user_settings.h
1 /* user_settings.h
2  *
3  * Copyright (C) 2020 wolfSSL Inc.
4  *
5  * This file is part of wolfSSL.
6  *
7  * wolfSSL is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * wolfSSL is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20  */
21 
22 /* Example Settings for CryptoCell */
23 
24 #ifndef WOLFSSL_USER_SETTINGS_H
25 #define WOLFSSL_USER_SETTINGS_H
26 
27 #ifdef __cplusplus
28 extern "C" {
29 #endif
30 
31 /* ------------------------------------------------------------------------- */
32 /* CryptoCell */
33 /* ------------------------------------------------------------------------- */
34 #if 1
35  #define WOLFSSL_CRYPTOCELL
36  #define WOLFSSL_nRF5x_SDK_15_2 /* for benchmark timer */
37  #define WOLFSSL_CRYPTOCELL_AES /* only CBC mode is supported */
38 #else
39  /* run without CryptoCell,
40  include IDE/GCC-ARM/Source/wolf_main.c for current_time(). */
41 #endif
42 
43 #if defined(WOLFSSL_CRYPTOCELL)
44  #define AES_MAX_KEY_SIZE 128
45 #endif /* WOLFSSL_CRYPTOCELL*/
46 
47 
48 /* ------------------------------------------------------------------------- */
49 /* Platform */
50 /* ------------------------------------------------------------------------- */
51 
52 #undef WOLFSSL_GENERAL_ALIGNMENT
53 #define WOLFSSL_GENERAL_ALIGNMENT 4
54 
55 #undef SINGLE_THREADED
56 #define SINGLE_THREADED
57 
58 #undef WOLFSSL_SMALL_STACK
59 #define WOLFSSL_SMALL_STACK
60 
61 #undef WOLFSSL_USER_IO
62 #define WOLFSSL_USER_IO
63 
64 
65 /* ------------------------------------------------------------------------- */
66 /* Math Configuration */
67 /* ------------------------------------------------------------------------- */
68 #undef SIZEOF_LONG_LONG
69 #define SIZEOF_LONG_LONG 8
70 
71 #undef USE_FAST_MATH
72 #if 1
73  #define USE_FAST_MATH
74 
75  #undef TFM_TIMING_RESISTANT
76  #define TFM_TIMING_RESISTANT
77 
78  /* Optimizations */
79  //#define TFM_ARM
80 #endif
81 
82 /* Wolf Single Precision Math */
83 #undef WOLFSSL_SP
84 #if 0
85  #define WOLFSSL_SP
86  #define WOLFSSL_SP_SMALL /* use smaller version of code */
87  #define WOLFSSL_HAVE_SP_RSA
88  #define WOLFSSL_HAVE_SP_DH
89  #define WOLFSSL_HAVE_SP_ECC
90  #define WOLFSSL_SP_CACHE_RESISTANT
91  //#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */
92 
93  /* Assembly */
94  //#define WOLFSSL_SP_ASM /* required if using the ASM versions */
95  //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
96 #endif
97 
98 /* ------------------------------------------------------------------------- */
99 /* Crypto */
100 /* ------------------------------------------------------------------------- */
101 /* RSA */
102 #undef NO_RSA
103 #if 1
104  #ifdef USE_FAST_MATH
105  /* Maximum math bits (Max RSA key bits * 2) */
106  #undef FP_MAX_BITS
107  #define FP_MAX_BITS 4096
108  #endif
109 
110  /* half as much memory but twice as slow */
111  #undef RSA_LOW_MEM
112  //#define RSA_LOW_MEM
113 
114  /* Enables blinding mode, to prevent timing attacks */
115  #if 1
116  #undef WC_RSA_BLINDING
117  #define WC_RSA_BLINDING
118  #else
119  #undef WC_NO_HARDEN
120  #define WC_NO_HARDEN
121  #endif
122 
123  /* RSA PSS Support */
124  #if 0
125  #define WC_RSA_PSS
126  #endif
127 
128  #if 0
129  #define WC_RSA_NO_PADDING
130  #endif
131 #else
132  #define NO_RSA
133 #endif
134 
135 /* ECC */
136 #undef HAVE_ECC
137 #if 1
138  #define HAVE_ECC
139 
140  /* Manually define enabled curves */
141  #undef ECC_USER_CURVES
142  #define ECC_USER_CURVES
143 
144  #ifdef ECC_USER_CURVES
145  /* Manual Curve Selection */
146  //#define HAVE_ECC192
147  //#define HAVE_ECC224
148  #undef NO_ECC256
149  #define HAVE_ECC384
150  //#define HAVE_ECC521
151  #endif
152 
153  /* Fixed point cache (speeds repeated operations against same private key) */
154  #undef FP_ECC
155  //#define FP_ECC
156  #ifdef FP_ECC
157  /* Bits / Entries */
158  #undef FP_ENTRIES
159  #define FP_ENTRIES 2
160  #undef FP_LUT
161  #define FP_LUT 4
162  #endif
163 
164  /* Optional ECC calculation method */
165  /* Note: doubles heap usage, but slightly faster */
166  #undef ECC_SHAMIR
167  #define ECC_SHAMIR
168 
169  /* Reduces heap usage, but slower */
170  #undef ECC_TIMING_RESISTANT
171  #define ECC_TIMING_RESISTANT
172 
173  /* Enable cofactor support */
174  #undef HAVE_ECC_CDH
175  //#define HAVE_ECC_CDH
176 
177  /* Validate import */
178  #undef WOLFSSL_VALIDATE_ECC_IMPORT
179  //#define WOLFSSL_VALIDATE_ECC_IMPORT
180 
181  /* Compressed Key Support */
182  #undef HAVE_COMP_KEY
183  //#define HAVE_COMP_KEY
184 
185  /* Use alternate ECC size for ECC math */
186  #ifdef USE_FAST_MATH
187  #ifdef NO_RSA
188  /* Custom fastmath size if not using RSA */
189  /* MAX = ROUND32(ECC BITS 384) + SIZE_OF_MP_DIGIT(32) */
190  #undef FP_MAX_BITS
191  #define FP_MAX_BITS (384 + 32)
192  #else
193  #undef ALT_ECC_SIZE
194  #define ALT_ECC_SIZE
195  #endif
196 
197  /* Speedups specific to curve */
198  #ifndef NO_ECC256
199  #undef TFM_ECC256
200  #define TFM_ECC256
201  #endif
202  #ifndef HAVE_ECC384
203  #undef TFM_ECC384
204  #define TFM_ECC384
205  #endif
206  #endif
207 #endif
208 
209 /* DH */
210 #undef NO_DH
211 #if 0
212  /* Use table for DH instead of -lm (math) lib dependency */
213  #if 0
214  #define WOLFSSL_DH_CONST
215  #endif
216 
217  #define HAVE_FFDHE_2048
218  //#define HAVE_FFDHE_4096
219  //#define HAVE_FFDHE_6144
220  //#define HAVE_FFDHE_8192
221 #else
222  #define NO_DH
223 #endif
224 
225 
226 /* AES */
227 #undef NO_AES
228 #if 1
229  #undef HAVE_AES_CBC
230  #define HAVE_AES_CBC
231 
232  /* If you need other than AES-CBC mode, you must undefine WOLFSSL_CRYPTOCELL_AES */
233  #if !defined(WOLFSSL_CRYPTOCELL_AES)
234  #undef HAVE_AESGCM
235  #define HAVE_AESGCM
236 
237  /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
238  #define GCM_SMALL
239 
240  #undef WOLFSSL_AES_DIRECT
241  //#define WOLFSSL_AES_DIRECT
242 
243  #undef HAVE_AES_ECB
244  //#define HAVE_AES_ECB
245 
246  #undef WOLFSSL_AES_COUNTER
247  //#define WOLFSSL_AES_COUNTER
248 
249  #undef HAVE_AESCCM
250  //#define HAVE_AESCCM
251  #endif
252 #else
253  #define NO_AES
254 #endif
255 
256 
257 /* DES3 */
258 #undef NO_DES3
259 #if 0
260 #else
261  #define NO_DES3
262 #endif
263 
264 /* ChaCha20 / Poly1305 */
265 #undef HAVE_CHACHA
266 #undef HAVE_POLY1305
267 #if 0
268  #define HAVE_CHACHA
269  #define HAVE_POLY1305
270 
271  /* Needed for Poly1305 */
272  #undef HAVE_ONE_TIME_AUTH
273  #define HAVE_ONE_TIME_AUTH
274 #endif
275 
276 /* Ed25519 / Curve25519 */
277 #undef HAVE_CURVE25519
278 #undef HAVE_ED25519
279 #if 0
280  #define HAVE_CURVE25519
281  #define HAVE_ED25519 /* ED25519 Requires SHA512 */
282 
283  /* Optionally use small math (less flash usage, but much slower) */
284  #if 1
285  #define CURVED25519_SMALL
286  #endif
287 #endif
288 
289 
290 /* ------------------------------------------------------------------------- */
291 /* Hashing */
292 /* ------------------------------------------------------------------------- */
293 /* Sha */
294 #undef NO_SHA
295 #if 1
