From eecdb61eebabc083f588a349d4ce5ac2defaf2ca Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Wed, 17 Dec 2025 17:50:07 +0100 Subject: crypto: rename fips140v2.0 to fips140v1.26 Turns out we can't use non-v1 versions for the FIPS 140-3 module, so we decided to match the versioning of the Go release the module is frozen from. Change-Id: Ib5c13511a51f9930fcde86cd7e8bd39c6a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/730740 Auto-Submit: Filippo Valsorda Reviewed-by: Roland Shoemaker LUCI-TryBot-Result: Go LUCI Reviewed-by: Michael Knyszek --- src/crypto/cipher/gcm_fips140v1.26_test.go | 105 +++++++++++++++++ src/crypto/cipher/gcm_fips140v2.0_test.go | 105 ----------------- src/crypto/hpke/aead_fips140v1.0.go | 20 ++++ src/crypto/hpke/aead_fips140v1.26.go | 21 ++++ src/crypto/hpke/aead_fipsv1.0.go | 20 ---- src/crypto/hpke/aead_fipsv2.0.go | 21 ---- .../acvp_capabilities_fips140v1.26.json | 86 ++++++++++++++ .../fips140test/acvp_capabilities_fips140v2.0.json | 86 -------------- .../internal/fips140test/acvp_fips140v1.26_test.go | 126 +++++++++++++++++++++ .../internal/fips140test/acvp_fips140v2.0_test.go | 126 --------------------- .../fips140test/acvp_test_fips140v1.26.config.json | 58 ++++++++++ .../fips140test/acvp_test_fips140v2.0.config.json | 58 ---------- .../internal/fips140test/cast_fips140v1.0_test.go | 2 +- .../internal/fips140test/cast_fips140v1.26_test.go | 16 +++ .../internal/fips140test/cast_fips140v2.0_test.go | 16 --- src/crypto/internal/fips140test/cast_test.go | 2 +- src/crypto/internal/rand/rand_fips140v1.0.go | 13 +++ src/crypto/internal/rand/rand_fips140v1.26.go | 16 +++ src/crypto/internal/rand/rand_fipsv1.0.go | 13 --- src/crypto/internal/rand/rand_fipsv2.0.go | 16 --- 20 files changed, 463 insertions(+), 463 deletions(-) create mode 100644 src/crypto/cipher/gcm_fips140v1.26_test.go delete mode 100644 src/crypto/cipher/gcm_fips140v2.0_test.go create mode 100644 src/crypto/hpke/aead_fips140v1.0.go create mode 100644 src/crypto/hpke/aead_fips140v1.26.go delete mode 100644 src/crypto/hpke/aead_fipsv1.0.go delete mode 100644 src/crypto/hpke/aead_fipsv2.0.go create mode 100644 src/crypto/internal/fips140test/acvp_capabilities_fips140v1.26.json delete mode 100644 src/crypto/internal/fips140test/acvp_capabilities_fips140v2.0.json create mode 100644 src/crypto/internal/fips140test/acvp_fips140v1.26_test.go delete mode 100644 src/crypto/internal/fips140test/acvp_fips140v2.0_test.go create mode 100644 src/crypto/internal/fips140test/acvp_test_fips140v1.26.config.json delete mode 100644 src/crypto/internal/fips140test/acvp_test_fips140v2.0.config.json create mode 100644 src/crypto/internal/fips140test/cast_fips140v1.26_test.go delete mode 100644 src/crypto/internal/fips140test/cast_fips140v2.0_test.go create mode 100644 src/crypto/internal/rand/rand_fips140v1.0.go create mode 100644 src/crypto/internal/rand/rand_fips140v1.26.go delete mode 100644 src/crypto/internal/rand/rand_fipsv1.0.go delete mode 100644 src/crypto/internal/rand/rand_fipsv2.0.go (limited to 'src/crypto') diff --git a/src/crypto/cipher/gcm_fips140v1.26_test.go b/src/crypto/cipher/gcm_fips140v1.26_test.go new file mode 100644 index 0000000000..9f17a497ca --- /dev/null +++ b/src/crypto/cipher/gcm_fips140v1.26_test.go @@ -0,0 +1,105 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !fips140v1.0 + +package cipher_test + +import ( + "crypto/cipher" + "crypto/internal/cryptotest" + "crypto/internal/fips140" + fipsaes "crypto/internal/fips140/aes" + "crypto/internal/fips140/aes/gcm" + "encoding/binary" + "internal/testenv" + "math" + "testing" +) + +func TestGCMNoncesFIPSV126(t *testing.T) { + cryptotest.MustSupportFIPS140(t) + if !fips140.Enabled { + cmd := testenv.Command(t, testenv.Executable(t), "-test.run=^TestGCMNoncesFIPSV126$", "-test.v") + cmd.Env = append(cmd.Environ(), "GODEBUG=fips140=on") + out, err := cmd.CombinedOutput() + t.Logf("running with GODEBUG=fips140=on:\n%s", out) + if err != nil { + t.Errorf("fips140=on subprocess failed: %v", err) + } + return + } + + tryNonce := func(aead cipher.AEAD, nonce []byte) bool { + fips140.ResetServiceIndicator() + aead.Seal(nil, nonce, []byte("x"), nil) + return fips140.ServiceIndicator() + } + expectOK := func(t *testing.T, aead cipher.AEAD, nonce []byte) { + t.Helper() + if !tryNonce(aead, nonce) { + t.Errorf("expected service indicator true for %x", nonce) + } + } + expectPanic := func(t *testing.T, aead cipher.AEAD, nonce []byte) { + t.Helper() + defer func() { + t.Helper() + if recover() == nil { + t.Errorf("expected panic for %x", nonce) + } + }() + tryNonce(aead, nonce) + } + + t.Run("NewGCMWithXORCounterNonce", func(t *testing.T) { + newGCM := func() *gcm.GCMWithXORCounterNonce { + key := make([]byte, 16) + block, _ := fipsaes.New(key) + aead, _ := gcm.NewGCMWithXORCounterNonce(block) + return aead + } + nonce := func(mask []byte, counter uint64) []byte { + nonce := make([]byte, 12) + copy(nonce, mask) + n := binary.BigEndian.AppendUint64(nil, counter) + for i, b := range n { + nonce[4+i] ^= b + } + return nonce + } + + for _, mask := range [][]byte{ + decodeHex(t, "ffffffffffffffffffffffff"), + decodeHex(t, "aabbccddeeff001122334455"), + decodeHex(t, "000000000000000000000000"), + } { + g := newGCM() + // Mask is derived from first invocation with zero nonce. + expectOK(t, g, nonce(mask, 0)) + expectOK(t, g, nonce(mask, 1)) + expectOK(t, g, nonce(mask, 100)) + expectPanic(t, g, nonce(mask, 100)) + expectPanic(t, g, nonce(mask, 99)) + expectOK(t, g, nonce(mask, math.MaxUint64-2)) + expectOK(t, g, nonce(mask, math.MaxUint64-1)) + expectPanic(t, g, nonce(mask, math.MaxUint64)) + expectPanic(t, g, nonce(mask, 0)) + + g = newGCM() + g.SetNoncePrefixAndMask(mask) + expectOK(t, g, nonce(mask, 0xFFFFFFFF)) + expectOK(t, g, nonce(mask, math.MaxUint64-2)) + expectOK(t, g, nonce(mask, math.MaxUint64-1)) + expectPanic(t, g, nonce(mask, math.MaxUint64)) + expectPanic(t, g, nonce(mask, 0)) + + g = newGCM() + g.SetNoncePrefixAndMask(mask) + expectOK(t, g, nonce(mask, math.MaxUint64-1)) + expectPanic(t, g, nonce(mask, math.MaxUint64)) + expectPanic(t, g, nonce(mask, 0)) + } + }) +} diff --git a/src/crypto/cipher/gcm_fips140v2.0_test.go b/src/crypto/cipher/gcm_fips140v2.0_test.go deleted file mode 100644 index d3a8ea5c63..0000000000 --- a/src/crypto/cipher/gcm_fips140v2.0_test.go +++ /dev/null @@ -1,105 +0,0 @@ -// Copyright 2025 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !fips140v1.0 - -package cipher_test - -import ( - "crypto/cipher" - "crypto/internal/cryptotest" - "crypto/internal/fips140" - fipsaes "crypto/internal/fips140/aes" - "crypto/internal/fips140/aes/gcm" - "encoding/binary" - "internal/testenv" - "math" - "testing" -) - -func TestGCMNoncesFIPSV2(t *testing.T) { - cryptotest.MustSupportFIPS140(t) - if !fips140.Enabled { - cmd := testenv.Command(t, testenv.Executable(t), "-test.run=^TestGCMNoncesFIPSV2$", "-test.v") - cmd.Env = append(cmd.Environ(), "GODEBUG=fips140=on") - out, err := cmd.CombinedOutput() - t.Logf("running with GODEBUG=fips140=on:\n%s", out) - if err != nil { - t.Errorf("fips140=on subprocess failed: %v", err) - } - return - } - - tryNonce := func(aead cipher.AEAD, nonce []byte) bool { - fips140.ResetServiceIndicator() - aead.Seal(nil, nonce, []byte("x"), nil) - return fips140.ServiceIndicator() - } - expectOK := func(t *testing.T, aead cipher.AEAD, nonce []byte) { - t.Helper() - if !tryNonce(aead, nonce) { - t.Errorf("expected service indicator true for %x", nonce) - } - } - expectPanic := func(t *testing.T, aead cipher.AEAD, nonce []byte) { - t.Helper() - defer func() { - t.Helper() - if recover() == nil { - t.Errorf("expected panic for %x", nonce) - } - }() - tryNonce(aead, nonce) - } - - t.Run("NewGCMWithXORCounterNonce", func(t *testing.T) { - newGCM := func() *gcm.GCMWithXORCounterNonce { - key := make([]byte, 16) - block, _ := fipsaes.New(key) - aead, _ := gcm.NewGCMWithXORCounterNonce(block) - return aead - } - nonce := func(mask []byte, counter uint64) []byte { - nonce := make([]byte, 12) - copy(nonce, mask) - n := binary.BigEndian.AppendUint64(nil, counter) - for i, b := range n { - nonce[4+i] ^= b - } - return nonce - } - - for _, mask := range [][]byte{ - decodeHex(t, "ffffffffffffffffffffffff"), - decodeHex(t, "aabbccddeeff001122334455"), - decodeHex(t, "000000000000000000000000"), - } { - g := newGCM() - // Mask is derived from first invocation with zero nonce. - expectOK(t, g, nonce(mask, 0)) - expectOK(t, g, nonce(mask, 1)) - expectOK(t, g, nonce(mask, 100)) - expectPanic(t, g, nonce(mask, 100)) - expectPanic(t, g, nonce(mask, 99)) - expectOK(t, g, nonce(mask, math.MaxUint64-2)) - expectOK(t, g, nonce(mask, math.MaxUint64-1)) - expectPanic(t, g, nonce(mask, math.MaxUint64)) - expectPanic(t, g, nonce(mask, 0)) - - g = newGCM() - g.SetNoncePrefixAndMask(mask) - expectOK(t, g, nonce(mask, 0xFFFFFFFF)) - expectOK(t, g, nonce(mask, math.MaxUint64-2)) - expectOK(t, g, nonce(mask, math.MaxUint64-1)) - expectPanic(t, g, nonce(mask, math.MaxUint64)) - expectPanic(t, g, nonce(mask, 0)) - - g = newGCM() - g.SetNoncePrefixAndMask(mask) - expectOK(t, g, nonce(mask, math.MaxUint64-1)) - expectPanic(t, g, nonce(mask, math.MaxUint64)) - expectPanic(t, g, nonce(mask, 0)) - } - }) -} diff --git a/src/crypto/hpke/aead_fips140v1.0.go b/src/crypto/hpke/aead_fips140v1.0.go new file mode 100644 index 0000000000..986126cbf9 --- /dev/null +++ b/src/crypto/hpke/aead_fips140v1.0.go @@ -0,0 +1,20 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build fips140v1.0 + +package hpke + +import ( + "crypto/aes" + "crypto/cipher" +) + +func newAESGCM(key []byte) (cipher.AEAD, error) { + b, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + return cipher.NewGCM(b) +} diff --git a/src/crypto/hpke/aead_fips140v1.26.go b/src/crypto/hpke/aead_fips140v1.26.go new file mode 100644 index 0000000000..710eb1c08f --- /dev/null +++ b/src/crypto/hpke/aead_fips140v1.26.go @@ -0,0 +1,21 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !fips140v1.0 + +package hpke + +import ( + "crypto/cipher" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/aes/gcm" +) + +func newAESGCM(key []byte) (cipher.AEAD, error) { + b, err := aes.New(key) + if err != nil { + return nil, err + } + return gcm.NewGCMForHPKE(b) +} diff --git a/src/crypto/hpke/aead_fipsv1.0.go b/src/crypto/hpke/aead_fipsv1.0.go deleted file mode 100644 index 986126cbf9..0000000000 --- a/src/crypto/hpke/aead_fipsv1.0.go +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright 2025 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build fips140v1.0 - -package hpke - -import ( - "crypto/aes" - "crypto/cipher" -) - -func newAESGCM(key []byte) (cipher.AEAD, error) { - b, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - return cipher.NewGCM(b) -} diff --git a/src/crypto/hpke/aead_fipsv2.0.go b/src/crypto/hpke/aead_fipsv2.0.go deleted file mode 100644 index 710eb1c08f..0000000000 --- a/src/crypto/hpke/aead_fipsv2.0.go +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2025 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !fips140v1.0 - -package hpke - -import ( - "crypto/cipher" - "crypto/internal/fips140/aes" - "crypto/internal/fips140/aes/gcm" -) - -func newAESGCM(key []byte) (cipher.AEAD, error) { - b, err := aes.New(key) - if err != nil { - return nil, err - } - return gcm.NewGCMForHPKE(b) -} diff --git a/src/crypto/internal/fips140test/acvp_capabilities_fips140v1.26.json b/src/crypto/internal/fips140test/acvp_capabilities_fips140v1.26.json new file mode 100644 index 0000000000..33c8aa235b --- /dev/null +++ b/src/crypto/internal/fips140test/acvp_capabilities_fips140v1.26.json @@ -0,0 +1,86 @@ +[ + {"algorithm":"SHA2-224","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"1.0"}, + {"algorithm":"SHA2-256","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"1.0"}, + {"algorithm":"SHA2-384","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"1.0"}, + {"algorithm":"SHA2-512","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"1.0"}, + {"algorithm":"SHA2-512/224","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"1.0"}, + {"algorithm":"SHA2-512/256","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"1.0"}, + + {"algorithm":"SHA3-224","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"2.0"}, + {"algorithm":"SHA3-256","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"2.0"}, + {"algorithm":"SHA3-384","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"2.0"}, + {"algorithm":"SHA3-512","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"2.0"}, + + {"algorithm":"SHAKE-128","inBit":false,"outBit":false,"inEmpty":true,"outputLen":[{"min":16,"max":65536,"increment":8}],"revision":"1.0"}, + {"algorithm":"SHAKE-256","inBit":false,"outBit":false,"inEmpty":true,"outputLen":[{"min":16,"max":65536,"increment":8}],"revision":"1.0"}, + {"algorithm":"cSHAKE-128","hexCustomization":false,"outputLen":[{"min":16,"max":65536,"increment":8}],"msgLen":[{"min":0,"max":65536,"increment":8}],"revision":"1.0"}, + {"algorithm":"cSHAKE-256","hexCustomization":false,"outputLen":[{"min":16,"max":65536,"increment":8}],"msgLen":[{"min":0,"max":65536,"increment":8}],"revision":"1.0"}, + + {"algorithm":"HMAC-SHA2-224","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[224],"revision":"1.0"}, + {"algorithm":"HMAC-SHA2-256","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[256],"revision":"1.0"}, + {"algorithm":"HMAC-SHA2-384","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[384],"revision":"1.0"}, + {"algorithm":"HMAC-SHA2-512","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[512],"revision":"1.0"}, + {"algorithm":"HMAC-SHA2-512/224","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[224],"revision":"1.0"}, + {"algorithm":"HMAC-SHA2-512/256","