NetBurner 3.5.6
PDF Version
MOD5441X/user_settings.h
1/* user_settings_template.h
2 *
3 * Copyright (C) 2006-2023 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22#ifndef WOLFSSL_USER_SETTINGS_H
23#define WOLFSSL_USER_SETTINGS_H
24
25#ifdef __cplusplus
26extern "C" {
27#endif
28
29#include <predef.h>
30#include <endian.h>
31
32#define TARGET_EMBEDDED
33
34/* ------------------------------------------------------------------------- */
35/* Platform */
36/* ------------------------------------------------------------------------- */
37#define BIG_ENDIAN_ORDER
38#define WOLFSSL_GENERAL_ALIGNMENT 4
39#define SIZEOF_LONG_LONG 8
40#if 0
41 #define NO_64BIT /* disable use of 64-bit variables */
42#endif
43
44#ifdef TARGET_EMBEDDED
45 /* disable mutex locking */
46 // #define SINGLE_THREADED
47
48 /* reduce stack use. For variables over 100 bytes allocate from heap */
49 #define WOLFSSL_SMALL_STACK
50
51 /* disable the built-in socket support and use the IO callbacks.
52 * Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
53 */
54 #define WOLFSSL_USER_IO
55#endif
56
57#define WOLFSSL_32BIT_MILLI_TIME
58
59/* ------------------------------------------------------------------------- */
60/* Math Configuration */
61/* ------------------------------------------------------------------------- */
62#define ULLONG_MAX 18446744073709551615ULL
63#define SP_WORD_SIZE 32
64
65#undef USE_FAST_MATH
66#if 0
67 /* fast math (tfmc.) (stack based and timing resistant) */
68 #define USE_FAST_MATH
69 #define TFM_TIMING_RESISTANT
70#else
71 /* normal heap based integer.c (not timing resistant) */
72#endif
73
74/* Wolf Single Precision Math */
75#undef WOLFSSL_SP
76#if 1
77 #define WOLFSSL_SP
78 #define WOLFSSL_HAVE_SP_RSA
79 #define WOLFSSL_HAVE_SP_DH
80 #define WOLFSSL_HAVE_SP_ECC
81 //#define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
82 #define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
83
84 #define WOLFSSL_SP_CACHE_RESISTANT
85 // #define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */
86 #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
87
88 //#define WOLFSSL_SP_NO_MALLOC
89 // #define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
90
91 // #define WOLFSSL_SP_SMALL
92 // #define WOLFSSL_SP_ASM
93
94 // #define WOLFSSL_SP_LARGE_CODE
95
96 //#define WOLFSSL_SP_X86_64
97 //#define WOLFSSL_SP_X86
98 //#define WOLFSSL_SP_ARM32_ASM
99 //#define WOLFSSL_SP_ARM64_ASM
100 //#define WOLFSSL_SP_ARM_THUMB_ASM
101 //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
102#endif
103
104/* ------------------------------------------------------------------------- */
105/* Crypto */
106/* ------------------------------------------------------------------------- */
107/* RSA */
108#undef NO_RSA
109#if 1
110 #ifdef USE_FAST_MATH
111 /* Maximum math bits (Max RSA key bits * 2) */
112 #define FP_MAX_BITS 4096
113 #endif
114
115 /* half as much memory but twice as slow */
116 //#define RSA_LOW_MEM
117
118 /* Enables blinding mode, to prevent timing attacks */
119 #define WC_RSA_BLINDING
120
121 /* RSA PSS Support */
122 #define WC_RSA_PSS
123#else
124 #define NO_RSA
125#endif
126
127/* DH */
128#undef NO_DH
129#if 1
130 /* Use table for DH instead of -lm (math) lib dependency */
131 #if 1
132 #define WOLFSSL_DH_CONST
133 #define HAVE_FFDHE_2048
134 //#define HAVE_FFDHE_4096
135 //#define HAVE_FFDHE_6144
136 //#define HAVE_FFDHE_8192
137 #endif
138#else
139 #define NO_DH
140#endif
141
142/* ECC */
143#undef HAVE_ECC
144#if 1
145 #define HAVE_ECC
146
147 /* Manually define enabled curves */
148 #define ECC_USER_CURVES
149
150 #ifdef ECC_USER_CURVES
151 /* Manual Curve Selection */
152 // #define HAVE_ECC192
153 // #define HAVE_ECC224
154 #undef NO_ECC256
155 #ifdef ENABLE_ECC384
156 #define HAVE_ECC384
157 #endif
158 #ifdef ENABLE_ECC521
159 // #define HAVE_ECC521
160 #endif
161 #endif
162
163 /* Fixed point cache (speeds repeated operations against same private key) */
