My Project
Loading...
Searching...
No Matches
user_settings.h
1/* user_settings.h
2 *
3 * Copyright (C) 2020 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22/* Example Settings for CryptoCell */
23
24#ifndef WOLFSSL_USER_SETTINGS_H
25#define WOLFSSL_USER_SETTINGS_H
26
27#ifdef __cplusplus
28extern "C" {
29#endif
30
31/* ------------------------------------------------------------------------- */
32/* CryptoCell */
33/* ------------------------------------------------------------------------- */
34#if 1
35 #define WOLFSSL_CRYPTOCELL
36 #define WOLFSSL_nRF5x_SDK_15_2 /* for benchmark timer */
37 #define WOLFSSL_CRYPTOCELL_AES /* only CBC mode is supported */
38#else
39 /* run without CryptoCell,
40 include IDE/GCC-ARM/Source/wolf_main.c for current_time(). */
41#endif
42
43#if defined(WOLFSSL_CRYPTOCELL)
44 #define AES_MAX_KEY_SIZE 128
45#endif /* WOLFSSL_CRYPTOCELL*/
46
47
48/* ------------------------------------------------------------------------- */
49/* Platform */
50/* ------------------------------------------------------------------------- */
51
52#undef WOLFSSL_GENERAL_ALIGNMENT
53#define WOLFSSL_GENERAL_ALIGNMENT 4
54
55#undef SINGLE_THREADED
56#define SINGLE_THREADED
57
58#undef WOLFSSL_SMALL_STACK
59#define WOLFSSL_SMALL_STACK
60
61#undef WOLFSSL_USER_IO
62#define WOLFSSL_USER_IO
63
64
65/* ------------------------------------------------------------------------- */
66/* Math Configuration */
67/* ------------------------------------------------------------------------- */
68#undef SIZEOF_LONG_LONG
69#define SIZEOF_LONG_LONG 8
70
71#undef USE_FAST_MATH
72#if 1
73 #define USE_FAST_MATH
74
75 #undef TFM_TIMING_RESISTANT
76 #define TFM_TIMING_RESISTANT
77
78 /* Optimizations */
79 //#define TFM_ARM
80#endif
81
82/* Wolf Single Precision Math */
83#undef WOLFSSL_SP
84#if 0
85 #define WOLFSSL_SP
86 #define WOLFSSL_SP_SMALL /* use smaller version of code */
87 #define WOLFSSL_HAVE_SP_RSA
88 #define WOLFSSL_HAVE_SP_DH
89 #define WOLFSSL_HAVE_SP_ECC
90 #define WOLFSSL_SP_CACHE_RESISTANT
91 //#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */
92
93 /* Assembly */
94 //#define WOLFSSL_SP_ASM /* required if using the ASM versions */
95 //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
96#endif
97
98/* ------------------------------------------------------------------------- */
99/* Crypto */
100/* ------------------------------------------------------------------------- */
101/* RSA */
102#undef NO_RSA
103#if 1
104 #ifdef USE_FAST_MATH
105 /* Maximum math bits (Max RSA key bits * 2) */
106 #undef FP_MAX_BITS
107 #define FP_MAX_BITS 4096
108 #endif
109
110 /* half as much memory but twice as slow */
111 #undef RSA_LOW_MEM
112 //#define RSA_LOW_MEM
113
114 /* Enables blinding mode, to prevent timing attacks */
115 #if 1
116 #undef WC_RSA_BLINDING
117 #define WC_RSA_BLINDING
118 #else
119 #undef WC_NO_HARDEN
120 #define WC_NO_HARDEN
121 #endif
122
123 /* RSA PSS Support */
124 #if 0
125 #define WC_RSA_PSS
126 #endif
127
128 #if 0
129 #define WC_RSA_NO_PADDING
130 #endif
131#else
132 #define NO_RSA
133#endif
134
135/* ECC */
136#undef HAVE_ECC
137#if 1
138 #define HAVE_ECC
139
140 /* Manually define enabled curves */
141 #undef ECC_USER_CURVES
142 #define ECC_USER_CURVES
143
144 #ifdef ECC_USER_CURVES
145 /* Manual Curve Selection */
146 //#define HAVE_ECC192
147 //#define HAVE_ECC224
148 #undef NO_ECC256
149 #define HAVE_ECC384
150 //#define HAVE_ECC521
151 #endif
152
153 /* Fixed point cache (speeds repeated operations against same private key) */
154 #undef FP_ECC
155 //#define FP_ECC
156 #ifdef FP_ECC
157 /* Bits / Entries */
158 #undef FP_ENTRIES
159 #define FP_ENTRIES 2
160 #undef FP_LUT
161 #define FP_LUT 4
162 #endif
163
164 /* Optional ECC calculation method */
165 /* Note: doubles heap usage, but slightly faster */
166 #undef ECC_SHAMIR
167 #define ECC_SHAMIR
168
169 /* Reduces heap usage, but slower */
170 #undef ECC_TIMING_RESISTANT
171 #define ECC_TIMING_RESISTANT
172
173 /* Enable cofactor support */
174 #undef HAVE_ECC_CDH
175 //#define HAVE_ECC_CDH
176
177 /* Validate import */
178 #undef WOLFSSL_VALIDATE_ECC_IMPORT
179 //#define WOLFSSL_VALIDATE_ECC_IMPORT
180
181 /* Compressed Key Support */
182 #undef HAVE_COMP_KEY
183 //#define HAVE_COMP_KEY
184
185 /* Use alternate ECC size for ECC math */
186 #ifdef USE_FAST_MATH
187 #ifdef NO_RSA
188 /* Custom fastmath size if not using RSA */
189 /* MAX = ROUND32(ECC BITS 384) + SIZE_OF_MP_DIGIT(32) */
190 #undef FP_MAX_BITS
191 #define FP_MAX_BITS (384 + 32)
192 #else
193 #undef ALT_ECC_SIZE
194 #define ALT_ECC_SIZE
195 #endif
196
197 /* Speedups specific to curve */
198 #ifndef NO_ECC256
199 #undef TFM_ECC256
200 #define TFM_ECC256
201 #endif
202 #ifndef HAVE_ECC384
203 #undef TFM_ECC384
204 #define TFM_ECC384
205 #endif
206 #endif
207#endif
208
209/* DH */
210#undef NO_DH
211#if 0
212 /* Use table for DH instead of -lm (math) lib dependency */
213 #if 0
214 #define WOLFSSL_DH_CONST
215 #endif
216
217 #define HAVE_FFDHE_2048
218 //#define HAVE_FFDHE_4096
219 //#define HAVE_FFDHE_6144
220 //#define HAVE_FFDHE_8192
221#else
222 #define NO_DH
223#endif
224
225
226/* AES */
227#undef NO_AES
228#if 1
229 #undef HAVE_AES_CBC
230 #define HAVE_AES_CBC
231
232 /* If you need other than AES-CBC mode, you must undefine WOLFSSL_CRYPTOCELL_AES */
233 #if !defined(WOLFSSL_CRYPTOCELL_AES)
234 #undef HAVE_AESGCM
235 #define HAVE_AESGCM
236
237 /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
238 #define GCM_SMALL
239
240 #undef WOLFSSL_AES_DIRECT
241 //#define WOLFSSL_AES_DIRECT
242
243 #undef HAVE_AES_ECB
244 //#define HAVE_AES_ECB
245
246 #undef WOLFSSL_AES_COUNTER
247 //#define WOLFSSL_AES_COUNTER
248
249 #undef HAVE_AESCCM
250 //#define HAVE_AESCCM
251 #endif
252#else
253 #define NO_AES
254#endif
255
256
257/* DES3 */
258#undef NO_DES3
259#if 0
260#else
261 #define NO_DES3
262#endif
263
264/* ChaCha20 / Poly1305 */
265#undef HAVE_CHACHA
266#undef HAVE_POLY1305
267#if 0
268 #define HAVE_CHACHA
269 #define HAVE_POLY1305
270
271 /* Needed for Poly1305 */
272 #undef HAVE_ONE_TIME_AUTH
273 #define HAVE_ONE_TIME_AUTH
274#endif
275
276/* Ed25519 / Curve25519 */
277#undef HAVE_CURVE25519
278#undef HAVE_ED25519
279#if 0
280 #define HAVE_CURVE25519
281 #define HAVE_ED25519 /* ED25519 Requires SHA512 */
282
283 /* Optionally use small math (less flash usage, but much slower) */
284 #if 1
285 #define CURVED25519_SMALL
286 #endif
287#endif
288
289
290/* ------------------------------------------------------------------------- */
291/* Hashing */
292/* ------------------------------------------------------------------------- */
293/* Sha */
294#undef NO_SHA
295#if 1
296 /* 1k smaller, but 25% slower */
297 //#define USE_SLOW_SHA
298#else
299 #define NO_SHA
300#endif
301
302/* Sha256 */
303#undef NO_SHA256
304#if 1
305 /* not unrolled - ~2k smaller and ~25% slower */
306 //#define USE_SLOW_SHA256
307
308 /* Sha224 */
309 #if 0
310 #define WOLFSSL_SHA224
311 #endif
312#else
313 #define NO_SHA256
314#endif
315
316/* Sha512 */
317#undef WOLFSSL_SHA512
318#if 0
319 #define WOLFSSL_SHA512
320
321 /* Sha384 */
322 #undef WOLFSSL_SHA384
323 #if 0
324 #define WOLFSSL_SHA384
325 #endif
326
327 /* over twice as small, but 50% slower */
328 //#define USE_SLOW_SHA512
329#endif
330
331/* Sha3 */
332#undef WOLFSSL_SHA3
333#if 0
334 #define WOLFSSL_SHA3
335#endif
336
337/* MD5 */
338#undef NO_MD5
339#if 0
340
341#else
342 #define NO_MD5
343#endif
344
345/* HKDF */
346#undef HAVE_HKDF
347#if 0
348 #define HAVE_HKDF
349#endif
350
351/* CMAC */
352#undef WOLFSSL_CMAC
353#if 0
354 #define WOLFSSL_CMAC
355#endif
356
357
358/* ------------------------------------------------------------------------- */
359/* Benchmark / Test */
360/* ------------------------------------------------------------------------- */
361/* Use reduced benchmark / test sizes */
362#undef BENCH_EMBEDDED
363#define BENCH_EMBEDDED
364
365#undef USE_CERT_BUFFERS_2048
366#define USE_CERT_BUFFERS_2048
367
368//#undef USE_CERT_BUFFERS_1024
369//#define USE_CERT_BUFFERS_1024
370
371#undef USE_CERT_BUFFERS_256
372#define USE_CERT_BUFFERS_256
373
374
375/* ------------------------------------------------------------------------- */
376/* Debugging */
377/* ------------------------------------------------------------------------- */
378
379#undef DEBUG_WOLFSSL
380#undef NO_ERROR_STRINGS
381#if 0
382 #define DEBUG_WOLFSSL
383#else
384 #if 0
385 #define NO_ERROR_STRINGS
386 #endif
387#endif
388
389
390/* ------------------------------------------------------------------------- */
391/* Memory */
392/* ------------------------------------------------------------------------- */
393
394/* Override Memory API's */
395#if 0
396 #undef XMALLOC_OVERRIDE
397 #define XMALLOC_OVERRIDE
398
399 /* prototypes for user heap override functions */
400 /* Note: Realloc only required for normal math */
401 #include <stddef.h> /* for size_t */
402 extern void *myMalloc(size_t n, void* heap, int type);
403 extern void myFree(void *p, void* heap, int type);
404 extern void *myRealloc(void *p, size_t n, void* heap, int type);
405
406 #define XMALLOC(n, h, t) myMalloc(n, h, t)
407 #define XFREE(p, h, t) myFree(p, h, t)
408 #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
409#endif
410
411#if 0
412 /* Static memory requires fast math */
413 #define WOLFSSL_STATIC_MEMORY
414
415 /* Disable fallback malloc/free */
416 #define WOLFSSL_NO_MALLOC
417 #if 1
418 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
419 #endif
420#endif
421
422/* Memory callbacks */
423#if 0
424 #undef USE_WOLFSSL_MEMORY
425 #define USE_WOLFSSL_MEMORY
426
427 /* Use this to measure / print heap usage */
428 #if 1
429 #undef WOLFSSL_TRACK_MEMORY
430 #define WOLFSSL_TRACK_MEMORY
431
432 #undef WOLFSSL_DEBUG_MEMORY
433 #define WOLFSSL_DEBUG_MEMORY
434 #endif
435#else
436 #ifndef WOLFSSL_STATIC_MEMORY
437 #define NO_WOLFSSL_MEMORY
438 /* Otherwise we will use stdlib malloc, free and realloc */
439 #endif
440#endif
441
442
443/* ------------------------------------------------------------------------- */
444/* Port */
445/* ------------------------------------------------------------------------- */
446
447/* Override Current Time */
448/* Allows custom "custom_time()" function to be used for benchmark */
449#define WOLFSSL_USER_CURRTIME
450#define WOLFSSL_GMTIME
451#define USER_TICKS
452
453#if !defined(WOLFSSL_CRYPTOCELL)
454// extern unsigned long my_time(unsigned long* timer);
455// #define XTIME my_time
456#endif
457
458/* ------------------------------------------------------------------------- */
459/* RNG */
460/* ------------------------------------------------------------------------- */
461
462#if defined(WOLFSSL_CRYPTOCELL)
463// /* Override P-RNG with HW RNG */
464 #undef CUSTOM_RAND_GENERATE_BLOCK
465 #define CUSTOM_RAND_GENERATE_BLOCK cc310_random_generate
466 //#define CUSTOM_RAND_GENERATE_BLOCK nrf_random_generate
467 //#define WOLFSSL_GENSEED_FORTEST /* for software RNG*/
468#else
469 #define WOLFSSL_GENSEED_FORTEST
470#endif
471
472
473/* ------------------------------------------------------------------------- */
474/* Enable Features */
475/* ------------------------------------------------------------------------- */
476#undef WOLFSSL_TLS13
477#if 0
478 #define WOLFSSL_TLS13
479#endif
480
481#undef WOLFSSL_KEY_GEN
482#if 1
483 #define WOLFSSL_KEY_GEN
484#endif
485
486/* reduce DH test time */
487#define WOLFSSL_OLD_PRIME_CHECK
488
489#undef KEEP_PEER_CERT
490//#define KEEP_PEER_CERT
491
492#undef HAVE_COMP_KEY
493//#define HAVE_COMP_KEY
494
495#undef HAVE_TLS_EXTENSIONS
496#define HAVE_TLS_EXTENSIONS
497
498#undef HAVE_SUPPORTED_CURVES
499#define HAVE_SUPPORTED_CURVES
500
501#undef WOLFSSL_BASE64_ENCODE
502#define WOLFSSL_BASE64_ENCODE
503
504/* TLS Session Cache */
505#if 0
506 #define SMALL_SESSION_CACHE
507#else
508 #define NO_SESSION_CACHE
509#endif
510
511
512/* ------------------------------------------------------------------------- */
513/* Disable Features */
514/* ------------------------------------------------------------------------- */
515#undef NO_WOLFSSL_SERVER
516//#define NO_WOLFSSL_SERVER
517
518#undef NO_WOLFSSL_CLIENT
519//#define NO_WOLFSSL_CLIENT
520
521#undef NO_CRYPT_TEST
522//#define NO_CRYPT_TEST
523
524#undef NO_CRYPT_BENCHMARK
525//#define NO_CRYPT_BENCHMARK
526
527#undef WOLFCRYPT_ONLY
528//#define WOLFCRYPT_ONLY
529
530/* In-lining of misc.c functions */
531/* If defined, must include wolfcrypt/src/misc.c in build */
532/* Slower, but about 1k smaller */
533#undef NO_INLINE
534//#define NO_INLINE
535
536#undef NO_FILESYSTEM
537#define NO_FILESYSTEM
538
539#undef NO_WRITEV
540#define NO_WRITEV
541
542#undef NO_MAIN_DRIVER
543#define NO_MAIN_DRIVER
544
545#undef NO_DEV_RANDOM
546#define NO_DEV_RANDOM
547
548#undef NO_DSA
549#define NO_DSA
550
551#undef NO_RC4
552#define NO_RC4
553
554#undef NO_OLD_TLS
555#define NO_OLD_TLS
556
557#undef NO_HC128
558#define NO_HC128
559
560#undef NO_RABBIT
561#define NO_RABBIT
562
563#undef NO_PSK
564#define NO_PSK
565
566#undef NO_MD4
567#define NO_MD4
568
569#undef NO_PWDBASED
570#define NO_PWDBASED
571
572#undef NO_CODING
573//#define NO_CODING
574
575#undef NO_ASN_TIME
576//#define NO_ASN_TIME
577
578#undef NO_CERTS
579//#define NO_CERTS
580
581#undef NO_SIG_WRAPPER
582//#define NO_SIG_WRAPPER
583
584#ifdef __cplusplus
585}
586#endif
587
588#endif /* WOLFSSL_USER_SETTINGS_H */
589