NetBurner 3.5.7
PDF Version
MODM7AE70/user_settings.h
1/* user_settings_template.h
2 *
3 * Copyright (C) 2006-2023 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22#ifndef WOLFSSL_USER_SETTINGS_H
23#define WOLFSSL_USER_SETTINGS_H
24
25#ifdef __cplusplus
26extern "C" {
27#endif
28
29#include <predef.h>
30
31/* =========================================================================
32 * CRYPTO PROFILE SELECTION
33 * =========================================================================
34 * Uncomment ONE of the following to select a crypto profile.
35 * Default (none selected): Full compatibility - TLS 1.2+1.3, all ciphers
36 *
37 * CRYPTO_PROFILE_AESGCM - TLS 1.3 only, AES-GCM ciphers only
38 * HW accelerated on SAME70, smallest footprint
39 *
40 * CRYPTO_PROFILE_CHACHA - TLS 1.3 only, ChaCha20-Poly1305
41 * Constant-time, no HW AES dependency
42 *
43 * CRYPTO_PROFILE_MINIMAL - Bare minimum for constrained applications
44 * WARNING: Limited cipher support
45 * ========================================================================= */
46// #define CRYPTO_PROFILE_AESGCM
47// #define CRYPTO_PROFILE_CHACHA
48// #define CRYPTO_PROFILE_MINIMAL
49
50#define TARGET_EMBEDDED
51
52/* ------------------------------------------------------------------------- */
53/* Platform */
54/* ------------------------------------------------------------------------- */
55#define WOLFSSL_GENERAL_ALIGNMENT 4
56
57/* ------------------------------------------------------------------------- */
58/* SAME70 Hardware Crypto Acceleration */
59/* Enables AES-GCM offload to the SAME70 AES peripheral. */
60/* ------------------------------------------------------------------------- */
61#define WOLFSSL_SAME70_CRYPTO /* AES-GCM hardware acceleration */
62#define SIZEOF_LONG_LONG 8
63#define WOLFSSL_W64_WRAPPER
64
65#if 0
66 #define NO_64BIT /* disable use of 64-bit variables */
67#endif
68
69#ifdef TARGET_EMBEDDED
70 /* disable mutex locking */
71 // #define SINGLE_THREADED
72
73 /* reduce stack use. For variables over 100 bytes allocate from heap */
74 #define WOLFSSL_SMALL_STACK
75
76 /* disable the built-in socket support and use the IO callbacks.
77 * Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
78 */
79 #define WOLFSSL_USER_IO
80#endif
81
82#define WOLFSSL_32BIT_MILLI_TIME
83
84/* ------------------------------------------------------------------------- */
85/* Math Configuration */
86/* ------------------------------------------------------------------------- */
87#define ULLONG_MAX 18446744073709551615ULL
88#define SP_WORD_SIZE 32
89
90#undef USE_FAST_MATH
91#if 0
92 /* fast math (tfmc.) (stack based and timing resistant) */
93 #define USE_FAST_MATH
94 #define TFM_TIMING_RESISTANT
95#else
96 /* normal heap based integer.c (not timing resistant) */
97#endif
98
99/* Wolf Single Precision Math */
100#undef WOLFSSL_SP
101#if 1
102 #define WOLFSSL_SP
103 #define WOLFSSL_HAVE_SP_RSA
104 #define WOLFSSL_HAVE_SP_DH
105 #define WOLFSSL_HAVE_SP_ECC
106 //#define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
107 #define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
108
109 #define WOLFSSL_SP_CACHE_RESISTANT
110 // #define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */
111 #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
112
113 //#define WOLFSSL_SP_NO_MALLOC
114 //#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
115
116 #ifdef TARGET_EMBEDDED
117 /* use smaller version of code */
118 #define WOLFSSL_SP_SMALL
119 #else
120 /* SP Assembly Speedups - specific to chip type */
121 #define WOLFSSL_SP_ASM
122 #endif
123 //#define WOLFSSL_SP_X86_64
124 //#define WOLFSSL_SP_X86
125 //#define WOLFSSL_SP_ARM32_ASM
