user_settings.h
1 /* user_settings.h
2  *
3  * Copyright (C) 2020 wolfSSL Inc.
4  *
5  * This file is part of wolfSSL.
6  *
7  * wolfSSL is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * wolfSSL is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20  */
21 
22 /* Example Settings for SiFive HiFive1 */
23 
24 #ifndef WOLFSSL_USER_SETTINGS_H
25 #define WOLFSSL_USER_SETTINGS_H
26 
27 #ifdef __cplusplus
28 extern "C" {
29 #endif
30 
31 /* ------------------------------------------------------------------------- */
32 /* SiFive HiFive */
33 /* ------------------------------------------------------------------------- */
34 #undef WOLFSSL_SIFIVE_RISC_V
35 #define WOLFSSL_SIFIVE_RISC_V
36 
37 
38 /* ------------------------------------------------------------------------- */
39 /* Platform */
40 /* ------------------------------------------------------------------------- */
41 
42 #undef WOLFSSL_GENERAL_ALIGNMENT
43 #define WOLFSSL_GENERAL_ALIGNMENT 4
44 
45 #undef SINGLE_THREADED
46 #define SINGLE_THREADED
47 
48 #undef WOLFSSL_SMALL_STACK
49 #define WOLFSSL_SMALL_STACK
50 
51 #undef WOLFSSL_USER_IO
52 #define WOLFSSL_USER_IO
53 
54 
55 /* ------------------------------------------------------------------------- */
56 /* Math Configuration */
57 /* ------------------------------------------------------------------------- */
58 #undef SIZEOF_LONG_LONG
59 #define SIZEOF_LONG_LONG 8
60 
61 #undef USE_FAST_MATH
62 
63 #if 1
64  #define USE_FAST_MATH
65 
66  #undef TFM_TIMING_RESISTANT
67  #define TFM_TIMING_RESISTANT
68 
69  /* Optimizations */
70  //#define TFM_ARM
71 #endif
72 
73 
74 /* ------------------------------------------------------------------------- */
75 /* Asymmetric */
76 /* ------------------------------------------------------------------------- */
77 /* RSA */
78 /* Not enabled due to memory constraints on HiFive1 */
79 #undef NO_RSA
80 #if 0
81  #ifdef USE_FAST_MATH
82  /* Maximum math bits (Max RSA key bits * 2) */
83  #undef FP_MAX_BITS
84  #define FP_MAX_BITS 4096
85  #endif
86 
87  /* half as much memory but twice as slow */
88  #undef RSA_LOW_MEM
89  #define RSA_LOW_MEM
90 
91  /* Enables blinding mode, to prevent timing attacks */
92  #if 1
93  #undef WC_RSA_BLINDING
94  #define WC_RSA_BLINDING
95  #else
96  #undef WC_NO_HARDEN
97  #define WC_NO_HARDEN
98  #endif
99 
100  /* RSA PSS Support */
101  #if 0
102  #define WC_RSA_PSS
103  #endif
104 
105  #if 0
106  #define WC_RSA_NO_PADDING
107  #endif
108 #else
109  #define NO_RSA
110 #endif
111 
112 /* ECC */
113 #undef HAVE_ECC
114 #if 1
115  #define HAVE_ECC
116 
117  /* Manually define enabled curves */
118  #undef ECC_USER_CURVES
119  #define ECC_USER_CURVES
120 
121  #ifdef ECC_USER_CURVES
122  /* Manual Curve Selection, FP_MAX_BITS must be adjusted accordingly */
123  // #define HAVE_ECC192
124  // #define HAVE_ECC224
125  #undef NO_ECC256
126  // #define HAVE_ECC384
127  // #define HAVE_ECC521
128  #endif
129 
130  /* Fixed point cache (speeds repeated operations against same private key) */
131  #undef FP_ECC
132  //#define FP_ECC
133  #ifdef FP_ECC
134  /* Bits / Entries */
135  #undef FP_ENTRIES
136  #define FP_ENTRIES 2
137  #undef FP_LUT
138  #define FP_LUT 4
139  #endif
140 
141  /* Optional ECC calculation method */
142  /* Note: doubles heap usage, but slightly faster */
143  #undef ECC_SHAMIR
144  //#define ECC_SHAMIR
145 
146  /* Reduces heap usage, but slower */
147  #undef ECC_TIMING_RESISTANT
148  #define ECC_TIMING_RESISTANT
149 
150  /* Enable cofactor support */
151  #undef HAVE_ECC_CDH
152  //#define HAVE_ECC_CDH
153 
154  /* Validate import */
155  #undef WOLFSSL_VALIDATE_ECC_IMPORT
156  //#define WOLFSSL_VALIDATE_ECC_IMPORT
157 
158  /* Compressed Key Support */
159  #undef HAVE_COMP_KEY
160  //#define HAVE_COMP_KEY
161 
162  /* Use alternate ECC size for ECC math */
163  #ifdef USE_FAST_MATH
164  #ifdef NO_RSA
165  /* Custom fastmath size if not using RSA */
166  /* MAX = ROUND32(ECC BITS 256) + SIZE_OF_MP_DIGIT(32) */
167  #undef FP_MAX_BITS
168  #define FP_MAX_BITS (256 + 32)
169  #else
170  #undef ALT_ECC_SIZE
171  /* Disable alternate ECC size, since it uses HEAP allocations.
172  Heap is limited resource on HiFive1 */
173  //#define ALT_ECC_SIZE
174  #endif
175  #endif
176 #endif
177 
178 /* DH */
179 #undef NO_DH
180 #if 0
181  /* Use table for DH instead of -lm (math) lib dependency */
182  #if 0
183  #define WOLFSSL_DH_CONST
184  #endif
185 
186  #define HAVE_FFDHE_2048
187  //#define HAVE_FFDHE_4096
188  //#define HAVE_FFDHE_6144
189  //#define HAVE_FFDHE_8192
190 #else
191  #define NO_DH
192 #endif
193 
194 
195 /* Wolf Single Precision Math */
196 /* Optional ECC SECP256R1 acceleration using optimized C code */
197 #undef WOLFSSL_SP
198 #if 1
199  #define WOLFSSL_SP
200  #define WOLFSSL_SP_SMALL /* use smaller version of code (requires heap) */
201  #define SP_WORD_SIZE 32 /* force 32-bit type */
202  #define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */
203  //#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
204 
205  #ifdef HAVE_ECC
206  #define WOLFSSL_HAVE_SP_ECC
207  #endif
208  #ifndef NO_RSA
209  #define WOLFSSL_HAVE_SP_RSA
210  #endif
211 #endif
212 
213 /* Ed25519 / Curve25519 */
214 #undef HAVE_CURVE25519
215 #undef HAVE_ED25519
216 #if 1
217  #define HAVE_CURVE25519
218  #define HAVE_ED25519 /* ED25519 Requires SHA512 */
219 
220  /* Optionally use small math (less flash usage, but much slower) */
221  #if 1
222  /* Curve and Ed 25519 small */
223  #define CURVED25519_SMALL
224  #endif
225 #endif
226 
227 
228 /* ------------------------------------------------------------------------- */
229 /* Symmetric Ciphers */
230 /* ------------------------------------------------------------------------- */
231 
232 /* AES */
233 #undef NO_AES
234 #if 1
235  #undef HAVE_AES_CBC
236  #define HAVE_AES_CBC
237 
238  #undef HAVE_AESGCM
239  #define HAVE_AESGCM
240 
241  /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
242  #define GCM_SMALL
243 
244  #undef WOLFSSL_AES_DIRECT
245  //#define WOLFSSL_AES_DIRECT
246 
247  #undef HAVE_AES_ECB
248  //#define HAVE_AES_ECB
249 
250  #undef WOLFSSL_AES_COUNTER
251  //#define WOLFSSL_AES_COUNTER
252 
253  #undef HAVE_AESCCM
254  //#define HAVE_AESCCM
255 #endif
256 
257 /* DES3 */
258 #undef NO_DES3
259 #if 0
260 #else
261  #define NO_DES3
262 #endif
263 
264 /* ChaCha20 / Poly1305 */
265 #undef HAVE_CHACHA
266 #undef HAVE_POLY1305
267 #if 1
268  #define HAVE_CHACHA
269  #define HAVE_POLY1305
270 
271  /* Needed for Poly1305 */
272  #undef HAVE_ONE_TIME_AUTH
273  #define HAVE_ONE_TIME_AUTH
274 #endif
275 
276 
277 /* ------------------------------------------------------------------------- */
278 /* Symmetric Hashing */
279 /* ------------------------------------------------------------------------- */
280 /* Sha */
281 #undef NO_SHA
282 #if 1
283  /* 1k smaller, but 25% slower */
284  //#define USE_SLOW_SHA
285 #else
286  #define NO_SHA
287 #endif
288 
289 /* Sha256 */
290 #undef NO_SHA256
291 #if 1
292  /* not unrolled - ~2k smaller and ~25% slower */
293  //#define USE_SLOW_SHA256
294 
295  /* Sha224 */
296  #if 0
297  #define WOLFSSL_SHA224
298  #endif
299 #else
300  #define NO_SHA256
301 #endif
302 
303 /* Sha512 */
304 #undef WOLFSSL_SHA512
305 #if 1
306  #define WOLFSSL_SHA512
307 
308  /* Sha384 */
309  #undef WOLFSSL_SHA384
310  #if 0
311  #define WOLFSSL_SHA384
312  #endif
313 
314  /* over twice as small, but 50% slower */
315  #define USE_SLOW_SHA512
316 #endif
317 
318 /* Sha3 */
