NetBurner 3.5.6
PDF Version
MODM7AE70/user_settings.h
1/* user_settings_template.h
2 *
3 * Copyright (C) 2006-2023 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22#ifndef WOLFSSL_USER_SETTINGS_H
23#define WOLFSSL_USER_SETTINGS_H
24
25#ifdef __cplusplus
26extern "C" {
27#endif
28
29#include <predef.h>
30
31#define TARGET_EMBEDDED
32
33/* ------------------------------------------------------------------------- */
34/* Platform */
35/* ------------------------------------------------------------------------- */
36#define WOLFSSL_GENERAL_ALIGNMENT 4
37#define SIZEOF_LONG_LONG 8
38#define WOLFSSL_W64_WRAPPER
39
40#if 0
41 #define NO_64BIT /* disable use of 64-bit variables */
42#endif
43
44#ifdef TARGET_EMBEDDED
45 /* disable mutex locking */
46 // #define SINGLE_THREADED
47
48 /* reduce stack use. For variables over 100 bytes allocate from heap */
49 #define WOLFSSL_SMALL_STACK
50
51 /* disable the built-in socket support and use the IO callbacks.
52 * Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
53 */
54 #define WOLFSSL_USER_IO
55#endif
56
57#define WOLFSSL_32BIT_MILLI_TIME
58
59/* ------------------------------------------------------------------------- */
60/* Math Configuration */
61/* ------------------------------------------------------------------------- */
62#define ULLONG_MAX 18446744073709551615ULL
63#define SP_WORD_SIZE 32
64
65#undef USE_FAST_MATH
66#if 0
67 /* fast math (tfmc.) (stack based and timing resistant) */
68 #define USE_FAST_MATH
69 #define TFM_TIMING_RESISTANT
70#else
71 /* normal heap based integer.c (not timing resistant) */
72#endif
73
74/* Wolf Single Precision Math */
75#undef WOLFSSL_SP
76#if 1
77 #define WOLFSSL_SP
78 #define WOLFSSL_HAVE_SP_RSA
79 #define WOLFSSL_HAVE_SP_DH
80 #define WOLFSSL_HAVE_SP_ECC
81 //#define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
82 #define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
83
84 #define WOLFSSL_SP_CACHE_RESISTANT
85 // #define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */
86 #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
87
88 //#define WOLFSSL_SP_NO_MALLOC
89 //#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
90
91 #ifdef TARGET_EMBEDDED
92 /* use smaller version of code */
93 #define WOLFSSL_SP_SMALL
94 #else
95 /* SP Assembly Speedups - specific to chip type */
96 #define WOLFSSL_SP_ASM
97 #endif
98 //#define WOLFSSL_SP_X86_64
99 //#define WOLFSSL_SP_X86
100 //#define WOLFSSL_SP_ARM32_ASM
101 //#define WOLFSSL_SP_ARM64_ASM
102 //#define WOLFSSL_SP_ARM_THUMB_ASM
103 #define WOLFSSL_SP_ARM_CORTEX_M_ASM
104#endif
105
106/* ------------------------------------------------------------------------- */
107/* Crypto */
108/* ------------------------------------------------------------------------- */
109/* RSA */
110#undef NO_RSA
111#if 1
112 #ifdef USE_FAST_MATH
113 /* Maximum math bits (Max RSA key bits * 2) */
114 #define FP_MAX_BITS 4096
115 #endif
116
117 /* half as much memory but twice as slow */
118 //#define RSA_LOW_MEM
119
120 /* Enables blinding mode, to prevent timing attacks */
121 #define WC_RSA_BLINDING
122
123 /* RSA PSS Support */
124 #define WC_RSA_PSS
125#else
126 #define NO_RSA
127#endif
128
129/* DH */
130#undef NO_DH
131#if 1
132 /* Use table for DH instead of -lm (math) lib dependency */
133 #if 1
134 #define WOLFSSL_DH_CONST
135 #define HAVE_FFDHE_2048
136 //#define HAVE_FFDHE_4096
137 //#define HAVE_FFDHE_6144
138 //#define HAVE_FFDHE_8192
139 #endif
140#else
141 #define NO_DH
142#endif
143
144/* ECC */
145#undef HAVE_ECC
146#if 1
147 #define HAVE_ECC
148
149 /* Manually define enabled curves */
150 #define ECC_USER_CURVES
151
152 #ifdef ECC_USER_CURVES
153 /* Manual Curve Selection */
154 // #define HAVE_ECC192
155 // #define HAVE_ECC224
156 #undef NO_ECC256
157 #ifdef ENABLE_ECC384
158 #define HAVE_ECC384
159 #endif
160 #ifdef ENABLE_ECC521
161 // #define HAVE_ECC521
162 #endif
163 #endif
164
165 /* Fixed point cache (speeds repeated operations against same private key) */
