package fips140

Import Path
	crypto/internal/fips140 (on go.dev)

Dependency Relation
	imports 6 packages, and imported by 18 packages

Involved Source Files

	    cast.go
	    fips140.go
	    hash.go
	    indicator.go
	    notasan.go
	    notboring.go
Package-Level Type Names (only one, which is exported)

	/* sort exporteds by: alphabet | popularity */
	 type Hash (interface)
		Hash is the common interface implemented by all hash functions. It is a copy
		of [hash.Hash] from the standard library, to avoid depending on security
		definitions from outside of the module.

		Methods (total 5, all are exported)
			( Hash) BlockSize() int
				BlockSize returns the hash's underlying block size.
				The Write method must be able to accept any amount
				of data, but it may operate more efficiently if all writes
				are a multiple of the block size.

			( Hash) Reset()
				Reset resets the Hash to its initial state.

			( Hash) Size() int
				Size returns the number of bytes Sum will return.

			( Hash) Sum(b []byte) []byte
				Sum appends the current hash to b and returns the resulting slice.
				It does not change the underlying hash state.

			( Hash) Write([]byte) (int, error)
		Implemented By (at least 24, in which 10 are exported)
			*crypto/internal/fips140/hmac.HMAC
			*crypto/internal/fips140/sha256.Digest
			*crypto/internal/fips140/sha3.Digest
			*crypto/internal/fips140/sha3.SHAKE
			*crypto/internal/fips140/sha512.Digest
			*crypto/sha3.SHA3
			 golang.org/x/crypto/sha3.ShakeHash (interface)
			 hash.Hash (interface)
			 hash.Hash32 (interface)
			 hash.Hash64 (interface)
			/* 14+ unexporteds ... *//* 14+ unexporteds: */
			*crypto/md5.digest
			*crypto/sha1.digest
			 crypto/tls.constantTimeHash (interface)
			*crypto/tls.cthWrapper
			*golang.org/x/crypto/blake2b.digest
			*golang.org/x/crypto/sha3.cshakeState
			*golang.org/x/crypto/sha3.state
			*hash/crc32.digest
			*hash/fnv.sum128
			*hash/fnv.sum128a
			*hash/fnv.sum32
			*hash/fnv.sum32a
			*hash/fnv.sum64
			*hash/fnv.sum64a
		Implements (at least 4, in which 3 are exported)
			 Hash : hash.Hash
			 Hash : internal/bisect.Writer
			 Hash : io.Writer
			/* at least one unexported ... *//* at least one unexported: */
			 Hash : crypto/tls.transcriptHash
		As Inputs Of (at least 20, in which 14 are exported)
			func crypto/internal/fips140/rsa.DecryptOAEP(hash, mgfHash Hash, priv *rsa.PrivateKey, ciphertext []byte, label []byte) ([]byte, error)
			func crypto/internal/fips140/rsa.EncryptOAEP(hash, mgfHash Hash, random io.Reader, pub *rsa.PublicKey, msg []byte, label []byte) ([]byte, error)
			func crypto/internal/fips140/rsa.PSSMaxSaltLength(pub *rsa.PublicKey, hash Hash) (int, error)
			func crypto/internal/fips140/rsa.SignPSS(rand io.Reader, priv *rsa.PrivateKey, hash Hash, hashed []byte, saltLength int) ([]byte, error)
			func crypto/internal/fips140/rsa.VerifyPSS(pub *rsa.PublicKey, hash Hash, digest []byte, sig []byte) error
			func crypto/internal/fips140/rsa.VerifyPSSWithSaltLength(pub *rsa.PublicKey, hash Hash, digest []byte, sig []byte, saltLength int) error
			func crypto/internal/fips140/tls13.(*EarlySecret).ClientEarlyTrafficSecret(transcript Hash) []byte
			func crypto/internal/fips140/tls13.(*EarlySecret).EarlyExporterMasterSecret(transcript Hash) *tls13.ExporterMasterSecret
			func crypto/internal/fips140/tls13.(*HandshakeSecret).ClientHandshakeTrafficSecret(transcript Hash) []byte
			func crypto/internal/fips140/tls13.(*HandshakeSecret).ServerHandshakeTrafficSecret(transcript Hash) []byte
			func crypto/internal/fips140/tls13.(*MasterSecret).ClientApplicationTrafficSecret(transcript Hash) []byte
			func crypto/internal/fips140/tls13.(*MasterSecret).ExporterMasterSecret(transcript Hash) *tls13.ExporterMasterSecret
			func crypto/internal/fips140/tls13.(*MasterSecret).ResumptionMasterSecret(transcript Hash) []byte
			func crypto/internal/fips140/tls13.(*MasterSecret).ServerApplicationTrafficSecret(transcript Hash) []byte
			/* 6+ unexporteds ... *//* 6+ unexporteds: */
			func crypto/internal/fips140/rsa.checkApprovedHash(hash Hash)
			func crypto/internal/fips140/rsa.emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash Hash) ([]byte, error)
			func crypto/internal/fips140/rsa.emsaPSSVerify(mHash, em []byte, emBits, sLen int, hash Hash) error
			func crypto/internal/fips140/rsa.mgf1XOR(out []byte, hash Hash, seed []byte)
			func crypto/internal/fips140/rsa.verifyPSS(pub *rsa.PublicKey, hash Hash, digest []byte, sig []byte, saltLength int) error
			func crypto/internal/fips140/tls13.deriveSecret[H](hash func() H, secret []byte, label string, transcript Hash) []byte


