fips: simplify TLS configuration (#15127)

This commit simplifies the TLS configuration.
It inlines the FIPS / non-FIPS code.

Signed-off-by: Andreas Auernhammer <hi@aead.dev>

internal/fips/api.go

@@ -32,7 +32,11 @@
 // [1]: https://en.wikipedia.org/wiki/FIPS_140
 package fips
 
-import "crypto/tls"
+import (
+	"crypto/tls"
+
+	"github.com/minio/sio"
+)
 
 // Enabled indicates whether cryptographic primitives,
 // like AES or SHA-256, are implemented using a FIPS 140
@@ -42,20 +46,101 @@ import "crypto/tls"
 // primitives must be used.
 const Enabled = enabled
 
-// CipherSuitesDARE returns the supported cipher suites
+// DARECiphers returns a list of supported cipher suites
 // for the DARE object encryption.
-func CipherSuitesDARE() []byte {
-	return cipherSuitesDARE()
+func DARECiphers() []byte {
+	if Enabled {
+		return []byte{sio.AES_256_GCM}
+	}
+	return []byte{sio.AES_256_GCM, sio.CHACHA20_POLY1305}
 }
 
-// CipherSuitesTLS returns the supported cipher suites
-// used by the TLS stack.
-func CipherSuitesTLS() []uint16 {
-	return cipherSuitesTLS()
+// TLSCiphers returns a list of supported TLS transport
+// cipher suite IDs.
+//
+// The list contains only ciphers that use AES-GCM or
+// (non-FIPS) CHACHA20-POLY1305 and ellitpic curve key
+// exchange.
+func TLSCiphers() []uint16 {
+	if Enabled {
+		return []uint16{
+			tls.TLS_AES_128_GCM_SHA256, // TLS 1.3
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // TLS 1.2
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		}
+	}
+	return []uint16{
+		tls.TLS_CHACHA20_POLY1305_SHA256, // TLS 1.3
+		tls.TLS_AES_128_GCM_SHA256,
+		tls.TLS_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, // TLS 1.2
+		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	}
 }
 
-// EllipticCurvesTLS returns the supported elliptic
-// curves used by the TLS stack.
-func EllipticCurvesTLS() []tls.CurveID {
-	return ellipticCurvesTLS()
+// TLSCiphersBackwardCompatible returns a list of supported
+// TLS transport cipher suite IDs.
+//
+// In contrast to TLSCiphers, the list contains additional
+// ciphers for backward compatibility. In particular, AES-CBC
+// and non-ECDHE ciphers.
+func TLSCiphersBackwardCompatible() []uint16 {
+	if Enabled {
+		return []uint16{
+			tls.TLS_AES_128_GCM_SHA256, // TLS 1.3
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // TLS 1.2 ECDHE GCM
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, // TLS 1.2 ECDHE CBC
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // TLS 1.2 non-ECDHE
+			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+		}
+	}
+	return []uint16{
+		tls.TLS_CHACHA20_POLY1305_SHA256, // TLS 1.3
+		tls.TLS_AES_128_GCM_SHA256,
+		tls.TLS_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, // TLS 1.2 ECDHE GCM / POLY1305
+		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, // TLS 1.2 ECDHE CBC
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+		tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+		tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // TLS 1.2 non-ECDHE
+		tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+		tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+	}
+}
+
+// TLSCurveIDs returns a list of supported elliptic curve IDs
+// in preference order.
+func TLSCurveIDs() []tls.CurveID {
+	// TODO(aead): Once MinIO switches to Go 1.18
+	// enable CurveP384 and CurveP512.
+	//
+	// See: https://go.dev/doc/go1.18 Changes to crypto/elliptic
+
+	if Enabled {
+		return []tls.CurveID{tls.CurveP256}
+	}
+	return []tls.CurveID{tls.X25519, tls.CurveP256}
 }

internal/fips/fips.go

@@ -20,29 +20,4 @@
 
 package fips
 
-import (
-	"crypto/tls"
-
-	"github.com/minio/sio"
-)
-
 const enabled = true
-
-func cipherSuitesDARE() []byte {
-	return []byte{sio.AES_256_GCM}
-}
-
-func cipherSuitesTLS() []uint16 {
-	return []uint16{
-		tls.TLS_AES_128_GCM_SHA256,
-		tls.TLS_AES_256_GCM_SHA384,
-		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	}
-}
-
-func ellipticCurvesTLS() []tls.CurveID {
-	return []tls.CurveID{tls.CurveP256}
-}

internal/fips/no_fips.go

@@ -20,32 +20,4 @@
 
 package fips
 
-import (
-	"crypto/tls"
-
-	"github.com/minio/sio"
-)
-
 const enabled = false
-
-func cipherSuitesDARE() []byte {
-	return []byte{sio.AES_256_GCM, sio.CHACHA20_POLY1305}
-}
-
-func cipherSuitesTLS() []uint16 {
-	return []uint16{
-		tls.TLS_CHACHA20_POLY1305_SHA256,
-		tls.TLS_AES_128_GCM_SHA256,
-		tls.TLS_AES_256_GCM_SHA384,
-		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	}
-}
-
-func ellipticCurvesTLS() []tls.CurveID {
-	return []tls.CurveID{tls.X25519, tls.CurveP256}
-}