From eecdb61eebabc083f588a349d4ce5ac2defaf2ca Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Wed, 17 Dec 2025 17:50:07 +0100 Subject: crypto: rename fips140v2.0 to fips140v1.26 Turns out we can't use non-v1 versions for the FIPS 140-3 module, so we decided to match the versioning of the Go release the module is frozen from. Change-Id: Ib5c13511a51f9930fcde86cd7e8bd39c6a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/730740 Auto-Submit: Filippo Valsorda Reviewed-by: Roland Shoemaker LUCI-TryBot-Result: Go LUCI Reviewed-by: Michael Knyszek --- src/crypto/cipher/gcm_fips140v1.26_test.go | 105 +++++++++++++++++++++++++++++ src/crypto/cipher/gcm_fips140v2.0_test.go | 105 ----------------------------- 2 files changed, 105 insertions(+), 105 deletions(-) create mode 100644 src/crypto/cipher/gcm_fips140v1.26_test.go delete mode 100644 src/crypto/cipher/gcm_fips140v2.0_test.go (limited to 'src/crypto/cipher') diff --git a/src/crypto/cipher/gcm_fips140v1.26_test.go b/src/crypto/cipher/gcm_fips140v1.26_test.go new file mode 100644 index 0000000000..9f17a497ca --- /dev/null +++ b/src/crypto/cipher/gcm_fips140v1.26_test.go @@ -0,0 +1,105 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !fips140v1.0 + +package cipher_test + +import ( + "crypto/cipher" + "crypto/internal/cryptotest" + "crypto/internal/fips140" + fipsaes "crypto/internal/fips140/aes" + "crypto/internal/fips140/aes/gcm" + "encoding/binary" + "internal/testenv" + "math" + "testing" +) + +func TestGCMNoncesFIPSV126(t *testing.T) { + cryptotest.MustSupportFIPS140(t) + if !fips140.Enabled { + cmd := testenv.Command(t, testenv.Executable(t), "-test.run=^TestGCMNoncesFIPSV126$", "-test.v") + cmd.Env = append(cmd.Environ(), "GODEBUG=fips140=on") + out, err := cmd.CombinedOutput() + t.Logf("running with GODEBUG=fips140=on:\n%s", out) + if err != nil { + t.Errorf("fips140=on subprocess failed: %v", err) + } + return + } + + tryNonce := func(aead cipher.AEAD, nonce []byte) bool { + fips140.ResetServiceIndicator() + aead.Seal(nil, nonce, []byte("x"), nil) + return fips140.ServiceIndicator() + } + expectOK := func(t *testing.T, aead cipher.AEAD, nonce []byte) { + t.Helper() + if !tryNonce(aead, nonce) { + t.Errorf("expected service indicator true for %x", nonce) + } + } + expectPanic := func(t *testing.T, aead cipher.AEAD, nonce []byte) { + t.Helper() + defer func() { + t.Helper() + if recover() == nil { + t.Errorf("expected panic for %x", nonce) + } + }() + tryNonce(aead, nonce) + } + + t.Run("NewGCMWithXORCounterNonce", func(t *testing.T) { + newGCM := func() *gcm.GCMWithXORCounterNonce { + key := make([]byte, 16) + block, _ := fipsaes.New(key) + aead, _ := gcm.NewGCMWithXORCounterNonce(block) + return aead + } + nonce := func(mask []byte, counter uint64) []byte { + nonce := make([]byte, 12) + copy(nonce, mask) + n := binary.BigEndian.AppendUint64(nil, counter) + for i, b := range n { + nonce[4+i] ^= b + } + return nonce + } + + for _, mask := range [][]byte{ + decodeHex(t, "ffffffffffffffffffffffff"), + decodeHex(t, "aabbccddeeff001122334455"), + decodeHex(t, "000000000000000000000000"), + } { + g := newGCM() + // Mask is derived from first invocation with zero nonce. + expectOK(t, g, nonce(mask, 0)) + expectOK(t, g, nonce(mask, 1)) + expectOK(t, g, nonce(mask, 100)) + expectPanic(t, g, nonce(mask, 100)) + expectPanic(t, g, nonce(mask, 99)) + expectOK(t, g, nonce(mask, math.MaxUint64-2)) + expectOK(t, g, nonce(mask, math.MaxUint64-1)) + expectPanic(t, g, nonce(mask, math.MaxUint64)) + expectPanic(t, g, nonce(mask, 0)) + + g = newGCM() + g.SetNoncePrefixAndMask(mask) + expectOK(t, g, nonce(mask, 0xFFFFFFFF)) + expectOK(t, g, nonce(mask, math.MaxUint64-2)) + expectOK(t, g, nonce(mask, math.MaxUint64-1)) + expectPanic(t, g, nonce(mask, math.MaxUint64)) + expectPanic(t, g, nonce(mask, 0)) + + g = newGCM() + g.SetNoncePrefixAndMask(mask) + expectOK(t, g, nonce(mask, math.MaxUint64-1)) + expectPanic(t, g, nonce(mask, math.MaxUint64)) + expectPanic(t, g, nonce(mask, 0)) + } + }) +} diff --git a/src/crypto/cipher/gcm_fips140v2.0_test.go b/src/crypto/cipher/gcm_fips140v2.0_test.go deleted file mode 100644 index d3a8ea5c63..0000000000 --- a/src/crypto/cipher/gcm_fips140v2.0_test.go +++ /dev/null @@ -1,105 +0,0 @@ -// Copyright 2025 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !fips140v1.0 - -package cipher_test - -import ( - "crypto/cipher" - "crypto/internal/cryptotest" - "crypto/internal/fips140" - fipsaes "crypto/internal/fips140/aes" - "crypto/internal/fips140/aes/gcm" - "encoding/binary" - "internal/testenv" - "math" - "testing" -) - -func TestGCMNoncesFIPSV2(t *testing.T) { - cryptotest.MustSupportFIPS140(t) - if !fips140.Enabled { - cmd := testenv.Command(t, testenv.Executable(t), "-test.run=^TestGCMNoncesFIPSV2$", "-test.v") - cmd.Env = append(cmd.Environ(), "GODEBUG=fips140=on") - out, err := cmd.CombinedOutput() - t.Logf("running with GODEBUG=fips140=on:\n%s", out) - if err != nil { - t.Errorf("fips140=on subprocess failed: %v", err) - } - return - } - - tryNonce := func(aead cipher.AEAD, nonce []byte) bool { - fips140.ResetServiceIndicator() - aead.Seal(nil, nonce, []byte("x"), nil) - return fips140.ServiceIndicator() - } - expectOK := func(t *testing.T, aead cipher.AEAD, nonce []byte) { - t.Helper() - if !tryNonce(aead, nonce) { - t.Errorf("expected service indicator true for %x", nonce) - } - } - expectPanic := func(t *testing.T, aead cipher.AEAD, nonce []byte) { - t.Helper() - defer func() { - t.Helper() - if recover() == nil { - t.Errorf("expected panic for %x", nonce) - } - }() - tryNonce(aead, nonce) - } - - t.Run("NewGCMWithXORCounterNonce", func(t *testing.T) { - newGCM := func() *gcm.GCMWithXORCounterNonce { - key := make([]byte, 16) - block, _ := fipsaes.New(key) - aead, _ := gcm.NewGCMWithXORCounterNonce(block) - return aead - } - nonce := func(mask []byte, counter uint64) []byte { - nonce := make([]byte, 12) - copy(nonce, mask) - n := binary.BigEndian.AppendUint64(nil, counter) - for i, b := range n { - nonce[4+i] ^= b - } - return nonce - } - - for _, mask := range [][]byte{ - decodeHex(t, "ffffffffffffffffffffffff"), - decodeHex(t, "aabbccddeeff001122334455"), - decodeHex(t, "000000000000000000000000"), - } { - g := newGCM() - // Mask is derived from first invocation with zero nonce. - expectOK(t, g, nonce(mask, 0)) - expectOK(t, g, nonce(mask, 1)) - expectOK(t, g, nonce(mask, 100)) - expectPanic(t, g, nonce(mask, 100)) - expectPanic(t, g, nonce(mask, 99)) - expectOK(t, g, nonce(mask, math.MaxUint64-2)) - expectOK(t, g, nonce(mask, math.MaxUint64-1)) - expectPanic(t, g, nonce(mask, math.MaxUint64)) - expectPanic(t, g, nonce(mask, 0)) - - g = newGCM() - g.SetNoncePrefixAndMask(mask) - expectOK(t, g, nonce(mask, 0xFFFFFFFF)) - expectOK(t, g, nonce(mask, math.MaxUint64-2)) - expectOK(t, g, nonce(mask, math.MaxUint64-1)) - expectPanic(t, g, nonce(mask, math.MaxUint64)) - expectPanic(t, g, nonce(mask, 0)) - - g = newGCM() - g.SetNoncePrefixAndMask(mask) - expectOK(t, g, nonce(mask, math.MaxUint64-1)) - expectPanic(t, g, nonce(mask, math.MaxUint64)) - expectPanic(t, g, nonce(mask, 0)) - } - }) -} -- cgit v1.3