Detailed Description

Add/remove SharkSSL features and/or optimize for speed versus size.

more stuff here. Fixme.

Modules
	HASH algorithms

Macros
#define	SHARKSSL_TLS_1_3 1
	TLS 1.3 stack Disable by setting SHARKSSL_TLS_1_3=0.

#define	SHARKSSL_TLS_1_2 1
	TLS 1.2 stack Disable by setting SHARKSSL_TLS_1_2=0.

#define	SHARKSSL_USE_AES_256 1
	Enable/disable AES 256.

#define	SHARKSSL_USE_AES_128 1
	Enable/disable AES 128.

#define	SHARKSSL_USE_AES_192 0
	AES-192 is not used in SSL/TLS enable only if needed in application using the crypto API.

#define	SHARKSSL_ENABLE_AES_GCM 1
	AES-GCM require AES: relevant ciphersuites are included.

#define	SHARKSSL_ENABLE_AES_CCM 0
	AES-CCM require AES: only for crypto functions - CCM TLS ciphersuites removed.

#define	SHARKSSL_ENABLE_AES_CBC 0
	AES-CBC require AES: CBC TLS ciphersuites removed for crypto functions and PEM certificate decryption.

#define	SHARKSSL_USE_CHACHA20 1
	Enable/disable CHACHA20 support and also include CHACHA20-POLY1305 ciphersuites when TLS1.2 and POLY1305 are enabled (SHARKSSL_USE_POLY1305)

#define	SHARKSSL_SSL_SERVER_CODE 1
	Select 1 to enable SERVER side TLS.

#define	SHARKSSL_ENABLE_CLIENT_AUTH 1
	Select 1 to enable client authentication from server.

#define	SHARKSSL_SSL_CLIENT_CODE 1
	Select 1 to enable CLIENT side TLS.

#define	SHARKSSL_RANDOMIZE_EXTENSIONS 1
	Select 1 to randomize the order of extensions in ClientHello

#define	SHARKSSL_ENABLE_SNI 1
	Select 1 to enable support for Server Name Indication.

#define	SHARKSSL_ENABLE_CA_EXTENSION 1
	Select 1 to enable support for Certificate Authorities extension (RFC 8446 section 4.2.4) Note: SHARKSSL_TLS_1_3 must be enabled.

#define	SHARKSSL_ENABLE_RSA 1
	Select 0 to disable RSA ciphersuites.

#define	SHARKSSL_ENABLE_SESSION_CACHE 1
	Select 1 to enable session caching.

#define	SHARKSSL_ENABLE_SECURE_RENEGOTIATION SHARKSSL_TLS_1_2
	Select 1 to enable renegotiation Only secure renegotiation (RFC 5746) is supported Note: with the default define below, it is enabled whenever TLS 1.2 is NOTE: IMPLEMENTED ONLY ON THE SERVER SIDE.

#define	SHARKSSL_ENABLE_DHE_RSA SHARKSSL_TLS_1_2
	Select 1 to enable DHE_RSA ciphersuites Note: with the default define below, it is enabled whenever TLS 1.2 is.

#define	SHARKSSL_ENABLE_SELECT_CIPHERSUITE 1
	Enable/disable the SharkSslCon_selectCiphersuite API.

#define	SHARKSSL_SELECT_CIPHERSUITE_LIST_DEPTH 8
	Determine the number of ciphersuites that can be selected, in decreasing order of preference; this value is only in effect if the SHARKSSL_ENABLE_SELECT_CIPHERSUITE is selected.

#define	SHARKSSL_ENABLE_ALPN_EXTENSION 1
	Enable/disable ALPN API (support for ALPN extension, RFC 7301)

#define	SHARKSSL_ENABLE_RSA_API 1
	Enable/disable RSA API (sharkssl_RSA_public_encrypt, sharkssl_RSA_private_decrypt, sharkssl_RSA_private_encrypt, sharkssl_RSA_public_decrypt, SharkSslRSAKey_size)

#define	SHARKSSL_ENABLE_RSA_PKCS1 1
	Enable/disable PKCS1 padding in RSA API (SHARKSSL_ENABLE_RSA_API must be enabled) note: always enabled when SSL client or server enabled.

#define	SHARKSSL_ENABLE_RSASSA_PSS SHARKSSL_TLS_1_3
	Enable/disable RSASSA-PSS padding in RSA API (RFC 8017) (SHARKSSL_ENABLE_RSA_API must be enabled) note: with the default define below, it is enabled whenever TLS 1.3 is.