166 #define FP_ECC
167 #ifdef FP_ECC
168 /* Bits / Entries */
169 #define FP_ENTRIES 15
170 #define FP_LUT 4
171 #endif
172
173 /* Optional ECC calculation method */
174 /* Note: doubles heap usage, but slightly faster */
175 #define ECC_SHAMIR
176
177 /* Reduces heap usage, but slower */
178 // #define ECC_TIMING_RESISTANT
179
180 /* Compressed ECC Key Support */
181 //#define HAVE_COMP_KEY
182
183 /* Use alternate ECC size for ECC math */
184 #ifdef USE_FAST_MATH
185 /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
186 #if defined(NO_RSA) && defined(NO_DH)
187 /* Custom fastmath size if not using RSA/DH */
188 #define FP_MAX_BITS (256 * 2)
189 #else
190 /* use heap allocation for ECC points */
191 #define ALT_ECC_SIZE
192
193 /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
194 //#define FP_MAX_BITS_ECC (256 * 2)
195 #endif
196
197 /* Speedups specific to curve */
198 #ifndef NO_ECC256
199 #define TFM_ECC256
200 #endif
201 #endif
202#endif
203
204
205/* AES */
206#undef NO_AES
207#if 1
208 #define HAVE_AES_CBC
209
210 #define HAVE_AESGCM
211
212 /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
213 // Listed in order of speed and memory usage
214 // #define GCM_TABLE
215 #define GCM_WORD32
216 // #define GCM_TABLE_4BIT
217 // #define GCM_SMALL
218
219 //#define WOLFSSL_AES_DIRECT
220 //#define HAVE_AES_ECB
221 //#define WOLFSSL_AES_COUNTER
222 #define HAVE_AESCCM
223#else
224 #define NO_AES
225#endif
226
227
228/* DES3 */
229#undef NO_DES3
230#if 1
231#else
232 #define NO_DES3
233#endif
234
235/* ChaCha20 / Poly1305 */
236#undef HAVE_CHACHA
237#undef HAVE_POLY1305
238#if 1
239 #define HAVE_CHACHA
240 #define HAVE_POLY1305
241
242 /* Needed for Poly1305 */
243 #define HAVE_ONE_TIME_AUTH
244#endif
245
246/* Ed25519 / Curve25519 */
247#undef HAVE_CURVE25519
248#undef HAVE_ED25519
249#if 1
250 #define HAVE_CURVE25519
251 #define HAVE_ED25519 /* ED25519 Requires SHA512 */
252
253 /* Optionally use small math (less flash usage, but much slower) */
254 #if 0
255 #define CURVED25519_SMALL
256 #endif
257#endif
258
259
260/* ------------------------------------------------------------------------- */
261/* Hashing */
262/* ------------------------------------------------------------------------- */
263/* Sha */
264#undef NO_SHA
265#if 1
266 /* 1k smaller, but 25% slower */
267 //#define USE_SLOW_SHA
268#else
269 #define NO_SHA
270#endif
271
272/* Sha256 */
273#undef NO_SHA256
274#if 1
275 /* not unrolled - ~2k smaller and ~25% slower */
276 //#define USE_SLOW_SHA256
277
278 /* Sha224 */
279 #if 0
280 #define WOLFSSL_SHA224
281 #endif
282#else
283 #define NO_SHA256
284#endif
285
286/* Sha512 */
287#undef WOLFSSL_SHA512
288#if 1
289 #define WOLFSSL_SHA512
290
291 /* Sha384 */
292 #undef WOLFSSL_SHA384
293 #if 1
294 #define WOLFSSL_SHA384
295 #endif
296
297 /* over twice as small, but 50% slower */
298 //#define USE_SLOW_SHA512
299#endif
300
301/* Sha3 */
302#undef WOLFSSL_SHA3
303#if 0
304 #define WOLFSSL_SHA3
305#endif
306
307/* MD5 */
308#undef NO_MD5
309#if 0
310
311#else
312 #define NO_MD5
313#endif
314
315/* HKDF */
316#undef HAVE_HKDF
317#if 1
318 #define HAVE_HKDF
319#endif
320
321/* CMAC */
322#undef WOLFSSL_CMAC
323#if 0
324 #define WOLFSSL_CMAC
325#endif
326
327
328/* ------------------------------------------------------------------------- */
329/* Benchmark / Test */
330/* ------------------------------------------------------------------------- */
331#ifdef TARGET_EMBEDDED
332 /* Use reduced benchmark / test sizes */
333 #define BENCH_EMBEDDED
334#endif
335
336/* Use test buffers from array (not filesystem) */
337#ifndef NO_FILESYSTEM
338#define USE_CERT_BUFFERS_256
339#define USE_CERT_BUFFERS_2048
340#endif
341
342/* ------------------------------------------------------------------------- */
343/* Debugging */
344/* To enable, call wolfSSL_Debugging_ON(); where debug output is wanted */
345/* ------------------------------------------------------------------------- */
