Currently, Tink is not FIPS 140-2 validated itself. However, it supports several FIPS 140-2 approved algorithms and the underlying implementations can utilize validated cryptographic modules like BoringSSLs BoringCrypto. Tink includes a WORKSPACE for building BoringSSL in FIPS mode.
The following algorithms in Tink are approved according to FIPS 140-2
If you are required to use FIPS 140-2 approved algorithms and validated implementations, then you can build Tink in FIPS-only mode. This will restrict usage to approved algorithms and check if Tink is utilizing a validated cryptographic module.
Specifically this will change the behavior of Tink in the following way:
Register()
functions will only register algorithms which have a FIPS validated implementation. This means that you will only be able to use Keysets for algorithms which use a validated cryptographic module.INTERNAL
error when the module is not available.subtle/
will be restricted to algorithms which utilize a validated cryptographic module.Currently this is only supported in the C++ version of Tink.
Tink uses BoringCrypto in C++ to provide access to a validated cryptographic module. It's current validation status imposes the following additional constraints on available algorithms when in FIPS-only mode:
To use the BoringCrypto module via Bazel, you can uncomment the local_repository
definition for boringssl
in the C++ WORKSPACE.
To build Tink in FIPS-only mode, you simply set a flag at compile time:
bazel build ... --//config:use_only_fips=True
If you want to check at runtime whether Tink has been build in FIPS only mode, you can include the header internal/fips_utils.h
which provides the constant kUseOnlyFips
.
If you are not building Tink in FIPS only mode, it will still utilize validated implementations for some algorithms but not restrict the usage of other algorithms.
Alternatively to building Tink in FIPS-only mode, you can call crypto::tink::RestrictToFips()
from config/tink_fips.h
which will set a flag at runtime to enable the restrictions to FIPS primitives.
WARNING: If you use the runtime option, then crypto::tink::RestrictToFips()
must be called before handling any key material, registering key manager or other Tink functionalities. You further have to ensure that BoringSSL has been built with the BoringCrypto module, as otherwise Tink will not allow you to process any data.