NetBurner 3.5.7
PDF Version
SOMRT1061/user_settings.h
1/* user_settings_template.h
2 *
3 * Copyright (C) 2006-2023 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22#ifndef WOLFSSL_USER_SETTINGS_H
23#define WOLFSSL_USER_SETTINGS_H
24
25#ifdef __cplusplus
26extern "C" {
27#endif
28
29#include <predef.h>
30
31/* =========================================================================
32 * CRYPTO PROFILE SELECTION
33 * =========================================================================
34 * Uncomment ONE of the following to select a crypto profile.
35 * Default (none selected): Full compatibility - TLS 1.2+1.3, all ciphers
36 *
37 * CRYPTO_PROFILE_AESGCM - TLS 1.3 only, AES-GCM ciphers only
38 * Smallest footprint
39 *
40 * CRYPTO_PROFILE_CHACHA - TLS 1.3 only, ChaCha20-Poly1305
41 * Constant-time, no HW AES dependency
42 *
43 * CRYPTO_PROFILE_MINIMAL - Bare minimum for constrained applications
44 * WARNING: Limited cipher support
45 * ========================================================================= */
46// #define CRYPTO_PROFILE_AESGCM
47// #define CRYPTO_PROFILE_CHACHA
48// #define CRYPTO_PROFILE_MINIMAL
49
50#define TARGET_EMBEDDED
51
52/* ------------------------------------------------------------------------- */
53/* Platform */
54/* ------------------------------------------------------------------------- */
55#define WOLFSSL_GENERAL_ALIGNMENT 4
56#define SIZEOF_LONG_LONG 8
57#define WOLFSSL_W64_WRAPPER
58#if 0
59 #define NO_64BIT /* disable use of 64-bit variables */
60#endif
61
62#ifdef TARGET_EMBEDDED
63 /* disable mutex locking */
64 // #define SINGLE_THREADED
65
66 /* reduce stack use. For variables over 100 bytes allocate from heap */
67 #define WOLFSSL_SMALL_STACK
68 #define WOLFSSL_SMALL_STACK_CACHE
69
70 /* disable the built-in socket support and use the IO callbacks.
71 * Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
72 */
73 #define WOLFSSL_USER_IO
74#endif
75
76#define WOLFSSL_32BIT_MILLI_TIME
77
78/* ------------------------------------------------------------------------- */
79/* Math Configuration */
80/* ------------------------------------------------------------------------- */
81#define ULLONG_MAX 18446744073709551615ULL
82#define SP_WORD_SIZE 32
83
84#undef USE_FAST_MATH
85#if 0
86 /* fast math (tfmc.) (stack based and timing resistant) */
87 #define USE_FAST_MATH
88 #define TFM_TIMING_RESISTANT
89#else
90 /* normal heap based integer.c (not timing resistant) */
91#endif
92
93/* Wolf Single Precision Math */
94#undef WOLFSSL_SP
95#if 1
96 #define WOLFSSL_SP
97 #define WOLFSSL_HAVE_SP_RSA
98 #define WOLFSSL_HAVE_SP_DH
99 #define WOLFSSL_HAVE_SP_ECC
100 #define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
101 #define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
102
103 // #define WOLFSSL_SP_CACHE_RESISTANT // Disabled: faster variable-time lookups for embedded network
104 // #define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */
105 #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
106
107 //#define WOLFSSL_SP_NO_MALLOC
108 //#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
109
110 #ifdef TARGET_EMBEDDED
111 /* use smaller version of code */
112 // #define WOLFSSL_SP_SMALL // Disabled: RT1061 has 8MB flash, use unrolled SP for speed
113 #else
114 /* SP Assembly Speedups - specific to chip type */
115 #define WOLFSSL_SP_ASM
116 #endif
117 //#define WOLFSSL_SP_X86_64
118 //#define WOLFSSL_SP_X86
119 //#define WOLFSSL_SP_ARM32_ASM
120 //#define WOLFSSL_SP_ARM64_ASM
121 //#define WOLFSSL_SP_ARM_THUMB_ASM
122 #define WOLFSSL_SP_ARM_CORTEX_M_ASM
123#endif
124
