NetBurner 3.5.7
PDF Version
MOD5441X/user_settings.h
1/* user_settings_template.h
2 *
3 * Copyright (C) 2006-2023 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22#ifndef WOLFSSL_USER_SETTINGS_H
23#define WOLFSSL_USER_SETTINGS_H
24
25#ifdef __cplusplus
26extern "C" {
27#endif
28
29#include <predef.h>
30#include <endian.h>
31
32/* =========================================================================
33 * CRYPTO PROFILE SELECTION
34 * =========================================================================
35 * Uncomment ONE of the following to select a crypto profile.
36 * Default (none selected): Full compatibility - TLS 1.2+1.3, all ciphers
37 *
38 * CRYPTO_PROFILE_AESGCM - TLS 1.3 only, AES-GCM ciphers only
39 * Smallest footprint
40 *
41 * CRYPTO_PROFILE_CHACHA - TLS 1.3 only, ChaCha20-Poly1305
42 * Constant-time, no HW AES dependency
43 *
44 * CRYPTO_PROFILE_MINIMAL - Bare minimum for constrained applications
45 * WARNING: Limited cipher support
46 * ========================================================================= */
47// #define CRYPTO_PROFILE_AESGCM
48// #define CRYPTO_PROFILE_CHACHA
49// #define CRYPTO_PROFILE_MINIMAL
50
51#define TARGET_EMBEDDED
52
53/* ------------------------------------------------------------------------- */
54/* Platform */
55/* ------------------------------------------------------------------------- */
56#define BIG_ENDIAN_ORDER
57#define WOLFSSL_GENERAL_ALIGNMENT 4
58#define SIZEOF_LONG_LONG 8
59#define WOLFSSL_W64_WRAPPER
60#if 0
61 #define NO_64BIT /* disable use of 64-bit variables */
62#endif
63
64#ifdef TARGET_EMBEDDED
65 /* disable mutex locking */
66 // #define SINGLE_THREADED
67
68 /* reduce stack use. For variables over 100 bytes allocate from heap */
69 #define WOLFSSL_SMALL_STACK
70 #define WOLFSSL_SMALL_STACK_CACHE
71
72 /* disable the built-in socket support and use the IO callbacks.
73 * Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
74 */
75 #define WOLFSSL_USER_IO
76#endif
77
78#define WOLFSSL_32BIT_MILLI_TIME
79
80/* ------------------------------------------------------------------------- */
81/* Math Configuration */
82/* ------------------------------------------------------------------------- */
83#define ULLONG_MAX 18446744073709551615ULL
84#define SP_WORD_SIZE 32
85
86#undef USE_FAST_MATH
87#if 0
88 /* fast math (tfmc.) (stack based and timing resistant) */
89 #define USE_FAST_MATH
90 #define TFM_TIMING_RESISTANT
91#else
92 /* normal heap based integer.c (not timing resistant) */
93#endif
94
95/* Wolf Single Precision Math */
96#undef WOLFSSL_SP
97#if 1
98 #define WOLFSSL_SP
99 #define WOLFSSL_HAVE_SP_RSA
100 #define WOLFSSL_HAVE_SP_DH
101 #define WOLFSSL_HAVE_SP_ECC
102 //#define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
103 #define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
104
105 #define WOLFSSL_SP_CACHE_RESISTANT
106 // #define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */
107 #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
108
109 //#define WOLFSSL_SP_NO_MALLOC
110 // #define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
111
112 // #define WOLFSSL_SP_SMALL
113 // #define WOLFSSL_SP_ASM
114
115 // #define WOLFSSL_SP_LARGE_CODE
116
117 //#define WOLFSSL_SP_X86_64
118 //#define WOLFSSL_SP_X86
119 //#define WOLFSSL_SP_ARM32_ASM
120 //#define WOLFSSL_SP_ARM64_ASM
121 //#define WOLFSSL_SP_ARM_THUMB_ASM
122 //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
123 #define WOLFSSL_SP_COLDFIRE_ASM /* ColdFire V4 EMAC accumulate-across-column */
124#endif
125
126/* ------------------------------------------------------------------------- */
127/* Crypto */