#define	SHARKSSL_ENABLE_RSA_OAEP 0
	Enable/disable OAEP padding in RSA API (SHARKSSL_ENABLE_RSA_API must be enabled)

#define	SHARKSSL_ENABLE_ECDSA_API 1
	Enable/disable ECDSA API (sharkssl_ECDSA_sign, sharkssl_ECDSA_verify, SharkSslECDSA_siglen)

#define	SHARKSSL_ECDSA_ONLY_VERIFY 0
	Disable ECDSA sign API functions (sharkssl_ECDSA_sign, SharkSslECDSA_siglen) - effective only if ECDSA API is compiled (SHARKSSL_ENABLE_ECDSA_API must be enabled) and no SSL/TLS library used (only RayCrypto); used to achieve minimum code size.

#define	SHARKSSL_ENABLE_PEM_API 1
	Select 1 to enable PEM certs/keys decoding If RSA_API is enabled, then also the functions sharkssl_PEM_to_RSAKey and SharkSslRSAKey_free are available If ECDSA_API is enabled, then also the functions sharkssl_PEM_to_ECCKey and SharkSslECCKey_free are available.

#define	SHARKSSL_ENABLE_ENCRYPTED_PKCS8_SUPPORT 0
	Enable/disable support for encrypted PKCS#8 certificates in sharkssl_PEM function (requires SHARKSSL_ENABLE_AES_CBC)

#define	SHARKSSL_ENABLE_INFO_API 1
	Enable/disable SharkSslCon_getCiphersuite.

#define	SHARKSSL_ENABLE_CERT_CHAIN 1
	Select 1 to enable certificate chain support.

#define	SHARKSSL_ENABLE_CA_LIST 1
	Select 1 to enable CA check (client or server with client auth)

#define	SHARKSSL_ENABLE_CERTSTORE_API 1
	Select 1 to enable certificate storage.

#define	SHARKSSL_ENABLE_CERT_KEYUSAGE 0
	Automatic certificate cloning - always enabled. More...

#define	SHARKSSL_MD5_SMALL_FOOTPRINT 0
	Select 1 (small ROM footprint, slow) or 0 (large, fast) More...

#define	SHARKSSL_SHA256_SMALL_FOOTPRINT 0
	Select 1 for smaller, but slower SHA256.

#define	SHARKSSL_BIGINT_EXP_SLIDING_WINDOW_K 4
	Select a window size between 1 (slower, less RAM) and 5.

#define	SHARKSSL_BIGINT_MULT_LOOP_UNROLL 1
	Select 0 (slower, less ROM) or 1 (20% faster, more ROM)

#define	SHARKSSL_ENABLE_AES_CTR_MODE 1
	Select 1 to include AES CTR mode (USE_AES_xxx must be enabled)

#define	SHARKSSL_AES_CIPHER_LOOP_UNROLL 1
	Select 0 (35% less ROM) or 1 (10-15% faster)

#define	SHARKSSL_UNALIGNED_ACCESS 0
	Select 1 if your architecture supports unaligned memory access (x86, ARM-Cortex-M3, ColdFire)

#define	SHARKSSL_BIGINT_WORDSIZE 32
	Select 8, 16 or 32 according to your architecture.

#define	SHARKSSL_USE_ECC 1
	Elliptic Curve Cryptography.

#define	SHARKSSL_ENABLE_ECDSA 1
	Select 1 to enable generation and verification of elliptic curve digital signatures.

#define	SHARKSSL_ECC_VERIFY_POINT 1
	Select 1 to verify that a point lies on a curve verification in function SharkSslECNISTCurve_setPoint -larger ROM (parameter B for each curve stored, more code) -slightly slower execution.

#define	SHARKSSL_ECC_TIMING_RESISTANT 1
	Enable timing resistant ECC algorithms DISABLE AT YOUR OWN RISK!

#define	SHARKSSL_BIGINT_TIMING_RESISTANT 1
	Enable timing resistant big integer functions Enabled by default when the above is enabled DISABLE AT YOUR OWN RISK! More...

#define	SHARKSSL_BIGINT_TIMING_RESISTANT 1
	Enable timing resistant big integer functions Enabled by default when the above is enabled DISABLE AT YOUR OWN RISK! More...

#define	SHARKSSL_ECC_USE_SECP256R1 1
	Enable/disable the SECP256R1 curve.

#define	SHARKSSL_ECC_USE_SECP384R1 1
	Enable/disable the SECP384R1 curve.

#define	SHARKSSL_ECC_USE_SECP521R1 1
	Enable/disable the SECP521R1 curve.

