/src/cryptopp/fips140.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | // fips140.cpp - originally written and placed in the public domain by Wei Dai |
2 | | |
3 | | #include "pch.h" |
4 | | |
5 | | #ifndef CRYPTOPP_IMPORTS |
6 | | |
7 | | #include "fips140.h" |
8 | | #include "misc.h" |
9 | | |
10 | | NAMESPACE_BEGIN(CryptoPP) |
11 | | |
12 | | // Define this to 1 to turn on FIPS 140-2 compliance features, including additional tests during |
13 | | // startup, random number generation, and key generation. These tests may affect performance. |
14 | | #ifndef CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 |
15 | 24.7k | #define CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 0 |
16 | | #endif |
17 | | |
18 | | #if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(OS_RNG_AVAILABLE)) |
19 | | #error FIPS 140-2 compliance requires the availability of OS provided RNG. |
20 | | #endif |
21 | | |
22 | | PowerUpSelfTestStatus g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE; |
23 | | |
24 | | bool FIPS_140_2_ComplianceEnabled() |
25 | 24.7k | { |
26 | 24.7k | return CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2; |
27 | 24.7k | } |
28 | | |
29 | | void SimulatePowerUpSelfTestFailure() |
30 | 0 | { |
31 | 0 | g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED; |
32 | 0 | } |
33 | | |
34 | | PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus() |
35 | 0 | { |
36 | 0 | return g_powerUpSelfTestStatus; |
37 | 0 | } |
38 | | |
39 | | #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 |
40 | | // One variable for all threads for compatibility. Previously this |
41 | | // was a ThreadLocalStorage variable, which is per-thread. Also see |
42 | | // https://github.com/weidai11/cryptopp/issues/208 |
43 | | static bool s_inProgress = false; |
44 | | #endif |
45 | | |
46 | | bool PowerUpSelfTestInProgressOnThisThread() |
47 | 0 | { |
48 | | #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 |
49 | | return s_inProgress; |
50 | | #else |
51 | 0 | return false; |
52 | 0 | #endif |
53 | 0 | } |
54 | | |
55 | | void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress) |
56 | 0 | { |
57 | | #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 |
58 | | s_inProgress = inProgress; |
59 | | #else |
60 | 0 | CRYPTOPP_UNUSED(inProgress); |
61 | 0 | #endif |
62 | 0 | } |
63 | | |
64 | | void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor) |
65 | 0 | { |
66 | | #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 |
67 | | EncryptionPairwiseConsistencyTest(encryptor, decryptor); |
68 | | #else |
69 | 0 | CRYPTOPP_UNUSED(encryptor), CRYPTOPP_UNUSED(decryptor); |
70 | 0 | #endif |
71 | 0 | } |
72 | | |
73 | | void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier) |
74 | 0 | { |
75 | | #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 |
76 | | SignaturePairwiseConsistencyTest(signer, verifier); |
77 | | #else |
78 | 0 | CRYPTOPP_UNUSED(signer), CRYPTOPP_UNUSED(verifier); |
79 | 0 | #endif |
80 | 0 | } |
81 | | |
82 | | NAMESPACE_END |
83 | | |
84 | | #endif |