wolfssl/examples/configs/user_settings_wolfboot_keytools.h at 5372e890b2e0e9dd50db40e7d5a968b4525cc85f · wolfSSL/wolfssl · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
/* user_settings_wolfboot_keytools.h
 *
 * wolfCrypt build settings for wolfBoot keygen and signing tool
 * Enabled via WOLFSSL_USER_SETTINGS.
 *
 * Copyright (C) 2006-2026 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

/* wolfBoot key generation and signing tool.
 * Derived from wolfBoot tools/keytools/user_settings.h
 *
 * Build and test:
 * cp ./examples/configs/user_settings_wolfboot_keytools.h user_settings.h
 * ./configure --enable-usersettings --disable-examples
 * make
 * ./wolfcrypt/test/testwolfcrypt
 */

#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H

#ifdef __cplusplus
extern "C" {
#endif

/* ------------------------------------------------- */
/* Platform */
/* ------------------------------------------------- */
#define SINGLE_THREADED
#define WOLFCRYPT_ONLY

/* ------------------------------------------------- */
/* Math */
/* ------------------------------------------------- */
#if 0 /* Fast Math */
    #define USE_FAST_MATH
    #define FP_MAX_BITS (4096 * 2)
#else /* SP Math (recommended) */
    #define WOLFSSL_SP_MATH
    #define WOLFSSL_HAVE_SP_ECC
    #define WOLFSSL_SP_384
    #define WOLFSSL_SP_521
    #define WOLFSSL_HAVE_SP_RSA
    #define WOLFSSL_SP_4096
#endif
#define TFM_TIMING_RESISTANT

/* ------------------------------------------------- */
/* ECC */
/* ------------------------------------------------- */
#if 1 /* ECC support */
    #define HAVE_ECC
    #define ECC_TIMING_RESISTANT
    #define ECC_USER_CURVES
    #undef  NO_ECC256
    #if 1 /* ECC P-384 */
        #define HAVE_ECC384
    #endif
    #if 1 /* ECC P-521 */
        #define HAVE_ECC521
    #endif
#endif

/* ------------------------------------------------- */
/* ED25519 / Curve25519 */
/* ------------------------------------------------- */
#if 1 /* ED25519 signing support */
    #define HAVE_ED25519
#endif

/* ------------------------------------------------- */
/* ED448 / Curve448 */
/* ------------------------------------------------- */
#if 1 /* ED448 signing support */
    #define HAVE_ED448
    #define WOLFSSL_SHAKE256
#endif

/* ------------------------------------------------- */
/* RSA */
/* ------------------------------------------------- */
#if 1 /* RSA signing support */
    #define HAVE_RSA
    #define WC_RSA_BLINDING
    #define WOLFSSL_KEY_GEN
#else
    #define NO_RSA
#endif

/* ------------------------------------------------- */
/* Hashing */
/* ------------------------------------------------- */
#define WOLFSSL_SHA512 /* Required for ED25519/ED448 */
#define WOLFSSL_SHA384
#define WOLFSSL_SHA3

/* ------------------------------------------------- */
/* Post-Quantum Algorithms */
/* ------------------------------------------------- */
#define WOLFSSL_EXPERIMENTAL_SETTINGS

#if 1 /* ML-DSA / Dilithium */
    #define HAVE_DILITHIUM
    #define WOLFSSL_WC_DILITHIUM
    /* Builds to FIPS 204 final standard by default.
     * Set to 1 for draft version. */
    #if 0 /* FIPS 204 Draft */
        #define WOLFSSL_DILITHIUM_FIPS204_DRAFT
    #endif
    #ifndef ML_DSA_LEVEL
        #define ML_DSA_LEVEL 2
    #endif
    #define WOLFSSL_SHAKE128 /* Required for Dilithium */
#endif

#if 1 /* LMS */
    #define WOLFSSL_HAVE_LMS
    #ifndef LMS_LEVELS
        #define LMS_LEVELS 1
    #endif
    #ifndef LMS_HEIGHT
        #define LMS_HEIGHT 10
    #endif
    #ifndef LMS_WINTERNITZ
        #define LMS_WINTERNITZ 8
    #endif
#endif

#if 1 /* XMSS */
    #define WOLFSSL_HAVE_XMSS
    #ifndef WOLFSSL_XMSS_MAX_HEIGHT
        #define WOLFSSL_XMSS_MAX_HEIGHT 32
    #endif
#endif

/* ------------------------------------------------- */
/* Symmetric Ciphers */
/* ------------------------------------------------- */
#if 1 /* ChaCha20 stream cipher */
    #define HAVE_CHACHA
#endif
#if 1 /* AES-CTR / AES direct */
    #define WOLFSSL_AES_COUNTER
    #define WOLFSSL_AES_DIRECT
#endif

/* ------------------------------------------------- */
/* ASN */
/* ------------------------------------------------- */
#define WOLFSSL_ASN_TEMPLATE

/* ------------------------------------------------- */
/* Disabled Algorithms */
/* ------------------------------------------------- */
#define NO_CMAC
#define NO_HMAC
#define NO_RC4
#define NO_SHA
#define NO_DH
#define NO_DSA
#define NO_MD4
#define NO_MD5
#define NO_DES3
#define NO_PWDBASED
#define NO_OLD_RNGNAME
#define NO_RABBIT
#define NO_HC128

/* ------------------------------------------------- */
/* Disabled Features */
/* ------------------------------------------------- */
#define NO_SIG_WRAPPER
#define NO_CERTS
#define NO_SESSION_CACHE
#define NO_WRITEV
#define NO_WOLFSSL_DIR
#define WOLFSSL_NO_SOCK
#define WOLFSSL_IGNORE_FILE_WARN
#define BENCH_EMBEDDED

#if 1 /* Disable error strings to save flash */
    #define NO_ERROR_STRINGS
#endif

#ifdef __cplusplus
}
#endif

#endif /* WOLFSSL_USER_SETTINGS_H */