Security Scol plugin
Classes | Macros | Typedefs | Enumerations | Functions
fips140.h File Reference

Classes and functions for the FIPS 140-2 validated library. More...

#include "cryptlib.h"
#include "secblock.h"

Go to the source code of this file.

Classes

class  SelfTestFailure
 

Macros

#define CRYPTOPP_DUMMY_DLL_MAC   "MAC_51f34b8db820ae8"
 The placeholder used prior to embedding the actual MAC in the module.
 

Typedefs

typedef PowerUpSelfTestStatus(CRYPTOPP_API * PGetPowerUpSelfTestStatus) ()
 

Enumerations

enum  PowerUpSelfTestStatus { POWER_UP_SELF_TEST_NOT_DONE , POWER_UP_SELF_TEST_FAILED , POWER_UP_SELF_TEST_PASSED }
 Status of the power-up self test. More...
 

Functions

CRYPTOPP_DLL bool CRYPTOPP_API FIPS_140_2_ComplianceEnabled ()
 Determines whether the library provides FIPS validated cryptography.
 
CRYPTOPP_DLL void CRYPTOPP_API DoPowerUpSelfTest (const char *moduleFilename, const byte *expectedModuleMac)
 Performs the power-up self test.
 
CRYPTOPP_DLL void CRYPTOPP_API DoDllPowerUpSelfTest ()
 Performs the power-up self test on the DLL.
 
CRYPTOPP_DLL void CRYPTOPP_API SimulatePowerUpSelfTestFailure ()
 Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED.
 
CRYPTOPP_DLL PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus ()
 Provides the current power-up self test status.
 
CRYPTOPP_DLL MessageAuthenticationCode *CRYPTOPP_API NewIntegrityCheckingMAC ()
 Class object that calculates the MAC on the module.
 
CRYPTOPP_DLL bool CRYPTOPP_API IntegrityCheckModule (const char *moduleFilename, const byte *expectedModuleMac, SecByteBlock *pActualMac=NULLPTR, unsigned long *pMacFileLocation=NULLPTR)
 Verifies the MAC on the module.
 
bool PowerUpSelfTestInProgressOnThisThread ()
 
void SetPowerUpSelfTestInProgressOnThisThread (bool inProgress)
 
void SignaturePairwiseConsistencyTest (const PK_Signer &signer, const PK_Verifier &verifier)
 
void EncryptionPairwiseConsistencyTest (const PK_Encryptor &encryptor, const PK_Decryptor &decryptor)
 
void SignaturePairwiseConsistencyTest_FIPS_140_Only (const PK_Signer &signer, const PK_Verifier &verifier)
 
void EncryptionPairwiseConsistencyTest_FIPS_140_Only (const PK_Encryptor &encryptor, const PK_Decryptor &decryptor)
 

Detailed Description

Classes and functions for the FIPS 140-2 validated library.

The FIPS validated library is only available on Windows as a DLL. Once compiled, the library is always in FIPS mode contingent upon successful execution of DoPowerUpSelfTest() or DoDllPowerUpSelfTest().

See also
Visual Studio and config.h on the Crypto++ wiki.

Definition in file fips140.h.

Macro Definition Documentation

◆ CRYPTOPP_DUMMY_DLL_MAC

#define CRYPTOPP_DUMMY_DLL_MAC   "MAC_51f34b8db820ae8"

The placeholder used prior to embedding the actual MAC in the module.

After the DLL is built but before it is MAC'd, the string CRYPTOPP_DUMMY_DLL_MAC is used as a placeholder for the actual MAC. A post-build step is performed which calculates the MAC of the DLL and embeds it in the module. The actual MAC is written by the cryptest.exe program using the mac_dll subcommand.

Definition at line 108 of file fips140.h.

Typedef Documentation

◆ PGetPowerUpSelfTestStatus

typedef PowerUpSelfTestStatus(CRYPTOPP_API * PGetPowerUpSelfTestStatus) ()

Definition at line 75 of file fips140.h.

Enumeration Type Documentation

◆ PowerUpSelfTestStatus

Status of the power-up self test.

Enumerator
POWER_UP_SELF_TEST_NOT_DONE 

The self tests have not been performed.

POWER_UP_SELF_TEST_FAILED 

The self tests were executed via DoPowerUpSelfTest() or DoDllPowerUpSelfTest(), but the result was failure.

POWER_UP_SELF_TEST_PASSED 

The self tests were executed via DoPowerUpSelfTest() or DoDllPowerUpSelfTest(), and the result was success.

Definition at line 37 of file fips140.h.

