NetBurner 3.5.6
PDF Version
SOMRT1061/user_settings.h
1/* user_settings_template.h
2 *
3 * Copyright (C) 2006-2023 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22#ifndef WOLFSSL_USER_SETTINGS_H
23#define WOLFSSL_USER_SETTINGS_H
24
25#ifdef __cplusplus
26extern "C" {
27#endif
28
29#include <predef.h>
30
31#define TARGET_EMBEDDED
32
33/* ------------------------------------------------------------------------- */
34/* Platform */
35/* ------------------------------------------------------------------------- */
36#define WOLFSSL_GENERAL_ALIGNMENT 4
37#define SIZEOF_LONG_LONG 8
38#if 0
39 #define NO_64BIT /* disable use of 64-bit variables */
40#endif
41
42#ifdef TARGET_EMBEDDED
43 /* disable mutex locking */
44 // #define SINGLE_THREADED
45
46 /* reduce stack use. For variables over 100 bytes allocate from heap */
47 #define WOLFSSL_SMALL_STACK
48
49 /* disable the built-in socket support and use the IO callbacks.
50 * Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
51 */
52 #define WOLFSSL_USER_IO
53#endif
54
55#define WOLFSSL_32BIT_MILLI_TIME
56
57/* ------------------------------------------------------------------------- */
58/* Math Configuration */
59/* ------------------------------------------------------------------------- */
60#define ULLONG_MAX 18446744073709551615ULL
61#define SP_WORD_SIZE 32
62
63#undef USE_FAST_MATH
64#if 0
65 /* fast math (tfmc.) (stack based and timing resistant) */
66 #define USE_FAST_MATH
67 #define TFM_TIMING_RESISTANT
68#else
69 /* normal heap based integer.c (not timing resistant) */
70#endif
71
72/* Wolf Single Precision Math */
73#undef WOLFSSL_SP
74#if 1
75 #define WOLFSSL_SP
76 #define WOLFSSL_HAVE_SP_RSA
77 #define WOLFSSL_HAVE_SP_DH
78 #define WOLFSSL_HAVE_SP_ECC
79 #define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
80 #define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
81
82 #define WOLFSSL_SP_CACHE_RESISTANT
83 // #define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */
84 #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
85
86 //#define WOLFSSL_SP_NO_MALLOC
87 //#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
88
89 #ifdef TARGET_EMBEDDED
90 /* use smaller version of code */
91 #define WOLFSSL_SP_SMALL
92 #else
93 /* SP Assembly Speedups - specific to chip type */
94 #define WOLFSSL_SP_ASM
95 #endif
96 //#define WOLFSSL_SP_X86_64
97 //#define WOLFSSL_SP_X86
98 //#define WOLFSSL_SP_ARM32_ASM
99 //#define WOLFSSL_SP_ARM64_ASM
100 //#define WOLFSSL_SP_ARM_THUMB_ASM
101 #define WOLFSSL_SP_ARM_CORTEX_M_ASM
102#endif
103
104/* ------------------------------------------------------------------------- */
105/* Crypto */
106/* ------------------------------------------------------------------------- */
107/* RSA */
108#undef NO_RSA
109#if 1
110 #ifdef USE_FAST_MATH
111 /* Maximum math bits (Max RSA key bits * 2) */
112 #define FP_MAX_BITS 4096
113 #endif
114
115 /* half as much memory but twice as slow */
116 //#define RSA_LOW_MEM
117
118 /* Enables blinding mode, to prevent timing attacks */
119 #define WC_RSA_BLINDING
120
121 /* RSA PSS Support */
122 #define WC_RSA_PSS
123#else
124 #define NO_RSA
125#endif
126
127/* DH */
128#undef NO_DH
129#if 1
130 /* Use table for DH instead of -lm (math) lib dependency */
131 #if 1
132 #define WOLFSSL_DH_CONST
133 #define HAVE_FFDHE_2048
134 //#define HAVE_FFDHE_4096
135 //#define HAVE_FFDHE_6144
136 //#define HAVE_FFDHE_8192
137 #endif
138#else
139 #define NO_DH
140#endif
141
142/* ECC */
143#undef HAVE_ECC
144#if 1
145 #define HAVE_ECC
146
147 /* Manually define enabled curves */
148 #define ECC_USER_CURVES
149
150 #ifdef ECC_USER_CURVES
151 /* Manual Curve Selection */
152 // #define HAVE_ECC192
153 // #define HAVE_ECC224
154 #undef NO_ECC256
155 #ifdef ENABLE_ECC384
156 #define HAVE_ECC384
157 #endif
158 #ifdef ENABLE_ECC521
159 // #define HAVE_ECC521
160 #endif
161 #endif
162
163 /* Fixed point cache (speeds repeated operations against same private key) */
164 #define FP_ECC