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[256],"revision":"1.0"}, + + {"algorithm":"HMAC-SHA3-224","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[224],"revision":"1.0"}, + {"algorithm":"HMAC-SHA3-256","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[256],"revision":"1.0"}, + {"algorithm":"HMAC-SHA3-384","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[384],"revision":"1.0"}, + {"algorithm":"HMAC-SHA3-512","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[512],"revision":"1.0"}, + + {"algorithm":"KDA","mode":"HKDF","revision":"Sp800-56Cr1","fixedInfoPattern":"uPartyInfo||vPartyInfo","encoding":["concatenation"],"hmacAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"],"macSaltMethods":["default","random"],"l":2048,"z":[{"min":224,"max":65336,"increment":8}]}, + {"algorithm":"KDA","mode":"OneStepNoCounter","revision":"Sp800-56Cr2","auxFunctions":[{"auxFunctionName":"HMAC-SHA2-224","l":224,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-256","l":256,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-384","l":384,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-512","l":512,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-512/224","l":224,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-512/256","l":256,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA3-224","l":224,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA3-256","l":256,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA3-384","l":384,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA3-512","l":512,"macSaltMethods":["default","random"]}],"fixedInfoPattern":"uPartyInfo||vPartyInfo","encoding":["concatenation"],"z":[{"min":224,"max":65336,"increment":8}]}, + + {"algorithm":"PBKDF","capabilities":[{"iterationCount":[{"min":1,"max":10000,"increment":1}],"keyLen":[{"min":112,"max":4096,"increment":8}],"passwordLen":[{"min":8,"max":64,"increment":1}],"saltLen":[{"min":128,"max":512,"increment":8}],"hmacAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"]}],"revision":"1.0"}, + + {"algorithm":"ML-KEM","mode":"keyGen","revision":"FIPS203","parameterSets":["ML-KEM-768","ML-KEM-1024"]}, + {"algorithm":"ML-KEM","mode":"encapDecap","revision":"FIPS203","parameterSets":["ML-KEM-768","ML-KEM-1024"],"functions":["encapsulation","decapsulation"]}, + + {"algorithm":"ML-DSA","mode":"keyGen","revision":"FIPS204","parameterSets":["ML-DSA-44","ML-DSA-65","ML-DSA-87"]}, + {"algorithm":"ML-DSA","mode":"sigGen","revision":"FIPS204","signatureInterfaces":["internal","external"],"preHash":["pure"],"deterministic":[true,false],"externalMu":[true],"capabilities":[{"parameterSets":["ML-DSA-44","ML-DSA-65","ML-DSA-87"],"messageLength":[{"min":8,"max":65536,"increment":8}],"contextLength":[{"min":0,"max":2040,"increment":8}]}]}, + {"algorithm":"ML-DSA","mode":"sigVer","revision":"FIPS204","signatureInterfaces":["internal","external"],"externalMu":[true],"preHash":["pure"],"capabilities":[{"parameterSets":["ML-DSA-44","ML-DSA-65","ML-DSA-87"],"messageLength":[{"min":8,"max":65536,"increment":8}],"contextLength":[{"min":0,"max":2040,"increment":8}]}]}, + + {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA2-224","derFuncEnabled":false,"entropyInputLen":[192],"nonceLen":[96],"persoStringLen":[192],"additionalInputLen":[0],"returnedBitsLen":224}]}, + {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA2-256","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":256}]}, + {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA2-384","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":384}]}, + {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA2-512","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":512}]}, + {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA2-512/224","derFuncEnabled":false,"entropyInputLen":[192],"nonceLen":[96],"persoStringLen":[192],"additionalInputLen":[0],"returnedBitsLen":224}]}, + {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA2-512/256","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":256}]}, + {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA3-224","derFuncEnabled":false,"entropyInputLen":[192],"nonceLen":[96],"persoStringLen":[192],"additionalInputLen":[0],"returnedBitsLen":224}]}, + {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA3-256","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":256}]}, + {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA3-384","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":384}]}, + {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA3-512","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":512}]}, + + {"algorithm":"ctrDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":true,"capabilities":[{"mode":"AES-256","derFuncEnabled":false,"entropyInputLen":[384],"nonceLen":[0],"persoStringLen":[0],"additionalInputLen":[384],"returnedBitsLen":128}]}, + + {"algorithm":"EDDSA","mode":"keyGen","revision":"1.0","curve":["ED-25519"]}, + {"algorithm":"EDDSA","mode":"keyVer","revision":"1.0","curve":["ED-25519"]}, + {"algorithm":"EDDSA","mode":"sigGen","revision":"1.0","pure":true,"preHash":true,"contextLength":[{"min":0,"max":255,"increment":1}],"curve":["ED-25519"]}, + {"algorithm":"EDDSA","mode":"sigVer","revision":"1.0","pure":true,"preHash":true,"curve":["ED-25519"]}, + + {"algorithm":"ECDSA","mode":"keyGen","revision":"FIPS186-5","curve":["P-224","P-256","P-384","P-521"],"secretGenerationMode":["testing candidates"]}, + {"algorithm":"ECDSA","mode":"keyVer","revision":"FIPS186-5","curve":["P-224","P-256","P-384","P-521"]}, + {"algorithm":"ECDSA","mode":"sigGen","revision":"FIPS186-5","capabilities":[{"curve":["P-224","P-256","P-384","P-521"],"hashAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"]}]}, + {"algorithm":"ECDSA","mode":"sigVer","revision":"FIPS186-5","capabilities":[{"curve":["P-224","P-256","P-384","P-521"],"hashAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"]}]}, + {"algorithm":"DetECDSA","mode":"sigGen","revision":"FIPS186-5","capabilities":[{"curve":["P-224","P-256","P-384","P-521"],"hashAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"]}]}, + + {"algorithm":"ACVP-AES-CBC","direction":["encrypt","decrypt"],"keyLen":[128,192,256],"revision":"1.0"}, + {"algorithm":"ACVP-AES-CTR","direction":["encrypt","decrypt"],"keyLen":[128,192,256],"payloadLen":[{"min":8,"max":128,"increment":8}],"incrementalCounter":true,"overflowCounter":true,"performCounterTests":true,"revision":"1.0"}, + {"algorithm":"ACVP-AES-GCM","direction":["encrypt","decrypt"],"keyLen":[128,192,256],"payloadLen":[{"min":0,"max":65536,"increment":8}],"aadLen":[{"min":0,"max":65536,"increment":8}],"tagLen":[96,104,112,120,128],"ivLen":[96],"ivGen":"external","revision":"1.0"}, + {"algorithm":"ACVP-AES-GCM","direction":["encrypt","decrypt"],"keyLen":[128,192,256],"payloadLen":[{"min":0,"max":65536,"increment":8}],"aadLen":[{"min":0,"max":