Skip to content

Template for TLS v1.2 only #7198

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
douzzer merged 2 commits into from
Feb 5, 2024
Merged

Template for TLS v1.2 only #7198

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9e47703
Template for TLS v1.2 only.
dgarske Jan 31, 2024
ca726e9
Peer review fixes.
dgarske Feb 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/os-check.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ jobs:
'examples/configs/user_settings_min_ecc.h',
'examples/configs/user_settings_wolfboot_keytools.h',
'examples/configs/user_settings_wolftpm.h',
'examples/configs/user_settings_tls12.h',
]
name: make user_setting.h (testwolfcrypt only)
runs-on: ${{ matrix.os }}
Expand Down
1 change: 1 addition & 0 deletions examples/configs/include.am
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,6 @@ EXTRA_DIST += examples/configs/user_settings_template.h
EXTRA_DIST += examples/configs/user_settings_fipsv2.h
EXTRA_DIST += examples/configs/user_settings_fipsv5.h
EXTRA_DIST += examples/configs/user_settings_stm32.h
EXTRA_DIST += examples/configs/user_settings_tls12.h
EXTRA_DIST += examples/configs/user_settings_wolftpm.h
EXTRA_DIST += examples/configs/user_settings_EBSnet.h
158 changes: 158 additions & 0 deletions examples/configs/user_settings_tls12.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,158 @@
/* user_settings_tls12.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/

/* Example for TLS v1.2 client only, ECC only, AES GCM only, SHA2-256 only */
/* Derived using:
* ./configure --disable-rsa --disable-dh --disable-tls13 --disable-chacha \
* --disable-poly1305 --disable-sha224 --disable-sha --disable-md5
* From generated wolfssl/options.h
* Build and Test using:
* ./configure --enable-usersettings --disable-examples
* make
* ./wolfcrypt/test/testwolfcrypt
*/
Copy link
Copy Markdown
Contributor

@douzzer douzzer Feb 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should add the build+test instructions here. from the PR comments:

./configure --enable-usersettings --disable-examples
make
./wolfcrypt/test/testwolfcrypt


#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H

#ifdef __cplusplus
extern "C" {
#endif

/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
/* Use the SetIO callbacks, not the internal wolfio.c socket code */
#define WOLFSSL_USER_IO
#define WOLFSSL_IGNORE_FILE_WARN /* ignore file includes not required */
//#define WOLFSSL_SMALL_STACK /* option to reduce stack size, offload to heap */
#define NO_FILESYSTEM
#define NO_WRITEV
#define NO_SIG_WRAPPER

/* ------------------------------------------------------------------------- */
/* Math */
/* ------------------------------------------------------------------------- */
/* Math Options */
#if 1 /* Single-precision (SP) wolf math - ECC only */
#define WOLFSSL_HAVE_SP_ECC /* use sp_c32.c for math */
#define WOLFSSL_SP_SMALL /* use smaller version of code */
#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */
/* optional Cortex-M3+ speedup with inline assembly */
//#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#elif 1
/* Multi-precision wolf math */
#define WOLFSSL_SP_MATH_ALL /* use sp_int.c generic math */
#define WOLFSSL_SP_SMALL /* use smaller version of code */
#else
/* Fast Math - tfm.c */
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define WOLFSSL_NO_ASM
#endif

/* ------------------------------------------------------------------------- */
/* TLS */
/* ------------------------------------------------------------------------- */
/* Enable TLS v1.2 (on by default) */
#undef WOLFSSL_NO_TLS12
/* Disable TLS server code */
#define NO_WOLFSSL_SERVER
//#define NO_WOLFSSL_CLIENT
/* Disable TLS v1.3 code */
#undef WOLFSSL_TLS13
/* Disable older TLS version prior to 1.2 */
#define NO_OLD_TLS

/* Enable default TLS extensions */
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_EXTENDED_MASTER
#define HAVE_ENCRYPT_THEN_MAC
#define HAVE_SERVER_RENEGOTIATION_INFO
//#define HAVE_SNI /* optional Server Name Indicator (SNI) */

/* ASN */
#define WOLFSSL_ASN_TEMPLATE /* use newer ASN template asn.c code (default) */

/* Disable Features */
#define NO_SESSION_CACHE /* disable session resumption */
#define NO_PSK /* pre-shared-key support */

/* ------------------------------------------------------------------------- */
/* Algorithms */
/* ------------------------------------------------------------------------- */
/* RNG */
#define HAVE_HASHDRBG /* Use DRBG SHA2-256 and seed */

/* Enable ECC */
#define HAVE_ECC
#define ECC_USER_CURVES /* Enable only ECC curves specific */
#undef NO_ECC256 /* Enable SECP256R1 only (on by default) */
#define ECC_TIMING_RESISTANT /* Enable Timing Resistance */
/* Optional ECC calculation speed improvement if not using SP implementation */
//#define ECC_SHAMIR

/* Enable SHA2-256 only (on by default) */
#undef NO_SHA256
//#define USE_SLOW_SHA256 /* Reduces code size by not partially unrolling */

/* Enable AES GCM only */
#define HAVE_AESGCM
#define GCM_SMALL /* use small GHASH table */
#define NO_AES_CBC /* Disable AES CBC */

/* Optional Features */
//#define WOLFSSL_BASE64_ENCODE /* Enable Base64 encoding */


/* Disable Algorithms */
#define NO_RSA
#define NO_DH
#define NO_SHA
#define NO_DSA
#define NO_RC4
#define NO_MD4
#define NO_MD5
#define NO_DES3
#define NO_PWDBASED
#define WOLFSSL_NO_SHAKE128
#define WOLFSSL_NO_SHAKE256

/* ------------------------------------------------------------------------- */
/* Debugging */
/* ------------------------------------------------------------------------- */
#undef DEBUG_WOLFSSL
#undef NO_ERROR_STRINGS
#if 0
#define DEBUG_WOLFSSL
#else
#if 1
#define NO_ERROR_STRINGS
#endif
#endif

#ifdef __cplusplus
}
#endif


#endif /* WOLFSSL_USER_SETTINGS_H */