NetBurner 3.5.7
PDF Version
IC_D20/user_settings.h
1/* user_settings_template.h
2 *
3 * Copyright (C) 2006-2023 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22#ifndef WOLFSSL_USER_SETTINGS_H
23#define WOLFSSL_USER_SETTINGS_H
24
25#ifdef __cplusplus
26extern "C" {
27#endif
28
29#include <predef.h>
30
31#define TARGET_EMBEDDED
32
33/* ------------------------------------------------------------------------- */
34/* Platform */
35/* ------------------------------------------------------------------------- */
36#define WOLFSSL_GENERAL_ALIGNMENT 4
37#define SIZEOF_LONG_LONG 8
38#if 0
39 #define NO_64BIT /* disable use of 64-bit variables */
40#endif
41
42#ifdef TARGET_EMBEDDED
43 /* disable mutex locking */
44 // #define SINGLE_THREADED
45
46 /* reduce stack use. For variables over 100 bytes allocate from heap */
47 #define WOLFSSL_SMALL_STACK
48
49 /* disable the built-in socket support and use the IO callbacks.
50 * Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
51 */
52 #define WOLFSSL_USER_IO
53#endif
54
55#define WOLFSSL_32BIT_MILLI_TIME
56
57/* ------------------------------------------------------------------------- */
58/* Math Configuration */
59/* ------------------------------------------------------------------------- */
60#define ULLONG_MAX 18446744073709551615ULL
61#define SP_WORD_SIZE 32
62
63#undef USE_FAST_MATH
64#if 0
65 /* fast math (tfmc.) (stack based and timing resistant) */
66 #define USE_FAST_MATH
67 #define TFM_TIMING_RESISTANT
68#else
69 /* normal heap based integer.c (not timing resistant) */
70#endif
71
72/* Wolf Single Precision Math */
73#undef WOLFSSL_SP
74#if 1
75 #define WOLFSSL_SP
76 #define WOLFSSL_HAVE_SP_RSA
77 #define WOLFSSL_HAVE_SP_DH
78 #define WOLFSSL_HAVE_SP_ECC
79 //#define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
80 #define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
81
82 #define WOLFSSL_SP_CACHE_RESISTANT
83 // #define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */
84 #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
85
86 //#define WOLFSSL_SP_NO_MALLOC
87 //#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
88
89 #ifdef TARGET_EMBEDDED
90 /* use smaller version of code */
91 #define WOLFSSL_SP_SMALL
92 #else
93 /* SP Assembly Speedups - specific to chip type */
94 #define WOLFSSL_SP_ASM
95 #endif
96 //#define WOLFSSL_SP_X86_64
97 //#define WOLFSSL_SP_X86
98 //#define WOLFSSL_SP_ARM32_ASM
99 //#define WOLFSSL_SP_ARM64_ASM
100 //#define WOLFSSL_SP_ARM_THUMB_ASM
101 #define WOLFSSL_SP_ARM_CORTEX_M_ASM
102#endif
103
104/* ------------------------------------------------------------------------- */
105/* Crypto */
106/* ------------------------------------------------------------------------- */
107/* RSA */
108#undef NO_RSA
109#if 1
110 #ifdef USE_FAST_MATH
111 /* Maximum math bits (Max RSA key bits * 2) */
112 #define FP_MAX_BITS 4096
113 #endif
114
115 /* half as much memory but twice as slow */
116 //#define RSA_LOW_MEM
117
118 /* Enables blinding mode, to prevent timing attacks */
119 #define WC_RSA_BLINDING
120
121 /* RSA PSS Support */
122 #define WC_RSA_PSS
123#else
124 #define NO_RSA
125#endif
126
127/* DH */
128#undef NO_DH
129#if 1
130 /* Use table for DH instead of -lm (math) lib dependency */
131 #if 1
132 #define WOLFSSL_DH_CONST
133 #define HAVE_FFDHE_2048
134 //#define HAVE_FFDHE_4096
135 //#define HAVE_FFDHE_6144
136 //#define HAVE_FFDHE_8192
137 #endif
138#else
139 #define NO_DH
140#endif
141
142/* ECC */
143#undef HAVE_ECC
144#if 1
145 #define HAVE_ECC
146
147 /* Manually define enabled curves */
148 #define ECC_USER_CURVES
149
150 #ifdef ECC_USER_CURVES
151 /* Manual Curve Selection */
152 // #define HAVE_ECC192
153 // #define HAVE_ECC224
154 #undef NO_ECC256
155 #ifdef ENABLE_ECC384
156 #define HAVE_ECC384
157 #endif
158 #ifdef ENABLE_ECC521
159 // #define HAVE_ECC521
160 #endif
161 #endif
162
163 /* Fixed point cache (speeds repeated operations against same private key) */
164 #define FP_ECC
165 #ifdef FP_ECC
166 /* Bits / Entries */
167 #define FP_ENTRIES 15
