Real Time Logic LLC
This package includes the SharkSSL lite library and header files.
Dependents: WebSocket-Client-Example SharkMQ-LED-Demo
SharkSSL-Lite
Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.
Features
- SSL|TLS v1.2
- Size: 21kB
- Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
- SharkSSL Online Documentation
- SMQ (Simple Message Queues) Client and SMQ Documentation
- Secure WebSocket Client
- Secure MQTT Client
Examples
- SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
- WebSocket Client: Connect to ELIZA the Psychotherapist
Limitations
SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.
ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.
SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.
Creating ECC Certificates for SharkSSL-Lite
The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.
inc/SharkSSL_cfg.h@1:d5e0e1dcf0d6, 2016-05-23 (annotated)
- Committer:
- wini
- Date:
- Mon May 23 13:56:30 2016 +0000
- Revision:
- 1:d5e0e1dcf0d6
- Parent:
- 0:e0adec41ad6b
Type conflict fix (U8-U32) for latest mbed release.
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| wini | 0:e0adec41ad6b | 1 | /* |
| wini | 0:e0adec41ad6b | 2 | * ____ _________ __ _ |
| wini | 0:e0adec41ad6b | 3 | * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____ |
| wini | 0:e0adec41ad6b | 4 | * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/ |
| wini | 0:e0adec41ad6b | 5 | * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__ |
| wini | 0:e0adec41ad6b | 6 | * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/ |
| wini | 0:e0adec41ad6b | 7 | * /____/ |
| wini | 0:e0adec41ad6b | 8 | * |
| wini | 0:e0adec41ad6b | 9 | * SharkSSL Embedded SSL/TLS Stack |
| wini | 0:e0adec41ad6b | 10 | **************************************************************************** |
| wini | 0:e0adec41ad6b | 11 | * PROGRAM MODULE |
| wini | 0:e0adec41ad6b | 12 | * |
| wini | 0:e0adec41ad6b | 13 | * $Id: SharkSSL_cfg.h 3764 2015-09-16 19:37:09Z gianluca $ |
| wini | 0:e0adec41ad6b | 14 | * |
| wini | 0:e0adec41ad6b | 15 | * COPYRIGHT: Real Time Logic LLC, 2010 - 2016 |
| wini | 0:e0adec41ad6b | 16 | * |
| wini | 0:e0adec41ad6b | 17 | * This software is copyrighted by and is the sole property of Real |
| wini | 0:e0adec41ad6b | 18 | * Time Logic LLC. All rights, title, ownership, or other interests in |
| wini | 0:e0adec41ad6b | 19 | * the software remain the property of Real Time Logic LLC. This |
| wini | 0:e0adec41ad6b | 20 | * software may only be used in accordance with the terms and |
| wini | 0:e0adec41ad6b | 21 | * conditions stipulated in the corresponding license agreement under |
| wini | 0:e0adec41ad6b | 22 | * which the software has been supplied. Any unauthorized use, |
| wini | 0:e0adec41ad6b | 23 | * duplication, transmission, distribution, or disclosure of this |
| wini | 0:e0adec41ad6b | 24 | * software is expressly forbidden. |
| wini | 0:e0adec41ad6b | 25 | * |
| wini | 0:e0adec41ad6b | 26 | * This Copyright notice may not be removed or modified without prior |
| wini | 0:e0adec41ad6b | 27 | * written consent of Real Time Logic LLC. |
| wini | 0:e0adec41ad6b | 28 | * |
| wini | 0:e0adec41ad6b | 29 | * Real Time Logic LLC. reserves the right to modify this software |
| wini | 0:e0adec41ad6b | 30 | * without notice. |
| wini | 0:e0adec41ad6b | 31 | * |
| wini | 0:e0adec41ad6b | 32 | * http://www.realtimelogic.com |
| wini | 0:e0adec41ad6b | 33 | * http://www.sharkssl.com |
| wini | 0:e0adec41ad6b | 34 | **************************************************************************** |
| wini | 0:e0adec41ad6b | 35 | |
| wini | 0:e0adec41ad6b | 36 | |
| wini | 0:e0adec41ad6b | 37 | Do not directly edit the options in this file. Instead, add your |
| wini | 0:e0adec41ad6b | 38 | custom options in SharkSSL_opts.h |
| wini | 0:e0adec41ad6b | 39 | |
| wini | 0:e0adec41ad6b | 40 | */ |
| wini | 0:e0adec41ad6b | 41 | #ifndef _SharkSsl_cfg_h |
| wini | 0:e0adec41ad6b | 42 | #define _SharkSsl_cfg_h |
| wini | 0:e0adec41ad6b | 43 | |
| wini | 0:e0adec41ad6b | 44 | #include "SharkSSL_opts.h" |
| wini | 0:e0adec41ad6b | 45 | |
| wini | 0:e0adec41ad6b | 46 | /** @addtogroup SharkSslCfg |
| wini | 0:e0adec41ad6b | 47 | @{ |
| wini | 0:e0adec41ad6b | 48 | */ |
| wini | 0:e0adec41ad6b | 49 | |
| wini | 0:e0adec41ad6b | 50 | /** Enable/disable AES 256 |
| wini | 0:e0adec41ad6b | 51 | */ |
| wini | 0:e0adec41ad6b | 52 | #ifndef SHARKSSL_USE_AES_256 |
| wini | 0:e0adec41ad6b | 53 | #define SHARKSSL_USE_AES_256 1 |
| wini | 0:e0adec41ad6b | 54 | #endif |
| wini | 0:e0adec41ad6b | 55 | |
| wini | 0:e0adec41ad6b | 56 | /** Enable/disable AES 128 |
| wini | 0:e0adec41ad6b | 57 | */ |
| wini | 0:e0adec41ad6b | 58 | #ifndef SHARKSSL_USE_AES_128 |
| wini | 0:e0adec41ad6b | 59 | #define SHARKSSL_USE_AES_128 1 |
| wini | 0:e0adec41ad6b | 60 | #endif |
| wini | 0:e0adec41ad6b | 61 | |
| wini | 0:e0adec41ad6b | 62 | /** |
| wini | 0:e0adec41ad6b | 63 | * AES-192 is not used in SSL/TLS |
| wini | 0:e0adec41ad6b | 64 | * enable only if needed in application using the crypto API |
| wini | 0:e0adec41ad6b | 65 | */ |
| wini | 0:e0adec41ad6b | 66 | #ifndef SHARKSSL_USE_AES_192 |
| wini | 0:e0adec41ad6b | 67 | #define SHARKSSL_USE_AES_192 0 |
| wini | 0:e0adec41ad6b | 68 | #endif |
| wini | 0:e0adec41ad6b | 69 | |
| wini | 0:e0adec41ad6b | 70 | |
| wini | 0:e0adec41ad6b | 71 | /** |
| wini | 0:e0adec41ad6b | 72 | * AES-GCM require AES: |
| wini | 0:e0adec41ad6b | 73 | * relevant ciphersuites supported only by TLS 1.2 |
| wini | 0:e0adec41ad6b | 74 | */ |
| wini | 0:e0adec41ad6b | 75 | #ifndef SHARKSSL_ENABLE_AES_GCM |
| wini | 0:e0adec41ad6b | 76 | #define SHARKSSL_ENABLE_AES_GCM 1 |
| wini | 0:e0adec41ad6b | 77 | #endif |
| wini | 0:e0adec41ad6b | 78 | |
| wini | 0:e0adec41ad6b | 79 | /** |
| wini | 0:e0adec41ad6b | 80 | * AES-CCM require AES: |
| wini | 0:e0adec41ad6b | 81 | * relevant ciphersuites supported only by TLS 1.2 |
| wini | 0:e0adec41ad6b | 82 | */ |
| wini | 0:e0adec41ad6b | 83 | #ifndef SHARKSSL_ENABLE_AES_CCM |
| wini | 0:e0adec41ad6b | 84 | #define SHARKSSL_ENABLE_AES_CCM 1 |
| wini | 0:e0adec41ad6b | 85 | #endif |
| wini | 0:e0adec41ad6b | 86 | |
| wini | 0:e0adec41ad6b | 87 | /** Enable/disable CHACHA20 support and also include |
| wini | 0:e0adec41ad6b | 88 | POLY1305-CHACHA20 ciphersuites when TLS1.2 and POLY1305 are enabled |
| wini | 0:e0adec41ad6b | 89 | (#SHARKSSL_ENABLE_TLS_1_2, #SHARKSSL_USE_POLY1305) |
| wini | 0:e0adec41ad6b | 90 | */ |
| wini | 0:e0adec41ad6b | 91 | #ifndef SHARKSSL_USE_CHACHA20 |
| wini | 0:e0adec41ad6b | 92 | #define SHARKSSL_USE_CHACHA20 1 |
| wini | 0:e0adec41ad6b | 93 | #endif |
| wini | 0:e0adec41ad6b | 94 | |
| wini | 0:e0adec41ad6b | 95 | /** Enable/disable 3DES |
| wini | 0:e0adec41ad6b | 96 | */ |
| wini | 0:e0adec41ad6b | 97 | #ifndef SHARKSSL_USE_3DES |
| wini | 0:e0adec41ad6b | 98 | #define SHARKSSL_USE_3DES 1 |
| wini | 0:e0adec41ad6b | 99 | #endif |
| wini | 0:e0adec41ad6b | 100 | |
| wini | 0:e0adec41ad6b | 101 | /** Enable/disable ARC4. ARC4 is deemed insecure. |
| wini | 0:e0adec41ad6b | 102 | */ |
| wini | 0:e0adec41ad6b | 103 | #ifndef SHARKSSL_USE_ARC4 |
| wini | 0:e0adec41ad6b | 104 | #define SHARKSSL_USE_ARC4 0 |
| wini | 0:e0adec41ad6b | 105 | #endif |
| wini | 0:e0adec41ad6b | 106 | |
| wini | 0:e0adec41ad6b | 107 | /** DES is DEPRECATED */ |
| wini | 0:e0adec41ad6b | 108 | #ifndef SHARKSSL_USE_DES |
| wini | 0:e0adec41ad6b | 109 | #define SHARKSSL_USE_DES 0 |
| wini | 0:e0adec41ad6b | 110 | #endif |
| wini | 0:e0adec41ad6b | 111 | |
| wini | 0:e0adec41ad6b | 112 | /** For testing only */ |
| wini | 0:e0adec41ad6b | 113 | #ifndef SHARKSSL_USE_NULL_CIPHER |
| wini | 0:e0adec41ad6b | 114 | #define SHARKSSL_USE_NULL_CIPHER 0 |
| wini | 0:e0adec41ad6b | 115 | #endif |
| wini | 0:e0adec41ad6b | 116 | |
| wini | 0:e0adec41ad6b | 117 | |
| wini | 0:e0adec41ad6b | 118 | /** \defgroup SharkSslCfgHash HASH algorithms |
| wini | 0:e0adec41ad6b | 119 | \ingroup SharkSslCfg |
| wini | 0:e0adec41ad6b | 120 | @{ |
| wini | 0:e0adec41ad6b | 121 | */ |
| wini | 0:e0adec41ad6b | 122 | |
| wini | 0:e0adec41ad6b | 123 | /** Enable/disable SHA256 support for certificate signatures (SHA256 |
| wini | 0:e0adec41ad6b | 124 | ciphersuites are not included). |
| wini | 0:e0adec41ad6b | 125 | |
| wini | 0:e0adec41ad6b | 126 | SHA256 is included if TLS 1.2 is enabled by setting |
| wini | 0:e0adec41ad6b | 127 | #SHARKSSL_ENABLE_TLS_1_2. |
| wini | 0:e0adec41ad6b | 128 | */ |
| wini | 0:e0adec41ad6b | 129 | #ifndef SHARKSSL_USE_SHA_256 |
| wini | 0:e0adec41ad6b | 130 | #define SHARKSSL_USE_SHA_256 1 |
| wini | 0:e0adec41ad6b | 131 | #endif |
| wini | 0:e0adec41ad6b | 132 | |
| wini | 0:e0adec41ad6b | 133 | /** Enable/disable SHA384 support and also include |
| wini | 0:e0adec41ad6b | 134 | SHA384 ciphersuites when TLS 1.2 is enabled (#SHARKSSL_ENABLE_TLS_1_2) |
| wini | 0:e0adec41ad6b | 135 | */ |
| wini | 0:e0adec41ad6b | 136 | #ifndef SHARKSSL_USE_SHA_384 |
| wini | 0:e0adec41ad6b | 137 | #define SHARKSSL_USE_SHA_384 1 |
| wini | 0:e0adec41ad6b | 138 | #endif |
| wini | 0:e0adec41ad6b | 139 | |
| wini | 0:e0adec41ad6b | 140 | /** Enable/disable SHA512 support: Note SHA512 is not required by SSL/TLS. |
| wini | 0:e0adec41ad6b | 141 | SHA384 ciphersuites when TLS 1.2 is enabled (#SHARKSSL_ENABLE_TLS_1_2) |
| wini | 0:e0adec41ad6b | 142 | */ |
| wini | 0:e0adec41ad6b | 143 | #ifndef SHARKSSL_USE_SHA_512 |