128/* ------------------------------------------------------------------------- */
129/* RSA */
130#undef NO_RSA
131#if 1
132 #ifdef USE_FAST_MATH
133 /* Maximum math bits (Max RSA key bits * 2) */
134 #define FP_MAX_BITS 4096
135 #endif
136
137 /* half as much memory but twice as slow */
138 //#define RSA_LOW_MEM
139
140 /* Enables blinding mode, to prevent timing attacks */
141 #define WC_RSA_BLINDING
142
143 /* RSA PSS Support */
144 #define WC_RSA_PSS
145#else
146 #define NO_RSA
147#endif
148
149/* DH */
150#undef NO_DH
151#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_CHACHA) && !defined(CRYPTO_PROFILE_MINIMAL)
152 /* Use table for DH instead of -lm (math) lib dependency */
153 #if 1
154 #define WOLFSSL_DH_CONST
155 #define HAVE_FFDHE_2048
156 //#define HAVE_FFDHE_4096
157 //#define HAVE_FFDHE_6144
158 //#define HAVE_FFDHE_8192
159 #endif
160#else
161 #define NO_DH
162#endif
163
164/* ECC */
165#undef HAVE_ECC
166#if 1
167 #define HAVE_ECC
168
169 /* Manually define enabled curves */
170 #define ECC_USER_CURVES
171
172 #ifdef ECC_USER_CURVES
173 /* Manual Curve Selection */
174 // #define HAVE_ECC192
175 // #define HAVE_ECC224
176 #undef NO_ECC256
177 #ifdef ENABLE_ECC384
178 #define HAVE_ECC384
179 #endif
180 #ifdef ENABLE_ECC521
181 // #define HAVE_ECC521
182 #endif
183 #endif
184
185 /* Fixed point cache (speeds repeated operations against same private key) */
186 #define FP_ECC
187 #ifdef FP_ECC
188 /* Bits / Entries */
189 #define FP_ENTRIES 15
190 #define FP_LUT 4
191 #endif
192
193 /* Optional ECC calculation method */
194 /* Note: doubles heap usage, but slightly faster */
195 #define ECC_SHAMIR
196
197 /* Reduces heap usage, but slower */
198 // #define ECC_TIMING_RESISTANT
199
200 /* Compressed ECC Key Support */
201 //#define HAVE_COMP_KEY
202
203 /* Use alternate ECC size for ECC math */
204 #ifdef USE_FAST_MATH
205 /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
206 #if defined(NO_RSA) && defined(NO_DH)
207 /* Custom fastmath size if not using RSA/DH */
208 #define FP_MAX_BITS (256 * 2)
209 #else
210 /* use heap allocation for ECC points */
211 #define ALT_ECC_SIZE
212
213 /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
214 //#define FP_MAX_BITS_ECC (256 * 2)
215 #endif
216
217 /* Speedups specific to curve */
218 #ifndef NO_ECC256
219 #define TFM_ECC256
220 #endif
221 #endif
222#endif
223
224
225/* AES */
226#undef NO_AES
227#if 1
228 #define HAVE_AES_CBC
229
230 #define HAVE_AESGCM
231
232 /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
233 // Listed in order of speed and memory usage
234 // #define GCM_TABLE
235 #define GCM_WORD32
236 // #define GCM_TABLE_4BIT
237 // #define GCM_SMALL
238
239 //#define WOLFSSL_AES_DIRECT
240 //#define HAVE_AES_ECB
241 //#define WOLFSSL_AES_COUNTER
242 #define HAVE_AESCCM
243#else
244 #define NO_AES
245#endif
246
247
248/* DES3 */
249#undef NO_DES3
250#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_CHACHA) && !defined(CRYPTO_PROFILE_MINIMAL)
251#else
252 #define NO_DES3
253#endif
254
255/* ChaCha20 / Poly1305 */
256#undef HAVE_CHACHA
257#undef HAVE_POLY1305
258#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_MINIMAL)
259 #define HAVE_CHACHA
260 #define HAVE_POLY1305
261
262 /* Needed for Poly1305 */
263 #define HAVE_ONE_TIME_AUTH
264#endif
265
266/* Ed25519 / Curve25519 */
267#undef HAVE_CURVE25519
268#undef HAVE_ED25519
269#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_MINIMAL)
270 #define HAVE_CURVE25519
271 #define HAVE_ED25519 /* ED25519 Requires SHA512 */
272
273 /* Optionally use small math (less flash usage, but much slower) */
274 #if 0
275 #define CURVED25519_SMALL
