Crypto++
fips140.cpp
1 // fips140.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #ifndef CRYPTOPP_IMPORTS
6 
7 #include "fips140.h"
8 #include "trdlocal.h" // needs to be included last for cygwin
9 
10 NAMESPACE_BEGIN(CryptoPP)
11 
12 // Define this to 1 to turn on FIPS 140-2 compliance features, including additional tests during
13 // startup, random number generation, and key generation. These tests may affect performance.
14 #ifndef CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
15 #define CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 0
16 #endif
17 
18 #if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(THREADS_AVAILABLE))
19 #error FIPS 140-2 compliance requires the availability of thread local storage.
20 #endif
21 
22 #if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(OS_RNG_AVAILABLE))
23 #error FIPS 140-2 compliance requires the availability of OS provided RNG.
24 #endif
25 
26 PowerUpSelfTestStatus g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE;
27 
29 {
30  return CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2;
31 }
32 
34 {
35  g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED;
36 }
37 
39 {
40  return g_powerUpSelfTestStatus;
41 }
42 
43 #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
44 ThreadLocalStorage & AccessPowerUpSelfTestInProgress()
45 {
46  static ThreadLocalStorage selfTestInProgress;
47  return selfTestInProgress;
48 }
49 #endif
50 
51 bool PowerUpSelfTestInProgressOnThisThread()
52 {
53 #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
54  return AccessPowerUpSelfTestInProgress().GetValue() != NULL;
55 #else
56  assert(false); // should not be called
57  return false;
58 #endif
59 }
60 
61 void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress)
62 {
63 #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
64  AccessPowerUpSelfTestInProgress().SetValue((void *)inProgress);
65 #endif
66 }
67 
68 void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor)
69 {
70 #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
71  EncryptionPairwiseConsistencyTest(encryptor, decryptor);
72 #endif
73 }
74 
75 void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier)
76 {
77 #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
78  SignaturePairwiseConsistencyTest(signer, verifier);
79 #endif
80 }
81 
82 NAMESPACE_END
83 
84 #endif
interface for public-key signers
Definition: cryptlib.h:1347
interface for public-key encryptors
Definition: cryptlib.h:1224
bool FIPS_140_2_ComplianceEnabled()
returns whether FIPS 140-2 compliance features were enabled at compile time
Definition: fips140.cpp:28
interface for public-key decryptors
Definition: cryptlib.h:1252
thread local storage
Definition: trdlocal.h:20
void SimulatePowerUpSelfTestFailure()
set the power-up self test status to POWER_UP_SELF_TEST_FAILED
Definition: fips140.cpp:33
PowerUpSelfTestStatus GetPowerUpSelfTestStatus()
return the current power-up self test status
Definition: fips140.cpp:38
interface for public-key signature verifiers
Definition: cryptlib.h:1388
PowerUpSelfTestStatus
enum values representing status of the power-up self test
Definition: fips140.h:24