296  /* 1k smaller, but 25% slower */
297  //#define USE_SLOW_SHA
298 #else
299  #define NO_SHA
300 #endif
301 
302 /* Sha256 */
303 #undef NO_SHA256
304 #if 1
305  /* not unrolled - ~2k smaller and ~25% slower */
306  //#define USE_SLOW_SHA256
307 
308  /* Sha224 */
309  #if 0
310  #define WOLFSSL_SHA224
311  #endif
312 #else
313  #define NO_SHA256
314 #endif
315 
316 /* Sha512 */
317 #undef WOLFSSL_SHA512
318 #if 0
319  #define WOLFSSL_SHA512
320 
321  /* Sha384 */
322  #undef WOLFSSL_SHA384
323  #if 0
324  #define WOLFSSL_SHA384
325  #endif
326 
327  /* over twice as small, but 50% slower */
328  //#define USE_SLOW_SHA512
329 #endif
330 
331 /* Sha3 */
332 #undef WOLFSSL_SHA3
333 #if 0
334  #define WOLFSSL_SHA3
335 #endif
336 
337 /* MD5 */
338 #undef NO_MD5
339 #if 0
340 
341 #else
342  #define NO_MD5
343 #endif
344 
345 /* HKDF */
346 #undef HAVE_HKDF
347 #if 0
348  #define HAVE_HKDF
349 #endif
350 
351 /* CMAC */
352 #undef WOLFSSL_CMAC
353 #if 0
354  #define WOLFSSL_CMAC
355 #endif
356 
357 
358 /* ------------------------------------------------------------------------- */
359 /* Benchmark / Test */
360 /* ------------------------------------------------------------------------- */
361 /* Use reduced benchmark / test sizes */
362 #undef BENCH_EMBEDDED
363 #define BENCH_EMBEDDED
364 
365 #undef USE_CERT_BUFFERS_2048
366 #define USE_CERT_BUFFERS_2048
367 
368 //#undef USE_CERT_BUFFERS_1024
369 //#define USE_CERT_BUFFERS_1024
370 
371 #undef USE_CERT_BUFFERS_256
372 #define USE_CERT_BUFFERS_256
373 
374 
375 /* ------------------------------------------------------------------------- */
376 /* Debugging */
377 /* ------------------------------------------------------------------------- */
378 
379 #undef DEBUG_WOLFSSL
380 #undef NO_ERROR_STRINGS
381 #if 0
382  #define DEBUG_WOLFSSL
383 #else
384  #if 0
385  #define NO_ERROR_STRINGS
386  #endif
387 #endif
388 
389 
390 /* ------------------------------------------------------------------------- */
391 /* Memory */
392 /* ------------------------------------------------------------------------- */
393 
394 /* Override Memory API's */
395 #if 0
396  #undef XMALLOC_OVERRIDE
397  #define XMALLOC_OVERRIDE
398 
399  /* prototypes for user heap override functions */
400  /* Note: Realloc only required for normal math */
401  #include <stddef.h> /* for size_t */
402  extern void *myMalloc(size_t n, void* heap, int type);
403  extern void myFree(void *p, void* heap, int type);
404  extern void *myRealloc(void *p, size_t n, void* heap, int type);
405 
406  #define XMALLOC(n, h, t) myMalloc(n, h, t)
407  #define XFREE(p, h, t) myFree(p, h, t)
408  #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
409 #endif
410 
411 #if 0
412  /* Static memory requires fast math */
413  #define WOLFSSL_STATIC_MEMORY
414 
415  /* Disable fallback malloc/free */
416  #define WOLFSSL_NO_MALLOC
417  #if 1
418  #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
419  #endif
420 #endif
421 
422 /* Memory callbacks */
423 #if 0
424  #undef USE_WOLFSSL_MEMORY
425  #define USE_WOLFSSL_MEMORY
426 
427  /* Use this to measure / print heap usage */
428  #if 1
429  #undef WOLFSSL_TRACK_MEMORY
430  #define WOLFSSL_TRACK_MEMORY
431 
432  #undef WOLFSSL_DEBUG_MEMORY
433  #define WOLFSSL_DEBUG_MEMORY
434  #endif
435 #else
436  #ifndef WOLFSSL_STATIC_MEMORY
437  #define NO_WOLFSSL_MEMORY
438  /* Otherwise we will use stdlib malloc, free and realloc */
439  #endif
440 #endif
441 
442 
443 /* ------------------------------------------------------------------------- */