| wini | 0:e0adec41ad6b | 144 | #define SHARKSSL_USE_SHA_512 0 |
| wini | 0:e0adec41ad6b | 145 | #endif |
| wini | 0:e0adec41ad6b | 146 | |
| wini | 0:e0adec41ad6b | 147 | /** SHA1 must be enabled unless SharkSSL is used as a crypto library only. |
| wini | 0:e0adec41ad6b | 148 | */ |
| wini | 0:e0adec41ad6b | 149 | #ifndef SHARKSSL_USE_SHA1 |
| wini | 0:e0adec41ad6b | 150 | #define SHARKSSL_USE_SHA1 1 |
| wini | 0:e0adec41ad6b | 151 | #endif |
| wini | 0:e0adec41ad6b | 152 | |
| wini | 0:e0adec41ad6b | 153 | /** MD5 must be enabled unless SharkSSL is used as a crypto library only. |
| wini | 0:e0adec41ad6b | 154 | */ |
| wini | 0:e0adec41ad6b | 155 | #ifndef SHARKSSL_USE_MD5 |
| wini | 0:e0adec41ad6b | 156 | #define SHARKSSL_USE_MD5 1 |
| wini | 0:e0adec41ad6b | 157 | #endif |
| wini | 0:e0adec41ad6b | 158 | |
| wini | 0:e0adec41ad6b | 159 | /** Enable/disable POLY1305 support and also include |
| wini | 0:e0adec41ad6b | 160 | POLY1305-CHACHA20 ciphersuites when TLS1.2 and CHACHA20 are enabled |
| wini | 0:e0adec41ad6b | 161 | (#SHARKSSL_ENABLE_TLS_1_2, #SHARKSSL_USE_CHACHA20) |
| wini | 0:e0adec41ad6b | 162 | */ |
| wini | 0:e0adec41ad6b | 163 | #ifndef SHARKSSL_USE_POLY1305 |
| wini | 0:e0adec41ad6b | 164 | #define SHARKSSL_USE_POLY1305 1 |
| wini | 0:e0adec41ad6b | 165 | #endif |
| wini | 0:e0adec41ad6b | 166 | |
| wini | 0:e0adec41ad6b | 167 | |
| wini | 0:e0adec41ad6b | 168 | |
| wini | 0:e0adec41ad6b | 169 | |
| wini | 0:e0adec41ad6b | 170 | /** @} */ /* end group SharkSslCfgHash */ |
| wini | 0:e0adec41ad6b | 171 | |
| wini | 0:e0adec41ad6b | 172 | |
| wini | 0:e0adec41ad6b | 173 | /** |
| wini | 0:e0adec41ad6b | 174 | * select 1 to enable DEPRECATED ciphersuites with MD5 hash: |
| wini | 0:e0adec41ad6b | 175 | * TLS_RSA_WITH_RC4_128_MD5 (if SHARKSSL_USE_ARC4 is 1) |
| wini | 0:e0adec41ad6b | 176 | * TLS_RSA_WITH_NULL_MD5 (if SHARKSSL_USE_NULL_CIPHER is 1) |
| wini | 0:e0adec41ad6b | 177 | */ |
| wini | 0:e0adec41ad6b | 178 | #ifndef SHARKSSL_ENABLE_MD5_CIPHERSUITES |
| wini | 0:e0adec41ad6b | 179 | #define SHARKSSL_ENABLE_MD5_CIPHERSUITES 0 |
| wini | 0:e0adec41ad6b | 180 | #endif |
| wini | 0:e0adec41ad6b | 181 | |
| wini | 0:e0adec41ad6b | 182 | |
| wini | 0:e0adec41ad6b | 183 | /* |
| wini | 0:e0adec41ad6b | 184 | * Do not modify the following #if..#endif |
| wini | 0:e0adec41ad6b | 185 | */ |
| wini | 0:e0adec41ad6b | 186 | #if SHARKSSL_ENABLE_MD5_CIPHERSUITES |
| wini | 0:e0adec41ad6b | 187 | #undef SHARKSSL_USE_MD5 |
| wini | 0:e0adec41ad6b | 188 | #define SHARKSSL_USE_MD5 1 |
| wini | 0:e0adec41ad6b | 189 | #endif |
| wini | 0:e0adec41ad6b | 190 | |
| wini | 0:e0adec41ad6b | 191 | |
| wini | 0:e0adec41ad6b | 192 | /** |
| wini | 0:e0adec41ad6b | 193 | * select 1 to enable SERVER side TLS |
| wini | 0:e0adec41ad6b | 194 | */ |
| wini | 0:e0adec41ad6b | 195 | #ifndef SHARKSSL_SSL_SERVER_CODE |
| wini | 0:e0adec41ad6b | 196 | #define SHARKSSL_SSL_SERVER_CODE 1 |
| wini | 0:e0adec41ad6b | 197 | #endif |
| wini | 0:e0adec41ad6b | 198 | |
| wini | 0:e0adec41ad6b | 199 | |
| wini | 0:e0adec41ad6b | 200 | /** |
| wini | 0:e0adec41ad6b | 201 | * select 1 to accept client hello v2.0 format |
| wini | 0:e0adec41ad6b | 202 | * (DEPRECATED) |
| wini | 0:e0adec41ad6b | 203 | */ |
| wini | 0:e0adec41ad6b | 204 | #ifndef SHARKSSL_ACCEPT_CLIENT_HELLO_2_0 |
| wini | 0:e0adec41ad6b | 205 | #define SHARKSSL_ACCEPT_CLIENT_HELLO_2_0 1 |
| wini | 0:e0adec41ad6b | 206 | #endif |
| wini | 0:e0adec41ad6b | 207 | |
| wini | 0:e0adec41ad6b | 208 | |
| wini | 0:e0adec41ad6b | 209 | /** |
| wini | 0:e0adec41ad6b | 210 | * select 1 to enable client authentication from server |
| wini | 0:e0adec41ad6b | 211 | */ |
| wini | 0:e0adec41ad6b | 212 | #ifndef SHARKSSL_ENABLE_CLIENT_AUTH |
| wini | 0:e0adec41ad6b | 213 | #define SHARKSSL_ENABLE_CLIENT_AUTH 1 |
| wini | 0:e0adec41ad6b | 214 | #endif |
| wini | 0:e0adec41ad6b | 215 | |
| wini | 0:e0adec41ad6b | 216 | |
| wini | 0:e0adec41ad6b | 217 | /** |
| wini | 0:e0adec41ad6b | 218 | * select 1 to enable CLIENT side TLS |
| wini | 0:e0adec41ad6b | 219 | */ |
| wini | 0:e0adec41ad6b | 220 | #ifndef SHARKSSL_SSL_CLIENT_CODE |
| wini | 0:e0adec41ad6b | 221 | #define SHARKSSL_SSL_CLIENT_CODE 1 |
| wini | 0:e0adec41ad6b | 222 | #endif |
| wini | 0:e0adec41ad6b | 223 | |
| wini | 0:e0adec41ad6b | 224 | |
| wini | 0:e0adec41ad6b | 225 | /** |
| wini | 0:e0adec41ad6b | 226 | * select 1 to enable support for Server Name Indication (client only) |
| wini | 0:e0adec41ad6b | 227 | */ |
| wini | 0:e0adec41ad6b | 228 | #ifndef SHARKSSL_ENABLE_SNI |
| wini | 0:e0adec41ad6b | 229 | #define SHARKSSL_ENABLE_SNI 1 |
| wini | 0:e0adec41ad6b | 230 | #endif |
| wini | 0:e0adec41ad6b | 231 | |
| wini | 0:e0adec41ad6b | 232 | |