276 #endif
277#endif
278
279
280/* ------------------------------------------------------------------------- */
281/* Hashing */
282/* ------------------------------------------------------------------------- */
283/* Sha */
284#undef NO_SHA
285#if 1
286 /* 1k smaller, but 25% slower */
287 //#define USE_SLOW_SHA
288#else
289 #define NO_SHA
290#endif
291
292/* Sha256 */
293#undef NO_SHA256
294#if 1
295 /* not unrolled - ~2k smaller and ~25% slower */
296 //#define USE_SLOW_SHA256
297
298 /* Sha224 */
299 #if 0
300 #define WOLFSSL_SHA224
301 #endif
302#else
303 #define NO_SHA256
304#endif
305
306/* Sha512 */
307#undef WOLFSSL_SHA512
308#if 1
309 #define WOLFSSL_SHA512
310
311 /* Sha384 */
312 #undef WOLFSSL_SHA384
313 #if 1
314 #define WOLFSSL_SHA384
315 #endif
316
317 /* over twice as small, but 50% slower */
318 //#define USE_SLOW_SHA512
319#endif
320
321/* Sha3 */
322#undef WOLFSSL_SHA3
323#if 0
324 #define WOLFSSL_SHA3
325#endif
326
327/* MD5 */
328#undef NO_MD5
329#if 0
330
331#else
332 #define NO_MD5
333#endif
334
335/* HKDF */
336#undef HAVE_HKDF
337#if 1
338 #define HAVE_HKDF
339#endif
340
341/* CMAC */
342#undef WOLFSSL_CMAC
343#if 0
344 #define WOLFSSL_CMAC
345#endif
346
347
348/* ------------------------------------------------------------------------- */
349/* Benchmark / Test */
350/* ------------------------------------------------------------------------- */
351#ifdef TARGET_EMBEDDED
352 /* Use reduced benchmark / test sizes */
353 #define BENCH_EMBEDDED
354 /* RSA keygen is probabilistic (prime search) and takes 30-300s on ColdFire,
355 making the benchmark suite unusable due to variability. Skip it. */
356 #define BENCH_SKIP_RSA_KEYGEN
357#endif
358
359/* Use test buffers from array (not filesystem) */
360#ifndef NO_FILESYSTEM
361#define USE_CERT_BUFFERS_256
362#define USE_CERT_BUFFERS_2048
363#endif
364
365/* ------------------------------------------------------------------------- */
366/* Debugging */
367/* To enable, call wolfSSL_Debugging_ON(); where debug output is wanted */
368/* ------------------------------------------------------------------------- */
369
370#undef DEBUG_WOLFSSL
371#undef NO_ERROR_STRINGS
372#if 0
373 #define DEBUG_WOLFSSL
374#else
375 #if 0
376 #define NO_ERROR_STRINGS
377 #endif
378#endif
379
380// Prints out the TLS secrets to the console, allowing for decryption of the TLS stream
381// #define SHOW_SECRETS
382// #define HAVE_SECRET_CALLBACK
383
384/* ------------------------------------------------------------------------- */
385/* Memory */
386/* ------------------------------------------------------------------------- */
387
388/* TLS SRAM pool size in KB for NBMalloc allocator */
389#define WOLFSSL_TLS_SRAM_KB 15
390
391/* Override Memory API's */
392#ifdef SSL_CUSTOM_MALLOC
393 #define XMALLOC_OVERRIDE
394
395 /* prototypes for user heap override functions */
396 /* Note: Realloc only required for normal math */
397 #include <stddef.h> /* for size_t */
398
399 extern void* NBMalloc(size_t n);
400 extern void NBFree(void *p);
401 extern void* NBRealloc(void *p, size_t n);
402
403 #define XMALLOC(n, h, t) NBMalloc(n)
404 #define XFREE(p, h, t) NBFree(p)
405 #define XREALLOC(p, n, h, t) NBRealloc(p, n)
406
407 // Platform specific fastest memory location
408 #if SSL_CUSTOM_MALLOC == 1 // Fastest memory on platform
409 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SRAM(name,size)
410 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_SRAM(name,size)
411 #elif SSL_CUSTOM_MALLOC == 2
412 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_TCM(name,size)
413 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_TCM(name,size)
