user_settings.h 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436
  1. /* user_settings.h
  2. *
  3. * Copyright (C) 2006-2024 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #ifndef USER_SETTINGS_H
  22. #define USER_SETTINGS_H
  23. #ifdef CONFIG_WOLFSSL
  24. /* If a custom user_settings file is provided use it instead.
  25. * CONFIG_WOLFSSL_SETTINGS_FILE is always defined. If it is not explicitly set
  26. * in prj.conf then it is auto-defined to "". This obviously causes issues here.
  27. * That is why we define WOLFSSL_SETTINGS_FILE in CMakeLists.txt. */
  28. #ifdef WOLFSSL_SETTINGS_FILE
  29. #include WOLFSSL_SETTINGS_FILE
  30. #else
  31. #ifdef __cplusplus
  32. extern "C" {
  33. #endif
  34. /* ------------------------------------------------------------------------- */
  35. /* Platform */
  36. /* ------------------------------------------------------------------------- */
  37. #define WOLFSSL_GENERAL_ALIGNMENT 4 /* platform requires 32-bit alignment on uint32_t */
  38. #define SIZEOF_LONG_LONG 8 /* long long is 8 bytes / 64-bit */
  39. //#define WOLFSSL_NO_ASM /* optionally disable inline assembly support */
  40. #define WOLFSSL_IGNORE_FILE_WARN /* ignore file includes not required */
  41. //#define WOLFSSL_SMALL_STACK /* option to reduce stack size, offload to heap */
  42. #define BENCH_EMBEDDED /* use smaller buffers in benchmark / tests */
  43. /* Network stack */
  44. /* Default is POSIX sockets */
  45. //#define WOLFSSL_USER_IO /* Use the SetIO callbacks, not the internal wolfio.c socket code */
  46. //#define WOLFSSL_LWIP
  47. //#define WOLFSSL_LWIP_NATIVE
  48. //#define FREERTOS_TCP
  49. /* RTOS */
  50. /* Default is POSIX mutex and pthreads*/
  51. //#define SINGLE_THREADED
  52. //#define FREERTOS
  53. #define NO_FILESYSTEM
  54. #define NO_WRITEV
  55. /* ------------------------------------------------------------------------- */
  56. /* Hardware */
  57. /* ------------------------------------------------------------------------- */
  58. /* CryptoCell support */
  59. #if 0
  60. //#define WOLFSSL_CRYPTOCELL
  61. //#define WOLFSSL_CRYPTOCELL_AES
  62. #endif
  63. /* PSA support */
  64. #ifdef CONFIG_MBEDTLS_PSA_CRYPTO_C
  65. #define WOLFSSL_HAVE_PSA
  66. #ifndef SINGLE_THREADED
  67. #define WOLFSSL_PSA_GLOBAL_LOCK
  68. #endif
  69. #define WC_NO_HASHDRBG /* use PSA RNG directly via wc_psa_get_random */
  70. #endif
  71. /* ------------------------------------------------------------------------- */
  72. /* FIPS */
  73. /* ------------------------------------------------------------------------- */
  74. #ifdef CONFIG_WOLFCRYPT_FIPS
  75. /* FIPS Ready */
  76. #define HAVE_FIPS_VERSION 5
  77. #define HAVE_FIPS_VERSION_MINOR 3
  78. #endif
  79. /* ------------------------------------------------------------------------- */
  80. /* TLS */
  81. /* ------------------------------------------------------------------------- */
  82. /* TLS v1.2 (on by default) */
  83. #ifdef CONFIG_WOLFSSL_TLS_VERSION_1_2
  84. #undef WOLFSSL_NO_TLS12
  85. #else
  86. #define WOLFSSL_NO_TLS12
  87. #endif
  88. //#define NO_WOLFSSL_SERVER /* Optionally disable TLS server code */
  89. //#define NO_WOLFSSL_CLIENT /* Optionally disable TLS client code */
  90. /* TLS v1.3 */
  91. #if defined(CONFIG_WOLFSSL_TLS_VERSION_1_3) || defined(CONFIG_WOLFSSL_TLS13_ENABLED)