319 #undef WOLFSSL_SHA3
320 #if 0
321  #define WOLFSSL_SHA3
322 #endif
323 
324 /* MD5 */
325 #undef NO_MD5
326 #if 0
327 
328 #else
329  #define NO_MD5
330 #endif
331 
332 /* Blake2B */
333 #undef HAVE_BLAKE2
334 #if 0
335  #define HAVE_BLAKE2
336 #endif
337 
338 /* Blake2S */
339 #undef HAVE_BLAKE2S
340 #if 0
341  #define HAVE_BLAKE2S
342 #endif
343 
344 /* HKDF */
345 #undef HAVE_HKDF
346 #if 0
347  #define HAVE_HKDF
348 #endif
349 
350 /* CMAC */
351 #undef WOLFSSL_CMAC
352 #if 0
353  #define WOLFSSL_CMAC
354 #endif
355 
356 
357 /* ------------------------------------------------------------------------- */
358 /* Benchmark / Test */
359 /* ------------------------------------------------------------------------- */
360 /* Use reduced benchmark / test sizes */
361 #undef BENCH_EMBEDDED
362 #define BENCH_EMBEDDED
363 
364 #undef USE_CERT_BUFFERS_2048
365 #define USE_CERT_BUFFERS_2048
366 
367 #undef USE_CERT_BUFFERS_1024
368 //#define USE_CERT_BUFFERS_1024
369 
370 #undef USE_CERT_BUFFERS_256
371 #define USE_CERT_BUFFERS_256
372 
373 
374 /* ------------------------------------------------------------------------- */
375 /* Debugging */
376 /* ------------------------------------------------------------------------- */
377 
378 #undef DEBUG_WOLFSSL
379 #undef NO_ERROR_STRINGS
380 #if 0
381  #define DEBUG_WOLFSSL
382 #else
383  #if 0
384  #define NO_ERROR_STRINGS
385  #endif
386 #endif
387 
388 
389 /* ------------------------------------------------------------------------- */
390 /* Memory */
391 /* ------------------------------------------------------------------------- */
392 
393 /* Override Memory API's */
394 #if 0
395  #undef XMALLOC_OVERRIDE
396  #define XMALLOC_OVERRIDE
397 
398  /* prototypes for user heap override functions */
399  /* Note: Realloc only required for normal math */
400  #include <stddef.h> /* for size_t */
401  extern void *myMalloc(size_t n, void* heap, int type);
402  extern void myFree(void *p, void* heap, int type);
403  extern void *myRealloc(void *p, size_t n, void* heap, int type);
404 
405  #define XMALLOC(n, h, t) myMalloc(n, h, t)
406  #define XFREE(p, h, t) myFree(p, h, t)
407  #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
408 #endif
409 
410 /* Static memory */
411 #if 0
412  /* Static memory requires fast math */
413  #define WOLFSSL_STATIC_MEMORY
414 
415  /* Disable fallback malloc/free */
416  #define WOLFSSL_NO_MALLOC
417  #if 1
418  #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
419  #endif
420 #endif
421 
422 /* Memory callbacks */
423 #if 0
424  #undef USE_WOLFSSL_MEMORY
425  #define USE_WOLFSSL_MEMORY
426 
427  /* Use this to measure / print heap usage */
428  #if 1
429  #undef WOLFSSL_TRACK_MEMORY
430  #define WOLFSSL_TRACK_MEMORY
431 
432  #undef WOLFSSL_DEBUG_MEMORY
433  #define WOLFSSL_DEBUG_MEMORY
434  #endif
435 #else
436  #ifndef WOLFSSL_STATIC_MEMORY
437  #define NO_WOLFSSL_MEMORY
438  /* Otherwise we will use stdlib malloc, free and realloc */
439  #endif
440 #endif
441 
442 
443 /* ------------------------------------------------------------------------- */
444 /* Port */
445 /* ------------------------------------------------------------------------- */
446 
447 /* Override Current Time */
448 #if defined(WOLFSSL_SIFIVE_RISC_V)
449  #define WOLFSSL_USER_CURRTIME /* for benchmarks, uses "custom_time()" function */
450  #define WOLFSSL_GMTIME
