wolfcrypt-sys 0.1.1

Auto-generated Rust FFI bindings to wolfSSL via bindgen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

/* Copyright wolfSSL, Inc.
 * SPDX-License-Identifier: MIT */

/* user_settings.h
 *
 * wolfSSL configuration for wolfcrypt-rs Rust crate.
 * This file is included via -DWOLFSSL_USER_SETTINGS.
 *
 * FIPS 140-3 builds: build.rs passes -DHAVE_FIPS to the C compiler,
 * which activates the #include below pulling in user_settings_fips.h.
 * build.rs also parses user_settings_fips.h directly (flat #define scan)
 * so FIPS defines are visible to the Rust cfg system.
 */

#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H

/* Threading: mutex protection for RNG and internal state.
 * The wolfcrypt-ring-compat API surface is expected to be thread-safe.
 * On Windows, wolfSSL auto-detects USE_WINDOWS_API and uses
 * native critical sections; on Unix we explicitly select pthreads. */
#ifndef _WIN32
#define WOLFSSL_PTHREADS
#endif

/* ================================================================
 * FIPS 140-3 configuration (activated by Cargo `fips` feature)
 * ================================================================ */
#ifdef HAVE_FIPS
#include "user_settings_fips.h"
#endif

/* OpenSSL compatibility */
#define OPENSSL_EXTRA
#define OPENSSL_ALL
#define WOLFSSL_OPENSSL_ALL
/* Have i2d_ECDSA_SIG allocate its output buffer (like OpenSSL) when *out is NULL */
#define WOLFSSL_I2D_ECDSA_SIG_ALLOC

/* CMAC support (requires AES_DIRECT + OPENSSL_EXTRA) */
#define WOLFSSL_CMAC

/* AES support */
#define WOLFSSL_AES_128
#define WOLFSSL_AES_192
#define WOLFSSL_AES_256
#define HAVE_AESGCM
#define WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_CFB
#define HAVE_AESCCM
#define WOLFSSL_AES_OFB
#define WOLFSSL_AES_DIRECT
#define HAVE_AES_ECB
#define HAVE_AES_KEYWRAP

/* ChaCha20-Poly1305 */
#define HAVE_CHACHA
#define HAVE_POLY1305

/* KDF support */
#define HAVE_HKDF
#define HAVE_PBKDF2
#define WOLFSSL_HAVE_PRF
#define WC_KDF_NIST_SP_800_56C

/* Elliptic curve support */
#define HAVE_ECC
#define HAVE_COMP_KEY
#define HAVE_SUPPORTED_CURVES
#define HAVE_ECC_KOBLITZ
#define WOLFSSL_CUSTOM_CURVES
#define ECC_SHAMIR
#define ECC_TIMING_RESISTANT
#define HAVE_ECC_CHECK_PUBKEY_ORDER
#define USE_ECC_B_PARAM
#define WOLFSSL_VALIDATE_ECC_KEYGEN
#define WOLFSSL_VALIDATE_ECC_IMPORT
/* NOTE: These validation defines protect import/keygen paths.
 * ECDH shared secret (wc_ecc_shared_secret_ex) does NOT call
 * wc_ecc_check_key on the peer point — wolfSSL limitation. */
#define WOLFSSL_SP_384
#define WOLFSSL_SP_521

/* Ed25519 / X25519 */
#define HAVE_ED25519
#define HAVE_CURVE25519

/* Ed448 / X448 (requires SHA-3/SHAKE256) */
#define HAVE_ED448
#define HAVE_CURVE448
#define WOLFSSL_SHA3

/* SHA support */
#define WOLFSSL_SHA224
#define WOLFSSL_SHA384
#define WOLFSSL_SHA512

/* Key/cert generation */
#define WOLFSSL_KEY_GEN
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_SEP

/* RSA options */
#define WC_RSA_BLINDING
#define WC_RSA_NO_PADDING
#define WC_RSA_PSS

/* TLS protocol support — needed by wolfcrypt-tls (the wolfssl crate) for
 * wolfSSL_CTX_new, wolfSSL_connect/accept, SNI, etc.  These are harmless
 * for crypto-only consumers: they add TLS method/context symbols to the
 * link but do not change the behaviour of any wolfCrypt function.
 * HAVE_TLS_EXTENSIONS and HAVE_SNI were already present (required by
 * OPENSSL_ALL for struct layout); WOLFSSL_TLS13 and HAVE_SUPPORTED_CURVES
 * are new. */
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define HAVE_SNI
#define HAVE_SUPPORTED_CURVES

/* DH: enable FFDHE named groups (RFC 7919) for DH_new_by_nid */
#define HAVE_FFDHE_2048
#define HAVE_FFDHE_3072
#define HAVE_FFDHE_4096

/* DER loading */
#define WOLFSSL_DER_LOAD

/* Use SP math (single precision) - the modern default */
#define WOLFSSL_SP_MATH_ALL
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_4096
#define SP_INT_BITS 8192

/* Ensure we have a good random source */
#define HAVE_HASHDRBG

/* Needed for ASN/certificate parsing */
#define WOLFSSL_ASN_TEMPLATE

/* Enable base64 encode/decode */
#define WOLFSSL_BASE64_ENCODE

/* SHAKE needed for Ed448 / SHA-3 */
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256

/* ML-DSA (Dilithium) post-quantum signatures */
#define HAVE_DILITHIUM
#define WOLFSSL_WC_DILITHIUM

/* ML-KEM (FIPS 203) post-quantum KEM support.
 * WOLFSSL_HAVE_MLKEM enables the overall ML-KEM module.
 * WOLFSSL_WC_MLKEM selects wolfCrypt's native implementation (not liboqs). */
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM

#endif /* WOLFSSL_USER_SETTINGS_H */