storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/pkg/fips/api.go

storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/pkg/fips/api.go (about)

     1  // MinIO Cloud Storage, (C) 2021 MinIO, Inc.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package fips provides functionality to configure cryptographic
    16  // implementations compliant with FIPS 140.
    17  //
    18  // FIPS 140 [1] is a US standard for data processing that specifies
    19  // requirements for cryptographic modules. Software that is "FIPS 140
    20  // compliant" must use approved cryptographic primitives only and that
    21  // are implemented by a FIPS 140 certified cryptographic module.
    22  //
    23  // So, FIPS 140 requires that a certified implementation of e.g. AES
    24  // is used to implement more high-level cryptographic protocols.
    25  // It does not require any specific security criteria for those
    26  // high-level protocols. FIPS 140 focuses only on the implementation
    27  // and usage of the most low-level cryptographic building blocks.
    28  //
    29  // [1]: https://en.wikipedia.org/wiki/FIPS_140
    30  package fips
    31  
    32  import "crypto/tls"
    33  
    34  // Enabled returns true if and only if FIPS 140-2 support
    35  // is enabled.
    36  //
    37  // FIPS 140-2 requires that only specifc cryptographic
    38  // primitives, like AES or SHA-256, are used and that
    39  // those primitives are implemented by a FIPS 140-2
    40  // certified cryptographic module.
    41  func Enabled() bool { return enabled }
    42  
    43  // CipherSuitesDARE returns the supported cipher suites
    44  // for the DARE object encryption.
    45  func CipherSuitesDARE() []byte {
    46  	return cipherSuitesDARE()
    47  }
    48  
    49  // CipherSuitesTLS returns the supported cipher suites
    50  // used by the TLS stack.
    51  func CipherSuitesTLS() []uint16 {
    52  	return cipherSuitesTLS()
    53  }
    54  
    55  // EllipticCurvesTLS returns the supported elliptic
    56  // curves used by the TLS stack.
    57  func EllipticCurvesTLS() []tls.CurveID {
    58  	return ellipticCurvesTLS()
    59  }