1 /* user_settings.h 2 * 3 * Copyright (C) 2006-2021 wolfSSL Inc. 4 * 5 * This file is part of wolfSSL. 6 * 7 * wolfSSL is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * wolfSSL is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 */ 21 22 /* Custom wolfSSL user settings for GCC ARM */ 23 24 #ifndef WOLFSSL_USER_SETTINGS_H 25 #define WOLFSSL_USER_SETTINGS_H 26 27 #ifdef __cplusplus 28 extern "C" { 29 #endif 30 31 /* ------------------------------------------------------------------------- */ 32 /* Platform */ 33 /* ------------------------------------------------------------------------- */ 34 #undef WOLFSSL_GENERAL_ALIGNMENT 35 #define WOLFSSL_GENERAL_ALIGNMENT 4 36 37 #undef THREADX 38 #define THREADX 39 40 #ifndef TX_TIMER_TICKS_PER_SECOND 41 #define TX_TIMER_TICKS_PER_SECOND 100 42 #endif 43 44 #undef NETOS 45 #define NETOS 46 47 #undef BIG_ENDIAN_ORDER 48 #define BIG_ENDIAN_ORDER 49 50 #undef WOLFSSL_SMALL_STACK 51 //#define WOLFSSL_SMALL_STACK 52 53 #undef WOLFSSL_USER_IO 54 //#define WOLFSSL_USER_IO 55 56 #undef NO_THREAD_LS 57 #define NO_THREAD_LS 58 59 /* ------------------------------------------------------------------------- */ 60 /* Math Configuration */ 61 /* ------------------------------------------------------------------------- */ 62 #undef SIZEOF_LONG_LONG 63 #define SIZEOF_LONG_LONG 8 64 65 #undef SIZEOF_LONG 66 #define SIZEOF_LONG 4 67 68 #undef USE_FAST_MATH 69 #if 1 70 #define USE_FAST_MATH 71 72 #undef TFM_TIMING_RESISTANT 73 #define TFM_TIMING_RESISTANT 74 75 /* Optimizations */ 76 #define TFM_ARM 77 #endif 78 79 /* ------------------------------------------------------------------------- */ 80 /* FIPS - Requires eval or license from wolfSSL */ 81 /* ------------------------------------------------------------------------- */ 82 #undef HAVE_FIPS 83 #if 1 84 #define HAVE_FIPS 85 86 #undef HAVE_FIPS_VERSION 87 #define HAVE_FIPS_VERSION 2 88 89 #ifdef SINGLE_THREADED 90 #undef NO_THREAD_LS 91 #define NO_THREAD_LS 92 #endif 93 94 #if 1 95 #undef NO_ATTRIBUTE_CONSTRUCTOR 96 #define NO_ATTRIBUTE_CONSTRUCTOR 97 #endif 98 #endif 99 100 101 /* ------------------------------------------------------------------------- */ 102 /* Crypto */ 103 /* ------------------------------------------------------------------------- */ 104 /* RSA */ 105 #undef NO_RSA 106 #if 1 107 #ifdef USE_FAST_MATH 108 /* Maximum math bits (Max RSA key bits * 2) */ 109 #undef FP_MAX_BITS 110 #define FP_MAX_BITS 8192 111 #endif 112 113 /* half as much memory but twice as slow */ 114 #undef RSA_LOW_MEM 115 //#define RSA_LOW_MEM 116 117 /* Enables blinding mode, to prevent timing attacks */ 118 #if 0 119 #undef WC_RSA_BLINDING 120 #define WC_RSA_BLINDING 121 #else 122 #undef WC_NO_HARDEN 123 #define WC_NO_HARDEN 124 #endif 125 126 /* RSA PSS Support */ 127 #if 1 128 #define WC_RSA_PSS 129 #endif 130 131 #if 1 132 #define WC_RSA_NO_PADDING 133 #endif 134 #else 135 #define NO_RSA 136 #endif 137 138 /* ECC */ 139 #undef HAVE_ECC 140 #if 1 141 #define HAVE_ECC 142 143 /* Manually define enabled curves */ 144 #undef ECC_USER_CURVES 145 //#define ECC_USER_CURVES 146 147 #ifdef ECC_USER_CURVES 148 /* Manual Curve Selection */ 149 //#define HAVE_ECC192 150 //#define HAVE_ECC224 151 #undef NO_ECC256 152 //#define HAVE_ECC384 153 //#define HAVE_ECC521 154 #endif 155 156 /* Fixed point cache (speeds repeated operations against same private key) */ 157 #undef FP_ECC 158 //#define FP_ECC 159 #ifdef FP_ECC 160 /* Bits / Entries */ 161 #undef FP_ENTRIES 162 #define FP_ENTRIES 2 163 #undef FP_LUT 164 #define FP_LUT 4 165 #endif 166 167 /* Optional ECC calculation method */ 168 /* Note: doubles heap usage, but slightly faster */ 169 #undef ECC_SHAMIR 170 #define ECC_SHAMIR 171 172 /* Reduces heap usage, but slower */ 173 #undef ECC_TIMING_RESISTANT 174 #define ECC_TIMING_RESISTANT 175 176 #ifdef HAVE_FIPS 177 #undef HAVE_ECC_CDH 178 #define HAVE_ECC_CDH /* Enable cofactor support */ 179 180 #undef NO_STRICT_ECDSA_LEN 181 #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */ 182 183 #undef WOLFSSL_VALIDATE_ECC_IMPORT 184 #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */ 185 #endif 186 187 /* Compressed Key Support */ 188 #undef HAVE_COMP_KEY 189 //#define HAVE_COMP_KEY 190 191 /* Use alternate ECC size for ECC math */ 192 #ifdef USE_FAST_MATH 193 /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ 194 #ifdef NO_RSA 195 /* Custom fastmath size if not using RSA */ 196 #undef FP_MAX_BITS 197 #define FP_MAX_BITS (256 * 2) 198 #else 199 #undef ALT_ECC_SIZE 200 #define ALT_ECC_SIZE 201 /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */ 202 //#undef FP_MAX_BITS_ECC 203 //#define FP_MAX_BITS_ECC (256 * 2) 204 #endif 205 206 /* Speedups specific to curve */ 207 #ifndef NO_ECC256 208 #undef TFM_ECC256 209 #define TFM_ECC256 210 #endif 211 #endif 212 #endif 213 214 /* DH */ 215 #undef NO_DH 216 #if 1 217 /* Use table for DH instead of -lm (math) lib dependency */ 218 #if 1 219 #define WOLFSSL_DH_CONST 220 #define HAVE_FFDHE_2048 221 #define HAVE_FFDHE_4096 222 //#define HAVE_FFDHE_6144 223 //#define HAVE_FFDHE_8192 224 #endif 225 226 #ifdef HAVE_FIPS 227 #define WOLFSSL_VALIDATE_FFC_IMPORT 228 #define HAVE_FFDHE_Q 229 #endif 230 #else 231 #define NO_DH 232 #endif 233 234 235 /* AES */ 236 #undef NO_AES 237 #if 1 238 #undef HAVE_AES_CBC 239 #define HAVE_AES_CBC 240 241 #undef HAVE_AESGCM 242 #define HAVE_AESGCM 243 244 /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ 245 // #define GCM_SMALL 246 // #define GCM_WORD32 247 #define GCM_TABLE 248 249 #undef WOLFSSL_AES_DIRECT 250 #define WOLFSSL_AES_DIRECT 251 252 #undef HAVE_AES_ECB 253 #define HAVE_AES_ECB 254 255 #undef WOLFSSL_AES_COUNTER 256 #define WOLFSSL_AES_COUNTER 257 258 #undef HAVE_AESCCM 259 #define HAVE_AESCCM 260 #else 261 #define NO_AES 262 #endif 263 264 265 /* DES3 */ 266 #undef NO_DES3 267 #if 1 268 /* No change */ 269 #else 270 #define NO_DES3 271 #endif 272 273 /* ChaCha20 / Poly1305 */ 274 #undef HAVE_CHACHA 275 #undef HAVE_POLY1305 276 #if 0 277 #define HAVE_CHACHA 278 #define HAVE_POLY1305 279 280 /* Needed for Poly1305 */ 281 #undef HAVE_ONE_TIME_AUTH 282 #define HAVE_ONE_TIME_AUTH 283 #endif 284 285 /* Ed25519 / Curve25519 */ 286 #undef HAVE_CURVE25519 287 #undef HAVE_ED25519 288 #if 0 289 #define HAVE_CURVE25519 290 #define HAVE_ED25519 /* ED25519 Requires SHA512 */ 291 292 /* Optionally use small math (less flash usage, but much slower) */ 293 #if 1 294 #define CURVED25519_SMALL 295 #endif 296 #endif 297 298 299 /* ------------------------------------------------------------------------- */ 300 /* Hashing */ 301 /* ------------------------------------------------------------------------- */ 302 /* Sha */ 303 #undef NO_SHA 304 #if 1 305 /* 1k smaller, but 25% slower */ 306 //#define USE_SLOW_SHA 307 #else 308 #define NO_SHA 309 #endif 310 311 /* Sha256 */ 312 #undef NO_SHA256 313 #if 1 314 /* not unrolled - ~2k smaller and ~25% slower */ 315 //#define USE_SLOW_SHA256 316 317 /* Sha224 */ 318 #if 1 319 #define WOLFSSL_SHA224 320 #endif 321 #else 322 #define NO_SHA256 323 #endif 324 325 /* Sha512 */ 326 #undef WOLFSSL_SHA512 327 #if 1 328 #define WOLFSSL_SHA512 329 330 /* Sha384 */ 331 #undef WOLFSSL_SHA384 332 #if 1 333 #define WOLFSSL_SHA384 334 #endif 335 336 /* over twice as small, but 50% slower */ 337 //#define USE_SLOW_SHA512 338 #endif 339 340 /* Sha3 */ 341 #undef WOLFSSL_SHA3 342 #if 1 343 #define WOLFSSL_SHA3 344 #endif 345 346 /* MD5 */ 347 #undef NO_MD5 348 #if 1 349 /* No change */ 350 #else 351 #define NO_MD5 352 #endif 353 354 /* HKDF */ 355 #undef HAVE_HKDF 356 #if 1 357 #define HAVE_HKDF 358 #endif 359 360 /* CMAC */ 361 #undef WOLFSSL_CMAC 362 #if 1 363 #define WOLFSSL_CMAC 364 #endif 365 366 367 /* ------------------------------------------------------------------------- */ 368 /* Benchmark / Test */ 369 /* ------------------------------------------------------------------------- */ 370 /* Use reduced benchmark / test sizes */ 371 #undef BENCH_EMBEDDED 372 #define BENCH_EMBEDDED 373 374 #undef USE_CERT_BUFFERS_2048 375 #define USE_CERT_BUFFERS_2048 376 377 #undef USE_CERT_BUFFERS_1024 378 //#define USE_CERT_BUFFERS_1024 379 380 #undef USE_CERT_BUFFERS_256 381 #define USE_CERT_BUFFERS_256 382 383 #undef FORCE_BUFFER_TEST 384 #define FORCE_BUFFER_TEST 385 386 387 /* ------------------------------------------------------------------------- */ 388 /* Debugging */ 389 /* ------------------------------------------------------------------------- */ 390 391 #undef DEBUG_WOLFSSL 392 #undef NO_ERROR_STRINGS 393 #if 0 394 #define DEBUG_WOLFSSL 395 #else 396 #if 0 397 #define NO_ERROR_STRINGS 398 #endif 399 #endif 400 401 402 /* ------------------------------------------------------------------------- */ 403 /* Memory */ 404 /* ------------------------------------------------------------------------- */ 405 406 /* Override Memory API's */ 407 #if 0 408 #undef XMALLOC_OVERRIDE 409 #define XMALLOC_OVERRIDE 410 411 /* prototypes for user heap override functions */ 412 /* Note: Realloc only required for normal math */ 413 #include <stddef.h> /* for size_t */ 414 extern void *myMalloc(size_t n, void* heap, int type); 415 extern void myFree(void *p, void* heap, int type); 416 extern void *myRealloc(void *p, size_t n, void* heap, int type); 417 418 #define XMALLOC(n, h, t) myMalloc(n, h, t) 419 #define XFREE(p, h, t) myFree(p, h, t) 420 #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t) 421 #endif 422 423 #if 0 424 /* Static memory requires fast math */ 425 #define WOLFSSL_STATIC_MEMORY 426 427 /* Disable fallback malloc/free */ 428 #define WOLFSSL_NO_MALLOC 429 #if 1 430 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */ 431 #endif 432 #endif 433 434 /* Memory callbacks */ 435 #if 1 436 #undef USE_WOLFSSL_MEMORY 437 #define USE_WOLFSSL_MEMORY 438 439 /* Use this to measure / print heap usage */ 440 #if 0 441 #undef WOLFSSL_TRACK_MEMORY 442 // #define WOLFSSL_TRACK_MEMORY 443 444 #undef WOLFSSL_DEBUG_MEMORY 445 //#define WOLFSSL_DEBUG_MEMORY 446 447 #undef WOLFSSL_DEBUG_MEMORY_PRINT 448 //#define WOLFSSL_DEBUG_MEMORY_PRINT 449 #endif 450 #else 451 #ifndef WOLFSSL_STATIC_MEMORY 452 #define NO_WOLFSSL_MEMORY 453 /* Otherwise we will use stdlib malloc, free and realloc */ 454 #endif 455 #endif 456 457 /* ------------------------------------------------------------------------- */ 458 /* RNG */ 459 /* ------------------------------------------------------------------------- */ 460 461 /* Seed Source */ 462 /* Seed Source */ 463 #if 1 464 extern int my_rng_generate_seed(unsigned char* output, int sz); 465 #undef CUSTOM_RAND_GENERATE_SEED 466 #define CUSTOM_RAND_GENERATE_SEED my_rng_generate_seed 467 #endif 468 469 /* NETOS */ 470 #if 0 471 extern unsigned char get_byte_from_pool(void); 472 #define CUSTOM_RAND_GENERATE get_byte_from_pool 473 #define CUSTOM_RAND_TYPE unsigned char 474 #endif 475 476 /* Choose RNG method */ 477 #if 1 478 /* Use built-in P-RNG (SHA256 based) with HW RNG */ 479 /* P-RNG + HW RNG (P-RNG is ~8K) */ 480 //#define WOLFSSL_GENSEED_FORTEST 481 #undef HAVE_HASHDRBG 482 #define HAVE_HASHDRBG 483 #else 484 #undef WC_NO_HASHDRBG 485 #define WC_NO_HASHDRBG 486 487 /* Bypass P-RNG and use only HW RNG */ 488 extern int my_rng_gen_block(unsigned char* output, unsigned int sz); 489 #undef CUSTOM_RAND_GENERATE_BLOCK 490 #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block 491 #endif 492 493 /* ------------------------------------------------------------------------- */ 