WOLFSSL_BUILTIN
help
Enables FIPS support in wolfCrypt. Requires the wolfSSL FIPS ready
download that includes fips.c/fips_test.c.
config WOLFSSL_DEBUG
bool "wolfSSL debug activation"
depends on WOLFSSL_BUILTIN

2
zephyr/include.am
View File

@ -8,9 +8,7 @@ EXTRA_DIST+= zephyr/Kconfig.tls-generic
EXTRA_DIST+= zephyr/zephyr_init.c
EXTRA_DIST+= zephyr/module.yml
EXTRA_DIST+= zephyr/wolfssl/options.h
EXTRA_DIST+= zephyr/nrf5340dk_nrf5340_user_settings.h
EXTRA_DIST+= zephyr/user_settings.h
EXTRA_DIST+= zephyr/user_settings-tls-generic.h
EXTRA_DIST+= zephyr/README.md
EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/
EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/CMakeLists.txt

133
zephyr/nrf5340dk_nrf5340_user_settings.h
View File

@ -1,133 +0,0 @@
/* nrf5340dk_nrf5340_user_settings.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFSSL_OPTIONS_H
#define WOLFSSL_OPTIONS_H
#ifdef __cplusplus
extern "C" {
#endif
/* Platform */
#undef WOLFSSL_ZEPHYR
#define WOLFSSL_ZEPHYR
#define WOLFSSL_GENERAL_ALIGNMENT 4
#define SIZEOF_LONG_LONG 8
/* Enable PSA Crypto API for CryptoCell 312 crypto use */
#define WOLFSSL_HAVE_PSA
#define WOLFSSL_PSA_GLOBAL_LOCK
/* Enable SP Math */
#define WOLFSSL_SP_MATH
#define WOLFSSL_SP_MATH_ALL
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC
/* Enable SP Math assembly support for ARM32 */
#define SP_WORD_SIZE 32
#define WOLFSSL_SP_ASM
#define WOLFSSL_SP_ARM32
#define WOLFSSL_SP_ARM32_ASM
/* Crypto */
#define WC_RSA_BLINDING
#define WC_RSA_PSS
#define WOLFSSL_DH_CONST
#define HAVE_FFDHE_2048
#define HAVE_ECC
#define ECC_USER_CURVES
/* #define HAVE_ECC192 */
/* #define HAVE_ECC224 */
#undef NO_ECC256
/* #define HAVE_ECC384 */
/* #define HAVE_ECC521 */
#define ECC_SHAMIR
#define ECC_TIMING_RESISTANT
#define WOLFSSL_AES_DIRECT
#define HAVE_AES_ECB
#define HAVE_AES_CBC
#define HAVE_AESCCM
#define HAVE_AESGCM
#define GCM_TABLE_4BIT
/* AES-CTR is not working correctly with Nordic PSA Crypto API */
/* #define WOLFSSL_AES_COUNTER */
#define HAVE_CHACHA
#define HAVE_POLY1305
#define HAVE_ONE_TIME_AUTH
/* Nordic Security PSA Crypto CryptoCell integration does not support SHA-1 */
#define NO_SHA
#define WOLFSSL_SHA224
#define WOLFSSL_SHA384
#define WOLFSSL_SHA512
#define WOLFSSL_SHA3
#define HAVE_HKDF
#define WOLFSSL_CMAC
/* Benchmark / Test */
#define BENCH_EMBEDDED
#define USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_2048
#define NO_FILESYSTEM
/* RNG */
#define HAVE_HASHDRBG
/* Features */
#define WOLFSSL_TLS13
#define WOLFSSL_OLD_PRIME_CHECK
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_EXTENDED_MASTER
#define WOLFSSL_BASE64_ENCODE
#define WC_NO_ASYNC_THREADING
/* Disable features that require SHA-1 (see note above) */
#define NO_OLD_TLS
#define NO_DSA
/* Disable other features (re-enable if needed) */
#define NO_RC4
#define NO_PSK
#define NO_MD4
#define NO_PWDBASED
#define NO_DES3
#if defined(CONFIG_WOLFSSL_DEBUG)
#undef DEBUG_WOLFSSL
#define DEBUG_WOLFSSL
#endif
#ifdef __cplusplus
}
#endif
#endif /* WOLFSSL_OPTIONS_H */