  92. #define WOLFSSL_TLS13
  93. #endif
  94. /* Disable older TLS version prior to 1.2 */
  95. #define NO_OLD_TLS
  96. /* Enable default TLS extensions */
  97. #define HAVE_TLS_EXTENSIONS
  98. #define HAVE_SUPPORTED_CURVES
  99. #define HAVE_EXTENDED_MASTER
  100. #define HAVE_ENCRYPT_THEN_MAC
  101. #define HAVE_SERVER_RENEGOTIATION_INFO
  102. #define HAVE_SNI /* optional Server Name Indicator (SNI) */
  103. /* ASN */
  104. #define WOLFSSL_ASN_TEMPLATE /* use newer ASN template asn.c code (default) */
  105. #if 0 /* optional space reductions */
  106. #define WOLFSSL_NO_ASN_STRICT
  107. #define IGNORE_NAME_CONSTRAINTS
  108. #endif
  109. /* Session Cache */
  110. #if 1
  111. #define SMALL_SESSION_CACHE
  112. #ifdef WOLFSSL_TLS13
  113. #define HAVE_SESSION_TICKET /* session tickets required for resumption in TLS v1.3 */
  114. #endif
  115. #else
  116. #define NO_SESSION_CACHE /* disable session resumption */
  117. #endif
  118. /* PSK */
  119. #define NO_PSK /* disable pre-shared-key support */
  120. /* ------------------------------------------------------------------------- */
  121. /* Algorithms */
  122. /* ------------------------------------------------------------------------- */
  123. /* RNG */
  124. #ifndef WC_NO_HASHDRBG
  125. #define HAVE_HASHDRBG /* Use DRBG SHA2-256 and seed */
  126. #endif
  127. /* ECC */
  128. #if 1
  129. #define HAVE_ECC
  130. #define ECC_USER_CURVES /* Enable only ECC curves specific */
  131. #undef NO_ECC256 /* Enable SECP256R1 only (on by default) */
  132. #define ECC_TIMING_RESISTANT /* Enable Timing Resistance */
  133. //#define ECC_SHAMIR /* Optional ECC calculation speed improvement if not using SP implementation */
  134. //#define WOLFSSL_CUSTOM_CURVES /* enable other curves (not just prime) */
  135. //#define HAVE_ECC_SECPR2
  136. //#define HAVE_ECC_SECPR3
  137. //#define HAVE_ECC_BRAINPOOL
  138. //#define HAVE_ECC_KOBLITZ
  139. //#define HAVE_ECC_CDH /* Co-factor */
  140. //#define HAVE_COMP_KEY /* Compressed key support */
  141. //#define FP_ECC /* Fixed point caching - speed repeated operations against same key */
  142. //#define HAVE_ECC_ENCRYPT
  143. //#define WOLFCRYPT_HAVE_ECCSI
  144. //#define WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT
  145. #endif
  146. #define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
  147. /* RSA */
  148. #if 1
  149. #undef NO_RSA
  150. #define WC_RSA_BLINDING
  151. //#define WC_RSA_NO_PADDING
  152. //#define RSA_LOW_MEM
  153. #if 0
  154. #define WOLFSSL_KEY_GEN /* For RSA Key gen only */
  155. #endif
  156. #if defined(WOLFSSL_TLS13) || defined(CONFIG_WOLFSSL_RSA_PSS)
  157. /* TLS v1.3 requires RSA PSS padding */
  158. #define WC_RSA_PSS
  159. //#define WOLFSSL_PSS_LONG_SALT
  160. #endif
  161. #else
  162. #define NO_RSA
  163. #endif
  164. /* DH */
  165. #if 0
  166. #undef NO_DH /* on by default */
  167. #define WOLFSSL_DH_CONST /* don't rely on pow/log */
  168. #define HAVE_FFDHE_2048
  169. #define HAVE_FFDHE_3072
  170. #define HAVE_DH_DEFAULT_PARAMS
  171. //#define WOLFSSL_DH_EXTRA /* Enable additional DH key import/export */
  172. #else
  173. #define NO_DH
  174. #endif
  175. /* ChaCha20 / Poly1305 */
  176. #if 1
  177. #define HAVE_CHACHA
  178. #define HAVE_POLY1305
  179. /* Needed for Poly1305 */
