WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
wolfssl/examples/configs/user_settings_platformio.h

792 lines
27 KiB
C
Raw Blame History

/* examples/configs/user_settings_platformio.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* This is a sample PlatformIO user_settings.h for wolfSSL
*
* Do not include any wolfssl headers here
*
* When editing this file:
* ensure wolfssl_test and wolfssl_benchmark settings match.
*/
/* Define a macro to display user settings version in example code: */
#define WOLFSSL_USER_SETTINGS_ID "PlatformIO user_settings.h v5.7.0-test.rev02"
/*
* For other platforms see:
* https://github.com/wolfSSL/wolfssl/tree/master/examples/configs
*/
#if defined(ESP_IDF_VERSION_MAJOR) || defined(WOLFSSL_ESPIDF) || \
defined(ESP_PLATFORM) || defined(WOLFSSL_ESP32)
#include "sdkconfig.h"
/* The #include "protocol_examples_common.h" fails for PlatformIO,
* so disable the WiFi *not needed for test and benchmark examples. */
#define NO_ESP_SDK_WIFI
#endif
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
/* Experimental Kyber */
#if 0
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_SHA3
#endif
/* Used only by benchmark: */
#define BENCH_EMBEDDED
#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
#define HAVE_VERSION_EXTENDED_INFO
/* Due to limited build control, we'll ignore file warnings. */
/* See github.com/arduino/arduino-cli/issues/631 */
#undef WOLFSSL_IGNORE_FILE_WARN
#define WOLFSSL_IGNORE_FILE_WARN
/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
/* TODO: known PlatformIO problem if SINGLE_THREADED is not enabled. */
/* See https://github.com/wolfSSL/wolfssl/issues/7533 */
#define SINGLE_THREADED
/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
* Memory requirement is about 5KB, otherwise 20K is needed when not specified.
* If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
* When really desperate or no TLS used, try NO_SESSION_CACHE. */
#define NO_SESSION_CACHE
/* Small Stack uses more heap. */
#define WOLFSSL_SMALL_STACK
/* Full debugging turned off, but show malloc failure detail */
/* #define DEBUG_WOLFSSL */
#define DEBUG_WOLFSSL_MALLOC
/* See test.c that sets cert buffers; we'll set them here: */
#define USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_2048
/* RSA_LOW_MEM: Half as much memory but twice as slow. */
#define RSA_LOW_MEM
/* Uncommon settings for testing only */
#define TEST_ESPIDF_ALL_WOLFSSL
#ifdef TEST_ESPIDF_ALL_WOLFSSL
#define WOLFSSL_MD2
#define HAVE_BLAKE2
#define HAVE_BLAKE2B
#define HAVE_BLAKE2S
#define WC_RC2
#define WOLFSSL_ALLOW_RC4
#define HAVE_POLY1305
#define WOLFSSL_AES_128
#define WOLFSSL_AES_OFB
#define WOLFSSL_AES_CFB
#define WOLFSSL_AES_XTS
#define WOLFSSL_WOLFSSH
#define HAVE_AESGCM
#define WOLFSSL_AES_COUNTER
#define HAVE_FFDHE
#define HAVE_FFDHE_2048
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* TODO Full size SRP is disabled on the ESP8266 at this time.