Package-Level Functions (total 13, in which 9 are exported)

	 func CAST(name string, f func() error)
		CAST runs the named Cryptographic Algorithm Self-Test (if operated in FIPS
		mode) and aborts the program (stopping the module input/output and entering
		the "error state") if the self-test fails.
		
		CASTs are mandatory self-checks that must be performed by FIPS 140-3 modules
		before the algorithm is used. See Implementation Guidance 10.3.A.
		
		The name must not contain commas, colons, hashes, or equal signs.
		
		If a package p calls CAST from its init function, an import of p should also
		be added to crypto/internal/fips140test. If a package p calls CAST on the first
		use of the algorithm, an invocation of that algorithm should be added to
		fipstest.TestConditionals.

	 func Name() string
	 func PCT(name string, f func() error) error
		PCT runs the named Pairwise Consistency Test (if operated in FIPS mode) and
		returns any errors. If an error is returned, the key must not be used.
		
		PCTs are mandatory for every key pair that is generated/imported, including
		ephemeral keys (which effectively doubles the cost of key establishment). See
		Implementation Guidance 10.3.A Additional Comment 1.
		
		The name must not contain commas, colons, hashes, or equal signs.
		
		If a package p calls PCT during key generation, an invocation of that
		function should be added to fipstest.TestConditionals.

	 func RecordApproved()
		RecordApproved is an internal function that records the use of an approved
		service. It does not override RecordNonApproved calls in the same span.
		
		It should be called by exposed functions that perform a whole cryptographic
		alrgorithm (e.g. by Sum, not by New, unless a cryptographic Instantiate
		algorithm is performed) and should be called after any checks that may cause
		the function to error out or panic.

	 func RecordNonApproved()
		RecordNonApproved is an internal function that records the use of a
		non-approved service. It overrides any RecordApproved calls in the same span.

	 func ResetServiceIndicator()
		ResetServiceIndicator clears the service indicator for the running goroutine.

	 func ServiceIndicator() bool
		ServiceIndicator returns true if and only if all services invoked by this
		goroutine since the last ResetServiceIndicator call are approved.
		
		If ResetServiceIndicator was not called before by this goroutine, its return
		value is undefined.

	 func Supported() error
		Supported returns an error if FIPS 140-3 mode can't be enabled.

	 func Version() string
	/* 4 unexporteds ... *//* 4 unexporteds: */
	 func fatal(string)
		fatal is [runtime.fatal], pushed via linkname.

	 func getIndicator() uint8
	 func init()
	 func setIndicator(uint8)
Package-Level Variables (total 3, in which 1 is exported)

	  var Enabled bool
	/* 2 unexporteds ... *//* 2 unexporteds: */
	  var debug bool
	  var failfipscast string
		failfipscast is a GODEBUG key allowing simulation of a CAST or PCT failure,
		as required during FIPS 140-3 functional testing. The value is the whole name
		of the target CAST or PCT.


Package-Level Constants (total 5, none are exported)

	/* 5 unexporteds ... *//* 5 unexporteds: */
	const asanEnabled = false
	const boringEnabled = false
	const indicatorFalse uint8 = 1
	const indicatorTrue uint8 = 2
	const indicatorUnset uint8 = 0

The pages are generated with Golds v0.7.6. (GOOS=linux GOARCH=amd64)