RISCI_ATOM
/
wolfssl
зеркало из https://github.com/wolfSSL/wolfssl.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340
							#ifndef _WIN_USER_SETTINGS_H_
#define _WIN_USER_SETTINGS_H_

/* For FIPS Ready, uncomment the following: */
/* #define WOLFSSL_FIPS_READY */
#ifdef WOLFSSL_FIPS_READY
    #undef HAVE_FIPS_VERSION
    #define HAVE_FIPS_VERSION 3
#endif


/* Verify this is Windows */
#ifndef _WIN32
#error This user_settings.h header is only designed for Windows
#endif

/* Configurations */
#define WOLFCRYPT_ONLY

#undef USE_FAST_MATH
#if 1
    #define USE_FAST_MATH

    #undef  TFM_TIMING_RESISTANT
    #define TFM_TIMING_RESISTANT

    /* Optimizations */
    //#define TFM_ARM
#endif

/* Wolf Single Precision Math */
#undef WOLFSSL_SP
#if 0
    #define WOLFSSL_SP
    //#define WOLFSSL_SP_SMALL      /* use smaller version of code */
    #define WOLFSSL_HAVE_SP_RSA
    #define WOLFSSL_HAVE_SP_DH
    #define WOLFSSL_HAVE_SP_ECC
    //#define WOLFSSL_SP_CACHE_RESISTANT
    //#define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */

    /* SP Assembly Speedups */
    //#define WOLFSSL_SP_ASM      /* required if using the ASM versions */
    //#define WOLFSSL_SP_ARM32_ASM
    //#define WOLFSSL_SP_ARM64_ASM
    //#define WOLFSSL_SP_ARM_THUMB_ASM
    //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#endif

/* ------------------------------------------------------------------------- */
/* FIPS - Requires eval or license from wolfSSL */
/* ------------------------------------------------------------------------- */
#undef  HAVE_FIPS
#if 1
    #define HAVE_FIPS

    #undef  HAVE_FIPS_VERSION
    #define HAVE_FIPS_VERSION 2

    #ifdef SINGLE_THREADED
        #undef  NO_THREAD_LS
        #define NO_THREAD_LS
    #else
		#ifndef USE_WINDOWS_API
			#define USE_WINDOWS_API
		#endif
    #endif

    #undef NO_ATTRIBUTE_CONSTRUCTOR
    //#define NO_ATTRIBUTE_CONSTRUCTOR

#endif


/* FIPS */
//#define OPENSSL_EXTRA
//#define HAVE_THREAD_LS
#define WOLFSSL_KEY_GEN
#define HAVE_AESGCM
#define HAVE_HASHDRBG
#define WOLFSSL_SHA384
#define WOLFSSL_SHA512
#define NO_PSK
#define NO_HC128
#define NO_RC4
#define NO_RABBIT
//#define NO_DSA
#define NO_MD4

#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
    #define WOLFSSL_SHA224
    #define WOLFSSL_SHA3
	/* ------------------------------------------------------------------------- */
	/* Crypto */
	/* ------------------------------------------------------------------------- */
    #define USE_CERT_BUFFERS_2048
    #define USE_CERT_BUFFERS_256
	/* RSA */
	#undef NO_RSA
	#if 1
		#ifdef USE_FAST_MATH
			/* Maximum math bits (Max RSA key bits * 2) */
			#undef  FP_MAX_BITS
			#define FP_MAX_BITS     8192
		#endif

		/* half as much memory but twice as slow */
		#undef  RSA_LOW_MEM
		//#define RSA_LOW_MEM

		/* Enables blinding mode, to prevent timing attacks */
		#if 0
			#undef  WC_RSA_BLINDING
			#define WC_RSA_BLINDING
		#else
			#undef  WC_NO_HARDEN
			#define WC_NO_HARDEN
		#endif

		/* RSA PSS Support */
		#if 1
			#define WC_RSA_PSS
		#endif

		#if 1
			#define WC_RSA_NO_PADDING
		#endif
	#else
		#define NO_RSA
	#endif
	/* ECC */
	#undef HAVE_ECC
	#if 1
		#define HAVE_ECC

		/* Manually define enabled curves */
		#undef  ECC_USER_CURVES
		//#define ECC_USER_CURVES

		#ifdef ECC_USER_CURVES
			/* Manual Curve Selection */
			//#define HAVE_ECC192
			//#define HAVE_ECC224
			#undef NO_ECC256
			//#define HAVE_ECC384
			//#define HAVE_ECC521
		#endif

		/* Fixed point cache (speeds repeated operations against same private key) */
		#undef  FP_ECC
		//#define FP_ECC
		#ifdef FP_ECC
			/* Bits / Entries */
			#undef  FP_ENTRIES
			#define FP_ENTRIES  2
			#undef  FP_LUT
			#define FP_LUT      4
		#endif

