Source file src/crypto/tls/defaults_fips140.go

     1  // Copyright 2025 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  //go:build !boringcrypto
     6  
     7  package tls
     8  
     9  import (
    10  	"crypto/ecdsa"
    11  	"crypto/ed25519"
    12  	"crypto/elliptic"
    13  	"crypto/rsa"
    14  	"crypto/x509"
    15  )
    16  
    17  // These FIPS 140-3 policies allow anything approved by SP 800-140C
    18  // and SP 800-140D, and tested as part of the Go Cryptographic Module.
    19  //
    20  // Notably, not SHA-1, 3DES, RC4, ChaCha20Poly1305, RSA PKCS #1 v1.5 key
    21  // transport, or TLS 1.0—1.1 (because we don't test its KDF).
    22  //
    23  // These are not default lists, but filters to apply to the default or
    24  // configured lists. Missing items are treated as if they were not implemented.
    25  //
    26  // They are applied when the fips140 GODEBUG is "on" or "only".
    27  
    28  var (
    29  	allowedSupportedVersionsFIPS = []uint16{
    30  		VersionTLS12,
    31  		VersionTLS13,
    32  	}
    33  	allowedCurvePreferencesFIPS = []CurveID{
    34  		X25519MLKEM768,
    35  		SecP256r1MLKEM768,
    36  		SecP384r1MLKEM1024,
    37  		CurveP256,
    38  		CurveP384,
    39  		CurveP521,
    40  	}
    41  	allowedSignatureAlgorithmsFIPS = []SignatureScheme{
    42  		PSSWithSHA256,
    43  		ECDSAWithP256AndSHA256,
    44  		Ed25519,
    45  		PSSWithSHA384,
    46  		PSSWithSHA512,
    47  		PKCS1WithSHA256,
    48  		PKCS1WithSHA384,
    49  		PKCS1WithSHA512,
    50  		ECDSAWithP384AndSHA384,
    51  		ECDSAWithP521AndSHA512,
    52  	}
    53  	allowedCipherSuitesFIPS = []uint16{
    54  		TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    55  		TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    56  		TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    57  		TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    58  		TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
    59  		TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
    60  	}
    61  	allowedCipherSuitesTLS13FIPS = []uint16{
    62  		TLS_AES_128_GCM_SHA256,
    63  		TLS_AES_256_GCM_SHA384,
    64  	}
    65  )
    66  
    67  func isCertificateAllowedFIPS(c *x509.Certificate) bool {
    68  	switch k := c.PublicKey.(type) {
    69  	case *rsa.PublicKey:
    70  		return k.N.BitLen() >= 2048
    71  	case *ecdsa.PublicKey:
    72  		return k.Curve == elliptic.P256() || k.Curve == elliptic.P384() || k.Curve == elliptic.P521()
    73  	case ed25519.PublicKey:
    74  		return true
    75  	default:
    76  		return false
    77  	}
    78  }
    79  

View as plain text