NetBurner 3.5.6
PDF Version
MON_RT11xx/user_settings.h
1
2
#ifndef USER_SETTINGS_H
3
#define USER_SETTINGS_H
4
5
#include <predef.h>
6
7
#ifdef __cplusplus
8
extern
"C"
{
9
#endif
10
11
//#define DEBUG_WOLFSSL
12
#include <endian.h>
13
#define XHTONS(a) __htons(a)
14
15
//#define WOLFSSL_CALLBACKS
16
17
/* ------------------------------------------------------------------------- */
18
/* Platform */
19
/* ------------------------------------------------------------------------- */
20
#undef WOLFSSL_GENERAL_ALIGNMENT
21
#define WOLFSSL_GENERAL_ALIGNMENT 4
22
23
#undef SINGLE_THREADED
24
//#define SINGLE_THREADED
25
26
#undef WOLFSSL_SMALL_STACK
27
#define WOLFSSL_SMALL_STACK
28
29
#undef WOLFSSL_USER_IO
30
#define WOLFSSL_USER_IO
31
32
/* ------------------------------------------------------------------------- */
33
/* Math Configuration */
34
/* ------------------------------------------------------------------------- */
35
#undef SIZEOF_LONG_LONG
36
#define SIZEOF_LONG_LONG 8
37
38
#undef USE_FAST_MATH
39
#if 1
40
#define USE_FAST_MATH
41
42
#undef TFM_TIMING_RESISTANT
43
#define TFM_TIMING_RESISTANT
44
45
/* Optimizations */
46
//#define TFM_ARM
47
#endif
48
49
/* Wolf Single Precision Math */
50
#undef WOLFSSL_SP
51
#if 0
52
#define WOLFSSL_SP
53
#define WOLFSSL_SP_SMALL
/* use smaller version of code */
54
#define WOLFSSL_HAVE_SP_RSA
55
#define WOLFSSL_HAVE_SP_DH
56
#define WOLFSSL_HAVE_SP_ECC
57
#define WOLFSSL_SP_CACHE_RESISTANT
58
//#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */
59
60
/* 64 or 32 bit version */
61
//#define WOLFSSL_SP_ASM /* required if using the ASM versions */
62
//#define WOLFSSL_SP_ARM32_ASM
63
//#define WOLFSSL_SP_ARM64_ASM
64
#endif
65
66
/* ------------------------------------------------------------------------- */
67
/* FIPS - Requires eval or license from wolfSSL */
68
/* ------------------------------------------------------------------------- */
69
#undef HAVE_FIPS
70
#if 0
71
#define HAVE_FIPS
72
73
#undef HAVE_FIPS_VERSION
74
#define HAVE_FIPS_VERSION 2
75
76
#ifdef SINGLE_THREADED
77
#undef NO_THREAD_LS
78
#define NO_THREAD_LS
79
#endif
80
#endif
81
82
83
/* ------------------------------------------------------------------------- */
84
/* Crypto */
85
/* ------------------------------------------------------------------------- */
86
/* RSA */
87
#undef NO_RSA
88
#if 1
89
#ifdef USE_FAST_MATH
90
/* Maximum math bits (Max RSA key bits * 2) */
91
#undef FP_MAX_BITS
92
#define FP_MAX_BITS 8192
93
#endif
94
95
/* half as much memory but twice as slow */
96
#undef RSA_LOW_MEM
97
//#define RSA_LOW_MEM
98
99
/* Enables blinding mode, to prevent timing attacks */
100
#if 1
101
#undef WC_RSA_BLINDING
102
#define WC_RSA_BLINDING
103
#else
104
#undef WC_NO_HARDEN
105
#define WC_NO_HARDEN
106
#endif
107
108
/* RSA PSS Support */
109
#if 1
110
#define WC_RSA_PSS
111
#endif
112
113
#if 1
114
#define WC_RSA_NO_PADDING
115
#endif
116
#else
117
#define NO_RSA
118
#endif
119
120
/* ECC */
121
#undef HAVE_ECC
122
#if 1
123
#define HAVE_ECC
124
125
// Manually add support for curves.
126
#undef ECC_USER_CURVES
127
#define ECC_USER_CURVES
128
129
#ifdef ECC_USER_CURVES
130
/* Manual Curve Selection */
131
#define HAVE_ECC192
// For WolfSSL
132
#define HAVE_ECC224
// For WolfSSL
133
#undef NO_ECC256
134
135
// Added for specific curve support for WolfSSH
136
// To enable other curves, look at ecc_sets in wolfcrypt/src/ecc.c and add required defines.
137
// You will also need to make adjustments to wolfSSH_ProcessBuffer() where the curveId is checked.
138
#define ECC192
139
#define ECC224
140
#undef NO_ECC_SECP
141
#define HAVE_ECC_SECPR2
142
#define HAVE_ECC_SECPR3
143
144
#ifdef ENABLE_ECC384
// predef.h
145
#define HAVE_ECC384
// - Disabled until we can get better performance
146
#endif
147
148
#ifdef ENABLE_ECC521
// predef.h
149
#define HAVE_ECC521
// - Disabled until we can get better performance
150
#endif
151
152
#ifdef ENABLE_ED25519
// predef.h
153
#define HAVE_ED25519
/* ED25519 Requires SHA512 */
154
#define HAVE_CURVE25519
155
156
/* Optionally use small math (less flash usage, but much slower) */
157
//#define CURVED25519_SMALL
158
#endif
159
#endif
160
161
/* Fixed point cache (speeds repeated operations against same private key) */
162
#undef FP_ECC
163
#define FP_ECC
164
#ifdef FP_ECC
165
/* Bits / Entries */
166
#undef FP_ENTRIES
167
#define FP_ENTRIES 15
168
#undef FP_LUT
169
#define FP_LUT 4
170
#endif
171
172
/* Optional ECC calculation method */
173
/* Note: doubles heap usage, but slightly faster */
174
#undef ECC_SHAMIR
175
#define ECC_SHAMIR
176
177
/* Reduces heap usage, but slower */
178
#undef ECC_TIMING_RESISTANT
179
//#define ECC_TIMING_RESISTANT // - Disabled for performance
180
181
/* Enable cofactor support */
182
#ifdef HAVE_FIPS
183
#undef HAVE_ECC_CDH
184
#define HAVE_ECC_CDH
185
#endif
186
187
/* Validate import */
188
#ifdef HAVE_FIPS
189
#undef WOLFSSL_VALIDATE_ECC_IMPORT
190
#define WOLFSSL_VALIDATE_ECC_IMPORT
191
#endif
192
193
/* Compressed Key Support */
194
#undef HAVE_COMP_KEY
195
//#define HAVE_COMP_KEY
196
197
/* Use alternate ECC size for ECC math */
198
#ifdef USE_FAST_MATH
199
#ifdef NO_RSA
200
/* Custom fastmath size if not using RSA */
201
/* MAX = ROUND32(ECC BITS 256) + SIZE_OF_MP_DIGIT(32) */
202
#undef FP_MAX_BITS
203
#define FP_MAX_BITS (256 + 32)
204
#else
205
#undef ALT_ECC_SIZE
206
#define ALT_ECC_SIZE
207
#endif
208
209
/* Speedups specific to curve */
210
#ifndef NO_ECC256
211
#undef TFM_ECC256
212
#define TFM_ECC256
213
#endif
214
#endif
215
#endif
216
217
/* DH */
218
#undef NO_DH
219
#if 1
220
/* Use table for DH instead of -lm (math) lib dependency */
221
#if 1
222
#define WOLFSSL_DH_CONST
223
#define HAVE_FFDHE_2048
224
#define HAVE_FFDHE_4096
225
//#define HAVE_FFDHE_6144
226
//#define HAVE_FFDHE_8192
227
#endif
228
229
#ifdef HAVE_FIPS
230
#define WOLFSSL_VALIDATE_FFC_IMPORT
231
#define HAVE_FFDHE_Q
232
#endif
233
#else
234
#define NO_DH
235
#endif
236
237
238
/* AES */
239
#undef NO_AES
240
#if 1
241
#undef HAVE_AES_CBC
242
#define HAVE_AES_CBC
243
244
#define HAVE_AESGCM
245
246
/* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
247
// Listed in order of speed and memory usage
248
// #define GCM_TABLE
249
#define GCM_WORD32
250
// #define GCM_TABLE_4BIT
251
// #define GCM_SMALL
252
253
#undef WOLFSSL_AES_DIRECT
254
//#define WOLFSSL_AES_DIRECT
255
256
#undef HAVE_AES_ECB
257
//#define HAVE_AES_ECB
258
259
#undef WOLFSSL_AES_COUNTER
260
//#define WOLFSSL_AES_COUNTER
261
262
#undef HAVE_AESCCM
263
#define HAVE_AESCCM
264
#else
265
#define NO_AES
266
#endif
267
268
269
/* DES3 */
270
#undef NO_DES3
271
#if 1
272
#else
273
#define NO_DES3
274
#endif
275
276
/* ChaCha20 / Poly1305 */
277
//#undef HAVE_CHACHA
278
//#undef HAVE_POLY1305
279
//#if 0
280
#define HAVE_CHACHA
281
#define HAVE_POLY1305
282
283
/* Needed for Poly1305 */
284
#undef HAVE_ONE_TIME_AUTH
285
#define HAVE_ONE_TIME_AUTH
286
//#endif
287
288
/* Ed25519 / Curve25519 */
289
//#undef HAVE_CURVE25519
290
//#undef HAVE_ED25519
291
//#if 0
292
#define HAVE_CURVE25519
293
#define HAVE_ED25519
/* ED25519 Requires SHA512 */
294
295
/* Optionally use small math (less flash usage, but much slower) */
296
#if 1
297
#define CURVED25519_SMALL
298
#endif
299
//#endif
300
301
302
/* ------------------------------------------------------------------------- */
303
/* Hashing */
304
/* ------------------------------------------------------------------------- */
305
/* Sha */
306
//#undef WOLFSSL_STATIC_RSA
307
#if 1
308
/* 1k smaller, but 25% slower */
309
//#define USE_SLOW_SHA
310
#else
311
#define NO_SHA
312
#endif
313
314
/* Sha256 */
315
#undef NO_SHA256
316
#if 1
317
/* not unrolled - ~2k smaller and ~25% slower */
318
//#define USE_SLOW_SHA256
319
320
/* Sha224 */
321
#if 0
322
#define WOLFSSL_SHA224
323
#endif
324
#else
325
#define NO_SHA256
326
#endif
327
328
/* Sha512 */
329
//#undef WOLFSSL_SHA512
330
//#if 0
331
#define WOLFSSL_SHA512
332
333
/* Sha384 */
334
//#undef WOLFSSL_SHA384
335
//#if 0
336
#define WOLFSSL_SHA384
337
//#endif
338
339
/* over twice as small, but 50% slower */
340
//#define USE_SLOW_SHA512
341
//#endif
342
343
/* Sha3 */
344
#undef WOLFSSL_SHA3
345
#if 0
346
#define WOLFSSL_SHA3
347
#endif
348
349
/* MD5 */
350
#undef NO_MD5
351
#if 0
352
353
#else
354
#define NO_MD5
355
#endif
356
357
/* HKDF */
358
#undef HAVE_HKDF
359
#if 1
360
#define HAVE_HKDF
361
#endif
362
363
/* CMAC */
364
#undef WOLFSSL_CMAC
365
#if 0
366
#define WOLFSSL_CMAC
367
#endif
368
369
370
/* ------------------------------------------------------------------------- */
371
/* Benchmark / Test */
372
/* ------------------------------------------------------------------------- */
373
/* Use reduced benchmark / test sizes */
374
#undef BENCH_EMBEDDED
375
//#define BENCH_EMBEDDED
376
377
#undef USE_CERT_BUFFERS_2048
378
//#define USE_CERT_BUFFERS_2048
379
380
#undef USE_CERT_BUFFERS_1024
381
//#define USE_CERT_BUFFERS_1024
382
383
#undef USE_CERT_BUFFERS_256
384
//#define USE_CERT_BUFFERS_256
385
386
387
/* ------------------------------------------------------------------------- */
388
/* Debugging */
389
/* ------------------------------------------------------------------------- */
390
391
#undef DEBUG_WOLFSSL
392
#undef NO_ERROR_STRINGS
393
#if 0
394
#define DEBUG_WOLFSSL
395
#else
396
#if 0
397
#define NO_ERROR_STRINGS
398
#endif
399
#endif
400
401
// Prints out the TLS secrets to the console, allowing for decryption of the TLS stream
402
// #define SHOW_SECRETS
403
// #define HAVE_SECRET_CALLBACK
404
405
/* ------------------------------------------------------------------------- */
406
/* Memory */
407
/* ------------------------------------------------------------------------- */
408
409
/* Override Memory API's */
410
#if 0
411
#undef XMALLOC_OVERRIDE
412
#define XMALLOC_OVERRIDE
413
414
/* prototypes for user heap override functions */
415
/* Note: Realloc only required for normal math */
416
#include <stddef.h>
/* for size_t */
417
extern
void
*myMalloc(
size_t
n,
void
* heap,
int
type);
418
extern
void
myFree(
void
*p,
void
* heap,
int
type);
419
extern
void
*myRealloc(
void
*p,
size_t
n,
void
* heap,
int
type);
420
421
#define XMALLOC(n, h, t) myMalloc(n, h, t)
422
#define XFREE(p, h, t) myFree(p, h, t)
423
#define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
424
#endif
425
426
#if 1
427
/* Static memory requires fast math */
428
#define WOLFSSL_STATIC_MEMORY
429
430
/* Disable fallback malloc/free */
431
#define WOLFSSL_NO_MALLOC
