wolfssl-w32/examples/configs/user_settings_fipsv5.h

/* user_settings_fipsv5.h
 *
 * Copyright (C) 2006-2023 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

/* should be renamed to user_settings.h for customer use
 * generated from configure options:
 * ./fips-check.sh linuxv5-dev keep
 * XXX-fips-test\wolfssl\options.h
 * ./configure --enable-fips=v5-dev
 *
 * Cleaned up by David Garske
 */


#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H

#ifdef __cplusplus
extern "C" {
#endif

/* FIPS Version 5.3 */
#define HAVE_FIPS
#define HAVE_FIPS_VERSION 5
#define HAVE_FIPS_VERSION_MINOR 3

#define HAVE_HASHDRBG /* NIST Certified DRBG - SHA256 based */
#define HAVE_THREAD_LS

/* Math */
#define USE_FAST_MATH
#define FP_MAX_BITS 16384
#define SP_INT_BITS 8192
#define WOLFSSL_PUBLIC_MP /* expose the mp_ math API's */

/* Timing Resistance */
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WC_RSA_BLINDING

/* FIPS Features */
#define WC_RNG_SEED_CB
#define WOLFSSL_VALIDATE_ECC_IMPORT
#define WOLFSSL_VALIDATE_ECC_KEYGEN
#define WOLFSSL_VALIDATE_FFC_IMPORT

/* TLS Features */
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define HAVE_ENCRYPT_THEN_MAC
#define HAVE_SUPPORTED_CURVES
#define HAVE_EXTENDED_MASTER
#define HAVE_ONE_TIME_AUTH /* TLS extension used with Poly1305 */

/* TLS Resumption */
#define HAVE_SECURE_RENEGOTIATION
#define HAVE_SERVER_RENEGOTIATION_INFO
#define HAVE_SESSION_TICKET

/* Other Features */
#define WOLFSSL_USE_ALIGN
#define WOLFSSL_BASE64_ENCODE
#if 0 /* optionally enable CRL (Certificate Revocation List) */
    #define HAVE_CRL
#endif
#define HAVE_EXT_CACHE
#define WOLFSSL_VERIFY_CB_ALL_CERTS
#define WOLFSSL_ALWAYS_VERIFY_CB
#define WOLFSSL_DH_EXTRA /* DHE ASN.1 key import/export support */

#ifndef WOLFSSL_WOLFSSH /* ifndef check required due to configure already generating flag */
#define WOLFSSL_WOLFSSH
#endif

/* Compatibility Layer */
#define OPENSSL_EXTRA
#if 0 /* if full suite of compatibility API's are needed */
    #define OPENSSL_ALL
#endif

/* DH */
#undef  NO_DH
#define HAVE_FFDHE_Q
#define HAVE_FFDHE_2048
#define HAVE_FFDHE_3072
#define HAVE_FFDHE_4096
#define HAVE_FFDHE_6144
#define HAVE_FFDHE_8192
#define HAVE_DH_DEFAULT_PARAMS
#define HAVE_PUBLIC_FFDHE

/* ECC */
#define HAVE_ECC
#define TFM_ECC256
#define ECC_SHAMIR
#define HAVE_ECC_CDH
#define ECC_USER_CURVES
#define HAVE_ECC192
#define HAVE_ECC224
#define HAVE_ECC256
#define HAVE_ECC384
#define HAVE_ECC521
#define WOLFSSL_ECDSA_SET_K

/* RSA */
#undef  NO_RSA
#define WC_RSA_PSS
#define WOLFSSL_KEY_GEN
#define WC_RSA_NO_PADDING

/* AES */
#undef  NO_AES
#define WOLFSSL_AES_COUNTER
#define HAVE_AESCCM
#define HAVE_AES_ECB
#define WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_DIRECT
#define WOLFSSL_AES_OFB
#define HAVE_AESGCM
#define GCM_TABLE_4BIT
#define WOLFSSL_CMAC

