user_settings.h
1 /* user_settings.h
2  *
3  * Copyright (C) 2006-2020 wolfSSL Inc.
4  *
5  * This file is part of wolfSSL.
6  *
7  * wolfSSL is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * wolfSSL is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20  */
21 
22 /* Custom wolfSSL user settings for GCC ARM */
23 
24 #ifndef WOLFSSL_USER_SETTINGS_H
25 #define WOLFSSL_USER_SETTINGS_H
26 
27 #ifdef __cplusplus
28 extern "C" {
29 #endif
30 
31 
32 /* ------------------------------------------------------------------------- */
33 /* Platform */
34 /* ------------------------------------------------------------------------- */
35 #undef WOLFSSL_GENERAL_ALIGNMENT
36 #define WOLFSSL_GENERAL_ALIGNMENT 4
37 
38 #undef SINGLE_THREADED
39 #define SINGLE_THREADED
40 
41 #undef WOLFSSL_SMALL_STACK
42 #define WOLFSSL_SMALL_STACK
43 
44 #undef WOLFSSL_USER_IO
45 #define WOLFSSL_USER_IO
46 
47 
48 /* ------------------------------------------------------------------------- */
49 /* Math Configuration */
50 /* ------------------------------------------------------------------------- */
51 #undef SIZEOF_LONG_LONG
52 #define SIZEOF_LONG_LONG 8
53 
54 #undef USE_FAST_MATH
55 #if 1
56  #define USE_FAST_MATH
57 
58  #undef TFM_TIMING_RESISTANT
59  #define TFM_TIMING_RESISTANT
60 
61  /* Optimizations */
62  //#define TFM_ARM
63 #endif
64 
65 /* Wolf Single Precision Math */
66 #undef WOLFSSL_SP
67 #if 0
68  #define WOLFSSL_SP
69  #define WOLFSSL_SP_SMALL /* use smaller version of code */
70  #define WOLFSSL_HAVE_SP_RSA
71  #define WOLFSSL_HAVE_SP_DH
72  #define WOLFSSL_HAVE_SP_ECC
73  #define WOLFSSL_SP_CACHE_RESISTANT
74  //#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */
75 
76  /* 64 or 32 bit version */
77  //#define WOLFSSL_SP_ASM /* required if using the ASM versions */
78  //#define WOLFSSL_SP_ARM32_ASM
79  //#define WOLFSSL_SP_ARM64_ASM
80 #endif
81 
82 /* ------------------------------------------------------------------------- */
83 /* FIPS - Requires eval or license from wolfSSL */
84 /* ------------------------------------------------------------------------- */
85 #undef HAVE_FIPS
86 #if 0
87  #define HAVE_FIPS
88 
89  #undef HAVE_FIPS_VERSION
90  #define HAVE_FIPS_VERSION 2
91 
92  #ifdef SINGLE_THREADED
93  #undef NO_THREAD_LS
94  #define NO_THREAD_LS
95  #endif
96 #endif
97 
98 
99 /* ------------------------------------------------------------------------- */
100 /* Crypto */
101 /* ------------------------------------------------------------------------- */
102 /* RSA */
103 #undef NO_RSA
104 #if 1
105  #ifdef USE_FAST_MATH
106  /* Maximum math bits (Max RSA key bits * 2) */
107  #undef FP_MAX_BITS
108  #define FP_MAX_BITS 4096
109  #endif
110 
111  /* half as much memory but twice as slow */
112  #undef RSA_LOW_MEM
113  //#define RSA_LOW_MEM
114 
115  /* Enables blinding mode, to prevent timing attacks */
116  #if 1
117  #undef WC_RSA_BLINDING
118  #define WC_RSA_BLINDING
119  #else
120  #undef WC_NO_HARDEN
121  #define WC_NO_HARDEN
122  #endif
123 
124  /* RSA PSS Support */
125  #if 0
126  #define WC_RSA_PSS
127  #endif
