package fips140

Import Path
	crypto/internal/fips140 (on go.dev)

Dependency Relation
	imports 5 packages, and imported by 20 packages

Involved Source Files

	    cast.go
	    fips140.go
	    hash.go
	    indicator.go
Package-Level Type Names (only one)

	/* sort by: alphabet | popularity */
	 type Hash (interface)
		Hash is the common interface implemented by all hash functions. It is a copy
		of [hash.Hash] from the standard library, to avoid depending on security
		definitions from outside of the module.

		Methods (total 5)
			( Hash) BlockSize() int
				BlockSize returns the hash's underlying block size.
				The Write method must be able to accept any amount
				of data, but it may operate more efficiently if all writes
				are a multiple of the block size.

			( Hash) Reset()
				Reset resets the Hash to its initial state.

			( Hash) Size() int
				Size returns the number of bytes Sum will return.

			( Hash) Sum(b []byte) []byte
				Sum appends the current hash to b and returns the resulting slice.
				It does not change the underlying hash state.

			( Hash) Write([]byte) (int, error)
		Implemented By (at least 10)
			*crypto/internal/fips140/hmac.HMAC
			*crypto/internal/fips140/sha256.Digest
			*crypto/internal/fips140/sha3.Digest
			*crypto/internal/fips140/sha3.SHAKE
			*crypto/internal/fips140/sha512.Digest
			*crypto/sha3.SHA3
			 hash.Hash (interface)
			 hash.Hash32 (interface)
			 hash.Hash64 (interface)
			*hash/maphash.Hash
		Implements (at least 3)
			 Hash : hash.Hash
			 Hash : internal/bisect.Writer
			 Hash : io.Writer
		As Inputs Of (at least 14)
			func crypto/internal/fips140/rsa.DecryptOAEP(hash, mgfHash Hash, priv *rsa.PrivateKey, ciphertext []byte, label []byte) ([]byte, error)
			func crypto/internal/fips140/rsa.EncryptOAEP(hash, mgfHash Hash, random io.Reader, pub *rsa.PublicKey, msg []byte, label []byte) ([]byte, error)
			func crypto/internal/fips140/rsa.PSSMaxSaltLength(pub *rsa.PublicKey, hash Hash) (int, error)
			func crypto/internal/fips140/rsa.SignPSS(rand io.Reader, priv *rsa.PrivateKey, hash Hash, hashed []byte, saltLength int) ([]byte, error)
			func crypto/internal/fips140/rsa.VerifyPSS(pub *rsa.PublicKey, hash Hash, digest []byte, sig []byte) error
			func crypto/internal/fips140/rsa.VerifyPSSWithSaltLength(pub *rsa.PublicKey, hash Hash, digest []byte, sig []byte, saltLength int) error
			func crypto/internal/fips140/tls13.(*EarlySecret).ClientEarlyTrafficSecret(transcript Hash) []byte
			func crypto/internal/fips140/tls13.(*EarlySecret).EarlyExporterMasterSecret(transcript Hash) *tls13.ExporterMasterSecret
			func crypto/internal/fips140/tls13.(*HandshakeSecret).ClientHandshakeTrafficSecret(transcript Hash) []byte
			func crypto/internal/fips140/tls13.(*HandshakeSecret).ServerHandshakeTrafficSecret(transcript Hash) []byte
			func crypto/internal/fips140/tls13.(*MasterSecret).ClientApplicationTrafficSecret(transcript Hash) []byte
			func crypto/internal/fips140/tls13.(*MasterSecret).ExporterMasterSecret(transcript Hash) *tls13.ExporterMasterSecret
			func crypto/internal/fips140/tls13.(*MasterSecret).ResumptionMasterSecret(transcript Hash) []byte
			func crypto/internal/fips140/tls13.(*MasterSecret).ServerApplicationTrafficSecret(transcript Hash) []byte


Package-Level Functions (total 6)

	 func CAST(name string, f func() error)
		CAST runs the named Cryptographic Algorithm Self-Test (if operated in FIPS
		mode) and aborts the program (stopping the module input/output and entering
		the "error state") if the self-test fails.
		
		CASTs are mandatory self-checks that must be performed by FIPS 140-3 modules
		before the algorithm is used. See Implementation Guidance 10.3.A.
		
		The name must not contain commas, colons, hashes, or equal signs.
		
		If a package p calls CAST from its init function, an import of p should also
		be added to crypto/internal/fips140test. If a package p calls CAST on the first
		use of the algorithm, an invocation of that algorithm should be added to
		fipstest.TestConditionals.

	 func PCT(name string, f func() error) error
		PCT runs the named Pairwise Consistency Test (if operated in FIPS mode) and
		returns any errors. If an error is returned, the key must not be used.
		
		PCTs are mandatory for every key pair that is generated/imported, including
		ephemeral keys (which effectively doubles the cost of key establishment). See
		Implementation Guidance 10.3.A Additional Comment 1.
		
		The name must not contain commas, colons, hashes, or equal signs.
		
		If a package p calls PCT during key generation, an invocation of that
		function should be added to fipstest.TestConditionals.

	 func RecordApproved()
		RecordApproved is an internal function that records the use of an approved
		service. It does not override RecordNonApproved calls in the same span.
		
		It should be called by exposed functions that perform a whole cryptographic
		alrgorithm (e.g. by Sum, not by New, unless a cryptographic Instantiate
		algorithm is performed) and should be called after any checks that may cause
		the function to error out or panic.

	 func RecordNonApproved()
		RecordNonApproved is an internal function that records the use of a
		non-approved service. It overrides any RecordApproved calls in the same span.

	 func ResetServiceIndicator()
		ResetServiceIndicator clears the service indicator for the running goroutine.

	 func ServiceIndicator() bool
		ServiceIndicator returns true if and only if all services invoked by this
		goroutine since the last ResetServiceIndicator call are approved.
		
		If ResetServiceIndicator was not called before by this goroutine, its return
		value is undefined.


Package-Level Variables (only one)

	  var Enabled bool

The pages are generated with Golds v0.7.5. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @zigo_101 (reachable from the left QR code) to get the latest news of Golds.