user_settings.h 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461
  1. /* user_settings.h
  2. *
  3. * Copyright (C) 2006-2022 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. /* Template for the Infineon AURIX Development Studio and TC3XX
  22. * Example wolfSSL user settings with #if 0/1 gates to enable/disable algorithms and features.
  23. * This file is included with wolfssl/wolfcrypt/settings.h when WOLFSSL_USER_SETTINGS is defined.
  24. */
  25. #ifndef WOLFSSL_USER_SETTINGS_H
  26. #define WOLFSSL_USER_SETTINGS_H
  27. #ifdef __cplusplus
  28. extern "C" {
  29. #endif
  30. /* ------------------------------------------------------------------------- */
  31. /* Platform */
  32. /* ------------------------------------------------------------------------- */
  33. /* Alignment and sizeof 64-bit */
  34. #define WOLFSSL_GENERAL_ALIGNMENT 4
  35. #define SIZEOF_LONG_LONG 8
  36. /* disable threading - mutex locking */
  37. #define SINGLE_THREADED
  38. /* ignore file include warnings */
  39. #define WOLFSSL_IGNORE_FILE_WARN
  40. /* disable the built-in socket support and use the IO callbacks.
  41. * Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
  42. */
  43. #define WOLFSSL_USER_IO
  44. /* Disable file system */
  45. #define NO_FILESYSTEM
  46. /* ------------------------------------------------------------------------- */
  47. /* Port */
  48. /* ------------------------------------------------------------------------- */
  49. /* Override Current Time */
  50. /* Allows custom "custom_time()" function to be used for benchmark */
  51. #define WOLFSSL_USER_CURRTIME
  52. #define WOLFSSL_GMTIME
  53. #define USER_TICKS
  54. extern unsigned long my_time(unsigned long* timer);
  55. #define XTIME my_time
  56. /* Use built-in P-RNG (SHA256 based) with HW RNG */
  57. #undef HAVE_HASHDRBG
  58. #define HAVE_HASHDRBG
  59. /* Custom Seed Source */
  60. #define CUSTOM_RAND_TYPE unsigned int
  61. extern unsigned int my_rng_seed_gen(void);
  62. #undef CUSTOM_RAND_GENERATE
  63. #define CUSTOM_RAND_GENERATE my_rng_seed_gen
  64. /* Standard Lib - C89 */
  65. #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
  66. /* ------------------------------------------------------------------------- */
  67. /* Math Configuration */
  68. /* ------------------------------------------------------------------------- */
  69. #undef USE_FAST_MATH
  70. #undef WOLFSSL_SP
  71. #if 1
  72. /* Wolf Single Precision Math */
  73. #define WOLFSSL_HAVE_SP_RSA
  74. //#define WOLFSSL_HAVE_SP_DH
  75. #define WOLFSSL_HAVE_SP_ECC
  76. #define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
  77. #define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
  78. #define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */
  79. //#define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
  80. #define WOLFSSL_SP_NO_MALLOC
  81. //#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
  82. //#define WOLFSSL_SP_CACHE_RESISTANT
  83. /* use smaller version of code */
  84. #define WOLFSSL_SP_SMALL
  85. /* SP Assembly Speedups - specific to chip type */
  86. //#define WOLFSSL_SP_ASM
  87. //#define WOLFSSL_SP_ARM32_ASM
  88. //#define WOLFSSL_SP_ARM64_ASM
  89. //#define WOLFSSL_SP_ARM_THUMB_ASM
  90. //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
  91. #endif
  92. #ifndef WOLFSSL_SP_MATH
  93. #if 0
  94. /* fast math (tfmc.) (stack based and timing resistant) */
  95. #define USE_FAST_MATH
  96. #define TFM_TIMING_RESISTANT
  97. #else
  98. /* normal heap based integer.c (not timing resistant) */
  99. #define USE_INTEGER_HEAP_MATH
  100. #endif
  101. #endif
  102. /* ------------------------------------------------------------------------- */
  103. /* Crypto */
  104. /* ------------------------------------------------------------------------- */
  105. /* RSA */
  106. #undef NO_RSA
  107. #if 1
  108. #ifdef USE_FAST_MATH
  109. /* Maximum math bits (Max RSA key bits * 2) */
  110. #define FP_MAX_BITS 4096
  111. #endif
  112. /* half as much memory but twice as slow */