125/* ------------------------------------------------------------------------- */
126/* Crypto */
127/* ------------------------------------------------------------------------- */
128/* RSA */
129#undef NO_RSA
130#if 1
131 #ifdef USE_FAST_MATH
132 /* Maximum math bits (Max RSA key bits * 2) */
133 #define FP_MAX_BITS 4096
134 #endif
135
136 /* half as much memory but twice as slow */
137 //#define RSA_LOW_MEM
138
139 /* Enables blinding mode, to prevent timing attacks */
140 #define WC_RSA_BLINDING
141
142 /* RSA PSS Support */
143 #define WC_RSA_PSS
144#else
145 #define NO_RSA
146#endif
147
148/* DH */
149#undef NO_DH
150#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_CHACHA) && !defined(CRYPTO_PROFILE_MINIMAL)
151 /* Use table for DH instead of -lm (math) lib dependency */
152 #if 1
153 #define WOLFSSL_DH_CONST
154 #define HAVE_FFDHE_2048
155 //#define HAVE_FFDHE_4096
156 //#define HAVE_FFDHE_6144
157 //#define HAVE_FFDHE_8192
158 #endif
159#else
160 #define NO_DH
161#endif
162
163/* ECC */
164#undef HAVE_ECC
165#if 1
166 #define HAVE_ECC
167
168 /* Manually define enabled curves */
169 #define ECC_USER_CURVES
170
171 #ifdef ECC_USER_CURVES
172 /* Manual Curve Selection */
173 // #define HAVE_ECC192
174 // #define HAVE_ECC224
175 #undef NO_ECC256
176 #ifdef ENABLE_ECC384
177 #define HAVE_ECC384
178 #endif
179 #ifdef ENABLE_ECC521
180 // #define HAVE_ECC521
181 #endif
182 #endif
183
184 /* Fixed point cache (speeds repeated operations against same private key) */
185 #define FP_ECC
186 #ifdef FP_ECC
187 /* Bits / Entries */
188 #define FP_ENTRIES 15
189 #define FP_LUT 4
190 #endif
191
192 /* Optional ECC calculation method */
193 /* Note: doubles heap usage, but slightly faster */
194 #define ECC_SHAMIR
195
196 /* Reduces heap usage, but slower */
197 // #define ECC_TIMING_RESISTANT
198
199 /* Compressed ECC Key Support */
200 //#define HAVE_COMP_KEY
201
202 /* Use alternate ECC size for ECC math */
203 #ifdef USE_FAST_MATH
204 /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
205 #if defined(NO_RSA) && defined(NO_DH)
206 /* Custom fastmath size if not using RSA/DH */
207 #define FP_MAX_BITS (256 * 2)
208 #else
209 /* use heap allocation for ECC points */
210 #define ALT_ECC_SIZE
211
212 /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
213 //#define FP_MAX_BITS_ECC (256 * 2)
214 #endif
215
216 /* Speedups specific to curve */
217 #ifndef NO_ECC256
218 #define TFM_ECC256
219 #endif
220 #endif
221#endif
222
223
224/* AES */
225#undef NO_AES
226#if 1
227 #define HAVE_AES_CBC
228
229 #define HAVE_AESGCM
230
231 /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
232 // Listed in order of speed and memory usage
233 #define GCM_TABLE
234 // #define GCM_WORD32
235 // #define GCM_TABLE_4BIT
236 // #define GCM_SMALL
237
238 //#define WOLFSSL_AES_DIRECT
239 //#define HAVE_AES_ECB
240 //#define WOLFSSL_AES_COUNTER
241 #define HAVE_AESCCM
242#else
243 #define NO_AES
244#endif
245
246
247/* DES3 */
248#undef NO_DES3
249#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_CHACHA) && !defined(CRYPTO_PROFILE_MINIMAL)
250#else
251 #define NO_DES3
252#endif
253
254/* ChaCha20 / Poly1305 */
255#undef HAVE_CHACHA
256#undef HAVE_POLY1305
257#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_MINIMAL)
258 #define HAVE_CHACHA
259 #define HAVE_POLY1305
260
261 /* Needed for Poly1305 */
262 #define HAVE_ONE_TIME_AUTH
263#endif
264
265/* Ed25519 / Curve25519 */
266#undef HAVE_CURVE25519
267#undef HAVE_ED25519
268#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_MINIMAL)
269 #define HAVE_CURVE25519
270 #define HAVE_ED25519 /* ED25519 Requires SHA512 */
271