* Low memory issue? */
#define WOLFCRYPT_HAVE_SRP
/* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
#define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
#elif defined(CONFIG_IDF_TARGET_ESP32) || \
defined(CONFIG_IDF_TARGET_ESP32S2) || \
defined(CONFIG_IDF_TARGET_ESP32S3)
/* SRP Known to be working on this target:*/
#define WOLFCRYPT_HAVE_SRP
#define FP_MAX_BITS (8192 * 2)
#elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
defined(CONFIG_IDF_TARGET_ESP32H2)
/* SRP Known to be working on this target:*/
#define WOLFCRYPT_HAVE_SRP
#define FP_MAX_BITS (8192 * 2)
#else
/* For everything else, give a try and see if SRP working: */
#define WOLFCRYPT_HAVE_SRP
#define FP_MAX_BITS (8192 * 2)
#endif
#define HAVE_DH
/* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
* Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
/* #define HAVE_CAMELLIA */
/* DSA requires old SHA */
#define HAVE_DSA
/* Needs SHA512 ? */
#define HAVE_HPKE
/* Not for Espressif? */
#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684) || \
defined(CONFIG_IDF_TARGET_ESP32H2) || \
defined(CONFIG_IDF_TARGET_ESP8266)
#if defined(CONFIG_IDF_TARGET_ESP8266)
#undef HAVE_ECC
#undef HAVE_ECC_CDH
#undef HAVE_CURVE25519
/* TODO does CHACHA also need alignment? Failing on ESP8266
* See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
#ifdef HAVE_CHACHA
#error "HAVE_CHACHA not supported on ESP8266"
#endif
#ifdef HAVE_XCHACHA
#error "HAVE_XCHACHA not supported on ESP8266"
#endif
#else
#define HAVE_XCHACHA
#define HAVE_CHACHA
/* TODO Not enabled at this time, needs further testing:
* #define WC_SRTP_KDF
* #define HAVE_COMP_KEY
* #define WOLFSSL_HAVE_XMSS
*/
#endif
/* TODO AES-EAX not working on this platform */
/* Optionally disable DH
* #undef HAVE_DH
* #undef HAVE_FFDHE
*/
/* ECC_SHAMIR out of memory on ESP32-C2 during ECC */
#ifndef HAVE_ECC
#define ECC_SHAMIR
#endif
#else
#define WOLFSSL_AES_EAX
#define ECC_SHAMIR
#endif
/* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
/* #define WOLFSSL_CAAM */
/* #define WOLFSSL_CAAM_BLOB */
#define WOLFSSL_AES_SIV
#define WOLFSSL_CMAC
#define WOLFSSL_CERT_PIV
/* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
/* #define HAVE_SCRYPT */
#define SCRYPT_TEST_ALL
#define HAVE_X963_KDF
#endif
/* optionally turn off SHA512/224 SHA512/256 */
/* #define WOLFSSL_NOSHA512_224 */
/* #define WOLFSSL_NOSHA512_256 */
/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
/* #define SINGLE_THREADED */
/* When you don't want to use the old SHA */
/* #define NO_SHA */
/* #define NO_OLD_TLS */
/* Cannot use WOLFSSL_NO_MALLOC with small stack */
/* #define WOLFSSL_NO_MALLOC */
#define BENCH_EMBEDDED
/* TLS 1.3 */
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define WC_RSA_PSS
#define HAVE_HKDF
#define HAVE_AEAD
#define HAVE_SUPPORTED_CURVES
#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
#define NO_FILESYSTEM
/* To further reduce size, client or server functionality can be disabled.
* Here, we check if the example code gave us a hint.
*
* The calling application can define either one of these macros before
* including the Arduino wolfssl.h library file:
*
* WOLFSSL_CLIENT_EXAMPLE
* WOLFSSL_SERVER_EXAMPLE
*/
#if defined(WOLFSSL_CLIENT_EXAMPLE)
#define NO_WOLFSSL_SERVER
#elif defined(WOLFSSL_SERVER_EXAMPLE)
#define NO_WOLFSSL_CLIENT
#else
/* Provide a hint to application that neither WOLFSSL_CLIENT_EXAMPLE
* or WOLFSSL_SERVER_EXAMPLE macro hint was desired but not found. */
#define NO_WOLFSSL_SERVER_CLIENT_MISSING
/* Both can be disabled in wolfssl test & benchmark */
#endif
#define NO_OLD_TLS
#define HAVE_AESGCM
/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
/* #define WOLFSSL_RIPEMD */
/* when you want to use SHA224 */
#define WOLFSSL_SHA224
/* when you want to use SHA384 */
#define WOLFSSL_SHA384
/* when you want to use SHA512 */
#define WOLFSSL_SHA512
/* when you want to use SHA3 */
#define WOLFSSL_SHA3
/* ED25519 requires SHA512 */