2
zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp.conf
View File

@ -1,5 +1,5 @@
# Set user_settings.h file to be used for native wolfSSL build settings
CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
#CONFIG_WOLFSSL_SETTINGS_FILE="user_settings_custom.h"
##### PSA and CC3XX #####
# Enable Nordic Security Module

2
zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
View File

@ -2,7 +2,7 @@ CONFIG_BUILD_WITH_TFM=y
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
# Set user_settings.h file to be used for native wolfSSL build settings
CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
#CONFIG_WOLFSSL_SETTINGS_FILE="user_settings_custom.h"
##### PSA and CC3XX #####
# Enable Nordic Security Module

2
zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp.conf
View File

@ -1,5 +1,5 @@
# Set user_settings.h file to be used for native wolfSSL build settings
CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
#CONFIG_WOLFSSL_SETTINGS_FILE="user_settings_custom.h"
##### PSA and CC3XX #####
# Enable Nordic Security Module

2
zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
View File

@ -2,7 +2,7 @@ CONFIG_BUILD_WITH_TFM=y
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
# Set user_settings.h file to be used for native wolfSSL build settings
CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
#CONFIG_WOLFSSL_SETTINGS_FILE="user_settings_custom.h"
##### PSA and CC3XX #####
# Enable Nordic Security Module

17
zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
View File

@ -62,6 +62,20 @@ static const char msgHTTPIndex[] =
"</body>\n"
"</html>\n";
#ifdef HAVE_FIPS
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
/* DO NOT use this in production. You should implement a way
* to get the current date. */
static int verifyIgnoreDateError(int preverify, WOLFSSL_X509_STORE_CTX* store)
@ -485,6 +499,9 @@ int main()
{
THREAD_TYPE serverThread;
#ifdef HAVE_FIPS
wolfCrypt_SetCb_fips(myFipsCb);
#endif
wolfSSL_Init();
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();

2
zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp.conf
View File

@ -1,5 +1,5 @@
# Set user_settings.h file to be used for native wolfSSL build settings
CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
#CONFIG_WOLFSSL_SETTINGS_FILE="user_settings_custom.h"
##### PSA and CC3XX #####
# Enable Nordic Security Module

2
zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
View File

@ -2,7 +2,7 @@ CONFIG_BUILD_WITH_TFM=y
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
# Set user_settings.h file to be used for native wolfSSL build settings
CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
#CONFIG_WOLFSSL_SETTINGS_FILE="user_settings_custom.h"
##### PSA and CC3XX #####
# Enable Nordic Security Module

2
zephyr/samples/wolfssl_tls_thread/prj.conf
View File

@ -35,7 +35,7 @@ CONFIG_LOG_MODE_IMMEDIATE=y
CONFIG_WOLFSSL=y
CONFIG_WOLFSSL_BUILTIN=y
CONFIG_WOLFSSL_TLS_VERSION_1_2=y
CONFIG_WOLFSSL_TLS_VERSION_1_3=y
CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
CONFIG_WOLFSSL_MAC_ALL_ENABLED=y

17
zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c
View File

@ -89,6 +89,20 @@ static const char msgHTTPIndex[] =
"</body>\n"
"</html>\n";
#ifdef HAVE_FIPS
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
/* wolfSSL client wants to read data from the server. */
static int recv_client(WOLFSSL* ssl, char* buff, int sz, void* ctx)
{
@ -575,6 +589,9 @@ int main()
utctime.tv_nsec = 0;
clock_settime(CLOCK_REALTIME, &utctime);
#ifdef HAVE_FIPS
wolfCrypt_SetCb_fips(myFipsCb);
#endif
wolfSSL_Init();
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();

