1
// fips140.cpp - written and placed in the public domain by Wei Dai
5
#ifndef CRYPTOPP_IMPORTS
8
#include "trdlocal.h" // needs to be included last for cygwin
10
NAMESPACE_BEGIN(CryptoPP)
12
// Define this to 1 to turn on FIPS 140-2 compliance features, including additional tests during
13
// startup, random number generation, and key generation. These tests may affect performance.
14
#ifndef CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
15
#define CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 0
18
#if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(THREADS_AVAILABLE))
19
#error FIPS 140-2 compliance requires the availability of thread local storage.
22
#if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(OS_RNG_AVAILABLE))
23
#error FIPS 140-2 compliance requires the availability of OS provided RNG.
26
PowerUpSelfTestStatus g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE;
28
bool FIPS_140_2_ComplianceEnabled()
30
return CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2;
33
void SimulatePowerUpSelfTestFailure()
35
g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED;
38
PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus()
40
return g_powerUpSelfTestStatus;
43
#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
44
ThreadLocalStorage & AccessPowerUpSelfTestInProgress()
46
static ThreadLocalStorage selfTestInProgress;
47
return selfTestInProgress;
51
bool PowerUpSelfTestInProgressOnThisThread()
53
#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
54
return AccessPowerUpSelfTestInProgress().GetValue() != NULL;
56
assert(false); // should not be called
61
void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress)
63
#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
64
AccessPowerUpSelfTestInProgress().SetValue((void *)inProgress);
68
void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor)
70
#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
71
EncryptionPairwiseConsistencyTest(encryptor, decryptor);
75
void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier)
77
#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
78
SignaturePairwiseConsistencyTest(signer, verifier);