SharkSSL™ Embedded SSL/TLS Stack
SharkSsl Configuration (macros)

Add/remove SharkSSL features and/or optimize for speed versus size. More...

Modules

 HASH algorithms
 

Macros

#define SHARKSSL_USE_AES_256   1
 Enable/disable AES 256.
 
#define SHARKSSL_USE_AES_128   1
 Enable/disable AES 128.
 
#define SHARKSSL_USE_AES_192   0
 AES-192 is not used in SSL/TLS enable only if needed in application using the crypto API.
 
#define SHARKSSL_ENABLE_AES_GCM   1
 AES-GCM require AES: relevant ciphersuites supported only by TLS 1.2.
 
#define SHARKSSL_ENABLE_AES_CCM   1
 AES-CCM require AES: relevant ciphersuites supported only by TLS 1.2.
 
#define SHARKSSL_USE_CHACHA20   1
 Enable/disable CHACHA20 support and also include CHACHA20-POLY1305 ciphersuites when TLS1.2 and POLY1305 are enabled (SHARKSSL_ENABLE_TLS_1_2, SHARKSSL_USE_POLY1305)
 
#define SHARKSSL_USE_3DES   1
 Enable/disable 3DES.
 
#define SHARKSSL_USE_ARC4   0
 Enable/disable ARC4. More...
 
#define SHARKSSL_USE_DES   0
 DES is DEPRECATED.
 
#define SHARKSSL_USE_NULL_CIPHER   0
 For testing only.
 
#define SHARKSSL_ENABLE_MD5_CIPHERSUITES   0
 select 1 to enable DEPRECATED ciphersuites with MD5 hash: TLS_RSA_WITH_RC4_128_MD5 (if SHARKSSL_USE_ARC4 is 1) TLS_RSA_WITH_NULL_MD5 (if SHARKSSL_USE_NULL_CIPHER is 1)
 
#define SHARKSSL_SSL_SERVER_CODE   1
 select 1 to enable SERVER side TLS
 
#define SHARKSSL_ACCEPT_CLIENT_HELLO_2_0   1
 select 1 to accept client hello v2.0 format (DEPRECATED)
 
#define SHARKSSL_ENABLE_CLIENT_AUTH   1
 select 1 to enable client authentication from server
 
#define SHARKSSL_SSL_CLIENT_CODE   1
 select 1 to enable CLIENT side TLS
 
#define SHARKSSL_ENABLE_SNI   1
 select 1 to enable support for Server Name Indication
 
#define SHARKSSL_ENABLE_RSA   1
 select 0 to disable RSA ciphersuites
 
#define SHARKSSL_ENABLE_RSA_BLINDING   1
 select 1 to enable RSA blinding (more secure, more ROM, more RAM)
 
#define SHARKSSL_ENABLE_SESSION_CACHE   1
 select 1 to enable session caching
 
#define SHARKSSL_ENABLE_SECURE_RENEGOTIATION   1
 select 1 to enable renegotiation only secure renegotiation (RFC5746) is supported
 
#define SHARKSSL_ENABLE_CLIENT_INITIATED_RENEGOTIATION   0
 meaningful only if renegotiation is enabled (see above) select 1 to allow client-initiated renegotiation BEWARE: may expose servers to DoS attacks
 
#define SHARKSSL_ENABLE_TLS_1_2   1
 select 1 to enable TLS 1.2 (supporting AES-GCM ciphesuites, SHA-256+ ciphesuites and signatures) enabling TLS 1.2 will enable also TLS 1.1
 
#define SHARKSSL_ENABLE_TLS_1_1   0
 select 1 to enable TLS 1.1 (obsolete)
 
#define SHARKSSL_DISABLE_TLS_1_0   1
 select 1 to disable TLS 1.0 (obsolete)
 
#define SHARKSSL_ENABLE_SSL_3_0   0
 select 1 to enable SSL 3.0 (backward compatibility)
 
#define SHARKSSL_ENABLE_DHE_RSA   1
 select 1 to enable DHE_RSA ciphersuites
 
#define SHARKSSL_ENABLE_SELECT_CIPHERSUITE   1
 Enable/disable the SharkSslCon_selectCiphersuite API.
 
#define SHARKSSL_SELECT_CIPHERSUITE_LIST_DEPTH   8
 Determine the number of ciphersuites that can be selected, in decreasing order of preference; this value is only in effect if the SHARKSSL_ENABLE_SELECT_CIPHERSUITE is selected.
 