#define	SHARKSSL_ECC_USE_BRAINPOOLP256R1 1
	Enable/disable the brainpoolP256r1 curve (RFC 5639)

#define	SHARKSSL_ECC_USE_BRAINPOOLP384R1 1
	Enable/disable the brainpoolP384r1 curve (RFC 5639)

#define	SHARKSSL_ECC_USE_BRAINPOOLP512R1 1
	Enable/disable the brainpoolP512r1 curve (RFC 5639)

#define	SHARKSSL_ECC_USE_CURVE25519 1
	Enable/disable the Curve25519 curve (RFC 7748)

#define	SHARKSSL_ECC_USE_CURVE448 0
	Enable/disable the Curve448 curve (RFC 7748)

#define	SHARKSSL_ENABLE_ECDHE_RSA 1
	Select 1 to enable ECDHE_RSA ciphersuites (RFC 4492) Elliptic Curve Cryptography (SHARKSSL_USE_ECC) must be enabled RSA (SHARKSSL_ENABLE_RSA) must be enabled.

#define	SHARKSSL_ENABLE_ECDHE_ECDSA 1
	Select 1 to enable ECDHE_ECDSA ciphersuites (RFC 4492) Elliptic Curve Cryptography (SHARKSSL_USE_ECC) must be enabled SHARKSSL_ENABLE_ECDSA must be set.

#define	SHARKSSL_OPTIMIZED_BIGINT_ASM 0
	Enabling big integer assembler library requires SharkSslBigInt_XX.s.

#define	SHARKSSL_OPTIMIZED_CHACHA_ASM 0
	Enabling assembler optimized CHACHA requires SharkSslCrypto_XX.s.

#define	SHARKSSL_OPTIMIZED_POLY1305_ASM 0
	Enabling assembler optimized POLY requires SharkSslCrypto_XX.s.

#define	SHARKSSL_USE_RNG_TINYMT 0
	Setting this macro to 1 enables TINYMT32 and disables other RNG's Please notice that the TinyMT is not recommended for cryptographic applications The SharkSSL implementation passed anyway the bbattery_FIPS_140_2 test of TestU01 (http://simul.iro.umontreal.ca/testu01/tu01.html) http://simul.iro.umontreal.ca/testu01/tu01.html.

#define	SHARKSSL_USE_RNG_FORTUNA 0
	Setting this macro to 1 enables Fortuna RNG's Suitable to cryptographic applications SHARKSSL_USE_RNG_TINYMT must be disabled AES 256 and SHA 256 must be enabled The SharkSSL implementation passed the bbattery_FIPS_140_2 test of TestU01 (http://simul.iro.umontreal.ca/testu01/tu01.html)

#define	SHARKSSL_RNG_MULTITHREADED 1
	Setting this macro to 1 enables the usage of sharkssl_rng in a multithreaded environment. More...

#define	SHARKSSL_NOPACK 0
	Do not pack option.

#define	SHARKSSL_CHECK_DATE 0
	SharkSslCon_trusted also checks certificate expiration and returns SharkSslConTrust_CertCnDate if date(s) are within: timeFrom <= now and timeTo >= now This setting requires baGetUnixTime() returning the correct time.

Macro Definition Documentation

◆ SHARKSSL_BIGINT_TIMING_RESISTANT [1/2]

#define SHARKSSL_BIGINT_TIMING_RESISTANT 1

Enable timing resistant big integer functions Enabled by default when the above is enabled DISABLE AT YOUR OWN RISK!

sanity #defines — do not edit below this line!

◆ SHARKSSL_BIGINT_TIMING_RESISTANT [2/2]

#define SHARKSSL_BIGINT_TIMING_RESISTANT 1

Enable timing resistant big integer functions Enabled by default when the above is enabled DISABLE AT YOUR OWN RISK!

sanity #defines — do not edit below this line!

◆ SHARKSSL_ENABLE_CERT_KEYUSAGE

#define SHARKSSL_ENABLE_CERT_KEYUSAGE 0

Automatic certificate cloning - always enabled.

Select 1 to enable parsing KeyUsage and ExtendedKeyUsage in the certificates

◆ SHARKSSL_MD5_SMALL_FOOTPRINT

#define SHARKSSL_MD5_SMALL_FOOTPRINT 0

Select 1 (small ROM footprint, slow) or 0 (large, fast)

SHA 384 is only available in small footprint version, being the fast version only 20% faster at the expense of an 8x code size (benchmarked on ARM Cortex M3)

◆ SHARKSSL_RNG_MULTITHREADED

#define SHARKSSL_RNG_MULTITHREADED 1

Setting this macro to 1 enables the usage of sharkssl_rng in a multithreaded environment.

Please remember to initialize the RNG by calling sharkssl_entropy at least once before calling sharkssl_rng