Function Documentation

◆ DoDllPowerUpSelfTest()

CRYPTOPP_DLL void CRYPTOPP_API DoDllPowerUpSelfTest ( )

Performs the power-up self test on the DLL.

Performs the power-up self test using the filename of this DLL and the embedded module MAC, and sets the self test status to POWER_UP_SELF_TEST_PASSED or POWER_UP_SELF_TEST_FAILED.

The self tests for an algorithm are performed by the Algorithm class when CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 is defined.

Definition at line 626 of file fipstest.cpp.

◆ DoPowerUpSelfTest()

CRYPTOPP_DLL void CRYPTOPP_API DoPowerUpSelfTest ( const char *  moduleFilename,
const byte expectedModuleMac 
)

Performs the power-up self test.

Parameters
moduleFilenamethe fully qualified name of the module
expectedModuleMacthe expected MAC of the components protected by the integrity check

Performs the power-up self test, and sets the self test status to POWER_UP_SELF_TEST_PASSED or POWER_UP_SELF_TEST_FAILED.

The self tests for an algorithm are performed by the Algorithm class when CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 is defined.

Definition at line 466 of file fipstest.cpp.

◆ EncryptionPairwiseConsistencyTest()

void EncryptionPairwiseConsistencyTest ( const PK_Encryptor encryptor,
const PK_Decryptor decryptor 
)

Definition at line 206 of file fipstest.cpp.

◆ EncryptionPairwiseConsistencyTest_FIPS_140_Only()

void EncryptionPairwiseConsistencyTest_FIPS_140_Only ( const PK_Encryptor encryptor,
const PK_Decryptor decryptor 
)

Definition at line 64 of file fips140.cpp.

◆ FIPS_140_2_ComplianceEnabled()

CRYPTOPP_DLL bool CRYPTOPP_API FIPS_140_2_ComplianceEnabled ( )

Determines whether the library provides FIPS validated cryptography.

Returns
true if FIPS 140-2 validated features were enabled at compile time.

true if FIPS 140-2 validated features were enabled at compile time, false otherwise.

Note
FIPS mode is enabled at compile time. A program or other module cannot arbitrarily enter or exit the mode.

Definition at line 24 of file fips140.cpp.

◆ GetPowerUpSelfTestStatus()

CRYPTOPP_DLL PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus ( )

Provides the current power-up self test status.

Returns
the current power-up self test status

Definition at line 34 of file fips140.cpp.

◆ IntegrityCheckModule()

CRYPTOPP_DLL bool CRYPTOPP_API IntegrityCheckModule ( const char *  moduleFilename,
const byte expectedModuleMac,
SecByteBlock pActualMac = NULLPTR,
unsigned long *  pMacFileLocation = NULLPTR 
)

Verifies the MAC on the module.

Parameters
moduleFilenamethe fully qualified name of the module
expectedModuleMacthe expected MAC of the components protected by the integrity check
pActualMacthe actual MAC of the components calculated by the integrity check
pMacFileLocationthe offset of the MAC in the PE/PE+ module
Returns
true if the MAC is valid, false otherwise

Definition at line 278 of file fipstest.cpp.

◆ NewIntegrityCheckingMAC()

CRYPTOPP_DLL MessageAuthenticationCode *CRYPTOPP_API NewIntegrityCheckingMAC ( )

Class object that calculates the MAC on the module.

Returns
the MAC for the module

Definition at line 272 of file fipstest.cpp.

◆ PowerUpSelfTestInProgressOnThisThread()

bool PowerUpSelfTestInProgressOnThisThread ( )

Definition at line 46 of file fips140.cpp.

◆ SetPowerUpSelfTestInProgressOnThisThread()

void SetPowerUpSelfTestInProgressOnThisThread ( bool  inProgress)

Definition at line 55 of file fips140.cpp.

◆ SignaturePairwiseConsistencyTest()

void SignaturePairwiseConsistencyTest ( const PK_Signer signer,
const PK_Verifier verifier 
)

Definition at line 242 of file fipstest.cpp.

◆ SignaturePairwiseConsistencyTest_FIPS_140_Only()

void SignaturePairwiseConsistencyTest_FIPS_140_Only ( const PK_Signer signer,
const PK_Verifier verifier 
)

Definition at line 73 of file fips140.cpp.

◆ SimulatePowerUpSelfTestFailure()

CRYPTOPP_DLL void CRYPTOPP_API SimulatePowerUpSelfTestFailure ( )

Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED.

Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED to simulate failure.

Definition at line 29 of file fips140.cpp.