Crypto++ 8.9
Free C++ class library of cryptographic schemes
fips140.cpp
1// fips140.cpp - originally written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4
5#ifndef CRYPTOPP_IMPORTS
6
7#include "fips140.h"
8#include "misc.h"
9
10NAMESPACE_BEGIN(CryptoPP)
11
12// Define this to 1 to turn on FIPS 140-2 compliance features, including additional tests during
13// startup, random number generation, and key generation. These tests may affect performance.
14#ifndef CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
15#define CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 0
16#endif
17
18#if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(OS_RNG_AVAILABLE))
19#error FIPS 140-2 compliance requires the availability of OS provided RNG.
20#endif
21
23
25{
26 return CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2;
27}
28
30{
31 g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED;
32}
33
35{
36 return g_powerUpSelfTestStatus;
37}
38
39#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
40// One variable for all threads for compatibility. Previously this
41// was a ThreadLocalStorage variable, which is per-thread. Also see
42// https://github.com/weidai11/cryptopp/issues/208
43static bool s_inProgress = false;
44#endif
45
46bool PowerUpSelfTestInProgressOnThisThread()
47{
48#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
49 return s_inProgress;
50#else
51 return false;
52#endif
53}
54
55void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress)
56{
57#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
58 s_inProgress = inProgress;
59#else
60 CRYPTOPP_UNUSED(inProgress);
61#endif
62}
63
64void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor)
65{
66#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
67 EncryptionPairwiseConsistencyTest(encryptor, decryptor);
68#else
69 CRYPTOPP_UNUSED(encryptor), CRYPTOPP_UNUSED(decryptor);
70#endif
71}
72
73void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier)
74{
75#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
76 SignaturePairwiseConsistencyTest(signer, verifier);
77#else
78 CRYPTOPP_UNUSED(signer), CRYPTOPP_UNUSED(verifier);
79#endif
80}
81
82NAMESPACE_END
83
84#endif
Interface for public-key decryptors.
Definition cryptlib.h:2738
Interface for public-key encryptors.
Definition cryptlib.h:2703
Interface for public-key signers.
Definition cryptlib.h:2882
Interface for public-key signature verifiers.
Definition cryptlib.h:2946
#define CRYPTOPP_API
Win32 calling convention.
Definition config_dll.h:119
Classes and functions for the FIPS 140-2 validated library.
CRYPTOPP_DLL bool FIPS_140_2_ComplianceEnabled()
Determines whether the library provides FIPS validated cryptography.
CRYPTOPP_DLL PowerUpSelfTestStatus GetPowerUpSelfTestStatus()
Provides the current power-up self test status.
PowerUpSelfTestStatus
Status of the power-up self test.
Definition fips140.h:37
@ POWER_UP_SELF_TEST_NOT_DONE
The self tests have not been performed.
Definition fips140.h:40
@ POWER_UP_SELF_TEST_FAILED
The self tests were executed via DoPowerUpSelfTest() or DoDllPowerUpSelfTest(), but the result was fa...
Definition fips140.h:43
CRYPTOPP_DLL void SimulatePowerUpSelfTestFailure()
Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED.
Utility functions for the Crypto++ library.
Crypto++ library namespace.
Precompiled header file.