1// fips140.cpp - written and placed in the public domain by Wei Dai 2 3#include "pch.h" 4 5#ifndef CRYPTOPP_IMPORTS 6 7#include "fips140.h" 8#include "trdlocal.h" // needs to be included last for cygwin 9 10NAMESPACE_BEGIN(CryptoPP) 11 12// Define this to 1 to turn on FIPS 140-2 compliance features, including additional tests during 13// startup, random number generation, and key generation. These tests may affect performance. 14#ifndef CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 15#define CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 0 16#endif 17 18#if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(THREADS_AVAILABLE)) 19#error FIPS 140-2 compliance requires the availability of thread local storage. 20#endif 21 22#if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(OS_RNG_AVAILABLE)) 23#error FIPS 140-2 compliance requires the availability of OS provided RNG. 24#endif 25 26PowerUpSelfTestStatus g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE; 27 28bool FIPS_140_2_ComplianceEnabled() 29{ 30 return CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2; 31} 32 33void SimulatePowerUpSelfTestFailure() 34{ 35 g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED; 36} 37 38PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus() 39{ 40 return g_powerUpSelfTestStatus; 41} 42 43#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 44ThreadLocalStorage & AccessPowerUpSelfTestInProgress() 45{ 46 static ThreadLocalStorage selfTestInProgress; 47 return selfTestInProgress; 48} 49#endif 50 51bool PowerUpSelfTestInProgressOnThisThread() 52{ 53#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 54 return AccessPowerUpSelfTestInProgress().GetValue() != NULL; 55#else 56 assert(false); // should not be called 57 return false; 58#endif 59} 60 61void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress) 62{ 63#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 64 AccessPowerUpSelfTestInProgress().SetValue((void *)inProgress); 65#endif 66} 67 68void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor) 69{ 70#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 71 EncryptionPairwiseConsistencyTest(encryptor, decryptor); 72#endif 73} 74 75void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier) 76{ 77#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 78 SignaturePairwiseConsistencyTest(signer, verifier); 79#endif 80} 81 82NAMESPACE_END 83 84#endif 85