Security Scol plugin
|
Classes and functions for the FIPS 140-2 validated library. More...
Go to the source code of this file.
Classes | |
class | SelfTestFailure |
Macros | |
#define | CRYPTOPP_DUMMY_DLL_MAC "MAC_51f34b8db820ae8" |
The placeholder used prior to embedding the actual MAC in the module. | |
Typedefs | |
typedef PowerUpSelfTestStatus(CRYPTOPP_API * | PGetPowerUpSelfTestStatus) () |
Enumerations | |
enum | PowerUpSelfTestStatus { POWER_UP_SELF_TEST_NOT_DONE , POWER_UP_SELF_TEST_FAILED , POWER_UP_SELF_TEST_PASSED } |
Status of the power-up self test. More... | |
Functions | |
CRYPTOPP_DLL bool CRYPTOPP_API | FIPS_140_2_ComplianceEnabled () |
Determines whether the library provides FIPS validated cryptography. | |
CRYPTOPP_DLL void CRYPTOPP_API | DoPowerUpSelfTest (const char *moduleFilename, const byte *expectedModuleMac) |
Performs the power-up self test. | |
CRYPTOPP_DLL void CRYPTOPP_API | DoDllPowerUpSelfTest () |
Performs the power-up self test on the DLL. | |
CRYPTOPP_DLL void CRYPTOPP_API | SimulatePowerUpSelfTestFailure () |
Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED. | |
CRYPTOPP_DLL PowerUpSelfTestStatus CRYPTOPP_API | GetPowerUpSelfTestStatus () |
Provides the current power-up self test status. | |
CRYPTOPP_DLL MessageAuthenticationCode *CRYPTOPP_API | NewIntegrityCheckingMAC () |
Class object that calculates the MAC on the module. | |
CRYPTOPP_DLL bool CRYPTOPP_API | IntegrityCheckModule (const char *moduleFilename, const byte *expectedModuleMac, SecByteBlock *pActualMac=NULLPTR, unsigned long *pMacFileLocation=NULLPTR) |
Verifies the MAC on the module. | |
bool | PowerUpSelfTestInProgressOnThisThread () |
void | SetPowerUpSelfTestInProgressOnThisThread (bool inProgress) |
void | SignaturePairwiseConsistencyTest (const PK_Signer &signer, const PK_Verifier &verifier) |
void | EncryptionPairwiseConsistencyTest (const PK_Encryptor &encryptor, const PK_Decryptor &decryptor) |
void | SignaturePairwiseConsistencyTest_FIPS_140_Only (const PK_Signer &signer, const PK_Verifier &verifier) |
void | EncryptionPairwiseConsistencyTest_FIPS_140_Only (const PK_Encryptor &encryptor, const PK_Decryptor &decryptor) |
Classes and functions for the FIPS 140-2 validated library.
The FIPS validated library is only available on Windows as a DLL. Once compiled, the library is always in FIPS mode contingent upon successful execution of DoPowerUpSelfTest() or DoDllPowerUpSelfTest().
Definition in file fips140.h.
#define CRYPTOPP_DUMMY_DLL_MAC "MAC_51f34b8db820ae8" |
The placeholder used prior to embedding the actual MAC in the module.
After the DLL is built but before it is MAC'd, the string CRYPTOPP_DUMMY_DLL_MAC is used as a placeholder for the actual MAC. A post-build step is performed which calculates the MAC of the DLL and embeds it in the module. The actual MAC is written by the cryptest.exe
program using the mac_dll
subcommand.
typedef PowerUpSelfTestStatus(CRYPTOPP_API * PGetPowerUpSelfTestStatus) () |
Status of the power-up self test.