  113. //#define RSA_LOW_MEM
  114. /* Enables blinding mode, to prevent timing attacks */
  115. #define WC_RSA_BLINDING
  116. /* RSA PSS Support */
  117. #define WC_RSA_PSS
  118. #else
  119. #define NO_RSA
  120. #endif
  121. /* DH */
  122. #undef NO_DH
  123. #if 0
  124. /* Use table for DH instead of -lm (math) lib dependency */
  125. #if 1
  126. #define WOLFSSL_DH_CONST
  127. #define HAVE_FFDHE_2048
  128. //#define HAVE_FFDHE_4096
  129. //#define HAVE_FFDHE_6144
  130. //#define HAVE_FFDHE_8192
  131. #endif
  132. #else
  133. #define NO_DH
  134. #endif
  135. /* ECC */
  136. #undef HAVE_ECC
  137. #if 1
  138. #define HAVE_ECC
  139. /* Manually define enabled curves */
  140. #define ECC_USER_CURVES
  141. #ifdef ECC_USER_CURVES
  142. /* Manual Curve Selection */
  143. //#define HAVE_ECC192
  144. //#define HAVE_ECC224
  145. #undef NO_ECC256
  146. #define HAVE_ECC384
  147. //#define HAVE_ECC521
  148. #endif
  149. /* Fixed point cache (speeds repeated operations against same private key) */
  150. //#define FP_ECC
  151. #ifdef FP_ECC
  152. /* Bits / Entries */
  153. #define FP_ENTRIES 2
  154. #define FP_LUT 4
  155. #endif
  156. /* Optional ECC calculation method */
  157. /* Note: doubles heap usage, but slightly faster */
  158. #define ECC_SHAMIR
  159. /* Reduces heap usage, but slower */
  160. #define ECC_TIMING_RESISTANT
  161. /* Compressed ECC Key Support */
  162. //#define HAVE_COMP_KEY
  163. /* Use alternate ECC size for ECC math */
  164. #ifdef USE_FAST_MATH
  165. /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
  166. #if defined(NO_RSA) && defined(NO_DH)
  167. /* Custom fastmath size if not using RSA/DH */
  168. #define FP_MAX_BITS (256 * 2)
  169. #else
  170. /* use heap allocation for ECC points */
  171. #define ALT_ECC_SIZE
  172. /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
  173. //#define FP_MAX_BITS_ECC (256 * 2)
  174. #endif
  175. /* Speedups specific to curve */
  176. #ifndef NO_ECC256
  177. #define TFM_ECC256
  178. #endif
  179. #endif
  180. #endif
  181. /* AES */
  182. #undef NO_AES
  183. #if 1
  184. #define HAVE_AES_CBC
  185. /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
  186. #define HAVE_AESGCM
  187. #define GCM_SMALL
  188. #define WOLFSSL_AES_DIRECT
  189. #define HAVE_AES_ECB
  190. #else
  191. #define NO_AES
  192. #endif
  193. /* DES3 */
  194. #undef NO_DES3
  195. #if 0
  196. #else
  197. #define NO_DES3
  198. #endif
  199. /* ChaCha20 / Poly1305 */
  200. #undef HAVE_CHACHA
  201. #undef HAVE_POLY1305
  202. #if 1
  203. #define HAVE_CHACHA
  204. #define HAVE_POLY1305
  205. /* Needed for Poly1305 */
  206. #define HAVE_ONE_TIME_AUTH
  207. #endif
  208. /* Ed25519 / Curve25519 */
  209. #undef HAVE_CURVE25519
  210. #undef HAVE_ED25519
  211. #if 0
  212. #define HAVE_CURVE25519
  213. #define HAVE_ED25519 /* ED25519 Requires SHA512 */
  214. /* Optionally use small math (less flash usage, but much slower) */
  215. #if 1
  216. #define CURVED25519_SMALL
  217. #endif
  218. #endif
  219. /* ------------------------------------------------------------------------- */
  220. /* Hashing */
  221. /* ------------------------------------------------------------------------- */
  222. /* Sha */
  223. #undef NO_SHA
  224. #if 1
  225. /* on by default */
  226. /* 1k smaller, but 25% slower */
  227. //#define USE_SLOW_SHA
  228. #else
  229. #define NO_SHA
  230. #endif
  231. /* Sha256 */
  232. #undef NO_SHA256
  233. #if 1
  234. /* not unrolled - ~2k smaller and ~25% slower */
  235. //#define USE_SLOW_SHA256
  236. /* Sha224 */
  237. #if 0
  238. #define WOLFSSL_SHA224
  239. #endif
  240. #else
  241. #define NO_SHA256
  242. #endif
  243. /* Sha512 */
  244. #undef WOLFSSL_SHA512
  245. #if 0
  246. #define WOLFSSL_SHA512
  247. /* Sha384 */
  248. #undef WOLFSSL_SHA384
  249. #if 0
  250. #define WOLFSSL_SHA384
  251. #endif
  252. /* over twice as small, but 50% slower */
  253. //#define USE_SLOW_SHA512
  254. #endif
  255. /* Sha3 */
  256. #undef WOLFSSL_SHA3
  257. #if 0
  258. #define WOLFSSL_SHA3