414 #elif SSL_CUSTOM_MALLOC == 3
415 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SRAM(name,size)
416 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_SRAM(name,size)
417 #elif SSL_CUSTOM_MALLOC == 4
418 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SDRAM(name,size)
419 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_SDRAM(name,size)
420 #endif
421#endif
422
423#if 0
424 /* Static memory requires fast math */
425 #define WOLFSSL_STATIC_MEMORY
426
427 /* Disable fallback malloc/free */
428 #define WOLFSSL_NO_MALLOC
429 #if 1
430 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
431 #endif
432#endif
433
434/* Memory callbacks */
435#if 1
436 #undef USE_WOLFSSL_MEMORY
437 #define USE_WOLFSSL_MEMORY
438
439 /* Use this to measure / print heap usage */
440 #if 0
441 #define WOLFSSL_TRACK_MEMORY
442 #define WOLFSSL_DEBUG_MEMORY
443 #endif
444#else
445 #ifndef WOLFSSL_STATIC_MEMORY
446 #define NO_WOLFSSL_MEMORY
447 /* Otherwise we will use stdlib malloc, free and realloc */
448 #endif
449#endif
450
451
452/* ------------------------------------------------------------------------- */
453/* Port */
454/* ------------------------------------------------------------------------- */
455
456/* Override Current Time */
457#if 1
458 /* Allows custom "custom_time()" function to be used for benchmark */
459 #define WOLFSSL_USER_CURRTIME
460 // #define WOLFSSL_GMTIME
461 #define USER_TICKS
462 #include <time.h>
463 extern unsigned long my_time(time_t *timer);
464 #define XTIME my_time
465#endif
466
467
468/* ------------------------------------------------------------------------- */
469/* RNG */
470/* ------------------------------------------------------------------------- */
471
472/* Choose RNG method */
473#if 1
474 /* Custom Seed Source */
475 #if 1
476 /* Size of returned HW RNG value */
477 #define CUSTOM_RAND_TYPE unsigned int
478 extern unsigned int my_rng_seed_gen(void);
479 #undef CUSTOM_RAND_GENERATE
480 #define CUSTOM_RAND_GENERATE my_rng_seed_gen
481 #endif
482
483 // NetBurner specific define for enabling hardware random number generation
484 // NOTE: MCF54415 RNGA peripheral not present on this silicon - all registers
485 // read 0xFFFFFFFF. Verified via RNG qualification test 2026-02-17.
486 // #define GATHER_RANDOM_USE_HW
487
488 /* Use built-in P-RNG (SHA256 based) with HW RNG */
489 /* P-RNG + HW RNG (P-RNG is ~8K) */
490 #undef HAVE_HASHDRBG
491 #define HAVE_HASHDRBG
492#else
493 #undef WC_NO_HASHDRBG
494 #define WC_NO_HASHDRBG
495
496 /* Bypass P-RNG and use only HW RNG */
497 extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
498 #undef CUSTOM_RAND_GENERATE_BLOCK
499 #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
500#endif
501
502
503/* ------------------------------------------------------------------------- */
504/* Custom Standard Lib */
505/* ------------------------------------------------------------------------- */
506/* Allows override of all standard library functions */
507#undef STRING_USER
508#if 0
509 #define STRING_USER
510
511 #include <string.h>
512
513 #define USE_WOLF_STRSEP
514 #define XSTRSEP(s1,d) wc_strsep((s1),(d))
515
516 #define USE_WOLF_STRTOK
517 #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
518
519 #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
520
521 #define XMEMCPY(d,s,l) memcpy((d),(s),(l))
522 #define XMEMSET(b,c,l) memset((b),(c),(l))
523 #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
524 #define XMEMMOVE(d,s,l) memmove((d),(s),(l))
525
526 #define XSTRLEN(s1) strlen((s1))
527 #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
528 #define XSTRSTR(s1,s2) strstr((s1),(s2))
