1 /* user_settings_template.h 2 * 3 * Copyright (C) 2006-2021 wolfSSL Inc. 4 * 5 * This file is part of wolfSSL. 6 * 7 * wolfSSL is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * wolfSSL is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 */ 21 22 /* Example wolfSSL user settings with #if 0/1 gates to enable/disable algorithms and features. 23 * This file is included with wolfssl/wolfcrypt/settings.h when WOLFSSL_USER_SETTINGS is defined. 24 * Based on IDE/GCC-ARM/Headers/user_settings.h 25 */ 26 27 #ifndef WOLFSSL_USER_SETTINGS_H 28 #define WOLFSSL_USER_SETTINGS_H 29 30 #ifdef __cplusplus 31 extern "C" { 32 #endif 33 34 /* If TARGET_EMBEDDED is defined then small target settings are used */ 35 #if !(defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__) || defined(_WIN32)) 36 #define TARGET_EMBEDDED 37 #endif 38 39 /* ------------------------------------------------------------------------- */ 40 /* Platform */ 41 /* ------------------------------------------------------------------------- */ 42 #define WOLFSSL_GENERAL_ALIGNMENT 4 43 #define SIZEOF_LONG_LONG 8 44 #if 0 45 #define NO_64BIT /* disable use of 64-bit variables */ 46 #endif 47 48 #ifdef TARGET_EMBEDDED 49 /* disable mutex locking */ 50 #define SINGLE_THREADED 51 52 /* reduce stack use. For variables over 100 bytes allocate from heap */ 53 #define WOLFSSL_SMALL_STACK 54 55 /* disable the built-in socket support and use the IO callbacks. 56 * Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend 57 */ 58 #define WOLFSSL_USER_IO 59 #endif 60 61 /* ------------------------------------------------------------------------- */ 62 /* Math Configuration */ 63 /* ------------------------------------------------------------------------- */ 64 #undef USE_FAST_MATH 65 #if 1 66 /* fast math (tfmc.) (stack based and timing resistant) */ 67 #define USE_FAST_MATH 68 #define TFM_TIMING_RESISTANT 69 #else 70 /* normal heap based integer.c (not timing resistant) */ 71 #endif 72 73 /* Wolf Single Precision Math */ 74 #undef WOLFSSL_SP 75 #if 1 76 #define WOLFSSL_HAVE_SP_RSA 77 #define WOLFSSL_HAVE_SP_DH 78 #define WOLFSSL_HAVE_SP_ECC 79 //#define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */ 80 //#define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */ 81 82 //#define WOLFSSL_SP_CACHE_RESISTANT 83 #define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */ 84 #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */ 85 86 //#define WOLFSSL_SP_NO_MALLOC 87 //#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */ 88 89 #ifdef TARGET_EMBEDDED 90 /* use smaller version of code */ 91 #define WOLFSSL_SP_SMALL 92 #else 93 /* SP Assembly Speedups - specific to chip type */ 94 #define WOLFSSL_SP_ASM 95 #endif 96 //#define WOLFSSL_SP_X86_64 97 //#define WOLFSSL_SP_X86 98 //#define WOLFSSL_SP_ARM32_ASM 99 //#define WOLFSSL_SP_ARM64_ASM 100 //#define WOLFSSL_SP_ARM_THUMB_ASM 101 //#define WOLFSSL_SP_ARM_CORTEX_M_ASM 102 #endif 103 104 /* ------------------------------------------------------------------------- */ 105 /* Crypto */ 106 /* ------------------------------------------------------------------------- */ 107 /* RSA */ 108 #undef NO_RSA 109 #if 1 110 #ifdef USE_FAST_MATH 111 /* Maximum math bits (Max RSA key bits * 2) */ 112 #define FP_MAX_BITS 4096 113 #endif 114 115 /* half as much memory but twice as slow */ 116 //#define RSA_LOW_MEM 117 118 /* Enables blinding mode, to prevent timing attacks */ 119 #define WC_RSA_BLINDING 120 121 /* RSA PSS Support */ 122 #define WC_RSA_PSS 123 #else 124 #define NO_RSA 125 #endif 126 127 /* DH */ 128 #undef NO_DH 129 #if 1 130 /* Use table for DH instead of -lm (math) lib dependency */ 131 #if 1 132 #define WOLFSSL_DH_CONST 133 #define HAVE_FFDHE_2048 134 //#define HAVE_FFDHE_4096 135 //#define HAVE_FFDHE_6144 136 //#define HAVE_FFDHE_8192 137 #endif 138 #else 139 #define NO_DH 140 #endif 141 142 /* ECC */ 143 #undef HAVE_ECC 144 #if 1 145 #define HAVE_ECC 146 147 /* Manually define enabled curves */ 148 #define ECC_USER_CURVES 149 150 #ifdef ECC_USER_CURVES 151 /* Manual Curve Selection */ 152 //#define HAVE_ECC192 153 //#define HAVE_ECC224 154 #undef NO_ECC256 155 //#define HAVE_ECC384 156 //#define HAVE_ECC521 157 #endif 158 159 /* Fixed point cache (speeds repeated operations against same private key) */ 160 //#define FP_ECC 161 #ifdef FP_ECC 162 /* Bits / Entries */ 163 #define FP_ENTRIES 2 164 #define FP_LUT 4 165 #endif 166 167 /* Optional ECC calculation method */ 168 /* Note: doubles heap usage, but slightly faster */ 169 #define ECC_SHAMIR 170 171 /* Reduces heap usage, but slower */ 172 #define ECC_TIMING_RESISTANT 173 174 /* Compressed ECC Key Support */ 175 //#define HAVE_COMP_KEY 176 177 /* Use alternate ECC size for ECC math */ 178 #ifdef USE_FAST_MATH 179 /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ 180 #if defined(NO_RSA) && defined(NO_DH) 181 /* Custom fastmath size if not using RSA/DH */ 182 #define FP_MAX_BITS (256 * 2) 183 #else 184 /* use heap allocation for ECC points */ 185 #define ALT_ECC_SIZE 186 187 /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */ 188 //#define FP_MAX_BITS_ECC (256 * 2) 189 #endif 190 191 /* Speedups specific to curve */ 192 #ifndef NO_ECC256 193 #define TFM_ECC256 194 #endif 195 #endif 196 #endif 197 198 199 /* AES */ 200 #undef NO_AES 201 #if 1 202 #define HAVE_AES_CBC 203 204 /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */ 205 #define HAVE_AESGCM 206 #ifdef TARGET_EMBEDDED 207 #define GCM_SMALL 208 #else 209 #define GCM_TABLE_4BIT 210 #endif 211 212 //#define WOLFSSL_AES_DIRECT 213 //#define HAVE_AES_ECB 214 //#define WOLFSSL_AES_COUNTER 215 //#define HAVE_AESCCM 216 #else 217 #define NO_AES 218 #endif 219 220 221 /* DES3 */ 222 #undef NO_DES3 223 #if 0 224 #else 225 #define NO_DES3 226 #endif 227 228 /* ChaCha20 / Poly1305 */ 229 #undef HAVE_CHACHA 230 #undef HAVE_POLY1305 231 #if 1 232 #define HAVE_CHACHA 233 #define HAVE_POLY1305 234 235 /* Needed for Poly1305 */ 236 #define HAVE_ONE_TIME_AUTH 237 #endif 238 239 /* Ed25519 / Curve25519 */ 240 #undef HAVE_CURVE25519 241 #undef HAVE_ED25519 242 #if 0 243 #define HAVE_CURVE25519 244 #define HAVE_ED25519 /* ED25519 Requires SHA512 */ 245 246 /* Optionally use small math (less flash usage, but much slower) */ 247 #if 1 248 #define CURVED25519_SMALL 249 #endif 250 #endif 251 252 253 /* ------------------------------------------------------------------------- */ 254 /* Hashing */ 255 /* ------------------------------------------------------------------------- */ 256 /* Sha */ 257 #undef NO_SHA 258 #if 1 259 /* 1k smaller, but 25% slower */ 260 //#define USE_SLOW_SHA 261 #else 262 #define NO_SHA 263 #endif 264 265 /* Sha256 */ 266 #undef NO_SHA256 267 #if 1 268 /* not unrolled - ~2k smaller and ~25% slower */ 269 //#define USE_SLOW_SHA256 270 271 /* Sha224 */ 272 #if 0 273 #define WOLFSSL_SHA224 274 #endif 275 #else 276 #define NO_SHA256 277 #endif 278 279 /* Sha512 */ 280 #undef WOLFSSL_SHA512 281 #if 0 282 #define WOLFSSL_SHA512 283 284 /* Sha384 */ 285 #undef WOLFSSL_SHA384 286 #if 