user_settings.h 7.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339
  1. #ifndef _WIN_USER_SETTINGS_H_
  2. #define _WIN_USER_SETTINGS_H_
  3. /* For FIPS Ready, uncomment the following: */
  4. /* #define WOLFSSL_FIPS_READY */
  5. #ifdef WOLFSSL_FIPS_READY
  6. #undef HAVE_FIPS_VERSION
  7. #define HAVE_FIPS_VERSION 3
  8. #endif
  9. /* Verify this is Windows */
  10. #ifndef _WIN32
  11. #error This user_settings.h header is only designed for Windows
  12. #endif
  13. /* Configurations */
  14. #define WOLFCRYPT_ONLY
  15. #undef USE_FAST_MATH
  16. #if 1
  17. #define USE_FAST_MATH
  18. #undef TFM_TIMING_RESISTANT
  19. #define TFM_TIMING_RESISTANT
  20. /* Optimizations */
  21. //#define TFM_ARM
  22. #endif
  23. /* Wolf Single Precision Math */
  24. #undef WOLFSSL_SP
  25. #if 0
  26. #define WOLFSSL_SP
  27. //#define WOLFSSL_SP_SMALL /* use smaller version of code */
  28. #define WOLFSSL_HAVE_SP_RSA
  29. #define WOLFSSL_HAVE_SP_DH
  30. #define WOLFSSL_HAVE_SP_ECC
  31. //#define WOLFSSL_SP_CACHE_RESISTANT
  32. //#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */
  33. /* SP Assembly Speedups */
  34. //#define WOLFSSL_SP_ASM /* required if using the ASM versions */
  35. //#define WOLFSSL_SP_ARM32_ASM
  36. //#define WOLFSSL_SP_ARM64_ASM
  37. //#define WOLFSSL_SP_ARM_THUMB_ASM
  38. //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
  39. #endif
  40. /* ------------------------------------------------------------------------- */
  41. /* FIPS - Requires eval or license from wolfSSL */
  42. /* ------------------------------------------------------------------------- */
  43. #undef HAVE_FIPS
  44. #if 1
  45. #define HAVE_FIPS
  46. #undef HAVE_FIPS_VERSION
  47. #define HAVE_FIPS_VERSION 2
  48. #ifdef SINGLE_THREADED
  49. #undef NO_THREAD_LS
  50. #define NO_THREAD_LS
  51. #else
  52. #ifndef USE_WINDOWS_API
  53. #define USE_WINDOWS_API
  54. #endif
  55. #endif
  56. #undef NO_ATTRIBUTE_CONSTRUCTOR
  57. //#define NO_ATTRIBUTE_CONSTRUCTOR
  58. #endif
  59. /* FIPS */
  60. //#define OPENSSL_EXTRA
  61. //#define HAVE_THREAD_LS
  62. #define WOLFSSL_KEY_GEN
  63. #define HAVE_AESGCM
  64. #define HAVE_HASHDRBG
  65. #define WOLFSSL_SHA384
  66. #define WOLFSSL_SHA512
  67. #define NO_PSK
  68. #define NO_RC4
  69. //#define NO_DSA
  70. #define NO_MD4
  71. #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
  72. /* ------------------------------------------------------------------------- */
  73. /* Crypto */
  74. /* ------------------------------------------------------------------------- */
  75. #define USE_CERT_BUFFERS_2048
  76. #define USE_CERT_BUFFERS_256
  77. /* RSA */
  78. #undef NO_RSA
  79. #if 1
  80. #ifdef USE_FAST_MATH
  81. /* Maximum math bits (Max RSA key bits * 2) */
  82. #undef FP_MAX_BITS
  83. #define FP_MAX_BITS 8192
  84. #endif
  85. /* half as much memory but twice as slow */
  86. #undef RSA_LOW_MEM
  87. //#define RSA_LOW_MEM
  88. /* Enables blinding mode, to prevent timing attacks */
  89. #if 0
  90. #undef WC_RSA_BLINDING
  91. #define WC_RSA_BLINDING
  92. #else
  93. #undef WC_NO_HARDEN
  94. #define WC_NO_HARDEN
  95. #endif
  96. /* RSA PSS Support */
  97. #if 1
  98. #define WC_RSA_PSS
  99. #endif
  100. #if 1
  101. #define WC_RSA_NO_PADDING
  102. #endif
  103. #else
  104. #define NO_RSA
  105. #endif
  106. /* ECC */
  107. #undef HAVE_ECC
  108. #if 1
  109. #define HAVE_ECC
  110. /* Manually define enabled curves */
  111. #undef ECC_USER_CURVES
  112. //#define ECC_USER_CURVES
  113. #ifdef ECC_USER_CURVES
  114. /* Manual Curve Selection */
  115. //#define HAVE_ECC192
  116. //#define HAVE_ECC224
  117. #undef NO_ECC256
  118. //#define HAVE_ECC384
  119. //#define HAVE_ECC521
  120. #endif
  121. /* Fixed point cache (speeds repeated operations against same private key) */
  122. #undef FP_ECC
  123. //#define FP_ECC
  124. #ifdef FP_ECC
  125. /* Bits / Entries */
  126. #undef FP_ENTRIES
  127. #define FP_ENTRIES 2
  128. #undef FP_LUT
  129. #define FP_LUT 4
  130. #endif
  131. /* Optional ECC calculation method */
