diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/fips.c | 51 | ||||
-rw-r--r-- | src/g10lib.h | 2 | ||||
-rw-r--r-- | src/gcrypt.h.in | 4 | ||||
-rw-r--r-- | src/global.c | 14 |
4 files changed, 70 insertions, 1 deletions
@@ -378,6 +378,57 @@ _gcry_fips_indicator_cipher (va_list arg_ptr) } int +_gcry_fips_indicator_mac (va_list arg_ptr) +{ + enum gcry_mac_algos alg = va_arg (arg_ptr, enum gcry_mac_algos); + + switch (alg) + { + case GCRY_MAC_CMAC_AES: + case GCRY_MAC_HMAC_SHA1: + case GCRY_MAC_HMAC_SHA224: + case GCRY_MAC_HMAC_SHA256: + case GCRY_MAC_HMAC_SHA384: + case GCRY_MAC_HMAC_SHA512: + case GCRY_MAC_HMAC_SHA512_224: + case GCRY_MAC_HMAC_SHA512_256: + case GCRY_MAC_HMAC_SHA3_224: + case GCRY_MAC_HMAC_SHA3_256: + case GCRY_MAC_HMAC_SHA3_384: + case GCRY_MAC_HMAC_SHA3_512: + return GPG_ERR_NO_ERROR; + default: + return GPG_ERR_NOT_SUPPORTED; + } +} + +int +_gcry_fips_indicator_md (va_list arg_ptr) +{ + enum gcry_md_algos alg = va_arg (arg_ptr, enum gcry_md_algos); + + switch (alg) + { + case GCRY_MD_SHA1: + case GCRY_MD_SHA224: + case GCRY_MD_SHA256: + case GCRY_MD_SHA384: + case GCRY_MD_SHA512: + case GCRY_MD_SHA512_224: + case GCRY_MD_SHA512_256: + case GCRY_MD_SHA3_224: + case GCRY_MD_SHA3_256: + case GCRY_MD_SHA3_384: + case GCRY_MD_SHA3_512: + case GCRY_MD_SHAKE128: + case GCRY_MD_SHAKE256: + return GPG_ERR_NO_ERROR; + default: + return GPG_ERR_NOT_SUPPORTED; + } +} + +int _gcry_fips_indicator_kdf (va_list arg_ptr) { enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos); diff --git a/src/g10lib.h b/src/g10lib.h index 6be0ab21..86337eed 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -467,6 +467,8 @@ void _gcry_fips_signal_error (const char *srcfile, #endif int _gcry_fips_indicator_cipher (va_list arg_ptr); +int _gcry_fips_indicator_mac (va_list arg_ptr); +int _gcry_fips_indicator_md (va_list arg_ptr); int _gcry_fips_indicator_kdf (va_list arg_ptr); int _gcry_fips_indicator_function (va_list arg_ptr); diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index aba22bfc..54080d46 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -330,7 +330,9 @@ enum gcry_ctl_cmds GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER = 81, GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 82, GCRYCTL_NO_FIPS_MODE = 83, - GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84 + GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84, + GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85, + GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86 }; /* Perform various operations defined by CMD. */ diff --git a/src/global.c b/src/global.c index debf6194..d16d3709 100644 --- a/src/global.c +++ b/src/global.c @@ -791,6 +791,20 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) rc = _gcry_fips_indicator_cipher (arg_ptr); break; + case GCRYCTL_FIPS_SERVICE_INDICATOR_MAC: + /* Get FIPS Service Indicator for a given message authentication code. + * Returns GPG_ERR_NO_ERROR if algorithm is allowed or + * GPG_ERR_NOT_SUPPORTED otherwise */ + rc = _gcry_fips_indicator_mac (arg_ptr); + break; + + case GCRYCTL_FIPS_SERVICE_INDICATOR_MD: + /* Get FIPS Service Indicator for a given message digest. Returns + * GPG_ERR_NO_ERROR if algorithm is allowed or GPG_ERR_NOT_SUPPORTED + * otherwise */ + rc = _gcry_fips_indicator_md (arg_ptr); + break; + case GCRYCTL_FIPS_SERVICE_INDICATOR_KDF: /* Get FIPS Service Indicator for a given KDF. Returns GPG_ERR_NO_ERROR * if algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise */ |