Crypto++ 8.2
Free C&
fips140.cpp
1// fips140.cpp - originally written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4
5#ifndef CRYPTOPP_IMPORTS
6
7#include "fips140.h"
8#include "misc.h"
9
10NAMESPACE_BEGIN(CryptoPP)
11
12// Define this to 1 to turn on FIPS 140-2 compliance features, including additional tests during
13// startup, random number generation, and key generation. These tests may affect performance.
14#ifndef CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
15#define CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 0
16#endif
17
18#if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(OS_RNG_AVAILABLE))
19#error FIPS 140-2 compliance requires the availability of OS provided RNG.
20#endif
21
23
24bool FIPS_140_2_ComplianceEnabled()
25{
26 return CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2;
27}
28
29void SimulatePowerUpSelfTestFailure()
30{
31 g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED;
32}
33
34PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus()
35{
36 return g_powerUpSelfTestStatus;
37}
38
39#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
40// One variable for all threads for compatibility. Previously this
41// was a ThreadLocalStorage variable, which is per-thread. Also see
42// https://github.com/weidai11/cryptopp/issues/208
43static bool s_inProgress = false;
44#endif
45
46bool PowerUpSelfTestInProgressOnThisThread()
47{
48#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
49 return s_inProgress;
50#endif
51 return false;
52}
53
54void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress)
55{
56 CRYPTOPP_UNUSED(inProgress);
57#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
58 s_inProgress = inProgress;
59#endif
60}
61
62void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor)
63{
64 CRYPTOPP_UNUSED(encryptor), CRYPTOPP_UNUSED(decryptor);
65#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
66 EncryptionPairwiseConsistencyTest(encryptor, decryptor);
67#endif
68}
69
70void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier)
71{
72 CRYPTOPP_UNUSED(signer), CRYPTOPP_UNUSED(verifier);
73#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
74 SignaturePairwiseConsistencyTest(signer, verifier);
75#endif
76}
77
78NAMESPACE_END
79
80#endif
Interface for public-key decryptors.
Definition: cryptlib.h:2618
Interface for public-key encryptors.
Definition: cryptlib.h:2583
Interface for public-key signers.
Definition: cryptlib.h:2762
Interface for public-key signature verifiers.
Definition: cryptlib.h:2826
Classes and functions for the FIPS 140-2 validated library.
PowerUpSelfTestStatus
Status of the power-up self test.
Definition: fips140.h:37
@ POWER_UP_SELF_TEST_NOT_DONE
The self tests have not been performed.
Definition: fips140.h:40
@ POWER_UP_SELF_TEST_FAILED
The self tests were executed via DoPowerUpSelfTest() or DoDllPowerUpSelfTest(), but the result was fa...
Definition: fips140.h:43
Utility functions for the Crypto++ library.
Crypto++ library namespace.
Precompiled header file.