Make only approved algo when in FIPS mode

Fix the issue: DMTF#1260 The approved algo is listed at:https://nvlpubs.nist.gov/nistpubs/ SpecialPublications/NIST.SP.800-140Cr1.pdf Signed-off-by: Wenxing Hou <[email protected]>
Wenxing-hou · Jan 5, 2023 · d713965 · d713965
1 parent 767598d
commit d713965
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/include/internal/libspdm_lib_config.h b/include/internal/libspdm_lib_config.h
@@ -64,6 +64,30 @@
 #define LIBSPDM_DEBUG_BLOCK_ENABLE 0
 #endif /* defined(LIBSPDM_DEBUG_ENABLE) */
 
+/*when in FIPS mode, only support approved algo in FIPS */
+#if LIBSPDM_FIPS_MODE
+#undef LIBSPDM_SM2_DSA_SUPPORT
+#define LIBSPDM_SM2_DSA_SUPPORT 0
+
+#undef LIBSPDM_EDDSA_ED25519_SUPPORT
+#define LIBSPDM_EDDSA_ED25519_SUPPORT 0
+
+#undef LIBSPDM_EDDSA_ED448_SUPPORT
+#define LIBSPDM_EDDSA_ED448_SUPPORT 0
+
+#undef LIBSPDM_SM2_KEY_EXCHANGE_SUPPORT
+#define LIBSPDM_SM2_KEY_EXCHANGE_SUPPORT 0
+
+#undef LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT
+#define LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT 0
+
+#undef LIBSPDM_AEAD_SM4_SUPPORT
+#define LIBSPDM_AEAD_SM4_SUPPORT 0
+
+#undef LIBSPDM_SM3_256_SUPPORT
+#define LIBSPDM_SM3_256_SUPPORT 0
+#endif /*LIBSPDM_FIPS_MODE*/
+
 #if LIBSPDM_CHECK_MACRO
 #include "internal/libspdm_macro_check.h"
 #endif /* LIBSPDM_CHECK_MACRO */