164 #define FP_ECC
165 #ifdef FP_ECC
166 /* Bits / Entries */
167 #define FP_ENTRIES 15
168 #define FP_LUT 4
169 #endif
170
171 /* Optional ECC calculation method */
172 /* Note: doubles heap usage, but slightly faster */
173 #define ECC_SHAMIR
174
175 /* Reduces heap usage, but slower */
176 // #define ECC_TIMING_RESISTANT
177
178 /* Compressed ECC Key Support */
179 //#define HAVE_COMP_KEY
180
181 /* Use alternate ECC size for ECC math */
182 #ifdef USE_FAST_MATH
183 /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
184 #if defined(NO_RSA) && defined(NO_DH)
185 /* Custom fastmath size if not using RSA/DH */
186 #define FP_MAX_BITS (256 * 2)
187 #else
188 /* use heap allocation for ECC points */
189 #define ALT_ECC_SIZE
190
191 /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
192 //#define FP_MAX_BITS_ECC (256 * 2)
193 #endif
194
195 /* Speedups specific to curve */
196 #ifndef NO_ECC256
197 #define TFM_ECC256
198 #endif
199 #endif
200#endif
201
202
203/* AES */
204#undef NO_AES
205#if 1
206 #define HAVE_AES_CBC
207
208 #define HAVE_AESGCM
209
210 /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
211 // Listed in order of speed and memory usage
212 // #define GCM_TABLE
213 #define GCM_WORD32
214 // #define GCM_TABLE_4BIT
215 // #define GCM_SMALL
216
217 //#define WOLFSSL_AES_DIRECT
218 //#define HAVE_AES_ECB
219 //#define WOLFSSL_AES_COUNTER
220 #define HAVE_AESCCM
221#else
222 #define NO_AES
223#endif
224
225
226/* DES3 */
227#undef NO_DES3
228#if 1
229#else
230 #define NO_DES3
231#endif
232
233/* ChaCha20 / Poly1305 */
234#undef HAVE_CHACHA
235#undef HAVE_POLY1305
236#if 1
237 #define HAVE_CHACHA
238 #define HAVE_POLY1305
239
240 /* Needed for Poly1305 */
241 #define HAVE_ONE_TIME_AUTH
242#endif
243
244/* Ed25519 / Curve25519 */
245#undef HAVE_CURVE25519
246#undef HAVE_ED25519
247#if 1
248 #define HAVE_CURVE25519
249 #define HAVE_ED25519 /* ED25519 Requires SHA512 */
250
251 /* Optionally use small math (less flash usage, but much slower) */
252 #if 0
253 #define CURVED25519_SMALL
254 #endif
255#endif
256
257
258/* ------------------------------------------------------------------------- */
259/* Hashing */
260/* ------------------------------------------------------------------------- */
261/* Sha */
262#undef NO_SHA
263#if 1
264 /* 1k smaller, but 25% slower */
265 //#define USE_SLOW_SHA
266#else
267 #define NO_SHA
268#endif
269
270/* Sha256 */
271#undef NO_SHA256
272#if 1
273 /* not unrolled - ~2k smaller and ~25% slower */
274 //#define USE_SLOW_SHA256
275
276 /* Sha224 */
277 #if 0
278 #define WOLFSSL_SHA224
279 #endif
280#else
281 #define NO_SHA256
282#endif
283
284/* Sha512 */
285#undef WOLFSSL_SHA512
286#if 1
287 #define WOLFSSL_SHA512
288
289 /* Sha384 */
290 #undef WOLFSSL_SHA384
291 #if 1
292 #define WOLFSSL_SHA384
293 #endif
294
295 /* over twice as small, but 50% slower */
296 //#define USE_SLOW_SHA512
297#endif
298
299/* Sha3 */
300#undef WOLFSSL_SHA3
301#if 0
302 #define WOLFSSL_SHA3
303#endif
304
305/* MD5 */
306#undef NO_MD5
307#if 0
308
309#else
310 #define NO_MD5
311#endif
312
313/* HKDF */
314#undef HAVE_HKDF
315#if 1
316 #define HAVE_HKDF
317#endif
318
319/* CMAC */
320#undef WOLFSSL_CMAC
321#if 0
322 #define WOLFSSL_CMAC
323#endif
324
325
326/* ------------------------------------------------------------------------- */
327/* Benchmark / Test */
328/* ------------------------------------------------------------------------- */
329#ifdef TARGET_EMBEDDED
330 /* Use reduced benchmark / test sizes */
331 #define BENCH_EMBEDDED
332#endif
333
334/* Use test buffers from array (not filesystem) */
335#ifndef NO_FILESYSTEM
336#define USE_CERT_BUFFERS_256
337#define USE_CERT_BUFFERS_2048
338#endif
339
340/* ------------------------------------------------------------------------- */
341/* Debugging */
342/* To enable, call wolfSSL_Debugging_ON(); where debug output is wanted */
343/* ------------------------------------------------------------------------- */
