1 /* user_settings.h 2 * 3 * Copyright (C) 2006-2021 wolfSSL Inc. 4 * 5 * This file is part of wolfSSL. 6 * 7 * wolfSSL is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * wolfSSL is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 */ 21 22 /* Example Settings for CryptoCell */ 23 24 #ifndef WOLFSSL_USER_SETTINGS_H 25 #define WOLFSSL_USER_SETTINGS_H 26 27 #ifdef __cplusplus 28 extern "C" { 29 #endif 30 31 /* ------------------------------------------------------------------------- */ 32 /* CryptoCell */ 33 /* ------------------------------------------------------------------------- */ 34 #if 1 35 #define WOLFSSL_CRYPTOCELL 36 #define WOLFSSL_nRF5x_SDK_15_2 /* for benchmark timer */ 37 #define WOLFSSL_CRYPTOCELL_AES /* only CBC mode is supported */ 38 #else 39 /* run without CryptoCell, 40 include IDE/GCC-ARM/Source/wolf_main.c for current_time(). */ 41 #endif 42 43 #if defined(WOLFSSL_CRYPTOCELL) 44 /* see SASI_AES_KEY_MAX_SIZE_IN_BYTES in the nRF5 SDK */ 45 #define AES_MAX_KEY_SIZE 128 46 #endif /* WOLFSSL_CRYPTOCELL*/ 47 48 49 /* ------------------------------------------------------------------------- */ 50 /* Platform */ 51 /* ------------------------------------------------------------------------- */ 52 53 #undef WOLFSSL_GENERAL_ALIGNMENT 54 #define WOLFSSL_GENERAL_ALIGNMENT 4 55 56 #undef SINGLE_THREADED 57 #define SINGLE_THREADED 58 59 #undef WOLFSSL_SMALL_STACK 60 #define WOLFSSL_SMALL_STACK 61 62 #undef WOLFSSL_USER_IO 63 #define WOLFSSL_USER_IO 64 65 66 /* ------------------------------------------------------------------------- */ 67 /* Math Configuration */ 68 /* ------------------------------------------------------------------------- */ 69 #undef SIZEOF_LONG_LONG 70 #define SIZEOF_LONG_LONG 8 71 72 #undef USE_FAST_MATH 73 #if 1 74 #define USE_FAST_MATH 75 76 #undef TFM_TIMING_RESISTANT 77 #define TFM_TIMING_RESISTANT 78 79 /* Optimizations */ 80 //#define TFM_ARM 81 #endif 82 83 /* Wolf Single Precision Math */ 84 #undef WOLFSSL_SP 85 #if 0 86 #define WOLFSSL_SP 87 #define WOLFSSL_SP_SMALL /* use smaller version of code */ 88 #define WOLFSSL_HAVE_SP_RSA 89 #define WOLFSSL_HAVE_SP_DH 90 #define WOLFSSL_HAVE_SP_ECC 91 #define WOLFSSL_SP_CACHE_RESISTANT 92 //#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */ 93 94 /* Assembly */ 95 //#define WOLFSSL_SP_ASM /* required if using the ASM versions */ 96 //#define WOLFSSL_SP_ARM_CORTEX_M_ASM 97 #endif 98 99 /* ------------------------------------------------------------------------- */ 100 /* Crypto */ 101 /* ------------------------------------------------------------------------- */ 102 /* RSA */ 103 #undef NO_RSA 104 #if 1 105 #ifdef USE_FAST_MATH 106 /* Maximum math bits (Max RSA key bits * 2) */ 107 #undef FP_MAX_BITS 108 #define FP_MAX_BITS 4096 109 #endif 110 111 /* half as much memory but twice as slow */ 112 #undef RSA_LOW_MEM 113 //#define RSA_LOW_MEM 114 115 /* Enables blinding mode, to prevent timing attacks */ 116 #if 1 117 #undef WC_RSA_BLINDING 118 #define WC_RSA_BLINDING 119 #else 120 #undef WC_NO_HARDEN 121 #define WC_NO_HARDEN 122 #endif 123 124 /* RSA PSS Support */ 125 #if 0 126 #define WC_RSA_PSS 127 #endif 128 129 #if 0 130 #define WC_RSA_NO_PADDING 131 #endif 132 #else 133 #define NO_RSA 134 #endif 135 136 /* ECC */ 137 #undef HAVE_ECC 138 #if 1 139 #define HAVE_ECC 140 141 #include <strings.h> 142 /* strings.h required for strncasecmp */ 143 144 /* Manually define enabled curves */ 145 #undef