165 #ifdef FP_ECC
166 /* Bits / Entries */
167 #define FP_ENTRIES 15
168 #define FP_LUT 4
169 #endif
170
171 /* Optional ECC calculation method */
172 /* Note: doubles heap usage, but slightly faster */
173 #define ECC_SHAMIR
174
175 /* Reduces heap usage, but slower */
176 // #define ECC_TIMING_RESISTANT
177
178 /* Compressed ECC Key Support */
179 //#define HAVE_COMP_KEY
180
181 /* Use alternate ECC size for ECC math */
182 #ifdef USE_FAST_MATH
183 /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
184 #if defined(NO_RSA) && defined(NO_DH)
185 /* Custom fastmath size if not using RSA/DH */
186 #define FP_MAX_BITS (256 * 2)
187 #else
188 /* use heap allocation for ECC points */
189 #define ALT_ECC_SIZE
190
191 /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
192 //#define FP_MAX_BITS_ECC (256 * 2)
193 #endif
194
195 /* Speedups specific to curve */
196 #ifndef NO_ECC256
197 #define TFM_ECC256
198 #endif
199 #endif
200#endif
201
202
203/* AES */
204#undef NO_AES
205#if 1
206 #define HAVE_AES_CBC
207
208 #define HAVE_AESGCM
209
210 /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
211 // Listed in order of speed and memory usage
212 #define GCM_TABLE
213 // #define GCM_WORD32
214 // #define GCM_TABLE_4BIT
215 // #define GCM_SMALL
216
217 //#define WOLFSSL_AES_DIRECT
218 //#define HAVE_AES_ECB
219 //#define WOLFSSL_AES_COUNTER
220 #define HAVE_AESCCM
221#else
222 #define NO_AES
223#endif
224
225
226/* DES3 */
227#undef NO_DES3
228#if 1
229#else
230 #define NO_DES3
231#endif
232
233/* ChaCha20 / Poly1305 */
234#undef HAVE_CHACHA
235#undef HAVE_POLY1305
236#if 1
237 #define HAVE_CHACHA
238 #define HAVE_POLY1305
239
240 /* Needed for Poly1305 */
241 #define HAVE_ONE_TIME_AUTH
242#endif
243
244/* Ed25519 / Curve25519 */
245#undef HAVE_CURVE25519
246#undef HAVE_ED25519
247#if 1
248 #define HAVE_CURVE25519
249 #define HAVE_ED25519 /* ED25519 Requires SHA512 */
250
251 /* Optionally use small math (less flash usage, but much slower) */
252 #if 0
253 #define CURVED25519_SMALL
254 #endif
255#endif
256
257
258/* ------------------------------------------------------------------------- */
259/* Hashing */
260/* ------------------------------------------------------------------------- */
261/* Sha */
262#undef NO_SHA
263#if 1
264 /* 1k smaller, but 25% slower */
265 //#define USE_SLOW_SHA
266#else
267 #define NO_SHA
268#endif
269
270/* Sha256 */
271#undef NO_SHA256
272#if 1
273 /* not unrolled - ~2k smaller and ~25% slower */
274 //#define USE_SLOW_SHA256
275
276 /* Sha224 */
277 #if 0
278 #define WOLFSSL_SHA224
279 #endif
280#else
281 #define NO_SHA256
282#endif
283
284/* Sha512 */
285#undef WOLFSSL_SHA512
286#if 1
287 #define WOLFSSL_SHA512
288
289 /* Sha384 */
290 #undef WOLFSSL_SHA384
291 #if 1
292 #define WOLFSSL_SHA384
293 #endif
294
295 /* over twice as small, but 50% slower */
296 //#define USE_SLOW_SHA512
297#endif
298
299/* Sha3 */
300#undef WOLFSSL_SHA3
301#if 0
302 #define WOLFSSL_SHA3
303#endif
304
305/* MD5 */
306#undef NO_MD5
307#if 0
308
309#else
310 #define NO_MD5
311#endif
312
313/* HKDF */
314#undef HAVE_HKDF
315#if 1
316 #define HAVE_HKDF
317#endif
318
319/* CMAC */
320#undef WOLFSSL_CMAC
321#if 0
322 #define WOLFSSL_CMAC
323#endif
324
325
326/* ------------------------------------------------------------------------- */
327/* Benchmark / Test */
328/* ------------------------------------------------------------------------- */
329#ifdef TARGET_EMBEDDED
330 /* Use reduced benchmark / test sizes */
331 #define BENCH_EMBEDDED
332#endif
333
334/* Use test buffers from array (not filesystem) */
335#ifndef NO_FILESYSTEM
336#define USE_CERT_BUFFERS_256
337#define USE_CERT_BUFFERS_2048
338#endif
339
340/* ------------------------------------------------------------------------- */
341/* Debugging */
342/* To enable, call wolfSSL_Debugging_ON(); where debug output is wanted */
343/* ------------------------------------------------------------------------- */
344
345#undef DEBUG_WOLFSSL
