Unix/Linux Go Back    


CentOS 7.0 - man page for fipscheck_kernel_fips_mode (centos section 3)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


FIPSCHECK(3)				    fipscheck				     FIPSCHECK(3)

NAME
       FIPSCHECK_verify, FIPSCHECK_verify_ex, FIPSCHECK_verify_files, FIPSCHECK_verify_files_ex,
       FIPSCHECK_fips_module_installed, FIPSCHECK_get_binary_path, FIPSCHECK_get_library_path,
       FIPSCHECK_kernel_fips_mode, fipscheck.h - Various functions relating to running in FIPS
       mode

SYNOPSIS
       #include <fipscheck.h>

       int FIPSCHECK_verify(const char *libname, const char *symbolname);

       int FIPSCHECK_verify_ex(const char *libname, const char *symbolname,
			       const char *hmac_suffix, int fail_if_missing);

       int FIPSCHECK_verify_files(const char *files[]);

       int FIPSCHECK_verify_files_ex(const char *hmac_suffix, int fail_if_missing,
				     const char *files[]);

       int FIPSCHECK_fips_module_installed(const char *libname, const char *symbolname,
					   const char *hmac_suffix);

       int FIPSCHECK_get_binary_path(char *path, size_t pathlen);

       int FIPSCHECK_get_library_path(const char *libname, const char *symbolname, char *path,
				      size_t pathlen);

       int FIPSCHECK_kernel_fips_mode(void);

DESCRIPTION
       The function FIPSCHECK_kernel_fips_mode() tests for the FIPS-140-2 mode in kernel.

       The function FIPSCHECK_verify() computes and compares HMAC-SHA256 checksum by spawning the
       fipscheck command. The parameters libname and symbolname determine which shared library
       file loaded into the process space will be checksummed. If these parameters are set to
       NULL, the executable of the calling process is checksummed.

       The function FIPSCHECK_verify_ex() in addition to the functionality above also allows to
       specify the full hmac_suffix with the default value of .hmac. And will return success if
       the hmac file is missing and the fail_if_missing parameter is set to 0.

       The function FIPSCHECK_verify_files() can be used to explicitly specify NULL terminated
       array of file names in the parameter files to check.

       Similarly the function FIPSCHECK_verify_files_ex() in addition to the functionality above
       also allows to specify the full hmac_suffix with the default value of .hmac. And will
       return success if the first hmac file is missing and the fail_if_missing parameter is set
       to 0.

       The checksum file contains the HMAC-SHA256 encoded in hexadecimal notation using lowercase
       letters with one EOL character appended at the end.

       The function FIPSCHECK_fips_module_installed() returns 1 if the hmac checksum file is
       found and 0 otherwise.

       The functions FIPSCHECK_get_library_path() and FIPSCHECK_get_binary_path() return the
       shared library and executable paths in the path. The buffer pointed to by the parameter
       must be large enough to hold the path otherwise the path is truncated. The size of the
       buffer is specified by the pathlen.

RETURN VALUE
       The main functions FIPSCHECK_verify() and FIPSCHECK_verify_files() return 1 when the
       verification of the binaries succeeds and 0 otherwise. The function
       FIPSCHECK_kernel_fips_mode() returns 1 when the kernel is in fips mode and 0 otherwise.

       The auxiliary functions FIPSCHECK_get_binary_path() and FIPSCHECK_get_library_path()
       return 0 on success and -1 if the path cannot be determined.

FIPS MODE
       A kernel compiled with CONFIG_CRYPTO_FIPS=y can be booted in fips mode by specifying
       fips=1 as kernel parameter. Please refer to the security policy of the Kernel FIPS module
       for further details.

SEE ALSO
       fipscheck(8), fipshmac(8), https://fedorahosted.org/fipscheck/

AUTHOR
       Tomas Mraz <tmraz@redhat.com>.

       Man page authors Paul Wouters <pwouters@redhat.com> and Tomas Mraz <tmraz@redhat.com>.

COPYRIGHT
       Copyright 2008, 2012 Red Hat, Inc. All rights reserved.

       Redistribution and use in source and binary forms, with or without modification, are
       permitted provided that the following conditions are met:

       1. Redistributions of source code must retain the above copyright notice, this list of
       conditions and the following disclaimer.

       2. Redistributions in binary form must reproduce the above copyright notice, this list of
       conditions and the following disclaimer in the documentation and/or other materials
       provided with the distribution.

fipscheck				  16 April 2012 			     FIPSCHECK(3)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 11:29 PM.