346
347#undef DEBUG_WOLFSSL
348#undef NO_ERROR_STRINGS
349#if 0
350 #define DEBUG_WOLFSSL
351#else
352 #if 0
353 #define NO_ERROR_STRINGS
354 #endif
355#endif
356
357// Prints out the TLS secrets to the console, allowing for decryption of the TLS stream
358// #define SHOW_SECRETS
359// #define HAVE_SECRET_CALLBACK
360
361/* ------------------------------------------------------------------------- */
362/* Memory */
363/* ------------------------------------------------------------------------- */
364
365/* Override Memory API's */
366#ifdef SSL_CUSTOM_MALLOC
367 #define XMALLOC_OVERRIDE
368
369 /* prototypes for user heap override functions */
370 /* Note: Realloc only required for normal math */
371 #include <stddef.h> /* for size_t */
372
373 extern void* NBMalloc(size_t n);
374 extern void NBFree(void *p);
375 extern void* NBRealloc(void *p, size_t n);
376
377 #define XMALLOC(n, h, t) NBMalloc(n)
378 #define XFREE(p, h, t) NBFree(p)
379 #define XREALLOC(p, n, h, t) NBRealloc(p, n)
380
381 // Platform specific fastest memory location
382 #if SSL_CUSTOM_MALLOC == 1 // Fastest memory on platform
383 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SRAM(name,size)
384 #elif SSL_CUSTOM_MALLOC == 2
385 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_TCM(name,size)
386 #elif SSL_CUSTOM_MALLOC == 3
387 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SRAM(name,size)
388 #elif SSL_CUSTOM_MALLOC == 4
389 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SDRAM(name,size)
390 #endif
391#endif
392
393#if 0
394 /* Static memory requires fast math */
395 #define WOLFSSL_STATIC_MEMORY
396
397 /* Disable fallback malloc/free */
398 #define WOLFSSL_NO_MALLOC
399 #if 1
400 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
401 #endif
402#endif
403
404/* Memory callbacks */
405#if 1
406 #undef USE_WOLFSSL_MEMORY
407 #define USE_WOLFSSL_MEMORY
408
409 /* Use this to measure / print heap usage */
410 #if 0
411 #define WOLFSSL_TRACK_MEMORY
412 #define WOLFSSL_DEBUG_MEMORY
413 #endif
414#else
415 #ifndef WOLFSSL_STATIC_MEMORY
416 #define NO_WOLFSSL_MEMORY
417 /* Otherwise we will use stdlib malloc, free and realloc */
418 #endif
419#endif
420
421
422/* ------------------------------------------------------------------------- */
423/* Port */
424/* ------------------------------------------------------------------------- */
425
426/* Override Current Time */
427#if 1
428 /* Allows custom "custom_time()" function to be used for benchmark */
429 #define WOLFSSL_USER_CURRTIME
430 // #define WOLFSSL_GMTIME
431 #define USER_TICKS
432 #include <time.h>
433 extern unsigned long my_time(time_t *timer);
434 #define XTIME my_time
435#endif
436
437
438/* ------------------------------------------------------------------------- */
439/* RNG */
440/* ------------------------------------------------------------------------- */
441
442/* Choose RNG method */
443#if 1
444 /* Custom Seed Source */
445 #if 1
446 /* Size of returned HW RNG value */
447 #define CUSTOM_RAND_TYPE unsigned int
448 extern unsigned int my_rng_seed_gen(void);
449 #undef CUSTOM_RAND_GENERATE
450 #define CUSTOM_RAND_GENERATE my_rng_seed_gen
451 #endif
452
453 // NetBurner specific define for enabling hardware random number generation for M7
454 #define GATHER_RANDOM_USE_HW
455
456 /* Use built-in P-RNG (SHA256 based) with HW RNG */
457 /* P-RNG + HW RNG (P-RNG is ~8K) */
458 #undef HAVE_HASHDRBG
459 #define HAVE_HASHDRBG
460#else
461 #undef WC_NO_HASHDRBG
462 #define WC_NO_HASHDRBG
463
464 /* Bypass P-RNG and use only HW RNG */
465 extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
466 #undef CUSTOM_RAND_GENERATE_BLOCK
467 #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
468#endif
469
470
471/* ------------------------------------------------------------------------- */
472/* Custom Standard Lib */
473/* ------------------------------------------------------------------------- */