128 
129  #if 0
130  #define WC_RSA_NO_PADDING
131  #endif
132 #else
133  #define NO_RSA
134 #endif
135 
136 /* ECC */
137 #undef HAVE_ECC
138 #if 1
139  #define HAVE_ECC
140 
141  /* Manually define enabled curves */
142  #undef ECC_USER_CURVES
143  #define ECC_USER_CURVES
144 
145  #ifdef ECC_USER_CURVES
146  /* Manual Curve Selection */
147  //#define HAVE_ECC192
148  //#define HAVE_ECC224
149  #undef NO_ECC256
150  //#define HAVE_ECC384
151  //#define HAVE_ECC521
152  #endif
153 
154  /* Fixed point cache (speeds repeated operations against same private key) */
155  #undef FP_ECC
156  //#define FP_ECC
157  #ifdef FP_ECC
158  /* Bits / Entries */
159  #undef FP_ENTRIES
160  #define FP_ENTRIES 2
161  #undef FP_LUT
162  #define FP_LUT 4
163  #endif
164 
165  /* Optional ECC calculation method */
166  /* Note: doubles heap usage, but slightly faster */
167  #undef ECC_SHAMIR
168  #define ECC_SHAMIR
169 
170  /* Reduces heap usage, but slower */
171  #undef ECC_TIMING_RESISTANT
172  #define ECC_TIMING_RESISTANT
173 
174  /* Enable cofactor support */
175  #ifdef HAVE_FIPS
176  #undef HAVE_ECC_CDH
177  #define HAVE_ECC_CDH
178  #endif
179 
180  /* Validate import */
181  #ifdef HAVE_FIPS
182  #undef WOLFSSL_VALIDATE_ECC_IMPORT
183  #define WOLFSSL_VALIDATE_ECC_IMPORT
184  #endif
185 
186  /* Compressed Key Support */
187  #undef HAVE_COMP_KEY
188  //#define HAVE_COMP_KEY
189 
190  /* Use alternate ECC size for ECC math */
191  #ifdef USE_FAST_MATH
192  #ifdef NO_RSA
193  /* Custom fastmath size if not using RSA */
194  /* MAX = ROUND32(ECC BITS 256) + SIZE_OF_MP_DIGIT(32) */
195  #undef FP_MAX_BITS
196  #define FP_MAX_BITS (256 + 32)
197  #else
198  #undef ALT_ECC_SIZE
199  #define ALT_ECC_SIZE
200  #endif
201 
202  /* Speedups specific to curve */
203  #ifndef NO_ECC256
204  #undef TFM_ECC256
205  #define TFM_ECC256
206  #endif
207  #endif
208 #endif
209 
210 /* DH */
211 #undef NO_DH
212 #if 1
213  /* Use table for DH instead of -lm (math) lib dependency */
214  #if 0
215  #define WOLFSSL_DH_CONST
216  #define HAVE_FFDHE_2048
217  #define HAVE_FFDHE_4096
218  //#define HAVE_FFDHE_6144
219  //#define HAVE_FFDHE_8192
220  #endif
221 
222  #ifdef HAVE_FIPS
223  #define WOLFSSL_VALIDATE_FFC_IMPORT
224  #define HAVE_FFDHE_Q
225  #endif
226 #else
227  #define NO_DH
228 #endif
229 
230 
231 /* AES */
232 #undef NO_AES
233 #if 1
234  #undef HAVE_AES_CBC
235  #define HAVE_AES_CBC
236 
237  #undef HAVE_AESGCM
238  #define HAVE_AESGCM
239 
240  /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
241  #define GCM_SMALL
242 
243  #undef WOLFSSL_AES_DIRECT
244  //#define WOLFSSL_AES_DIRECT
245 
246  #undef HAVE_AES_ECB
247  //#define HAVE_AES_ECB
248 
249  #undef WOLFSSL_AES_COUNTER
250  //#define WOLFSSL_AES_COUNTER
251 
252  #undef HAVE_AESCCM
253  //#define HAVE_AESCCM
254 #else
255  #define NO_AES
256 #endif
257 
258 
259 /* DES3 */
260 #undef NO_DES3
261 #if 0
262 #else
263  #define NO_DES3
264 #endif
265 
266 /* ChaCha20 / Poly1305 */
267 #undef HAVE_CHACHA
268 #undef HAVE_POLY1305
269 #if 0
270  #define HAVE_CHACHA
271  #define HAVE_POLY1305