ECC_USER_CURVES 146 #define ECC_USER_CURVES 147 148 #ifdef ECC_USER_CURVES 149 /* Manual Curve Selection */ 150 //#define HAVE_ECC192 151 //#define HAVE_ECC224 152 #undef NO_ECC256 153 #define HAVE_ECC384 154 //#define HAVE_ECC521 155 #endif 156 157 /* Fixed point cache (speeds repeated operations against same private key) */ 158 #undef FP_ECC 159 //#define FP_ECC 160 #ifdef FP_ECC 161 /* Bits / Entries */ 162 #undef FP_ENTRIES 163 #define FP_ENTRIES 2 164 #undef FP_LUT 165 #define FP_LUT 4 166 #endif 167 168 /* Optional ECC calculation method */ 169 /* Note: doubles heap usage, but slightly faster */ 170 #undef ECC_SHAMIR 171 #define ECC_SHAMIR 172 173 /* Reduces heap usage, but slower */ 174 #undef ECC_TIMING_RESISTANT 175 #define ECC_TIMING_RESISTANT 176 177 /* Enable cofactor support */ 178 #undef HAVE_ECC_CDH 179 //#define HAVE_ECC_CDH 180 181 /* Validate import */ 182 #undef WOLFSSL_VALIDATE_ECC_IMPORT 183 //#define WOLFSSL_VALIDATE_ECC_IMPORT 184 185 /* Compressed Key Support */ 186 #undef HAVE_COMP_KEY 187 //#define HAVE_COMP_KEY 188 189 /* Use alternate ECC size for ECC math */ 190 #ifdef USE_FAST_MATH 191 #ifdef NO_RSA 192 /* Custom fastmath size if not using RSA */ 193 /* MAX = ROUND32(ECC BITS 384) + SIZE_OF_MP_DIGIT(32) */ 194 #undef FP_MAX_BITS 195 #define FP_MAX_BITS (384 + 32) 196 #else 197 #undef ALT_ECC_SIZE 198 #define ALT_ECC_SIZE 199 #endif 200 201 /* Speedups specific to curve */ 202 #ifndef NO_ECC256 203 #undef TFM_ECC256 204 #define TFM_ECC256 205 #endif 206 #ifndef HAVE_ECC384 207 #undef TFM_ECC384 208 #define TFM_ECC384 209 #endif 210 #endif 211 #endif 212 213 /* DH */ 214 #undef NO_DH 215 #if 0 216 /* Use table for DH instead of -lm (math) lib dependency */ 217 #if 0 218 #define WOLFSSL_DH_CONST 219 #endif 220 221 #define HAVE_FFDHE_2048 222 //#define HAVE_FFDHE_4096 223 //#define HAVE_FFDHE_6144 224 //#define HAVE_FFDHE_8192 225 #else 226 #define NO_DH 227 #endif 228 229 230 /* AES */ 231 #undef NO_AES 232 #if 1 233 #undef HAVE_AES_CBC 234 #define HAVE_AES_CBC 235 236 /* If you need other than AES-CBC mode, you must undefine WOLFSSL_CRYPTOCELL_AES */ 237 #if !defined(WOLFSSL_CRYPTOCELL_AES) 238 #undef HAVE_AESGCM 239 #define HAVE_AESGCM 240 241 /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ 242 #define GCM_SMALL 243 244 #undef WOLFSSL_AES_DIRECT 245 //#define WOLFSSL_AES_DIRECT 246 247 #undef HAVE_AES_ECB 248 //#define HAVE_AES_ECB 249 250 #undef WOLFSSL_AES_COUNTER 251 //#define WOLFSSL_AES_COUNTER 252 253 #undef HAVE_AESCCM 254 //#define HAVE_AESCCM 255 #endif 256 #else 257 #define NO_AES 258 #endif 259 260 261 /* DES3 */ 262 #undef NO_DES3 263 #if 0 264 #else 265 #define NO_DES3 266 #endif 267 268 /* ChaCha20 / Poly1305 */ 269 #undef HAVE_CHACHA 270 #undef HAVE_POLY1305 271 #if 0 272 #define HAVE_CHACHA 273 #define HAVE_POLY1305 274 275 /* Needed for Poly1305 */ 276 #undef HAVE_ONE_TIME_AUTH 277 #define HAVE_ONE_TIME_AUTH 278 #endif 279 280 /* Ed25519 / Curve25519 */ 281 #undef HAVE_CURVE25519 282 #undef HAVE_ED25519 283 #if 0 284 #define HAVE_CURVE25519 285 #define HAVE_ED25519 /* ED25519 Requires SHA512 */ 286 287 /* Optionally use small math (less flash usage, but much slower) */ 288 #if 1 289 #define CURVED25519_SMALL 290 #endif 291 #endif 292 293 294 /* ------------------------------------------------------------------------- */ 295 /* Hashing */ 296 /* ------------------------------------------------------------------------- */ 297 /* Sha */ 298 #undef