344
345#undef DEBUG_WOLFSSL
346#undef NO_ERROR_STRINGS
347#if 0
348 #define DEBUG_WOLFSSL
349#else
350 #if 0
351 #define NO_ERROR_STRINGS
352 #endif
353#endif
354
355// Prints out the TLS secrets to the console, allowing for decryption of the TLS stream
356// #define SHOW_SECRETS
357// #define HAVE_SECRET_CALLBACK
358
359/* ------------------------------------------------------------------------- */
360/* Memory */
361/* ------------------------------------------------------------------------- */
362
363/* Override Memory API's */
364#ifdef SSL_CUSTOM_MALLOC
365 #define XMALLOC_OVERRIDE
366
367 /* prototypes for user heap override functions */
368 /* Note: Realloc only required for normal math */
369 #include <stddef.h> /* for size_t */
370
371 extern void* NBMalloc(size_t n);
372 extern void NBFree(void *p);
373 extern void* NBRealloc(void *p, size_t n);
374
375 #define XMALLOC(n, h, t) NBMalloc(n)
376 #define XFREE(p, h, t) NBFree(p)
377 #define XREALLOC(p, n, h, t) NBRealloc(p, n)
378
379 // Platform specific fastest memory location
380 #if SSL_CUSTOM_MALLOC == 1 // Fastest memory on platform
381 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SRAM(name,size)
382 #elif SSL_CUSTOM_MALLOC == 2
383 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_TCM(name,size)
384 #elif SSL_CUSTOM_MALLOC == 3
385 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SRAM(name,size)
386 #elif SSL_CUSTOM_MALLOC == 4
387 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SDRAM(name,size)
388 #endif
389#endif
390
391#if 0
392 /* Static memory requires fast math */
393 #define WOLFSSL_STATIC_MEMORY
394
395 /* Disable fallback malloc/free */
396 #define WOLFSSL_NO_MALLOC
397 #if 1
398 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
399 #endif
400#endif
401
402/* Memory callbacks */
403#if 1
404 #undef USE_WOLFSSL_MEMORY
405 #define USE_WOLFSSL_MEMORY
406
407 /* Use this to measure / print heap usage */
408 #if 0
409 #define WOLFSSL_TRACK_MEMORY
410 #define WOLFSSL_DEBUG_MEMORY
411 #endif
412#else
413 #ifndef WOLFSSL_STATIC_MEMORY
414 #define NO_WOLFSSL_MEMORY
415 /* Otherwise we will use stdlib malloc, free and realloc */
416 #endif
417#endif
418
419
420/* ------------------------------------------------------------------------- */
421/* Port */
422/* ------------------------------------------------------------------------- */
423
424/* Override Current Time */
425#if 1
426 /* Allows custom "custom_time()" function to be used for benchmark */
427 #define WOLFSSL_USER_CURRTIME
428 // #define WOLFSSL_GMTIME
429 #define USER_TICKS
430 #include <time.h>
431 extern unsigned long my_time(time_t *timer);
432 #define XTIME my_time
433#endif
434
435
436/* ------------------------------------------------------------------------- */
437/* RNG */
438/* ------------------------------------------------------------------------- */
439
440/* Choose RNG method */
441#if 1
442 /* Custom Seed Source */
443 #if 1
444 /* Size of returned HW RNG value */
445 #define CUSTOM_RAND_TYPE unsigned int
446 extern unsigned int my_rng_seed_gen(void);
447 #undef CUSTOM_RAND_GENERATE
448 #define CUSTOM_RAND_GENERATE my_rng_seed_gen
449 #endif
450
451 // NetBurner specific define for enabling hardware random number generation for M7
452 // #define GATHER_RANDOM_USE_HW
453
454 /* Use built-in P-RNG (SHA256 based) with HW RNG */
455 /* P-RNG + HW RNG (P-RNG is ~8K) */
456 #undef HAVE_HASHDRBG
457 #define HAVE_HASHDRBG
458#else
459 #undef WC_NO_HASHDRBG
460 #define WC_NO_HASHDRBG
461
462 /* Bypass P-RNG and use only HW RNG */
463 extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
464 #undef CUSTOM_RAND_GENERATE_BLOCK
465 #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
466#endif
467
468
469/* ------------------------------------------------------------------------- */
470/* Custom Standard Lib */
471/* ------------------------------------------------------------------------- */