/* ChaCha/Poly */
#define HAVE_CHACHA
#define HAVE_POLY1305

/* Hashing */
#undef  NO_SHA
#undef  NO_SHA256
#define WOLFSSL_SHA224
#define WOLFSSL_SHA512
#define WOLFSSL_SHA384
#define WOLFSSL_NO_SHAKE256
#define WOLFSSL_NOSHA512_224
#define WOLFSSL_NOSHA512_256
#define WOLFSSL_SHA3
#define HAVE_HKDF

/* Disabled Features */
#define NO_OLD_TLS
#define NO_PSK

/* Disabled Algorithms */
#define NO_RC4
#define NO_MD4
#define NO_MD5
#define NO_DES3
#define NO_DSA
#define NO_RABBIT
#define NO_HC128
#define WOLFSSL_NO_SHAKE256

/* Debugging */
#if 0
    #define DEBUG_WOLFSSL
#else
    /* #define NO_ERROR_STRINGS */
#endif

#ifdef __cplusplus
}
#endif

#endif /* WOLFSSL_USER_SETTINGS_H */
Import from wolfssl-5.6.6 Upstream: https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable 2024-03-02 03:59:08 +00:00			`/* user_settings_fipsv5.h`
			`*`
			`* Copyright (C) 2006-2023 wolfSSL Inc.`
			`*`
			`* This file is part of wolfSSL.`
			`*`
			`* wolfSSL is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation; either version 2 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* wolfSSL is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not, write to the Free Software`
			`* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA`
			`*/`

			`/* should be renamed to user_settings.h for customer use`
			`* generated from configure options:`
			`* ./fips-check.sh linuxv5-dev keep`
			`* XXX-fips-test\wolfssl\options.h`
			`* ./configure --enable-fips=v5-dev`
			`*`
			`* Cleaned up by David Garske`
			`*/`


			`#ifndef WOLFSSL_USER_SETTINGS_H`
			`#define WOLFSSL_USER_SETTINGS_H`

			`#ifdef __cplusplus`
			`extern "C" {`
			`#endif`

			`/* FIPS Version 5.3 */`
			`#define HAVE_FIPS`
			`#define HAVE_FIPS_VERSION 5`
			`#define HAVE_FIPS_VERSION_MINOR 3`

			`#define HAVE_HASHDRBG /* NIST Certified DRBG - SHA256 based */`
			`#define HAVE_THREAD_LS`

			`/* Math */`
			`#define USE_FAST_MATH`
			`#define FP_MAX_BITS 16384`
			`#define SP_INT_BITS 8192`
			`#define WOLFSSL_PUBLIC_MP /* expose the mp_ math API's */`

			`/* Timing Resistance */`
			`#define TFM_TIMING_RESISTANT`
			`#define ECC_TIMING_RESISTANT`
			`#define WC_RSA_BLINDING`

			`/* FIPS Features */`
			`#define WC_RNG_SEED_CB`
			`#define WOLFSSL_VALIDATE_ECC_IMPORT`
			`#define WOLFSSL_VALIDATE_ECC_KEYGEN`
			`#define WOLFSSL_VALIDATE_FFC_IMPORT`

			`/* TLS Features */`
			`#define WOLFSSL_TLS13`
			`#define HAVE_TLS_EXTENSIONS`
			`#define HAVE_ENCRYPT_THEN_MAC`
			`#define HAVE_SUPPORTED_CURVES`
			`#define HAVE_EXTENDED_MASTER`
			`#define HAVE_ONE_TIME_AUTH /* TLS extension used with Poly1305 */`

			`/* TLS Resumption */`
			`#define HAVE_SECURE_RENEGOTIATION`
			`#define HAVE_SERVER_RENEGOTIATION_INFO`
			`#define HAVE_SESSION_TICKET`