153
zephyr/user_settings-tls-generic.h
View File

@ -1,153 +0,0 @@
/* user_settings-tls-generic.h
* generated from configure options
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFSSL_OPTIONS_H
#define WOLFSSL_OPTIONS_H
#ifdef __cplusplus
extern "C" {
#endif
#if 0
#undef SINGLE_THREADED
#define SINGLE_THREADED
#endif
#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
#undef ECC_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#undef WC_RSA_BLINDING
#define WC_RSA_BLINDING
#undef HAVE_AESGCM
#define HAVE_AESGCM
#undef WOLFSSL_SHA512
#define WOLFSSL_SHA512
#undef WOLFSSL_SHA384
#define WOLFSSL_SHA384
#undef NO_DSA
#define NO_DSA
#undef HAVE_ECC
#define HAVE_ECC
#undef TFM_ECC256
#define TFM_ECC256
#undef WOLFSSL_BASE64_ENCODE
#define WOLFSSL_BASE64_ENCODE
#undef NO_RC4
#define NO_RC4
#undef WOLFSSL_SHA224
#define WOLFSSL_SHA224
#undef WOLFSSL_SHA3
#define WOLFSSL_SHA3
#undef HAVE_POLY1305
#define HAVE_POLY1305
#undef HAVE_ONE_TIME_AUTH
#define HAVE_ONE_TIME_AUTH
#undef HAVE_CHACHA
#define HAVE_CHACHA
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
#undef NO_FILESYSTEM
#define NO_FILESYSTEM
#undef HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS
#undef HAVE_SUPPORTED_CURVES
#define HAVE_SUPPORTED_CURVES
#undef HAVE_EXTENDED_MASTER
#define HAVE_EXTENDED_MASTER
#undef NO_PSK
#define NO_PSK
#undef NO_MD4
#define NO_MD4
#undef NO_PWDBASED
#define NO_PWDBASED
#undef USE_FAST_MATH
#define USE_FAST_MATH
#undef WOLFSSL_NO_ASM
#define WOLFSSL_NO_ASM
#undef WOLFSSL_X86_BUILD
#define WOLFSSL_X86_BUILD
#undef WC_NO_ASYNC_THREADING
#define WC_NO_ASYNC_THREADING
#undef NO_DES3
#define NO_DES3
#undef WOLFSSL_STATIC_MEMORY
#define WOLFSSL_STATIC_MEMORY
#undef WOLFSSL_TLS13
#define WOLFSSL_TLS13
#undef HAVE_HKDF
#define HAVE_HKDF
#undef WC_RSA_PSS
#define WC_RSA_PSS
#undef HAVE_FFDHE_2048
#define HAVE_FFDHE_2048
#if 0
#undef WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_RSA
#undef WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_DH
#undef WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_HAVE_SP_ECC
#endif
#ifdef __cplusplus
}
#endif
#endif /* WOLFSSL_OPTIONS_H */