529
530 #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
531 #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
532 #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
533
534 #define XSNPRINTF snprintf
535#endif
536
537
538
539/* ------------------------------------------------------------------------- */
540/* Enable Features */
541/* ------------------------------------------------------------------------- */
542
543#ifdef SSL_TLS_1_3_SUPPORT // defined in predef.h
544#define WOLFSSL_TLS13
545#define WOLFSSL_EARLY_DATA
546#endif
547/* Non-default profiles disable TLS 1.2 for smaller footprint */
548#if defined(CRYPTO_PROFILE_AESGCM) || defined(CRYPTO_PROFILE_CHACHA) || defined(CRYPTO_PROFILE_MINIMAL)
549#define WOLFSSL_NO_TLS12
550#endif
551#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
552#define HAVE_TLS_EXTENSIONS
553#define HAVE_SUPPORTED_CURVES
554#define WOLFSSL_BASE64_ENCODE
555
556
557#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
558#define KEEP_PEER_CERT
559//#define HAVE_COMP_KEY
560
561/* TLS Session Cache */
562#if 1
563 #define SMALL_SESSION_CACHE
564 #define NO_SESSION_CACHE_REF
565#else
566 #define NO_SESSION_CACHE
567#endif
568
569#define HAVE_ONE_TIME_AUTH
570#define HAVE_SNI
571#define HAVE_SESSION_TICKET
572#define WOLFSSL_SMALL_CERT_VERIFY
573
574// Allows WolfSSL to malloc the tls 1.3 ticket nonce, instead of using a static buffer. This supports large ticket nonces
575#define WOLFSSL_TICKET_NONCE_MALLOC
576
577/* ------------------------------------------------------------------------- */
578/* Disable Features */
579/* ------------------------------------------------------------------------- */
580//#define NO_WOLFSSL_SERVER
581//#define NO_WOLFSSL_CLIENT
582//#define NO_CRYPT_TEST
583//#define NO_CRYPT_BENCHMARK
584//#define WOLFCRYPT_ONLY
585
586/* In-lining of misc.c functions */
587/* If defined, must include wolfcrypt/src/misc.c in build */
588/* Slower, but about 1k smaller */
589//#define NO_INLINE
590
591#define WOLFSSL_NO_SOCK
592#define NO_WOLFSSL_DIR
593
594#ifdef TARGET_EMBEDDED
595 #define NO_FILESYSTEM
596 #define NO_WRITEV
597 #define NO_MAIN_DRIVER
598 #define NO_DEV_RANDOM
599#endif
600
601#define NO_OLD_TLS
602#define NO_PSK
603
604#define NO_DSA
605// #define NO_RC4
606#define NO_MD4
607#define NO_PWDBASED
608//#define NO_CODING
609//#define NO_ASN_TIME
610//#define NO_CERTS
611//#define NO_SIG_WRAPPER
612
613#define NO_HC128
614#define NO_RABBIT
615
616#define WOLFSSL_IGNORE_FILE_WARN
617
618#undef NO_TLS
619
620#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_CHACHA) && !defined(CRYPTO_PROFILE_MINIMAL)
621// Settings made for TLS 1.2 backward compatibility
622#define WOLFSSL_STATIC_RSA // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA
623#define WOLFSSL_STATIC_DH // Needed to support TLS_ECDH_ECDSA_WITH_RC4_128_SHA
624#endif
625#define WOLFSSL_AES_128 // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256
626#define WOLFSSL_AES_256 // Needed to support TLS_RSA_WITH_AES_256_CBC_SHA256
627
628#define WOLFSSL_CERT_REQ
629#define WOLFSSL_CERT_GEN
630#define WOLFSSL_ALT_NAMES
631#define WOLFSSL_DER_TO_PEM
632#define WOLFSSL_KEY_GEN
633#define WOLFSSL_EITHER_SIDE
634
635#define ENABLE_ECCKEY_CREATE // Custom define, maybe should move to predef?
636#define ENABLE_RSAKEY_CREATE // Custom define, maybe should move to predef?
637
638 // For wolfSSH
639 //#undef WOLFSSH_SFTP
640 //#define WOLFSSH_SFTP
641
642 //#undef WOLFSSH_SCP
643 //#define WOLFSSH_SCP
644
645#undef WOLFSSH_USER_IO
646#define WOLFSSH_USER_IO
647
648#ifdef __cplusplus
649}
650#endif
651
652#endif /* WOLFSSL_USER_SETTINGS_H */