#define HAVE_ED25519
/* Some features not enabled for ESP8266: */
#if defined(CONFIG_IDF_TARGET_ESP8266) || \
defined(CONFIG_IDF_TARGET_ESP32C2)
/* TODO determine low memory configuration for ECC. */
#else
#define HAVE_ECC
#define HAVE_CURVE25519
#define CURVE25519_SMALL
#endif
#define HAVE_ED25519
/* Optional OPENSSL compatibility */
#define OPENSSL_EXTRA
/* #Optional HAVE_PKCS7 */
#define HAVE_PKCS7
#if defined(HAVE_PKCS7)
/* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
#define NO_PBKDF2
#define HAVE_AES_KEYWRAP
#define HAVE_X963_KDF
#define WOLFSSL_AES_DIRECT
#endif
/* when you want to use AES counter mode */
/* #define WOLFSSL_AES_DIRECT */
/* #define WOLFSSL_AES_COUNTER */
/* esp32-wroom-32se specific definition */
#if defined(WOLFSSL_ESPWROOM32SE)
#define WOLFSSL_ATECC508A
#define HAVE_PK_CALLBACKS
/* when you want to use a custom slot allocation for ATECC608A */
/* unless your configuration is unusual, you can use default */
/* implementation. */
/* #define CUSTOM_SLOT_ALLOCATION */
#endif
/* WC_NO_CACHE_RESISTANT: slower but more secure */
/* #define WC_NO_CACHE_RESISTANT */
/* TFM_TIMING_RESISTANT: slower but more secure */
/* #define TFM_TIMING_RESISTANT */
/* #define WOLFSSL_ATECC508A_DEBUG */
/* date/time */
/* if it cannot adjust time in the device, */
/* enable macro below */
/* #define NO_ASN_TIME */
/* #define XTIME time */
/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
#define ESP_RSA_TIMEOUT_CNT 0x349F00
/* hash limit for test.c */
#define HASH_SIZE_LIMIT
/* USE_FAST_MATH is default */
#define USE_FAST_MATH
/***** Use SP_MATH *****/
/* #undef USE_FAST_MATH */
/* #define SP_MATH */
/* #define WOLFSSL_SP_MATH_ALL */
/* #define WOLFSSL_SP_RISCV32 */
/***** Use Integer Heap Math *****/
/* #undef USE_FAST_MATH */
/* #define USE_INTEGER_HEAP_MATH */
#define WOLFSSL_SMALL_STACK
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
#define HAVE_SESSION_TICKET
/* #define HAVE_HASHDRBG */
#define WOLFSSL_KEY_GEN
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_SYS_CA_CERTS
#define WOLFSSL_CERT_TEXT
#define WOLFSSL_ASN_TEMPLATE
/*
#undef WOLFSSL_KEY_GEN
#undef WOLFSSL_CERT_REQ
#undef WOLFSSL_CERT_GEN
#undef WOLFSSL_CERT_EXT
#undef WOLFSSL_SYS_CA_CERTS
*/
/* command-line options
--enable-keygen
--enable-certgen
--enable-certreq
--enable-certext
--enable-asn-template
*/
/* Chipset detection from sdkconfig.h
* Default is HW enabled unless turned off.
* Uncomment lines to force SW instead of HW acceleration */
#if defined(CONFIG_IDF_TARGET_ESP32)
/* Alternatively, if there's an ECC Secure Element present: */
/* #define WOLFSSL_ESPWROOM32SE */
/* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
/* #define NO_WOLFSSL_ESP32_CRYPT_AES */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
/* These are defined automatically in esp32-crypt.h, here for clarity: */
#define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32 */
#undef ESP_RSA_MULM_BITS
#define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */
/***** END CONFIG_IDF_TARGET_ESP32 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32S2)
/* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
/* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */
/* #define NO_WOLFSSL_ESP32_CRYPT_AES */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
/***** END CONFIG_IDF_TARGET_ESP32S2 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32S3)
/* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
/* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */
/* #define NO_WOLFSSL_ESP32_CRYPT_AES */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
/***** END CONFIG_IDF_TARGET_ESP32S3 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684)
/* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
* single QFN 4x4 mm package. Out of released documentation, Technical
* Reference Manual as well as ESP-IDF Programming Guide is applicable
* to both ESP32-C2 and ESP8684.