| wini | 0:e0adec41ad6b | 233 | /** |
| wini | 0:e0adec41ad6b | 234 | * select 0 to disable RSA ciphersuites |
| wini | 0:e0adec41ad6b | 235 | */ |
| wini | 0:e0adec41ad6b | 236 | #ifndef SHARKSSL_ENABLE_RSA |
| wini | 0:e0adec41ad6b | 237 | #define SHARKSSL_ENABLE_RSA 1 |
| wini | 0:e0adec41ad6b | 238 | #endif |
| wini | 0:e0adec41ad6b | 239 | |
| wini | 0:e0adec41ad6b | 240 | |
| wini | 0:e0adec41ad6b | 241 | /** |
| wini | 0:e0adec41ad6b | 242 | * select 1 to enable RSA blinding (more secure, more ROM, more RAM) |
| wini | 0:e0adec41ad6b | 243 | */ |
| wini | 0:e0adec41ad6b | 244 | #ifndef SHARKSSL_ENABLE_RSA_BLINDING |
| wini | 0:e0adec41ad6b | 245 | #define SHARKSSL_ENABLE_RSA_BLINDING 1 |
| wini | 0:e0adec41ad6b | 246 | #endif |
| wini | 0:e0adec41ad6b | 247 | |
| wini | 0:e0adec41ad6b | 248 | |
| wini | 0:e0adec41ad6b | 249 | /** |
| wini | 0:e0adec41ad6b | 250 | * select 1 to enable session caching |
| wini | 0:e0adec41ad6b | 251 | */ |
| wini | 0:e0adec41ad6b | 252 | #ifndef SHARKSSL_ENABLE_SESSION_CACHE |
| wini | 0:e0adec41ad6b | 253 | #define SHARKSSL_ENABLE_SESSION_CACHE 1 |
| wini | 0:e0adec41ad6b | 254 | #endif |
| wini | 0:e0adec41ad6b | 255 | |
| wini | 0:e0adec41ad6b | 256 | |
| wini | 0:e0adec41ad6b | 257 | /** |
| wini | 0:e0adec41ad6b | 258 | * select 1 to enable renegotiation |
| wini | 0:e0adec41ad6b | 259 | * only secure renegotiation (RFC5746) is supported |
| wini | 0:e0adec41ad6b | 260 | */ |
| wini | 0:e0adec41ad6b | 261 | #ifndef SHARKSSL_ENABLE_SECURE_RENEGOTIATION |
| wini | 0:e0adec41ad6b | 262 | #define SHARKSSL_ENABLE_SECURE_RENEGOTIATION 1 |
| wini | 0:e0adec41ad6b | 263 | #endif |
| wini | 0:e0adec41ad6b | 264 | |
| wini | 0:e0adec41ad6b | 265 | |
| wini | 0:e0adec41ad6b | 266 | /** |
| wini | 0:e0adec41ad6b | 267 | * meaningful only if renegotiation is enabled (see above) |
| wini | 0:e0adec41ad6b | 268 | * select 1 to allow client-initiated renegotiation |
| wini | 0:e0adec41ad6b | 269 | * BEWARE: may expose servers to DoS attacks |
| wini | 0:e0adec41ad6b | 270 | */ |
| wini | 0:e0adec41ad6b | 271 | #ifndef SHARKSSL_ENABLE_CLIENT_INITIATED_RENEGOTIATION |
| wini | 0:e0adec41ad6b | 272 | #define SHARKSSL_ENABLE_CLIENT_INITIATED_RENEGOTIATION 0 |
| wini | 0:e0adec41ad6b | 273 | #endif |
| wini | 0:e0adec41ad6b | 274 | |
| wini | 0:e0adec41ad6b | 275 | |
| wini | 0:e0adec41ad6b | 276 | /** |
| wini | 0:e0adec41ad6b | 277 | * select 1 to enable TLS 1.2 (supporting AES-GCM ciphesuites, |
| wini | 0:e0adec41ad6b | 278 | * SHA-256+ ciphesuites and signatures) |
| wini | 0:e0adec41ad6b | 279 | * enabling TLS 1.2 will enable also TLS 1.1 |
| wini | 0:e0adec41ad6b | 280 | */ |
| wini | 0:e0adec41ad6b | 281 | #ifndef SHARKSSL_ENABLE_TLS_1_2 |
| wini | 0:e0adec41ad6b | 282 | #define SHARKSSL_ENABLE_TLS_1_2 1 |
| wini | 0:e0adec41ad6b | 283 | #endif |
| wini | 0:e0adec41ad6b | 284 | |
| wini | 0:e0adec41ad6b | 285 | |
| wini | 0:e0adec41ad6b | 286 | /* |
| wini | 0:e0adec41ad6b | 287 | * TLS 1.2 requires SHA-256, do not modify the following settings |
| wini | 0:e0adec41ad6b | 288 | * DES and ClientHello v2.0 are deprecated in TLS 1.2 - RFC5246 |
| wini | 0:e0adec41ad6b | 289 | */ |
| wini | 0:e0adec41ad6b | 290 | #if SHARKSSL_ENABLE_TLS_1_2 |
| wini | 0:e0adec41ad6b | 291 | #undef SHARKSSL_USE_SHA_256 |
| wini | 0:e0adec41ad6b | 292 | #define SHARKSSL_USE_SHA_256 1 |
| wini | 0:e0adec41ad6b | 293 | #endif |
| wini | 0:e0adec41ad6b | 294 | |
| wini | 0:e0adec41ad6b | 295 | |
| wini | 0:e0adec41ad6b | 296 | /** |
| wini | 0:e0adec41ad6b | 297 | * select 1 to enable TLS 1.1 (more secure, slower than TLS 1.0) |
| wini | 0:e0adec41ad6b | 298 | */ |
| wini | 0:e0adec41ad6b | 299 | #ifndef SHARKSSL_ENABLE_TLS_1_1 |
| wini | 0:e0adec41ad6b | 300 | #define SHARKSSL_ENABLE_TLS_1_1 1 |
| wini | 0:e0adec41ad6b | 301 | #endif |
| wini | 0:e0adec41ad6b | 302 | |
| wini | 0:e0adec41ad6b | 303 | |
| wini | 0:e0adec41ad6b | 304 | /** |
| wini | 0:e0adec41ad6b | 305 | * select 1 to enable SSL 3.0 (backward compatibility) |
| wini | 0:e0adec41ad6b | 306 | */ |
| wini | 0:e0adec41ad6b | 307 | #ifndef SHARKSSL_ENABLE_SSL_3_0 |
| wini | 0:e0adec41ad6b | 308 | #define SHARKSSL_ENABLE_SSL_3_0 0 |
| wini | 0:e0adec41ad6b | 309 | #endif |
| wini | 0:e0adec41ad6b | 310 | |
| wini | 0:e0adec41ad6b | 311 | |
| wini | 0:e0adec41ad6b | 312 | /** |
| wini | 0:e0adec41ad6b | 313 | * select 1 to enable DHE_RSA ciphersuites |
| wini | 0:e0adec41ad6b | 314 | */ |
| wini | 0:e0adec41ad6b | 315 | #ifndef SHARKSSL_ENABLE_DHE_RSA |
| wini | 0:e0adec41ad6b | 316 | #define SHARKSSL_ENABLE_DHE_RSA 1 |
| wini | 0:e0adec41ad6b | 317 | #endif |
| wini | 0:e0adec41ad6b | 318 | |
| wini | 0:e0adec41ad6b | 319 | |
| wini | 0:e0adec41ad6b | 320 | /** Enable/disable the SharkSslCon_selectCiphersuite API |