168 #define FP_LUT 4
169 #endif
170
171 /* Optional ECC calculation method */
172 /* Note: doubles heap usage, but slightly faster */
173 #define ECC_SHAMIR
174
175 /* Reduces heap usage, but slower */
176 // #define ECC_TIMING_RESISTANT
177
178 /* Compressed ECC Key Support */
179 //#define HAVE_COMP_KEY
180
181 /* Use alternate ECC size for ECC math */
182 #ifdef USE_FAST_MATH
183 /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
184 #if defined(NO_RSA) && defined(NO_DH)
185 /* Custom fastmath size if not using RSA/DH */
186 #define FP_MAX_BITS (256 * 2)
187 #else
188 /* use heap allocation for ECC points */
189 #define ALT_ECC_SIZE
190
191 /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
192 //#define FP_MAX_BITS_ECC (256 * 2)
193 #endif
194
195 /* Speedups specific to curve */
196 #ifndef NO_ECC256
197 #define TFM_ECC256
198 #endif
199 #endif
200#endif
201
202
203/* AES */
204#undef NO_AES
205#if 1
206 #define HAVE_AES_CBC
207
208 #define HAVE_AESGCM
209
210 /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
211 // Listed in order of speed and memory usage
212 // #define GCM_TABLE
213 #define GCM_WORD32
214 // #define GCM_TABLE_4BIT
215 // #define GCM_SMALL
216
217 //#define WOLFSSL_AES_DIRECT
218 //#define HAVE_AES_ECB
219 //#define WOLFSSL_AES_COUNTER
220 #define HAVE_AESCCM
221#else
222 #define NO_AES
223#endif
224
225
226/* DES3 */
227#undef NO_DES3
228#if 1
229#else
230 #define NO_DES3
231#endif
232
233/* ChaCha20 / Poly1305 */
234#undef HAVE_CHACHA
235#undef HAVE_POLY1305
236#if 1
237 #define HAVE_CHACHA
238 #define HAVE_POLY1305
239
240 /* Needed for Poly1305 */
241 #define HAVE_ONE_TIME_AUTH
242#endif
243
244/* Ed25519 / Curve25519 */
245#undef HAVE_CURVE25519
246#undef HAVE_ED25519
247#if 1
248 #define HAVE_CURVE25519
249 #define HAVE_ED25519 /* ED25519 Requires SHA512 */
250
251 /* Optionally use small math (less flash usage, but much slower) */
252 #if 0
253 #define CURVED25519_SMALL
254 #endif
255#endif
256
257
258/* ------------------------------------------------------------------------- */
259/* Hashing */
260/* ------------------------------------------------------------------------- */
261/* Sha */
262#undef NO_SHA
263#if 1
264 /* 1k smaller, but 25% slower */
265 //#define USE_SLOW_SHA
266#else
267 #define NO_SHA
268#endif
269
270/* Sha256 */
271#undef NO_SHA256
272#if 1
273 /* not unrolled - ~2k smaller and ~25% slower */
274 //#define USE_SLOW_SHA256
275
276 /* Sha224 */
277 #if 0
278 #define WOLFSSL_SHA224
279 #endif
280#else
281 #define NO_SHA256
282#endif
283
284/* Sha512 */
285#undef WOLFSSL_SHA512
286#if 1
287 #define WOLFSSL_SHA512
288
289 /* Sha384 */
290 #undef WOLFSSL_SHA384
291 #if 1
292 #define WOLFSSL_SHA384
293 #endif
294
295 /* over twice as small, but 50% slower */
296 //#define USE_SLOW_SHA512
297#endif
298
299/* Sha3 */
300#undef WOLFSSL_SHA3
301#if 0
302 #define WOLFSSL_SHA3
303#endif
304
305/* MD5 */
306#undef NO_MD5
307#if 0
308
309#else
310 #define NO_MD5
311#endif
312
313/* HKDF */
314#undef HAVE_HKDF
315#if 1
316 #define HAVE_HKDF
317#endif
318
319/* CMAC */
320#undef WOLFSSL_CMAC
321#if 0
322 #define WOLFSSL_CMAC
323#endif
324
325
326/* ------------------------------------------------------------------------- */
327/* Benchmark / Test */
328/* ------------------------------------------------------------------------- */
329#ifdef TARGET_EMBEDDED
330 /* Use reduced benchmark / test sizes */
331 #define BENCH_EMBEDDED
332#endif
333
334/* Use test buffers from array (not filesystem) */
335#ifndef NO_FILESYSTEM
336#define USE_CERT_BUFFERS_256
337#define USE_CERT_BUFFERS_2048
338#endif
339
340/* ------------------------------------------------------------------------- */
341/* Debugging */
342/* To enable, call wolfSSL_Debugging_ON(); where debug output is wanted */
343/* ------------------------------------------------------------------------- */
344
345#undef DEBUG_WOLFSSL
346#undef NO_ERROR_STRINGS
347#if 0
348 #define DEBUG_WOLFSSL
349#else
350 #if 0
351 #define NO_ERROR_STRINGS
352 #endif
353#endif
354