*
* See: www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */
/* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */
/* These are defined automatically in esp32-crypt.h, here for clarity */
#define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C2 */
#define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C2 */
/* There's no AES or RSA/Math accelerator on the ESP32-C2
* Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
/***** END CONFIG_IDF_TARGET_ESP32C2 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32C3)
/* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ /* to disable all SHA HW */
/* These are defined automatically in esp32-crypt.h, here for clarity: */
#define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */
#define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */
/* #define NO_WOLFSSL_ESP32_CRYPT_AES */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
/***** END CONFIG_IDF_TARGET_ESP32C3 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32C6)
/* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
/* These are defined automatically in esp32-crypt.h, here for clarity: */
#define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 /* no SHA384 HW on C6 */
#define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 /* no SHA512 HW on C6 */
/* #define NO_WOLFSSL_ESP32_CRYPT_AES */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
/***** END CONFIG_IDF_TARGET_ESP32C6 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32H2)
/* wolfSSL Hardware Acceleration not yet implemented */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
/***** END CONFIG_IDF_TARGET_ESP32H2 *****/
#elif defined(CONFIG_IDF_TARGET_ESP8266)
#define WOLFSSL_ESP8266
/* There's no hardware encryption on the ESP8266 */
/* Consider using the ESP32-C2/C3/C6
* See www.espressif.com/en/products/socs/esp32-c2 */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
/***** END CONFIG_IDF_TARGET_ESP266 *****/
#elif defined(CONFIG_IDF_TARGET_ESP8684)
/* There's no Hardware Acceleration available on ESP8684 */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
/***** END CONFIG_IDF_TARGET_ESP8684 *****/
#else
/* Anything else encountered, disable HW acceleration */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
#endif /* CONFIG_IDF_TARGET Check */
/* RSA primitive specific definition, listed AFTER the Chipset detection */
#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
/* Consider USE_FAST_MATH and SMALL_STACK */
#ifndef NO_RSA
#define ESP32_USE_RSA_PRIMITIVE
#if defined(CONFIG_IDF_TARGET_ESP32)
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
#warning "RSA may be difficult with less than 10KB Stack "/
#endif
#endif
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
#undef ESP_RSA_EXPT_XBITS
#define ESP_RSA_EXPT_XBITS 32
/* X and Y of X * Y mod P greater than */
#undef ESP_RSA_MULM_BITS
#define ESP_RSA_MULM_BITS 16
#endif
#endif
#endif
/* Debug options:
See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
#define ESP_VERIFY_MEMBLOCK
#define DEBUG_WOLFSSL
#define DEBUG_WOLFSSL_VERBOSE
#define DEBUG_WOLFSSL_SHA_MUTEX
#define WOLFSSL_ESP32_CRYPT_DEBUG
#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
#define NO_RECOVER_SOFTWARE_CALC
#define WOLFSSL_TEST_STRAY 1
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
#define WOLFSSL_ESP32_HW_LOCK_DEBUG
#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
#define ESP_DISABLE_HW_TASK_LOCK
See wolfcrypt/benchmark/benchmark.c for debug and other settings:
Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
#define DEBUG_WOLFSSL_BENCHMARK_TIMING
Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BENCHMARK_TIMER_DEBUG
*/
/* Pause in a loop rather than exit. */
#define WOLFSSL_ESPIDF_ERROR_PAUSE
#define WOLFSSL_HW_METRICS
#define ALT_ECC_SIZE
/* for test.c: */
/* #define HASH_SIZE_LIMIT */
/* Optionally turn off HW math checks */
/* #define NO_HW_MATH_TEST */
/* Optionally include alternate HW test library: alt_hw_test.h */
/* When enabling, the ./components/wolfssl/CMakeLists.txt file
* will need the name of the library in the idf_component_register
* for the PRIV_REQUIRES list. */
/* #define INCLUDE_ALT_HW_TEST */
/* optionally turn off individual math HW acceleration features */
/* Turn off Large Number ESP32 HW Multiplication:
** [Z = X * Y] in esp_mp_mul() */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
/* Turn off Large Number ESP32 HW Modular Exponentiation:
** [Z = X^Y mod M] in esp_mp_exptmod() */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
/* Turn off Large Number ESP32 HW Modular Multiplication
** [Z = X * Y mod M] in esp_mp_mulmod() */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
/* used by benchmark: */
#define WOLFSSL_PUBLIC_MP
/* when turning on ECC508 / ECC608 support
#define WOLFSSL_ESPWROOM32SE
#define HAVE_PK_CALLBACKS
#define WOLFSSL_ATECC508A
#define ATCA_WOLFSSL
*/
/* optional SM4 Ciphers. See github.com/wolfSSL/wolfsm */
/***************************** Certificate Macros *****************************
*
* The section below defines macros used in typically all of the wolfSSL
* examples such as the client and server for certs stored in header files.