#define SHARKSSL_ENABLE_PSK   0
 select 1 to enable PSK ciphersuites - client SSL only
 
#define SHARKSSL_ENABLE_RSA_API   1
 Enable/disable RSA API (sharkssl_RSA_public_encrypt, sharkssl_RSA_private_decrypt, sharkssl_RSA_private_encrypt, sharkssl_RSA_public_decrypt, SharkSslRSAKey_size)
 
#define SHARKSSL_ENABLE_RSA_PKCS1   1
 Enable/disable PKCS1 padding in RSA API (SHARKSSL_ENABLE_RSA_API must be enabled) note: always enabled when SSL client or server enabled.
 
#define SHARKSSL_ENABLE_RSA_OAEP   0
 Enable/disable OAEP padding in RSA API (SHARKSSL_ENABLE_RSA_API must be enabled)
 
#define SHARKSSL_ENABLE_ECDSA_API   1
 Enable/disable ECDSA API (sharkssl_ECDSA_sign, sharkssl_ECDSA_verify, SharkSslECDSA_siglen)
 
#define SHARKSSL_ECDSA_ONLY_VERIFY   0
 Disable ECDSA sign API functions (sharkssl_ECDSA_sign, SharkSslECDSA_siglen) - effective only if ECDSA API is compiled (SHARKSSL_ENABLE_ECDSA_API must be enabled) and no SSL/TLS library used (only RayCrypto); used to achieve minimum code size.
 
#define SHARKSSL_ENABLE_PEM_API   1
 select 1 to enable PEM certs/keys decoding if RSA_API is enabled, then also the functions sharkssl_PEM_to_RSAKey and SharkSslRSAKey_free are available if ECDSA_API is enabled, then also the functions sharkssl_PEM_to_ECCKey and SharkSslECCKey_free are available
 
#define SHARKSSL_ENABLE_ENCRYPTED_PKCS8_SUPPORT   1
 Enable/disable support for encrypted PKCS#8 certificates in sharkssl_PEM function Please notice that SHARKSSL_HMAC_API is required.
 
#define SHARKSSL_ENABLE_INFO_API   1
 Enable/disable SharkSslCon_getCiphersuite and SharkSslCon_getProtocol.
 
#define SHARKSSL_ENABLE_CERT_CHAIN   1
 select 1 to enable certificate chain support
 
#define SHARKSSL_ENABLE_CA_LIST   1
 select 1 to enable CA check (client or server with client auth)
 
#define SHARKSSL_ENABLE_CERTSTORE_API   1
 select 1 to enable certificate storage
 
#define SHARKSSL_ENABLE_CLONE_CERTINFO   1
 select 1 to enable automatic certificate cloning
 
#define SHARKSSL_ENABLE_CERT_KEYUSAGE   0
 select 1 to enable parsing KeyUsage and ExtendedKeyUsage in the certificates
 
#define SHARKSSL_MD5_SMALL_FOOTPRINT   0
 select 1 (small ROM footprint, slow) or 0 (large, fast) More...
 
#define SHARKSSL_SHA256_SMALL_FOOTPRINT   0
 Select 1 for smaller, but slower SHA256.
 
#define SHARKSSL_BIGINT_EXP_SLIDING_WINDOW_K   4
 select a window size between 1 (slower, less RAM) and 5
 
#define SHARKSSL_BIGINT_MULT_LOOP_UNROLL   1
 select 0 (slower, less ROM) or 1 (20% faster, more ROM)
 
#define SHARKSSL_ENABLE_AES_CTR_MODE   1
 select 1 to include AES CTR mode (USE_AES_xxx must be enabled)
 
#define SHARKSSL_DES_CIPHER_LOOP_UNROLL   1
 select 0 (45% less ROM) or 1 (10-15% faster)
 
#define SHARKSSL_AES_CIPHER_LOOP_UNROLL   1
 select 0 (35% less ROM) or 1 (10-15% faster)
 
#define SHARKSSL_UNALIGNED_ACCESS   0
 select 1 if your architecture supports unaligned memory access (x86, ARM-Cortex-M3, ColdFire)
 
#define SHARKSSL_BIGINT_WORDSIZE   32
 select 8, 16 or 32 according to your architecture
 
#define SHARKSSL_USE_ECC   1
 Elliptic Curve Cryptography.
 
#define SHARKSSL_ENABLE_ECDSA   1
 select 1 to enable generation and verification of elliptic curve digital signatures
 
#define SHARKSSL_ECC_VERIFY_POINT   1
 select 1 to verify that a point lies on a curve verification in function SharkSslECNISTCurve_setPoint -larger ROM (parameter B for each curve stored, more code) -slightly slower execution
 
#define SHARKSSL_ECC_USE_SECP192R1   0
 Enable/disable the SECP192R1 curve – deprecated.
 
#define SHARKSSL_ECC_USE_SECP224R1   0
 Enable/disable the SECP224R1 curve – deprecated.
 
