wolfssl-sys 4.0.0

System bindings for WolfSSL
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192

/* user_settings.h
 *
 * Copyright (C) 2006-2026 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

/* Example 'user_settings.h' for IoT-Safe demo */

#ifndef IOTSAFE_EXAMPLE_USER_SETTINGS_H
#define IOTSAFE_EXAMPLE_USER_SETTINGS_H
#include <stdint.h>

/* Uncomment next line to enable 2-bytes ID demo */
/* #define TWO_BYTES_ID_DEMO */


/* IOT-Safe slot configurations for this example:
 *   - TWO_BYTES_ID_DEMO: two-bytes ID sim, with hardcoded CA
 *   - Default: one-byte ID sim, with hardcoded server certificate
 */

#if defined(FOUR_BYTES_ID_DEMO)
    #define IOTSAFE_ID_SIZE 2
    #define CRT_CLIENT_FILE_ID  0xABCD3430     /* pre-provisioned */
    #define CRT_SERVER_FILE_ID  0xABCD3330
    #define PRIVKEY_ID          0xABCD3230     /* pre-provisioned */
    #define ECDH_KEYPAIR_ID     0xABCD3330
    #define PEER_PUBKEY_ID      0xABCD3730
    #define PEER_CERT_ID        0xABCD3430

    /* In this version of the demo, the server certificate is
     * stored in a buffer, while the CA is read from a file slot in IoT-SAFE
     */
    #define SOFT_SERVER_CERT

#elif defined(TWO_BYTES_ID_DEMO)
    #define IOTSAFE_ID_SIZE 2
    #define CRT_CLIENT_FILE_ID  0x3430     /* pre-provisioned */
    #define CRT_SERVER_FILE_ID  0x3330
    #define PRIVKEY_ID          0x3230     /* pre-provisioned */
    #define ECDH_KEYPAIR_ID     0x3330
    #define PEER_PUBKEY_ID      0x3730
    #define PEER_CERT_ID        0x3430

    /* In this version of the demo, the server certificate is
     * stored in a buffer, while the CA is read from a file slot in IoT-SAFE
     */
    #define SOFT_SERVER_CERT
#else
    #define IOTSAFE_ID_SIZE     1
    #define CRT_CLIENT_FILE_ID  0x03     /* pre-provisioned */
    #define CRT_SERVER_FILE_ID  0x04
    #define PRIVKEY_ID          0x02 /* pre-provisioned */
    #define ECDH_KEYPAIR_ID     0x03
    #define PEER_PUBKEY_ID      0x04
    #define PEER_CERT_ID        0x05

    /* In this version of the demo, the server certificate is
     * read from a file slot in IoT-SAFE, while the CA is stored in buffer in memory
     */
    #define SOFT_SERVER_CA
#endif




/* Platform */
#define WOLFSSL_IOTSAFE
#define WOLFSSL_SMALL_STACK
#define WOLFSSL_GENERAL_ALIGNMENT 4
#define SINGLE_THREADED
#define WOLFSSL_USER_IO


/* Debugging */
#define WOLFSSL_LOG_PRINTF

/* Change to "if 1" to enable debug */
#if 0
    #define DEBUG_WOLFSSL
    #define WOLFSSL_DEBUG_TLS
    #define DEBUG_IOTSAFE
#endif

/* Features */
#define HAVE_PK_CALLBACKS /* Connect IoT-safe with PK_CALLBACKS */
#define SMALL_SESSION_CACHE
#define USE_CERT_BUFFERS_256

/* RNG */
#define HAVE_IOTSAFE_HWRNG
#define HAVE_HASHDRBG
#define NO_OLD_RNGNAME

//#define USE_GENSEED_FORTEST

/* Time porting */
#define TIME_OVERRIDES
extern volatile unsigned long jiffies;
static inline long XTIME(long *x) { return jiffies;}
#define WOLFSSL_USER_CURRTIME
#define NO_ASN_TIME

/* Math */
#define TFM_TIMING_RESISTANT
#define TFM_ARM
#define WOLFSSL_SP_MATH
#define WOLFSSL_SP_MATH_ALL
#define WOLFSSL_SP_SMALL
#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_HAVE_SP_RSA
#define SP_WORD_SIZE 32

/* ECC */
#define HAVE_ECC
#define ECC_ALT_SIZE
#define ECC_TIMING_RESISTANT

/* RSA */
#define RSA_LOW_MEM
#define WC_RSA_BLINDING
#define WC_RSA_PSS

/* DH - on by default */
#define WOLFSSL_DH_CONST
#define HAVE_FFDHE_2048

/* AES */
#define HAVE_AES_DECRYPT
#define HAVE_AESGCM
#define GCM_SMALL
#define HAVE_AESCCM
#define WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_DIRECT

/* Hashing */
#define WOLFSSL_SHA384
#define HAVE_SHA384 /* old freeRTOS settings.h requires this */
#define WOLFSSL_SHA512
#define HAVE_SHA512 /* old freeRTOS settings.h requires this */
#define HAVE_HKDF

/* TLS */
#if 0
    /* TLS v1.3 only */
    #define WOLFSSL_TLS13
    #define WOLFSSL_NO_TLS12
#else
    /* TLS v1.2 only */
#endif
#define NO_OLD_TLS
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES

/* Disable Features */
#define NO_WRITEV
#define NO_FILESYSTEM
#define NO_MAIN_DRIVER
//#define NO_ERROR_STRINGS

/* Disable Algorithms */
#define NO_DES3
#define NO_DSA
#define NO_RC4
#define NO_MD4
#define NO_MD5
#define NO_SHA
#define NO_PKCS12

/* helpers */
#define htons(x) __builtin_bswap16(x)
#define ntohs(x) __builtin_bswap16(x)
#define ntohl(x) __builtin_bswap32(x)
#define htonl(x) __builtin_bswap32(x)

#endif /* !IOTSAFE_EXAMPLE_USER_SETTINGS_H */