fips140
packagestandard library
This package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
- Stable version
When a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Report a Vulnerability
Documentation¶
Index¶
Constants¶
This section is empty.
Variables¶
var EnabledboolFunctions¶
funcCAST¶
CAST runs the named Cryptographic Algorithm Self-Test (if operated in FIPSmode) and aborts the program (stopping the module input/output and enteringthe "error state") if the self-test fails.
CASTs are mandatory self-checks that must be performed by FIPS 140-3 modulesbefore the algorithm is used. See Implementation Guidance 10.3.A.
The name must not contain commas, colons, hashes, or equal signs.
If a package p calls CAST from its init function, an import of p should alsobe added to crypto/internal/fips140test. If a package p calls CAST on the firstuse of the algorithm, an invocation of that algorithm should be added tofipstest.TestConditionals.
funcPCT¶
PCT runs the named Pairwise Consistency Test (if operated in FIPS mode) andaborts the program (stopping the module input/output and entering the "errorstate") if the test fails.
PCTs are mandatory for every generated (but not imported) key pair, includingephemeral keys (which effectively doubles the cost of key establishment). SeeImplementation Guidance 10.3.A Additional Comment 1.
The name must not contain commas, colons, hashes, or equal signs.
If a package p calls PCT during key generation, an invocation of thatfunction should be added to fipstest.TestConditionals.
funcRecordApproved¶
func RecordApproved()
RecordApproved is an internal function that records the use of an approvedservice. It does not override RecordNonApproved calls in the same span.
It should be called by exposed functions that perform a whole cryptographicalrgorithm (e.g. by Sum, not by New, unless a cryptographic Instantiatealgorithm is performed) and should be called after any checks that may causethe function to error out or panic.
funcRecordNonApproved¶
func RecordNonApproved()
RecordNonApproved is an internal function that records the use of anon-approved service. It overrides any RecordApproved calls in the same span.
funcResetServiceIndicator¶
func ResetServiceIndicator()
ResetServiceIndicator clears the service indicator for the running goroutine.
funcServiceIndicator¶
func ServiceIndicator()bool
ServiceIndicator returns true if and only if all services invoked by thisgoroutine since the last ResetServiceIndicator call are approved.
If ResetServiceIndicator was not called before by this goroutine, its returnvalue is undefined.
Types¶
This section is empty.
Source Files
Directories¶
| Path | Synopsis |
|---|---|
Package alias implements memory aliasing tests. | Package alias implements memory aliasing tests. |
Package check implements the FIPS 140 load-time code+data verification. | Package check implements the FIPS 140 load-time code+data verification. |
checktest Package checktest defines some code and data for use in the crypto/internal/fips140/check test. | Package checktest defines some code and data for use in the crypto/internal/fips140/check test. |
Package drbg provides cryptographically secure random bytes usable by FIPS code. | Package drbg provides cryptographically secure random bytes usable by FIPS code. |
Package edwards25519 implements group logic for the twisted Edwards curve | Package edwards25519 implements group logic for the twisted Edwards curve |
field Package field implements fast arithmetic modulo 2^255-19. | Package field implements fast arithmetic modulo 2^255-19. |
Package hmac implements HMAC according to [FIPS 198-1]. | Package hmac implements HMAC according to [FIPS 198-1]. |
Package mlkem implements the quantum-resistant key encapsulation method ML-KEM (formerly known as Kyber), as specified in [NIST FIPS 203]. | Package mlkem implements the quantum-resistant key encapsulation method ML-KEM (formerly known as Kyber), as specified in [NIST FIPS 203]. |
Package nistec implements the elliptic curves from NIST SP 800-186. | Package nistec implements the elliptic curves from NIST SP 800-186. |
Package sha256 implements the SHA-224 and SHA-256 hash algorithms as defined in FIPS 180-4. | Package sha256 implements the SHA-224 and SHA-256 hash algorithms as defined in FIPS 180-4. |
Package sha3 implements the SHA-3 fixed-output-length hash functions and the SHAKE variable-output-length functions defined by [FIPS 202], as well as the cSHAKE extendable-output-length functions defined by [SP 800-185]. | Package sha3 implements the SHA-3 fixed-output-length hash functions and the SHAKE variable-output-length functions defined by [FIPS 202], as well as the cSHAKE extendable-output-length functions defined by [SP 800-185]. |
Package sha512 implements the SHA-384, SHA-512, SHA-512/224, and SHA-512/256 hash algorithms as defined in FIPS 180-4. | Package sha512 implements the SHA-384, SHA-512, SHA-512/224, and SHA-512/256 hash algorithms as defined in FIPS 180-4. |
Package ssh implements the SSH KDF as specified in RFC 4253, Section 7.2 and allowed by SP 800-135 Revision 1. | Package ssh implements the SSH KDF as specified in RFC 4253, Section 7.2 and allowed by SP 800-135 Revision 1. |
Package tls13 implements the TLS 1.3 Key Schedule as specified in RFC 8446, Section 7.1 and allowed by FIPS 140-3 IG 2.4.B Resolution 7. | Package tls13 implements the TLS 1.3 Key Schedule as specified in RFC 8446, Section 7.1 and allowed by FIPS 140-3 IG 2.4.B Resolution 7. |