272 /* Optionally use small math (less flash usage, but much slower) */
273 #if 0
274 #define CURVED25519_SMALL
275 #endif
276#endif
277
278
279/* ------------------------------------------------------------------------- */
280/* Hashing */
281/* ------------------------------------------------------------------------- */
282/* Sha */
283#undef NO_SHA
284#if 1
285 /* 1k smaller, but 25% slower */
286 //#define USE_SLOW_SHA
287#else
288 #define NO_SHA
289#endif
290
291/* Sha256 */
292#undef NO_SHA256
293#if 1
294 /* not unrolled - ~2k smaller and ~25% slower */
295 //#define USE_SLOW_SHA256
296
297 /* Sha224 */
298 #if 0
299 #define WOLFSSL_SHA224
300 #endif
301#else
302 #define NO_SHA256
303#endif
304
305/* Sha512 */
306#undef WOLFSSL_SHA512
307#if 1
308 #define WOLFSSL_SHA512
309
310 /* Sha384 */
311 #undef WOLFSSL_SHA384
312 #if 1
313 #define WOLFSSL_SHA384
314 #endif
315
316 /* over twice as small, but 50% slower */
317 //#define USE_SLOW_SHA512
318#endif
319
320/* Sha3 */
321#undef WOLFSSL_SHA3
322#if 0
323 #define WOLFSSL_SHA3
324#endif
325
326/* MD5 */
327#undef NO_MD5
328#if 0
329
330#else
331 #define NO_MD5
332#endif
333
334/* HKDF */
335#undef HAVE_HKDF
336#if 1
337 #define HAVE_HKDF
338#endif
339
340/* CMAC */
341#undef WOLFSSL_CMAC
342#if 0
343 #define WOLFSSL_CMAC
344#endif
345
346
347/* ------------------------------------------------------------------------- */
348/* Benchmark / Test */
349/* ------------------------------------------------------------------------- */
350#ifdef TARGET_EMBEDDED
351 /* Use reduced benchmark / test sizes */
352 #define BENCH_EMBEDDED
353#endif
354
355/* Use test buffers from array (not filesystem) */
356#ifndef NO_FILESYSTEM
357#define USE_CERT_BUFFERS_256
358#define USE_CERT_BUFFERS_2048
359#endif
360
361/* ------------------------------------------------------------------------- */
362/* Debugging */
363/* To enable, call wolfSSL_Debugging_ON(); where debug output is wanted */
364/* ------------------------------------------------------------------------- */
365
366#undef DEBUG_WOLFSSL
367#undef NO_ERROR_STRINGS
368#if 0
369 #define DEBUG_WOLFSSL
370#else
371 #if 0
372 #define NO_ERROR_STRINGS
373 #endif
374#endif
375
376// Prints out the TLS secrets to the console, allowing for decryption of the TLS stream
377// #define SHOW_SECRETS
378// #define HAVE_SECRET_CALLBACK
379
380/* ------------------------------------------------------------------------- */
381/* Memory */
382/* ------------------------------------------------------------------------- */
383
384/* TLS SRAM pool size in KB for NBMalloc allocator */
385#define WOLFSSL_TLS_SRAM_KB 32
386
387/* Override Memory API's */
388#ifdef SSL_CUSTOM_MALLOC
389 #define XMALLOC_OVERRIDE
390
391 /* prototypes for user heap override functions */
392 /* Note: Realloc only required for normal math */
393 #include <stddef.h> /* for size_t */
394
395 extern void* NBMalloc(size_t n);
396 extern void NBFree(void *p);
397 extern void* NBRealloc(void *p, size_t n);
398
399 #define XMALLOC(n, h, t) NBMalloc(n)
400 #define XFREE(p, h, t) NBFree(p)
401 #define XREALLOC(p, n, h, t) NBRealloc(p, n)
402
403 // Platform specific fastest memory location
404 #if SSL_CUSTOM_MALLOC == 1 // Fastest memory on platform
405 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_TCM(name,size)
406 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_TCM(name,size)
407 #elif SSL_CUSTOM_MALLOC == 2
408 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_TCM(name,size)
409 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_TCM(name,size)
410 #elif SSL_CUSTOM_MALLOC == 3
