diff options
| author | Tobias Heider <tobias.heider@canonical.com> | 2023-02-16 03:20:48 +0100 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2023-03-08 10:18:20 +0900 |
| commit | c88672a327f6774a66d75a35f25266eec99b16f4 (patch) | |
| tree | 558cd60fdc44e5daf7815f0f0ad4adf41a805978 /src/fips.c | |
| parent | f5fe94810f3099c9ccc2ca3a5891502922ab0576 (diff) | |
| download | libgcrypt-c88672a327f6774a66d75a35f25266eec99b16f4.tar.gz | |
fips: Add explicit indicators for md and mac algorithms.
* src/fips.c (_gcry_fips_indicator_mac): New function indicating
non-approved mac algorithms.
(_gcry_fips_indicator_md): new functions indicating non-approved
message digest algorithms.
* src/g10lib.h (_gcry_fips_indicator_mac): New function.
(_gcry_fips_indicator_md): Ditto.
* src/gcrypt.h.in (enum gcry_ctl_cmds): New symbols,
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC and
GCRYCTL_FIPS_SERVICE_INDICATOR_MD.
* src/global.c (_gcry_vcontrol): Handle new FIPS indicators.
--
GnuPG-bug-id: 6376
Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
Diffstat (limited to 'src/fips.c')
| -rw-r--r-- | src/fips.c | 51 |
1 files changed, 51 insertions, 0 deletions
@@ -378,6 +378,57 @@ _gcry_fips_indicator_cipher (va_list arg_ptr) } int +_gcry_fips_indicator_mac (va_list arg_ptr) +{ + enum gcry_mac_algos alg = va_arg (arg_ptr, enum gcry_mac_algos); + + switch (alg) + { + case GCRY_MAC_CMAC_AES: + case GCRY_MAC_HMAC_SHA1: + case GCRY_MAC_HMAC_SHA224: + case GCRY_MAC_HMAC_SHA256: + case GCRY_MAC_HMAC_SHA384: + case GCRY_MAC_HMAC_SHA512: + case GCRY_MAC_HMAC_SHA512_224: + case GCRY_MAC_HMAC_SHA512_256: + case GCRY_MAC_HMAC_SHA3_224: + case GCRY_MAC_HMAC_SHA3_256: + case GCRY_MAC_HMAC_SHA3_384: + case GCRY_MAC_HMAC_SHA3_512: + return GPG_ERR_NO_ERROR; + default: + return GPG_ERR_NOT_SUPPORTED; + } +} + +int +_gcry_fips_indicator_md (va_list arg_ptr) +{ + enum gcry_md_algos alg = va_arg (arg_ptr, enum gcry_md_algos); + + switch (alg) + { + case GCRY_MD_SHA1: + case GCRY_MD_SHA224: + case GCRY_MD_SHA256: + case GCRY_MD_SHA384: + case GCRY_MD_SHA512: + case GCRY_MD_SHA512_224: + case GCRY_MD_SHA512_256: + case GCRY_MD_SHA3_224: + case GCRY_MD_SHA3_256: + case GCRY_MD_SHA3_384: + case GCRY_MD_SHA3_512: + case GCRY_MD_SHAKE128: + case GCRY_MD_SHAKE256: + return GPG_ERR_NO_ERROR; + default: + return GPG_ERR_NOT_SUPPORTED; + } +} + +int _gcry_fips_indicator_kdf (va_list arg_ptr) { enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos); |