432
#if 0
433
#define WOLFSSL_MALLOC_CHECK
/* trap malloc failure */
434
#endif
435
#endif
436
437
/* Memory callbacks */
438
#if 0
439
#undef USE_WOLFSSL_MEMORY
440
#define USE_WOLFSSL_MEMORY
441
442
/* Use this to measure / print heap usage */
443
#if 1
444
#undef WOLFSSL_TRACK_MEMORY
445
#define WOLFSSL_TRACK_MEMORY
446
447
#undef WOLFSSL_DEBUG_MEMORY
448
#define WOLFSSL_DEBUG_MEMORY
449
#endif
450
#else
451
#ifndef WOLFSSL_STATIC_MEMORY
452
#define NO_WOLFSSL_MEMORY
453
/* Otherwise we will use stdlib malloc, free and realloc */
454
#endif
455
#endif
456
457
458
/* ------------------------------------------------------------------------- */
459
/* Port */
460
/* ------------------------------------------------------------------------- */
461
462
/* Override Current Time */
463
/* Allows custom "custom_time()" function to be used for benchmark */
464
#define WOLFSSL_USER_CURRTIME
465
#define WOLFSSL_GMTIME
466
#define USER_TICKS
467
extern
unsigned
long
my_time(
unsigned
long
* timer);
468
#define XTIME my_time
469
470
471
/* ------------------------------------------------------------------------- */
472
/* RNG */
473
/* ------------------------------------------------------------------------- */
474
475
/* Seed Source */
476
/* Size of returned HW RNG value */
477
#define CUSTOM_RAND_TYPE unsigned int
478
extern
unsigned
int
my_rng_seed_gen(
void
);
479
#undef CUSTOM_RAND_GENERATE
480
#define CUSTOM_RAND_GENERATE my_rng_seed_gen
481
482
// NetBurner specific define for enabling hardware random number generation for M7
483
#define GATHER_RANDOM_USE_HW
484
485
/* Choose RNG method */
486
#if 1
487
/* Use built-in P-RNG (SHA256 based) with HW RNG */
488
/* P-RNG + HW RNG (P-RNG is ~8K) */
489
#undef HAVE_HASHDRBG
490
//#define HAVE_HASHDRBG
491
#else
492
#undef WC_NO_HASHDRBG
493
#define WC_NO_HASHDRBG
494
495
/* Bypass P-RNG and use only HW RNG */
496
extern
int
my_rng_gen_block(
unsigned
char
* output,
unsigned
int
sz);
497
#undef CUSTOM_RAND_GENERATE_BLOCK
498
#define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
499
#endif
500
501
502
/* ------------------------------------------------------------------------- */
503
/* Custom Standard Lib */
504
/* ------------------------------------------------------------------------- */
505
/* Allows override of all standard library functions */
506
#undef STRING_USER
507
#if 0
508
#define STRING_USER
509
510
#include <string.h>
511
512
#undef USE_WOLF_STRSEP
513
#define USE_WOLF_STRSEP
514
#define XSTRSEP(s1,d) wc_strsep((s1),(d))
515
516
#undef USE_WOLF_STRTOK
517
#define USE_WOLF_STRTOK
518
#define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
519
520
#define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
521
522
#define XMEMCPY(d,s,l) memcpy((d),(s),(l))
523
#define XMEMSET(b,c,l) memset((b),(c),(l))
524
#define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
525
#define XMEMMOVE(d,s,l) memmove((d),(s),(l))
526
527
#define XSTRLEN(s1) strlen((s1))
528
#define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
529
#define XSTRSTR(s1,s2) strstr((s1),(s2))
530
531
#define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
532
#define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
533
#define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
534
535
#define XSNPRINTF snprintf
536
#endif
537
538
539
540
/* ------------------------------------------------------------------------- */
541
/* Enable Features */
542
/* ------------------------------------------------------------------------- */