126 //#define WOLFSSL_SP_ARM64_ASM
127 //#define WOLFSSL_SP_ARM_THUMB_ASM
128 #define WOLFSSL_SP_ARM_CORTEX_M_ASM
129#endif
130
131/* ------------------------------------------------------------------------- */
132/* Crypto */
133/* ------------------------------------------------------------------------- */
134/* RSA */
135#undef NO_RSA
136#if 1
137 #ifdef USE_FAST_MATH
138 /* Maximum math bits (Max RSA key bits * 2) */
139 #define FP_MAX_BITS 4096
140 #endif
141
142 /* half as much memory but twice as slow */
143 //#define RSA_LOW_MEM
144
145 /* Enables blinding mode, to prevent timing attacks */
146 #define WC_RSA_BLINDING
147
148 /* RSA PSS Support */
149 #define WC_RSA_PSS
150#else
151 #define NO_RSA
152#endif
153
154/* DH */
155#undef NO_DH
156#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_CHACHA) && !defined(CRYPTO_PROFILE_MINIMAL)
157 /* Use table for DH instead of -lm (math) lib dependency */
158 #if 1
159 #define WOLFSSL_DH_CONST
160 #define HAVE_FFDHE_2048
161 //#define HAVE_FFDHE_4096
162 //#define HAVE_FFDHE_6144
163 //#define HAVE_FFDHE_8192
164 #endif
165#else
166 #define NO_DH
167#endif
168
169/* ECC */
170#undef HAVE_ECC
171#if 1
172 #define HAVE_ECC
173
174 /* Manually define enabled curves */
175 #define ECC_USER_CURVES
176
177 #ifdef ECC_USER_CURVES
178 /* Manual Curve Selection */
179 // #define HAVE_ECC192
180 // #define HAVE_ECC224
181 #undef NO_ECC256
182 #ifdef ENABLE_ECC384
183 #define HAVE_ECC384
184 #endif
185 #ifdef ENABLE_ECC521
186 // #define HAVE_ECC521
187 #endif
188 #endif
189
190 /* Fixed point cache (speeds repeated operations against same private key) */
191 #define FP_ECC
192 #ifdef FP_ECC
193 /* Bits / Entries */
194 /* FP_LUT=5: Pre-computes 32 multiples of cached ECC keys.
195 Uses ~49KB heap for lookup tables. Faster repeated ECDSA signing. */
196 #define FP_ENTRIES 15
197 #define FP_LUT 5
198 #endif
199
200 /* Optional ECC calculation method */
201 /* Note: doubles heap usage, but slightly faster */
202 #define ECC_SHAMIR
203
204 /* Reduces heap usage, but slower */
205 // #define ECC_TIMING_RESISTANT
206
207 /* Compressed ECC Key Support */
208 //#define HAVE_COMP_KEY
209
210 /* Use alternate ECC size for ECC math */
211 #ifdef USE_FAST_MATH
212 /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
213 #if defined(NO_RSA) && defined(NO_DH)
214 /* Custom fastmath size if not using RSA/DH */
215 #define FP_MAX_BITS (256 * 2)
216 #else
217 /* use heap allocation for ECC points */
218 #define ALT_ECC_SIZE
219
220 /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
221 //#define FP_MAX_BITS_ECC (256 * 2)
222 #endif
223
224 /* Speedups specific to curve */
225 #ifndef NO_ECC256
226 #define TFM_ECC256
227 #endif
228 #endif
229#endif
230
231
232/* AES */
233#undef NO_AES
234#if 1
235 #define HAVE_AES_CBC
236
237 #define HAVE_AESGCM
238
239 /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
240 // Listed in order of speed and memory usage
241 // #define GCM_TABLE
242 // #define GCM_WORD32
243 /* 4-bit table: faster GCM at the cost of more memory */
244 #define GCM_TABLE_4BIT
245 // #define GCM_SMALL
246
247 //#define WOLFSSL_AES_DIRECT
248 //#define HAVE_AES_ECB
249 //#define WOLFSSL_AES_COUNTER
250 #define HAVE_AESCCM
251#else
252 #define NO_AES
253#endif
254
255
256/* DES3 */
257#undef NO_DES3
258#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_CHACHA) && !defined(CRYPTO_PROFILE_MINIMAL)
259#else
260 #define NO_DES3
261#endif
262
263/* ChaCha20 / Poly1305 */
264#undef HAVE_CHACHA
265#undef HAVE_POLY1305
266#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_MINIMAL)
267 #define HAVE_CHACHA
268 #define HAVE_POLY1305
269
270 /* Needed for Poly1305 */
271 #define HAVE_ONE_TIME_AUTH