472/* Allows override of all standard library functions */
473#undef STRING_USER
474#if 0
475 #define STRING_USER
476
477 #include <string.h>
478
479 #define USE_WOLF_STRSEP
480 #define XSTRSEP(s1,d) wc_strsep((s1),(d))
481
482 #define USE_WOLF_STRTOK
483 #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
484
485 #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
486
487 #define XMEMCPY(d,s,l) memcpy((d),(s),(l))
488 #define XMEMSET(b,c,l) memset((b),(c),(l))
489 #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
490 #define XMEMMOVE(d,s,l) memmove((d),(s),(l))
491
492 #define XSTRLEN(s1) strlen((s1))
493 #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
494 #define XSTRSTR(s1,s2) strstr((s1),(s2))
495
496 #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
497 #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
498 #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
499
500 #define XSNPRINTF snprintf
501#endif
502
503
504
505/* ------------------------------------------------------------------------- */
506/* Enable Features */
507/* ------------------------------------------------------------------------- */
508
509#ifdef SSL_TLS_1_3_SUPPORT // defined in predef.h
510#define WOLFSSL_TLS13
511#endif
512#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
513#define HAVE_TLS_EXTENSIONS
514#define HAVE_SUPPORTED_CURVES
515#define WOLFSSL_BASE64_ENCODE
516
517
518#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
519#define KEEP_PEER_CERT
520//#define HAVE_COMP_KEY
521
522/* TLS Session Cache */
523#if 1
524 #define SMALL_SESSION_CACHE
525 #define NO_SESSION_CACHE_REF
526#else
527 #define NO_SESSION_CACHE
528#endif
529
530#define HAVE_ONE_TIME_AUTH
531#define HAVE_SNI
532#define HAVE_SESSION_TICKET
533
534// Allows WolfSSL to malloc the tls 1.3 ticket nonce, instead of using a static buffer. This supports large ticket nonces
535#define WOLFSSL_TICKET_NONCE_MALLOC
536
537/* ------------------------------------------------------------------------- */
538/* Disable Features */
539/* ------------------------------------------------------------------------- */
540//#define NO_WOLFSSL_SERVER
541//#define NO_WOLFSSL_CLIENT
542//#define NO_CRYPT_TEST
543//#define NO_CRYPT_BENCHMARK
544//#define WOLFCRYPT_ONLY
545
546/* In-lining of misc.c functions */
547/* If defined, must include wolfcrypt/src/misc.c in build */
548/* Slower, but about 1k smaller */
549//#define NO_INLINE
550
551#define WOLFSSL_NO_SOCK
552#define NO_WOLFSSL_DIR
553
554#ifdef TARGET_EMBEDDED
555 #define NO_FILESYSTEM
556 #define NO_WRITEV
557 #define NO_MAIN_DRIVER
558 #define NO_DEV_RANDOM
559#endif
560
561#define NO_OLD_TLS
562#define NO_PSK
563
564#define NO_DSA
565// #define NO_RC4
566#define NO_MD4
567#define NO_PWDBASED
568//#define NO_CODING
569//#define NO_ASN_TIME
570//#define NO_CERTS
571//#define NO_SIG_WRAPPER
572
573#define NO_HC128
574#define NO_RABBIT
575
576#define WOLFSSL_IGNORE_FILE_WARN
577
578#undef NO_TLS
579
580// Settings made for compatibility
581#define WOLFSSL_STATIC_RSA // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA
582#define WOLFSSL_AES_128 // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256
583#define WOLFSSL_AES_256 // Needed to support TLS_RSA_WITH_AES_256_CBC_SHA256
584#define WOLFSSL_STATIC_DH // Needed to support TLS_ECDH_ECDSA_WITH_RC4_128_SHA
585
586#define WOLFSSL_CERT_REQ
587#define WOLFSSL_CERT_GEN
588#define WOLFSSL_ALT_NAMES
589#define WOLFSSL_DER_TO_PEM
590#define WOLFSSL_KEY_GEN
591#define WOLFSSL_EITHER_SIDE
592
593#define ENABLE_ECCKEY_CREATE // Custom define, maybe should move to predef?
594#define ENABLE_RSAKEY_CREATE // Custom define, maybe should move to predef?
595
596 // For wolfSSH
597 //#undef WOLFSSH_SFTP
598 //#define WOLFSSH_SFTP
599
600 //#undef WOLFSSH_SCP
601 //#define WOLFSSH_SCP
602
603#undef WOLFSSH_USER_IO
604#define WOLFSSH_USER_IO
605
606#ifdef __cplusplus
607}
608#endif
609
610#endif /* WOLFSSL_USER_SETTINGS_H */