  180. #define HAVE_ONE_TIME_AUTH
  181. #endif
  182. /* Ed25519 / Curve25519 */
  183. #if 0
  184. #define HAVE_CURVE25519
  185. #define HAVE_ED25519 /* ED25519 Requires SHA512 */
  186. /* Optionally use small math (less flash usage, but much slower) */
  187. //#define CURVED25519_SMALL
  188. #endif
  189. /* SHA-1 */
  190. #if 0
  191. #undef NO_SHA /* on by default */
  192. //#define USE_SLOW_SHA /* 1k smaller, but 25% slower */
  193. #else
  194. // #define NO_SHA /* Necessary for pkcs12 tests */
  195. #endif
  196. /* SHA2-256 */
  197. #if 1
  198. #undef NO_SHA256 /* on by default */
  199. //#define USE_SLOW_SHA256 /* ~2k smaller and about 25% slower */
  200. #define WOLFSSL_SHA224
  201. #else
  202. #define NO_SHA256
  203. #endif
  204. /* SHA2-384/512 */
  205. #if 1
  206. #define WOLFSSL_SHA384
  207. #define WOLFSSL_SHA512
  208. //#define USE_SLOW_SHA512 /* Over twice as small, but 50% slower */
  209. #endif
  210. /* SHA-3 */
  211. #if 1
  212. #define WOLFSSL_SHA3
  213. #endif
  214. /* AES */
  215. #define HAVE_AES_ECB
  216. /* AES-CBC */
  217. #if 1
  218. #define HAVE_AES_CBC
  219. #else
  220. #define NO_AES_CBC
  221. #endif
  222. /* AES-GCM */
  223. #if 1
  224. #define HAVE_AESGCM
  225. #define GCM_SMALL /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
  226. //#define WOLFSSL_AESGCM_STREAM
  227. #endif
  228. //#define HAVE_AES_DECRYPT
  229. //#define WOLFSSL_AES_COUNTER
  230. //#define WOLFSSL_AES_CFB
  231. //#define WOLFSSL_AES_OFB
  232. //#define HAVE_AESCCM
  233. //#define WOLFSSL_AES_XTS
  234. //#define NO_AES_128
  235. //#define NO_AES_192
  236. //#define NO_AES_256
  237. //#define WOLFSSL_AES_SMALL_TABLES
  238. //#define WOLFSSL_AES_NO_UNROLL
  239. /* HKDF */
  240. #if defined(WOLFSSL_TLS13) || defined(CONFIG_WOLFSSL_HKDF)
  241. #define HAVE_HKDF
  242. #endif
  243. /* CMAC - Zephyr nRF BTLE needs CMAC */
  244. #if 1
  245. #define WOLFSSL_AES_DIRECT
  246. #define WOLFSSL_CMAC
  247. #endif
  248. /* Optional Features */
  249. #define WOLFSSL_BASE64_ENCODE /* Enable Base64 encoding */
  250. //#define WC_NO_CACHE_RESISTANT /* systems with cache should enable this for AES, ECC, RSA and DH */
  251. //#define WOLFSSL_CERT_GEN
  252. //#define WOLFSSL_CERT_REQ
  253. //#define WOLFSSL_CERT_EXT
  254. //#define NO_PWDBASED
  255. /* Disable Algorithms */
  256. #define NO_DSA
  257. #define NO_RC4
  258. #define NO_MD4
  259. #define NO_MD5
  260. //#define NO_DES3 /* Necessary for pkcs12 tests */
  261. #define WOLFSSL_NO_SHAKE128
  262. #define WOLFSSL_NO_SHAKE256
  263. /* ------------------------------------------------------------------------- */
  264. /* Math */
  265. /* ------------------------------------------------------------------------- */
  266. /* Math Options */
  267. /* Multi-precision - generic math for all keys sizes and curves */
  268. #if 1
  269. #define WOLFSSL_SP_MATH /* no multi-precision math, only single */
  270. #elif 1
  271. /* wolf mp math (sp_int.c) */
  272. #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
  273. //#define WOLFSSL_SP_NO_MALLOC
  274. /* use smaller version of code */
  275. #define WOLFSSL_SP_SMALL
  276. /* Define the maximum math bits used */
  277. #if !defined(NO_RSA) || !defined(NO_DH)
  278. #define SP_INT_BITS 2048
  279. #elif defined(HAVE_ECC)
  280. #define SP_INT_BITS 256