272#endif
273
274/* Ed25519 / Curve25519 */
275#undef HAVE_CURVE25519
276#undef HAVE_ED25519
277#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_MINIMAL)
278 #define HAVE_CURVE25519
279 #define HAVE_ED25519 /* ED25519 Requires SHA512 */
280
281 /* Optionally use small math (less flash usage, but much slower) */
282 #if 0
283 #define CURVED25519_SMALL
284 #endif
285#endif
286
287
288/* ------------------------------------------------------------------------- */
289/* Hashing */
290/* ------------------------------------------------------------------------- */
291/* Sha */
292#undef NO_SHA
293#if 1
294 /* 1k smaller, but 25% slower */
295 //#define USE_SLOW_SHA
296#else
297 #define NO_SHA
298#endif
299
300/* Sha256 */
301#undef NO_SHA256
302#if 1
303 /* not unrolled - ~2k smaller and ~25% slower */
304 //#define USE_SLOW_SHA256
305
306 /* Sha224 */
307 #if 0
308 #define WOLFSSL_SHA224
309 #endif
310#else
311 #define NO_SHA256
312#endif
313
314/* Sha512 */
315#undef WOLFSSL_SHA512
316#if 1
317 #define WOLFSSL_SHA512
318
319 /* Sha384 */
320 #undef WOLFSSL_SHA384
321 #if 1
322 #define WOLFSSL_SHA384
323 #endif
324
325 /* over twice as small, but 50% slower */
326 //#define USE_SLOW_SHA512
327#endif
328
329/* Sha3 */
330#undef WOLFSSL_SHA3
331#if 0
332 #define WOLFSSL_SHA3
333#endif
334
335/* MD5 */
336#undef NO_MD5
337#if 0
338
339#else
340 #define NO_MD5
341#endif
342
343/* HKDF */
344#undef HAVE_HKDF
345#if 1
346 #define HAVE_HKDF
347#endif
348
349/* CMAC */
350#undef WOLFSSL_CMAC
351#if 0
352 #define WOLFSSL_CMAC
353#endif
354
355
356/* ------------------------------------------------------------------------- */
357/* Benchmark / Test */
358/* ------------------------------------------------------------------------- */
359#ifdef TARGET_EMBEDDED
360 /* Use reduced benchmark / test sizes */
361 #define BENCH_EMBEDDED
362#endif
363
364/* Use test buffers from array (not filesystem) */
365#ifndef NO_FILESYSTEM
366#define USE_CERT_BUFFERS_256
367#define USE_CERT_BUFFERS_2048
368#endif
369
370/* ------------------------------------------------------------------------- */
371/* Debugging */
372/* To enable, call wolfSSL_Debugging_ON(); where debug output is wanted */
373/* ------------------------------------------------------------------------- */
374
375#undef DEBUG_WOLFSSL
376#undef NO_ERROR_STRINGS
377#if 0
378 #define DEBUG_WOLFSSL
379#else
380 #if 0
381 #define NO_ERROR_STRINGS
382 #endif
383#endif
384
385// Prints out the TLS secrets to the console, allowing for decryption of the TLS stream
386// #define SHOW_SECRETS
387// #define HAVE_SECRET_CALLBACK
388
389/* ------------------------------------------------------------------------- */
390/* Memory */
391/* ------------------------------------------------------------------------- */
392
393/* TLS SRAM pool size in KB for NBMalloc allocator */
394#define WOLFSSL_TLS_SRAM_KB 32
395
396/* Override Memory API's */
397#ifdef SSL_CUSTOM_MALLOC
398 #define XMALLOC_OVERRIDE
399
400 /* prototypes for user heap override functions */
401 /* Note: Realloc only required for normal math */
402 #include <stddef.h> /* for size_t */
403
404 extern void* NBMalloc(size_t n);
405 extern void NBFree(void *p);
406 extern void* NBRealloc(void *p, size_t n);
407
408 #define XMALLOC(n, h, t) NBMalloc(n)
409 #define XFREE(p, h, t) NBFree(p)
410 #define XREALLOC(p, n, h, t) NBRealloc(p, n)
411
412 // Platform specific fastest memory location
413 #if SSL_CUSTOM_MALLOC == 1 // Fastest memory on platform
414 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SRAM(name,size)
415 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_SRAM(name,size)
416 #elif SSL_CUSTOM_MALLOC == 2