272 
273  /* Needed for Poly1305 */
274  #undef HAVE_ONE_TIME_AUTH
275  #define HAVE_ONE_TIME_AUTH
276 #endif
277 
278 /* Ed25519 / Curve25519 */
279 #undef HAVE_CURVE25519
280 #undef HAVE_ED25519
281 #if 0
282  #define HAVE_CURVE25519
283  #define HAVE_ED25519 /* ED25519 Requires SHA512 */
284 
285  /* Optionally use small math (less flash usage, but much slower) */
286  #if 1
287  #define CURVED25519_SMALL
288  #endif
289 #endif
290 
291 
292 /* ------------------------------------------------------------------------- */
293 /* Hashing */
294 /* ------------------------------------------------------------------------- */
295 /* Sha */
296 #undef NO_SHA
297 #if 1
298  /* 1k smaller, but 25% slower */
299  //#define USE_SLOW_SHA
300 #else
301  #define NO_SHA
302 #endif
303 
304 /* Sha256 */
305 #undef NO_SHA256
306 #if 1
307  /* not unrolled - ~2k smaller and ~25% slower */
308  //#define USE_SLOW_SHA256
309 
310  /* Sha224 */
311  #if 0
312  #define WOLFSSL_SHA224
313  #endif
314 #else
315  #define NO_SHA256
316 #endif
317 
318 /* Sha512 */
319 #undef WOLFSSL_SHA512
320 #if 0
321  #define WOLFSSL_SHA512
322 
323  /* Sha384 */
324  #undef WOLFSSL_SHA384
325  #if 0
326  #define WOLFSSL_SHA384
327  #endif
328 
329  /* over twice as small, but 50% slower */
330  //#define USE_SLOW_SHA512
331 #endif
332 
333 /* Sha3 */
334 #undef WOLFSSL_SHA3
335 #if 0
336  #define WOLFSSL_SHA3
337 #endif
338 
339 /* MD5 */
340 #undef NO_MD5
341 #if 0
342 
343 #else
344  #define NO_MD5
345 #endif
346 
347 /* HKDF */
348 #undef HAVE_HKDF
349 #if 0
350  #define HAVE_HKDF
351 #endif
352 
353 /* CMAC */
354 #undef WOLFSSL_CMAC
355 #if 0
356  #define WOLFSSL_CMAC
357 #endif
358 
359 
360 /* ------------------------------------------------------------------------- */
361 /* Benchmark / Test */
362 /* ------------------------------------------------------------------------- */
363 /* Use reduced benchmark / test sizes */
364 #undef BENCH_EMBEDDED
365 #define BENCH_EMBEDDED
366 
367 #undef USE_CERT_BUFFERS_2048
368 #define USE_CERT_BUFFERS_2048
369 
370 //#undef USE_CERT_BUFFERS_1024
371 //#define USE_CERT_BUFFERS_1024
372 
373 #undef USE_CERT_BUFFERS_256
374 #define USE_CERT_BUFFERS_256
375 
376 
377 /* ------------------------------------------------------------------------- */
378 /* Debugging */
379 /* ------------------------------------------------------------------------- */
380 
381 #undef DEBUG_WOLFSSL
382 #undef NO_ERROR_STRINGS
383 #if 0
384  #define DEBUG_WOLFSSL
385 #else
386  #if 0
387  #define NO_ERROR_STRINGS
388  #endif
389 #endif
390 
391 
392 /* ------------------------------------------------------------------------- */
393 /* Memory */
394 /* ------------------------------------------------------------------------- */
395 
396 /* Override Memory API's */
397 #if 0
398  #undef XMALLOC_OVERRIDE
399  #define XMALLOC_OVERRIDE
400 
401  /* prototypes for user heap override functions */
402  /* Note: Realloc only required for normal math */
403  #include <stddef.h> /* for size_t */
404  extern void *myMalloc(size_t n, void* heap, int type);