		/* Optional ECC calculation method */
		/* Note: doubles heap usage, but slightly faster */
		#undef  ECC_SHAMIR
		#define ECC_SHAMIR

		/* Reduces heap usage, but slower */
		#undef  ECC_TIMING_RESISTANT
		#define ECC_TIMING_RESISTANT

		#ifdef HAVE_FIPS
			#undef  HAVE_ECC_CDH
			#define HAVE_ECC_CDH /* Enable cofactor support */

			#undef NO_STRICT_ECDSA_LEN
			#define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */

			#undef  WOLFSSL_VALIDATE_ECC_IMPORT
			#define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
		#endif

		/* Compressed Key Support */
		#undef  HAVE_COMP_KEY
		//#define HAVE_COMP_KEY

		/* Use alternate ECC size for ECC math */
		#ifdef USE_FAST_MATH
			/* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
			#ifdef NO_RSA
				/* Custom fastmath size if not using RSA */
				#undef  FP_MAX_BITS
				#define FP_MAX_BITS     (256 * 2)
			#else
				#undef  ALT_ECC_SIZE
				#define ALT_ECC_SIZE
				/* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
				//#undef  FP_MAX_BITS_ECC
				//#define FP_MAX_BITS_ECC (256 * 2)
			#endif

			/* Speedups specific to curve */
			#ifndef NO_ECC256
				#undef  TFM_ECC256
				#define TFM_ECC256
			#endif
		#endif
	#endif

	/* AES */
	#undef NO_AES
	#if 1
		#undef  HAVE_AES_CBC
		#define HAVE_AES_CBC

		#undef  HAVE_AESGCM
		#define HAVE_AESGCM

		/* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
		//#define GCM_SMALL
        //#define GCM_WORD32
        #define GCM_TABLE

		#undef  WOLFSSL_AES_DIRECT
		#define WOLFSSL_AES_DIRECT

		#undef  HAVE_AES_ECB
		#define HAVE_AES_ECB

		#undef  WOLFSSL_AES_COUNTER
		#define WOLFSSL_AES_COUNTER

		#undef  HAVE_AESCCM
		#define HAVE_AESCCM

	#else
		#define NO_AES
	#endif


	/* DES3 */
	#undef NO_DES3
	#if 1
	#else
		#define NO_DES3
	#endif

	/* ------------------------------------------------------------------------- */
	/* Hashing */
	/* ------------------------------------------------------------------------- */
	/* Sha */
	#undef NO_SHA
	#if 1
		/* 1k smaller, but 25% slower */
		//#define USE_SLOW_SHA
	#else
		#define NO_SHA
	#endif

	/* Sha256 */
	#undef NO_SHA256
	#if 1
		/* not unrolled - ~2k smaller and ~25% slower */
		//#define USE_SLOW_SHA256

		/* Sha224 */
		#if 1
			#define WOLFSSL_SHA224
		#endif
	#else
		#define NO_SHA256
	#endif

	/* Sha512 */
	#undef WOLFSSL_SHA512
	#if 1
		#define WOLFSSL_SHA512

		/* Sha384 */
		#undef  WOLFSSL_SHA384
		#if 1
			#define WOLFSSL_SHA384
		#endif

		/* over twice as small, but 50% slower */
		//#define USE_SLOW_SHA512
	#endif

	/* Sha3 */
	#undef WOLFSSL_SHA3
	#if 1
		#define WOLFSSL_SHA3
	#endif

	/* MD5 */
	#undef  NO_MD5
	#if 1

	#else
		#define NO_MD5
	#endif

	/* HKDF */
	#undef HAVE_HKDF
	#if 1
		#define HAVE_HKDF
	#endif

	/* CMAC */
	#undef WOLFSSL_CMAC
	#if 1
		#define WOLFSSL_CMAC
	#endif

	/* DH */
	#undef  NO_DH
	#if 1
		/* Use table for DH instead of -lm (math) lib dependency */
		#if 0
			#define WOLFSSL_DH_CONST
			#define HAVE_FFDHE_2048
			#define HAVE_FFDHE_4096
			//#define HAVE_FFDHE_6144
			//#define HAVE_FFDHE_8192
		#endif

		#ifdef HAVE_FIPS
			#define WOLFSSL_VALIDATE_FFC_IMPORT
			#define HAVE_FFDHE_Q
		#endif
	#else
		#define NO_DH
	#endif
    //#define WOLFSSL_AESNI
    //#define HAVE_INTEL_RDSEED
    //#define FORCE_FAILURE_RDSEED
    //#define HAVE_FORCE_FIPS_FAILURE
#endif /* FIPS v2 */

//#define DEBUG_WOLFSSL
#define NO_MAIN_DRIVER
//#define CAVP_VECTOR_TESTING
#endif /* _WIN_USER_SETTINGS_H_ */