fips140only.mx raw

   1  // Copyright 2024 The Go Authors. All rights reserved.
   2  // Use of this source code is governed by a BSD-style
   3  // license that can be found in the LICENSE file.
   4  
   5  package fips140only
   6  
   7  import (
   8  	"crypto/internal/fips140/drbg"
   9  	"crypto/internal/fips140/sha256"
  10  	"crypto/internal/fips140/sha3"
  11  	"crypto/internal/fips140/sha512"
  12  	"hash"
  13  	"internal/godebug"
  14  	"io"
  15  )
  16  
  17  // Enabled reports whether FIPS 140-only mode is enabled, in which non-approved
  18  // cryptography returns an error or panics.
  19  var Enabled = godebug.New("fips140").Value() == "only"
  20  
  21  func ApprovedHash(h hash.Hash) bool {
  22  	switch h.(type) {
  23  	case *sha256.Digest, *sha512.Digest, *sha3.Digest:
  24  		return true
  25  	default:
  26  		return false
  27  	}
  28  }
  29  
  30  func ApprovedRandomReader(r io.Reader) bool {
  31  	_, ok := r.(drbg.DefaultReader)
  32  	return ok
  33  }
  34