			`/* Other Features */`
			`#define WOLFSSL_USE_ALIGN`
			`#define WOLFSSL_BASE64_ENCODE`
			`#if 0 /* optionally enable CRL (Certificate Revocation List) */`
			`#define HAVE_CRL`
			`#endif`
			`#define HAVE_EXT_CACHE`
			`#define WOLFSSL_VERIFY_CB_ALL_CERTS`
			`#define WOLFSSL_ALWAYS_VERIFY_CB`
			`#define WOLFSSL_DH_EXTRA /* DHE ASN.1 key import/export support */`

			`#ifndef WOLFSSL_WOLFSSH /* ifndef check required due to configure already generating flag */`
			`#define WOLFSSL_WOLFSSH`
			`#endif`

			`/* Compatibility Layer */`
			`#define OPENSSL_EXTRA`
			`#if 0 /* if full suite of compatibility API's are needed */`
			`#define OPENSSL_ALL`
			`#endif`

			`/* DH */`
			`#undef NO_DH`
			`#define HAVE_FFDHE_Q`
			`#define HAVE_FFDHE_2048`
			`#define HAVE_FFDHE_3072`
			`#define HAVE_FFDHE_4096`
			`#define HAVE_FFDHE_6144`
			`#define HAVE_FFDHE_8192`
			`#define HAVE_DH_DEFAULT_PARAMS`
			`#define HAVE_PUBLIC_FFDHE`

			`/* ECC */`
			`#define HAVE_ECC`
			`#define TFM_ECC256`
			`#define ECC_SHAMIR`
			`#define HAVE_ECC_CDH`
			`#define ECC_USER_CURVES`
			`#define HAVE_ECC192`
			`#define HAVE_ECC224`
			`#define HAVE_ECC256`
			`#define HAVE_ECC384`
			`#define HAVE_ECC521`
			`#define WOLFSSL_ECDSA_SET_K`

			`/* RSA */`
			`#undef NO_RSA`
			`#define WC_RSA_PSS`
			`#define WOLFSSL_KEY_GEN`
			`#define WC_RSA_NO_PADDING`

			`/* AES */`
			`#undef NO_AES`
			`#define WOLFSSL_AES_COUNTER`
			`#define HAVE_AESCCM`
			`#define HAVE_AES_ECB`
			`#define WOLFSSL_AES_COUNTER`
			`#define WOLFSSL_AES_DIRECT`
			`#define WOLFSSL_AES_OFB`
			`#define HAVE_AESGCM`
			`#define GCM_TABLE_4BIT`
			`#define WOLFSSL_CMAC`

			`/* ChaCha/Poly */`
			`#define HAVE_CHACHA`
			`#define HAVE_POLY1305`

			`/* Hashing */`
			`#undef NO_SHA`
			`#undef NO_SHA256`
			`#define WOLFSSL_SHA224`
			`#define WOLFSSL_SHA512`
			`#define WOLFSSL_SHA384`
			`#define WOLFSSL_NO_SHAKE256`
			`#define WOLFSSL_NOSHA512_224`
			`#define WOLFSSL_NOSHA512_256`
			`#define WOLFSSL_SHA3`
			`#define HAVE_HKDF`

			`/* Disabled Features */`
			`#define NO_OLD_TLS`
			`#define NO_PSK`

			`/* Disabled Algorithms */`
			`#define NO_RC4`
			`#define NO_MD4`
			`#define NO_MD5`
			`#define NO_DES3`
			`#define NO_DSA`
			`#define NO_RABBIT`
			`#define NO_HC128`
			`#define WOLFSSL_NO_SHAKE256`

			`/* Debugging */`
			`#if 0`
			`#define DEBUG_WOLFSSL`
			`#else`
			`/* #define NO_ERROR_STRINGS */`
			`#endif`

			`#ifdef __cplusplus`
			`}`
			`#endif`

			`#endif /* WOLFSSL_USER_SETTINGS_H */`