  281. #endif
  282. #elif 1
  283. /* Fast Math (tfm.c) (stack based and timing resistant) */
  284. #define USE_FAST_MATH
  285. #define TFM_TIMING_RESISTANT
  286. /* Define the maximum math bits used (2 * max) */
  287. #if !defined(NO_RSA) || !defined(NO_DH)
  288. #define FP_MAX_BITS (2*2048)
  289. #ifdef HAVE_ECC
  290. #define ALT_ECC_SIZE /* use heap allocation for ECC point */
  291. #endif
  292. #elif defined(HAVE_ECC)
  293. #define FP_MAX_BITS (2*256)
  294. #endif
  295. #ifdef HAVE_ECC
  296. //#define TFM_ECC256 /* optional speedup for ECC-256 bit */
  297. #endif
  298. #else
  299. /* Normal (integer.c) (heap based, not timing resistant) - not recommended */
  300. #define USE_INTEGER_HEAP_MATH
  301. #endif
  302. /* Single Precision (optional) */
  303. /* Math written for specific curves and key sizes */
  304. #if 1
  305. #ifdef HAVE_ECC
  306. #define WOLFSSL_HAVE_SP_ECC
  307. //#define WOLFSSL_SP_NO_256
  308. //#define WOLFSSL_SP_384
  309. //#define WOLFSSL_SP_521
  310. #endif
  311. #ifndef NO_RSA
  312. #define WOLFSSL_HAVE_SP_RSA
  313. //#define WOLFSSL_SP_NO_2048
  314. //#define WOLFSSL_SP_NO_3072
  315. //#define WOLFSSL_SP_4096
  316. #endif
  317. #ifndef NO_DH
  318. #define WOLFSSL_HAVE_SP_DH
  319. #endif
  320. #define WOLFSSL_SP_SMALL /* use smaller version of code */
  321. //#define WOLFSSL_SP_NO_MALLOC /* disable heap in wolf/SP math */
  322. //#define SP_DIV_WORD_USE_DIV /* no div64 */
  323. #if 0
  324. /* optional speedup with inline assembly */
  325. //#define WOLFSSL_SP_ARM_CORTEX_M_ASM /* Cortex-M3+ */
  326. //#define WOLFSSL_SP_ARM_THUMB_ASM /* Cortex-M0+ thumb */
  327. //#define WOLFSSL_SP_ARM32_ASM /* Cortex-R */
  328. //#define WOLFSSL_SP_ARM64_ASM /* Cortex-A */
  329. //#define WOLFSSL_SP_USE_UDIV
  330. #endif
  331. #endif
  332. /* ------------------------------------------------------------------------- */
  333. /* Assembly Speedups for Symmetric Algorithms */
  334. /* ------------------------------------------------------------------------- */
  335. #ifdef CONFIG_WOLFCRYPT_ARMASM
  336. #define WOLFSSL_ARMASM
  337. #define WOLFSSL_NO_HASH_RAW
  338. #define WOLFSSL_ARMASM_INLINE /* use inline .c versions */
  339. #define WOLFSSL_ARMASM_NO_NEON
  340. /* Default is ARMv8 */
  341. #if 0 /* ARMv7 */
  342. #define WOLFSSL_ARM_ARCH 7
  343. #define WOLFSSL_ARMASM_NO_HW_CRYPTO /* enable if processor does not support aes/sha instructions */
  344. #endif
  345. #endif
  346. #ifdef CONFIG_WOLFCRYPT_INTELASM
  347. #define USE_INTEL_SPEEDUP
  348. #define WOLFSSL_X86_64_BUILD /* 64-bit */
  349. //#define WOLFSSL_X86_BUILD /* 32-bit */
  350. /* Issues with building AESNI "_mm_aesimc_si128" always_inline */
  351. //#define WOLFSSL_AESNI
  352. #endif
  353. /* ------------------------------------------------------------------------- */
  354. /* Debugging */
  355. /* ------------------------------------------------------------------------- */
  356. #undef DEBUG_WOLFSSL
  357. #undef NO_ERROR_STRINGS
  358. #ifdef CONFIG_WOLFSSL_DEBUG
  359. #define DEBUG_WOLFSSL
  360. #else
  361. #if 1
  362. #define NO_ERROR_STRINGS
  363. #endif
  364. #endif
  365. #ifdef __cplusplus
  366. }
  367. #endif
  368. #endif /* CONFIG_WOLFSSL_SETTINGS_FILE */
  369. #endif /* CONFIG_WOLFSSL */
  370. #endif /* USER_SETTINGS_H */