Implement explicit FIPS indicators for cipher modes

* src/fips.c (_gcry_fips_indicator): New.
* src/g10lib.h (_gcry_fips_indicator): New declaration.
* src/gcrypt.h.in (gcry_ctl_cmds): New GCRYCTL_FIPS_SERVICE_INDICATOR
* src/global.c (_gcry_vcontrol): Handle GCRYCTL_FIPS_SERVICE_INDICATOR
* tests/basic.c (do_check_ocb_cipher): Check excplicit FIPS indicator
  (check_ocb_cipher_largebuf_split): Ditto.
  (check_ocb_cipher_checksum): Ditto.
  (check_ocb_cipher_splitaad): Ditto.
  (check_bulk_cipher_modes): Ditto.
--
Add GCRYCTL_FIPS_SERVICE_INDICATOR to handle explicit FIPS indicators
for cipher modes.

GnuPG-bug-id: 5512
Signed-off-by: Jakub Jelen <jjelen@redhat.com>

1 files changed, 32 insertions, 0 deletions

diff --git a/src/fips.c b/src/fips.c
index afd7801f..104c1860 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -312,6 +312,38 @@ _gcry_fips_test_operational (void)
   return result;
 }
 
+int
+_gcry_fips_indicator (va_list arg_ptr)
+{
+  enum gcry_cipher_algos alg = va_arg (arg_ptr, enum gcry_cipher_algos);
+  enum gcry_cipher_modes mode;
+
+  switch (alg)
+    {
+    case GCRY_CIPHER_AES:
+    case GCRY_CIPHER_AES192:
+    case GCRY_CIPHER_AES256:
+      mode = va_arg (arg_ptr, enum gcry_cipher_modes);
+      switch (mode)
+        {
+        case GCRY_CIPHER_MODE_ECB:
+        case GCRY_CIPHER_MODE_CBC:
+        case GCRY_CIPHER_MODE_CFB:
+        case GCRY_CIPHER_MODE_CFB8:
+        case GCRY_CIPHER_MODE_OFB:
+        case GCRY_CIPHER_MODE_CTR:
+        case GCRY_CIPHER_MODE_CCM:
+        case GCRY_CIPHER_MODE_GCM:
+        case GCRY_CIPHER_MODE_XTS:
+          return GPG_ERR_NO_ERROR;
+        default:
+          return GPG_ERR_NOT_SUPPORTED;
+        }
+    default:
+      return GPG_ERR_NOT_SUPPORTED;
+    }
+}
+
 
 /* This is a test on whether the library is in the error or
    operational state. */