| wini | 0:e0adec41ad6b | 321 | */ |
| wini | 0:e0adec41ad6b | 322 | #ifndef SHARKSSL_ENABLE_SELECT_CIPHERSUITE |
| wini | 0:e0adec41ad6b | 323 | #define SHARKSSL_ENABLE_SELECT_CIPHERSUITE 1 |
| wini | 0:e0adec41ad6b | 324 | #endif |
| wini | 0:e0adec41ad6b | 325 | |
| wini | 0:e0adec41ad6b | 326 | |
| wini | 0:e0adec41ad6b | 327 | /** Determine the number of ciphersuites that can be selected, in |
| wini | 0:e0adec41ad6b | 328 | decreasing order of preference; this value is only in effect if the |
| wini | 0:e0adec41ad6b | 329 | #SHARKSSL_ENABLE_SELECT_CIPHERSUITE is selected. |
| wini | 0:e0adec41ad6b | 330 | */ |
| wini | 0:e0adec41ad6b | 331 | #ifndef SHARKSSL_SELECT_CIPHERSUITE_LIST_DEPTH |
| wini | 0:e0adec41ad6b | 332 | #define SHARKSSL_SELECT_CIPHERSUITE_LIST_DEPTH 8 |
| wini | 0:e0adec41ad6b | 333 | #endif |
| wini | 0:e0adec41ad6b | 334 | |
| wini | 0:e0adec41ad6b | 335 | |
| wini | 0:e0adec41ad6b | 336 | /** |
| wini | 0:e0adec41ad6b | 337 | * select 1 to enable PSK ciphersuites - client SSL only |
| wini | 0:e0adec41ad6b | 338 | */ |
| wini | 0:e0adec41ad6b | 339 | #ifndef SHARKSSL_ENABLE_PSK |
| wini | 0:e0adec41ad6b | 340 | #define SHARKSSL_ENABLE_PSK 0 |
| wini | 0:e0adec41ad6b | 341 | #endif |
| wini | 0:e0adec41ad6b | 342 | |
| wini | 0:e0adec41ad6b | 343 | |
| wini | 0:e0adec41ad6b | 344 | /** Enable/disable RSA API (sharkssl_RSA_public_encrypt, |
| wini | 0:e0adec41ad6b | 345 | * sharkssl_RSA_private_decrypt, sharkssl_RSA_private_encrypt, |
| wini | 0:e0adec41ad6b | 346 | * sharkssl_RSA_public_decrypt, SharkSslRSAKey_size) |
| wini | 0:e0adec41ad6b | 347 | */ |
| wini | 0:e0adec41ad6b | 348 | #ifndef SHARKSSL_ENABLE_RSA_API |
| wini | 0:e0adec41ad6b | 349 | #define SHARKSSL_ENABLE_RSA_API 1 |
| wini | 0:e0adec41ad6b | 350 | #endif |
| wini | 0:e0adec41ad6b | 351 | |
| wini | 0:e0adec41ad6b | 352 | |
| wini | 0:e0adec41ad6b | 353 | /** Enable/disable PKCS1 padding in RSA API |
| wini | 0:e0adec41ad6b | 354 | * (#SHARKSSL_ENABLE_RSA_API must be enabled) |
| wini | 0:e0adec41ad6b | 355 | * note: always enabled when SSL client or server enabled |
| wini | 0:e0adec41ad6b | 356 | */ |
| wini | 0:e0adec41ad6b | 357 | #ifndef SHARKSSL_ENABLE_RSA_PKCS1 |
| wini | 0:e0adec41ad6b | 358 | #define SHARKSSL_ENABLE_RSA_PKCS1 1 |
| wini | 0:e0adec41ad6b | 359 | #endif |
| wini | 0:e0adec41ad6b | 360 | |
| wini | 0:e0adec41ad6b | 361 | |
| wini | 0:e0adec41ad6b | 362 | /** Enable/disable ECDSA API (sharkssl_ECDSA_sign, |
| wini | 0:e0adec41ad6b | 363 | * sharkssl_ECDSA_verify, SharkSslECDSA_siglen) |
| wini | 0:e0adec41ad6b | 364 | */ |
| wini | 0:e0adec41ad6b | 365 | #ifndef SHARKSSL_ENABLE_ECDSA_API |
| wini | 0:e0adec41ad6b | 366 | #define SHARKSSL_ENABLE_ECDSA_API 1 |
| wini | 0:e0adec41ad6b | 367 | #endif |
| wini | 0:e0adec41ad6b | 368 | |
| wini | 0:e0adec41ad6b | 369 | |
| wini | 0:e0adec41ad6b | 370 | /** Disable ECDSA sign API functions (sharkssl_ECDSA_sign, |
| wini | 0:e0adec41ad6b | 371 | * SharkSslECDSA_siglen) - effective only if ECDSA API is |
| wini | 0:e0adec41ad6b | 372 | * compiled (#SHARKSSL_ENABLE_ECDSA_API must be enabled) |
| wini | 0:e0adec41ad6b | 373 | * and no SSL/TLS library used (only RayCrypto); used to |
| wini | 0:e0adec41ad6b | 374 | * achieve minimum code size |
| wini | 0:e0adec41ad6b | 375 | */ |
| wini | 0:e0adec41ad6b | 376 | #ifndef SHARKSSL_ECDSA_ONLY_VERIFY |
| wini | 0:e0adec41ad6b | 377 | #define SHARKSSL_ECDSA_ONLY_VERIFY 0 |
| wini | 0:e0adec41ad6b | 378 | #endif |
| wini | 0:e0adec41ad6b | 379 | |
| wini | 0:e0adec41ad6b | 380 | |
| wini | 0:e0adec41ad6b | 381 | /** |
| wini | 0:e0adec41ad6b | 382 | * select 1 to enable PEM certs/keys decoding |
| wini | 0:e0adec41ad6b | 383 | * if RSA_API is enabled, then also the functions |
| wini | 0:e0adec41ad6b | 384 | * sharkssl_PEM_to_RSAKey and SharkSslRSAKey_free are available |
| wini | 0:e0adec41ad6b | 385 | * if ECDSA_API is enabled, then also the functions |
| wini | 0:e0adec41ad6b | 386 | * sharkssl_PEM_to_ECCKey and SharkSslECCKey_free are available |
| wini | 0:e0adec41ad6b | 387 | */ |
| wini | 0:e0adec41ad6b | 388 | #ifndef SHARKSSL_ENABLE_PEM_API |
| wini | 0:e0adec41ad6b | 389 | #define SHARKSSL_ENABLE_PEM_API 1 |
| wini | 0:e0adec41ad6b | 390 | #endif |
| wini | 0:e0adec41ad6b | 391 | |
| wini | 0:e0adec41ad6b | 392 | |
| wini | 0:e0adec41ad6b | 393 | /** Enable/disable #SharkSslCon_getCiphersuite and #SharkSslCon_getProtocol |
| wini | 0:e0adec41ad6b | 394 | */ |
| wini | 0:e0adec41ad6b | 395 | #ifndef SHARKSSL_ENABLE_INFO_API |
| wini | 0:e0adec41ad6b | 396 | #define SHARKSSL_ENABLE_INFO_API 1 |
| wini | 0:e0adec41ad6b | 397 | #endif |
| wini | 0:e0adec41ad6b | 398 | |
