2
0

user_settings.h 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462
  1. /* user_settings.h
  2. *
  3. * Copyright (C) 2006-2024 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #ifndef USER_SETTINGS_H
  22. #define USER_SETTINGS_H
  23. #ifdef CONFIG_WOLFSSL
  24. /* If a custom user_settings file is provided use it instead.
  25. * CONFIG_WOLFSSL_SETTINGS_FILE is always defined. If it is not explicitly set
  26. * in prj.conf then it is auto-defined to "". This obviously causes issues here.
  27. * That is why we define WOLFSSL_SETTINGS_FILE in CMakeLists.txt. */
  28. #ifdef WOLFSSL_SETTINGS_FILE
  29. #include WOLFSSL_SETTINGS_FILE
  30. #else
  31. #ifdef __cplusplus
  32. extern "C" {
  33. #endif
  34. /* ------------------------------------------------------------------------- */
  35. /* Platform */
  36. /* ------------------------------------------------------------------------- */
  37. #define WOLFSSL_GENERAL_ALIGNMENT 4 /* platform requires 32-bit alignment on uint32_t */
  38. #define SIZEOF_LONG_LONG 8 /* long long is 8 bytes / 64-bit */
  39. //#define WOLFSSL_NO_ASM /* optionally disable inline assembly support */
  40. #define WOLFSSL_IGNORE_FILE_WARN /* ignore file includes not required */
  41. //#define WOLFSSL_SMALL_STACK /* option to reduce stack size, offload to heap */
  42. #define BENCH_EMBEDDED /* use smaller buffers in benchmark / tests */
  43. /* Network stack */
  44. /* Default is POSIX sockets */
  45. //#define WOLFSSL_USER_IO /* Use the SetIO callbacks, not the internal wolfio.c socket code */
  46. //#define WOLFSSL_LWIP
  47. //#define WOLFSSL_LWIP_NATIVE
  48. //#define FREERTOS_TCP
  49. /* RTOS */
  50. /* Default is POSIX mutex and pthreads*/
  51. //#define SINGLE_THREADED
  52. //#define FREERTOS
  53. #define NO_FILESYSTEM
  54. #define NO_WRITEV
  55. /* ------------------------------------------------------------------------- */
  56. /* Hardware */
  57. /* ------------------------------------------------------------------------- */
  58. /* CryptoCell support */
  59. #if 0
  60. //#define WOLFSSL_CRYPTOCELL
  61. //#define WOLFSSL_CRYPTOCELL_AES
  62. #endif
  63. /* PSA support */
  64. #ifdef CONFIG_MBEDTLS_PSA_CRYPTO_C
  65. #define WOLFSSL_HAVE_PSA
  66. #ifndef SINGLE_THREADED
  67. #define WOLFSSL_PSA_GLOBAL_LOCK
  68. #endif
  69. #define WC_NO_HASHDRBG /* use PSA RNG directly via wc_psa_get_random */
  70. #endif
  71. /* ------------------------------------------------------------------------- */
  72. /* FIPS */
  73. /* ------------------------------------------------------------------------- */
  74. #ifdef CONFIG_WOLFCRYPT_FIPS
  75. /* FIPS Ready */
  76. #define HAVE_FIPS_VERSION 5
  77. #define HAVE_FIPS_VERSION_MINOR 3
  78. #endif
  79. /* ------------------------------------------------------------------------- */
  80. /* TLS */
  81. /* ------------------------------------------------------------------------- */
  82. /* TLS v1.2 (on by default) */
  83. #ifdef CONFIG_WOLFSSL_TLS_VERSION_1_2
  84. #undef WOLFSSL_NO_TLS12
  85. #else
  86. #define WOLFSSL_NO_TLS12
  87. #endif
  88. //#define NO_WOLFSSL_SERVER /* Optionally disable TLS server code */
  89. //#define NO_WOLFSSL_CLIENT /* Optionally disable TLS client code */
  90. /* TLS v1.3 */
  91. #if defined(CONFIG_WOLFSSL_TLS_VERSION_1_3) || defined(CONFIG_WOLFSSL_TLS13_ENABLED)
  92. #define WOLFSSL_TLS13
  93. #endif
  94. /* Disable older TLS version prior to 1.2 */
  95. #define NO_OLD_TLS
  96. /* Enable default TLS extensions */