0 287 #define WOLFSSL_SHA384 288 #endif 289 290 /* over twice as small, but 50% slower */ 291 //#define USE_SLOW_SHA512 292 #endif 293 294 /* Sha3 */ 295 #undef WOLFSSL_SHA3 296 #if 0 297 #define WOLFSSL_SHA3 298 #endif 299 300 /* MD5 */ 301 #undef NO_MD5 302 #if 0 303 304 #else 305 #define NO_MD5 306 #endif 307 308 /* HKDF */ 309 #undef HAVE_HKDF 310 #if 1 311 #define HAVE_HKDF 312 #endif 313 314 /* CMAC */ 315 #undef WOLFSSL_CMAC 316 #if 0 317 #define WOLFSSL_CMAC 318 #endif 319 320 321 /* ------------------------------------------------------------------------- */ 322 /* Benchmark / Test */ 323 /* ------------------------------------------------------------------------- */ 324 #ifdef TARGET_EMBEDDED 325 /* Use reduced benchmark / test sizes */ 326 #define BENCH_EMBEDDED 327 #endif 328 329 /* Use test buffers from array (not filesystem) */ 330 #ifndef NO_FILESYSTEM 331 #define USE_CERT_BUFFERS_256 332 #define USE_CERT_BUFFERS_2048 333 #endif 334 335 /* ------------------------------------------------------------------------- */ 336 /* Debugging */ 337 /* ------------------------------------------------------------------------- */ 338 339 #undef DEBUG_WOLFSSL 340 #undef NO_ERROR_STRINGS 341 #if 0 342 #define DEBUG_WOLFSSL 343 #else 344 #if 0 345 #define NO_ERROR_STRINGS 346 #endif 347 #endif 348 349 350 /* ------------------------------------------------------------------------- */ 351 /* Memory */ 352 /* ------------------------------------------------------------------------- */ 353 354 /* Override Memory API's */ 355 #if 0 356 #define XMALLOC_OVERRIDE 357 358 /* prototypes for user heap override functions */ 359 /* Note: Realloc only required for normal math */ 360 #include <stddef.h> /* for size_t */ 361 extern void *myMalloc(size_t n, void* heap, int type); 362 extern void myFree(void *p, void* heap, int type); 363 extern void *myRealloc(void *p, size_t n, void* heap, int type); 364 365 #define XMALLOC(n, h, t) myMalloc(n, h, t) 366 #define XFREE(p, h, t) myFree(p, h, t) 367 #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t) 368 #endif 369 370 #if 0 371 /* Static memory requires fast math */ 372 #define WOLFSSL_STATIC_MEMORY 373 374 /* Disable fallback malloc/free */ 375 #define WOLFSSL_NO_MALLOC 376 #if 1 377 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */ 378 #endif 379 #endif 380 381 /* Memory callbacks */ 382 #if 0 383 #undef USE_WOLFSSL_MEMORY 384 #define USE_WOLFSSL_MEMORY 385 386 /* Use this to measure / print heap usage */ 387 #if 0 388 #define WOLFSSL_TRACK_MEMORY 389 #define WOLFSSL_DEBUG_MEMORY 390 #endif 391 #else 392 #ifndef WOLFSSL_STATIC_MEMORY 393 #define NO_WOLFSSL_MEMORY 394 /* Otherwise we will use stdlib malloc, free and realloc */ 395 #endif 396 #endif 397 398 399 /* ------------------------------------------------------------------------- */ 400 /* Port */ 401 /* ------------------------------------------------------------------------- */ 402 403 /* Override Current Time */ 404 #if 0 405 /* Allows custom "custom_time()" function to be used for benchmark */ 406 #define WOLFSSL_USER_CURRTIME 407 #define WOLFSSL_GMTIME 408 #define USER_TICKS 409 extern unsigned long my_time(unsigned long* timer); 410 #define XTIME my_time 411 #endif 412 413 414 /* ------------------------------------------------------------------------- */ 415 /* RNG */ 416 /* ------------------------------------------------------------------------- */ 417 418 /* Choose RNG method */ 419 #if 1 420 /* Custom Seed Source */ 421 #if 0 422 /* Size of returned