| wini | 0:e0adec41ad6b | 399 | |
| wini | 0:e0adec41ad6b | 400 | /** |
| wini | 0:e0adec41ad6b | 401 | * select 1 to enable certificate chain support |
| wini | 0:e0adec41ad6b | 402 | */ |
| wini | 0:e0adec41ad6b | 403 | #ifndef SHARKSSL_ENABLE_CERT_CHAIN |
| wini | 0:e0adec41ad6b | 404 | #define SHARKSSL_ENABLE_CERT_CHAIN 1 |
| wini | 0:e0adec41ad6b | 405 | #endif |
| wini | 0:e0adec41ad6b | 406 | |
| wini | 0:e0adec41ad6b | 407 | |
| wini | 0:e0adec41ad6b | 408 | /** |
| wini | 0:e0adec41ad6b | 409 | * select 1 to enable CA check |
| wini | 0:e0adec41ad6b | 410 | * (client or server with client auth) |
| wini | 0:e0adec41ad6b | 411 | */ |
| wini | 0:e0adec41ad6b | 412 | #ifndef SHARKSSL_ENABLE_CA_LIST |
| wini | 0:e0adec41ad6b | 413 | #define SHARKSSL_ENABLE_CA_LIST 1 |
| wini | 0:e0adec41ad6b | 414 | #endif |
| wini | 0:e0adec41ad6b | 415 | |
| wini | 0:e0adec41ad6b | 416 | |
| wini | 0:e0adec41ad6b | 417 | /** |
| wini | 0:e0adec41ad6b | 418 | * select 1 to enable certificate storage |
| wini | 0:e0adec41ad6b | 419 | */ |
| wini | 0:e0adec41ad6b | 420 | #ifndef SHARKSSL_ENABLE_CERTSTORE_API |
| wini | 0:e0adec41ad6b | 421 | #define SHARKSSL_ENABLE_CERTSTORE_API 1 |
| wini | 0:e0adec41ad6b | 422 | #endif |
| wini | 0:e0adec41ad6b | 423 | |
| wini | 0:e0adec41ad6b | 424 | |
| wini | 0:e0adec41ad6b | 425 | /** |
| wini | 0:e0adec41ad6b | 426 | * select 1 to enable automatic certificate cloning |
| wini | 0:e0adec41ad6b | 427 | */ |
| wini | 0:e0adec41ad6b | 428 | #ifndef SHARKSSL_ENABLE_CLONE_CERTINFO |
| wini | 0:e0adec41ad6b | 429 | #define SHARKSSL_ENABLE_CLONE_CERTINFO 1 |
| wini | 0:e0adec41ad6b | 430 | #endif |
| wini | 0:e0adec41ad6b | 431 | |
| wini | 0:e0adec41ad6b | 432 | |
| wini | 0:e0adec41ad6b | 433 | /** |
| wini | 0:e0adec41ad6b | 434 | * select 1 to enable parsing KeyUsage and ExtendedKeyUsage |
| wini | 0:e0adec41ad6b | 435 | * in the certificates |
| wini | 0:e0adec41ad6b | 436 | */ |
| wini | 0:e0adec41ad6b | 437 | #ifndef SHARKSSL_ENABLE_CERT_KEYUSAGE |
| wini | 0:e0adec41ad6b | 438 | #define SHARKSSL_ENABLE_CERT_KEYUSAGE 0 |
| wini | 0:e0adec41ad6b | 439 | #endif |
| wini | 0:e0adec41ad6b | 440 | |
| wini | 0:e0adec41ad6b | 441 | |
| wini | 0:e0adec41ad6b | 442 | /** |
| wini | 0:e0adec41ad6b | 443 | * select 1 (small ROM footprint, slow) or 0 (large, fast) |
| wini | 0:e0adec41ad6b | 444 | * |
| wini | 0:e0adec41ad6b | 445 | * SHA 384 is only available in small footprint version, |
| wini | 0:e0adec41ad6b | 446 | * being the fast version only 20% faster at the expense |
| wini | 0:e0adec41ad6b | 447 | * of an 8x code size (benchmarked on ARM Cortex M3) |
| wini | 0:e0adec41ad6b | 448 | */ |
| wini | 0:e0adec41ad6b | 449 | #ifndef SHARKSSL_MD5_SMALL_FOOTPRINT |
| wini | 0:e0adec41ad6b | 450 | #define SHARKSSL_MD5_SMALL_FOOTPRINT 0 |
| wini | 0:e0adec41ad6b | 451 | #endif |
| wini | 0:e0adec41ad6b | 452 | |
| wini | 0:e0adec41ad6b | 453 | #ifndef SHARKSSL_SHA1_SMALL_FOOTPRINT |
| wini | 0:e0adec41ad6b | 454 | #define SHARKSSL_SHA1_SMALL_FOOTPRINT 0 |
| wini | 0:e0adec41ad6b | 455 | #endif |
| wini | 0:e0adec41ad6b | 456 | |
| wini | 0:e0adec41ad6b | 457 | /** Select 1 for smaller, but slower SHA256 |
| wini | 0:e0adec41ad6b | 458 | */ |
| wini | 0:e0adec41ad6b | 459 | #ifndef SHARKSSL_SHA256_SMALL_FOOTPRINT |
| wini | 0:e0adec41ad6b | 460 | #define SHARKSSL_SHA256_SMALL_FOOTPRINT 0 |
| wini | 0:e0adec41ad6b | 461 | #endif |
| wini | 0:e0adec41ad6b | 462 | |
| wini | 0:e0adec41ad6b | 463 | |
| wini | 0:e0adec41ad6b | 464 | /** |
| wini | 0:e0adec41ad6b | 465 | * select a window size between 1 (slower, less RAM) and 5 |
| wini | 0:e0adec41ad6b | 466 | */ |
| wini | 0:e0adec41ad6b | 467 | #ifndef SHARKSSL_BIGINT_EXP_SLIDING_WINDOW_K |
| wini | 0:e0adec41ad6b | 468 | #define SHARKSSL_BIGINT_EXP_SLIDING_WINDOW_K 4 |
| wini | 0:e0adec41ad6b | 469 | #endif |
| wini | 0:e0adec41ad6b | 470 | |
| wini | 0:e0adec41ad6b | 471 | |
| wini | 0:e0adec41ad6b | 472 | /** |
| wini | 0:e0adec41ad6b | 473 | * select 0 (slower, less ROM) or 1 (20% faster, more ROM) |
| wini | 0:e0adec41ad6b | 474 | */ |
| wini | 0:e0adec41ad6b | 475 | #ifndef SHARKSSL_BIGINT_MULT_LOOP_UNROLL |
| wini | 0:e0adec41ad6b | 476 | #define SHARKSSL_BIGINT_MULT_LOOP_UNROLL 1 |
| wini | 0:e0adec41ad6b | 477 | #endif |
| wini | 0:e0adec41ad6b | 478 | |
| wini | 0:e0adec41ad6b | 479 | |
| wini | 0:e0adec41ad6b | 480 | /** |
| wini | 0:e0adec41ad6b | 481 | * select 1 to include AES CTR mode (USE_AES_xxx must be enabled) |
| wini | 0:e0adec41ad6b | 482 | */ |
| wini | 0:e0adec41ad6b | 483 | #ifndef SHARKSSL_ENABLE_AES_CTR_MODE |
| wini | 0:e0adec41ad6b | 484 | #define SHARKSSL_ENABLE_AES_CTR_MODE 1 |
| wini | 0:e0adec41ad6b | 485 | #endif |
| wini | 0:e0adec41ad6b | 486 | |