417 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_TCM(name,size)
418 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_TCM(name,size)
419 #elif SSL_CUSTOM_MALLOC == 3
420 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SRAM(name,size)
421 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_SRAM(name,size)
422 #elif SSL_CUSTOM_MALLOC == 4
423 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SDRAM(name,size)
424 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_SDRAM(name,size)
425 #endif
426#endif
427
428#if 0
429 /* Static memory requires fast math */
430 #define WOLFSSL_STATIC_MEMORY
431
432 /* Disable fallback malloc/free */
433 #define WOLFSSL_NO_MALLOC
434 #if 1
435 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
436 #endif
437#endif
438
439/* Memory callbacks */
440#if 1
441 #undef USE_WOLFSSL_MEMORY
442 #define USE_WOLFSSL_MEMORY
443
444 /* Use this to measure / print heap usage */
445 #if 0
446 #define WOLFSSL_TRACK_MEMORY
447 #define WOLFSSL_DEBUG_MEMORY
448 #endif
449#else
450 #ifndef WOLFSSL_STATIC_MEMORY
451 #define NO_WOLFSSL_MEMORY
452 /* Otherwise we will use stdlib malloc, free and realloc */
453 #endif
454#endif
455
456
457/* ------------------------------------------------------------------------- */
458/* Port */
459/* ------------------------------------------------------------------------- */
460
461/* Override Current Time */
462#if 1
463 /* Allows custom "custom_time()" function to be used for benchmark */
464 #define WOLFSSL_USER_CURRTIME
465 // #define WOLFSSL_GMTIME
466 #define USER_TICKS
467 #include <time.h>
468 extern unsigned long my_time(time_t *timer);
469 #define XTIME my_time
470#endif
471
472
473/* ------------------------------------------------------------------------- */
474/* RNG */
475/* ------------------------------------------------------------------------- */
476
477/* Choose RNG method */
478#if 1
479 /* Custom Seed Source */
480 #if 1
481 /* Size of returned HW RNG value */
482 #define CUSTOM_RAND_TYPE unsigned int
483 extern unsigned int my_rng_seed_gen(void);
484 #undef CUSTOM_RAND_GENERATE
485 #define CUSTOM_RAND_GENERATE my_rng_seed_gen
486 #endif
487
488 // NetBurner specific define for enabling hardware random number generation for M7
489 #define GATHER_RANDOM_USE_HW
490
491 /* Use built-in P-RNG (SHA256 based) with HW RNG */
492 /* P-RNG + HW RNG (P-RNG is ~8K) */
493 #undef HAVE_HASHDRBG
494 #define HAVE_HASHDRBG
495#else
496 #undef WC_NO_HASHDRBG
497 #define WC_NO_HASHDRBG
498
499 /* Bypass P-RNG and use only HW RNG */
500 extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
501 #undef CUSTOM_RAND_GENERATE_BLOCK
502 #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
503#endif
504
505
506/* ------------------------------------------------------------------------- */
507/* Custom Standard Lib */
508/* ------------------------------------------------------------------------- */
509/* Allows override of all standard library functions */
510#undef STRING_USER
511#if 0
512 #define STRING_USER
513
514 #include <string.h>
515
516 #define USE_WOLF_STRSEP
517 #define XSTRSEP(s1,d) wc_strsep((s1),(d))
518
519 #define USE_WOLF_STRTOK
520 #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
521
522 #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
523
524 #define XMEMCPY(d,s,l) memcpy((d),(s),(l))
525 #define XMEMSET(b,c,l) memset((b),(c),(l))
526 #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
527 #define XMEMMOVE(d,s,l) memmove((d),(s),(l))
528
529 #define XSTRLEN(s1) strlen((s1))
530 #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
531 #define XSTRSTR(s1,s2) strstr((s1),(s2))
532
533 #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
