fips

package

v1.0.7 Latest Latest Go to latest Published: Mar 14, 2026 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aegisgatesecurity/aegisgate

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func ApprovedCipherSuites() map[string]uint16
func ApprovedHashAlgorithms() map[string]string
func ApprovedKeyExchanges() map[string]bool
func Configure(level Level, opts ...Option) error
func GenerateRSAKey(bits int) (*rsa.PrivateKey, error)
func GetAuditLog() []string
func GetTLSConfig(minVersion uint16) *tls.Config
func IsEnabled() bool
func MinimumKeySizes() map[string]int
func SelfTest() error
func ValidateHashAlgorithm(name string) error
func ValidateKeySize(algorithm string, size int) error
type CheckStatus
type ComplianceCheck
type ComplianceReport
- func Check(level Level) *ComplianceReport
- func (r *ComplianceReport) String() string
type Level
- func GetLevel() Level
- func (l Level) String() string
type Mode
- func GetMode() Mode
type Option
- func WithAudit(enabled bool) Option
- func WithModuleValidation(validated bool, validationNumber string) Option

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	CurrentMode = &Mode{
		Level:           LevelNone,
		Enabled:         false,
		ApprovedOnly:    true,
		AuditEnabled:    false,
		ModuleValidated: false,
	}
)

CurrentMode is the global FIPS mode configuration

Functions ¶

func ApprovedCipherSuites ¶

func ApprovedCipherSuites() map[string]uint16

ApprovedCipherSuites returns FIPS-approved TLS cipher suites

func ApprovedHashAlgorithms ¶

func ApprovedHashAlgorithms() map[string]string

ApprovedHashAlgorithms returns FIPS-approved hash algorithms

func ApprovedKeyExchanges ¶

func ApprovedKeyExchanges() map[string]bool

ApprovedKeyExchanges returns FIPS-approved key exchange algorithms

func Configure ¶

func Configure(level Level, opts ...Option) error

Configure sets the FIPS mode configuration

func GenerateRSAKey ¶

func GenerateRSAKey(bits int) (*rsa.PrivateKey, error)

GenerateRSAKey generates an FIPS-compliant RSA key

func GetAuditLog ¶

func GetAuditLog() []string

GetAuditLog returns the FIPS audit log

func GetTLSConfig ¶

func GetTLSConfig(minVersion uint16) *tls.Config

GetTLSConfig returns an FIPS-compliant TLS configuration

func IsEnabled ¶

func IsEnabled() bool

IsEnabled returns true if FIPS mode is enabled

func MinimumKeySizes ¶

func MinimumKeySizes() map[string]int

MinimumKeySizes returns minimum approved key sizes (bits)

func SelfTest ¶

func SelfTest() error

SelfTest performs a cryptographic self-test as required by FIPS

func ValidateHashAlgorithm ¶

func ValidateHashAlgorithm(name string) error

ValidateHashAlgorithm validates that a hash algorithm is FIPS-approved

func ValidateKeySize ¶

func ValidateKeySize(algorithm string, size int) error

ValidateKeySize validates that a key size meets FIPS requirements

Types ¶

type CheckStatus ¶

type CheckStatus string

CheckStatus represents the status of a compliance check

const (
	CheckPass    CheckStatus = "PASS"
	CheckFail    CheckStatus = "FAIL"
	CheckWarning CheckStatus = "WARNING"
	CheckSkip    CheckStatus = "SKIP"
)

type ComplianceCheck ¶

type ComplianceCheck struct {
	Name        string
	Status      CheckStatus
	Description string
	Details     string
}

ComplianceCheck represents a single compliance check

type ComplianceReport ¶

type ComplianceReport struct {
	Timestamp       time.Time
	FIPSLevel       Level
	Passed          bool
	Checks          []ComplianceCheck
	Recommendations []string
}

ComplianceReport contains the results of a FIPS compliance check

func Check ¶

func Check(level Level) *ComplianceReport

Check performs a full FIPS compliance check

func (*ComplianceReport) String ¶

func (r *ComplianceReport) String() string

String returns a human-readable representation of the compliance report

type Level ¶

type Level int

Level represents the FIPS compliance level

const (
	LevelNone Level = iota
	Level140_2
	Level140_3
)

func GetLevel ¶

func GetLevel() Level

GetLevel returns the current FIPS compliance level

func (Level) String ¶

func (l Level) String() string

String returns string representation of FIPS level

type Mode ¶

type Mode struct {
	Level            Level
	Enabled          bool
	ApprovedOnly     bool   // Use only FIPS-approved algorithms
	AuditEnabled     bool   // Log all cryptographic operations
	ModuleValidated  bool   // Whether using a validated cryptographic module
	ValidationNumber string // CMVP validation number (if certified)
}

Mode represents the current FIPS operational mode

func GetMode ¶

func GetMode() Mode

GetMode returns the current FIPS mode (thread-safe)

type Option ¶

type Option func(*Mode)

Option is a functional option for configuring FIPS mode

func WithAudit ¶

func WithAudit(enabled bool) Option

WithAudit enables FIPS audit logging

func WithModuleValidation ¶

func WithModuleValidation(validated bool, validationNumber string) Option

WithModuleValidation sets the module validation status

Source Files ¶

View all Source files

fips.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL