Crypto++  5.6.4
Free C++ class library of cryptographic schemes
fips140.cpp
1 // fips140.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #ifndef CRYPTOPP_IMPORTS
6 
7 #include "fips140.h"
8 #include "misc.h"
9 #include "trdlocal.h" // needs to be included last for cygwin
10 
11 NAMESPACE_BEGIN(CryptoPP)
12 
13 // Define this to 1 to turn on FIPS 140-2 compliance features, including additional tests during
14 // startup, random number generation, and key generation. These tests may affect performance.
15 #ifndef CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
16 #define CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 0
17 #endif
18 
19 #if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(THREADS_AVAILABLE))
20 #error FIPS 140-2 compliance requires the availability of thread local storage.
21 #endif
22 
23 #if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(OS_RNG_AVAILABLE))
24 #error FIPS 140-2 compliance requires the availability of OS provided RNG.
25 #endif
26 
27 PowerUpSelfTestStatus g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE;
28 
30 {
31  return CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2;
32 }
33 
35 {
36  g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED;
37 }
38 
40 {
41  return g_powerUpSelfTestStatus;
42 }
43 
44 #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
45 ThreadLocalStorage & AccessPowerUpSelfTestInProgress()
46 {
47  static ThreadLocalStorage selfTestInProgress;
48  return selfTestInProgress;
49 }
50 #endif
51 
52 bool PowerUpSelfTestInProgressOnThisThread()
53 {
54 #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
55  return AccessPowerUpSelfTestInProgress().GetValue() != NULL;
56 #else
57  CRYPTOPP_ASSERT(false); // should not be called
58  return false;
59 #endif
60 }
61 
62 void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress)
63 {
64  CRYPTOPP_UNUSED(inProgress);
65 #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
66  AccessPowerUpSelfTestInProgress().SetValue((void *)inProgress);
67 #endif
68 }
69 
70 void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor)
71 {
72  CRYPTOPP_UNUSED(encryptor), CRYPTOPP_UNUSED(decryptor);
73 #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
74  EncryptionPairwiseConsistencyTest(encryptor, decryptor);
75 #endif
76 }
77 
78 void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier)
79 {
80  CRYPTOPP_UNUSED(signer), CRYPTOPP_UNUSED(verifier);
81 #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
82  SignaturePairwiseConsistencyTest(signer, verifier);
83 #endif
84 }
85 
86 NAMESPACE_END
87 
88 #endif
Utility functions for the Crypto++ library.
Interface for public-key signers.
Definition: cryptlib.h:2548
Interface for public-key encryptors.
Definition: cryptlib.h:2356
The self tests were executed via DoPowerUpSelfTest() or DoDllPowerUpSelfTest(), but the result was fa...
Definition: fips140.h:44
bool FIPS_140_2_ComplianceEnabled()
Determines whether the library provides FIPS validated cryptography.
Definition: fips140.cpp:29
Interface for public-key decryptors.
Definition: cryptlib.h:2392
thread local storage
Definition: trdlocal.h:20
void SimulatePowerUpSelfTestFailure()
Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED.
Definition: fips140.cpp:34
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:62
PowerUpSelfTestStatus GetPowerUpSelfTestStatus()
Provides the current power-up self test status.
Definition: fips140.cpp:39
The self tests have not been performed.
Definition: fips140.h:41
Interface for public-key signature verifiers.
Definition: cryptlib.h:2615
Classes and functions for the FIPS 140-2 validated library.
PowerUpSelfTestStatus
Status of the power-up self test.
Definition: fips140.h:38
Crypto++ library namespace.