NO_SHA 299 #if 1 300 /* 1k smaller, but 25% slower */ 301 //#define USE_SLOW_SHA 302 #else 303 #define NO_SHA 304 #endif 305 306 /* Sha256 */ 307 #undef NO_SHA256 308 #if 1 309 /* not unrolled - ~2k smaller and ~25% slower */ 310 //#define USE_SLOW_SHA256 311 312 /* Sha224 */ 313 #if 0 314 #define WOLFSSL_SHA224 315 #endif 316 #else 317 #define NO_SHA256 318 #endif 319 320 /* Sha512 */ 321 #undef WOLFSSL_SHA512 322 #if 0 323 #define WOLFSSL_SHA512 324 325 /* Sha384 */ 326 #undef WOLFSSL_SHA384 327 #if 0 328 #define WOLFSSL_SHA384 329 #endif 330 331 /* over twice as small, but 50% slower */ 332 //#define USE_SLOW_SHA512 333 #endif 334 335 /* Sha3 */ 336 #undef WOLFSSL_SHA3 337 #if 0 338 #define WOLFSSL_SHA3 339 #endif 340 341 /* MD5 */ 342 #undef NO_MD5 343 #if 0 344 345 #else 346 #define NO_MD5 347 #endif 348 349 /* HKDF */ 350 #undef HAVE_HKDF 351 #if 0 352 #define HAVE_HKDF 353 #endif 354 355 /* CMAC */ 356 #undef WOLFSSL_CMAC 357 #if 0 358 #define WOLFSSL_CMAC 359 #endif 360 361 362 /* ------------------------------------------------------------------------- */ 363 /* Benchmark / Test */ 364 /* ------------------------------------------------------------------------- */ 365 /* Use reduced benchmark / test sizes */ 366 #undef BENCH_EMBEDDED 367 #define BENCH_EMBEDDED 368 369 #undef USE_CERT_BUFFERS_2048 370 #define USE_CERT_BUFFERS_2048 371 372 //#undef USE_CERT_BUFFERS_1024 373 //#define USE_CERT_BUFFERS_1024 374 375 #undef USE_CERT_BUFFERS_256 376 #define USE_CERT_BUFFERS_256 377 378 379 /* ------------------------------------------------------------------------- */ 380 /* Debugging */ 381 /* ------------------------------------------------------------------------- */ 382 383 #undef DEBUG_WOLFSSL 384 #undef NO_ERROR_STRINGS 385 #if 0 386 #define DEBUG_WOLFSSL 387 #else 388 #if 0 389 #define NO_ERROR_STRINGS 390 #endif 391 #endif 392 393 394 /* ------------------------------------------------------------------------- */ 395 /* Memory */ 396 /* ------------------------------------------------------------------------- */ 397 398 /* Override Memory API's */ 399 #if 0 400 #undef XMALLOC_OVERRIDE 401 #define XMALLOC_OVERRIDE 402 403 /* prototypes for user heap override functions */ 404 /* Note: Realloc only required for normal math */ 405 #include <stddef.h> /* for size_t */ 406 extern void *myMalloc(size_t n, void* heap, int type); 407 extern void myFree(void *p, void* heap, int type); 408 extern void *myRealloc(void *p, size_t n, void* heap, int type); 409 410 #define XMALLOC(n, h, t) myMalloc(n, h, t) 411 #define XFREE(p, h, t) myFree(p, h, t) 412 #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t) 413 #endif 414 415 #if 0 416 /* Static memory requires fast math */ 417 #define WOLFSSL_STATIC_MEMORY 418 419 /* Disable fallback malloc/free */ 420 #define WOLFSSL_NO_MALLOC 421 #if 1 422 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */ 423 #endif 424 #endif 425 426 /* Memory callbacks */ 427 #if 0 428 #undef USE_WOLFSSL_MEMORY 429 #define USE_WOLFSSL_MEMORY 430 431 /* Use this to measure / print heap usage */ 432 #if 1 433 #undef WOLFSSL_TRACK_MEMORY 434 #define WOLFSSL_TRACK_MEMORY 435 436 #undef WOLFSSL_DEBUG_MEMORY 437 #define WOLFSSL_DEBUG_MEMORY 438 #endif 439 #else 440 #ifndef WOLFSSL_STATIC_MEMORY 441 #define NO_WOLFSSL_MEMORY 442 /* Otherwise we will use stdlib malloc, free and realloc */ 443 #endif 444 #endif 445 446 447 /* ------------------------------------------------------------------------- */ 