460
zephyr/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -23,119 +23,379 @@
#define USER_SETTINGS_H
#ifdef CONFIG_WOLFSSL
#ifdef CONFIG_WOLFSSL_SETTINGS_FILE
#include CONFIG_WOLFSSL_SETTINGS_FILE
/* If a custom user_settings file is provided use it instead */
#ifdef WOLFSSL_SETTINGS_FILE
#include WOLFSSL_SETTINGS_FILE
#else
#ifdef __cplusplus
extern "C" {
#endif
#if 0
#undef SINGLE_THREADED
#define SINGLE_THREADED
#endif
#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
#define WOLFSSL_GENERAL_ALIGNMENT 4 /* platform requires 32-bit alignment on uint32_t */
#define SIZEOF_LONG_LONG 8 /* long long is 8 bytes / 64-bit */
//#define WOLFSSL_NO_ASM /* optionally disable inline assembly support */
#define WOLFSSL_IGNORE_FILE_WARN /* ignore file includes not required */
//#define WOLFSSL_SMALL_STACK /* option to reduce stack size, offload to heap */
#define BENCH_EMBEDDED /* use smaller buffers in benchmark / tests */
#undef ECC_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
/* Network stack */
/* Default is POSIX sockets */
//#define WOLFSSL_USER_IO /* Use the SetIO callbacks, not the internal wolfio.c socket code */
//#define WOLFSSL_LWIP
//#define WOLFSSL_LWIP_NATIVE
//#define FREERTOS_TCP
#undef WC_RSA_BLINDING
#define WC_RSA_BLINDING
#undef HAVE_AESGCM
#define HAVE_AESGCM
#undef WOLFSSL_SHA512
#define WOLFSSL_SHA512
#undef WOLFSSL_SHA384
#define WOLFSSL_SHA384
#undef NO_DSA
#define NO_DSA
#undef HAVE_ECC
#define HAVE_ECC
#undef TFM_ECC256
#define TFM_ECC256
#undef WOLFSSL_BASE64_ENCODE
#define WOLFSSL_BASE64_ENCODE
#undef NO_RC4
#define NO_RC4
#undef WOLFSSL_SHA224
#define WOLFSSL_SHA224
#undef WOLFSSL_SHA3
#define WOLFSSL_SHA3
#undef HAVE_POLY1305
#define HAVE_POLY1305
#undef HAVE_ONE_TIME_AUTH
#define HAVE_ONE_TIME_AUTH
#undef HAVE_CHACHA
#define HAVE_CHACHA
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
#undef NO_FILESYSTEM
/* RTOS */
/* Default is POSIX mutex and pthreads*/
//#define SINGLE_THREADED
//#define FREERTOS
#define NO_FILESYSTEM
#define NO_WRITEV
#undef HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS
#undef HAVE_SUPPORTED_CURVES
#define HAVE_SUPPORTED_CURVES
#undef HAVE_EXTENDED_MASTER
#define HAVE_EXTENDED_MASTER
#undef NO_PSK
#define NO_PSK
#undef NO_MD4
#define NO_MD4
#undef NO_PWDBASED
#define NO_PWDBASED
#undef USE_FAST_MATH
#define USE_FAST_MATH
#undef WOLFSSL_NO_ASM
#define WOLFSSL_NO_ASM
#undef WOLFSSL_X86_BUILD
#define WOLFSSL_X86_BUILD
#undef WC_NO_ASYNC_THREADING
#define WC_NO_ASYNC_THREADING
#undef NO_DES3
#define NO_DES3
#undef WOLFSSL_STATIC_MEMORY
#define WOLFSSL_STATIC_MEMORY
/* ------------------------------------------------------------------------- */
/* Hardware */
/* ------------------------------------------------------------------------- */
/* CryptoCell support */
#if 0
#undef WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_RSA
#undef WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_DH
#undef WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_HAVE_SP_ECC
//#define WOLFSSL_CRYPTOCELL
//#define WOLFSSL_CRYPTOCELL_AES
#endif
/* PSA support */
#ifdef CONFIG_MBEDTLS_PSA_CRYPTO_C
#define WOLFSSL_HAVE_PSA
#define WOLFSSL_PSA_GLOBAL_LOCK
#endif
/* ------------------------------------------------------------------------- */
/* FIPS */
/* ------------------------------------------------------------------------- */
#ifdef CONFIG_WOLFCRYPT_FIPS
/* FIPS Ready */
#define HAVE_FIPS_VERSION 5
#define HAVE_FIPS_VERSION_MINOR 3
#endif
/* ------------------------------------------------------------------------- */
/* TLS */
/* ------------------------------------------------------------------------- */
/* TLS v1.2 (on by default) */
#ifdef CONFIG_WOLFSSL_TLS_VERSION_1_2
#undef WOLFSSL_NO_TLS12
#else
#define WOLFSSL_NO_TLS12
#endif
