1 #ifndef _WIN_USER_SETTINGS_H_ 2 #define _WIN_USER_SETTINGS_H_ 3 4 /* For FIPS Ready, uncomment the following: */ 5 /* #define WOLFSSL_FIPS_READY */ 6 #ifdef WOLFSSL_FIPS_READY 7 #undef HAVE_FIPS_VERSION 8 #define HAVE_FIPS_VERSION 3 9 #endif 10 11 12 /* Verify this is Windows */ 13 #ifndef _WIN32 14 #error This user_settings.h header is only designed for Windows 15 #endif 16 17 /* Configurations */ 18 #define WOLFCRYPT_ONLY 19 20 #undef USE_FAST_MATH 21 #if 1 22 #define USE_FAST_MATH 23 24 #undef TFM_TIMING_RESISTANT 25 #define TFM_TIMING_RESISTANT 26 27 /* Optimizations */ 28 //#define TFM_ARM 29 #endif 30 31 /* Wolf Single Precision Math */ 32 #undef WOLFSSL_SP 33 #if 0 34 #define WOLFSSL_SP 35 //#define WOLFSSL_SP_SMALL /* use smaller version of code */ 36 #define WOLFSSL_HAVE_SP_RSA 37 #define WOLFSSL_HAVE_SP_DH 38 #define WOLFSSL_HAVE_SP_ECC 39 //#define WOLFSSL_SP_CACHE_RESISTANT 40 //#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */ 41 42 /* SP Assembly Speedups */ 43 //#define WOLFSSL_SP_ASM /* required if using the ASM versions */ 44 //#define WOLFSSL_SP_ARM32_ASM 45 //#define WOLFSSL_SP_ARM64_ASM 46 //#define WOLFSSL_SP_ARM_THUMB_ASM 47 //#define WOLFSSL_SP_ARM_CORTEX_M_ASM 48 #endif 49 50 /* ------------------------------------------------------------------------- */ 51 /* FIPS - Requires eval or license from wolfSSL */ 52 /* ------------------------------------------------------------------------- */ 53 #undef HAVE_FIPS 54 #if 1 55 #define HAVE_FIPS 56 57 #undef HAVE_FIPS_VERSION 58 #define HAVE_FIPS_VERSION 2 59 60 #ifdef SINGLE_THREADED 61 #undef NO_THREAD_LS 62 #define NO_THREAD_LS 63 #else 64 #ifndef USE_WINDOWS_API 65 #define USE_WINDOWS_API 66 #endif 67 #endif 68 69 #undef NO_ATTRIBUTE_CONSTRUCTOR 70 //#define NO_ATTRIBUTE_CONSTRUCTOR 71 72 #endif 73 74 75 /* FIPS */ 76 //#define OPENSSL_EXTRA 77 //#define HAVE_THREAD_LS 78 #define WOLFSSL_KEY_GEN 79 #define HAVE_AESGCM 80 #define HAVE_HASHDRBG 81 #define WOLFSSL_SHA384 82 #define WOLFSSL_SHA512 83 #define NO_PSK 84 #define NO_HC128 85 #define NO_RC4 86 #define NO_RABBIT 87 //#define NO_DSA 88 #define NO_MD4 89 90 #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) 91 /* ------------------------------------------------------------------------- */ 92 /* Crypto */ 93 /* ------------------------------------------------------------------------- */ 94 #define USE_CERT_BUFFERS_2048 95 #define USE_CERT_BUFFERS_256 96 /* RSA */ 97 #undef NO_RSA 98 #if 1 99 #ifdef USE_FAST_MATH 100 /* Maximum math bits (Max RSA key bits * 2) */ 101 #undef FP_MAX_BITS 102 #define FP_MAX_BITS 8192 103 #endif 104 105 /* half as much memory but twice as slow */ 106 #undef RSA_LOW_MEM 107 //#define RSA_LOW_MEM 108 109 /* Enables blinding mode, to prevent timing attacks */ 110 #if 0 111 #undef WC_RSA_BLINDING 112 #define WC_RSA_BLINDING 113 #else 114 #undef WC_NO_HARDEN 115 #define WC_NO_HARDEN 116 #endif 117 118 /* RSA PSS Support */ 119 #if 1 120 #define WC_RSA_PSS 121 #endif 122 123 #if 1 124 #define WC_RSA_NO_PADDING 125 #endif 126 #else 127 #define NO_RSA 128 #endif 129 /* ECC */ 130 #undef HAVE_ECC 131 #if 1 132 #define HAVE_ECC 133 134 /* Manually define enabled curves */ 135 #undef ECC_USER_CURVES 136 //#define ECC_USER_CURVES 137 138 #ifdef ECC_USER_CURVES 139 /* Manual Curve Selection */ 140 //#define HAVE_ECC192 141 //#define HAVE_ECC224 142 #undef NO_ECC256 143 //#define HAVE_ECC384 144 //#define HAVE_ECC521 145 #endif 146 147 /* Fixed point cache (speeds repeated operations against same private key) */ 148 #undef FP_ECC 149 //#define FP_ECC 150 #ifdef FP_ECC 151 /* Bits / Entries */ 152 #undef FP_ENTRIES 153 #define FP_ENTRIES 2 154 #undef FP_LUT 155 #define FP_LUT 4 156 #endif 157 158 /* Optional ECC calculation method */ 159 /* Note: doubles heap usage, but slightly faster */ 160 #undef ECC_SHAMIR 161 #define ECC_SHAMIR 162 163 /* Reduces heap usage, but slower */ 164 #undef ECC_TIMING_RESISTANT 165 #define ECC_TIMING_RESISTANT 166 167 #ifdef HAVE_FIPS 168 #undef HAVE_ECC_CDH 169 #define HAVE_ECC_CDH /* Enable cofactor support */ 170 171 #undef NO_STRICT_ECDSA_LEN 172 #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */ 173 174 #undef WOLFSSL_VALIDATE_ECC_IMPORT 175 #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */ 176 #endif 177 178 /* Compressed Key Support */ 179 #undef HAVE_COMP_KEY 180 //#define HAVE_COMP_KEY 181 182 /* Use alternate ECC size for ECC math */ 183 #ifdef USE_FAST_MATH 184 /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ 185 #ifdef NO_RSA 186 /* Custom fastmath size if not using RSA */ 187 #undef FP_MAX_BITS 188 #define FP_MAX_BITS (256 * 2) 189 #else 190 #undef ALT_ECC_SIZE 191 #define ALT_ECC_SIZE 192 /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */ 193 //#undef FP_MAX_BITS_ECC 194 //#define FP_MAX_BITS_ECC (256 * 2) 195 #endif 196 197 /* Speedups specific to curve */ 198 #ifndef NO_ECC256 199 #undef TFM_ECC256 200 #define TFM_ECC256 201 #endif 202 #endif 203 #endif 204 205 /* AES */ 206 #undef NO_AES 207 #if 1 208 #undef HAVE_AES_CBC 209 #define HAVE_AES_CBC 210 211 #undef HAVE_AESGCM 212 #define HAVE_AESGCM 213 214 /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ 215 //#define GCM_SMALL 216 //#define GCM_WORD32 217 #define GCM_TABLE 218 219 #undef WOLFSSL_AES_DIRECT 220 #define WOLFSSL_AES_DIRECT 221 222 #undef HAVE_AES_ECB 223 #define HAVE_AES_ECB 224 225 #undef WOLFSSL_AES_COUNTER 226 #define WOLFSSL_AES_COUNTER 227 228 #undef HAVE_AESCCM 229 #define HAVE_AESCCM 230 231 #else 232 #define NO_AES 233 #endif 234 235 236 /* DES3 */ 237 #undef NO_DES3 238 #if 1 239 #else 240 #define NO_DES3 241 #endif 242 243 /* ------------------------------------------------------------------------- */ 244 /* Hashing */ 245 /* ------------------------------------------------------------------------- */ 246 /* Sha */ 247 #undef NO_SHA 248 #if 1 249 /* 1k smaller, but 25% slower */ 250 //#define USE_SLOW_SHA 251 #else 252 #define NO_SHA 253 #endif 254 255 /* Sha256 */ 256 #undef NO_SHA256 257 #if 1 258 /* not unrolled - ~2k smaller and ~25% slower */ 259 //#define USE_SLOW_SHA256 260 261 /* Sha224 */ 262 #if 1 263 #define WOLFSSL_SHA224 264 #endif 265 #else 266 #define NO_SHA256 267 #endif 268 269 /* Sha512 */ 270 #undef WOLFSSL_SHA512 271 #if 1 272 #define WOLFSSL_SHA512 273 274 /* Sha384 */ 275 #undef WOLFSSL_SHA384 276 #if 1 277 #define WOLFSSL_SHA384 278 #endif 279 280 /* over twice as small, but 50% slower */ 281 //#define USE_SLOW_SHA512 282 #endif 283 284 /* Sha3 */ 285 #undef WOLFSSL_SHA3 286 #if 1 287 #define WOLFSSL_SHA3 288 #endif 289 290 /* MD5 */ 291 #undef NO_MD5 292 #if 0 293 294 #else 295 #define NO_MD5 296 #endif 297 298 /* HKDF */ 299 #undef HAVE_HKDF 300 #if 1 301 #define HAVE_HKDF 302 #endif 303 304 /* CMAC */ 305 #undef WOLFSSL_CMAC 306 #if 1 307 #define WOLFSSL_CMAC 308 #endif 309 310 /* DH */ 311 #undef NO_DH 312 #if 1 313 /* Use table for DH instead of -lm (math) lib dependency */ 314 #if 0 315 #define WOLFSSL_DH_CONST 316 #define HAVE_FFDHE_2048 317 #define HAVE_FFDHE_4096 318 //#define HAVE_FFDHE_6144 319 //#define HAVE_FFDHE_8192 320 #endif 321 322 #ifdef HAVE_FIPS 323 #define WOLFSSL_VALIDATE_FFC_IMPORT 324 #define HAVE_FFDHE_Q 325 #endif 326 #else 327 #define NO_DH 328 #endif 329 #endif /* FIPS v2 */ 330 331 //#define DEBUG_WOLFSSL 332 #define NO_MAIN_DRIVER 333 334 /* wolfEngine settings */ 335 #define WOLFSSL_PUBLIC_MP 336 #define NO_WOLFSSL_DIR 337 338 //#define WOLFENGINE_DEBUG 339 /* TODO: Add WE_HAVE_* settings here */ 340 341 #endif /* _WIN_USER_SETTINGS_H_ */ 342