355// Prints out the TLS secrets to the console, allowing for decryption of the TLS stream
356// #define SHOW_SECRETS
357// #define HAVE_SECRET_CALLBACK
358
359/* ------------------------------------------------------------------------- */
360/* Memory */
361/* ------------------------------------------------------------------------- */
362
363/* TLS SRAM pool size in KB for NBMalloc allocator */
364#define WOLFSSL_TLS_SRAM_KB 32
365
366/* Override Memory API's */
367#ifdef SSL_CUSTOM_MALLOC
368 #define XMALLOC_OVERRIDE
369
370 /* prototypes for user heap override functions */
371 /* Note: Realloc only required for normal math */
372 #include <stddef.h> /* for size_t */
373
374 extern void* NBMalloc(size_t n);
375 extern void NBFree(void *p);
376 extern void* NBRealloc(void *p, size_t n);
377
378 #define XMALLOC(n, h, t) NBMalloc(n)
379 #define XFREE(p, h, t) NBFree(p)
380 #define XREALLOC(p, n, h, t) NBRealloc(p, n)
381
382 // Platform specific fastest memory location
383 #if SSL_CUSTOM_MALLOC == 1 // Fastest memory on platform
384 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SRAM(name,size)
385 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_SRAM(name,size)
386 #elif SSL_CUSTOM_MALLOC == 2
387 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_TCM(name,size)
388 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_TCM(name,size)
389 #elif SSL_CUSTOM_MALLOC == 3
390 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SRAM(name,size)
391 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_SRAM(name,size)
392 #elif SSL_CUSTOM_MALLOC == 4
393 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SDRAM(name,size)
394 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_SDRAM(name,size)
395 #endif
396#endif
397
398#if 0
399 /* Static memory requires fast math */
400 #define WOLFSSL_STATIC_MEMORY
401
402 /* Disable fallback malloc/free */
403 #define WOLFSSL_NO_MALLOC
404 #if 1
405 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
406 #endif
407#endif
408
409/* Memory callbacks */
410#if 1
411 #undef USE_WOLFSSL_MEMORY
412 #define USE_WOLFSSL_MEMORY
413
414 /* Use this to measure / print heap usage */
415 #if 0
416 #define WOLFSSL_TRACK_MEMORY
417 #define WOLFSSL_DEBUG_MEMORY
418 #endif
419#else
420 #ifndef WOLFSSL_STATIC_MEMORY
421 #define NO_WOLFSSL_MEMORY
422 /* Otherwise we will use stdlib malloc, free and realloc */
423 #endif
424#endif
425
426
427/* ------------------------------------------------------------------------- */
428/* Port */
429/* ------------------------------------------------------------------------- */
430
431/* Override Current Time */
432#if 1
433 /* Allows custom "custom_time()" function to be used for benchmark */
434 #define WOLFSSL_USER_CURRTIME
435 // #define WOLFSSL_GMTIME
436 #define USER_TICKS
437 #include <time.h>
438 extern unsigned long my_time(time_t *timer);
439 #define XTIME my_time
440#endif
441
442
443/* ------------------------------------------------------------------------- */
444/* RNG */
445/* ------------------------------------------------------------------------- */
446
447/* Choose RNG method */
448#if 1
449 /* Custom Seed Source */
450 #if 1
451 /* Size of returned HW RNG value */
452 #define CUSTOM_RAND_TYPE unsigned int
453 extern unsigned int my_rng_seed_gen(void);
454 #undef CUSTOM_RAND_GENERATE
455 #define CUSTOM_RAND_GENERATE my_rng_seed_gen
456 #endif
457
458 // NetBurner specific define for enabling hardware random number generation for M7
459 #define GATHER_RANDOM_USE_HW
460
461 /* Use built-in P-RNG (SHA256 based) with HW RNG */
462 /* P-RNG + HW RNG (P-RNG is ~8K) */
463 #undef HAVE_HASHDRBG
464 #define HAVE_HASHDRBG
465#else
466 #undef WC_NO_HASHDRBG
467 #define WC_NO_HASHDRBG
468
469 /* Bypass P-RNG and use only HW RNG */
470 extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
471 #undef CUSTOM_RAND_GENERATE_BLOCK
472 #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
473#endif
474
475
476/* ------------------------------------------------------------------------- */
477/* Custom Standard Lib */