  97. #define HAVE_TLS_EXTENSIONS
  98. #define HAVE_SUPPORTED_CURVES
  99. #define HAVE_EXTENDED_MASTER
  100. #define HAVE_ENCRYPT_THEN_MAC
  101. #define HAVE_SERVER_RENEGOTIATION_INFO
  102. #define HAVE_SNI /* optional Server Name Indicator (SNI) */
  103. /* ASN */
  104. #define WOLFSSL_ASN_TEMPLATE /* use newer ASN template asn.c code (default) */
  105. #if 0 /* optional space reductions */
  106. #define WOLFSSL_NO_ASN_STRICT
  107. #define IGNORE_NAME_CONSTRAINTS
  108. #endif
  109. /* Session Cache */
  110. #if 1
  111. #define SMALL_SESSION_CACHE
  112. #ifdef WOLFSSL_TLS13
  113. #define HAVE_SESSION_TICKET /* session tickets required for resumption in TLS v1.3 */
  114. #endif
  115. #else
  116. #define NO_SESSION_CACHE /* disable session resumption */
  117. #endif
  118. /* DTLS */
  119. #if defined(CONFIG_WOLFSSL_DTLS)
  120. #define WOLFSSL_DTLS
  121. #define HAVE_SOCKADDR
  122. #endif
  123. /* PSK */
  124. #if defined(CONFIG_WOLFSSL_PSK)
  125. #undef NO_PSK
  126. #define WOLFSSL_STATIC_PSK
  127. #else
  128. #define NO_PSK /* disable pre-shared-key support */
  129. #endif
  130. /* ALPN */
  131. #if defined(CONFIG_WOLFSSL_ALPN)
  132. #define HAVE_ALPN
  133. #endif
  134. #if defined(CONFIG_WOLFSSL_MAX_FRAGMENT_LEN)
  135. #define HAVE_MAX_FRAGMENT
  136. #endif
  137. #if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
  138. #define WOLFSSL_SET_CIPHER_BYTES
  139. #endif
  140. /* ------------------------------------------------------------------------- */
  141. /* Algorithms */
  142. /* ------------------------------------------------------------------------- */
  143. /* RNG */
  144. #ifndef WC_NO_HASHDRBG
  145. #define HAVE_HASHDRBG /* Use DRBG SHA2-256 and seed */
  146. #ifdef CONFIG_CSPRNG_ENABLED
  147. #define WC_RNG_SEED_CB
  148. #endif
  149. #endif
  150. /* ECC */
  151. #if 1
  152. #define HAVE_ECC
  153. #define ECC_USER_CURVES /* Enable only ECC curves specific */
  154. #undef NO_ECC256 /* Enable SECP256R1 only (on by default) */
  155. #define ECC_TIMING_RESISTANT /* Enable Timing Resistance */
  156. //#define ECC_SHAMIR /* Optional ECC calculation speed improvement if not using SP implementation */
  157. //#define WOLFSSL_CUSTOM_CURVES /* enable other curves (not just prime) */
  158. //#define HAVE_ECC_SECPR2
  159. //#define HAVE_ECC_SECPR3
  160. //#define HAVE_ECC_BRAINPOOL
  161. //#define HAVE_ECC_KOBLITZ
  162. //#define HAVE_ECC_CDH /* Co-factor */
  163. //#define HAVE_COMP_KEY /* Compressed key support */
  164. //#define FP_ECC /* Fixed point caching - speed repeated operations against same key */
  165. //#define HAVE_ECC_ENCRYPT
  166. //#define WOLFCRYPT_HAVE_ECCSI
  167. //#define WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT
  168. #endif
  169. #define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
  170. /* RSA */
  171. #if 1
  172. #undef NO_RSA
  173. #define WC_RSA_BLINDING
  174. //#define WC_RSA_NO_PADDING
  175. //#define RSA_LOW_MEM
  176. #if 0
  177. #define WOLFSSL_KEY_GEN /* For RSA Key gen only */
  178. #endif
  179. #if defined(WOLFSSL_TLS13) || defined(CONFIG_WOLFSSL_RSA_PSS)
  180. /* TLS v1.3 requires RSA PSS padding */
  181. #define WC_RSA_PSS
  182. //#define WOLFSSL_PSS_LONG_SALT
  183. #endif
  184. #else
  185. #define NO_RSA
  186. #endif
  187. /* DH */
  188. #if 0
  189. #undef NO_DH /* on by default */
  190. #define WOLFSSL_DH_CONST /* don't rely on pow/log */
  191. #define HAVE_FFDHE_2048
