1 /* user_settings.h 2 * 3 * Copyright (C) 2006-2021 wolfSSL Inc. 4 * 5 * This file is part of wolfSSL. 6 * 7 * wolfSSL is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * wolfSSL is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 */ 21 22 /* Custom wolfSSL user settings for GCC ARM */ 23 24 #ifndef WOLFSSL_USER_SETTINGS_H 25 #define WOLFSSL_USER_SETTINGS_H 26 27 #ifdef __cplusplus 28 extern "C" { 29 #endif 30 31 32 /* ------------------------------------------------------------------------- */ 33 /* Platform */ 34 /* ------------------------------------------------------------------------- */ 35 #undef WOLFSSL_GENERAL_ALIGNMENT 36 #define WOLFSSL_GENERAL_ALIGNMENT 4 37 38 #undef SINGLE_THREADED 39 #define SINGLE_THREADED 40 41 #undef WOLFSSL_SMALL_STACK 42 #define WOLFSSL_SMALL_STACK 43 44 #undef WOLFSSL_USER_IO 45 #define WOLFSSL_USER_IO 46 47 48 /* ------------------------------------------------------------------------- */ 49 /* Math Configuration */ 50 /* ------------------------------------------------------------------------- */ 51 #undef SIZEOF_LONG_LONG 52 #define SIZEOF_LONG_LONG 8 53 54 #undef USE_FAST_MATH 55 #if 1 56 #define USE_FAST_MATH 57 58 #undef TFM_TIMING_RESISTANT 59 #define TFM_TIMING_RESISTANT 60 61 /* Optimizations */ 62 //#define TFM_ARM 63 #endif 64 65 /* Wolf Single Precision Math */ 66 #undef WOLFSSL_SP 67 #if 0 68 #define WOLFSSL_SP 69 #define WOLFSSL_SP_SMALL /* use smaller version of code */ 70 #define WOLFSSL_HAVE_SP_RSA 71 #define WOLFSSL_HAVE_SP_DH 72 #define WOLFSSL_HAVE_SP_ECC 73 //#define WOLFSSL_SP_CACHE_RESISTANT 74 #define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */ 75 76 /* SP Assembly Speedups */ 77 #define WOLFSSL_SP_ASM /* required if using the ASM versions */ 78 //#define WOLFSSL_SP_ARM32_ASM 79 //#define WOLFSSL_SP_ARM64_ASM 80 //#define WOLFSSL_SP_ARM_THUMB_ASM 81 #define WOLFSSL_SP_ARM_CORTEX_M_ASM 82 #endif 83 84 /* ------------------------------------------------------------------------- */ 85 /* FIPS - Requires eval or license from wolfSSL */ 86 /* ------------------------------------------------------------------------- */ 87 #undef HAVE_FIPS 88 #if 0 89 #define HAVE_FIPS 90 91 #undef HAVE_FIPS_VERSION 92 #define HAVE_FIPS_VERSION 2 93 94 #ifdef SINGLE_THREADED 95 #undef NO_THREAD_LS 96 #define NO_THREAD_LS 97 #endif 98 #endif 99 100 101 /* ------------------------------------------------------------------------- */ 102 /* Crypto */ 103 /* ------------------------------------------------------------------------- */ 104 /* RSA */ 105 #undef NO_RSA 106 #if 1 107 #ifdef USE_FAST_MATH 108 /* Maximum math bits (Max RSA key bits * 2) */ 109 #undef FP_MAX_BITS 110 #define FP_MAX_BITS 4096 111 #endif 112 113 /* half as much memory but twice as slow */ 114 #undef RSA_LOW_MEM 115 //#define RSA_LOW_MEM 116 117 /* Enables blinding mode, to prevent timing attacks */ 118 #if 1 119 #undef WC_RSA_BLINDING 120 #define WC_RSA_BLINDING 121 #else 122 #undef WC_NO_HARDEN 123 #define WC_NO_HARDEN 124 #endif 125 126 /* RSA PSS Support */ 127 #if 0 128 #define WC_RSA_PSS 129 #endif 130 131 #if 0 132 #define WC_RSA_NO_PADDING 133 #endif 134 #else 135 #define NO_RSA 136 #endif 137 138 /* ECC */ 139 #undef HAVE_ECC 140 #if 1 141 #define HAVE_ECC 142 143 /* Manually define enabled curves */ 144 #undef ECC_USER_CURVES 145 #define ECC_USER_CURVES 146 147 #ifdef ECC_USER_CURVES 148 /* Manual Curve Selection */ 149 //#define HAVE_ECC192 150 //#define HAVE_ECC224 151 #undef NO_ECC256 152 //#define HAVE_ECC384 153 //#define HAVE_ECC521 154 #endif 155 156 /* Fixed point cache (speeds repeated operations against same private key) */ 157 #undef FP_ECC 158 //#define FP_ECC 159 #ifdef FP_ECC 160 /* Bits / Entries */ 161 #undef FP_ENTRIES 162 #define FP_ENTRIES 2 163 #undef FP_LUT 164 #define FP_LUT 4 165 #endif 166 167 /* Optional ECC calculation method */ 168 /* Note: doubles heap usage, but slightly faster */ 169 #undef ECC_SHAMIR 170 #define ECC_SHAMIR 171 172 /* Reduces heap usage, but slower */ 173 #undef ECC_TIMING_RESISTANT 174 #define ECC_TIMING_RESISTANT 175 176 #ifdef HAVE_FIPS 177 #undef HAVE_ECC_CDH 178 #define HAVE_ECC_CDH /* Enable cofactor support */ 179 180 #undef NO_STRICT_ECDSA_LEN 181 #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */ 182 183 #undef WOLFSSL_VALIDATE_ECC_IMPORT 184 #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */ 185 #endif 186 187 /* Compressed Key Support */ 188 #undef HAVE_COMP_KEY 189 //#define HAVE_COMP_KEY 190 191 /* Use alternate ECC size for ECC math */ 192 #ifdef USE_FAST_MATH 193 /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ 194 #ifdef NO_RSA 195 /* Custom fastmath size if not using RSA */ 196 #undef FP_MAX_BITS 197 #define FP_MAX_BITS (256 * 2) 198 #else 199 #undef ALT_ECC_SIZE 200 #define ALT_ECC_SIZE 201 /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */ 202 //#undef FP_MAX_BITS_ECC 203 //#define FP_MAX_BITS_ECC (256 * 2) 204 #endif 205 206 /* Speedups specific to curve */ 207 #ifndef NO_ECC256 208 #undef TFM_ECC256 209 #define TFM_ECC256 210 #endif 211 #endif 212 #endif 213 214 /* DH */ 215 #undef NO_DH 216 #if 1 217 /* Use table for DH instead of -lm (math) lib dependency */ 218 #if 0 219 #define WOLFSSL_DH_CONST 220 #define HAVE_FFDHE_2048 221 #define HAVE_FFDHE_4096 222 //#define HAVE_FFDHE_6144 223 //#define HAVE_FFDHE_8192 224 #endif 225 226 #ifdef HAVE_FIPS 227 #define WOLFSSL_VALIDATE_FFC_IMPORT 228 #define HAVE_FFDHE_Q 229 #endif 230 #else 231 #define NO_DH 232 #endif 233 234 235 /* AES */ 236 #undef NO_AES 237 #if 1 238 #undef HAVE_AES_CBC 239 #define HAVE_AES_CBC 240 241 #undef HAVE_AESGCM 242 #define HAVE_AESGCM 243 244 /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ 245 #define GCM_SMALL 246 247 #undef WOLFSSL_AES_DIRECT 248 //#define WOLFSSL_AES_DIRECT 249 250 #undef HAVE_AES_ECB 251 //#define HAVE_AES_ECB 252 253 #undef WOLFSSL_AES_COUNTER 254 //#define WOLFSSL_AES_COUNTER 255 256 #undef HAVE_AESCCM 257 //#define HAVE_AESCCM 258 #else 259 #define NO_AES 260 #endif 261 262 263 /* DES3 */ 264 #undef NO_DES3 265 #if 0 266 #else 267 #define NO_DES3 268 #endif 269 270 /* ChaCha20 / Poly1305 */ 271 #undef HAVE_CHACHA 272 #undef HAVE_POLY1305 273 #if 