534 #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
535 #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
536
537 #define XSNPRINTF snprintf
538#endif
539
540
541
542/* ------------------------------------------------------------------------- */
543/* Enable Features */
544/* ------------------------------------------------------------------------- */
545
546#ifdef SSL_TLS_1_3_SUPPORT // defined in predef.h
547#define WOLFSSL_TLS13
548/* OPTIMIZATION: 0-RTT for faster TLS 1.3 session resumption */
549#define WOLFSSL_EARLY_DATA
550#endif
551/* Non-default profiles disable TLS 1.2 for smaller footprint */
552#if defined(CRYPTO_PROFILE_AESGCM) || defined(CRYPTO_PROFILE_CHACHA) || defined(CRYPTO_PROFILE_MINIMAL)
553#define WOLFSSL_NO_TLS12
554#endif
555#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
556#define HAVE_TLS_EXTENSIONS
557#define HAVE_SUPPORTED_CURVES
558#define WOLFSSL_BASE64_ENCODE
559
560
561#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
562#define KEEP_PEER_CERT
563//#define HAVE_COMP_KEY
564
565/* TLS Session Cache */
566#if 1
567 #define SMALL_SESSION_CACHE
568 #define NO_SESSION_CACHE_REF
569#else
570 #define NO_SESSION_CACHE
571#endif
572
573#define HAVE_ONE_TIME_AUTH
574#define HAVE_SNI
575#define HAVE_SESSION_TICKET
576/* OPTIMIZATION: Smaller certificate verification code path */
577#define WOLFSSL_SMALL_CERT_VERIFY
578
579// Allows WolfSSL to malloc the tls 1.3 ticket nonce, instead of using a static buffer. This supports large ticket nonces
580#define WOLFSSL_TICKET_NONCE_MALLOC
581
582/* ------------------------------------------------------------------------- */
583/* Disable Features */
584/* ------------------------------------------------------------------------- */
585//#define NO_WOLFSSL_SERVER
586//#define NO_WOLFSSL_CLIENT
587//#define NO_CRYPT_TEST
588//#define NO_CRYPT_BENCHMARK
589//#define WOLFCRYPT_ONLY
590
591/* In-lining of misc.c functions */
592/* If defined, must include wolfcrypt/src/misc.c in build */
593/* Slower, but about 1k smaller */
594//#define NO_INLINE
595
596#define WOLFSSL_NO_SOCK
597#define NO_WOLFSSL_DIR
598
599#ifdef TARGET_EMBEDDED
600 #define NO_FILESYSTEM
601 #define NO_WRITEV
602 #define NO_MAIN_DRIVER
603 #define NO_DEV_RANDOM
604#endif
605
606#define NO_OLD_TLS
607#define NO_PSK
608
609#define NO_DSA
610// #define NO_RC4
611#define NO_MD4
612#define NO_PWDBASED
613//#define NO_CODING
614//#define NO_ASN_TIME
615//#define NO_CERTS
616//#define NO_SIG_WRAPPER
617
618#define NO_HC128
619#define NO_RABBIT
620
621#define WOLFSSL_IGNORE_FILE_WARN
622
623#undef NO_TLS
624
625#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_CHACHA) && !defined(CRYPTO_PROFILE_MINIMAL)
626// Settings made for TLS 1.2 backward compatibility
627#define WOLFSSL_STATIC_RSA // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA
628#define WOLFSSL_STATIC_DH // Needed to support TLS_ECDH_ECDSA_WITH_RC4_128_SHA
629#endif
630#define WOLFSSL_AES_128 // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256
631#define WOLFSSL_AES_256 // Needed to support TLS_RSA_WITH_AES_256_CBC_SHA256
632
633#define WOLFSSL_CERT_REQ
634#define WOLFSSL_CERT_GEN
635#define WOLFSSL_ALT_NAMES
636#define WOLFSSL_DER_TO_PEM
637#define WOLFSSL_KEY_GEN
638#define WOLFSSL_EITHER_SIDE
639
640#define ENABLE_ECCKEY_CREATE // Custom define, maybe should move to predef?
641#define ENABLE_RSAKEY_CREATE // Custom define, maybe should move to predef?
642
643 // For wolfSSH
644 //#undef WOLFSSH_SFTP
645 //#define WOLFSSH_SFTP
646
647 //#undef WOLFSSH_SCP
648 //#define WOLFSSH_SCP
649
650#undef WOLFSSH_USER_IO
651#define WOLFSSH_USER_IO
652
653#ifdef __cplusplus
654}
655#endif
656
657#endif /* WOLFSSL_USER_SETTINGS_H */