wolfBoot/tools/keytools/user_settings.h at 11156ec3a544fcc55f4759d077815a0d8f2bf466 · dgarske/wolfBoot · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
/* user_settings.h
 *
 * wolfCrypt build settings for signing tool
 * Enabled via WOLFSSL_USER_SETTINGS.
 *
 *
 * Copyright (C) 2021 wolfSSL Inc.
 *
 * This file is part of wolfBoot.
 *
 * wolfBoot is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * wolfBoot is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

#ifndef H_USER_SETTINGS_
#define H_USER_SETTINGS_

#include <stdint.h>

/* System */
#ifndef WOLFBOOT_KEYTOOLS
    #define WOLFBOOT_KEYTOOLS
#endif
#define SINGLE_THREADED
#define WOLFCRYPT_ONLY

/* Math */
#if 0
    #define USE_FAST_MATH
    #define FP_MAX_BITS (4096 * 2)
#else
    #define WOLFSSL_SP_MATH
    #define WOLFSSL_HAVE_SP_ECC
    #define WOLFSSL_SP_384
    #define WOLFSSL_SP_521
    #define WOLFSSL_HAVE_SP_RSA
    #define WOLFSSL_SP_4096
#endif

#define TFM_TIMING_RESISTANT

/* ECC */
#define HAVE_ECC
#define ECC_TIMING_RESISTANT
#define ECC_USER_CURVES
#undef  NO_ECC256
#define HAVE_ECC384
#define HAVE_ECC521

/* ED25519 */
#define HAVE_ED25519

/* ED448 */
#define HAVE_ED448
#define WOLFSSL_SHAKE256

/* RSA */
#define HAVE_RSA
#define WC_RSA_BLINDING
#define WOLFSSL_KEY_GEN

/* Hashing */
#define WOLFSSL_SHA512 /* Required for ED25519 */
#define WOLFSSL_SHA384 /* Required for ED25519 */
#define WOLFSSL_SHA3
#undef  NO_SHA256

/* Enable experimental PQ algos */
#define WOLFSSL_EXPERIMENTAL_SETTINGS

/* ML-DSA (dilithium) */
#define HAVE_DILITHIUM
#define WOLFSSL_WC_DILITHIUM
/* Wolfcrypt builds ML-DSA (dilithium) to the FIPS 204 final
* standard by default. Uncomment this if you want the draft
* version instead. */
#if 0
    #define WOLFSSL_DILITHIUM_FIPS204_DRAFT
#endif

/* Default the keygen/sign tool to use ML-DSA level 2 */
#ifndef ML_DSA_LEVEL
    #define ML_DSA_LEVEL 2
#endif

/* Dilithium needs SHAKE128 */
#define WOLFSSL_SHAKE128

/* LMS */
#define WOLFBOOT_SIGN_LMS
#define WOLFSSL_HAVE_LMS
#define WOLFSSL_WC_LMS
#ifndef LMS_LEVELS
    #define LMS_LEVELS 1
#endif
#ifndef LMS_HEIGHT
    #define LMS_HEIGHT 10
#endif
#ifndef LMS_WINTERNITZ
    #define LMS_WINTERNITZ 8
#endif

/* XMSS */
#define WOLFBOOT_SIGN_XMSS
#define WOLFSSL_HAVE_XMSS
#define WOLFSSL_WC_XMSS
#ifndef WOLFBOOT_XMSS_PARAMS
    #define WOLFBOOT_XMSS_PARAMS "XMSS-SHA2_10_256"
#endif
#ifndef WOLFSSL_XMSS_MAX_HEIGHT
    #define WOLFSSL_XMSS_MAX_HEIGHT 32
#endif

/* ASN */
#define WOLFSSL_ASN_TEMPLATE

/* Chacha stream cipher */
#define HAVE_CHACHA

/* AES */
#define WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_DIRECT

/* Disables */
#define NO_CMAC
#define NO_HMAC
#define NO_RC4
#define NO_SHA
#define NO_DH
#define NO_DSA
#define NO_MD4
#define NO_RABBIT
#define NO_MD5
#define NO_SIG_WRAPPER
#define NO_CERT
#define NO_SESSION_CACHE
#define NO_HC128
#define NO_DES3
#define NO_PWDBASED
#define NO_WRITEV
#define NO_OLD_RNGNAME
#define NO_WOLFSSL_DIR
#define WOLFSSL_NO_SOCK
#define WOLFSSL_IGNORE_FILE_WARN

#define BENCH_EMBEDDED
#define NO_CRYPT_TEST
#define NO_CRYPT_BENCHMARK

#ifdef DEBUG_WOLFSSL
    #define XSNPRINTF snprintf
#else
    #define XSNPRINTF /* not used */
#endif

#endif /* !H_USER_SETTINGS_ */