Crypto++
5.6.3
Free C++ class library of cryptographic schemes
|
Classes and functions for the FIPS 140-2 validated library. More...
Go to the source code of this file.
Classes | |
class | SelfTestFailure |
Exception thrown when a crypto algorithm is used after a self test fails. More... | |
Macros | |
#define | CRYPTOPP_DUMMY_DLL_MAC "MAC_51f34b8db820ae8" |
The placeholder used prior to embedding the actual MAC in the module. More... | |
Enumerations | |
enum | PowerUpSelfTestStatus { POWER_UP_SELF_TEST_NOT_DONE, POWER_UP_SELF_TEST_FAILED, POWER_UP_SELF_TEST_PASSED } |
Status of the power-up self test. More... | |
Functions | |
bool | FIPS_140_2_ComplianceEnabled () |
Determines whether the library provides FIPS validated cryptography. More... | |
void | DoPowerUpSelfTest (const char *moduleFilename, const byte *expectedModuleMac) |
Performs the power-up self test. More... | |
void | DoDllPowerUpSelfTest () |
Performs the power-up self test on the DLL. More... | |
void | SimulatePowerUpSelfTestFailure () |
Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED. More... | |
PowerUpSelfTestStatus | GetPowerUpSelfTestStatus () |
Provides the current power-up self test status. More... | |
MessageAuthenticationCode * | NewIntegrityCheckingMAC () |
Class object that calculates the MAC on the module. More... | |
bool | IntegrityCheckModule (const char *moduleFilename, const byte *expectedModuleMac, SecByteBlock *pActualMac=NULL, unsigned long *pMacFileLocation=NULL) |
Verifies the MAC on the module. More... | |
Classes and functions for the FIPS 140-2 validated library.
The FIPS validated library is only available on Windows as a DLL. Once compiled, the library is always in FIPS mode contingent upon successful execution of DoPowerUpSelfTest() or DoDllPowerUpSelfTest().
Definition in file fips140.h.
#define CRYPTOPP_DUMMY_DLL_MAC "MAC_51f34b8db820ae8" |
The placeholder used prior to embedding the actual MAC in the module.
After the DLL is built but before it is MAC'd, the string CRYPTOPP_DUMMY_DLL_MAC is used as a placeholder for the actual MAC. A post-build step is performed which calculates the MAC of the DLL and embeds it in the module. The actual MAC is written by the cryptest.exe
program using the mac_dll
subcommand.
Status of the power-up self test.
Enumerator | |
---|---|
POWER_UP_SELF_TEST_NOT_DONE |
The self tests have not been performed. |
POWER_UP_SELF_TEST_FAILED |
The self tests were executed via DoPowerUpSelfTest() or DoDllPowerUpSelfTest(), but the result was failure. |
POWER_UP_SELF_TEST_PASSED |
The self tests were executed via DoPowerUpSelfTest() or DoDllPowerUpSelfTest(), and the result was success. |
bool FIPS_140_2_ComplianceEnabled | ( | ) |
Determines whether the library provides FIPS validated cryptography.
true if FIPS 140-2 validated features were enabled at compile time, false otherwise.
Definition at line 29 of file fips140.cpp.
Referenced by Algorithm::Algorithm(), DoPowerUpSelfTest(), DH_Domain< GROUP_PARAMETERS, COFACTOR_OPTION >::GeneratePublicKey(), and InvertibleRSAFunction::GenerateRandom().
void DoPowerUpSelfTest | ( | const char * | moduleFilename, |
const byte * | expectedModuleMac | ||
) |
Performs the power-up self test.
moduleFilename | the fully qualified name of the module |
expectedModuleMac | the expected MAC of the components protected by the integrity check |
Performs the power-up self test, and sets the self test status to POWER_UP_SELF_TEST_PASSED or POWER_UP_SELF_TEST_FAILED.
The self tests for an algorithm are performed by the Algortihm class when CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 is defined.
Definition at line 429 of file fipstest.cpp.
References FIPS_140_2_ComplianceEnabled(), IntegrityCheckModule(), POWER_UP_SELF_TEST_FAILED, POWER_UP_SELF_TEST_NOT_DONE, and POWER_UP_SELF_TEST_PASSED.
Referenced by DoDllPowerUpSelfTest().
void DoDllPowerUpSelfTest | ( | ) |
Performs the power-up self test on the DLL.
Performs the power-up self test using the filename of this DLL and the embedded module MAC, and sets the self test status to POWER_UP_SELF_TEST_PASSED or POWER_UP_SELF_TEST_FAILED.
The self tests for an algorithm are performed by the Algortihm class when CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 is defined.
Definition at line 582 of file fipstest.cpp.
References DoPowerUpSelfTest().
void SimulatePowerUpSelfTestFailure | ( | ) |
Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED.
Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED to simulate failure.
Definition at line 34 of file fips140.cpp.
References POWER_UP_SELF_TEST_FAILED.
PowerUpSelfTestStatus GetPowerUpSelfTestStatus | ( | ) |
Provides the current power-up self test status.
Definition at line 39 of file fips140.cpp.
Referenced by Algorithm::Algorithm().
MessageAuthenticationCode* NewIntegrityCheckingMAC | ( | ) |
Class object that calculates the MAC on the module.
Definition at line 254 of file fipstest.cpp.
Referenced by IntegrityCheckModule().
bool IntegrityCheckModule | ( | const char * | moduleFilename, |
const byte * | expectedModuleMac, | ||
SecByteBlock * | pActualMac = NULL , |
||
unsigned long * | pMacFileLocation = NULL |
||
) |
Verifies the MAC on the module.
moduleFilename | the fully qualified name of the module |
expectedModuleMac | the expected MAC of the components protected by the integrity check |
pActualMac | the actual MAC of the components calculated by the integrity check |
pMacFileLocation | the offest of the MAC in the PE/PE+ module |
Definition at line 260 of file fipstest.cpp.
References HashTransformation::DigestSize(), MakeParameters(), NewIntegrityCheckingMAC(), Name::OutputBuffer(), BufferedTransformation::PutMessageEnd(), SecBlock< T, A >::resize(), SecBlock< T, A >::size(), FileStore::Skip(), STDMIN(), BufferedTransformation::TransferTo(), and VerifyBufsEqual().
Referenced by DoPowerUpSelfTest().