//#define NO_WOLFSSL_SERVER /* Optionally disable TLS server code */
//#define NO_WOLFSSL_CLIENT /* Optionally disable TLS client code */
/* TLS v1.3 */
#if defined(CONFIG_WOLFSSL_TLS_VERSION_1_3) || defined(CONFIG_WOLFSSL_TLS13_ENABLED)
#define WOLFSSL_TLS13
#endif
/* Disable older TLS version prior to 1.2 */
#define NO_OLD_TLS
/* Enable default TLS extensions */
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_EXTENDED_MASTER
#define HAVE_ENCRYPT_THEN_MAC
#define HAVE_SERVER_RENEGOTIATION_INFO
#define HAVE_SNI /* optional Server Name Indicator (SNI) */
/* ASN */
#define WOLFSSL_ASN_TEMPLATE /* use newer ASN template asn.c code (default) */
#if 0 /* optional space reductions */
#define WOLFSSL_NO_ASN_STRICT
#define IGNORE_NAME_CONSTRAINTS
#endif
/* Session Cache */
#if 1
#define SMALL_SESSION_CACHE
#ifdef WOLFSSL_TLS13
#define HAVE_SESSION_TICKET /* session tickets required for resumption in TLS v1.3 */
#endif
#else
#define NO_SESSION_CACHE /* disable session resumption */
#endif
/* PSK */
#define NO_PSK /* disable pre-shared-key support */
/* ------------------------------------------------------------------------- */
/* Algorithms */
/* ------------------------------------------------------------------------- */
/* RNG */
#if 0
/* Example for disabling DRBG and using TRNG directly */
extern int cc310_random_generate(unsigned char* output, unsigned int size);
#define CUSTOM_RAND_GENERATE_BLOCK cc310_random_generate
#define WC_NO_HASHDRBG
#endif
#ifndef WC_NO_HASHDRBG
#define HAVE_HASHDRBG /* Use DRBG SHA2-256 and seed */
#endif
/* ECC */
#if 1
#define HAVE_ECC
#define ECC_USER_CURVES /* Enable only ECC curves specific */
#undef NO_ECC256 /* Enable SECP256R1 only (on by default) */
#define ECC_TIMING_RESISTANT /* Enable Timing Resistance */
//#define ECC_SHAMIR /* Optional ECC calculation speed improvement if not using SP implementation */
//#define WOLFSSL_CUSTOM_CURVES /* enable other curves (not just prime) */
//#define HAVE_ECC_SECPR2
//#define HAVE_ECC_SECPR3
//#define HAVE_ECC_BRAINPOOL
//#define HAVE_ECC_KOBLITZ
//#define HAVE_ECC_CDH /* Co-factor */
//#define HAVE_COMP_KEY /* Compressed key support */
//#define FP_ECC /* Fixed point caching - speed repeated operations against same key */
//#define HAVE_ECC_ENCRYPT
//#define WOLFCRYPT_HAVE_ECCSI
//#define WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT
#endif
#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
/* RSA */
#if 1
#undef NO_RSA
#define WC_RSA_BLINDING
//#define WC_RSA_NO_PADDING
#if 0
#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
#endif
#if defined(WOLFSSL_TLS13) || defined(CONFIG_WOLFSSL_RSA_PSS)
/* TLS v1.3 requires RSA PSS padding */
#define WC_RSA_PSS
//#define WOLFSSL_PSS_LONG_SALT
#endif
#else
#define NO_RSA
#endif
/* DH */
#if 0
#undef NO_DH /* on by default */
#define WOLFSSL_DH_CONST /* don't rely on pow/log */
#define HAVE_FFDHE_2048
#define HAVE_FFDHE_3072
#define HAVE_DH_DEFAULT_PARAMS
//#define WOLFSSL_DH_EXTRA /* Enable additional DH key import/export */
#else
#define NO_DH
#endif
/* ChaCha20 / Poly1305 */
#if 1
#define HAVE_CHACHA
#define HAVE_POLY1305
/* Needed for Poly1305 */
#define HAVE_ONE_TIME_AUTH
#endif
/* Ed25519 / Curve25519 */
#if 0
#define HAVE_CURVE25519
#define HAVE_ED25519 /* ED25519 Requires SHA512 */
/* Optionally use small math (less flash usage, but much slower) */
//#define CURVED25519_SMALL
#endif
/* SHA-1 */
#if 0
#undef NO_SHA /* on by default */
//#define USE_SLOW_SHA /* 1k smaller, but 25% slower */
#else
#define NO_SHA
#endif
/* SHA2-256 */
#if 1
#undef NO_SHA256 /* on by default */
//#define USE_SLOW_SHA256 /* ~2k smaller and about 25% slower */
#define WOLFSSL_SHA224
#else
#define NO_SHA256
#endif
/* SHA2-384/512 */
#if 1
#define WOLFSSL_SHA384
#define WOLFSSL_SHA512
//#define USE_SLOW_SHA512 /* Over twice as small, but 50% slower */
