From df6c351aa4bbc8805406bfef979e62f59fc76da9 Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Fri, 9 Jan 2026 19:01:50 +0100 Subject: crypto: use testenv.Executable(t) instead of os.Args[0] in tests Change-Id: Ib0ec1f05e51a4295a9369d6e8c6b61976a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/735260 LUCI-TryBot-Result: Go LUCI Reviewed-by: Junyang Shao Reviewed-by: Daniel McCarney Auto-Submit: Filippo Valsorda Reviewed-by: Michael Pratt --- src/crypto/internal/fips140test/acvp_test.go | 4 ++-- src/crypto/internal/fips140test/check_test.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src/crypto/internal/fips140test') diff --git a/src/crypto/internal/fips140test/acvp_test.go b/src/crypto/internal/fips140test/acvp_test.go index e94bab74fd..6a0b46af2b 100644 --- a/src/crypto/internal/fips140test/acvp_test.go +++ b/src/crypto/internal/fips140test/acvp_test.go @@ -2146,7 +2146,7 @@ func TestACVP(t *testing.T) { } configPath := filepath.Join(cwd, testConfigFile) t.Logf("running check_expected.go\ncwd: %q\ndata_dir: %q\nconfig: %q\ntool: %q\nmodule-wrapper: %q\n", - cwd, dataDir, configPath, toolPath, os.Args[0]) + cwd, dataDir, configPath, toolPath, testenv.Executable(t)) // Run the check_expected test driver using the acvptool we built, and this test binary as the // module wrapper. The file paths in the config file are specified relative to the dataDir root @@ -2157,7 +2157,7 @@ func TestACVP(t *testing.T) { "-tool", toolPath, // Note: module prefix must match Wrapper value in testConfigFile. - "-module-wrappers", "go:" + os.Args[0], + "-module-wrappers", "go:" + testenv.Executable(t), "-tests", configPath, } cmd = testenv.Command(t, testenv.GoToolPath(t), args...) diff --git a/src/crypto/internal/fips140test/check_test.go b/src/crypto/internal/fips140test/check_test.go index 8aef1f9b9b..d70ffbb77f 100644 --- a/src/crypto/internal/fips140test/check_test.go +++ b/src/crypto/internal/fips140test/check_test.go @@ -46,7 +46,7 @@ func TestIntegrityCheckFailure(t *testing.T) { moduleStatus(t) cryptotest.MustSupportFIPS140(t) - bin, err := os.ReadFile(os.Args[0]) + bin, err := os.ReadFile(testenv.Executable(t)) if err != nil { t.Fatal(err) } -- cgit v1.3 From 2bc4315d92a70d9a5e895d60defba4f799798806 Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Fri, 19 Dec 2025 23:14:05 +0100 Subject: crypto/internal/fips140test: add ML-DSA to FIPS 140-3 functional tests Change-Id: I568d28d27d2bc55bbadcc678a2fcf9d36a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/731540 Reviewed-by: Roland Shoemaker Reviewed-by: Junyang Shao Auto-Submit: Filippo Valsorda LUCI-TryBot-Result: Go LUCI --- .../internal/fips140test/cast_fips140v1.0_test.go | 9 ------ .../internal/fips140test/cast_fips140v1.26_test.go | 16 ----------- .../internal/fips140test/fips140v1.0_test.go | 13 +++++++++ .../internal/fips140test/fips140v1.26_test.go | 33 ++++++++++++++++++++++ src/crypto/internal/fips140test/fips_test.go | 2 ++ 5 files changed, 48 insertions(+), 25 deletions(-) delete mode 100644 src/crypto/internal/fips140test/cast_fips140v1.0_test.go delete mode 100644 src/crypto/internal/fips140test/cast_fips140v1.26_test.go create mode 100644 src/crypto/internal/fips140test/fips140v1.0_test.go create mode 100644 src/crypto/internal/fips140test/fips140v1.26_test.go (limited to 'src/crypto/internal/fips140test') diff --git a/src/crypto/internal/fips140test/cast_fips140v1.0_test.go b/src/crypto/internal/fips140test/cast_fips140v1.0_test.go deleted file mode 100644 index b9ddfe4d8b..0000000000 --- a/src/crypto/internal/fips140test/cast_fips140v1.0_test.go +++ /dev/null @@ -1,9 +0,0 @@ -// Copyright 2024 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build fips140v1.0 - -package fipstest - -func fips140v126Conditionals() {} diff --git a/src/crypto/internal/fips140test/cast_fips140v1.26_test.go b/src/crypto/internal/fips140test/cast_fips140v1.26_test.go deleted file mode 100644 index ef79068c38..0000000000 --- a/src/crypto/internal/fips140test/cast_fips140v1.26_test.go +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright 2024 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !fips140v1.0 - -package fipstest - -import "crypto/internal/fips140/mldsa" - -func fips140v126Conditionals() { - // ML-DSA sign and verify PCT - kMLDSA := mldsa.GenerateKey44() - // ML-DSA-44 - mldsa.SignDeterministic(kMLDSA, make([]byte, 32), "") -} diff --git a/src/crypto/internal/fips140test/fips140v1.0_test.go b/src/crypto/internal/fips140test/fips140v1.0_test.go new file mode 100644 index 0000000000..262ef61d5c --- /dev/null +++ b/src/crypto/internal/fips140test/fips140v1.0_test.go @@ -0,0 +1,13 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build fips140v1.0 + +package fipstest + +import "testing" + +func fips140v126Conditionals() {} + +func testFIPS140v126(t *testing.T, plaintext []byte) {} diff --git a/src/crypto/internal/fips140test/fips140v1.26_test.go b/src/crypto/internal/fips140test/fips140v1.26_test.go new file mode 100644 index 0000000000..6cd9f4fe40 --- /dev/null +++ b/src/crypto/internal/fips140test/fips140v1.26_test.go @@ -0,0 +1,33 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !fips140v1.0 + +package fipstest + +import ( + "crypto/internal/fips140/mldsa" + "testing" +) + +func fips140v126Conditionals() { + // ML-DSA sign and verify PCT + kMLDSA := mldsa.GenerateKey44() + // ML-DSA-44 + mldsa.SignDeterministic(kMLDSA, make([]byte, 32), "") +} + +func testFIPS140v126(t *testing.T, plaintext []byte) { + t.Run("ML-DSA KeyGen, SigGen, SigVer", func(t *testing.T) { + ensureServiceIndicator(t) + k := mldsa.GenerateKey44() + + sig, err := mldsa.SignDeterministic(k, plaintext, "") + fatalIfErr(t, err) + t.Logf("ML-DSA signature: %x", sig) + + err = mldsa.Verify(k.PublicKey(), plaintext, sig, "") + fatalIfErr(t, err) + }) +} diff --git a/src/crypto/internal/fips140test/fips_test.go b/src/crypto/internal/fips140test/fips_test.go index 52fc9d3488..7f2824ca9a 100644 --- a/src/crypto/internal/fips140test/fips_test.go +++ b/src/crypto/internal/fips140test/fips_test.go @@ -101,6 +101,8 @@ func TestFIPS140(t *testing.T) { aesBlock, err := aes.New(aesKey) fatalIfErr(t, err) + testFIPS140v126(t, plaintext) + t.Run("AES-CTR", func(t *testing.T) { ensureServiceIndicator(t) ctr := aes.NewCTR(aesBlock, aesIV) -- cgit v1.3