65536,"increment":8}],"tagLen":[128],"ivLen":[96],"ivGen":"internal","ivGenMode":"8.2.2","revision":"1.0"}, + {"algorithm":"CMAC-AES","capabilities":[{"direction":["gen","ver"],"msgLen":[{"min":0,"max":524288,"increment":8}],"keyLen":[128,256],"macLen":[128]}],"revision":"1.0"}, + + {"algorithm":"TLS-v1.2","mode":"KDF","revision":"RFC7627","hashAlg":["SHA2-256","SHA2-384","SHA2-512"]}, + {"algorithm":"TLS-v1.3","mode":"KDF","revision":"RFC8446","hmacAlg":["SHA2-256","SHA2-384"],"runningMode":["DHE","PSK","PSK-DHE"]}, + {"algorithm":"kdf-components","mode":"ssh","revision":"1.0","hashAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512"],"cipher":["AES-128","AES-192","AES-256"]}, + + {"algorithm":"KAS-ECC-SSC","revision":"Sp800-56Ar3","scheme":{"ephemeralUnified":{"kasRole":["initiator","responder"]},"staticUnified":{"kasRole":["initiator","responder"]}},"domainParameterGenerationMethods":["P-224","P-256","P-384","P-521"]}, + + {"algorithm":"KDF","revision":"1.0","capabilities":[{"kdfMode":"counter","macMode":["CMAC-AES128","CMAC-AES192","CMAC-AES256"],"supportedLengths":[256],"fixedDataOrder":["before fixed data"],"counterLength":[16]},{"kdfMode":"feedback","macMode":["HMAC-SHA2-224","HMAC-SHA2-256","HMAC-SHA2-384","HMAC-SHA2-512","HMAC-SHA2-512/224","HMAC-SHA2-512/256","HMAC-SHA3-224","HMAC-SHA3-256","HMAC-SHA3-384","HMAC-SHA3-512"],"customKeyInLength":0,"supportedLengths":[{"min":8,"max":4096,"increment":8}],"fixedDataOrder":["after fixed data"],"counterLength":[8],"supportsEmptyIv":true,"requiresEmptyIv":true}]}, + + {"algorithm":"RSA","mode":"keyGen","revision":"FIPS186-5","infoGeneratedByServer":true,"pubExpMode":"fixed","fixedPubExp":"010001","keyFormat":"standard","capabilities":[{"randPQ":"probable","properties":[{"modulo":2048,"primeTest":["2powSecStr"]},{"modulo":3072,"primeTest":["2powSecStr"]},{"modulo":4096,"primeTest":["2powSecStr"]}]}]}, + {"algorithm":"RSA","mode":"sigGen","revision":"FIPS186-5","capabilities":[{"sigType":"pkcs1v1.5","properties":[{"modulo":2048,"hashPair":[{"hashAlg":"SHA2-224"},{"hashAlg":"SHA2-256"},{"hashAlg":"SHA2-384"},{"hashAlg":"SHA2-512"}]},{"modulo":3072,"hashPair":[{"hashAlg":"SHA2-224"},{"hashAlg":"SHA2-256"},{"hashAlg":"SHA2-384"},{"hashAlg":"SHA2-512"}]},{"modulo":4096,"hashPair":[{"hashAlg":"SHA2-224"},{"hashAlg":"SHA2-256"},{"hashAlg":"SHA2-384"},{"hashAlg":"SHA2-512"}]}]},{"sigType":"pss","properties":[{"maskFunction":["mgf1"],"modulo":2048,"hashPair":[{"hashAlg":"SHA2-224","saltLen":28},{"hashAlg":"SHA2-256","saltLen":32},{"hashAlg":"SHA2-384","saltLen":48},{"hashAlg":"SHA2-512","saltLen":64}]},{"maskFunction":["mgf1"],"modulo":3072,"hashPair":[{"hashAlg":"SHA2-224","saltLen":28},{"hashAlg":"SHA2-256","saltLen":32},{"hashAlg":"SHA2-384","saltLen":48},{"hashAlg":"SHA2-512","saltLen":64}]},{"maskFunction":["mgf1"],"modulo":4096,"hashPair":[{"hashAlg":"SHA2-224","saltLen":28},{"hashAlg":"SHA2-256","saltLen":32},{"hashAlg":"SHA2-384","saltLen":48},{"hashAlg":"SHA2-512","saltLen":64}]}]}]}, + {"algorithm":"RSA","mode":"sigVer","revision":"FIPS186-5","pubExpMode":"fixed","fixedPubExp":"010001","capabilities":[{"sigType":"pkcs1v1.5","properties":[{"modulo":2048,"hashPair":[{"hashAlg":"SHA2-224"},{"hashAlg":"SHA2-256"},{"hashAlg":"SHA2-384"},{"hashAlg":"SHA2-512"}]}]},{"sigType":"pkcs1v1.5","properties":[{"modulo":3072,"hashPair":[{"hashAlg":"SHA2-224"},{"hashAlg":"SHA2-256"},{"hashAlg":"SHA2-384"},{"hashAlg":"SHA2-512"}]}]},{"sigType":"pkcs1v1.5","properties":[{"modulo":4096,"hashPair":[{"hashAlg":"SHA2-224"},{"hashAlg":"SHA2-256"},{"hashAlg":"SHA2-384"},{"hashAlg":"SHA2-512"}]}]},{"sigType":"pss","properties":[{"maskFunction":["mgf1"],"modulo":2048,"hashPair":[{"hashAlg":"SHA2-224","saltLen":28},{"hashAlg":"SHA2-256","saltLen":32},{"hashAlg":"SHA2-384","saltLen":48},{"hashAlg":"SHA2-512","saltLen":64}]}]},{"sigType":"pss","properties":[{"maskFunction":["mgf1"],"modulo":3072,"hashPair":[{"hashAlg":"SHA2-224","saltLen":28},{"hashAlg":"SHA2-256","saltLen":32},{"hashAlg":"SHA2-384","saltLen":48},{"hashAlg":"SHA2-512","saltLen":64}]}]},{"sigType":"pss","properties":[{"maskFunction":["mgf1"],"modulo":4096,"hashPair":[{"hashAlg":"SHA2-224","saltLen":28},{"hashAlg":"SHA2-256","saltLen":32},{"hashAlg":"SHA2-384","saltLen":48},{"hashAlg":"SHA2-512","saltLen":64}]}]}]}, + + {"algorithm":"KTS-IFC","revision":"Sp800-56Br2","fixedPubExp":"010001","iutId":"C0FFEE","modulo":[2048,3072,4096],"keyGenerationMethods":["rsakpg1-basic"],"scheme":{"KTS-OAEP-basic":{"l":1024,"kasRole":["responder","initiator"],"ktsMethod":{"hashAlgs":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"],"supportsNullAssociatedData":true,"encoding":["concatenation"]}}}} +] diff --git a/src/crypto/internal/fips140test/acvp_capabilities_fips140v2.0.json b/src/crypto/internal/fips140test/acvp_capabilities_fips140v2.0.json deleted file mode 100644 index 33c8aa235b..0000000000 --- a/src/crypto/internal/fips140test/acvp_capabilities_fips140v2.0.json +++ /dev/null @@ -1,86 +0,0 @@ -[ - {"algorithm":"SHA2-224","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"1.0"}, - {"algorithm":"SHA2-256","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"1.0"}, - {"algorithm":"SHA2-384","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"1.0"}, - {"algorithm":"SHA2-512","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"1.0"}, - {"algorithm":"SHA2-512/224","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"1.0"}, - {"algorithm":"SHA2-512/256","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"1.0"}, - - {"algorithm":"SHA3-224","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"2.0"}, - {"algorithm":"SHA3-256","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"2.0"}, - {"algorithm":"SHA3-384","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"2.0"}, - {"algorithm":"SHA3-512","messageLength":[{"increment":8,"max":65528,"min":0}],"revision":"2.0"}, - - {"algorithm":"SHAKE-128","inBit":false,"outBit":false,"inEmpty":true,"outputLen":[{"min":16,"max":65536,"increment":8}],"revision":"1.0"}, - {"algorithm":"SHAKE-256","inBit":false,"outBit":false,"inEmpty":true,"outputLen":[{"min":16,"max":65536,"increment":8}],"revision":"1.0"}, - {"algorithm":"cSHAKE-128","hexCustomization":false,"outputLen":[{"min":16,"max":65536,"increment":8}],"msgLen":[{"min":0,"max":65536,"increment":8}],"revision":"1.0"}, - {"algorithm":"cSHAKE-256","hexCustomization":false,"outputLen":[{"min":16,"max":65536,"increment":8}],"msgLen":[{"min":0,"max":65536,"increment":8}],"revision":"1.0"}, - - {"algorithm":"HMAC-SHA2-224","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[224],"revision":"1.0"}, - {"algorithm":"HMAC-SHA2-256","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[256],"revision":"1.0"}, - {"algorithm":"HMAC-SHA2-384","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[384],"revision":"1.0"}, - {"algorithm":"HMAC-SHA2-512","