  192. #define HAVE_FFDHE_3072
  193. #define HAVE_DH_DEFAULT_PARAMS
  194. //#define WOLFSSL_DH_EXTRA /* Enable additional DH key import/export */
  195. #else
  196. #define NO_DH
  197. #endif
  198. /* ChaCha20 / Poly1305 */
  199. #if 1
  200. #define HAVE_CHACHA
  201. #define HAVE_POLY1305
  202. /* Needed for Poly1305 */
  203. #define HAVE_ONE_TIME_AUTH
  204. #endif
  205. /* Ed25519 / Curve25519 */
  206. #if 0
  207. #define HAVE_CURVE25519
  208. #define HAVE_ED25519 /* ED25519 Requires SHA512 */
  209. /* Optionally use small math (less flash usage, but much slower) */
  210. //#define CURVED25519_SMALL
  211. #endif
  212. /* SHA-1 */
  213. #if 0
  214. #undef NO_SHA /* on by default */
  215. //#define USE_SLOW_SHA /* 1k smaller, but 25% slower */
  216. #else
  217. // #define NO_SHA /* Necessary for pkcs12 tests */
  218. #endif
  219. /* SHA2-256 */
  220. #if 1
  221. #undef NO_SHA256 /* on by default */
  222. //#define USE_SLOW_SHA256 /* ~2k smaller and about 25% slower */
  223. #define WOLFSSL_SHA224
  224. #else
  225. #define NO_SHA256
  226. #endif
  227. /* SHA2-384/512 */
  228. #if 1
  229. #define WOLFSSL_SHA384
  230. #define WOLFSSL_SHA512
  231. //#define USE_SLOW_SHA512 /* Over twice as small, but 50% slower */
  232. #endif
  233. /* SHA-3 */
  234. #if 1
  235. #define WOLFSSL_SHA3
  236. #endif
  237. /* AES */
  238. #define HAVE_AES_ECB
  239. /* AES-CBC */
  240. #if 1
  241. #define HAVE_AES_CBC
  242. #else
  243. #define NO_AES_CBC
  244. #endif
  245. /* AES-GCM */
  246. #if 1
  247. #define HAVE_AESGCM
  248. #define GCM_SMALL /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
  249. //#define WOLFSSL_AESGCM_STREAM
  250. #endif
  251. //#define HAVE_AES_DECRYPT
  252. //#define WOLFSSL_AES_COUNTER
  253. //#define WOLFSSL_AES_CFB
  254. //#define WOLFSSL_AES_OFB
  255. //#define HAVE_AESCCM
  256. //#define WOLFSSL_AES_XTS
  257. //#define NO_AES_128
  258. //#define NO_AES_192
  259. //#define NO_AES_256
  260. //#define WOLFSSL_AES_SMALL_TABLES
  261. //#define WOLFSSL_AES_NO_UNROLL
  262. /* HKDF */
  263. #if defined(WOLFSSL_TLS13) || defined(CONFIG_WOLFSSL_HKDF)
  264. #define HAVE_HKDF
  265. #endif
  266. /* CMAC - Zephyr nRF BTLE needs CMAC */
  267. #if 1
  268. #define WOLFSSL_AES_DIRECT
  269. #define WOLFSSL_CMAC
  270. #endif
  271. /* Optional Features */
  272. #define WOLFSSL_BASE64_ENCODE /* Enable Base64 encoding */
  273. //#define WC_NO_CACHE_RESISTANT /* systems with cache should enable this for AES, ECC, RSA and DH */
  274. //#define WOLFSSL_CERT_GEN
  275. //#define WOLFSSL_CERT_REQ
  276. //#define WOLFSSL_CERT_EXT
  277. //#define NO_PWDBASED
  278. /* Disable Algorithms */
  279. #define NO_DSA
  280. #define NO_RC4
  281. #define NO_MD4
  282. #define NO_MD5
  283. //#define NO_DES3 /* Necessary for pkcs12 tests */
  284. #define WOLFSSL_NO_SHAKE128
  285. #define WOLFSSL_NO_SHAKE256
  286. /* ------------------------------------------------------------------------- */
  287. /* Math */
  288. /* ------------------------------------------------------------------------- */
  289. /* Math Options */
  290. /* Multi-precision - generic math for all keys sizes and curves */
  291. #if 1
  292. #define WOLFSSL_SP_MATH /* no multi-precision math, only single */
  293. #elif 1
  294. /* wolf mp math (sp_int.c) */
  295. #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
  296. //#define WOLFSSL_SP_NO_MALLOC
  297. /* use smaller version of code */
  298. #define WOLFSSL_SP_SMALL