0 274 #define HAVE_CHACHA 275 #define HAVE_POLY1305 276 277 /* Needed for Poly1305 */ 278 #undef HAVE_ONE_TIME_AUTH 279 #define HAVE_ONE_TIME_AUTH 280 #endif 281 282 /* Ed25519 / Curve25519 */ 283 #undef HAVE_CURVE25519 284 #undef HAVE_ED25519 285 #if 0 286 #define HAVE_CURVE25519 287 #define HAVE_ED25519 /* ED25519 Requires SHA512 */ 288 289 /* Optionally use small math (less flash usage, but much slower) */ 290 #if 1 291 #define CURVED25519_SMALL 292 #endif 293 #endif 294 295 296 /* ------------------------------------------------------------------------- */ 297 /* Hashing */ 298 /* ------------------------------------------------------------------------- */ 299 /* Sha */ 300 #undef NO_SHA 301 #if 1 302 /* 1k smaller, but 25% slower */ 303 //#define USE_SLOW_SHA 304 #else 305 #define NO_SHA 306 #endif 307 308 /* Sha256 */ 309 #undef NO_SHA256 310 #if 1 311 /* not unrolled - ~2k smaller and ~25% slower */ 312 //#define USE_SLOW_SHA256 313 314 /* Sha224 */ 315 #if 0 316 #define WOLFSSL_SHA224 317 #endif 318 #else 319 #define NO_SHA256 320 #endif 321 322 /* Sha512 */ 323 #undef WOLFSSL_SHA512 324 #if 0 325 #define WOLFSSL_SHA512 326 327 /* Sha384 */ 328 #undef WOLFSSL_SHA384 329 #if 0 330 #define WOLFSSL_SHA384 331 #endif 332 333 /* over twice as small, but 50% slower */ 334 //#define USE_SLOW_SHA512 335 #endif 336 337 /* Sha3 */ 338 #undef WOLFSSL_SHA3 339 #if 0 340 #define WOLFSSL_SHA3 341 #endif 342 343 /* MD5 */ 344 #undef NO_MD5 345 #if 0 346 347 #else 348 #define NO_MD5 349 #endif 350 351 /* HKDF */ 352 #undef HAVE_HKDF 353 #if 0 354 #define HAVE_HKDF 355 #endif 356 357 /* CMAC */ 358 #undef WOLFSSL_CMAC 359 #if 0 360 #define WOLFSSL_CMAC 361 #endif 362 363 364 /* ------------------------------------------------------------------------- */ 365 /* Benchmark / Test */ 366 /* ------------------------------------------------------------------------- */ 367 /* Use reduced benchmark / test sizes */ 368 #undef BENCH_EMBEDDED 369 #define BENCH_EMBEDDED 370 371 #undef USE_CERT_BUFFERS_2048 372 #define USE_CERT_BUFFERS_2048 373 374 //#undef USE_CERT_BUFFERS_1024 375 //#define USE_CERT_BUFFERS_1024 376 377 #undef USE_CERT_BUFFERS_256 378 #define USE_CERT_BUFFERS_256 379 380 381 /* ------------------------------------------------------------------------- */ 382 /* Debugging */ 383 /* ------------------------------------------------------------------------- */ 384 385 #undef DEBUG_WOLFSSL 386 #undef NO_ERROR_STRINGS 387 #if 0 388 #define DEBUG_WOLFSSL 389 #else 390 #if 0 391 #define NO_ERROR_STRINGS 392 #endif 393 #endif 394 395 396 /* ------------------------------------------------------------------------- */ 397 /* Memory */ 398 /* ------------------------------------------------------------------------- */ 399 400 /* Override Memory API's */ 401 #if 0 402 #undef XMALLOC_OVERRIDE 403 #define XMALLOC_OVERRIDE 404 405 /* prototypes for user heap override functions */ 406 /* Note: Realloc only required for normal math */ 407 #include <stddef.h> /* for size_t */ 408 extern void *myMalloc(size_t n, void* heap, int type); 409 extern void myFree(void *p, void* heap, int type); 410 extern void *myRealloc(void *p, size_t n, void* heap, int type); 411 412 #define XMALLOC(n, h, t) myMalloc(n, h, t) 413 #define XFREE(p, h, t) myFree(p, h, t) 414 #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t) 415 #endif 416 417 #if 0 418 /* Static memory requires fast math */ 419 #define WOLFSSL_STATIC_MEMORY 420 421 /* Disable fallback malloc/free */ 422 #define WOLFSSL_NO_MALLOC 423 #if 1 424 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */ 425 #endif 426 #endif 427 428 /* Memory callbacks */ 429 #if 0 430 #undef USE_WOLFSSL_MEMORY 431 #define USE_WOLFSSL_MEMORY 432 433 /* Use this to measure / print heap usage */ 434 #if 1 435 #undef WOLFSSL_TRACK_MEMORY 436 #define WOLFSSL_TRACK_MEMORY 437 438 #undef WOLFSSL_DEBUG_MEMORY 439 #define WOLFSSL_DEBUG_MEMORY 440 #endif 441 #else 442 #ifndef WOLFSSL_STATIC_MEMORY 443 #define NO_WOLFSSL_MEMORY 444 /* Otherwise we will use stdlib malloc, free and realloc */ 445 #endif 446 #endif 447 448 449 /* ------------------------------------------------------------------------- */ 450 /* Port */ 451 /* ------------------------------------------------------------------------- */ 452 453 /* Override Current Time */ 454 /* Allows custom "custom_time()" function to be used for benchmark */ 455 #define WOLFSSL_USER_CURRTIME 456 #define WOLFSSL_GMTIME 457 #define USER_TICKS 458 extern unsigned long my_time(unsigned long* timer); 459 #define XTIME my_time 460 461 462 /* ------------------------------------------------------------------------- */ 463 /* RNG */ 464 /* ------------------------------------------------------------------------- */ 465 466 /* Seed Source */ 467 /* Size of returned HW RNG value */ 468 #define CUSTOM_RAND_TYPE unsigned int 469 extern unsigned int my_rng_seed_gen(void); 470 #undef CUSTOM_RAND_GENERATE 471 #define CUSTOM_RAND_GENERATE my_rng_seed_gen 472 473 /* Choose RNG method */ 474 #if 1 475 /* Use built-in P-RNG (SHA256 based) with HW RNG */ 476 /* P-RNG + HW RNG (P-RNG is ~8K) */ 477 #undef HAVE_HASHDRBG 478 #define HAVE_HASHDRBG 479 #else 480 #undef WC_NO_HASHDRBG 481 #define WC_NO_HASHDRBG 482 483 /* Bypass P-RNG and use only HW RNG */ 484 extern int my_rng_gen_block(unsigned char* output, unsigned int sz); 485 #undef CUSTOM_RAND_GENERATE_BLOCK 486 #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block 487 #endif 488 489 490 /* ------------------------------------------------------------------------- */ 491 /* Custom Standard Lib */ 492 /* ------------------------------------------------------------------------- */ 493 /* Allows override of all standard library functions */ 494 #undef STRING_USER 495 #if 0 496 #define STRING_USER 497 498 #include <string.h> 499 500 #undef USE_WOLF_STRSEP 501 #define USE_WOLF_STRSEP 502 #define XSTRSEP(s1,d) wc_strsep((s1),(d)) 503 504 #undef USE_WOLF_STRTOK 505 #define USE_WOLF_STRTOK 506 #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) 507 508 #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) 509 510 #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) 511 #define