| wini | 0:e0adec41ad6b | 487 | |
| wini | 0:e0adec41ad6b | 488 | /** |
| wini | 0:e0adec41ad6b | 489 | * select 0 (45% less ROM) or 1 (10-15% faster) |
| wini | 0:e0adec41ad6b | 490 | */ |
| wini | 0:e0adec41ad6b | 491 | #ifndef SHARKSSL_DES_CIPHER_LOOP_UNROLL |
| wini | 0:e0adec41ad6b | 492 | #define SHARKSSL_DES_CIPHER_LOOP_UNROLL 1 |
| wini | 0:e0adec41ad6b | 493 | #endif |
| wini | 0:e0adec41ad6b | 494 | |
| wini | 0:e0adec41ad6b | 495 | |
| wini | 0:e0adec41ad6b | 496 | /** |
| wini | 0:e0adec41ad6b | 497 | * select 0 (35% less ROM) or 1 (10-15% faster) |
| wini | 0:e0adec41ad6b | 498 | */ |
| wini | 0:e0adec41ad6b | 499 | #ifndef SHARKSSL_AES_CIPHER_LOOP_UNROLL |
| wini | 0:e0adec41ad6b | 500 | #define SHARKSSL_AES_CIPHER_LOOP_UNROLL 1 |
| wini | 0:e0adec41ad6b | 501 | #endif |
| wini | 0:e0adec41ad6b | 502 | |
| wini | 0:e0adec41ad6b | 503 | |
| wini | 0:e0adec41ad6b | 504 | /** |
| wini | 0:e0adec41ad6b | 505 | * select 1 if your architecture supports unaligned memory |
| wini | 0:e0adec41ad6b | 506 | * access (x86, ARM-Cortex-M3, ColdFire) |
| wini | 0:e0adec41ad6b | 507 | */ |
| wini | 0:e0adec41ad6b | 508 | #ifndef SHARKSSL_UNALIGNED_ACCESS |
| wini | 0:e0adec41ad6b | 509 | #ifdef UNALIGNED_ACCESS |
| wini | 0:e0adec41ad6b | 510 | #define SHARKSSL_UNALIGNED_ACCESS 1 |
| wini | 0:e0adec41ad6b | 511 | #else |
| wini | 0:e0adec41ad6b | 512 | #define SHARKSSL_UNALIGNED_ACCESS 0 |
| wini | 0:e0adec41ad6b | 513 | #endif |
| wini | 0:e0adec41ad6b | 514 | #endif |
| wini | 0:e0adec41ad6b | 515 | |
| wini | 0:e0adec41ad6b | 516 | |
| wini | 0:e0adec41ad6b | 517 | /** |
| wini | 0:e0adec41ad6b | 518 | * select 8, 16 or 32 according to your architecture |
| wini | 0:e0adec41ad6b | 519 | */ |
| wini | 0:e0adec41ad6b | 520 | #ifndef SHARKSSL_BIGINT_WORDSIZE |
| wini | 0:e0adec41ad6b | 521 | #define SHARKSSL_BIGINT_WORDSIZE 32 |
| wini | 0:e0adec41ad6b | 522 | #endif |
| wini | 0:e0adec41ad6b | 523 | |
| wini | 0:e0adec41ad6b | 524 | |
| wini | 0:e0adec41ad6b | 525 | /** |
| wini | 0:e0adec41ad6b | 526 | * Elliptic Curve Cryptography |
| wini | 0:e0adec41ad6b | 527 | */ |
| wini | 0:e0adec41ad6b | 528 | #ifndef SHARKSSL_USE_ECC |
| wini | 0:e0adec41ad6b | 529 | #define SHARKSSL_USE_ECC 1 |
| wini | 0:e0adec41ad6b | 530 | #endif |
| wini | 0:e0adec41ad6b | 531 | |
| wini | 0:e0adec41ad6b | 532 | |
| wini | 0:e0adec41ad6b | 533 | /** |
| wini | 0:e0adec41ad6b | 534 | * select 1 to enable generation and verification of |
| wini | 0:e0adec41ad6b | 535 | * elliptic curve digital signatures |
| wini | 0:e0adec41ad6b | 536 | */ |
| wini | 0:e0adec41ad6b | 537 | #ifndef SHARKSSL_ENABLE_ECDSA |
| wini | 0:e0adec41ad6b | 538 | #define SHARKSSL_ENABLE_ECDSA 1 |
| wini | 0:e0adec41ad6b | 539 | #endif |
| wini | 0:e0adec41ad6b | 540 | |
| wini | 0:e0adec41ad6b | 541 | |
| wini | 0:e0adec41ad6b | 542 | /** |
| wini | 0:e0adec41ad6b | 543 | * select 1 to verify that a point lies on a curve |
| wini | 0:e0adec41ad6b | 544 | * verification in function SharkSslECNISTCurve_setPoint |
| wini | 0:e0adec41ad6b | 545 | * -larger ROM (parameter B for each curve stored, more code) |
| wini | 0:e0adec41ad6b | 546 | * -slightly slower execution |
| wini | 0:e0adec41ad6b | 547 | */ |
| wini | 0:e0adec41ad6b | 548 | #ifndef SHARKSSL_ECC_VERIFY_POINT |
| wini | 0:e0adec41ad6b | 549 | #define SHARKSSL_ECC_VERIFY_POINT 1 |
| wini | 0:e0adec41ad6b | 550 | #endif |
| wini | 0:e0adec41ad6b | 551 | |
| wini | 0:e0adec41ad6b | 552 | |
| wini | 0:e0adec41ad6b | 553 | /** |
| wini | 0:e0adec41ad6b | 554 | */ |
| wini | 0:e0adec41ad6b | 555 | #ifndef SHARKSSL_ECC_TIMING_RESISTANT |
| wini | 0:e0adec41ad6b | 556 | #define SHARKSSL_ECC_TIMING_RESISTANT 0 |
| wini | 0:e0adec41ad6b | 557 | #endif |
| wini | 0:e0adec41ad6b | 558 | |
| wini | 0:e0adec41ad6b | 559 | /** Enable/disable the SECP192R1 curve -- deprecated |
| wini | 0:e0adec41ad6b | 560 | */ |
| wini | 0:e0adec41ad6b | 561 | #ifndef SHARKSSL_ECC_USE_SECP192R1 |
| wini | 0:e0adec41ad6b | 562 | #define SHARKSSL_ECC_USE_SECP192R1 0 |
| wini | 0:e0adec41ad6b | 563 | #endif |
| wini | 0:e0adec41ad6b | 564 | |
| wini | 0:e0adec41ad6b | 565 | /** Enable/disable the SECP224R1 curve -- deprecated |
| wini | 0:e0adec41ad6b | 566 | */ |
| wini | 0:e0adec41ad6b | 567 | #ifndef SHARKSSL_ECC_USE_SECP224R1 |
| wini | 0:e0adec41ad6b | 568 | #define SHARKSSL_ECC_USE_SECP224R1 0 |
| wini | 0:e0adec41ad6b | 569 | #endif |
| wini | 0:e0adec41ad6b | 570 | |
| wini | 0:e0adec41ad6b | 571 | /** Enable/disable the SECP256R1 curve |
| wini | 0:e0adec41ad6b | 572 | */ |
| wini | 0:e0adec41ad6b | 573 | #ifndef SHARKSSL_ECC_USE_SECP256R1 |
| wini | 0:e0adec41ad6b | 574 | #define SHARKSSL_ECC_USE_SECP256R1 1 |
