1 /* user_settings.h
2  *
3  * Copyright (C) 2006-2021 wolfSSL Inc.
4  *
5  * This file is part of wolfSSL.
6  *
7  * wolfSSL is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * wolfSSL is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20  */
21 
22 /* Example Settings for CryptoCell */
23 
24 #ifndef WOLFSSL_USER_SETTINGS_H
25 #define WOLFSSL_USER_SETTINGS_H
26 
27 #ifdef __cplusplus
28 extern "C" {
29 #endif
30 
31 /* ------------------------------------------------------------------------- */
32 /* CryptoCell */
33 /* ------------------------------------------------------------------------- */
34 #if 1
35     #define WOLFSSL_CRYPTOCELL
36     #define WOLFSSL_nRF5x_SDK_15_2 /* for benchmark timer */
37     #define WOLFSSL_CRYPTOCELL_AES /* only CBC mode is supported */
38 #else
39     /* run without CryptoCell,
40     include IDE/GCC-ARM/Source/wolf_main.c for current_time(). */
41 #endif
42 
43 #if defined(WOLFSSL_CRYPTOCELL)
44     /* see SASI_AES_KEY_MAX_SIZE_IN_BYTES in the nRF5 SDK */
45     #define AES_MAX_KEY_SIZE    128
46 #endif /* WOLFSSL_CRYPTOCELL*/
47 
48 
49 /* ------------------------------------------------------------------------- */
50 /* Platform */
51 /* ------------------------------------------------------------------------- */
52 
53 #undef  WOLFSSL_GENERAL_ALIGNMENT
54 #define WOLFSSL_GENERAL_ALIGNMENT   4
55 
56 #undef  SINGLE_THREADED
57 #define SINGLE_THREADED
58 
59 #undef  WOLFSSL_SMALL_STACK
60 #define WOLFSSL_SMALL_STACK
61 
62 #undef  WOLFSSL_USER_IO
63 #define WOLFSSL_USER_IO
64 
65 
66 /* ------------------------------------------------------------------------- */
67 /* Math Configuration */
68 /* ------------------------------------------------------------------------- */
69 #undef  SIZEOF_LONG_LONG
70 #define SIZEOF_LONG_LONG 8
71 
72 #undef USE_FAST_MATH
73 #if 1
74     #define USE_FAST_MATH
75 
76     #undef  TFM_TIMING_RESISTANT
77     #define TFM_TIMING_RESISTANT
78 
79     /* Optimizations */
80     //#define TFM_ARM
81 #endif
82 
83 /* Wolf Single Precision Math */
84 #undef WOLFSSL_SP
85 #if 0
86     #define WOLFSSL_SP
87     #define WOLFSSL_SP_SMALL      /* use smaller version of code */
88     #define WOLFSSL_HAVE_SP_RSA
89     #define WOLFSSL_HAVE_SP_DH
90     #define WOLFSSL_HAVE_SP_ECC
91     #define WOLFSSL_SP_CACHE_RESISTANT
92     //#define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */
93 
94     /* Assembly */
95     //#define WOLFSSL_SP_ASM      /* required if using the ASM versions */
96     //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
97 #endif
98 
99 /* ------------------------------------------------------------------------- */
100 /* Crypto */
101 /* ------------------------------------------------------------------------- */
102 /* RSA */
103 #undef NO_RSA
104 #if 1
105     #ifdef USE_FAST_MATH
106         /* Maximum math bits (Max RSA key bits * 2) */
107         #undef  FP_MAX_BITS
108         #define FP_MAX_BITS     4096
109     #endif
110 
111     /* half as much memory but twice as slow */
112     #undef  RSA_LOW_MEM
113     //#define RSA_LOW_MEM
114 
115     /* Enables blinding mode, to prevent timing attacks */
116     #if 1
117         #undef  WC_RSA_BLINDING
118         #define WC_RSA_BLINDING
119     #else
120         #undef  WC_NO_HARDEN
121         #define WC_NO_HARDEN
122     #endif
123 
124     /* RSA PSS Support */
125     #if 0
126         #define WC_RSA_PSS
127     #endif
128 
129     #if 0
130         #define WC_RSA_NO_PADDING
131     #endif
132 #else
133     #define NO_RSA
134 #endif
135 
136 /* ECC */
137 #undef HAVE_ECC
138 #if 1
139     #define HAVE_ECC
140 
141     #include <strings.h>
142     /* strings.h required for strncasecmp */
143 
144     /* Manually define enabled curves */
145     #undef  ECC_USER_CURVES
