Skip to content

Commit 0dea5b4

Browse files
gdamsgdams
authored
add FIPSApproved and FipsCBC functions (#141)
1 parent 33d0923 commit 0dea5b4

File tree

2 files changed

+19
-0
lines changed

2 files changed

+19
-0
lines changed

cng/aes.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,10 +91,18 @@ func (c *aesCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode {
9191
return newCBC(true, bcrypt.AES_ALGORITHM, c.key, iv)
9292
}
9393

94+
func (c *aesCipher) NewFIPSCBCEncrypter(iv []byte) cipher.BlockMode {
95+
return newCBC(true, bcrypt.AES_ALGORITHM, c.key, iv)
96+
}
97+
9498
func (c *aesCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode {
9599
return newCBC(false, bcrypt.AES_ALGORITHM, c.key, iv)
96100
}
97101

102+
func (c *aesCipher) NewFIPSCBCDecrypter(iv []byte) cipher.BlockMode {
103+
return newCBC(false, bcrypt.AES_ALGORITHM, c.key, iv)
104+
}
105+
98106
type noGCM struct {
99107
cipher.Block
100108
}

cng/hash.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,17 @@ func hashToID(h hash.Hash) string {
160160
var _ hash.Hash = (*Hash)(nil)
161161
var _ HashCloner = (*Hash)(nil)
162162

163+
// FIPSApproved reports whether this hash algorithm is FIPS 140-3 approved.
164+
func (h *Hash) FIPSApproved() bool {
165+
switch h.alg.id {
166+
case bcrypt.SHA256_ALGORITHM, bcrypt.SHA384_ALGORITHM, bcrypt.SHA512_ALGORITHM,
167+
bcrypt.SHA3_256_ALGORITHM, bcrypt.SHA3_384_ALGORITHM, bcrypt.SHA3_512_ALGORITHM:
168+
return true
169+
default:
170+
return false
171+
}
172+
}
173+
163174
// Hash implements [hash.Hash].
164175
type Hash struct {
165176
alg *hashAlgorithm

0 commit comments

Comments
 (0)