defaults_fips140.mx raw

   1  // Copyright 2025 The Go Authors. All rights reserved.
   2  // Use of this source code is governed by a BSD-style
   3  // license that can be found in the LICENSE file.
   4  
   5  
   6  package tls
   7  
   8  import (
   9  	"crypto/ecdsa"
  10  	"crypto/ed25519"
  11  	"crypto/elliptic"
  12  	"crypto/rsa"
  13  	"crypto/x509"
  14  )
  15  
  16  // These FIPS 140-3 policies allow anything approved by SP 800-140C
  17  // and SP 800-140D, and tested as part of the Go Cryptographic Module.
  18  //
  19  // Notably, not SHA-1, 3DES, RC4, ChaCha20Poly1305, RSA PKCS #1 v1.5 key
  20  // transport, or TLS 1.0—1.1 (because we don't test its KDF).
  21  //
  22  // These are not default lists, but filters to apply to the default or
  23  // configured lists. Missing items are treated as if they were not implemented.
  24  //
  25  // They are applied when the fips140 GODEBUG is "on" or "only".
  26  
  27  var (
  28  	allowedSupportedVersionsFIPS = []uint16{
  29  		VersionTLS12,
  30  		VersionTLS13,
  31  	}
  32  	allowedCurvePreferencesFIPS = []CurveID{
  33  		X25519MLKEM768,
  34  		SecP256r1MLKEM768,
  35  		SecP384r1MLKEM1024,
  36  		CurveP256,
  37  		CurveP384,
  38  		CurveP521,
  39  	}
  40  	allowedSignatureAlgorithmsFIPS = []SignatureScheme{
  41  		PSSWithSHA256,
  42  		ECDSAWithP256AndSHA256,
  43  		Ed25519,
  44  		PSSWithSHA384,
  45  		PSSWithSHA512,
  46  		PKCS1WithSHA256,
  47  		PKCS1WithSHA384,
  48  		PKCS1WithSHA512,
  49  		ECDSAWithP384AndSHA384,
  50  		ECDSAWithP521AndSHA512,
  51  	}
  52  	allowedCipherSuitesFIPS = []uint16{
  53  		TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
  54  		TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
  55  		TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
  56  		TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
  57  		TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
  58  		TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
  59  	}
  60  	allowedCipherSuitesTLS13FIPS = []uint16{
  61  		TLS_AES_128_GCM_SHA256,
  62  		TLS_AES_256_GCM_SHA384,
  63  	}
  64  )
  65  
  66  func isCertificateAllowedFIPS(c *x509.Certificate) bool {
  67  	switch k := c.PublicKey.(type) {
  68  	case *rsa.PublicKey:
  69  		return k.N.BitLen() >= 2048
  70  	case *ecdsa.PublicKey:
  71  		return k.Curve == elliptic.P256() || k.Curve == elliptic.P384() || k.Curve == elliptic.P521()
  72  	case ed25519.PublicKey:
  73  		return true
  74  	default:
  75  		return false
  76  	}
  77  }
  78