Enumerator | |
---|---|
POWER_UP_SELF_TEST_NOT_DONE | The self tests have not been performed. |
POWER_UP_SELF_TEST_FAILED | The self tests were executed via DoPowerUpSelfTest() or DoDllPowerUpSelfTest(), but the result was failure. |
POWER_UP_SELF_TEST_PASSED | The self tests were executed via DoPowerUpSelfTest() or DoDllPowerUpSelfTest(), and the result was success. |
CRYPTOPP_DLL void CRYPTOPP_API DoDllPowerUpSelfTest | ( | ) |
Performs the power-up self test on the DLL.
Performs the power-up self test using the filename of this DLL and the embedded module MAC, and sets the self test status to POWER_UP_SELF_TEST_PASSED or POWER_UP_SELF_TEST_FAILED.
The self tests for an algorithm are performed by the Algorithm class when CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 is defined.
Definition at line 626 of file fipstest.cpp.
CRYPTOPP_DLL void CRYPTOPP_API DoPowerUpSelfTest | ( | const char * | moduleFilename, |
const byte * | expectedModuleMac | ||
) |
Performs the power-up self test.
moduleFilename | the fully qualified name of the module |
expectedModuleMac | the expected MAC of the components protected by the integrity check |
Performs the power-up self test, and sets the self test status to POWER_UP_SELF_TEST_PASSED or POWER_UP_SELF_TEST_FAILED.
The self tests for an algorithm are performed by the Algorithm class when CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 is defined.
Definition at line 466 of file fipstest.cpp.
void EncryptionPairwiseConsistencyTest | ( | const PK_Encryptor & | encryptor, |
const PK_Decryptor & | decryptor | ||
) |
Definition at line 206 of file fipstest.cpp.
void EncryptionPairwiseConsistencyTest_FIPS_140_Only | ( | const PK_Encryptor & | encryptor, |
const PK_Decryptor & | decryptor | ||
) |
Definition at line 64 of file fips140.cpp.
CRYPTOPP_DLL bool CRYPTOPP_API FIPS_140_2_ComplianceEnabled | ( | ) |
Determines whether the library provides FIPS validated cryptography.
true if FIPS 140-2 validated features were enabled at compile time, false otherwise.
Definition at line 24 of file fips140.cpp.
CRYPTOPP_DLL PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus | ( | ) |
Provides the current power-up self test status.
Definition at line 34 of file fips140.cpp.
CRYPTOPP_DLL bool CRYPTOPP_API IntegrityCheckModule | ( | const char * | moduleFilename, |
const byte * | expectedModuleMac, | ||
SecByteBlock * | pActualMac = NULLPTR , |
||
unsigned long * | pMacFileLocation = NULLPTR |
||
) |
Verifies the MAC on the module.
moduleFilename | the fully qualified name of the module |
expectedModuleMac | the expected MAC of the components protected by the integrity check |
pActualMac | the actual MAC of the components calculated by the integrity check |
pMacFileLocation | the offset of the MAC in the PE/PE+ module |
Definition at line 278 of file fipstest.cpp.
CRYPTOPP_DLL MessageAuthenticationCode *CRYPTOPP_API NewIntegrityCheckingMAC | ( | ) |
Class object that calculates the MAC on the module.
Definition at line 272 of file fipstest.cpp.
bool PowerUpSelfTestInProgressOnThisThread | ( | ) |
Definition at line 46 of file fips140.cpp.
void SetPowerUpSelfTestInProgressOnThisThread | ( | bool | inProgress | ) |
Definition at line 55 of file fips140.cpp.
void SignaturePairwiseConsistencyTest | ( | const PK_Signer & | signer, |
const PK_Verifier & | verifier | ||
) |
Definition at line 242 of file fipstest.cpp.
void SignaturePairwiseConsistencyTest_FIPS_140_Only | ( | const PK_Signer & | signer, |
const PK_Verifier & | verifier | ||
) |
Definition at line 73 of file fips140.cpp.
CRYPTOPP_DLL void CRYPTOPP_API SimulatePowerUpSelfTestFailure | ( | ) |
Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED.
Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED to simulate failure.
Definition at line 29 of file fips140.cpp.