/* user_settings.h * * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ /* Example Settings for CryptoCell */ #ifndef WOLFSSL_USER_SETTINGS_H #define WOLFSSL_USER_SETTINGS_H #ifdef __cplusplus extern "C" { #endif /* ------------------------------------------------------------------------- */ /* CryptoCell */ /* ------------------------------------------------------------------------- */ #if 1 #define WOLFSSL_CRYPTOCELL #define WOLFSSL_nRF5x_SDK_15_2 /* for benchmark timer */ #define WOLFSSL_CRYPTOCELL_AES /* only CBC mode is supported */ #else /* run without CryptoCell, include IDE/GCC-ARM/Source/wolf_main.c for current_time(). */ #endif #if defined(WOLFSSL_CRYPTOCELL) /* see SASI_AES_KEY_MAX_SIZE_IN_BYTES in the nRF5 SDK */ #define AES_MAX_KEY_SIZE 128 #endif /* WOLFSSL_CRYPTOCELL*/ /* ------------------------------------------------------------------------- */ /* Platform */ /* ------------------------------------------------------------------------- */ #undef WOLFSSL_GENERAL_ALIGNMENT #define WOLFSSL_GENERAL_ALIGNMENT 4 #undef SINGLE_THREADED #define SINGLE_THREADED #undef WOLFSSL_SMALL_STACK #define WOLFSSL_SMALL_STACK #undef WOLFSSL_USER_IO #define WOLFSSL_USER_IO /* ------------------------------------------------------------------------- */ /* Math Configuration */ /* ------------------------------------------------------------------------- */ #undef SIZEOF_LONG_LONG #define SIZEOF_LONG_LONG 8 #undef USE_FAST_MATH #if 1 #define USE_FAST_MATH #undef TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT /* Optimizations */ //#define TFM_ARM #endif /* Wolf Single Precision Math */ #undef WOLFSSL_SP #if 0 #define WOLFSSL_SP #define WOLFSSL_SP_SMALL /* use smaller version of code */ #define WOLFSSL_HAVE_SP_RSA #define WOLFSSL_HAVE_SP_DH #define WOLFSSL_HAVE_SP_ECC #define WOLFSSL_SP_CACHE_RESISTANT //#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */ /* Assembly */ //#define WOLFSSL_SP_ASM /* required if using the ASM versions */ //#define WOLFSSL_SP_ARM_CORTEX_M_ASM #endif /* ------------------------------------------------------------------------- */ /* Crypto */ /* ------------------------------------------------------------------------- */ /* RSA */ #undef NO_RSA #if 1 #ifdef USE_FAST_MATH /* Maximum math bits (Max RSA key bits * 2) */ #undef FP_MAX_BITS #define FP_MAX_BITS 4096 #endif /* half as much memory but twice as slow */ #undef RSA_LOW_MEM //#define RSA_LOW_MEM /* Enables blinding mode, to prevent timing attacks */ #if 1 #undef WC_RSA_BLINDING #define WC_RSA_BLINDING #else #undef WC_NO_HARDEN #define WC_NO_HARDEN #endif /* RSA PSS Support */ #if 0 #define WC_RSA_PSS #endif #if 0 #define WC_RSA_NO_PADDING #endif #else #define NO_RSA #endif /* ECC */ #undef HAVE_ECC #if 1 #define HAVE_ECC #include /* strings.h required for strncasecmp */ /* Manually define enabled curves */ #undef ECC_USER_CURVES #define ECC_USER_CURVES #ifdef ECC_USER_CURVES /* Manual Curve Selection */ //#define HAVE_ECC192 //#define HAVE_ECC224 #undef NO_ECC256 #define HAVE_ECC384 //#define HAVE_ECC521 #endif /* Fixed point cache (speeds repeated operations against same private key) */ #undef FP_ECC //#define FP_ECC #ifdef FP_ECC /* Bits / Entries */ #undef FP_ENTRIES #define FP_ENTRIES 2 #undef FP_LUT #define FP_LUT 4 #endif /* Optional ECC calculation method */ /* Note: doubles heap usage, but slightly faster */ #undef ECC_SHAMIR #define ECC_SHAMIR /* Reduces heap usage, but slower */ #undef ECC_TIMING_RESISTANT #define ECC_TIMING_RESISTANT /* Enable cofactor support */ #undef HAVE_ECC_CDH //#define HAVE_ECC_CDH /* Validate import */ #undef WOLFSSL_VALIDATE_ECC_IMPORT //#define WOLFSSL_VALIDATE_ECC_IMPORT /* Compressed Key Support */ #undef HAVE_COMP_KEY //#define HAVE_COMP_KEY /* Use alternate ECC size for ECC math */ #ifdef USE_FAST_MATH #ifdef NO_RSA /* Custom fastmath size if not using RSA */ /* MAX = ROUND32(ECC BITS 384) + SIZE_OF_MP_DIGIT(32) */ #undef FP_MAX_BITS #define FP_MAX_BITS (384 + 32) #else #undef ALT_ECC_SIZE #define ALT_ECC_SIZE #endif /* Speedups specific to curve */ #ifndef NO_ECC256 #undef TFM_ECC256 #define TFM_ECC256 #endif #ifndef HAVE_ECC384 #undef TFM_ECC384 #define TFM_ECC384 #endif #endif #endif /* DH */ #undef NO_DH #if 0 /* Use table for DH instead of -lm (math) lib dependency */ #if 0 #define WOLFSSL_DH_CONST #endif #define HAVE_FFDHE_2048 //#define HAVE_FFDHE_4096 //#define HAVE_FFDHE_6144 //#define HAVE_FFDHE_8192 #else #define NO_DH #endif /* AES */ #undef NO_AES #if 1 #undef HAVE_AES_CBC #define HAVE_AES_CBC /* If you need other than AES-CBC mode, you must undefine WOLFSSL_CRYPTOCELL_AES */ #if !defined(WOLFSSL_CRYPTOCELL_AES) #undef HAVE_AESGCM #define HAVE_AESGCM /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ #define GCM_SMALL #undef WOLFSSL_AES_DIRECT //#define WOLFSSL_AES_DIRECT #undef HAVE_AES_ECB //#define HAVE_AES_ECB #undef WOLFSSL_AES_COUNTER //#define WOLFSSL_AES_COUNTER #undef HAVE_AESCCM //#define HAVE_AESCCM #endif #else #define NO_AES #endif /* DES3 */ #undef NO_DES3 #if 0 #else #define NO_DES3 #endif /* ChaCha20 / Poly1305 */ #undef HAVE_CHACHA #undef HAVE_POLY1305 #if 0 #define HAVE_CHACHA #define HAVE_POLY1305 /* Needed for Poly1305 */ #undef HAVE_ONE_TIME_AUTH #define HAVE_ONE_TIME_AUTH #endif /* Ed25519 / Curve25519 */ #undef HAVE_CURVE25519 #undef HAVE_ED25519 #if 0 #define HAVE_CURVE25519 #define HAVE_ED25519 /* ED25519 Requires SHA512 */ /* Optionally use small math (less flash usage, but much slower) */ #if 1 #define CURVED25519_SMALL #endif #endif /* ------------------------------------------------------------------------- */ /* Hashing */ /* ------------------------------------------------------------------------- */ /* Sha */ #undef NO_SHA #if 1 /* 1k smaller, but 25% slower */ //#define USE_SLOW_SHA #else #define NO_SHA #endif /* Sha256 */ #undef NO_SHA256 #if 1 /* not unrolled - ~2k smaller and ~25% slower */ //#define USE_SLOW_SHA256 /* Sha224 */ #if 0 #define WOLFSSL_SHA224 #endif #else #define NO_SHA256 #endif /* Sha512 */ #undef WOLFSSL_SHA512 #if 0 #define WOLFSSL_SHA512 /* Sha384 */ #undef WOLFSSL_SHA384 #if 0 #define WOLFSSL_SHA384 #endif /* over twice as small, but 50% slower */ //#define USE_SLOW_SHA512 #endif /* Sha3 */ #undef WOLFSSL_SHA3 #if 0 #define WOLFSSL_SHA3 #endif /* MD5 */ #undef NO_MD5 #if 0 #else #define NO_MD5 #endif /* HKDF */ #undef HAVE_HKDF #if 0 #define HAVE_HKDF #endif /* CMAC */ #undef WOLFSSL_CMAC #if 0 #define WOLFSSL_CMAC #endif /* ------------------------------------------------------------------------- */ /* Benchmark / Test */ /* ------------------------------------------------------------------------- */ /* Use reduced benchmark / test sizes */ #undef BENCH_EMBEDDED #define BENCH_EMBEDDED #undef USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_2048 //#undef USE_CERT_BUFFERS_1024 //#define USE_CERT_BUFFERS_1024 #undef USE_CERT_BUFFERS_256 #define USE_CERT_BUFFERS_256 /* ------------------------------------------------------------------------- */ /* Debugging */ /* ------------------------------------------------------------------------- */ #undef DEBUG_WOLFSSL #undef NO_ERROR_STRINGS #if 0 #define DEBUG_WOLFSSL #else #if 0 #define NO_ERROR_STRINGS #endif #endif /* ------------------------------------------------------------------------- */ /* Memory */ /* ------------------------------------------------------------------------- */ /* Override Memory API's */ #if 0 #undef XMALLOC_OVERRIDE #define XMALLOC_OVERRIDE /* prototypes for user heap override functions */ /* Note: Realloc only required for normal math */ #include /* for size_t */ extern void *myMalloc(size_t n, void* heap, int type); extern void myFree(void *p, void* heap, int type); extern void *myRealloc(void *p, size_t n, void* heap, int type); #define XMALLOC(n, h, t) myMalloc(n, h, t) #define XFREE(p, h, t) myFree(p, h, t) #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t) #endif #if 0 /* Static memory requires fast math */ #define WOLFSSL_STATIC_MEMORY /* Disable fallback malloc/free */ #define WOLFSSL_NO_MALLOC #if 1 #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */ #endif #endif /* Memory callbacks */ #if 0 #undef USE_WOLFSSL_MEMORY #define USE_WOLFSSL_MEMORY /* Use this to measure / print heap usage */ #if 1 #undef WOLFSSL_TRACK_MEMORY #define WOLFSSL_TRACK_MEMORY #undef WOLFSSL_DEBUG_MEMORY #define WOLFSSL_DEBUG_MEMORY #endif #else #ifndef WOLFSSL_STATIC_MEMORY #define NO_WOLFSSL_MEMORY /* Otherwise we will use stdlib malloc, free and realloc */ #endif #endif /* ------------------------------------------------------------------------- */ /* Port */ /* ------------------------------------------------------------------------- */ /* Override Current Time */ /* Allows custom "custom_time()" function to be used for benchmark */ #define WOLFSSL_USER_CURRTIME #define WOLFSSL_GMTIME #define USER_TICKS #if !defined(WOLFSSL_CRYPTOCELL) // extern unsigned long my_time(unsigned long* timer); // #define XTIME my_time #endif /* ------------------------------------------------------------------------- */ /* RNG */ /* ------------------------------------------------------------------------- */ #if defined(WOLFSSL_CRYPTOCELL) // /* Override P-RNG with HW RNG */ #undef CUSTOM_RAND_GENERATE_BLOCK #define CUSTOM_RAND_GENERATE_BLOCK cc310_random_generate //#define CUSTOM_RAND_GENERATE_BLOCK nrf_random_generate //#define WOLFSSL_GENSEED_FORTEST /* for software RNG*/ #else #define WOLFSSL_GENSEED_FORTEST #endif /* ------------------------------------------------------------------------- */ /* Enable Features */ /* ------------------------------------------------------------------------- */ #undef WOLFSSL_TLS13 #if 0 #define WOLFSSL_TLS13 #endif #undef WOLFSSL_KEY_GEN #if 1 #define WOLFSSL_KEY_GEN #endif /* reduce DH test time */ #define WOLFSSL_OLD_PRIME_CHECK #undef KEEP_PEER_CERT //#define KEEP_PEER_CERT #undef HAVE_COMP_KEY //#define HAVE_COMP_KEY #undef HAVE_TLS_EXTENSIONS #define HAVE_TLS_EXTENSIONS #undef HAVE_SUPPORTED_CURVES #define HAVE_SUPPORTED_CURVES #undef WOLFSSL_BASE64_ENCODE #define WOLFSSL_BASE64_ENCODE /* TLS Session Cache */ #if 0 #define SMALL_SESSION_CACHE #else #define NO_SESSION_CACHE #endif /* ------------------------------------------------------------------------- */ /* Disable Features */ /* ------------------------------------------------------------------------- */ #undef NO_WOLFSSL_SERVER //#define NO_WOLFSSL_SERVER #undef NO_WOLFSSL_CLIENT //#define NO_WOLFSSL_CLIENT #undef NO_CRYPT_TEST //#define NO_CRYPT_TEST #undef NO_CRYPT_BENCHMARK //#define NO_CRYPT_BENCHMARK #undef WOLFCRYPT_ONLY //#define WOLFCRYPT_ONLY /* In-lining of misc.c functions */ /* If defined, must include wolfcrypt/src/misc.c in build */ /* Slower, but about 1k smaller */ #undef NO_INLINE //#define NO_INLINE #undef NO_FILESYSTEM #define NO_FILESYSTEM #undef NO_WRITEV #define NO_WRITEV #undef NO_MAIN_DRIVER #define NO_MAIN_DRIVER #undef NO_DEV_RANDOM #define NO_DEV_RANDOM #undef NO_DSA #define NO_DSA #undef NO_RC4 #define NO_RC4 #undef NO_OLD_TLS #define NO_OLD_TLS #undef NO_PSK #define NO_PSK #undef NO_MD4 #define NO_MD4 #undef NO_PWDBASED #define NO_PWDBASED #undef NO_CODING //#define NO_CODING #undef NO_ASN_TIME //#define NO_ASN_TIME #undef NO_CERTS //#define NO_CERTS #undef NO_SIG_WRAPPER //#define NO_SIG_WRAPPER #ifdef __cplusplus } #endif #endif /* WOLFSSL_USER_SETTINGS_H */