Source file src/crypto/internal/fips/indicator.go 

     1  // Copyright 2024 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package fips
     6  
     7  import _ "unsafe" // for go:linkname
     8  
     9  // The service indicator lets users of the module query whether invoked services
    10  // are approved. Three states are stored in a per-goroutine value by the
    11  // runtime. The indicator starts at indicatorUnset after a reset. Invoking an
    12  // approved service transitions to indicatorTrue. Invoking a non-approved
    13  // service transitions to indicatorFalse, and it can't leave that state until a
    14  // reset. The idea is that functions can "delegate" checks to inner functions,
    15  // and if there's anything non-approved in the stack, the final result is
    16  // negative. Finally, we expose indicatorUnset as negative to the user, so that
    17  // we don't need to explicitly annotate fully non-approved services.
    18  
    19  //go:linkname getIndicator
    20  func getIndicator() uint8
    21  
    22  //go:linkname setIndicator
    23  func setIndicator(uint8)
    24  
    25  const (
    26  	indicatorUnset uint8 = iota
    27  	indicatorFalse
    28  	indicatorTrue
    29  )
    30  
    31  // ResetServiceIndicator clears the service indicator for the running goroutine.
    32  func ResetServiceIndicator() {
    33  	setIndicator(indicatorUnset)
    34  }
    35  
    36  // ServiceIndicator returns true if and only if all services invoked by this
    37  // goroutine since the last ResetServiceIndicator call are approved.
    38  //
    39  // If ResetServiceIndicator was not called before by this goroutine, its return
    40  // value is undefined.
    41  func ServiceIndicator() bool {
    42  	return getIndicator() == indicatorTrue
    43  }
    44  
    45  // RecordApproved is an internal function that records the use of an approved
    46  // service. It does not override RecordNonApproved calls in the same span.
    47  func RecordApproved() {
    48  	if getIndicator() == indicatorUnset {
    49  		setIndicator(indicatorTrue)
    50  	}
    51  }
    52  
    53  // RecordNonApproved is an internal function that records the use of a
    54  // non-approved service. It overrides any RecordApproved calls in the same span.
    55  func RecordNonApproved() {
    56  	setIndicator(indicatorFalse)
    57  }
    58  

View as plain text

go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.