1 /* user_settings.h 2 * 3 * Copyright (C) 2006-2021 wolfSSL Inc. 4 * 5 * This file is part of wolfSSL. 6 * 7 * wolfSSL is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * wolfSSL is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 */ 21 22 /* Example Settings for SiFive HiFive1 */ 23 24 #ifndef WOLFSSL_USER_SETTINGS_H 25 #define WOLFSSL_USER_SETTINGS_H 26 27 #ifdef __cplusplus 28 extern "C" { 29 #endif 30 31 /* ------------------------------------------------------------------------- */ 32 /* SiFive HiFive */ 33 /* ------------------------------------------------------------------------- */ 34 #undef WOLFSSL_SIFIVE_RISC_V 35 #define WOLFSSL_SIFIVE_RISC_V 36 37 38 /* ------------------------------------------------------------------------- */ 39 /* Platform */ 40 /* ------------------------------------------------------------------------- */ 41 42 #undef WOLFSSL_GENERAL_ALIGNMENT 43 #define WOLFSSL_GENERAL_ALIGNMENT 4 44 45 #undef SINGLE_THREADED 46 #define SINGLE_THREADED 47 48 #undef WOLFSSL_SMALL_STACK 49 #define WOLFSSL_SMALL_STACK 50 51 #undef WOLFSSL_USER_IO 52 #define WOLFSSL_USER_IO 53 54 55 /* ------------------------------------------------------------------------- */ 56 /* Math Configuration */ 57 /* ------------------------------------------------------------------------- */ 58 #undef SIZEOF_LONG_LONG 59 #define SIZEOF_LONG_LONG 8 60 61 #undef USE_FAST_MATH 62 63 #if 1 64 #define USE_FAST_MATH 65 66 #undef TFM_TIMING_RESISTANT 67 #define TFM_TIMING_RESISTANT 68 69 /* Optimizations */ 70 //#define TFM_ARM 71 #endif 72 73 74 /* ------------------------------------------------------------------------- */ 75 /* Asymmetric */ 76 /* ------------------------------------------------------------------------- */ 77 /* RSA */ 78 /* Not enabled due to memory constraints on HiFive1 */ 79 #undef NO_RSA 80 #if 0 81 #ifdef USE_FAST_MATH 82 /* Maximum math bits (Max RSA key bits * 2) */ 83 #undef FP_MAX_BITS 84 #define FP_MAX_BITS 4096 85 #endif 86 87 /* half as much memory but twice as slow */ 88 #undef RSA_LOW_MEM 89 #define RSA_LOW_MEM 90 91 /* Enables blinding mode, to prevent timing attacks */ 92 #if 1 93 #undef WC_RSA_BLINDING 94 #define WC_RSA_BLINDING 95 #else 96 #undef WC_NO_HARDEN 97 #define WC_NO_HARDEN 98 #endif 99 100 /* RSA PSS Support */ 101 #if 0 102 #define WC_RSA_PSS 103 #endif 104 105 #if 0 106 #define WC_RSA_NO_PADDING 107 #endif 108 #else 109 #define NO_RSA 110 #endif 111 112 /* ECC */ 113 #undef HAVE_ECC 114 #if 1 115 #define HAVE_ECC 116 117 /* Manually define enabled curves */ 118 #undef ECC_USER_CURVES 119 #define ECC_USER_CURVES 120 121 #ifdef ECC_USER_CURVES 122 /* Manual Curve Selection, FP_MAX_BITS must be adjusted accordingly */ 123 // #define HAVE_ECC192 124 // #define HAVE_ECC224 125 #undef NO_ECC256 126 // #define HAVE_ECC384 127 // #define HAVE_ECC521 128 #endif 129 130 /* Fixed point cache (speeds repeated operations against same private key) */ 131 #undef FP_ECC 132 //#define FP_ECC 133 #ifdef FP_ECC 134 /* Bits / Entries */ 135 #undef FP_ENTRIES 136 #define FP_ENTRIES 2 137 #undef FP_LUT 138 #define FP_LUT 4 139 #endif 140 141 /* Optional ECC calculation method */ 142 /* Note: doubles heap usage, but slightly faster */ 143 #undef ECC_SHAMIR 144 //#define ECC_SHAMIR 145 146 /* Reduces heap usage, but slower */ 147 #undef ECC_TIMING_RESISTANT 148 #define ECC_TIMING_RESISTANT 149 150 /* Enable cofactor support */ 151 #undef HAVE_ECC_CDH 152 //#define HAVE_ECC_CDH 153 154 /* Validate import */ 155 #undef WOLFSSL_VALIDATE_ECC_IMPORT 156 //#define WOLFSSL_VALIDATE_ECC_IMPORT 157 158 /* Compressed Key Support */ 159 #undef HAVE_COMP_KEY 160 //#define HAVE_COMP_KEY 161 162 /* Use alternate ECC size for ECC math */ 163 #ifdef USE_FAST_MATH 164 #ifdef NO_RSA 165 /* Custom fastmath size if not using RSA */ 166 /* MAX = ROUND32(ECC BITS 256) + SIZE_OF_MP_DIGIT(32) */ 167 #undef FP_MAX_BITS 168 #define FP_MAX_BITS (256 + 32) 169 #else 170 #undef ALT_ECC_SIZE 171 /* Disable alternate ECC size, since it uses HEAP allocations. 172 Heap is limited resource on HiFive1 */ 173 //#define ALT_ECC_SIZE 174 #endif 175 #endif 176 #endif 177 178 /* DH */ 179 #undef NO_DH 180 #if 0 181 /* Use table for DH instead of -lm (math) lib dependency */ 182 #if 0 183 #define WOLFSSL_DH_CONST 184 #endif 185 186 #define HAVE_FFDHE_2048 187 //#define HAVE_FFDHE_4096 188 //#define HAVE_FFDHE_6144 189 //#define HAVE_FFDHE_8192 190 #else 191 #define NO_DH 192 #endif 193 194 195 /* Wolf Single Precision Math */ 196 /* Optional ECC SECP256R1 acceleration using optimized C code */ 197 #undef WOLFSSL_SP 198 #if 1 199 #define WOLFSSL_SP 200 #define WOLFSSL_SP_SMALL /* use smaller version of code (requires heap) */ 201 #define SP_WORD_SIZE 32 /* force 32-bit type */ 202 #define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */ 203 //#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */ 204 205 #ifdef HAVE_ECC 206 #define WOLFSSL_HAVE_SP_ECC 207 #endif 208 #ifndef NO_RSA 209 #define WOLFSSL_HAVE_SP_RSA 210 #endif 211 #endif 212 213 /* Ed25519 / Curve25519 */ 214 #undef HAVE_CURVE25519 215 #undef HAVE_ED25519 216 #if 1 217 #define HAVE_CURVE25519 218 #define HAVE_ED25519 /* ED25519 Requires SHA512 */ 219 220 /* Optionally use small math (less flash usage, but much slower) */ 221 #if 1 222 /* Curve and Ed 25519 small */ 223 #define CURVED25519_SMALL 224 #endif 225 #endif 226 227 228 /* ------------------------------------------------------------------------- */ 229 /* Symmetric Ciphers */ 230 /* ------------------------------------------------------------------------- */ 231 232 /* AES */ 233 #undef NO_AES 234 #if 1 235 #undef HAVE_AES_CBC 236 #define HAVE_AES_CBC 237 238 #undef HAVE_AESGCM 239 #define HAVE_AESGCM 240 241 /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ 242 #define GCM_SMALL 243 244 #undef WOLFSSL_AES_DIRECT 245 //#define WOLFSSL_AES_DIRECT 246 247 #undef HAVE_AES_ECB 248 //#define HAVE_AES_ECB 249 250 #undef WOLFSSL_AES_COUNTER 251 //#define WOLFSSL_AES_COUNTER 252 253 #undef HAVE_AESCCM 254 //#define HAVE_AESCCM 255 #endif 256 257 /* DES3 */ 258 #undef NO_DES3 259 #if 0 260 #else 261 #define NO_DES3 262 #endif 263 264 /* ChaCha20 / Poly1305 */ 265 #undef HAVE_CHACHA 266 #undef HAVE_POLY1305 267 #if 1 268 #define HAVE_CHACHA 269 #define HAVE_POLY1305 270 271 /* Needed for Poly1305 */ 272 #undef HAVE_ONE_TIME_AUTH 273 #define HAVE_ONE_TIME_AUTH 274 #endif 275 276 277 /* ------------------------------------------------------------------------- */ 278 /* Symmetric Hashing */ 279 /* ------------------------------------------------------------------------- */ 280 /* Sha */ 281 #undef NO_SHA 282 #if 1 283 /* 1k smaller, but 25% slower */ 284 //#define USE_SLOW_SHA 285 #else 286 #define NO_SHA 287 #endif 288 289 /* Sha256 */ 290 #undef NO_SHA256 291 #if 1 292 /* not unrolled - ~2k smaller and ~25% slower */ 293 //#define USE_SLOW_SHA256 294 295 /* Sha224 */ 296 #if 0 297 #define WOLFSSL_SHA224 298 #endif 299 #else 300 #define NO_SHA256 301 #endif 302 303 /* Sha512 */ 304 #undef WOLFSSL_SHA512 305 #if 1 306 #define WOLFSSL_SHA512 307 308 /* Sha384 */ 309 #undef WOLFSSL_SHA384 310 #if 0 311 #define WOLFSSL_SHA384 312 #endif 313 314 /* over twice as small, but 50% slower */ 315 #define USE_SLOW_SHA512 316 #endif 317 318 /* Sha3 */ 319 #undef WOLFSSL_SHA3 320 #if 0 321 #define WOLFSSL_SHA3 322 #endif 323 324 /* MD5 */ 325 #undef NO_MD5 326 #if 0 327 328 #else 329 #define NO_MD5 330 #endif 331 332 /* Blake2B */ 333 #undef HAVE_BLAKE2 334 #if 0 335 #define HAVE_BLAKE2 336 #endif 337 338 /* Blake2S */ 339 #undef HAVE_BLAKE2S 340 #if 0 341 #define HAVE_BLAKE2S 342 #endif 343 344 /* HKDF */ 345 #undef HAVE_HKDF 346 #if 0 347 #define HAVE_HKDF 348 #endif 349 350 /* CMAC */ 351 #undef WOLFSSL_CMAC 352 #if 0 353 #define WOLFSSL_CMAC 354 #endif 355 356 357 /* ------------------------------------------------------------------------- */ 358 /* Benchmark / Test */ 359 /* ------------------------------------------------------------------------- */ 360 /* Use reduced benchmark / test sizes */ 361 #undef BENCH_EMBEDDED 362 #define BENCH_EMBEDDED 363 364 #undef USE_CERT_BUFFERS_2048 365 #define USE_CERT_BUFFERS_2048 366 367 #undef USE_CERT_BUFFERS_1024 368 //#define USE_CERT_BUFFERS_1024 369 370 #undef USE_CERT_BUFFERS_256 371 #define USE_CERT_BUFFERS_256 372 373 374 /* ------------------------------------------------------------------------- */ 375 /* Debugging */ 376 /* ------------------------------------------------------------------------- */ 377 378 #undef DEBUG_WOLFSSL 379 #undef NO_ERROR_STRINGS 380 #if 0 381 #define DEBUG_WOLFSSL 382 #else 383 #if 0 384 #define NO_ERROR_STRINGS 385 #endif 386 #endif 387 388 389 /* ------------------------------------------------------------------------- */ 390 /* Memory */ 391 /* ------------------------------------------------------------------------- */ 392 393 /* Override Memory API's */ 394 #if 0 395 #undef XMALLOC_OVERRIDE 396 #define XMALLOC_OVERRIDE 397 398 /* prototypes for user heap override functions */ 399 /* Note: Realloc only required for normal math */ 400 #include <stddef.h> /* for size_t */ 401 extern void *myMalloc(size_t n, void* heap, int type); 402 extern void myFree(void *p, void* heap, int type); 403 extern void *myRealloc(void *p, size_t n, void* heap, int type); 404 405 #define XMALLOC(n, h, t) myMalloc(n, h, t) 406 #define XFREE(p, h, t) myFree(p, h, t) 407 #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t) 408 #endif 409 410 /* Static memory */ 411 #if 0 412 /* Static memory requires fast math */ 413 #define WOLFSSL_STATIC_MEMORY 414 415 /* Disable fallback malloc/free */ 416 #define WOLFSSL_NO_MALLOC 417 #if 1 418 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */ 419 #endif 420 #endif 421 422 /* Memory callbacks */ 423 #if 0 424 #undef USE_WOLFSSL_MEMORY 425 #define USE_WOLFSSL_MEMORY 426 427 /* Use this to measure / print heap usage */ 428 #if 1 429 #undef WOLFSSL_TRACK_MEMORY 430 #define WOLFSSL_TRACK_MEMORY 431 432 #undef WOLFSSL_DEBUG_MEMORY 433 #define WOLFSSL_DEBUG_MEMORY 434 #endif 435 #else 436 #ifndef WOLFSSL_STATIC_MEMORY 437 #define NO_WOLFSSL_MEMORY 438 /* Otherwise we will use stdlib malloc, free and realloc */ 439 #endif 440 #endif 441 442 443 /* ------------------------------------------------------------------------- */ 444 /* Port */ 445 /* ------------------------------------------------------------------------- */ 446 447 /* Override Current Time */ 448 #if defined(WOLFSSL_SIFIVE_RISC_V) 449 #define WOLFSSL_USER_CURRTIME /* for benchmarks, uses "custom_time()" function */ 450 #define WOLFSSL_GMTIME 451 #define USER_TICKS 452 #else 453 // extern unsigned long my_time(unsigned long* timer); 454 // #define XTIME my_time 455 #endif 456 457 /* ------------------------------------------------------------------------- */ 458 /* RNG */ 459 /* ------------------------------------------------------------------------- */ 460 #if 0 461 /* Bypass P-RNG and use only HW RNG */ 462 #define CUSTOM_RAND_TYPE unsigned int 463 extern int my_rng_gen_block(unsigned char* output, unsigned int sz); 464 #undef CUSTOM_RAND_GENERATE_BLOCK 465 #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block 466 #else 467 #define HAVE_HASHDRBG 468 469 /* Seed Source */ 470 /* Size of returned HW RNG value */ 471 #define CUSTOM_RAND_TYPE unsigned int 472 extern unsigned int my_rng_seed_gen(void); 473 #undef CUSTOM_RAND_GENERATE 474 #define CUSTOM_RAND_GENERATE my_rng_seed_gen 475 #endif 476 477 /* ------------------------------------------------------------------------- */ 478 /* Enable Features */ 479 /* ------------------------------------------------------------------------- */ 480 #undef WOLFSSL_TLS13 481 #if 0 482 #define WOLFSSL_TLS13 483 #endif 484 485 #undef WOLFSSL_KEY_GEN 486 #if 0 487 #define WOLFSSL_KEY_GEN 488 #endif 489 490 /* reduce DH test time */ 491 #define WOLFSSL_OLD_PRIME_CHECK 492 493 #undef KEEP_PEER_CERT 494 //#define KEEP_PEER_CERT 495 496 #undef HAVE_COMP_KEY 497 //#define HAVE_COMP_KEY 498 499 #undef HAVE_TLS_EXTENSIONS 500 #define HAVE_TLS_EXTENSIONS 501 502 #undef HAVE_SUPPORTED_CURVES 503 #define HAVE_SUPPORTED_CURVES 504 505 #undef WOLFSSL_BASE64_ENCODE 506 //#define WOLFSSL_BASE64_ENCODE 507 508 /* TLS Session Cache */ 509 #if 0 510 #define SMALL_SESSION_CACHE 511 #else 512 #define NO_SESSION_CACHE 513 #endif 514 515 516 /* ------------------------------------------------------------------------- */ 517 /* Disable Features */ 518 /* ------------------------------------------------------------------------- */ 519 #undef NO_WOLFSSL_SERVER 520 //#define NO_WOLFSSL_SERVER 521 522 #undef NO_WOLFSSL_CLIENT 523 //#define NO_WOLFSSL_CLIENT 524 525 #undef NO_CRYPT_TEST 526 //#define NO_CRYPT_TEST 527 528 #undef NO_CRYPT_BENCHMARK 529 //#define NO_CRYPT_BENCHMARK 530 531 #undef WOLFCRYPT_ONLY 532 //#define WOLFCRYPT_ONLY 533 534 /* In-lining of misc.c functions */ 535 /* If defined, must include wolfcrypt/src/misc.c in build */ 536 /* Slower, but about 1k smaller */ 537 #undef NO_INLINE 538 //#define NO_INLINE 539 540 #undef NO_FILESYSTEM 541 #define NO_FILESYSTEM 542 543 #undef NO_WRITEV 544 #define NO_WRITEV 545 546 #undef NO_MAIN_DRIVER 547 #define NO_MAIN_DRIVER 548 549 #undef NO_DEV_RANDOM 550 #define NO_DEV_RANDOM 551 552 #undef NO_DSA 553 #define NO_DSA 554 555 #undef NO_RC4 556 #define NO_RC4 557 558 #undef NO_OLD_TLS 559 #define NO_OLD_TLS 560 561 #undef NO_HC128 562 #define NO_HC128 563 564 #undef NO_RABBIT 565 #define NO_RABBIT 566 567 #undef NO_PSK 568 #define NO_PSK 569 570 #undef NO_MD4 571 #define NO_MD4 572 573 #undef NO_PWDBASED 574 #define NO_PWDBASED 575 576 #undef NO_CODING 577 //#define NO_CODING 578 579 #undef NO_ASN_TIME 580 //#define NO_ASN_TIME 581 582 #undef NO_CERTS 583 //#define NO_CERTS 584 585 #undef NO_SIG_WRAPPER 586 //#define NO_SIG_WRAPPER 587 588 #ifdef __cplusplus 589 } 590 #endif 591 592 #endif /* WOLFSSL_USER_SETTINGS_H */ 593