XMEMSET(b,c,l) memset((b),(c),(l)) 512 #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) 513 #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) 514 515 #define XSTRLEN(s1) strlen((s1)) 516 #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) 517 #define XSTRSTR(s1,s2) strstr((s1),(s2)) 518 519 #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) 520 #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) 521 #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) 522 523 #define XSNPRINTF snprintf 524 #endif 525 526 527 528 /* ------------------------------------------------------------------------- */ 529 /* Enable Features */ 530 /* ------------------------------------------------------------------------- */ 531 #undef WOLFSSL_TLS13 532 #if 0 533 #define WOLFSSL_TLS13 534 #endif 535 536 #undef WOLFSSL_KEY_GEN 537 #if 0 538 #define WOLFSSL_KEY_GEN 539 #endif 540 541 #if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN) 542 #define WOLFSSL_OLD_PRIME_CHECK 543 #endif 544 545 #undef KEEP_PEER_CERT 546 //#define KEEP_PEER_CERT 547 548 #undef HAVE_COMP_KEY 549 //#define HAVE_COMP_KEY 550 551 #undef HAVE_TLS_EXTENSIONS 552 #define HAVE_TLS_EXTENSIONS 553 554 #undef HAVE_SUPPORTED_CURVES 555 #define HAVE_SUPPORTED_CURVES 556 557 #undef WOLFSSL_BASE64_ENCODE 558 #define WOLFSSL_BASE64_ENCODE 559 560 /* TLS Session Cache */ 561 #if 0 562 #define SMALL_SESSION_CACHE 563 #else 564 #define NO_SESSION_CACHE 565 #endif 566 567 568 /* ------------------------------------------------------------------------- */ 569 /* Disable Features */ 570 /* ------------------------------------------------------------------------- */ 571 #undef NO_WOLFSSL_SERVER 572 //#define NO_WOLFSSL_SERVER 573 574 #undef NO_WOLFSSL_CLIENT 575 //#define NO_WOLFSSL_CLIENT 576 577 #undef NO_CRYPT_TEST 578 //#define NO_CRYPT_TEST 579 580 #undef NO_CRYPT_BENCHMARK 581 //#define NO_CRYPT_BENCHMARK 582 583 #undef WOLFCRYPT_ONLY 584 //#define WOLFCRYPT_ONLY 585 586 /* In-lining of misc.c functions */ 587 /* If defined, must include wolfcrypt/src/misc.c in build */ 588 /* Slower, but about 1k smaller */ 589 #undef NO_INLINE 590 //#define NO_INLINE 591 592 #undef NO_FILESYSTEM 593 #define NO_FILESYSTEM 594 595 #undef NO_WRITEV 596 #define NO_WRITEV 597 598 #undef NO_MAIN_DRIVER 599 #define NO_MAIN_DRIVER 600 601 #undef NO_DEV_RANDOM 602 #define NO_DEV_RANDOM 603 604 #undef NO_DSA 605 #define NO_DSA 606 607 #undef NO_RC4 608 #define NO_RC4 609 610 #undef NO_OLD_TLS 611 #define NO_OLD_TLS 612 613 #undef NO_HC128 614 #define NO_HC128 615 616 #undef NO_RABBIT 617 #define NO_RABBIT 618 619 #undef NO_PSK 620 #define NO_PSK 621 622 #undef NO_MD4 623 #define NO_MD4 624 625 #undef NO_PWDBASED 626 #define NO_PWDBASED 627 628 #undef NO_CODING 629 //#define NO_CODING 630 631 #undef NO_ASN_TIME 632 //#define NO_ASN_TIME 633 634 #undef NO_CERTS 635 //#define NO_CERTS 636 637 #undef NO_SIG_WRAPPER 638 //#define NO_SIG_WRAPPER 639 640 #undef WOLFSSL_IGNORE_FILE_WARN 641 #define WOLFSSL_IGNORE_FILE_WARN 642 643 644 #ifdef __cplusplus 645 } 646 #endif 647 648 #endif /* WOLFSSL_USER_SETTINGS_H */ 649 650