444 /* Port */
445 /* ------------------------------------------------------------------------- */
446 
447 /* Override Current Time */
448 /* Allows custom "custom_time()" function to be used for benchmark */
449 #define WOLFSSL_USER_CURRTIME
450 #define WOLFSSL_GMTIME
451 #define USER_TICKS
452 
453 #if !defined(WOLFSSL_CRYPTOCELL)
454 // extern unsigned long my_time(unsigned long* timer);
455 // #define XTIME my_time
456 #endif
457 
458 /* ------------------------------------------------------------------------- */
459 /* RNG */
460 /* ------------------------------------------------------------------------- */
461 
462 #if defined(WOLFSSL_CRYPTOCELL)
463 // /* Override P-RNG with HW RNG */
464  #undef CUSTOM_RAND_GENERATE_BLOCK
465  #define CUSTOM_RAND_GENERATE_BLOCK cc310_random_generate
466  //#define CUSTOM_RAND_GENERATE_BLOCK nrf_random_generate
467  //#define WOLFSSL_GENSEED_FORTEST /* for software RNG*/
468 #else
469  #define WOLFSSL_GENSEED_FORTEST
470 #endif
471 
472 
473 /* ------------------------------------------------------------------------- */
474 /* Enable Features */
475 /* ------------------------------------------------------------------------- */
476 #undef WOLFSSL_TLS13
477 #if 0
478  #define WOLFSSL_TLS13
479 #endif
480 
481 #undef WOLFSSL_KEY_GEN
482 #if 1
483  #define WOLFSSL_KEY_GEN
484 #endif
485 
486 /* reduce DH test time */
487 #define WOLFSSL_OLD_PRIME_CHECK
488 
489 #undef KEEP_PEER_CERT
490 //#define KEEP_PEER_CERT
491 
492 #undef HAVE_COMP_KEY
493 //#define HAVE_COMP_KEY
494 
495 #undef HAVE_TLS_EXTENSIONS
496 #define HAVE_TLS_EXTENSIONS
497 
498 #undef HAVE_SUPPORTED_CURVES
499 #define HAVE_SUPPORTED_CURVES
500 
501 #undef WOLFSSL_BASE64_ENCODE
502 #define WOLFSSL_BASE64_ENCODE
503 
504 /* TLS Session Cache */
505 #if 0
506  #define SMALL_SESSION_CACHE
507 #else
508  #define NO_SESSION_CACHE
509 #endif
510 
511 
512 /* ------------------------------------------------------------------------- */
513 /* Disable Features */
514 /* ------------------------------------------------------------------------- */
515 #undef NO_WOLFSSL_SERVER
516 //#define NO_WOLFSSL_SERVER
517 
518 #undef NO_WOLFSSL_CLIENT
519 //#define NO_WOLFSSL_CLIENT
520 
521 #undef NO_CRYPT_TEST
522 //#define NO_CRYPT_TEST
523 
524 #undef NO_CRYPT_BENCHMARK
525 //#define NO_CRYPT_BENCHMARK
526 
527 #undef WOLFCRYPT_ONLY
528 //#define WOLFCRYPT_ONLY
529 
530 /* In-lining of misc.c functions */
531 /* If defined, must include wolfcrypt/src/misc.c in build */
532 /* Slower, but about 1k smaller */
533 #undef NO_INLINE
534 //#define NO_INLINE
535 
536 #undef NO_FILESYSTEM
537 #define NO_FILESYSTEM
538 
539 #undef NO_WRITEV
540 #define NO_WRITEV
541 
542 #undef NO_MAIN_DRIVER
543 #define NO_MAIN_DRIVER
544 
545 #undef NO_DEV_RANDOM
546 #define NO_DEV_RANDOM
547 
548 #undef NO_DSA
549 #define NO_DSA
550 
551 #undef NO_RC4
552 #define NO_RC4
553 
554 #undef NO_OLD_TLS
555 #define NO_OLD_TLS
556 
557 #undef NO_HC128
558 #define NO_HC128
559 
560 #undef NO_RABBIT
561 #define NO_RABBIT
562 
563 #undef NO_PSK
564 #define NO_PSK
565 
566 #undef NO_MD4
567 #define NO_MD4
568 
569 #undef NO_PWDBASED
570 #define NO_PWDBASED
571 
572 #undef NO_CODING
573 //#define NO_CODING
574 
575 #undef NO_ASN_TIME
576 //#define NO_ASN_TIME
577 
578 #undef NO_CERTS
579 //#define NO_CERTS
580 
581 #undef NO_SIG_WRAPPER
582 //#define NO_SIG_WRAPPER
583 
584 #ifdef __cplusplus
585 }
586 #endif
587 
588 #endif /* WOLFSSL_USER_SETTINGS_H */
589