]>
Commit | Line | Data |
---|---|---|
61af3de3 JG |
1 | /* |
2 | * fips.h -- Performs FIPS 140-1/140-2 tests for RNGs | |
3 | * | |
4 | * Copyright (C) 2001 Philipp Rumpf | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify | |
7 | * it under the terms of the GNU General Public License as published by | |
8 | * the Free Software Foundation; either version 2 of the License, or | |
9 | * (at your option) any later version. | |
d1b4c504 | 10 | * |
61af3de3 JG |
11 | * This program is distributed in the hope that it will be useful, |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | * GNU General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License | |
17 | * along with this program; if not, write to the Free Software | |
d32709d1 | 18 | * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA |
61af3de3 JG |
19 | */ |
20 | ||
21 | #ifndef FIPS__H | |
22 | #define FIPS__H | |
23 | ||
24 | /* Size of a FIPS test buffer, do not change this */ | |
25 | #define FIPS_RNG_BUFFER_SIZE 2500 | |
26 | ||
27 | /* Context for running FIPS tests */ | |
28 | struct fips_ctx { | |
29 | int poker[16], runs[12]; | |
30 | int ones, rlength, current_bit, last_bit, longrun; | |
31 | unsigned int last32; | |
32 | }; | |
33 | typedef struct fips_ctx fips_ctx_t; | |
34 | ||
35 | /* Initializes the context for FIPS tests. last32 contains | |
36 | * 32 bits of RNG data to init the continuous run test */ | |
37 | extern void fips_init(fips_ctx_t *ctx, unsigned int last32); | |
38 | ||
39 | /* | |
40 | * Return values for fips_run_rng_test. These values are OR'ed together | |
41 | * for all tests that failed. | |
42 | */ | |
43 | #define FIPS_RNG_MONOBIT 0x0001 /* FIPS 140-2 2001-10-10 monobit */ | |
44 | #define FIPS_RNG_POKER 0x0002 /* FIPS 140-2 2001-10-10 poker */ | |
45 | #define FIPS_RNG_RUNS 0x0004 /* FIPS 140-2 2001-10-10 runs */ | |
46 | #define FIPS_RNG_LONGRUN 0x0008 /* FIPS 140-2 2001-10-10 long run */ | |
47 | #define FIPS_RNG_CONTINUOUS_RUN 0x0010 /* FIPS 140-2 continuous run */ | |
48 | ||
49 | /* | |
50 | * Names for the FIPS tests, and bitmask | |
51 | */ | |
52 | #define N_FIPS_TESTS 5 | |
53 | extern const char *fips_test_names[N_FIPS_TESTS]; | |
54 | extern const unsigned int fips_test_mask[N_FIPS_TESTS]; | |
55 | ||
56 | /* | |
57 | * Runs the FIPS 140-1 4.11.1 and 4.11.2 tests, as updated by | |
58 | * FIPS 140-2 4.9, errata from 2001-10-10 (which set more strict | |
d1b4c504 | 59 | * intervals for the tests to pass), on a buffer of size |
61af3de3 JG |
60 | * FIPS_RNG_BUFFER_SIZE, using the given context. |
61 | * | |
d1b4c504 | 62 | * FIPS 140-2, errata of 2002-12-03 removed tests for non-deterministic |
61af3de3 | 63 | * RNGs, other than Continuous Run test. |
d1b4c504 | 64 | * |
61af3de3 JG |
65 | * This funtion returns 0 if all tests passed, or a bitmask |
66 | * with bits set for every test that failed. | |
67 | * | |
68 | * It returns -1 if either fips_ctx or buf is NULL. | |
69 | */ | |
70 | extern int fips_run_rng_test(fips_ctx_t *ctx, const void *buf); | |
71 | ||
72 | #endif /* FIPS__H */ |