146     #define ECC_USER_CURVES
147 
148     #ifdef ECC_USER_CURVES
149         /* Manual Curve Selection */
150         //#define HAVE_ECC192
151         //#define HAVE_ECC224
152         #undef NO_ECC256
153         #define HAVE_ECC384
154         //#define HAVE_ECC521
155     #endif
156 
157     /* Fixed point cache (speeds repeated operations against same private key) */
158     #undef  FP_ECC
159     //#define FP_ECC
160     #ifdef FP_ECC
161         /* Bits / Entries */
162         #undef  FP_ENTRIES
163         #define FP_ENTRIES  2
164         #undef  FP_LUT
165         #define FP_LUT      4
166     #endif
167 
168     /* Optional ECC calculation method */
169     /* Note: doubles heap usage, but slightly faster */
170     #undef  ECC_SHAMIR
171     #define ECC_SHAMIR
172 
173     /* Reduces heap usage, but slower */
174     #undef  ECC_TIMING_RESISTANT
175     #define ECC_TIMING_RESISTANT
176 
177     /* Enable cofactor support */
178     #undef  HAVE_ECC_CDH
179     //#define HAVE_ECC_CDH
180 
181     /* Validate import */
182     #undef  WOLFSSL_VALIDATE_ECC_IMPORT
183     //#define WOLFSSL_VALIDATE_ECC_IMPORT
184 
185     /* Compressed Key Support */
186     #undef  HAVE_COMP_KEY
187     //#define HAVE_COMP_KEY
188 
189     /* Use alternate ECC size for ECC math */
190     #ifdef USE_FAST_MATH
191         #ifdef NO_RSA
192             /* Custom fastmath size if not using RSA */
193             /* MAX = ROUND32(ECC BITS 384) + SIZE_OF_MP_DIGIT(32) */
194             #undef  FP_MAX_BITS
195             #define FP_MAX_BITS     (384 + 32)
196         #else
197             #undef  ALT_ECC_SIZE
198             #define ALT_ECC_SIZE
199         #endif
200 
201         /* Speedups specific to curve */
202         #ifndef NO_ECC256
203             #undef  TFM_ECC256
204             #define TFM_ECC256
205         #endif
206         #ifndef HAVE_ECC384
207             #undef  TFM_ECC384
208             #define TFM_ECC384
209         #endif
210     #endif
211 #endif
212 
213 /* DH */
214 #undef  NO_DH
215 #if 0
216     /* Use table for DH instead of -lm (math) lib dependency */
217     #if 0
218         #define WOLFSSL_DH_CONST
219     #endif
220 
221     #define HAVE_FFDHE_2048
222     //#define HAVE_FFDHE_4096
223     //#define HAVE_FFDHE_6144
224     //#define HAVE_FFDHE_8192
225 #else
226     #define NO_DH
227 #endif
228 
229 
230 /* AES */
231 #undef NO_AES
232 #if 1
233     #undef  HAVE_AES_CBC
234     #define HAVE_AES_CBC
235 
236     /* If you need other than AES-CBC mode, you must undefine WOLFSSL_CRYPTOCELL_AES */
237     #if !defined(WOLFSSL_CRYPTOCELL_AES)
238         #undef  HAVE_AESGCM
239         #define HAVE_AESGCM
240 
241         /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
242         #define GCM_SMALL
243 
244         #undef  WOLFSSL_AES_DIRECT
245         //#define WOLFSSL_AES_DIRECT
246 
247         #undef  HAVE_AES_ECB
248         //#define HAVE_AES_ECB
249 
250         #undef  WOLFSSL_AES_COUNTER
251         //#define WOLFSSL_AES_COUNTER
252 
253         #undef  HAVE_AESCCM
254         //#define HAVE_AESCCM
255     #endif
256 #else
257     #define NO_AES
258 #endif
259 
260 
261 /* DES3 */
262 #undef NO_DES3
263 #if 0
264 #else
265     #define NO_DES3
266 #endif
267 
268 /* ChaCha20 / Poly1305 */
269 #undef HAVE_CHACHA
270 #undef HAVE_POLY1305
271 #if 0
272     #define HAVE_CHACHA
273     #define HAVE_POLY1305
274 
275     /* Needed for Poly1305 */
276     #undef  HAVE_ONE_TIME_AUTH
277     #define HAVE_ONE_TIME_AUTH
278 #endif
279 
280 /* Ed25519 / Curve25519 */
281 #undef HAVE_CURVE25519
282 #undef HAVE_ED25519
283 #if 0
284     #define HAVE_CURVE25519
285     #define HAVE_ED25519 /* ED25519 Requires SHA512 */
286 
287     /* Optionally use small math (less flash usage, but much slower) */
288     #if 1