| wini | 0:e0adec41ad6b | 575 | #endif |
| wini | 0:e0adec41ad6b | 576 | |
| wini | 0:e0adec41ad6b | 577 | /** Enable/disable the SECP384R1 curve |
| wini | 0:e0adec41ad6b | 578 | */ |
| wini | 0:e0adec41ad6b | 579 | #ifndef SHARKSSL_ECC_USE_SECP384R1 |
| wini | 0:e0adec41ad6b | 580 | #define SHARKSSL_ECC_USE_SECP384R1 1 |
| wini | 0:e0adec41ad6b | 581 | #endif |
| wini | 0:e0adec41ad6b | 582 | |
| wini | 0:e0adec41ad6b | 583 | /** Enable/disable the SECP521R1 curve |
| wini | 0:e0adec41ad6b | 584 | */ |
| wini | 0:e0adec41ad6b | 585 | #ifndef SHARKSSL_ECC_USE_SECP521R1 |
| wini | 0:e0adec41ad6b | 586 | #define SHARKSSL_ECC_USE_SECP521R1 1 |
| wini | 0:e0adec41ad6b | 587 | #endif |
| wini | 0:e0adec41ad6b | 588 | |
| wini | 0:e0adec41ad6b | 589 | |
| wini | 0:e0adec41ad6b | 590 | /** |
| wini | 0:e0adec41ad6b | 591 | * select 1 to enable ECDHE_RSA ciphersuites (RFC 4492) |
| wini | 0:e0adec41ad6b | 592 | * Elliptic Curve Cryptography (#SHARKSSL_USE_ECC) must be enabled |
| wini | 0:e0adec41ad6b | 593 | */ |
| wini | 0:e0adec41ad6b | 594 | #ifndef SHARKSSL_ENABLE_ECDHE_RSA |
| wini | 0:e0adec41ad6b | 595 | #define SHARKSSL_ENABLE_ECDHE_RSA 1 |
| wini | 0:e0adec41ad6b | 596 | #endif |
| wini | 0:e0adec41ad6b | 597 | |
| wini | 0:e0adec41ad6b | 598 | |
| wini | 0:e0adec41ad6b | 599 | /** |
| wini | 0:e0adec41ad6b | 600 | * select 1 to enable ECDH_RSA ciphersuites (RFC 4492) |
| wini | 0:e0adec41ad6b | 601 | * Elliptic Curve Cryptography (#SHARKSSL_USE_ECC) must be enabled |
| wini | 0:e0adec41ad6b | 602 | */ |
| wini | 0:e0adec41ad6b | 603 | #ifndef SHARKSSL_ENABLE_ECDH_RSA |
| wini | 0:e0adec41ad6b | 604 | #define SHARKSSL_ENABLE_ECDH_RSA 1 |
| wini | 0:e0adec41ad6b | 605 | #endif |
| wini | 0:e0adec41ad6b | 606 | |
| wini | 0:e0adec41ad6b | 607 | |
| wini | 0:e0adec41ad6b | 608 | /** |
| wini | 0:e0adec41ad6b | 609 | * select 1 to enable ECDHE_ECDSA ciphersuites (RFC 4492) |
| wini | 0:e0adec41ad6b | 610 | * Elliptic Curve Cryptography (#SHARKSSL_USE_ECC) must be enabled |
| wini | 0:e0adec41ad6b | 611 | * SHARKSSL_ENABLE_ECDSA must be set |
| wini | 0:e0adec41ad6b | 612 | */ |
| wini | 0:e0adec41ad6b | 613 | #ifndef SHARKSSL_ENABLE_ECDHE_ECDSA |
| wini | 0:e0adec41ad6b | 614 | #define SHARKSSL_ENABLE_ECDHE_ECDSA 1 |
| wini | 0:e0adec41ad6b | 615 | #endif |
| wini | 0:e0adec41ad6b | 616 | |
| wini | 0:e0adec41ad6b | 617 | |
| wini | 0:e0adec41ad6b | 618 | /** |
| wini | 0:e0adec41ad6b | 619 | * select 1 to enable ECDH_ECDSA ciphersuites (RFC 4492) |
| wini | 0:e0adec41ad6b | 620 | * Elliptic Curve Cryptography (#SHARKSSL_USE_ECC) must be enabled |
| wini | 0:e0adec41ad6b | 621 | * SHARKSSL_ENABLE_ECDSA must be set |
| wini | 0:e0adec41ad6b | 622 | */ |
| wini | 0:e0adec41ad6b | 623 | #ifndef SHARKSSL_ENABLE_ECDH_ECDSA |
| wini | 0:e0adec41ad6b | 624 | #define SHARKSSL_ENABLE_ECDH_ECDSA 1 |
| wini | 0:e0adec41ad6b | 625 | #endif |
| wini | 0:e0adec41ad6b | 626 | |
| wini | 0:e0adec41ad6b | 627 | |
| wini | 0:e0adec41ad6b | 628 | /** Enabling big integer assembler library requires SharkSslBigInt_XX.s |
| wini | 0:e0adec41ad6b | 629 | */ |
| wini | 0:e0adec41ad6b | 630 | #ifndef SHARKSSL_OPTIMIZED_BIGINT_ASM |
| wini | 0:e0adec41ad6b | 631 | #define SHARKSSL_OPTIMIZED_BIGINT_ASM 0 |
| wini | 0:e0adec41ad6b | 632 | #endif |
| wini | 0:e0adec41ad6b | 633 | |
| wini | 0:e0adec41ad6b | 634 | /** Enabling assembler optimized CHACHA requires SharkSslCrypto_XX.s |
| wini | 0:e0adec41ad6b | 635 | */ |
| wini | 0:e0adec41ad6b | 636 | #ifndef SHARKSSL_OPTIMIZED_CHACHA_ASM |
| wini | 0:e0adec41ad6b | 637 | #define SHARKSSL_OPTIMIZED_CHACHA_ASM 0 |
| wini | 0:e0adec41ad6b | 638 | #endif |
| wini | 0:e0adec41ad6b | 639 | |
| wini | 0:e0adec41ad6b | 640 | /** Enabling assembler optimized POLY requires SharkSslCrypto_XX.s |
| wini | 0:e0adec41ad6b | 641 | */ |
| wini | 0:e0adec41ad6b | 642 | #ifndef SHARKSSL_OPTIMIZED_POLY1305_ASM |
| wini | 0:e0adec41ad6b | 643 | #define SHARKSSL_OPTIMIZED_POLY1305_ASM 0 |
| wini | 0:e0adec41ad6b | 644 | #endif |
| wini | 0:e0adec41ad6b | 645 | |
| wini | 0:e0adec41ad6b | 646 | /** Setting this macro to 1 enables TINYMT32 and disables the ISAAC generator |
| wini | 0:e0adec41ad6b | 647 | */ |
| wini | 0:e0adec41ad6b | 648 | #ifndef SHARKSSL_USE_RNG_TINYMT |
| wini | 0:e0adec41ad6b | 649 | #define SHARKSSL_USE_RNG_TINYMT 0 |
| wini | 0:e0adec41ad6b | 650 | #endif |
| wini | 0:e0adec41ad6b | 651 | |
| wini | 0:e0adec41ad6b | 652 | #ifndef SHARKSSL_NOPACK |
| wini | 0:e0adec41ad6b | 653 | #define SHARKSSL_NOPACK 0 |
| wini | 0:e0adec41ad6b | 654 | #endif |
| wini | 0:e0adec41ad6b | 655 | |
| wini | 0:e0adec41ad6b | 656 | /** @} */ /* end group SharkSslCfg */ |
| wini | 0:e0adec41ad6b | 657 | |
| wini | 0:e0adec41ad6b | 658 | #endif |