405  extern void myFree(void *p, void* heap, int type);
406  extern void *myRealloc(void *p, size_t n, void* heap, int type);
407 
408  #define XMALLOC(n, h, t) myMalloc(n, h, t)
409  #define XFREE(p, h, t) myFree(p, h, t)
410  #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
411 #endif
412 
413 #if 0
414  /* Static memory requires fast math */
415  #define WOLFSSL_STATIC_MEMORY
416 
417  /* Disable fallback malloc/free */
418  #define WOLFSSL_NO_MALLOC
419  #if 1
420  #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
421  #endif
422 #endif
423 
424 /* Memory callbacks */
425 #if 0
426  #undef USE_WOLFSSL_MEMORY
427  #define USE_WOLFSSL_MEMORY
428 
429  /* Use this to measure / print heap usage */
430  #if 1
431  #undef WOLFSSL_TRACK_MEMORY
432  #define WOLFSSL_TRACK_MEMORY
433 
434  #undef WOLFSSL_DEBUG_MEMORY
435  #define WOLFSSL_DEBUG_MEMORY
436  #endif
437 #else
438  #ifndef WOLFSSL_STATIC_MEMORY
439  #define NO_WOLFSSL_MEMORY
440  /* Otherwise we will use stdlib malloc, free and realloc */
441  #endif
442 #endif
443 
444 
445 /* ------------------------------------------------------------------------- */
446 /* Port */
447 /* ------------------------------------------------------------------------- */
448 
449 /* Override Current Time */
450 /* Allows custom "custom_time()" function to be used for benchmark */
451 #define WOLFSSL_USER_CURRTIME
452 #define WOLFSSL_GMTIME
453 #define USER_TICKS
454 extern unsigned long my_time(unsigned long* timer);
455 #define XTIME my_time
456 
457 
458 /* ------------------------------------------------------------------------- */
459 /* RNG */
460 /* ------------------------------------------------------------------------- */
461 
462 /* Seed Source */
463 /* Size of returned HW RNG value */
464 #define CUSTOM_RAND_TYPE unsigned int
465 extern unsigned int my_rng_seed_gen(void);
466 #undef CUSTOM_RAND_GENERATE
467 #define CUSTOM_RAND_GENERATE my_rng_seed_gen
468 
469 /* Choose RNG method */
470 #if 1
471  /* Use built-in P-RNG (SHA256 based) with HW RNG */
472  /* P-RNG + HW RNG (P-RNG is ~8K) */
473  #undef HAVE_HASHDRBG
474  #define HAVE_HASHDRBG
475 #else
476  #undef WC_NO_HASHDRBG
477  #define WC_NO_HASHDRBG
478 
479  /* Bypass P-RNG and use only HW RNG */
480  extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
481  #undef CUSTOM_RAND_GENERATE_BLOCK
482  #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
483 #endif
484 
485 
486 /* ------------------------------------------------------------------------- */
487 /* Custom Standard Lib */
488 /* ------------------------------------------------------------------------- */
489 /* Allows override of all standard library functions */
490 #undef STRING_USER
491 #if 0
492  #define STRING_USER
493 
494  #include <string.h>
495 
496  #undef USE_WOLF_STRSEP
497  #define USE_WOLF_STRSEP
498  #define XSTRSEP(s1,d) wc_strsep((s1),(d))
499 
500  #undef USE_WOLF_STRTOK
501  #define USE_WOLF_STRTOK
502  #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
503 
504  #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
505 
506  #define XMEMCPY(d,s,l) memcpy((d),(s),(l))