289         #define CURVED25519_SMALL
290     #endif
291 #endif
292 
293 
294 /* ------------------------------------------------------------------------- */
295 /* Hashing */
296 /* ------------------------------------------------------------------------- */
297 /* Sha */
298 #undef NO_SHA
299 #if 1
300     /* 1k smaller, but 25% slower */
301     //#define USE_SLOW_SHA
302 #else
303     #define NO_SHA
304 #endif
305 
306 /* Sha256 */
307 #undef NO_SHA256
308 #if 1
309     /* not unrolled - ~2k smaller and ~25% slower */
310     //#define USE_SLOW_SHA256
311 
312     /* Sha224 */
313     #if 0
314         #define WOLFSSL_SHA224
315     #endif
316 #else
317     #define NO_SHA256
318 #endif
319 
320 /* Sha512 */
321 #undef WOLFSSL_SHA512
322 #if 0
323     #define WOLFSSL_SHA512
324 
325     /* Sha384 */
326     #undef  WOLFSSL_SHA384
327     #if 0
328         #define WOLFSSL_SHA384
329     #endif
330 
331     /* over twice as small, but 50% slower */
332     //#define USE_SLOW_SHA512
333 #endif
334 
335 /* Sha3 */
336 #undef WOLFSSL_SHA3
337 #if 0
338     #define WOLFSSL_SHA3
339 #endif
340 
341 /* MD5 */
342 #undef  NO_MD5
343 #if 0
344 
345 #else
346     #define NO_MD5
347 #endif
348 
349 /* HKDF */
350 #undef HAVE_HKDF
351 #if 0
352     #define HAVE_HKDF
353 #endif
354 
355 /* CMAC */
356 #undef WOLFSSL_CMAC
357 #if 0
358     #define WOLFSSL_CMAC
359 #endif
360 
361 
362 /* ------------------------------------------------------------------------- */
363 /* Benchmark / Test */
364 /* ------------------------------------------------------------------------- */
365 /* Use reduced benchmark / test sizes */
366 #undef  BENCH_EMBEDDED
367 #define BENCH_EMBEDDED
368 
369 #undef  USE_CERT_BUFFERS_2048
370 #define USE_CERT_BUFFERS_2048
371 
372 //#undef  USE_CERT_BUFFERS_1024
373 //#define USE_CERT_BUFFERS_1024
374 
375 #undef  USE_CERT_BUFFERS_256
376 #define USE_CERT_BUFFERS_256
377 
378 
379 /* ------------------------------------------------------------------------- */
380 /* Debugging */
381 /* ------------------------------------------------------------------------- */
382 
383 #undef DEBUG_WOLFSSL
384 #undef NO_ERROR_STRINGS
385 #if 0
386     #define DEBUG_WOLFSSL
387 #else
388     #if 0
389         #define NO_ERROR_STRINGS
390     #endif
391 #endif
392 
393 
394 /* ------------------------------------------------------------------------- */
395 /* Memory */
396 /* ------------------------------------------------------------------------- */
397 
398 /* Override Memory API's */
399 #if 0
400     #undef  XMALLOC_OVERRIDE
401     #define XMALLOC_OVERRIDE
402 
403     /* prototypes for user heap override functions */
404     /* Note: Realloc only required for normal math */
405     #include <stddef.h>  /* for size_t */
406     extern void *myMalloc(size_t n, void* heap, int type);
407     extern void myFree(void *p, void* heap, int type);
408     extern void *myRealloc(void *p, size_t n, void* heap, int type);
409 
410     #define XMALLOC(n, h, t)     myMalloc(n, h, t)
411     #define XFREE(p, h, t)       myFree(p, h, t)
412     #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
413 #endif
414 
415 #if 0
416     /* Static memory requires fast math */
417     #define WOLFSSL_STATIC_MEMORY
418 
419     /* Disable fallback malloc/free */
420     #define WOLFSSL_NO_MALLOC
421     #if 1
422         #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
423     #endif
424 #endif
425 
426 /* Memory callbacks */
427 #if 0
428     #undef  USE_WOLFSSL_MEMORY
429     #define USE_WOLFSSL_MEMORY
430 
431     /* Use this to measure / print heap usage */
432     #if 1
433         #undef  WOLFSSL_TRACK_MEMORY
434         #define WOLFSSL_TRACK_MEMORY
435 
436         #undef  WOLFSSL_DEBUG_MEMORY
437         #define WOLFSSL_DEBUG_MEMORY
438     #endif
439 #else