543
#ifdef SSL_TLS_1_3_SUPPORT
// defined in predef.h
544
#define WOLFSSL_TLS13
545
#endif
546
547
#undef WOLFSSL_KEY_GEN
548
#if 1
549
#define WOLFSSL_KEY_GEN
550
#endif
551
552
#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN)
553
#define WOLFSSL_OLD_PRIME_CHECK
554
#endif
555
556
#undef KEEP_PEER_CERT
557
#define KEEP_PEER_CERT
558
559
#undef HAVE_COMP_KEY
560
//#define HAVE_COMP_KEY
561
562
#undef HAVE_TLS_EXTENSIONS
563
#define HAVE_TLS_EXTENSIONS
564
565
#undef HAVE_SUPPORTED_CURVES
566
#define HAVE_SUPPORTED_CURVES
567
568
#undef WOLFSSL_BASE64_ENCODE
569
#define WOLFSSL_BASE64_ENCODE
570
571
#define SMALL_SESSION_CACHE
572
#define NO_SESSION_CACHE_REF
573
#define HAVE_SESSION_TICKET
574
575
/* ------------------------------------------------------------------------- */
576
/* Disable Features */
577
/* ------------------------------------------------------------------------- */
578
#undef NO_WOLFSSL_SERVER
579
//#define NO_WOLFSSL_SERVER
580
581
#undef NO_WOLFSSL_CLIENT
582
//#define NO_WOLFSSL_CLIENT
583
584
#undef NO_CRYPT_TEST
585
//#define NO_CRYPT_TEST
586
587
#undef NO_CRYPT_BENCHMARK
588
//#define NO_CRYPT_BENCHMARK
589
590
#undef WOLFCRYPT_ONLY
591
//#define WOLFCRYPT_ONLY
592
593
// Allows WolfSSL to malloc the tls 1.3 ticket nonce, instead of using a static buffer. This supports large ticket nonces
594
#define WOLFSSL_TICKET_NONCE_MALLOC
595
596
/* In-lining of misc.c functions */
597
/* If defined, must include wolfcrypt/src/misc.c in build */
598
/* Slower, but about 1k smaller */
599
#undef NO_INLINE
600
//#define NO_INLINE
601
602
#undef WOLFSSL_NO_SOCK
603
#define WOLFSSL_NO_SOCK
604
605
#undef NO_WOLFSSL_DIR
606
#define NO_WOLFSSL_DIR
607
608
#undef NO_FILESYSTEM
609
#define NO_FILESYSTEM
610
611
#undef NO_WRITEV
612
#define NO_WRITEV
613
614
#undef NO_MAIN_DRIVER
615
#define NO_MAIN_DRIVER
616
617
#undef NO_DEV_RANDOM
618
#define NO_DEV_RANDOM
619
620
#undef NO_DSA
621
#define NO_DSA
622
623
#undef NO_RC4
624
//#define NO_RC4
625
626
#undef NO_OLD_TLS
627
#define NO_OLD_TLS
628
629
#undef NO_HC128
630
#define NO_HC128
631
632
#undef NO_RABBIT
633
#define NO_RABBIT
634
635
#undef NO_PSK
636
#define NO_PSK
637
638
#undef NO_MD4
639
#define NO_MD4
640
641
#undef NO_PWDBASED
642
#define NO_PWDBASED
643
644
#undef NO_CODING
645
//#define NO_CODING
646
647
#undef NO_ASN_TIME
648
//#define NO_ASN_TIME
649
650
#undef NO_CERTS
651
//#define NO_CERTS
652
653
#undef NO_SIG_WRAPPER
654
//#define NO_SIG_WRAPPER
655
656
#undef NO_TLS
657
658
// Settings made for compatibility
659
#define WOLFSSL_STATIC_RSA
// Needed to support TLS_RSA_WITH_AES_128_CBC_SHA
660
#define WOLFSSL_AES_128
// Needed to support TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256
661
#define WOLFSSL_AES_256
// Needed to support TLS_RSA_WITH_AES_256_CBC_SHA256
662
#define WOLFSSL_STATIC_DH
// Needed to support TLS_ECDH_ECDSA_WITH_RC4_128_SHA
663
664
#define WOLFSSL_CERT_REQ
665
#define WOLFSSL_CERT_GEN
666
#define WOLFSSL_ALT_NAMES
667
#define WOLFSSL_DER_TO_PEM
668
#define WOLFSSL_KEY_GEN
669
#define WOLFSSL_EITHER_SIDE
670
671
#define ENABLE_ECCKEY_CREATE
// Custom define, maybe should move to predef?
672
#define ENABLE_RSAKEY_CREATE
// Custom define, maybe should move to predef?
673
674
// For wolfSSH
675
//#undef WOLFSSH_SFTP
676
//#define WOLFSSH_SFTP
677
678
//#undef WOLFSSH_SCP
679
//#define WOLFSSH_SCP
680
681
#undef WOLFSSH_USER_IO
682
#define WOLFSSH_USER_IO
683
684
#ifdef __cplusplus
685
}
686
#endif
687
688
#endif
/* WOLFSSL_USER_SETTINGS_H */
689
