include/openssl/fips_names.h

   1 /*
   2  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #ifndef OPENSSL_FIPS_NAMES_H
  11 # define OPENSSL_FIPS_NAMES_H
  12 # pragma once
  13
  14 # ifdef __cplusplus
  15 extern "C" {
  16 # endif
  17
  18 /*
  19  * Parameter names that the FIPS Provider defines
  20  */
  21
  22 /*
  23  * The calculated MAC of the module file (Used for FIPS Self Testing)
  24  * Type: OSSL_PARAM_UTF8_STRING
  25  */
  26 # define OSSL_PROV_FIPS_PARAM_MODULE_MAC      "module-mac"
  27 /*
  28  * A version number for the fips install process (Used for FIPS Self Testing)
  29  * Type: OSSL_PARAM_UTF8_STRING
  30  */
  31 # define OSSL_PROV_FIPS_PARAM_INSTALL_VERSION "install-version"
  32 /*
  33  * The calculated MAC of the install status indicator (Used for FIPS Self Testing)
  34  * Type: OSSL_PARAM_UTF8_STRING
  35  */
  36 # define OSSL_PROV_FIPS_PARAM_INSTALL_MAC     "install-mac"
  37 /*
  38  * The install status indicator (Used for FIPS Self Testing)
  39  * Type: OSSL_PARAM_UTF8_STRING
  40  */
  41 # define OSSL_PROV_FIPS_PARAM_INSTALL_STATUS  "install-status"
  42
  43 /*
  44  * A boolean that determines if the FIPS conditional test errors result in
  45  * the module entering an error state.
  46  * Type: OSSL_PARAM_UTF8_STRING
  47  */
  48 # define OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS "conditional-errors"
  49
  50 /*
  51  * A boolean that determines if the runtime FIPS security checks are performed.
  52  * This is enabled by default.
  53  * Type: OSSL_PARAM_UTF8_STRING
  54  */
  55 # define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS "security-checks"
  56
  57 /*
  58  * A boolean that determines if the runtime FIPS check for TLS1_PRF EMS is performed.
  59  * This is disabled by default.
  60  * Type: OSSL_PARAM_UTF8_STRING
  61  */
  62 # define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
  63
  64 /*
  65  * A boolean that determines if truncated digests can be used with Hash and HMAC
  66  * DRBGs.  FIPS 140-3 IG D.R disallows such use for efficiency rather than
  67  * security reasons.
  68  * This is disabled by default.
  69  * Type: OSSL_PARAM_UTF8_STRING
  70  */
  71 # define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST  "drbg-no-trunc-md"
  72
  73 # ifdef __cplusplus
  74 }
  75 # endif
  76
  77 #endif /* OPENSSL_FIPS_NAMES_H */