440     #ifndef WOLFSSL_STATIC_MEMORY
441         #define NO_WOLFSSL_MEMORY
442         /* Otherwise we will use stdlib malloc, free and realloc */
443     #endif
444 #endif
445 
446 
447 /* ------------------------------------------------------------------------- */
448 /* Port */
449 /* ------------------------------------------------------------------------- */
450 
451 /* Override Current Time */
452 /* Allows custom "custom_time()" function to be used for benchmark */
453 #define WOLFSSL_USER_CURRTIME
454 #define WOLFSSL_GMTIME
455 #define USER_TICKS
456 
457 #if !defined(WOLFSSL_CRYPTOCELL)
458 // extern unsigned long my_time(unsigned long* timer);
459 // #define XTIME my_time
460 #endif
461 
462 /* ------------------------------------------------------------------------- */
463 /* RNG */
464 /* ------------------------------------------------------------------------- */
465 
466 #if defined(WOLFSSL_CRYPTOCELL)
467 // /* Override P-RNG with HW RNG */
468     #undef  CUSTOM_RAND_GENERATE_BLOCK
469     #define CUSTOM_RAND_GENERATE_BLOCK  cc310_random_generate
470     //#define CUSTOM_RAND_GENERATE_BLOCK  nrf_random_generate
471     //#define WOLFSSL_GENSEED_FORTEST /* for software RNG*/
472 #else
473     #define WOLFSSL_GENSEED_FORTEST
474 #endif
475 
476 
477 /* ------------------------------------------------------------------------- */
478 /* Enable Features */
479 /* ------------------------------------------------------------------------- */
480 #undef WOLFSSL_TLS13
481 #if 0
482     #define WOLFSSL_TLS13
483 #endif
484 
485 #undef WOLFSSL_KEY_GEN
486 #if 1
487     #define WOLFSSL_KEY_GEN
488 #endif
489 
490 /* reduce DH test time */
491 #define WOLFSSL_OLD_PRIME_CHECK
492 
493 #undef  KEEP_PEER_CERT
494 //#define KEEP_PEER_CERT
495 
496 #undef  HAVE_COMP_KEY
497 //#define HAVE_COMP_KEY
498 
499 #undef  HAVE_TLS_EXTENSIONS
500 #define HAVE_TLS_EXTENSIONS
501 
502 #undef  HAVE_SUPPORTED_CURVES
503 #define HAVE_SUPPORTED_CURVES
504 
505 #undef  WOLFSSL_BASE64_ENCODE
506 #define WOLFSSL_BASE64_ENCODE
507 
508 /* TLS Session Cache */
509 #if 0
510     #define SMALL_SESSION_CACHE
511 #else
512     #define NO_SESSION_CACHE
513 #endif
514 
515 
516 /* ------------------------------------------------------------------------- */
517 /* Disable Features */
518 /* ------------------------------------------------------------------------- */
519 #undef  NO_WOLFSSL_SERVER
520 //#define NO_WOLFSSL_SERVER
521 
522 #undef  NO_WOLFSSL_CLIENT
523 //#define NO_WOLFSSL_CLIENT
524 
525 #undef  NO_CRYPT_TEST
526 //#define NO_CRYPT_TEST
527 
528 #undef  NO_CRYPT_BENCHMARK
529 //#define NO_CRYPT_BENCHMARK
530 
531 #undef  WOLFCRYPT_ONLY
532 //#define WOLFCRYPT_ONLY
533 
534 /* In-lining of misc.c functions */
535 /* If defined, must include wolfcrypt/src/misc.c in build */
536 /* Slower, but about 1k smaller */
537 #undef  NO_INLINE
538 //#define NO_INLINE
539 
540 #undef  NO_FILESYSTEM
541 #define NO_FILESYSTEM
542 
543 #undef  NO_WRITEV
544 #define NO_WRITEV
545 
546 #undef  NO_MAIN_DRIVER
547 #define NO_MAIN_DRIVER
548 
549 #undef  NO_DEV_RANDOM
550 #define NO_DEV_RANDOM
551 
552 #undef  NO_DSA
553 #define NO_DSA
554 
555 #undef  NO_RC4
556 #define NO_RC4
557 
558 #undef  NO_OLD_TLS
559 #define NO_OLD_TLS
560 
561 #undef  NO_HC128
562 #define NO_HC128
563 
564 #undef  NO_RABBIT
565 #define NO_RABBIT
566 
567 #undef  NO_PSK
568 #define NO_PSK
569 
570 #undef  NO_MD4
571 #define NO_MD4
572 
573 #undef  NO_PWDBASED
574 #define NO_PWDBASED
575 
576 #undef  NO_CODING
577 //#define NO_CODING
578 
579 #undef  NO_ASN_TIME
580 //#define NO_ASN_TIME
581 
582 #undef  NO_CERTS
583 //#define NO_CERTS
584 
585 #undef  NO_SIG_WRAPPER
586 //#define NO_SIG_WRAPPER
587 
588 #ifdef __cplusplus
589 }
590 #endif
591 
592 #endif /* WOLFSSL_USER_SETTINGS_H */
593 
594