wolfssl-sys 4.0.0

System bindings for WolfSSL
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

/* user_settings.h
 *
 * Copyright (C) 2006-2026 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

/*
 * user_settings.h
 *
 *  Created on: Mar 20, 2020
 *  Generated using:
 * ./configure --enable-cryptonly --enable-armasm --enable-ecc --enable-aesgcm --enable-pwdbased --enable-sp --enable-sp-asm \
 *     --disable-dh --disable-sha --disable-md5 --disable-sha224 --disable-aescbc --disable-shake256
 *  Result: wolfssl/options.h
 */

#ifndef SRC_USER_SETTINGS_H_
#define SRC_USER_SETTINGS_H_

#include <xparameters.h>

/* Disable all TLS support, only wolfCrypt features */
#define WOLFCRYPT_ONLY

/* Xilinx SDK */
#define WOLFSSL_XILINX
#define WOLFSSL_XILINX_CRYPT
#if defined(versal) && defined(WOLFSSL_XILINX_CRYPT)
#define WOLFSSL_XILINX_CRYPT_VERSAL
#endif
#ifndef FREERTOS
#define SINGLE_THREADED
#endif
#define NO_FILESYSTEM
#define HAVE_UINTPTR_T

/* Platform - remap printf */
#include "xil_printf.h"
#define XPRINTF xil_printf

#if !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
/* Enable ARMv8 (Aarch64) assembly speedups - SHA256 / AESGCM */
/* Note: Requires CFLAGS="-mcpu=generic+crypto -mstrict-align" */
#define WOLFSSL_ARMASM
#endif

/* Math */
#define USE_FAST_MATH
#define FP_MAX_BITS (4096 * 2) /* Max RSA 4096-bit */

/* Use Single Precision assembly math speedups for ECC */
#define WOLFSSL_SP
#define WOLFSSL_SP_ASM
#define WOLFSSL_SP_ARM64_ASM
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_HAVE_SP_RSA

#if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
/* Random: HashDRGB / P-RNG (SHA256) */
/* Versal supports both, with and w/o software-based HashDRGB.
 * It's your choice */
#define HAVE_HASHDRBG

#define WOLFSSL_PSV_TRNG_DEV_ID XPAR_VERSAL_CIPS_0_PSPMC_0_PSV_PMC_TRNG_DEVICE_ID
#if !defined(HAVE_HASHDRBG)
#define CUSTOM_RAND_GENERATE_BLOCK wc_VersalTrngGenerate
#else
#define CUSTOM_RAND_GENERATE_SEED wc_VersalTrngGenerate
#endif
#else
/* If we don't use the Versal Crypto we need the HASHDRBG */
#define HAVE_HASHDRBG
extern unsigned char my_rng_seed_gen(void);
#define CUSTOM_RAND_GENERATE  my_rng_seed_gen
#endif

/* Timing Resistance */
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WC_RSA_BLINDING
//#define WC_XIL_AESGCM_DPA_CM

/* ECC */
#define HAVE_ECC
#if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
#define ECC_USER_CURVES
#define NO_ECC256
#define WOLFSSL_SP_NO_256
#define HAVE_ECC384
#define WOLFSSL_SP_384
#define HAVE_ECC521
#define WOLFSSL_SP_521
/* Versal also supports usage of RFC6979 if you want to */
//#define WOLFSSL_ECDSA_DETERMINISTIC_K
#else
#define TFM_ECC256
#define ECC_SHAMIR
#endif

/* DH */
#undef NO_DH
#define WOLFSSL_DH_CONST
#define HAVE_FFDHE_2048
#define HAVE_FFDHE_4096

/* Curve25519 / Ed25519 */
#define HAVE_CURVE25519
#define HAVE_ED25519 /* ED25519 Requires SHA512 */
/* 25519 assumes UINT128_T is available for Aarch64 */
#ifndef HAVE___UINT128_T
#define HAVE___UINT128_T
#endif

/* ChaCha20 / Poly1305 */
#define HAVE_CHACHA
#define HAVE_POLY1305

/* AES-CBC is enabled by default if not disabled
 * The others have to be enabled */
#define HAVE_AESCCM
#define HAVE_AESGCM
#define WOLFSSL_AES_DIRECT
#define WOLFSSL_CMAC

/* Hashing */
#define WOLFSSL_SHA512
#define WOLFSSL_SHA384
#define WOLFSSL_SHA224
#define WOLFSSL_SHA3
#define WOLFSSL_NO_HASH_RAW /* not supported with ARMASM */
#define WOLFSSL_NO_SHAKE128
#define WOLFSSL_NO_SHAKE256

/* HKDF */
#define HAVE_HKDF

/* Disable Algorithms */
#define NO_DSA
#define NO_RC4
#define NO_MD4
#define NO_MD5
#define NO_SHA
#define NO_PSK
#define NO_DES3

/* Other */
#define WOLFSSL_IGNORE_FILE_WARN /* Ignore file include warnings */
#define NO_MAIN_FUNCTION /* User supplied "main" entry point */
//#define BENCH_EMBEDDED /* Use smaller buffers for benchmarking */
#define WOLFSSL_KEY_GEN
/* Pre-define AAD size to 16 for benchmarks. When executing the benchmarks we
 * also use a custom size of 13 to measure "the default size". */
#define AES_AUTH_ADD_SZ 16

/* Test with "wolfssl/certs_test.h" buffers - no file system */
#define USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_2048

/* Debugging */
#if 0
    #define DEBUG_WOLFSSL
#endif

#endif /* SRC_USER_SETTINGS_H_ */