448 /* Port */ 449 /* ------------------------------------------------------------------------- */ 450 451 /* Override Current Time */ 452 /* Allows custom "custom_time()" function to be used for benchmark */ 453 #define WOLFSSL_USER_CURRTIME 454 #define WOLFSSL_GMTIME 455 #define USER_TICKS 456 457 #if !defined(WOLFSSL_CRYPTOCELL) 458 // extern unsigned long my_time(unsigned long* timer); 459 // #define XTIME my_time 460 #endif 461 462 /* ------------------------------------------------------------------------- */ 463 /* RNG */ 464 /* ------------------------------------------------------------------------- */ 465 466 #if defined(WOLFSSL_CRYPTOCELL) 467 // /* Override P-RNG with HW RNG */ 468 #undef CUSTOM_RAND_GENERATE_BLOCK 469 #define CUSTOM_RAND_GENERATE_BLOCK cc310_random_generate 470 //#define CUSTOM_RAND_GENERATE_BLOCK nrf_random_generate 471 //#define WOLFSSL_GENSEED_FORTEST /* for software RNG*/ 472 #else 473 #define WOLFSSL_GENSEED_FORTEST 474 #endif 475 476 477 /* ------------------------------------------------------------------------- */ 478 /* Enable Features */ 479 /* ------------------------------------------------------------------------- */ 480 #undef WOLFSSL_TLS13 481 #if 0 482 #define WOLFSSL_TLS13 483 #endif 484 485 #undef WOLFSSL_KEY_GEN 486 #if 1 487 #define WOLFSSL_KEY_GEN 488 #endif 489 490 /* reduce DH test time */ 491 #define WOLFSSL_OLD_PRIME_CHECK 492 493 #undef KEEP_PEER_CERT 494 //#define KEEP_PEER_CERT 495 496 #undef HAVE_COMP_KEY 497 //#define HAVE_COMP_KEY 498 499 #undef HAVE_TLS_EXTENSIONS 500 #define HAVE_TLS_EXTENSIONS 501 502 #undef HAVE_SUPPORTED_CURVES 503 #define HAVE_SUPPORTED_CURVES 504 505 #undef WOLFSSL_BASE64_ENCODE 506 #define WOLFSSL_BASE64_ENCODE 507 508 /* TLS Session Cache */ 509 #if 0 510 #define SMALL_SESSION_CACHE 511 #else 512 #define NO_SESSION_CACHE 513 #endif 514 515 516 /* ------------------------------------------------------------------------- */ 517 /* Disable Features */ 518 /* ------------------------------------------------------------------------- */ 519 #undef NO_WOLFSSL_SERVER 520 //#define NO_WOLFSSL_SERVER 521 522 #undef NO_WOLFSSL_CLIENT 523 //#define NO_WOLFSSL_CLIENT 524 525 #undef NO_CRYPT_TEST 526 //#define NO_CRYPT_TEST 527 528 #undef NO_CRYPT_BENCHMARK 529 //#define NO_CRYPT_BENCHMARK 530 531 #undef WOLFCRYPT_ONLY 532 //#define WOLFCRYPT_ONLY 533 534 /* In-lining of misc.c functions */ 535 /* If defined, must include wolfcrypt/src/misc.c in build */ 536 /* Slower, but about 1k smaller */ 537 #undef NO_INLINE 538 //#define NO_INLINE 539 540 #undef NO_FILESYSTEM 541 #define NO_FILESYSTEM 542 543 #undef NO_WRITEV 544 #define NO_WRITEV 545 546 #undef NO_MAIN_DRIVER 547 #define NO_MAIN_DRIVER 548 549 #undef NO_DEV_RANDOM 550 #define NO_DEV_RANDOM 551 552 #undef NO_DSA 553 #define NO_DSA 554 555 #undef NO_RC4 556 #define NO_RC4 557 558 #undef NO_OLD_TLS 559 #define NO_OLD_TLS 560 561 #undef NO_HC128 562 #define NO_HC128 563 564 #undef NO_RABBIT 565 #define NO_RABBIT 566 567 #undef NO_PSK 568 #define NO_PSK 569 570 #undef NO_MD4 571 #define NO_MD4 572 573 #undef NO_PWDBASED 574 #define NO_PWDBASED 575 576 #undef NO_CODING 577 //#define NO_CODING 578 579 #undef NO_ASN_TIME 580 //#define NO_ASN_TIME 581 582 #undef NO_CERTS 583 //#define NO_CERTS 584 585 #undef NO_SIG_WRAPPER 586 //#define NO_SIG_WRAPPER 587 588 #ifdef __cplusplus 589 } 590 #endif 591 592 #endif /* WOLFSSL_USER_SETTINGS_H */ 593 594