346#undef NO_ERROR_STRINGS
347#if 0
348 #define DEBUG_WOLFSSL
349#else
350 #if 0
351 #define NO_ERROR_STRINGS
352 #endif
353#endif
354
355// Prints out the TLS secrets to the console, allowing for decryption of the TLS stream
356// #define SHOW_SECRETS
357// #define HAVE_SECRET_CALLBACK
358
359/* ------------------------------------------------------------------------- */
360/* Memory */
361/* ------------------------------------------------------------------------- */
362
363/* Override Memory API's */
364/* Override Memory API's */
365#ifdef SSL_CUSTOM_MALLOC
366 #define XMALLOC_OVERRIDE
367
368 /* prototypes for user heap override functions */
369 /* Note: Realloc only required for normal math */
370 #include <stddef.h> /* for size_t */
371
372 extern void* NBMalloc(size_t n);
373 extern void NBFree(void *p);
374 extern void* NBRealloc(void *p, size_t n);
375
376 #define XMALLOC(n, h, t) NBMalloc(n)
377 #define XFREE(p, h, t) NBFree(p)
378 #define XREALLOC(p, n, h, t) NBRealloc(p, n)
379
380 // Platform specific fastest memory location
381 #if SSL_CUSTOM_MALLOC == 1 // Fastest memory on platform
382 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_TCM(name,size)
383 #elif SSL_CUSTOM_MALLOC == 2
384 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_TCM(name,size)
385 #elif SSL_CUSTOM_MALLOC == 3
386 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SRAM(name,size)
387 #elif SSL_CUSTOM_MALLOC == 4
388 #define CREATE_MEMORY_ALLOCATOR(name,size) CREATE_MEMORY_ALLOCATOR_SDRAM(name,size)
389 #endif
390#endif
391
392#if 0
393 /* Static memory requires fast math */
394 #define WOLFSSL_STATIC_MEMORY
395
396 /* Disable fallback malloc/free */
397 #define WOLFSSL_NO_MALLOC
398 #if 1
399 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
400 #endif
401#endif
402
403/* Memory callbacks */
404#if 1
405 #undef USE_WOLFSSL_MEMORY
406 #define USE_WOLFSSL_MEMORY
407
408 /* Use this to measure / print heap usage */
409 #if 0
410 #define WOLFSSL_TRACK_MEMORY
411 #define WOLFSSL_DEBUG_MEMORY
412 #endif
413#else
414 #ifndef WOLFSSL_STATIC_MEMORY
415 #define NO_WOLFSSL_MEMORY
416 /* Otherwise we will use stdlib malloc, free and realloc */
417 #endif
418#endif
419
420
421/* ------------------------------------------------------------------------- */
422/* Port */
423/* ------------------------------------------------------------------------- */
424
425/* Override Current Time */
426#if 1
427 /* Allows custom "custom_time()" function to be used for benchmark */
428 #define WOLFSSL_USER_CURRTIME
429 // #define WOLFSSL_GMTIME
430 #define USER_TICKS
431 #include <time.h>
432 extern unsigned long my_time(time_t *timer);
433 #define XTIME my_time
434#endif
435
436
437/* ------------------------------------------------------------------------- */
438/* RNG */
439/* ------------------------------------------------------------------------- */
440
441/* Choose RNG method */
442#if 1
443 /* Custom Seed Source */
444 #if 1
445 /* Size of returned HW RNG value */
446 #define CUSTOM_RAND_TYPE unsigned int
447 extern unsigned int my_rng_seed_gen(void);
448 #undef CUSTOM_RAND_GENERATE
449 #define CUSTOM_RAND_GENERATE my_rng_seed_gen
450 #endif
451
452 // NetBurner specific define for enabling hardware random number generation for M7
453 // #define GATHER_RANDOM_USE_HW
454
455 /* Use built-in P-RNG (SHA256 based) with HW RNG */
456 /* P-RNG + HW RNG (P-RNG is ~8K) */
457 #undef HAVE_HASHDRBG
458 #define HAVE_HASHDRBG
459#else
460 #undef WC_NO_HASHDRBG
461 #define WC_NO_HASHDRBG
462
463 /* Bypass P-RNG and use only HW RNG */
464 extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
465 #undef CUSTOM_RAND_GENERATE_BLOCK
466 #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
467#endif
468
469
470/* ------------------------------------------------------------------------- */
471/* Custom Standard Lib */
472/* ------------------------------------------------------------------------- */
473/* Allows override of all standard library functions */