  259. #endif
  260. /* MD5 */
  261. #undef NO_MD5
  262. #if 0
  263. /* on by default */
  264. #else
  265. #define NO_MD5
  266. #endif
  267. /* HKDF */
  268. #undef HAVE_HKDF
  269. #if 1
  270. #define HAVE_HKDF
  271. #endif
  272. /* CMAC */
  273. #undef WOLFSSL_CMAC
  274. #if 1
  275. #define WOLFSSL_CMAC
  276. /* Note: requires WOLFSSL_AES_DIRECT */
  277. #endif
  278. /* HMAC - on by default */
  279. #undef NO_HMAC
  280. #if 1
  281. /* on by default */
  282. #else
  283. #define NO_HMAC
  284. #endif
  285. /* ------------------------------------------------------------------------- */
  286. /* ASN */
  287. /* ------------------------------------------------------------------------- */
  288. #if 0
  289. /* Use the newer ASN template code */
  290. #define WOLFSSL_ASN_TEMPLATE
  291. //#define WOLFSSL_CUSTOM_OID
  292. //#define HAVE_OID_ENCODING
  293. //#define HAVE_OID_DECODING
  294. #else
  295. /* Use the original custom ASN code */
  296. #endif
  297. /* Optionally disable time checking for ASN */
  298. //#define NO_ASN_TIME
  299. /* ------------------------------------------------------------------------- */
  300. /* Benchmark / Test */
  301. /* ------------------------------------------------------------------------- */
  302. /* Use reduced benchmark / test sizes */
  303. #define BENCH_EMBEDDED
  304. /* Use test buffers from array (not filesystem) */
  305. #ifndef NO_FILESYSTEM
  306. #define USE_CERT_BUFFERS_256
  307. #define USE_CERT_BUFFERS_2048
  308. #endif
  309. /* ------------------------------------------------------------------------- */
  310. /* Debugging */
  311. /* ------------------------------------------------------------------------- */
  312. #undef DEBUG_WOLFSSL
  313. #undef NO_ERROR_STRINGS
  314. #if 0
  315. #define DEBUG_WOLFSSL
  316. #define WOLFSSL_LOG_PRINTF
  317. #else
  318. #if 0
  319. #define NO_ERROR_STRINGS
  320. #endif
  321. #endif
  322. /* ------------------------------------------------------------------------- */
  323. /* Memory */
  324. /* ------------------------------------------------------------------------- */
  325. #if 0
  326. /* Static memory requires fast math or SP math with no malloc */
  327. #define WOLFSSL_STATIC_MEMORY
  328. /* Disable fallback malloc/free */
  329. #define WOLFSSL_NO_MALLOC
  330. #if 1
  331. #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
  332. #endif
  333. #endif
  334. /* ------------------------------------------------------------------------- */
  335. /* Enable Features */
  336. /* ------------------------------------------------------------------------- */
  337. #define WOLFSSL_TLS13
  338. #define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
  339. #define HAVE_TLS_EXTENSIONS
  340. #define HAVE_SUPPORTED_CURVES
  341. #define WOLFSSL_BASE64_ENCODE
  342. //#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
  343. //#define KEEP_PEER_CERT
  344. //#define HAVE_COMP_KEY
  345. /* TLS Session Cache */
  346. #if 0
  347. #define SMALL_SESSION_CACHE
  348. #else
  349. #define NO_SESSION_CACHE
  350. #endif
  351. /* ------------------------------------------------------------------------- */
  352. /* Disable Features */
  353. /* ------------------------------------------------------------------------- */
  354. //#define NO_WOLFSSL_SERVER
  355. //#define NO_WOLFSSL_CLIENT
  356. //#define NO_CRYPT_TEST
  357. //#define NO_CRYPT_BENCHMARK
  358. //#define WOLFCRYPT_ONLY
  359. /* In-lining of misc.c functions */
  360. /* If defined, must include wolfcrypt/src/misc.c in build */
  361. /* Slower, but about 1k smaller */
  362. //#define NO_INLINE
  363. #define NO_WRITEV
  364. #define NO_MAIN_DRIVER
  365. //#define NO_DEV_RANDOM
  366. #define NO_OLD_TLS
  367. #define NO_PSK
  368. #define NO_DSA
  369. #define NO_RC4
  370. #define NO_MD4
  371. #define NO_PWDBASED
  372. //#define NO_CODING
  373. //#define NO_CERTS
  374. //#define NO_SIG_WRAPPER
  375. #ifdef __cplusplus
  376. }
  377. #endif
  378. #endif /* WOLFSSL_USER_SETTINGS_H */