Source file src/crypto/tls/defaults_fips140.go

     1  // Copyright 2025 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  //go:build !boringcrypto
     6  
     7  package tls
     8  
     9  import (
    10  	"crypto/ecdsa"
    11  	"crypto/ed25519"
    12  	"crypto/elliptic"
    13  	"crypto/rsa"
    14  	"crypto/x509"
    15  )
    16  
    17  // These FIPS 140-3 policies allow anything approved by SP 800-140C
    18  // and SP 800-140D, and tested as part of the Go Cryptographic Module.
    19  //
    20  // Notably, not SHA-1, 3DES, RC4, ChaCha20Poly1305, RSA PKCS #1 v1.5 key
    21  // transport, or TLS 1.0—1.1 (because we don't test its KDF).
    22  //
    23  // These are not default lists, but filters to apply to the default or
    24  // configured lists. Missing items are treated as if they were not implemented.
    25  //
    26  // They are applied when the fips140 GODEBUG is "on" or "only".
    27  
    28  var (
    29  	allowedSupportedVersionsFIPS = []uint16{
    30  		VersionTLS12,
    31  		VersionTLS13,
    32  	}
    33  	allowedCurvePreferencesFIPS = []CurveID{
    34  		X25519MLKEM768,
    35  		CurveP256,
    36  		CurveP384,
    37  		CurveP521,
    38  	}
    39  	allowedSupportedSignatureAlgorithmsFIPS = []SignatureScheme{
    40  		PSSWithSHA256,
    41  		ECDSAWithP256AndSHA256,
    42  		Ed25519,
    43  		PSSWithSHA384,
    44  		PSSWithSHA512,
    45  		PKCS1WithSHA256,
    46  		PKCS1WithSHA384,
    47  		PKCS1WithSHA512,
    48  		ECDSAWithP384AndSHA384,
    49  		ECDSAWithP521AndSHA512,
    50  	}
    51  	allowedCipherSuitesFIPS = []uint16{
    52  		TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    53  		TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    54  		TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    55  		TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    56  		TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
    57  		TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
    58  	}
    59  	allowedCipherSuitesTLS13FIPS = []uint16{
    60  		TLS_AES_128_GCM_SHA256,
    61  		TLS_AES_256_GCM_SHA384,
    62  	}
    63  )
    64  
    65  func isCertificateAllowedFIPS(c *x509.Certificate) bool {
    66  	switch k := c.PublicKey.(type) {
    67  	case *rsa.PublicKey:
    68  		return k.N.BitLen() >= 2048
    69  	case *ecdsa.PublicKey:
    70  		return k.Curve == elliptic.P256() || k.Curve == elliptic.P384() || k.Curve == elliptic.P521()
    71  	case ed25519.PublicKey:
    72  		return true
    73  	default:
    74  		return false
    75  	}
    76  }
    77  

View as plain text