Topic: Using only specific components from WolfSSL

Hi,

Firstly, thank you for maintaining this library, it's great. I'm a C/C++ beginner and I've been trying it for a while. Now I tested it with my ESP32 which has limited resources and it works great.
It has all what I need but probably somewhat too much, cause I don't want to waste flash space on something I won't be using.

My problem probably sounds really stupid so sorry about that, I want to use WolfCrypt/WolfSSL but without SSL in it.
I need only:
- aes-256-ctr
- shake256 and sha3-256
- Ed25519 and Curve25519
- HMAC

From what I understand, my project probably requires only WolfCrypt but I don't know how to compile it with ESP-IDF.

Is there a way to achieve anything like that?
I would be very greatful if someone could help me with it


My current user_settings.h looks like that:

/* user_settings.h
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/

#define BENCH_EMBEDDED
#define USE_CERT_BUFFERS_2048

#define WOLFSSL_SHAKE256
#define WOLFSSL_SHA3

#define NO_WOLFSSL_CLIENT
#define NO_WOLFSSL_SERVER
#define NO_DES3
#define NO_MD4
#define NO_MD5
#define NO_SHA
#define NO_RC4
#define NO_RABIIT
#define NO_TLS
#define WOLFSSL_NO_TLS12
#define WOLFSSL_NO_TLS13
#define NO_OLD_TLS
#define NO_SESSION_CACHE
#define NO_RSA
#define NO_AES_CBC
#define NO_PWDBASED
#define WOLFSSL_ALLOW_NO_SUITES

/* TLS 1.3                                 */
// #define WOLFSSL_TLS13
// #define HAVE_TLS_EXTENSIONS
// #define WC_RSA_PSS
// #define HAVE_HKDF
// #define HAVE_AEAD
// #define HAVE_SUPPORTED_CURVES

/* when you want to use SINGLE THREAD */
/* #define SINGLE_THREADED */
#define NO_FILESYSTEM

// #define HAVE_AESGCM
/* when you want to use SHA384 */
// #define WOLFSSL_SHA384
// #define WOLFSSL_SHA512
//#define HAVE_ECC
//#define HAVE_CURVE25519
//#define CURVE25519_SMALL
//#define HAVE_ED25519

/* when you want to use pkcs7 */
/* #define HAVE_PKCS7 */

#if defined(HAVE_PKCS7)
    #define HAVE_AES_KEYWRAP
    #define HAVE_X963_KDF
    #define WOLFSSL_AES_DIRECT
#endif

/* when you want to use aes counter mode */
#define WOLFSSL_AES_DIRECT
#define WOLFSSL_AES_COUNTER

/* esp32-wroom-32se specific definition */
#if defined(WOLFSSL_ESPWROOM32SE)
    #define WOLFSSL_ATECC508A
    #define HAVE_PK_CALLBACKS
    /* when you want to use a custom slot allocation for ATECC608A */
    /* unless your configuration is unusual, you can use default   */
    /* implementation.                                             */
    /* #define CUSTOM_SLOT_ALLOCATION                              */
#endif

/* rsa primitive specific definition */
#if defined(WOLFSSL_ESPWROOM32) || defined(WOLFSSL_ESPWROOM32SE)
    /* Define USE_FAST_MATH and SMALL_STACK                        */
    #define ESP32_USE_RSA_PRIMITIVE
    /* threshold for performance adjustment for hw primitive use   */
    /* X bits of G^X mod P greater than                            */
    #define EPS_RSA_EXPT_XBTIS           36
    /* X and Y of X * Y mod P greater than                         */
    #define ESP_RSA_MULM_BITS            2000
#endif

/* debug options */
/* #define DEBUG_WOLFSSL */
/* #define WOLFSSL_ESP32WROOM32_CRYPT_DEBUG */
/* #define WOLFSSL_ATECC508A_DEBUG          */

/* date/time                               */
/* if it cannot adjust time in the device, */
/* enable macro below                      */
/* #define NO_ASN_TIME */
/* #define XTIME time */

/* when you want not to use HW acceleration */
/* #define NO_ESP32WROOM32_CRYPT */
/* #define NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH*/
/* #define NO_WOLFSSL_ESP32WROOM32_CRYPT_AES */
/* #define NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI */

But it raises compilation error:

/home/oloke/esp/esp-idf/components/wolfssl/src/internal.c: In function 'BuildMessage':
/home/oloke/esp/esp-idf/components/wolfssl/src/internal.c:17398:12: error: implicit declaration of function 'BuildTls13Message'; did you mean 'BuildMessage'? [-Werror=implicit-function-declaration]
     return BuildTls13Message(ssl, output, outSz, input, inSz, type,
            ^~~~~~~~~~~~~~~~~
            BuildMessage
cc1: some warnings being treated as errors

Share

Re: Using only specific components from WolfSSL

Hi oloke5,

We have some great user setting templates here:
https://github.com/wolfSSL/wolfssl/tree … es/configs

Please try adding `WOLFCRYPT_ONLY`. This will enable only wolfCrypt and disable the TLS/SSL layer.

For ED/Curve I recommend using:

#define HAVE_CURVE25519
#define HAVE_ED25519
#define CURVED25519_SMALL

For AES 256-bit CTR only try:

#define WOLFSSL_AES_COUNTER
#define NO_AES_128
#define NO_AES_192
#define NO_AES_CBC

Let me know if you have any issues.

Thanks,
David Garske, wolfSSL

Share

Re: Using only specific components from WolfSSL

Thanks!

Looks like exactly what I wanted smile

Share