#endif
/* SHA-3 */
#if 1
#define WOLFSSL_SHA3
#endif
/* AES */
#define HAVE_AES_ECB
/* AES-CBC */
#if 1
#define HAVE_AES_CBC
#else
#define NO_AES_CBC
#endif
/* AES-GCM */
#if 1
#define HAVE_AESGCM
#define GCM_SMALL /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
//#define WOLFSSL_AESGCM_STREAM
#endif
//#define HAVE_AES_DECRYPT
//#define WOLFSSL_AES_COUNTER
//#define WOLFSSL_AES_CFB
//#define WOLFSSL_AES_OFB
//#define HAVE_AESCCM
//#define WOLFSSL_AES_XTS
//#define NO_AES_128
//#define NO_AES_192
//#define NO_AES_256
//#define WOLFSSL_AES_SMALL_TABLES
//#define WOLFSSL_AES_NO_UNROLL
/* HKDF */
#if defined(WOLFSSL_TLS13) || defined(CONFIG_WOLFSSL_HKDF)
#define HAVE_HKDF
#endif
/* CMAC - Zephyr nRF BTLE needs CMAC */
#if 1
#define WOLFSSL_AES_DIRECT
#define WOLFSSL_CMAC
#endif
/* Optional Features */
#define WOLFSSL_BASE64_ENCODE /* Enable Base64 encoding */
//#define WC_NO_CACHE_RESISTANT /* systems with cache should enable this for AES, ECC, RSA and DH */
//#define WOLFSSL_CERT_GEN
//#define WOLFSSL_CERT_REQ
//#define WOLFSSL_CERT_EXT
//#define NO_PWDBASED
/* Disable Algorithms */
#define NO_DSA
#define NO_RC4
#define NO_MD4
#define NO_MD5
#define NO_DES3
#define WOLFSSL_NO_SHAKE128
#define WOLFSSL_NO_SHAKE256
/* ------------------------------------------------------------------------- */
/* Math */
/* ------------------------------------------------------------------------- */
/* Math Options */
/* Multi-precision - generic math for all keys sizes and curves */
#if 1
#define WOLFSSL_SP_MATH /* no multi-precision math, only single */
#elif 1
/* wolf mp math (sp_int.c) */
#define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
//#define WOLFSSL_SP_NO_MALLOC
/* use smaller version of code */
#define WOLFSSL_SP_SMALL
/* Define the maximum math bits used */
#if !defined(NO_RSA) || !defined(NO_DH)
#define SP_INT_BITS 2048
#elif defined(HAVE_ECC)
#define SP_INT_BITS 256
#endif
#elif 1
/* Fast Math (tfm.c) (stack based and timing resistant) */
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
/* Define the maximum math bits used (2 * max) */
#if !defined(NO_RSA) || !defined(NO_DH)
#define FP_MAX_BITS (2*2048)
#ifdef HAVE_ECC
#define ALT_ECC_SIZE /* use heap allocation for ECC point */
#endif
#elif defined(HAVE_ECC)
#define FP_MAX_BITS (2*256)
#endif
#ifdef HAVE_ECC
//#define TFM_ECC256 /* optional speedup for ECC-256 bit */
#endif
#else
/* Normal (integer.c) (heap based, not timing resistant) - not recommended */
#define USE_INTEGER_HEAP_MATH
#endif
/* Single Precision (optional) */
/* Math written for specific curves and key sizes */
#if 1
#ifdef HAVE_ECC
#define WOLFSSL_HAVE_SP_ECC
//#define WOLFSSL_SP_NO_256
//#define WOLFSSL_SP_384
//#define WOLFSSL_SP_521
#endif
#ifndef NO_RSA
#define WOLFSSL_HAVE_SP_RSA
//#define WOLFSSL_SP_NO_2048
//#define WOLFSSL_SP_NO_3072
//#define WOLFSSL_SP_4096
#endif
#ifndef NO_DH
#define WOLFSSL_HAVE_SP_DH
#endif
#define WOLFSSL_SP_SMALL /* use smaller version of code */
//#define WOLFSSL_SP_NO_MALLOC /* disable heap in wolf/SP math */
//#define SP_DIV_WORD_USE_DIV /* no div64 */
#if 0
/* optional speedup with inline assembly */
//#define WOLFSSL_SP_ARM_CORTEX_M_ASM /* Cortex-M3+ */
//#define WOLFSSL_SP_ARM_THUMB_ASM /* Cortex-M0+ thumb */
//#define WOLFSSL_SP_ARM32_ASM /* Cortex-R */
//#define WOLFSSL_SP_ARM64_ASM /* Cortex-A */
//#define WOLFSSL_SP_USE_UDIV
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Debugging */
/* ------------------------------------------------------------------------- */
#undef DEBUG_WOLFSSL
#undef NO_ERROR_STRINGS
#ifdef CONFIG_WOLFSSL_DEBUG
#define DEBUG_WOLFSSL
#else
#if 1
#define NO_ERROR_STRINGS
#endif
#endif
#ifdef __cplusplus
}

1
zephyr/wolfssl/options.h
View File

@ -0,0 +1 @@
/* default blank options to appease code that may require it */