Improve the user_settings_template to incude Windows. Added STM32 configuration example.

IDE/STM32Cube/README.md

@@ -14,9 +14,18 @@ These examples use the Cube HAL for STM32.
 
 ## Configuration
 
-The settings for the wolfSSL CubeMX pack are in the generated `wolfSSL.I-CUBE-wolfSSL_conf.h` file. An example of this is located in `IDE/STM32Cube/wolfSSL_conf.h` (renamed to avoid possible conflicts with generated file).
+The settings for the wolfSSL CubeMX pack are in the generated `wolfSSL.I-CUBE-wolfSSL_conf.h` file. An example of a generated file can be found at `examples/configs/user_settings_stm32.h`.
+
+The template used for generation is `IDE/STM32Cube/default_conf.ftl`, which is stored in the pack here: `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/CubeMX/templates/default_conf.ftl`.
+
+If the default settings for the Cube GUI are insufficient you can customize the build using one of these methods to prevent the changes from being overwritten when generating the code:
+
+* Copy the `wolfSSL.I-CUBE-wolfSSL_conf.h` to `Core/Inc` and rename to `user_settings.h`. Then add the preprocessor macro `WOLFSSL_USER_SETTINGS` to your project. This will use the `user_settings.h` instead of the generated configuration.
+
+OR
+
+* Edit the source template file used for Cube pack generation here: `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/CubeMX/templates/default_conf.ftl`.
 
-The template used for generation is `IDE/STM32Cube/default_conf.ftl` which can be updated at `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/CubeMX/templates/default_conf.ftl`.
 
 The section for "Hardware platform" may need to be adjusted depending on your processor and board:
 

IDE/STM32Cube/include.am

@@ -5,7 +5,6 @@
 EXTRA_DIST+= IDE/STM32Cube/README.md
 EXTRA_DIST+= IDE/STM32Cube/main.c
 EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.c
-EXTRA_DIST+= IDE/STM32Cube/wolfSSL_conf.h
 EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.h
 EXTRA_DIST+= IDE/STM32Cube/STM32_Benchmarks.md
 EXTRA_DIST+= IDE/STM32Cube/default_conf.ftl

examples/configs/README.md

@@ -9,6 +9,7 @@ Example wolfSSL configuration file templates for use when autoconf is not availa
 * `user_settings_min_ecc.h`: This is ECC and SHA-256 only. For ECC verify only add `BUILD_VERIFY_ONLY`.
 * `user_settings_wolfboot_keytools.h`: This from wolfBoot tools/keytools and is ECC, RSA, ED25519 and ChaCha20.
 * `user_settings_fipsv2.h`: The FIPS v2 (3389) 140-2 certificate build options.
+* `user_settings_stm32.h`: Example configuration file generated from the wolfSSL STM32 Cube pack.
 
 ## Usage
 

examples/configs/include.am

@@ -5,3 +5,6 @@ EXTRA_DIST += examples/configs/README.md
 EXTRA_DIST += examples/configs/user_settings_all.h
 EXTRA_DIST += examples/configs/user_settings_min_ecc.h
 EXTRA_DIST += examples/configs/user_settings_wolfboot_keytools.h
+EXTRA_DIST += examples/configs/user_settings_template.h
+EXTRA_DIST += examples/configs/user_settings_fipsv2.h
+EXTRA_DIST += examples/configs/user_settings_stm32.h

examples/configs/user_settings_stm32.h

@@ -29,11 +29,6 @@
 #ifndef __WOLFSSL_I_CUBE_WOLFSSL_CONF_H__
 #define __WOLFSSL_I_CUBE_WOLFSSL_CONF_H__
 
-/**
-	MiddleWare name : wolfSSL.I-CUBE-wolfSSL.4.6.0
-	MiddleWare fileName : ./wolfSSL.I-CUBE-wolfSSL_conf.h
-	MiddleWare version :
-*/
 
 /*---------- WOLF_CONF_DEBUG -----------*/
 #define WOLF_CONF_DEBUG      0

examples/configs/user_settings_template.h

@@ -32,7 +32,7 @@ extern "C" {
 #endif
 
 /* If TARGET_EMBEDDED is defined then small target settings are used */
-#if !((defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__)))
+#if !(defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__) || defined(_WIN32))
     #define TARGET_EMBEDDED
 #endif
 
@@ -52,7 +52,9 @@ extern "C" {
     /* reduce stack use. For variables over 100 bytes allocate from heap */
     #define WOLFSSL_SMALL_STACK
 
-    /* disable the built-in socket support and use the IO callbacks. Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend */
+    /* disable the built-in socket support and use the IO callbacks. 
+     * Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend 
+     */
     #define WOLFSSL_USER_IO
 #endif
 
@@ -61,8 +63,11 @@ extern "C" {
 /* ------------------------------------------------------------------------- */
 #undef USE_FAST_MATH
 #if 1
+    /* fast math (tfmc.) (stack based and timing resistant) */
     #define USE_FAST_MATH
     #define TFM_TIMING_RESISTANT
+#else
+    /* normal heap based integer.c (not timing resistant) */
 #endif
 
 /* Wolf Single Precision Math */
@@ -71,12 +76,23 @@ extern "C" {
     #define WOLFSSL_HAVE_SP_RSA
     #define WOLFSSL_HAVE_SP_DH
     #define WOLFSSL_HAVE_SP_ECC
-    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    //#define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
+    //#define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
+    
     //#define WOLFSSL_SP_CACHE_RESISTANT
-    #define WOLFSSL_SP_MATH     /* only SP math - eliminates integer.c/tfm.c(fast math) code */
+    #define WOLFSSL_SP_MATH     /* only SP math - disables integer.c/tfm.c */
     #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
 
-    /* SP Assembly Speedups - specific to chip type */
+    //#define WOLFSSL_SP_NO_MALLOC
+    //#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
+ 
+    #ifdef TARGET_EMBEDDED
+        /* use smaller version of code */
+        #define WOLFSSL_SP_SMALL
+    #else
+        /* SP Assembly Speedups - specific to chip type */
+        #define WOLFSSL_SP_ASM
+    #endif
     //#define WOLFSSL_SP_X86_64
     //#define WOLFSSL_SP_X86
     //#define WOLFSSL_SP_ARM32_ASM
@@ -108,6 +124,21 @@ extern "C" {
     #define NO_RSA
 #endif
 
+/* DH */
+#undef  NO_DH
+#if 1
+    /* Use table for DH instead of -lm (math) lib dependency */
+    #if 1
+        #define WOLFSSL_DH_CONST
+        #define HAVE_FFDHE_2048
+        //#define HAVE_FFDHE_4096
+        //#define HAVE_FFDHE_6144
+        //#define HAVE_FFDHE_8192
+    #endif
+#else
+    #define NO_DH
+#endif
+
 /* ECC */
 #undef HAVE_ECC
 #if 1
@@ -129,9 +160,7 @@ extern "C" {
     //#define FP_ECC
     #ifdef FP_ECC
         /* Bits / Entries */
-        #undef  FP_ENTRIES
         #define FP_ENTRIES  2
-        #undef  FP_LUT
         #define FP_LUT      4
     #endif
 
@@ -148,11 +177,11 @@ extern "C" {
     /* Use alternate ECC size for ECC math */
     #ifdef USE_FAST_MATH
         /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
-        #ifdef NO_RSA
-            /* Custom fastmath size if not using RSA */
-            #undef  FP_MAX_BITS
+        #if defined(NO_RSA) && defined(NO_DH)
+            /* Custom fastmath size if not using RSA/DH */
             #define FP_MAX_BITS     (256 * 2)
         #else
+            /* use heap allocation for ECC points */
             #define ALT_ECC_SIZE
 
             /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
@@ -166,21 +195,6 @@ extern "C" {
     #endif
 #endif
 
-/* DH */
-#undef  NO_DH
-#if 1
-    /* Use table for DH instead of -lm (math) lib dependency */
-    #if 1
-        #define WOLFSSL_DH_CONST
-        #define HAVE_FFDHE_2048
-        //#define HAVE_FFDHE_4096
-        //#define HAVE_FFDHE_6144
-        //#define HAVE_FFDHE_8192
-    #endif
-#else
-    #define NO_DH
-#endif
-
 
 /* AES */
 #undef NO_AES
@@ -191,6 +205,8 @@ extern "C" {
     #define HAVE_AESGCM
     #ifdef TARGET_EMBEDDED
         #define GCM_SMALL
+    #else
+        #define GCM_TABLE_4BIT
     #endif
 
     //#define WOLFSSL_AES_DIRECT