*
* There are various certificate examples in this header file:
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
*
* To use the sets of macros below, define *one* of these:
*
* USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1
* USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1
* WOLFSSL_SM[2,3,4] - SM Ciphers
*
* For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
* wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
*
* ret = wolfSSL_CTX_load_verify_buffer(ctx,
* CTX_CA_CERT,
* CTX_CA_CERT_SIZE,
* CTX_CA_CERT_TYPE);
*
* See www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
*
* In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
* defined here: github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
*
* The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
* array size and cert type respectively.
*
* Similarly for loading the private client key:
*
* ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
* CTX_CLIENT_KEY,
* CTX_CLIENT_KEY_SIZE,
* CTX_CLIENT_KEY_TYPE);
*
* see www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
*
* Similarly, the other macros are for server certificates and keys:
* `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
*
* The certificate and key names are typically `static const unsigned char`
* arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
* are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
*
* See `SSL_FILETYPE_[name]` in
* github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
*
* See Abstract Syntax Notation One (ASN.1) in:
* github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
*
* Optional SM4 Ciphers:
*
* Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
* be available. See:
* github.com/wolfSSL/wolfssl/pull/6825
* github.com/wolfSSL/wolfsm
*
* Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
*/
/*
#define WOLFSSL_SM2
#define WOLFSSL_SM3
#define WOLFSSL_SM4
*/
/* Conditional macros used in wolfSSL TLS client and server examples */
#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
#define CTX_CA_CERT root_sm2
#define CTX_CA_CERT_SIZE sizeof_root_sm2
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM
#define CTX_SERVER_CERT server_sm2
#define CTX_SERVER_CERT_SIZE sizeof_server_sm2
#define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
#define CTX_SERVER_KEY server_sm2_priv
#define CTX_SERVER_KEY_SIZE sizeof_server_sm2_priv
#define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_PEM
#undef WOLFSSL_BASE16
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
#ifdef USE_CERT_BUFFERS_1024
#error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
#endif
#include <wolfssl/certs_test.h>
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_SERVER_CERT server_cert_der_2048
#define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
#define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_SERVER_KEY server_key_der_2048
#define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048
#define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_CLIENT_CERT client_cert_der_2048
#define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
#define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_CLIENT_KEY client_key_der_2048
#define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
#ifdef USE_CERT_BUFFERS_2048
#error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
#endif
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_CLIENT_CERT client_cert_der_1024
#define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
#define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_CLIENT_KEY client_key_der_1024
#define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_SERVER_CERT server_cert_der_1024
#define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
#define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_SERVER_KEY server_key_der_1024
#define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024
#define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#else
/* Optionally define custom cert arrays, sizes, and types here */
#error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
#endif
#endif /* Conditional key and cert constant names */
/******************************************************************************
** Sanity Checks
******************************************************************************/
#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
#if defined(WOLFCRYPT_HAVE_SRP)
#if defined(FP_MAX_BITS)
#if FP_MAX_BITS < (8192 * 2)
#define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
#else
#define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
#endif
#else
#error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
#endif
#if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
#warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
#endif
#endif
#else
#warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
#endif
Reference in New Issue View Git Blame Copy Permalink