#define SHARKSSL_ECC_USE_SECP256R1   1
 Enable/disable the SECP256R1 curve.
 
#define SHARKSSL_ECC_USE_SECP384R1   1
 Enable/disable the SECP384R1 curve.
 
#define SHARKSSL_ECC_USE_SECP521R1   1
 Enable/disable the SECP521R1 curve.
 
#define SHARKSSL_ECC_USE_BRAINPOOLP256R1   1
 Enable/disable the brainpoolP256r1 curve (RFC5639)
 
#define SHARKSSL_ECC_USE_BRAINPOOLP384R1   1
 Enable/disable the brainpoolP384r1 curve (RFC5639)
 
#define SHARKSSL_ECC_USE_BRAINPOOLP512R1   1
 Enable/disable the brainpoolP512r1 curve (RFC5639)
 
#define SHARKSSL_ENABLE_ECDHE_RSA   1
 select 1 to enable ECDHE_RSA ciphersuites (RFC 4492) Elliptic Curve Cryptography (SHARKSSL_USE_ECC) must be enabled
 
#define SHARKSSL_ENABLE_ECDH_RSA   1
 select 1 to enable ECDH_RSA ciphersuites (RFC 4492) Elliptic Curve Cryptography (SHARKSSL_USE_ECC) must be enabled
 
#define SHARKSSL_ENABLE_ECDHE_ECDSA   1
 select 1 to enable ECDHE_ECDSA ciphersuites (RFC 4492) Elliptic Curve Cryptography (SHARKSSL_USE_ECC) must be enabled SHARKSSL_ENABLE_ECDSA must be set
 
#define SHARKSSL_ENABLE_ECDH_ECDSA   1
 select 1 to enable ECDH_ECDSA ciphersuites (RFC 4492) Elliptic Curve Cryptography (SHARKSSL_USE_ECC) must be enabled SHARKSSL_ENABLE_ECDSA must be set
 
#define SHARKSSL_OPTIMIZED_BIGINT_ASM   0
 Enabling big integer assembler library requires SharkSslBigInt_XX.s.
 
#define SHARKSSL_OPTIMIZED_CHACHA_ASM   0
 Enabling assembler optimized CHACHA requires SharkSslCrypto_XX.s.
 
#define SHARKSSL_OPTIMIZED_POLY1305_ASM   0
 Enabling assembler optimized POLY requires SharkSslCrypto_XX.s.
 
#define SHARKSSL_USE_RNG_TINYMT   0
 Setting this macro to 1 enables TINYMT32 and disables other RNG's Please notice that the TinyMT is not recommended for cryptographic applications The SharkSSL implementation passed anyway the bbattery_FIPS_140_2 test of TestU01 (http://simul.iro.umontreal.ca/testu01/tu01.html) http://simul.iro.umontreal.ca/testu01/tu01.html.
 
#define SHARKSSL_USE_RNG_FORTUNA   0
 Setting this macro to 1 enables Fortuna RNG's Suitable to cryptographic applications SHARKSSL_USE_RNG_TINYMT must be disabled AES 256 and SHA 256 must be enabled The SharkSSL implementation passed the bbattery_FIPS_140_2 test of TestU01 (http://simul.iro.umontreal.ca/testu01/tu01.html)
 
#define SHARKSSL_RNG_MULTITHREADED   1
 Setting this macro to 1 enables the usage of sharkssl_rng in a multithreaded environment. More...
 
#define SHARKSSL_CHECKDATE   1
 SharkSslCon_trusted also checks certificate expiration and returns SharkSslConTrust_CertCnDate if date(s) are within: timeFrom <= now and timeTo >= now This setting requires baGetUnixTime() returning the correct time.
 

Detailed Description

Add/remove SharkSSL features and/or optimize for speed versus size.

more stuff here. Fixme.

Macro Definition Documentation

◆ SHARKSSL_MD5_SMALL_FOOTPRINT

#define SHARKSSL_MD5_SMALL_FOOTPRINT   0

select 1 (small ROM footprint, slow) or 0 (large, fast)

SHA 384 is only available in small footprint version, being the fast version only 20% faster at the expense of an 8x code size (benchmarked on ARM Cortex M3)

◆ SHARKSSL_RNG_MULTITHREADED

#define SHARKSSL_RNG_MULTITHREADED   1

Setting this macro to 1 enables the usage of sharkssl_rng in a multithreaded environment.

Please remember to initialize the RNG by calling sharkssl_entropy at least once before calling sharkssl_rng

◆ SHARKSSL_USE_ARC4

#define SHARKSSL_USE_ARC4   0

Enable/disable ARC4.

ARC4 is deemed insecure.