Documentation ¶
Overview ¶
Package fips provides functionality to configure cryptographic implementations compliant with FIPS 140.
FIPS 140 1 is a US standard for data processing that specifies requirements for cryptographic modules. Software that is "FIPS 140 compliant" must use approved cryptographic primitives only and that are implemented by a FIPS 140 certified cryptographic module.
So, FIPS 140 requires that a certified implementation of e.g. AES is used to implement more high-level cryptographic protocols. It does not require any specific security criteria for those high-level protocols. FIPS 140 focuses only on the implementation and usage of the most low-level cryptographic building blocks.
Index ¶
Constants ¶
const Enabled = enabled
Enabled indicates whether cryptographic primitives, like AES or SHA-256, are implemented using a FIPS 140 certified module.
If FIPS-140 is enabled no non-NIST/FIPS approved primitives must be used.
Variables ¶
This section is empty.
Functions ¶
func DARECiphers ¶
func DARECiphers() []byte
DARECiphers returns a list of supported cipher suites for the DARE object encryption.
func TLSCiphers ¶
func TLSCiphers() []uint16
TLSCiphers returns a list of supported TLS transport cipher suite IDs.
The list contains only ciphers that use AES-GCM or (non-FIPS) CHACHA20-POLY1305 and ellitpic curve key exchange.
func TLSCiphersBackwardCompatible ¶
func TLSCiphersBackwardCompatible() []uint16
TLSCiphersBackwardCompatible returns a list of supported TLS transport cipher suite IDs.
In contrast to TLSCiphers, the list contains additional ciphers for backward compatibility. In particular, AES-CBC and non-ECDHE ciphers.
func TLSCurveIDs ¶
TLSCurveIDs returns a list of supported elliptic curve IDs in preference order.
Types ¶
This section is empty.