507  #define XMEMSET(b,c,l) memset((b),(c),(l))
508  #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
509  #define XMEMMOVE(d,s,l) memmove((d),(s),(l))
510 
511  #define XSTRLEN(s1) strlen((s1))
512  #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
513  #define XSTRSTR(s1,s2) strstr((s1),(s2))
514 
515  #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
516  #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
517  #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
518 
519  #define XSNPRINTF snprintf
520 #endif
521 
522 
523 
524 /* ------------------------------------------------------------------------- */
525 /* Enable Features */
526 /* ------------------------------------------------------------------------- */
527 #undef WOLFSSL_TLS13
528 #if 0
529  #define WOLFSSL_TLS13
530 #endif
531 
532 #undef WOLFSSL_KEY_GEN
533 #if 0
534  #define WOLFSSL_KEY_GEN
535 #endif
536 
537 #if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN)
538  #define WOLFSSL_OLD_PRIME_CHECK
539 #endif
540 
541 #undef KEEP_PEER_CERT
542 //#define KEEP_PEER_CERT
543 
544 #undef HAVE_COMP_KEY
545 //#define HAVE_COMP_KEY
546 
547 #undef HAVE_TLS_EXTENSIONS
548 #define HAVE_TLS_EXTENSIONS
549 
550 #undef HAVE_SUPPORTED_CURVES
551 #define HAVE_SUPPORTED_CURVES
552 
553 #undef WOLFSSL_BASE64_ENCODE
554 #define WOLFSSL_BASE64_ENCODE
555 
556 /* TLS Session Cache */
557 #if 0
558  #define SMALL_SESSION_CACHE
559 #else
560  #define NO_SESSION_CACHE
561 #endif
562 
563 
564 /* ------------------------------------------------------------------------- */
565 /* Disable Features */
566 /* ------------------------------------------------------------------------- */
567 #undef NO_WOLFSSL_SERVER
568 //#define NO_WOLFSSL_SERVER
569 
570 #undef NO_WOLFSSL_CLIENT
571 //#define NO_WOLFSSL_CLIENT
572 
573 #undef NO_CRYPT_TEST
574 //#define NO_CRYPT_TEST
575 
576 #undef NO_CRYPT_BENCHMARK
577 //#define NO_CRYPT_BENCHMARK
578 
579 #undef WOLFCRYPT_ONLY
580 //#define WOLFCRYPT_ONLY
581 
582 /* In-lining of misc.c functions */
583 /* If defined, must include wolfcrypt/src/misc.c in build */
584 /* Slower, but about 1k smaller */
585 #undef NO_INLINE
586 //#define NO_INLINE
587 
588 #undef NO_FILESYSTEM
589 #define NO_FILESYSTEM
590 
591 #undef NO_WRITEV
592 #define NO_WRITEV
593 
594 #undef NO_MAIN_DRIVER
595 #define NO_MAIN_DRIVER
596 
597 #undef NO_DEV_RANDOM
598 #define NO_DEV_RANDOM
599 
600 #undef NO_DSA
601 #define NO_DSA
602 
603 #undef NO_RC4
604 #define NO_RC4
605 
606 #undef NO_OLD_TLS
607 #define NO_OLD_TLS
608 
609 #undef NO_HC128
610 #define NO_HC128
611 
612 #undef NO_RABBIT
613 #define NO_RABBIT
614 
615 #undef NO_PSK
616 #define NO_PSK
617 
618 #undef NO_MD4
619 #define NO_MD4
620 
621 #undef NO_PWDBASED
622 #define NO_PWDBASED
623 
624 #undef NO_CODING
625 //#define NO_CODING
626 
627 #undef NO_ASN_TIME
628 //#define NO_ASN_TIME
629 
630 #undef NO_CERTS
631 //#define NO_CERTS
632 
633 #undef NO_SIG_WRAPPER
634 //#define NO_SIG_WRAPPER
635 
636 #ifdef __cplusplus
637 }
638 #endif
639 
640 #endif /* WOLFSSL_USER_SETTINGS_H */
641