411 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SRAM(name,size)
412 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_SRAM(name,size)
413 #elif SSL_CUSTOM_MALLOC == 4
414 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SDRAM(name,size)
415 #define CREATE_MEMORY_BUFFER(name,size) CREATE_MEMORY_BUFFER_SDRAM(name,size)
416 #endif
417#endif
418
419#if 0
420 /* Static memory requires fast math */
421 #define WOLFSSL_STATIC_MEMORY
422
423 /* Disable fallback malloc/free */
424 #define WOLFSSL_NO_MALLOC
425 #if 1
426 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
427 #endif
428#endif
429
430/* Memory callbacks */
431#if 1
432 #undef USE_WOLFSSL_MEMORY
433 #define USE_WOLFSSL_MEMORY
434
435 /* Use this to measure / print heap usage */
436 #if 0
437 #define WOLFSSL_TRACK_MEMORY
438 #define WOLFSSL_DEBUG_MEMORY
439 #endif
440#else
441 #ifndef WOLFSSL_STATIC_MEMORY
442 #define NO_WOLFSSL_MEMORY
443 /* Otherwise we will use stdlib malloc, free and realloc */
444 #endif
445#endif
446
447
448/* ------------------------------------------------------------------------- */
449/* Port */
450/* ------------------------------------------------------------------------- */
451
452/* Override Current Time */
453#if 1
454 /* Allows custom "custom_time()" function to be used for benchmark */
455 #define WOLFSSL_USER_CURRTIME
456 // #define WOLFSSL_GMTIME
457 #define USER_TICKS
458 #include <time.h>
459 extern unsigned long my_time(time_t *timer);
460 #define XTIME my_time
461#endif
462
463
464/* ------------------------------------------------------------------------- */
465/* RNG */
466/* ------------------------------------------------------------------------- */
467
468/* Choose RNG method */
469#if 1
470 /* Custom Seed Source */
471 #if 1
472 /* Size of returned HW RNG value */
473 #define CUSTOM_RAND_TYPE unsigned int
474 extern unsigned int my_rng_seed_gen(void);
475 #undef CUSTOM_RAND_GENERATE
476 #define CUSTOM_RAND_GENERATE my_rng_seed_gen
477 #endif
478
479 // NetBurner specific define for enabling hardware random number generation for M7
480 #define GATHER_RANDOM_USE_HW
481
482 /* Use built-in P-RNG (SHA256 based) with HW RNG */
483 /* P-RNG + HW RNG (P-RNG is ~8K) */
484 #undef HAVE_HASHDRBG
485 #define HAVE_HASHDRBG
486#else
487 #undef WC_NO_HASHDRBG
488 #define WC_NO_HASHDRBG
489
490 /* Bypass P-RNG and use only HW RNG */
491 extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
492 #undef CUSTOM_RAND_GENERATE_BLOCK
493 #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
494#endif
495
496
497/* ------------------------------------------------------------------------- */
498/* Custom Standard Lib */
499/* ------------------------------------------------------------------------- */
500/* Allows override of all standard library functions */
501#undef STRING_USER
502#if 0
503 #define STRING_USER
504
505 #include <string.h>
506
507 #define USE_WOLF_STRSEP
508 #define XSTRSEP(s1,d) wc_strsep((s1),(d))
509
510 #define USE_WOLF_STRTOK
511 #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
512
513 #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
514
515 #define XMEMCPY(d,s,l) memcpy((d),(s),(l))
516 #define XMEMSET(b,c,l) memset((b),(c),(l))
517 #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
518 #define XMEMMOVE(d,s,l) memmove((d),(s),(l))
519
520 #define XSTRLEN(s1) strlen((s1))
521 #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
522 #define XSTRSTR(s1,s2) strstr((s1),(s2))
523
524 #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
525 #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
526 #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
527
528 #define XSNPRINTF snprintf
529#endif
530
531
532
533/* ------------------------------------------------------------------------- */
534/* Enable Features */
535/* ------------------------------------------------------------------------- */
536
537#ifdef SSL_TLS_1_3_SUPPORT // defined in predef.h
538#define WOLFSSL_TLS13
539/* OPTIMIZATION: 0-RTT for faster TLS 1.3 session resumption */
540#define WOLFSSL_EARLY_DATA
541#endif
542/* Non-default profiles disable TLS 1.2 for smaller footprint */
543#if defined(CRYPTO_PROFILE_AESGCM) || defined(CRYPTO_PROFILE_CHACHA) || defined(CRYPTO_PROFILE_MINIMAL)
544#define WOLFSSL_NO_TLS12
545#endif
546#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
547#define HAVE_TLS_EXTENSIONS
548#define HAVE_SUPPORTED_CURVES
549#define WOLFSSL_BASE64_ENCODE
550
551
552#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
553#define KEEP_PEER_CERT
554//#define HAVE_COMP_KEY
555
556/* TLS Session Cache */
557#if 1
558 #define SMALL_SESSION_CACHE
559 #define NO_SESSION_CACHE_REF
560#else
561 #define NO_SESSION_CACHE
562#endif
563
564#define HAVE_ONE_TIME_AUTH
565#define HAVE_SNI
566#define HAVE_SESSION_TICKET
567/* OPTIMIZATION: Smaller certificate verification code path */
568#define WOLFSSL_SMALL_CERT_VERIFY
569
570// Allows WolfSSL to malloc the tls 1.3 ticket nonce, instead of using a static buffer. This supports large ticket nonces
571#define WOLFSSL_TICKET_NONCE_MALLOC
572
573/* ------------------------------------------------------------------------- */
574/* Disable Features */
575/* ------------------------------------------------------------------------- */
576//#define NO_WOLFSSL_SERVER
577//#define NO_WOLFSSL_CLIENT
578//#define NO_CRYPT_TEST
579//#define NO_CRYPT_BENCHMARK
580//#define WOLFCRYPT_ONLY
581
582/* In-lining of misc.c functions */
583/* If defined, must include wolfcrypt/src/misc.c in build */
584/* Slower, but about 1k smaller */
585// #define NO_INLINE
586
587#define WOLFSSL_NO_SOCK
588#define NO_WOLFSSL_DIR
589
590#ifdef TARGET_EMBEDDED
591 #define NO_FILESYSTEM
592 #define NO_WRITEV
593 #define NO_MAIN_DRIVER
594 #define NO_DEV_RANDOM
595#endif
596
597#define NO_OLD_TLS
598#define NO_PSK
599
600#define NO_DSA
601// #define NO_RC4
602#define NO_MD4
603#define NO_PWDBASED
604//#define NO_CODING
605//#define NO_ASN_TIME
606//#define NO_CERTS
607//#define NO_SIG_WRAPPER
608
609#define NO_HC128
610#define NO_RABBIT
611
612#define WOLFSSL_IGNORE_FILE_WARN
613
614#undef NO_TLS
615
616#if !defined(CRYPTO_PROFILE_AESGCM) && !defined(CRYPTO_PROFILE_CHACHA) && !defined(CRYPTO_PROFILE_MINIMAL)
617// Settings made for TLS 1.2 backward compatibility
618#define WOLFSSL_STATIC_RSA // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA
619#define WOLFSSL_STATIC_DH // Needed to support TLS_ECDH_ECDSA_WITH_RC4_128_SHA
620#endif
621#define WOLFSSL_AES_128 // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256
622#define WOLFSSL_AES_256 // Needed to support TLS_RSA_WITH_AES_256_CBC_SHA256
623
624#define WOLFSSL_CERT_REQ
625#define WOLFSSL_CERT_GEN
626#define WOLFSSL_ALT_NAMES
627#define WOLFSSL_DER_TO_PEM
628#define WOLFSSL_KEY_GEN
629#define WOLFSSL_EITHER_SIDE
630
631#define ENABLE_ECCKEY_CREATE // Custom define, maybe should move to predef?
632#define ENABLE_RSAKEY_CREATE // Custom define, maybe should move to predef?
633
634 // For wolfSSH
635 //#undef WOLFSSH_SFTP
636 //#define WOLFSSH_SFTP
637
638 //#undef WOLFSSH_SCP
639 //#define WOLFSSH_SCP
640
641#undef WOLFSSH_USER_IO
642#define WOLFSSH_USER_IO
643
644#ifdef __cplusplus
645}
646#endif
647
648#endif /* WOLFSSL_USER_SETTINGS_H */