HW RNG value */ 423 #define CUSTOM_RAND_TYPE unsigned int 424 extern unsigned int my_rng_seed_gen(void); 425 #undef CUSTOM_RAND_GENERATE 426 #define CUSTOM_RAND_GENERATE my_rng_seed_gen 427 #endif 428 429 /* Use built-in P-RNG (SHA256 based) with HW RNG */ 430 /* P-RNG + HW RNG (P-RNG is ~8K) */ 431 #undef HAVE_HASHDRBG 432 #define HAVE_HASHDRBG 433 #else 434 #undef WC_NO_HASHDRBG 435 #define WC_NO_HASHDRBG 436 437 /* Bypass P-RNG and use only HW RNG */ 438 extern int my_rng_gen_block(unsigned char* output, unsigned int sz); 439 #undef CUSTOM_RAND_GENERATE_BLOCK 440 #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block 441 #endif 442 443 444 /* ------------------------------------------------------------------------- */ 445 /* Custom Standard Lib */ 446 /* ------------------------------------------------------------------------- */ 447 /* Allows override of all standard library functions */ 448 #undef STRING_USER 449 #if 0 450 #define STRING_USER 451 452 #include <string.h> 453 454 #define USE_WOLF_STRSEP 455 #define XSTRSEP(s1,d) wc_strsep((s1),(d)) 456 457 #define USE_WOLF_STRTOK 458 #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) 459 460 #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) 461 462 #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) 463 #define XMEMSET(b,c,l) memset((b),(c),(l)) 464 #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) 465 #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) 466 467 #define XSTRLEN(s1) strlen((s1)) 468 #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) 469 #define XSTRSTR(s1,s2) strstr((s1),(s2)) 470 471 #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) 472 #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) 473 #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) 474 475 #define XSNPRINTF snprintf 476 #endif 477 478 479 480 /* ------------------------------------------------------------------------- */ 481 /* Enable Features */ 482 /* ------------------------------------------------------------------------- */ 483 484 #define WOLFSSL_TLS13 485 #define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */ 486 #define HAVE_TLS_EXTENSIONS 487 #define HAVE_SUPPORTED_CURVES 488 #define WOLFSSL_BASE64_ENCODE 489 490 //#define WOLFSSL_KEY_GEN /* For RSA Key gen only */ 491 //#define KEEP_PEER_CERT 492 //#define HAVE_COMP_KEY 493 494 /* TLS Session Cache */ 495 #if 0 496 #define SMALL_SESSION_CACHE 497 #else 498 #define NO_SESSION_CACHE 499 #endif 500 501 502 /* ------------------------------------------------------------------------- */ 503 /* Disable Features */ 504 /* ------------------------------------------------------------------------- */ 505 //#define NO_WOLFSSL_SERVER 506 //#define NO_WOLFSSL_CLIENT 507 //#define NO_CRYPT_TEST 508 //#define NO_CRYPT_BENCHMARK 509 //#define WOLFCRYPT_ONLY 510 511 /* In-lining of misc.c functions */ 512 /* If defined, must include wolfcrypt/src/misc.c in build */ 513 /* Slower, but about 1k smaller */ 514 //#define NO_INLINE 515 516 #ifdef TARGET_EMBEDDED 517 #define NO_FILESYSTEM 518 #define NO_WRITEV 519 #define NO_MAIN_DRIVER 520 #define NO_DEV_RANDOM 521 #endif 522 523 #define NO_OLD_TLS 524 #define NO_PSK 525 526 #define NO_DSA 527 #define NO_RC4 528 #define NO_HC128 529 #define NO_RABBIT 530 #define NO_MD4 531 #define NO_PWDBASED 532 //#define NO_CODING 533 //#define NO_ASN_TIME 534 //#define NO_CERTS 535 //#define NO_SIG_WRAPPER 536 537 #ifdef __cplusplus 538 } 539 #endif 540 541 #endif /* WOLFSSL_USER_SETTINGS_H */ 542