474/* Allows override of all standard library functions */
475#undef STRING_USER
476#if 0
477 #define STRING_USER
478
479 #include <string.h>
480
481 #define USE_WOLF_STRSEP
482 #define XSTRSEP(s1,d) wc_strsep((s1),(d))
483
484 #define USE_WOLF_STRTOK
485 #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
486
487 #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
488
489 #define XMEMCPY(d,s,l) memcpy((d),(s),(l))
490 #define XMEMSET(b,c,l) memset((b),(c),(l))
491 #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
492 #define XMEMMOVE(d,s,l) memmove((d),(s),(l))
493
494 #define XSTRLEN(s1) strlen((s1))
495 #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
496 #define XSTRSTR(s1,s2) strstr((s1),(s2))
497
498 #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
499 #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
500 #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
501
502 #define XSNPRINTF snprintf
503#endif
504
505
506
507/* ------------------------------------------------------------------------- */
508/* Enable Features */
509/* ------------------------------------------------------------------------- */
510
511#ifdef SSL_TLS_1_3_SUPPORT // defined in predef.h
512#define WOLFSSL_TLS13
513#endif
514#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
515#define HAVE_TLS_EXTENSIONS
516#define HAVE_SUPPORTED_CURVES
517#define WOLFSSL_BASE64_ENCODE
518
519
520#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
521#define KEEP_PEER_CERT
522//#define HAVE_COMP_KEY
523
524/* TLS Session Cache */
525#if 1
526 #define SMALL_SESSION_CACHE
527 #define NO_SESSION_CACHE_REF
528#else
529 #define NO_SESSION_CACHE
530#endif
531
532#define HAVE_ONE_TIME_AUTH
533#define HAVE_SNI
534#define HAVE_SESSION_TICKET
535
536// Allows WolfSSL to malloc the tls 1.3 ticket nonce, instead of using a static buffer. This supports large ticket nonces
537#define WOLFSSL_TICKET_NONCE_MALLOC
538
539/* ------------------------------------------------------------------------- */
540/* Disable Features */
541/* ------------------------------------------------------------------------- */
542//#define NO_WOLFSSL_SERVER
543//#define NO_WOLFSSL_CLIENT
544//#define NO_CRYPT_TEST
545//#define NO_CRYPT_BENCHMARK
546//#define WOLFCRYPT_ONLY
547
548/* In-lining of misc.c functions */
549/* If defined, must include wolfcrypt/src/misc.c in build */
550/* Slower, but about 1k smaller */
551//#define NO_INLINE
552
553#define WOLFSSL_NO_SOCK
554#define NO_WOLFSSL_DIR
555
556#ifdef TARGET_EMBEDDED
557 #define NO_FILESYSTEM
558 #define NO_WRITEV
559 #define NO_MAIN_DRIVER
560 #define NO_DEV_RANDOM
561#endif
562
563#define NO_OLD_TLS
564#define NO_PSK
565
566#define NO_DSA
567// #define NO_RC4
568#define NO_MD4
569#define NO_PWDBASED
570//#define NO_CODING
571//#define NO_ASN_TIME
572//#define NO_CERTS
573//#define NO_SIG_WRAPPER
574
575#define NO_HC128
576#define NO_RABBIT
577
578#define WOLFSSL_IGNORE_FILE_WARN
579
580#undef NO_TLS
581
582// Settings made for compatibility
583#define WOLFSSL_STATIC_RSA // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA
584#define WOLFSSL_AES_128 // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256
585#define WOLFSSL_AES_256 // Needed to support TLS_RSA_WITH_AES_256_CBC_SHA256
586#define WOLFSSL_STATIC_DH // Needed to support TLS_ECDH_ECDSA_WITH_RC4_128_SHA
587
588#define WOLFSSL_CERT_REQ
589#define WOLFSSL_CERT_GEN
590#define WOLFSSL_ALT_NAMES
591#define WOLFSSL_DER_TO_PEM
592#define WOLFSSL_KEY_GEN
593#define WOLFSSL_EITHER_SIDE
594
595#define ENABLE_ECCKEY_CREATE // Custom define, maybe should move to predef?
596#define ENABLE_RSAKEY_CREATE // Custom define, maybe should move to predef?
597
598 // For wolfSSH
599 //#undef WOLFSSH_SFTP
600 //#define WOLFSSH_SFTP
601
602 //#undef WOLFSSH_SCP
603 //#define WOLFSSH_SCP
604
605#undef WOLFSSH_USER_IO
606#define WOLFSSH_USER_IO
607
608#ifdef __cplusplus
609}
610#endif
611
612#endif /* WOLFSSL_USER_SETTINGS_H */