494 /* Enable Features */ 495 /* ------------------------------------------------------------------------- */ 496 #undef WOLFSSL_TLS13 497 #if 0 498 #define WOLFSSL_TLS13 499 #endif 500 501 #undef WOLFSSL_KEY_GEN 502 #if 1 503 #define WOLFSSL_KEY_GEN 504 #endif 505 506 #if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN) 507 #define WOLFSSL_OLD_PRIME_CHECK 508 #endif 509 510 #undef KEEP_PEER_CERT 511 //#define KEEP_PEER_CERT 512 513 #undef HAVE_COMP_KEY 514 //#define HAVE_COMP_KEY 515 516 #undef HAVE_TLS_EXTENSIONS 517 #define HAVE_TLS_EXTENSIONS 518 519 #undef HAVE_SUPPORTED_CURVES 520 #define HAVE_SUPPORTED_CURVES 521 522 #undef WOLFSSL_BASE64_ENCODE 523 #define WOLFSSL_BASE64_ENCODE 524 525 /* TLS Session Cache */ 526 #if 0 527 #define SMALL_SESSION_CACHE 528 #else 529 #define NO_SESSION_CACHE 530 #endif 531 532 533 /* ------------------------------------------------------------------------- */ 534 /* Disable Features */ 535 /* ------------------------------------------------------------------------- */ 536 #undef NO_WOLFSSL_SERVER 537 //#define NO_WOLFSSL_SERVER 538 539 #undef NO_WOLFSSL_CLIENT 540 //#define NO_WOLFSSL_CLIENT 541 542 #undef NO_CRYPT_TEST 543 //#define NO_CRYPT_TEST 544 545 #undef NO_CRYPT_BENCHMARK 546 //#define NO_CRYPT_BENCHMARK 547 548 #undef WOLFCRYPT_ONLY 549 //#define WOLFCRYPT_ONLY 550 551 /* In-lining of misc.c functions */ 552 /* If defined, must include wolfcrypt/src/misc.c in build */ 553 /* Slower, but about 1k smaller */ 554 #undef NO_INLINE 555 //#define NO_INLINE 556 557 #undef NO_FILESYSTEM 558 #define NO_FILESYSTEM 559 560 #undef NO_WOLFSSL_DIR 561 #define NO_WOLFSSL_DIR 562 563 #undef NO_WRITEV 564 #define NO_WRITEV 565 566 #undef NO_MAIN_DRIVER 567 #define NO_MAIN_DRIVER 568 569 #undef NO_DEV_RANDOM 570 #define NO_DEV_RANDOM 571 572 #undef NO_DSA 573 #define NO_DSA 574 575 #undef NO_RC4 576 #define NO_RC4 577 578 #undef NO_OLD_TLS 579 #define NO_OLD_TLS 580 581 #undef NO_HC128 582 #define NO_HC128 583 584 #undef NO_RABBIT 585 #define NO_RABBIT 586 587 #undef NO_PSK 588 #define NO_PSK 589 590 #undef NO_MD4 591 #define NO_MD4 592 593 #undef NO_PWDBASED 594 //#define NO_PWDBASED 595 596 #undef NO_CODING 597 //#define NO_CODING 598 599 #undef NO_ASN_TIME 600 //#define NO_ASN_TIME 601 602 #undef NO_CERTS 603 //#define NO_CERTS 604 605 #undef NO_SIG_WRAPPER 606 //#define NO_SIG_WRAPPER 607 608 /* ACVP Testing ONLY specific settings */ 609 #if 0 610 #undef USE_NORMAL_PRINTF 611 #define USE_NORMAL_PRINTF 612 613 #undef USE_UART_READ_LINE 614 #define USE_UART_READ_LINE 615 616 #undef USE_SMALL_MONTE 617 #define USE_SMALL_MONTE 618 619 #undef WOLFSSL_PUBLIC_MP 620 #define WOLFSSL_PUBLIC_MP 621 622 #undef HAVE_FORCE_FIPS_FAILURE 623 #define HAVE_FORCE_FIPS_FAILURE 624 #endif 625 626 #ifdef __cplusplus 627 } 628 #endif 629 630 #endif /* WOLFSSL_USER_SETTINGS_H */ 631