474#undef STRING_USER
475#if 0
476 #define STRING_USER
477
478 #include <string.h>
479
480 #define USE_WOLF_STRSEP
481 #define XSTRSEP(s1,d) wc_strsep((s1),(d))
482
483 #define USE_WOLF_STRTOK
484 #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
485
486 #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
487
488 #define XMEMCPY(d,s,l) memcpy((d),(s),(l))
489 #define XMEMSET(b,c,l) memset((b),(c),(l))
490 #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
491 #define XMEMMOVE(d,s,l) memmove((d),(s),(l))
492
493 #define XSTRLEN(s1) strlen((s1))
494 #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
495 #define XSTRSTR(s1,s2) strstr((s1),(s2))
496
497 #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
498 #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
499 #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
500
501 #define XSNPRINTF snprintf
502#endif
503
504
505
506/* ------------------------------------------------------------------------- */
507/* Enable Features */
508/* ------------------------------------------------------------------------- */
509
510#ifdef SSL_TLS_1_3_SUPPORT // defined in predef.h
511#define WOLFSSL_TLS13
512#endif
513#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
514#define HAVE_TLS_EXTENSIONS
515#define HAVE_SUPPORTED_CURVES
516#define WOLFSSL_BASE64_ENCODE
517
518
519#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
520#define KEEP_PEER_CERT
521//#define HAVE_COMP_KEY
522
523/* TLS Session Cache */
524#if 1
525 #define SMALL_SESSION_CACHE
526 #define NO_SESSION_CACHE_REF
527#else
528 #define NO_SESSION_CACHE
529#endif
530
531#define HAVE_ONE_TIME_AUTH
532#define HAVE_SNI
533#define HAVE_SESSION_TICKET
534
535// Allows WolfSSL to malloc the tls 1.3 ticket nonce, instead of using a static buffer. This supports large ticket nonces
536#define WOLFSSL_TICKET_NONCE_MALLOC
537
538/* ------------------------------------------------------------------------- */
539/* Disable Features */
540/* ------------------------------------------------------------------------- */
541//#define NO_WOLFSSL_SERVER
542//#define NO_WOLFSSL_CLIENT
543//#define NO_CRYPT_TEST
544//#define NO_CRYPT_BENCHMARK
545//#define WOLFCRYPT_ONLY
546
547/* In-lining of misc.c functions */
548/* If defined, must include wolfcrypt/src/misc.c in build */
549/* Slower, but about 1k smaller */
550// #define NO_INLINE
551
552#define WOLFSSL_NO_SOCK
553#define NO_WOLFSSL_DIR
554
555#ifdef TARGET_EMBEDDED
556 #define NO_FILESYSTEM
557 #define NO_WRITEV
558 #define NO_MAIN_DRIVER
559 #define NO_DEV_RANDOM
560#endif
561
562#define NO_OLD_TLS
563#define NO_PSK
564
565#define NO_DSA
566// #define NO_RC4
567#define NO_MD4
568#define NO_PWDBASED
569//#define NO_CODING
570//#define NO_ASN_TIME
571//#define NO_CERTS
572//#define NO_SIG_WRAPPER
573
574#define NO_HC128
575#define NO_RABBIT
576
577#define WOLFSSL_IGNORE_FILE_WARN
578
579#undef NO_TLS
580
581// Settings made for compatibility
582#define WOLFSSL_STATIC_RSA // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA
583#define WOLFSSL_AES_128 // Needed to support TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256
584#define WOLFSSL_AES_256 // Needed to support TLS_RSA_WITH_AES_256_CBC_SHA256
585#define WOLFSSL_STATIC_DH // Needed to support TLS_ECDH_ECDSA_WITH_RC4_128_SHA
586
587#define WOLFSSL_CERT_REQ
588#define WOLFSSL_CERT_GEN
589#define WOLFSSL_ALT_NAMES
590#define WOLFSSL_EITHER_SIDE
591#define WOLFSSL_DER_TO_PEM
592#define WOLFSSL_KEY_GEN
593#define WOLFSSL_EITHER_SIDE
594
595#define ENABLE_ECCKEY_CREATE // Custom define, maybe should move to predef?
596#define ENABLE_RSAKEY_CREATE // Custom define, maybe should move to predef?
597
598 // For wolfSSH
599 //#undef WOLFSSH_SFTP
600 //#define WOLFSSH_SFTP
601
602 //#undef WOLFSSH_SCP
603 //#define WOLFSSH_SCP
604
605#undef WOLFSSH_USER_IO
606#define WOLFSSH_USER_IO
607
608#ifdef __cplusplus
609}
610#endif
611
612#endif /* WOLFSSL_USER_SETTINGS_H */