478/* ------------------------------------------------------------------------- */
479/* Allows override of all standard library functions */
480#undef STRING_USER
481#if 0
482 #define STRING_USER
483
484 #include <string.h>
485
486 #define USE_WOLF_STRSEP
487 #define XSTRSEP(s1,d) wc_strsep((s1),(d))
488
489 #define USE_WOLF_STRTOK
490 #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
491
492 #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
493
494 #define XMEMCPY(d,s,l) memcpy((d),(s),(l))
495 #define XMEMSET(b,c,l) memset((b),(c),(l))
496 #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
497 #define XMEMMOVE(d,s,l) memmove((d),(s),(l))
498
499 #define XSTRLEN(s1) strlen((s1))
500 #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
501 #define XSTRSTR(s1,s2) strstr((s1),(s2))
502
503 #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
504 #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
505 #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
506
507 #define XSNPRINTF snprintf
508#endif
509
510
511
512/* ------------------------------------------------------------------------- */
513/* Enable Features */
514/* ------------------------------------------------------------------------- */
515
516#ifdef SSL_TLS_1_3_SUPPORT // defined in predef.h
517#define WOLFSSL_TLS13
518#endif
519#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
520#define HAVE_TLS_EXTENSIONS
521#define HAVE_SUPPORTED_CURVES
522#define WOLFSSL_BASE64_ENCODE
523
524
525#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
526#define KEEP_PEER_CERT
527//#define HAVE_COMP_KEY
528
529/* TLS Session Cache */
530#if 1
531 #define SMALL_SESSION_CACHE
532 #define NO_SESSION_CACHE_REF
533#else
534 #define NO_SESSION_CACHE
535#endif
536
537#define HAVE_ONE_TIME_AUTH
538#define HAVE_SNI
539#define HAVE_SESSION_TICKET
540
541// Allows WolfSSL to malloc the tls 1.3 ticket nonce, instead of using a static buffer. This supports large ticket nonces
542#define WOLFSSL_TICKET_NONCE_MALLOC
543
544/* ------------------------------------------------------------------------- */
545/* Disable Features */
546/* ------------------------------------------------------------------------- */
547//#define NO_WOLFSSL_SERVER
548//#define NO_WOLFSSL_CLIENT
549//#define NO_CRYPT_TEST
550//#define NO_CRYPT_BENCHMARK
551//#define WOLFCRYPT_ONLY
552
553/* In-lining of misc.c functions */
554/* If defined, must include wolfcrypt/src/misc.c in build */
555/* Slower, but about 1k smaller */
556//#define NO_INLINE
557
558#define WOLFSSL_NO_SOCK
559#define NO_WOLFSSL_DIR
560
561#ifdef TARGET_EMBEDDED
562 #define NO_FILESYSTEM
563 #define NO_WRITEV
564 #define NO_MAIN_DRIVER
565 #define NO_DEV_RANDOM
566#endif
567
568#define NO_OLD_TLS
569#define NO_PSK
570
571#define NO_DSA
572// #define NO_RC4
573#define NO_MD4
574#define NO_PWDBASED
575//#define NO_CODING
576//#define NO_ASN_TIME
577//#define NO_CERTS
578//#define NO_SIG_WRAPPER
579
580#define NO_HC128
581#define NO_RABBIT
582
583#define WOLFSSL_IGNORE_FILE_WARN
584
585#undef NO_TLS
586
587// Settings made for compatibility
588#define WOLFSSL_STATIC_RSA // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA
589#define WOLFSSL_AES_128 // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256
590#define WOLFSSL_AES_256 // Needed to support TLS_RSA_WITH_AES_256_CBC_SHA256
591#define WOLFSSL_STATIC_DH // Needed to support TLS_ECDH_ECDSA_WITH_RC4_128_SHA
592
593#define WOLFSSL_CERT_REQ
594#define WOLFSSL_CERT_GEN
595#define WOLFSSL_ALT_NAMES
596#define WOLFSSL_DER_TO_PEM
597#define WOLFSSL_KEY_GEN
598#define WOLFSSL_EITHER_SIDE
599
600#define ENABLE_ECCKEY_CREATE // Custom define, maybe should move to predef?
601#define ENABLE_RSAKEY_CREATE // Custom define, maybe should move to predef?
602
603 // For wolfSSH
604 //#undef WOLFSSH_SFTP
605 //#define WOLFSSH_SFTP
606
607 //#undef WOLFSSH_SCP
608 //#define WOLFSSH_SCP
609
610#undef WOLFSSH_USER_IO
611#define WOLFSSH_USER_IO
612
613#ifdef __cplusplus
614}
615#endif
616
617#endif /* WOLFSSL_USER_SETTINGS_H */