451  #define USER_TICKS
452 #else
453  // extern unsigned long my_time(unsigned long* timer);
454  // #define XTIME my_time
455 #endif
456 
457 /* ------------------------------------------------------------------------- */
458 /* RNG */
459 /* ------------------------------------------------------------------------- */
460 #if 0
461  /* Bypass P-RNG and use only HW RNG */
462  #define CUSTOM_RAND_TYPE unsigned int
463  extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
464  #undef CUSTOM_RAND_GENERATE_BLOCK
465  #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
466 #else
467  #define HAVE_HASHDRBG
468 
469  /* Seed Source */
470  /* Size of returned HW RNG value */
471  #define CUSTOM_RAND_TYPE unsigned int
472  extern unsigned int my_rng_seed_gen(void);
473  #undef CUSTOM_RAND_GENERATE
474  #define CUSTOM_RAND_GENERATE my_rng_seed_gen
475 #endif
476 
477 /* ------------------------------------------------------------------------- */
478 /* Enable Features */
479 /* ------------------------------------------------------------------------- */
480 #undef WOLFSSL_TLS13
481 #if 0
482  #define WOLFSSL_TLS13
483 #endif
484 
485 #undef WOLFSSL_KEY_GEN
486 #if 0
487  #define WOLFSSL_KEY_GEN
488 #endif
489 
490 /* reduce DH test time */
491 #define WOLFSSL_OLD_PRIME_CHECK
492 
493 #undef KEEP_PEER_CERT
494 //#define KEEP_PEER_CERT
495 
496 #undef HAVE_COMP_KEY
497 //#define HAVE_COMP_KEY
498 
499 #undef HAVE_TLS_EXTENSIONS
500 #define HAVE_TLS_EXTENSIONS
501 
502 #undef HAVE_SUPPORTED_CURVES
503 #define HAVE_SUPPORTED_CURVES
504 
505 #undef WOLFSSL_BASE64_ENCODE
506 //#define WOLFSSL_BASE64_ENCODE
507 
508 /* TLS Session Cache */
509 #if 0
510  #define SMALL_SESSION_CACHE
511 #else
512  #define NO_SESSION_CACHE
513 #endif
514 
515 
516 /* ------------------------------------------------------------------------- */
517 /* Disable Features */
518 /* ------------------------------------------------------------------------- */
519 #undef NO_WOLFSSL_SERVER
520 //#define NO_WOLFSSL_SERVER
521 
522 #undef NO_WOLFSSL_CLIENT
523 //#define NO_WOLFSSL_CLIENT
524 
525 #undef NO_CRYPT_TEST
526 //#define NO_CRYPT_TEST
527 
528 #undef NO_CRYPT_BENCHMARK
529 //#define NO_CRYPT_BENCHMARK
530 
531 #undef WOLFCRYPT_ONLY
532 //#define WOLFCRYPT_ONLY
533 
534 /* In-lining of misc.c functions */
535 /* If defined, must include wolfcrypt/src/misc.c in build */
536 /* Slower, but about 1k smaller */
537 #undef NO_INLINE
538 //#define NO_INLINE
539 
540 #undef NO_FILESYSTEM
541 #define NO_FILESYSTEM
542 
543 #undef NO_WRITEV
544 #define NO_WRITEV
545 
546 #undef NO_MAIN_DRIVER
547 #define NO_MAIN_DRIVER
548 
549 #undef NO_DEV_RANDOM
550 #define NO_DEV_RANDOM
551 
552 #undef NO_DSA
553 #define NO_DSA
554 
555 #undef NO_RC4
556 #define NO_RC4
557 
558 #undef NO_OLD_TLS
559 #define NO_OLD_TLS
560 
561 #undef NO_HC128
562 #define NO_HC128
563 
564 #undef NO_RABBIT
565 #define NO_RABBIT
566 
567 #undef NO_PSK
568 #define NO_PSK
569 
570 #undef NO_MD4
571 #define NO_MD4
572 
573 #undef NO_PWDBASED
574 #define NO_PWDBASED
575 
576 #undef NO_CODING
577 //#define NO_CODING
578 
579 #undef NO_ASN_TIME
580 //#define NO_ASN_TIME
581 
582 #undef NO_CERTS
583 //#define NO_CERTS
584 
585 #undef NO_SIG_WRAPPER
586 //#define NO_SIG_WRAPPER
587 
588 #ifdef __cplusplus
589 }
590 #endif
591 
592 #endif /* WOLFSSL_USER_SETTINGS_H */