  299. /* Define the maximum math bits used */
  300. #if !defined(NO_RSA) || !defined(NO_DH)
  301. #define SP_INT_BITS 2048
  302. #elif defined(HAVE_ECC)
  303. #define SP_INT_BITS 256
  304. #endif
  305. #elif 1
  306. /* Fast Math (tfm.c) (stack based and timing resistant) */
  307. #define USE_FAST_MATH
  308. #define TFM_TIMING_RESISTANT
  309. /* Define the maximum math bits used (2 * max) */
  310. #if !defined(NO_RSA) || !defined(NO_DH)
  311. #define FP_MAX_BITS (2*2048)
  312. #ifdef HAVE_ECC
  313. #define ALT_ECC_SIZE /* use heap allocation for ECC point */
  314. #endif
  315. #elif defined(HAVE_ECC)
  316. #define FP_MAX_BITS (2*256)
  317. #endif
  318. #ifdef HAVE_ECC
  319. //#define TFM_ECC256 /* optional speedup for ECC-256 bit */
  320. #endif
  321. #else
  322. /* Normal (integer.c) (heap based, not timing resistant) - not recommended */
  323. #define USE_INTEGER_HEAP_MATH
  324. #endif
  325. /* Single Precision (optional) */
  326. /* Math written for specific curves and key sizes */
  327. #if 1
  328. #ifdef HAVE_ECC
  329. #define WOLFSSL_HAVE_SP_ECC
  330. //#define WOLFSSL_SP_NO_256
  331. //#define WOLFSSL_SP_384
  332. //#define WOLFSSL_SP_521
  333. #endif
  334. #ifndef NO_RSA
  335. #define WOLFSSL_HAVE_SP_RSA
  336. //#define WOLFSSL_SP_NO_2048
  337. //#define WOLFSSL_SP_NO_3072
  338. //#define WOLFSSL_SP_4096
  339. #endif
  340. #ifndef NO_DH
  341. #define WOLFSSL_HAVE_SP_DH
  342. #endif
  343. #define WOLFSSL_SP_SMALL /* use smaller version of code */
  344. //#define WOLFSSL_SP_NO_MALLOC /* disable heap in wolf/SP math */
  345. //#define SP_DIV_WORD_USE_DIV /* no div64 */
  346. #if 0
  347. /* optional speedup with inline assembly */
  348. //#define WOLFSSL_SP_ARM_CORTEX_M_ASM /* Cortex-M3+ */
  349. //#define WOLFSSL_SP_ARM_THUMB_ASM /* Cortex-M0+ thumb */
  350. //#define WOLFSSL_SP_ARM32_ASM /* Cortex-R */
  351. //#define WOLFSSL_SP_ARM64_ASM /* Cortex-A */
  352. //#define WOLFSSL_SP_USE_UDIV
  353. #endif
  354. #endif
  355. /* ------------------------------------------------------------------------- */
  356. /* Assembly Speedups for Symmetric Algorithms */
  357. /* ------------------------------------------------------------------------- */
  358. #ifdef CONFIG_WOLFCRYPT_ARMASM
  359. #define WOLFSSL_ARMASM
  360. #define WOLFSSL_NO_HASH_RAW
  361. #define WOLFSSL_ARMASM_INLINE /* use inline .c versions */
  362. #define WOLFSSL_ARMASM_NO_NEON
  363. /* Default is ARMv8 */
  364. #if 0 /* ARMv7 */
  365. #define WOLFSSL_ARM_ARCH 7
  366. #define WOLFSSL_ARMASM_NO_HW_CRYPTO /* enable if processor does not support aes/sha instructions */
  367. #endif
  368. #endif
  369. #ifdef CONFIG_WOLFCRYPT_INTELASM
  370. #define USE_INTEL_SPEEDUP
  371. #define WOLFSSL_X86_64_BUILD /* 64-bit */
  372. //#define WOLFSSL_X86_BUILD /* 32-bit */
  373. /* Issues with building AESNI "_mm_aesimc_si128" always_inline */
  374. //#define WOLFSSL_AESNI
  375. #endif
  376. /* ------------------------------------------------------------------------- */
  377. /* Debugging */
  378. /* ------------------------------------------------------------------------- */
  379. #undef DEBUG_WOLFSSL
  380. #undef NO_ERROR_STRINGS
  381. #ifdef CONFIG_WOLFSSL_DEBUG
  382. #define DEBUG_WOLFSSL
  383. #else
  384. #if 1
  385. #define NO_ERROR_STRINGS
  386. #endif
  387. #endif
  388. #ifdef __cplusplus
  389. }
  390. #endif
  391. #endif /* CONFIG_WOLFSSL_SETTINGS_FILE */
  392. #endif /* CONFIG_WOLFSSL */
  393. #endif /* USER_SETTINGS_H */