  132. /* Note: doubles heap usage, but slightly faster */
  133. #undef ECC_SHAMIR
  134. #define ECC_SHAMIR
  135. /* Reduces heap usage, but slower */
  136. #undef ECC_TIMING_RESISTANT
  137. #define ECC_TIMING_RESISTANT
  138. #ifdef HAVE_FIPS
  139. #undef HAVE_ECC_CDH
  140. #define HAVE_ECC_CDH /* Enable cofactor support */
  141. #undef NO_STRICT_ECDSA_LEN
  142. #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
  143. #undef WOLFSSL_VALIDATE_ECC_IMPORT
  144. #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
  145. #endif
  146. /* Compressed Key Support */
  147. #undef HAVE_COMP_KEY
  148. //#define HAVE_COMP_KEY
  149. /* Use alternate ECC size for ECC math */
  150. #ifdef USE_FAST_MATH
  151. /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
  152. #ifdef NO_RSA
  153. /* Custom fastmath size if not using RSA */
  154. #undef FP_MAX_BITS
  155. #define FP_MAX_BITS (256 * 2)
  156. #else
  157. #undef ALT_ECC_SIZE
  158. #define ALT_ECC_SIZE
  159. /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
  160. //#undef FP_MAX_BITS_ECC
  161. //#define FP_MAX_BITS_ECC (256 * 2)
  162. #endif
  163. /* Speedups specific to curve */
  164. #ifndef NO_ECC256
  165. #undef TFM_ECC256
  166. #define TFM_ECC256
  167. #endif
  168. #endif
  169. #endif
  170. /* AES */
  171. #undef NO_AES
  172. #if 1
  173. #undef HAVE_AES_CBC
  174. #define HAVE_AES_CBC
  175. #undef HAVE_AESGCM
  176. #define HAVE_AESGCM
  177. /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
  178. //#define GCM_SMALL
  179. //#define GCM_WORD32
  180. #define GCM_TABLE
  181. #undef WOLFSSL_AES_DIRECT
  182. #define WOLFSSL_AES_DIRECT
  183. #undef HAVE_AES_ECB
  184. #define HAVE_AES_ECB
  185. #undef WOLFSSL_AES_COUNTER
  186. #define WOLFSSL_AES_COUNTER
  187. #undef HAVE_AESCCM
  188. #define HAVE_AESCCM
  189. #else
  190. #define NO_AES
  191. #endif
  192. /* DES3 */
  193. #undef NO_DES3
  194. #if 1
  195. #else
  196. #define NO_DES3
  197. #endif
  198. /* ------------------------------------------------------------------------- */
  199. /* Hashing */
  200. /* ------------------------------------------------------------------------- */
  201. /* Sha */
  202. #undef NO_SHA
  203. #if 1
  204. /* 1k smaller, but 25% slower */
  205. //#define USE_SLOW_SHA
  206. #else
  207. #define NO_SHA
  208. #endif
  209. /* Sha256 */
  210. #undef NO_SHA256
  211. #if 1
  212. /* not unrolled - ~2k smaller and ~25% slower */
  213. //#define USE_SLOW_SHA256
  214. /* Sha224 */
  215. #if 1
  216. #define WOLFSSL_SHA224
  217. #endif
  218. #else
  219. #define NO_SHA256
  220. #endif
  221. /* Sha512 */
  222. #undef WOLFSSL_SHA512
  223. #if 1
  224. #define WOLFSSL_SHA512
  225. /* Sha384 */
  226. #undef WOLFSSL_SHA384
  227. #if 1
  228. #define WOLFSSL_SHA384
  229. #endif
  230. /* over twice as small, but 50% slower */
  231. //#define USE_SLOW_SHA512
  232. #endif
  233. /* Sha3 */
  234. #undef WOLFSSL_SHA3
  235. #if 1
  236. #define WOLFSSL_SHA3
  237. #endif
  238. /* MD5 */
  239. #undef NO_MD5
  240. #if 0
  241. #else
  242. #define NO_MD5
  243. #endif
  244. /* HKDF */
  245. #undef HAVE_HKDF
  246. #if 1
  247. #define HAVE_HKDF
  248. #endif
  249. /* CMAC */
  250. #undef WOLFSSL_CMAC
  251. #if 1
  252. #define WOLFSSL_CMAC
  253. #endif
  254. /* DH */
  255. #undef NO_DH
  256. #if 1
  257. /* Use table for DH instead of -lm (math) lib dependency */
  258. #if 0
  259. #define WOLFSSL_DH_CONST
  260. #define HAVE_FFDHE_2048
  261. #define HAVE_FFDHE_4096
  262. //#define HAVE_FFDHE_6144
  263. //#define HAVE_FFDHE_8192
  264. #endif
  265. #ifdef HAVE_FIPS
  266. #define WOLFSSL_VALIDATE_FFC_IMPORT
  267. #define HAVE_FFDHE_Q
  268. #endif
  269. #else
  270. #define NO_DH
  271. #endif
  272. #endif /* FIPS v2 */
  273. //#define DEBUG_WOLFSSL
  274. #define NO_MAIN_DRIVER
  275. /* wolfEngine settings */
  276. #define WOLFSSL_PUBLIC_MP
  277. #define NO_WOLFSSL_DIR
  278. //#define WOLFENGINE_DEBUG
  279. /* TODO: Add WE_HAVE_* settings here */
  280. #endif /* _WIN_USER_SETTINGS_H_ */