1 // Copyright 2017 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
9 "crypto/internal/boring/fipstls"
14 // needFIPS returns fipstls.Required(); it avoids a new import in common.go.
15 func needFIPS() bool {
16 return fipstls.Required()
19 // fipsMinVersion replaces c.minVersion in FIPS-only mode.
20 func fipsMinVersion(c *Config) uint16 {
21 // FIPS requires TLS 1.2.
25 // fipsMaxVersion replaces c.maxVersion in FIPS-only mode.
26 func fipsMaxVersion(c *Config) uint16 {
27 // FIPS requires TLS 1.2.
31 // default defaultFIPSCurvePreferences is the FIPS-allowed curves,
32 // in preference order (most preferable first).
33 var defaultFIPSCurvePreferences = []CurveID{CurveP256, CurveP384, CurveP521}
35 // fipsCurvePreferences replaces c.curvePreferences in FIPS-only mode.
36 func fipsCurvePreferences(c *Config) []CurveID {
37 if c == nil || len(c.CurvePreferences) == 0 {
38 return defaultFIPSCurvePreferences
41 for _, id := range c.CurvePreferences {
42 for _, allowed := range defaultFIPSCurvePreferences {
44 list = append(list, id)
52 // defaultCipherSuitesFIPS are the FIPS-allowed cipher suites.
53 var defaultCipherSuitesFIPS = []uint16{
54 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
55 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
56 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
57 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
58 TLS_RSA_WITH_AES_128_GCM_SHA256,
59 TLS_RSA_WITH_AES_256_GCM_SHA384,
62 // fipsCipherSuites replaces c.cipherSuites in FIPS-only mode.
63 func fipsCipherSuites(c *Config) []uint16 {
64 if c == nil || c.CipherSuites == nil {
65 return defaultCipherSuitesFIPS
67 list := make([]uint16, 0, len(defaultCipherSuitesFIPS))
68 for _, id := range c.CipherSuites {
69 for _, allowed := range defaultCipherSuitesFIPS {
71 list = append(list, id)
79 // isBoringCertificate reports whether a certificate may be used
80 // when constructing a verified chain.
81 // It is called for each leaf, intermediate, and root certificate.
82 func isBoringCertificate(c *x509.Certificate) bool {
84 // Everything is OK if we haven't forced FIPS-only mode.
88 // Otherwise the key must be RSA 2048, RSA 3072, or ECDSA P-256.
89 switch k := c.PublicKey.(type) {
93 if size := k.N.BitLen(); size != 2048 && size != 3072 {
96 case *ecdsa.PublicKey:
97 if name := k.Curve.Params().Name; name != "P-256" && name != "P-384" {
105 // fipsSupportedSignatureAlgorithms currently are a subset of
106 // defaultSupportedSignatureAlgorithms without Ed25519 and SHA-1.
107 var fipsSupportedSignatureAlgorithms = []SignatureScheme{
112 ECDSAWithP256AndSHA256,
114 ECDSAWithP384AndSHA384,
116 ECDSAWithP521AndSHA512,
119 // supportedSignatureAlgorithms returns the supported signature algorithms.
120 func supportedSignatureAlgorithms() []SignatureScheme {
122 return defaultSupportedSignatureAlgorithms
124 return fipsSupportedSignatureAlgorithms
127 var testingOnlyForceClientHelloSignatureAlgorithms []SignatureScheme