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[512],"revision":"1.0"}, - {"algorithm":"HMAC-SHA2-512/224","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[224],"revision":"1.0"}, - {"algorithm":"HMAC-SHA2-512/256","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[256],"revision":"1.0"}, - - {"algorithm":"HMAC-SHA3-224","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[224],"revision":"1.0"}, - {"algorithm":"HMAC-SHA3-256","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[256],"revision":"1.0"}, - {"algorithm":"HMAC-SHA3-384","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[384],"revision":"1.0"}, - {"algorithm":"HMAC-SHA3-512","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[512],"revision":"1.0"}, - - {"algorithm":"KDA","mode":"HKDF","revision":"Sp800-56Cr1","fixedInfoPattern":"uPartyInfo||vPartyInfo","encoding":["concatenation"],"hmacAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"],"macSaltMethods":["default","random"],"l":2048,"z":[{"min":224,"max":65336,"increment":8}]}, - {"algorithm":"KDA","mode":"OneStepNoCounter","revision":"Sp800-56Cr2","auxFunctions":[{"auxFunctionName":"HMAC-SHA2-224","l":224,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-256","l":256,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-384","l":384,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-512","l":512,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-512/224","l":224,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-512/256","l":256,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA3-224","l":224,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA3-256","l":256,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA3-384","l":384,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA3-512","l":512,"macSaltMethods":["default","random"]}],"fixedInfoPattern":"uPartyInfo||vPartyInfo","encoding":["concatenation"],"z":[{"min":224,"max":65336,"increment":8}]}, - - {"algorithm":"PBKDF","capabilities":[{"iterationCount":[{"min":1,"max":10000,"increment":1}],"keyLen":[{"min":112,"max":4096,"increment":8}],"passwordLen":[{"min":8,"max":64,"increment":1}],"saltLen":[{"min":128,"max":512,"increment":8}],"hmacAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"]}],"revision":"1.0"}, - - {"algorithm":"ML-KEM","mode":"keyGen","revision":"FIPS203","parameterSets":["ML-KEM-768","ML-KEM-1024"]}, - {"algorithm":"ML-KEM","mode":"encapDecap","revision":"FIPS203","parameterSets":["ML-KEM-768","ML-KEM-1024"],"functions":["encapsulation","decapsulation"]}, - - {"algorithm":"ML-DSA","mode":"keyGen","revision":"FIPS204","parameterSets":["ML-DSA-44","ML-DSA-65","ML-DSA-87"]}, - {"algorithm":"ML-DSA","mode":"sigGen","revision":"FIPS204","signatureInterfaces":["internal","external"],"preHash":["pure"],"deterministic":[true,false],"externalMu":[true],"capabilities":[{"parameterSets":["ML-DSA-44","ML-DSA-65","ML-DSA-87"],"messageLength":[{"min":8,"max":65536,"increment":8}],"contextLength":[{"min":0,"max":2040,"increment":8}]}]}, - {"algorithm":"ML-DSA","mode":"sigVer","revision":"FIPS204","signatureInterfaces":["internal","external"],"externalMu":[true],"preHash":["pure"],"capabilities":[{"parameterSets":["ML-DSA-44","ML-DSA-65","ML-DSA-87"],"messageLength":[{"min":8,"max":65536,"increment":8}],"contextLength":[{"min":0,"max":2040,"increment":8}]}]}, - - {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA2-224","derFuncEnabled":false,"entropyInputLen":[192],"nonceLen":[96],"persoStringLen":[192],"additionalInputLen":[0],"returnedBitsLen":224}]}, - {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA2-256","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":256}]}, - {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA2-384","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":384}]}, - {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA2-512","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":512}]}, - {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA2-512/224","derFuncEnabled":false,"entropyInputLen":[192],"nonceLen":[96],"persoStringLen":[192],"additionalInputLen":[0],"returnedBitsLen":224}]}, - {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA2-512/256","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":256}]}, - {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA3-224","derFuncEnabled":false,"entropyInputLen":[192],"nonceLen":[96],"persoStringLen":[192],"additionalInputLen":[0],"returnedBitsLen":224}]}, - {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA3-256","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":256}]}, - {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA3-384","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":384}]}, - {"algorithm":"hmacDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":false,"capabilities":[{"mode":"SHA3-512","derFuncEnabled":false,"entropyInputLen":[256],"nonceLen":[128],"persoStringLen":[256],"additionalInputLen":[0],"returnedBitsLen":512}]}, - - {"algorithm":"ctrDRBG","revision":"1.0","predResistanceEnabled":[false],"reseedImplemented":true,"capabilities":[{"mode":"AES-256","derFuncEnabled":false,"entropyInputLen":[384],"nonceLen":[0],"persoStringLen":[0],"additionalInputLen":[384],"returnedBitsLen":128}]}, - - {"algorithm":"EDDSA","mode":"keyGen","revision":"1.0","curve":["ED-25519"]}, - {"algorithm":"EDDSA","mode":"keyVer","revision":"1.0","curve":["ED-25519"]}, - {"algorithm":"EDDSA","mode":"sigGen","revision":"1.0","pure":true,"preHash":true,"contextLength":[{"min":0,"max":255,"increment":1}],"curve":["ED-25519"]}, - {"algorithm":"EDDSA","mode":"sigVer","revision":"1.0","pure":true,"preHash":true,"curve":["ED-25519"]}, - - {"algorithm":"ECDSA","mode":"keyGen","revision":"FIPS186-5","curve":["P-224","P-256","P-384","P-521"],"secretGenerationMode":["testing candidates"]}, - {"algorithm":"ECDSA","mode":"keyVer","revision":"FIPS186-5","curve":["P-224","P-256","P-384","P-521"]}, - {"algorithm":"ECDSA","mode":"sigGen","revision":"FIPS186-5","capabilities":[{"curve":["P-224","P-256","P-384","P-521"],"hashAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"]}]}, - {"algorithm":"ECDSA","mode":"sigVer","revision":"FIPS186-5","capabilities":[{"curve":["P-224","P-256","P-384","P-521"],"hashAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"]}]}, - {"algorithm":"DetECDSA","mode":"sigGen","revision":"FIPS186-5","capabilities":[{"curve":["P-224","P-256","P-384","P-521"],"hashAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"]}]}, - - {"algorithm":"ACVP-AES-CBC","direction":["encrypt","decrypt"],"keyLen":[128,192,256],"revision":"1.0"}, - {"algorithm":"ACVP-AES-CTR","direction":["encrypt","decrypt"],"keyLen":[128,192,256],"payloadLen":[{"min":8,"max":128,"increment":8}],"incrementalCounter":true,"overflowCounter":true,"performCounterTests":true,"revision":"1.0"}, - {"algorithm":"ACVP-AES-GCM","direction":["encrypt","decrypt"],"keyLen":[128,192,256],"payloadLen":[{"min":0,"max":65536,"increment":8}],"aadLen":[{"min":0,"max":65536,"increment":8}],"tagLen":[96,104,112,120,128],"ivLen":[96],"ivGen":"external","revision":"1.0"}, - {"algorithm":"ACVP-AES-GCM","direction":["encrypt","decrypt"],"keyLen":[128,192,256],"payloadLen":[{"min":0,"max":65536,"increment":8}],"aadLen":[{"min":0,"max":65536,"increment":8}],"tagLen":[128],"ivLen":[96],"ivGen":"internal","ivGenMode":"8.2.2","revision":"1.0"}, - {"algorithm":"CMAC-AES","capabilities":[{"direction":["gen","ver"],"msgLen":[{"min":0,"max":524288,"increment":8}],"keyLen":[128,256],"macLen":[128]}],"revision":"1.0"}, - - {"algorithm":"TLS-v1.2","mode":"KDF","revision":"RFC7627","hashAlg":["SHA2-256","SHA2-384","SHA2-512"]}, - {"algorithm":"TLS-v1.3","mode":"KDF","revision":"RFC8446","hmacAlg":["SHA2-256","SHA2-384"],"runningMode":["DHE","PSK","PSK-DHE"]}, - {"algorithm":"kdf-components","mode":"ssh","revision":"1.0","hashAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512"],"cipher":["AES-128","AES-192","AES-256"]}, - - {"algorithm":"KAS-ECC-SSC","revision":"Sp800-56Ar3","scheme":{"ephemeralUnified":{"kasRole":["initiator","responder"]},"staticUnified":{"kasRole":["initiator","responder"]}},"domainParameterGenerationMethods":["P-224","P-256","P-384","P-521"]}, - - {"algorithm":"KDF","revision":"1.0","capabilities":[{"kdfMode":"counter","macMode":["CMAC-AES128","CMAC-AES192","CMAC-AES256"],"supportedLengths":[256],"fixedDataOrder":["before fixed data"],"counterLength":[16]},{"kdfMode":"feedback","macMode":["HMAC-SHA2-224","HMAC-SHA2-256","HMAC-SHA2-384","HMAC-SHA2-512","HMAC-SHA2-512/224","HMAC-SHA2-512/256","HMAC-SHA3-224","HMAC-SHA3-256","HMAC-SHA3-384","HMAC-SHA3-512"],"customKeyInLength":0,"supportedLengths":[{"min":8,"max":4096,"increment":8}],"fixedDataOrder":["after fixed data"],"counterLength":[8],"supportsEmptyIv":true,"requiresEmptyIv":true}]}, - - {"algorithm":"RSA","mode":"keyGen","revision":"FIPS186-5","infoGeneratedByServer":true,"pubExpMode":"fixed","fixedPubExp":"010001","keyFormat":"standard","capabilities":[{"randPQ":"probable","properties":[{"modulo":2048,"primeTest":["2powSecStr"]},{"modulo":3072,"primeTest":["2powSecStr"]},{"modulo":4096,"primeTest":["2powSecStr"]}]}]}, - {"algorithm":"RSA","mode":"sigGen","revision":"FIPS186-5","capabilities":[{"sigType":"pkcs1v1.5","properties":[{"modulo":2048,"hashPair":[{"hashAlg":"SHA2-224"},{"hashAlg":"SHA2-256"},{"hashAlg":"SHA2-384"},{"hashAlg":"SHA2-512"}]},{"modulo":3072,"hashPair":[{"hashAlg":"SHA2-224"},{"hashAlg":"SHA2-256"},{"hashAlg":"SHA2-384"},{"hashAlg":"SHA2-512"}]},{"modulo":4096,"hashPair":[{"hashAlg":"SHA2-224"},{"hashAlg":"SHA2-256"},{"hashAlg":"SHA2-384"},{"hashAlg":"SHA2-512"}]}]},{"sigType":"pss","properties":[{"maskFunction":["mgf1"],"modulo":2048,"hashPair":[{"hashAlg":"SHA2-224","saltLen":28},{"hashAlg":"SHA2-256","saltLen":32},{"hashAlg":"SHA2-384","saltLen":48},{"hashAlg":"SHA2-512","saltLen":64}]},{"maskFunction":["mgf1"],"modulo":3072,"hashPair":[{"hashAlg":"SHA2-224","saltLen":28},{"hashAlg":"SHA2-256","saltLen":32},{"hashAlg":"SHA2-384","saltLen":48},{"hashAlg":"SHA2-512","saltLen":64}]},{"maskFunction":["mgf1"],"modulo":4096,"hashPair":[{"hashAlg":"SHA2-224","saltLen":28},{"hashAlg":"SHA2-256","saltLen":32},{"hashAlg":"SHA2-384","saltLen":48},{"hashAlg":"SHA2-512","saltLen":64}]}]}]}, - {"algorithm":"RSA","mode":"sigVer","revision":"FIPS186-5","pubExpMode":"fixed","fixedPubExp":"010001","capabilities":[{"sigType":"pkcs1v1.5","properties":[{"modulo":2048,"hashPair":[{"hashAlg":"SHA2-224"},{"hashAlg":"SHA2-256"},{"hashAlg":"SHA2-384"},{"hashAlg":"SHA2-512"}]}]},{"sigType":"pkcs1v1.5","properties":[{"modulo":3072,"hashPair":[{"hashAlg":"SHA2-224"},{"hashAlg":"SHA2-256"},{"hashAlg":"SHA2-384"},{"hashAlg":"SHA2-512"}]}]},{"sigType":"pkcs1v1.5","properties":[{"modulo":4096,"hashPair":[{"hashAlg":"SHA2-224"},{"hashAlg":"SHA2-256"},{"hashAlg":"SHA2-384"},{"hashAlg":"SHA2-512"}]}]},{"sigType":"pss","properties":[{"maskFunction":["mgf1"],"modulo":2048,"hashPair":[{"hashAlg":"SHA2-224","saltLen":28},{"hashAlg":"SHA2-256","saltLen":32},{"hashAlg":"SHA2-384","saltLen":48},{"hashAlg":"SHA2-512","saltLen":64}]}]},{"sigType":"pss","properties":[{"maskFunction":["mgf1"],"modulo":3072,"hashPair":[{"hashAlg":"SHA2-224","saltLen":28},{"hashAlg":"SHA2-256","saltLen":32},{"hashAlg":"SHA2-384","saltLen":48},{"hashAlg":"SHA2-512","saltLen":64}]}]},{"sigType":"pss","properties":[{"maskFunction":["mgf1"],"modulo":4096,"hashPair":[{"hashAlg":"SHA2-224","saltLen":28},{"hashAlg":"SHA2-256","saltLen":32},{"hashAlg":"SHA2-384","saltLen":48},{"hashAlg":"SHA2-512","saltLen":64}]}]}]}, - - {"algorithm":"KTS-IFC","revision":"Sp800-56Br2","fixedPubExp":"010001","iutId":"C0FFEE","modulo":[2048,3072,4096],"keyGenerationMethods":["rsakpg1-basic"],"scheme":{"KTS-OAEP-basic":{"l":1024,"kasRole":["responder","initiator"],"ktsMethod":{"hashAlgs":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"],"supportsNullAssociatedData":true,"encoding":["concatenation"]}}}} -] diff --git a/src/crypto/internal/fips140test/acvp_fips140v1.26_test.go b/src/crypto/internal/fips140test/acvp_fips140v1.26_test.go new file mode 100644 index 0000000000..10a44f1492 --- /dev/null +++ b/src/crypto/internal/fips140test/acvp_fips140v1.26_test.go @@ -0,0 +1,126 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !fips140v1.0 + +package fipstest + +import ( + "crypto/internal/fips140/mldsa" + _ "embed" + "fmt" +) + +//go:embed acvp_capabilities_fips140v1.26.json +var capabilitiesJson []byte + +var testConfigFile = "acvp_test_fips140v1.26.config.json" + +func init() { + commands["ML-DSA-44/keyGen"] = cmdMlDsaKeyGenAft(mldsa.NewPrivateKey44) + commands["ML-DSA-65/keyGen"] = cmdMlDsaKeyGenAft(mldsa.NewPrivateKey65) + commands["ML-DSA-87/keyGen"] = cmdMlDsaKeyGenAft(mldsa.NewPrivateKey87) + commands["ML-DSA-44/sigGen"] = cmdMlDsaSigGenAft() + commands["ML-DSA-65/sigGen"] = cmdMlDsaSigGenAft() + commands["ML-DSA-87/sigGen"] = cmdMlDsaSigGenAft() + commands["ML-DSA-44/sigVer"] = cmdMlDsaSigVerAft(mldsa.NewPublicKey44) + commands["ML-DSA-65/sigVer"] = cmdMlDsaSigVerAft(mldsa.NewPublicKey65) + commands["ML-DSA-87/sigVer"] = cmdMlDsaSigVerAft(mldsa.NewPublicKey87) +} + +func cmdMlDsaKeyGenAft(keyGen func([]byte) (*mldsa.PrivateKey, error)) command { + return command{ + requiredArgs: 1, // Seed + handler: func(args [][]byte) ([][]byte, error) { + seed := args[0] + + sk, err := keyGen(seed) + if err != nil { + return nil, fmt.Errorf("generating ML-DSA 44 private key: %w", err) + } + + // Important: we must return the full encoding of sk, not the seed. + return [][]byte{sk.PublicKey().Bytes(), mldsa.TestingOnlyPrivateKeySemiExpandedBytes(sk)}, nil + }, + } +} + +func cmdMlDsaSigGenAft() command { + return command{ + requiredArgs: 5, // secret key, message, randomizer, mu, context + handler: func(args [][]byte) ([][]byte, error) { + skSmiExpanded := args[0] + message := args[1] // Optional, exclusive with mu + randomizer := args[2] // Optional + context := string(args[3]) // Optional + mu := args[4] // Optional, exclusive with message + + sk, err := mldsa.TestingOnlyNewPrivateKeyFromSemiExpanded(skSmiExpanded) + if err != nil { + return nil, fmt.Errorf("making ML-DSA private key from semi-expanded form: %w", err) + } + + haveMessage := len(message) != 0 + haveRandomizer := len(randomizer) != 0 + haveMu := len(mu) != 0 + + var sig []byte + if haveMessage && !haveRandomizer && !haveMu { + sig, err = mldsa.SignDeterministic(sk, message, context) + } else if haveMessage && haveRandomizer && !haveMu { + sig, err = mldsa.TestingOnlySignWithRandom(sk, message, context, randomizer) + } else if !haveMessage && !haveRandomizer && haveMu { + sig, err = mldsa.SignExternalMuDeterministic(sk, mu) + } else if !haveMessage && haveRandomizer && haveMu { + sig, err = mldsa.TestingOnlySignExternalMuWithRandom(sk, mu, randomizer) + } else { + return nil, fmt.Errorf( + "unsupported ML-DSA sigGen args: have message=%v have randomizer=%v haveMu=%v haveContext=%v", + haveMessage, haveRandomizer, haveMu, len(context) != 0) + } + + if err != nil { + return nil, fmt.Errorf("creating deterministic ML-DSA signature: %w", err) + } + + return [][]byte{sig}, nil + }, + } +} + +func cmdMlDsaSigVerAft(pubKey func([]byte) (*mldsa.PublicKey, error)) command { + return command{ + requiredArgs: 5, // public key, message, signature, context, mu + handler: func(args [][]byte) ([][]byte, error) { + pkRaw := args[0] + message := args[1] // Optional, exclusive with mu + signature := args[2] + context := string(args[3]) // Optional + mu := args[4] // Optional, exclusive with message + + pk, err := pubKey(pkRaw) + if err != nil { + return nil, fmt.Errorf("loading ML-DSA public key: %w", err) + } + + haveMessage := len(message) != 0 + haveMu := len(mu) != 0 + if haveMessage && !haveMu { + err = mldsa.Verify(pk, message, signature, context) + } else if !haveMessage && haveMu { + err = mldsa.VerifyExternalMu(pk, mu, signature) + } else { + return nil, fmt.Errorf( + "unsupported ML-DSA sigVer args: have message=%v haveMu=%v haveContext=%v", + haveMessage, haveMu, len(context) != 0) + } + + if err != nil { + return [][]byte{{0}}, nil + } + + return [][]byte{{1}}, nil + }, + } +} diff --git a/src/crypto/internal/fips140test/acvp_fips140v2.0_test.go b/src/crypto/internal/fips140test/acvp_fips140v2.0_test.go deleted file mode 100644 index e9ef91537a..0000000000 --- a/src/crypto/internal/fips140test/acvp_fips140v2.0_test.go +++ /dev/null @@ -1,126 +0,0 @@ -// Copyright 2025 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !fips140v1.0 - -package fipstest - -import ( - "crypto/internal/fips140/mldsa" - _ "embed" - "fmt" -) - -//go:embed acvp_capabilities_fips140v2.0.json -var capabilitiesJson []byte - -var testConfigFile = "acvp_test_fips140v2.0.config.json" - -func init() { - commands["ML-DSA-44/keyGen"] = cmdMlDsaKeyGenAft(mldsa.NewPrivateKey44) - commands["ML-DSA-65/keyGen"] = cmdMlDsaKeyGenAft(mldsa.NewPrivateKey65) - commands["ML-DSA-87/keyGen"] = cmdMlDsaKeyGenAft(mldsa.NewPrivateKey87) - commands["ML-DSA-44/sigGen"] = cmdMlDsaSigGenAft() - commands["ML-DSA-65/sigGen"] = cmdMlDsaSigGenAft() - commands["ML-DSA-87/sigGen"] = cmdMlDsaSigGenAft() - commands["ML-DSA-44/sigVer"] = cmdMlDsaSigVerAft(mldsa.NewPublicKey44) - commands["ML-DSA-65/sigVer"] = cmdMlDsaSigVerAft(mldsa.NewPublicKey65) - commands["ML-DSA-87/sigVer"] = cmdMlDsaSigVerAft(mldsa.NewPublicKey87) -} - -func cmdMlDsaKeyGenAft(keyGen func([]byte) (*mldsa.PrivateKey, error)) command { - return command{ - requiredArgs: 1, // Seed - handler: func(args [][]byte) ([][]byte, error) { - seed := args[0] - - sk, err := keyGen(seed) - if err != nil { - return nil, fmt.Errorf("generating ML-DSA 44 private key: %w", err) - } - - // Important: we must return the full encoding of sk, not the seed. - return [][]byte{sk.PublicKey().Bytes(), mldsa.TestingOnlyPrivateKeySemiExpandedBytes(sk)}, nil - }, - } -} - -func cmdMlDsaSigGenAft() command { - return command{ - requiredArgs: 5, // secret key, message, randomizer, mu, context - handler: func(args [][]byte) ([][]byte, error) { - skSmiExpanded := args[0] - message := args[1] // Optional, exclusive with mu - randomizer := args[2] // Optional - context := string(args[3]) // Optional - mu := args[4] // Optional, exclusive with message - - sk, err := mldsa.TestingOnlyNewPrivateKeyFromSemiExpanded(skSmiExpanded) - if err != nil { - return nil, fmt.Errorf("making ML-DSA private key from semi-expanded form: %w", err) - } - - haveMessage := len(message) != 0 - haveRandomizer := len(randomizer) != 0 - haveMu := len(mu) != 0 - - var sig []byte - if haveMessage && !haveRandomizer && !haveMu { - sig, err = mldsa.SignDeterministic(sk, message, context) - } else if haveMessage && haveRandomizer && !haveMu { - sig, err = mldsa.TestingOnlySignWithRandom(sk, message, context, randomizer) - } else if !haveMessage && !haveRandomizer && haveMu { - sig, err = mldsa.SignExternalMuDeterministic(sk, mu) - } else if !haveMessage && haveRandomizer && haveMu { - sig, err = mldsa.TestingOnlySignExternalMuWithRandom(sk, mu, randomizer) - } else { - return nil, fmt.Errorf( - "unsupported ML-DSA sigGen args: have message=%v have randomizer=%v haveMu=%v haveContext=%v", - haveMessage, haveRandomizer, haveMu, len(context) != 0) - } - - if err != nil { - return nil, fmt.Errorf("creating deterministic ML-DSA signature: %w", err) - } - - return [][]byte{sig}, nil - }, - } -} - -func cmdMlDsaSigVerAft(pubKey func([]byte) (*mldsa.PublicKey, error)) command { - return command{ - requiredArgs: 5, // public key, message, signature, context, mu - handler: func(args [][]byte) ([][]byte, error) { - pkRaw := args[0] - message := args[1] // Optional, exclusive with mu - signature := args[2] - context := string(args[3]) // Optional - mu := args[4] // Optional, exclusive with message - - pk, err := pubKey(pkRaw) - if err != nil { - return nil, fmt.Errorf("loading ML-DSA public key: %w", err) - } - - haveMessage := len(message) != 0 - haveMu := len(mu) != 0 - if haveMessage && !haveMu { - err = mldsa.Verify(pk, message, signature, context) - } else if !haveMessage && haveMu { - err = mldsa.VerifyExternalMu(pk, mu, signature) - } else { - return nil, fmt.Errorf( - "unsupported ML-DSA sigVer args: have message=%v haveMu=%v haveContext=%v", - haveMessage, haveMu, len(context) != 0) - } - - if err != nil { - return [][]byte{{0}}, nil - } - - return [][]byte{{1}}, nil - }, - } -} diff --git a/src/crypto/internal/fips140test/acvp_test_fips140v1.26.config.json b/src/crypto/internal/fips140test/acvp_test_fips140v1.26.config.json new file mode 100644 index 0000000000..51c76d9288 --- /dev/null +++ b/src/crypto/internal/fips140test/acvp_test_fips140v1.26.config.json @@ -0,0 +1,58 @@ +[ + {"Wrapper": "go", "In": "vectors/SHA2-224.bz2", "Out": "expected/SHA2-224.bz2"}, + {"Wrapper": "go", "In": "vectors/SHA2-256.bz2", "Out": "expected/SHA2-256.bz2"}, + {"Wrapper": "go", "In": "vectors/SHA2-384.bz2", "Out": "expected/SHA2-384.bz2"}, + {"Wrapper": "go", "In": "vectors/SHA2-512.bz2", "Out": "expected/SHA2-512.bz2"}, + {"Wrapper": "go", "In": "vectors/SHA2-512-224.bz2", "Out": "expected/SHA2-512-224.bz2"}, + {"Wrapper": "go", "In": "vectors/SHA2-512-256.bz2", "Out": "expected/SHA2-512-256.bz2"}, + + {"Wrapper": "go", "In": "vectors/SHA3-224.bz2", "Out": "expected/SHA3-224.bz2"}, + {"Wrapper": "go", "In": "vectors/SHA3-256.bz2", "Out": "expected/SHA3-256.bz2"}, + {"Wrapper": "go", "In": "vectors/SHA3-384.bz2", "Out": "expected/SHA3-384.bz2"}, + {"Wrapper": "go", "In": "vectors/SHA3-512.bz2", "Out": "expected/SHA3-512.bz2"}, + + {"Wrapper": "go", "In": "vectors/SHAKE-128.bz2", "Out": "expected/SHAKE-128.bz2"}, + {"Wrapper": "go", "In": "vectors/SHAKE-256.bz2", "Out": "expected/SHAKE-256.bz2"}, + {"Wrapper": "go", "In": "vectors/cSHAKE-128.bz2", "Out": "expected/cSHAKE-128.bz2"}, + {"Wrapper": "go", "In": "vectors/cSHAKE-256.bz2", "Out": "expected/cSHAKE-256.bz2"}, + + {"Wrapper": "go", "In": "vectors/HMAC-SHA2-224.bz2", "Out": "expected/HMAC-SHA2-224.bz2"}, + {"Wrapper": "go", "In": "vectors/HMAC-SHA2-256.bz2", "Out": "expected/HMAC-SHA2-256.bz2"}, + {"Wrapper": "go", "In": "vectors/HMAC-SHA2-384.bz2", "Out": "expected/HMAC-SHA2-384.bz2"}, + {"Wrapper": "go", "In": "vectors/HMAC-SHA2-512.bz2", "Out": "expected/HMAC-SHA2-512.bz2"}, + {"Wrapper": "go", "In": "vectors/HMAC-SHA2-512-224.bz2", "Out": "expected/HMAC-SHA2-512-224.bz2"}, + {"Wrapper": "go", "In": "vectors/HMAC-SHA2-512-256.bz2", "Out": "expected/HMAC-SHA2-512-256.bz2"}, + + {"Wrapper": "go", "In": "vectors/KDA.bz2", "Out": "expected/KDA.bz2"}, + + {"Wrapper": "go", "In": "vectors/HMAC-SHA3-224.bz2", "Out": "expected/HMAC-SHA3-224.bz2"}, + {"Wrapper": "go", "In": "vectors/HMAC-SHA3-256.bz2", "Out": "expected/HMAC-SHA3-256.bz2"}, + {"Wrapper": "go", "In": "vectors/HMAC-SHA3-384.bz2", "Out": "expected/HMAC-SHA3-384.bz2"}, + {"Wrapper": "go", "In": "vectors/HMAC-SHA3-512.bz2", "Out": "expected/HMAC-SHA3-512.bz2"}, + + {"Wrapper": "go", "In": "vectors/PBKDF.bz2", "Out": "expected/PBKDF.bz2"}, + + {"Wrapper": "go", "In": "vectors/ML-KEM.bz2", "Out": "expected/ML-KEM.bz2"}, + {"Wrapper": "go", "In": "vectors/ML-DSA.bz2", "Out": "expected/ML-DSA.bz2"}, + + {"Wrapper": "go", "In": "vectors/hmacDRBG.bz2", "Out": "expected/hmacDRBG.bz2"}, + + {"Wrapper": "go", "In": "vectors/ctrDRBG.bz2", "Out": "expected/ctrDRBG.bz2"}, + + {"Wrapper": "go", "In": "vectors/EDDSA.bz2", "Out": "expected/EDDSA.bz2"}, + + {"Wrapper": "go", "In": "vectors/ECDSA.bz2", "Out": "expected/ECDSA.bz2"}, + + {"Wrapper": "go", "In": "vectors/ACVP-AES-CBC.bz2", "Out": "expected/ACVP-AES-CBC.bz2"}, + {"Wrapper": "go", "In": "vectors/ACVP-AES-CTR.bz2", "Out": "expected/ACVP-AES-CTR.bz2"}, + {"Wrapper": "go", "In": "vectors/ACVP-AES-GCM.bz2", "Out": "expected/ACVP-AES-GCM.bz2"}, + + {"Wrapper": "go", "In": "vectors/CMAC-AES.bz2", "Out": "expected/CMAC-AES.bz2"}, + + {"Wrapper": "go", "In": "vectors/TLS-v1.2.bz2", "Out": "expected/TLS-v1.2.bz2"}, + {"Wrapper": "go", "In": "vectors/TLS-v1.3.bz2", "Out": "expected/TLS-v1.3.bz2"}, + + {"Wrapper": "go", "In": "vectors/kdf-components.bz2", "Out": "expected/kdf-components.bz2"}, + + {"Wrapper": "go", "In": "vectors/RSA.bz2", "Out": "expected/RSA.bz2"} +] diff --git a/src/crypto/internal/fips140test/acvp_test_fips140v2.0.config.json b/src/crypto/internal/fips140test/acvp_test_fips140v2.0.config.json deleted file mode 100644 index 51c76d9288..0000000000 --- a/src/crypto/internal/fips140test/acvp_test_fips140v2.0.config.json +++ /dev/null @@ -1,58 +0,0 @@ -[ - {"Wrapper": "go", "In": "vectors/SHA2-224.bz2", "Out": "expected/SHA2-224.bz2"}, - {"Wrapper": "go", "In": "vectors/SHA2-256.bz2", "Out": "expected/SHA2-256.bz2"}, - {"Wrapper": "go", "In": "vectors/SHA2-384.bz2", "Out": "expected/SHA2-384.bz2"}, - {"Wrapper": "go", "In": "vectors/SHA2-512.bz2", "Out": "expected/SHA2-512.bz2"}, - {"Wrapper": "go", "In": "vectors/SHA2-512-224.bz2", "Out": "expected/SHA2-512-224.bz2"}, - {"Wrapper": "go", "In": "vectors/SHA2-512-256.bz2", "Out": "expected/SHA2-512-256.bz2"}, - - {"Wrapper": "go", "In": "vectors/SHA3-224.bz2", "Out": "expected/SHA3-224.bz2"}, - {"Wrapper": "go", "In": "vectors/SHA3-256.bz2", "Out": "expected/SHA3-256.bz2"}, - {"Wrapper": "go", "In": "vectors/SHA3-384.bz2", "Out": "expected/SHA3-384.bz2"}, - {"Wrapper": "go", "In": "vectors/SHA3-512.bz2", "Out": "expected/SHA3-512.bz2"}, - - {"Wrapper": "go", "In": "vectors/SHAKE-128.bz2", "Out": "expected/SHAKE-128.bz2"}, - {"Wrapper": "go", "In": "vectors/SHAKE-256.bz2", "Out": "expected/SHAKE-256.bz2"}, - {"Wrapper": "go", "In": "vectors/cSHAKE-128.bz2", "Out": "expected/cSHAKE-128.bz2"}, - {"Wrapper": "go", "In": "vectors/cSHAKE-256.bz2", "Out": "expected/cSHAKE-256.bz2"}, - - {"Wrapper": "go", "In": "vectors/HMAC-SHA2-224.bz2", "Out": "expected/HMAC-SHA2-224.bz2"}, - {"Wrapper": "go", "In": "vectors/HMAC-SHA2-256.bz2", "Out": "expected/HMAC-SHA2-256.bz2"}, - {"Wrapper": "go", "In": "vectors/HMAC-SHA2-384.bz2", "Out": "expected/HMAC-SHA2-384.bz2"}, - {"Wrapper": "go", "In": "vectors/HMAC-SHA2-512.bz2", "Out": "expected/HMAC-SHA2-512.bz2"}, - {"Wrapper": "go", "In": "vectors/HMAC-SHA2-512-224.bz2", "Out": "expected/HMAC-SHA2-512-224.bz2"}, - {"Wrapper": "go", "In": "vectors/HMAC-SHA2-512-256.bz2", "Out": "expected/HMAC-SHA2-512-256.bz2"}, - - {"Wrapper": "go", "In": "vectors/KDA.bz2", "Out": "expected/KDA.bz2"}, - - {"Wrapper": "go", "In": "vectors/HMAC-SHA3-224.bz2", "Out": "expected/HMAC-SHA3-224.bz2"}, - {"Wrapper": "go", "In": "vectors/HMAC-SHA3-256.bz2", "Out": "expected/HMAC-SHA3-256.bz2"}, - {"Wrapper": "go", "In": "vectors/HMAC-SHA3-384.bz2", "Out": "expected/HMAC-SHA3-384.bz2"}, - {"Wrapper": "go", "In": "vectors/HMAC-SHA3-512.bz2", "Out": "expected/HMAC-SHA3-512.bz2"}, - - {"Wrapper": "go", "In": "vectors/PBKDF.bz2", "Out": "expected/PBKDF.bz2"}, - - {"Wrapper": "go", "In": "vectors/ML-KEM.bz2", "Out": "expected/ML-KEM.bz2"}, - {"Wrapper": "go", "In": "vectors/ML-DSA.bz2", "Out": "expected/ML-DSA.bz2"}, - - {"Wrapper": "go", "In": "vectors/hmacDRBG.bz2", "Out": "expected/hmacDRBG.bz2"}, - - {"Wrapper": "go", "In": "vectors/ctrDRBG.bz2", "Out": "expected/ctrDRBG.bz2"}, - - {"Wrapper": "go", "In": "vectors/EDDSA.bz2", "Out": "expected/EDDSA.bz2"}, - - {"Wrapper": "go", "In": "vectors/ECDSA.bz2", "Out": "expected/ECDSA.bz2"}, - - {"Wrapper": "go", "In": "vectors/ACVP-AES-CBC.bz2", "Out": "expected/ACVP-AES-CBC.bz2"}, - {"Wrapper": "go", "In": "vectors/ACVP-AES-CTR.bz2", "Out": "expected/ACVP-AES-CTR.bz2"}, - {"Wrapper": "go", "In": "vectors/ACVP-AES-GCM.bz2", "Out": "expected/ACVP-AES-GCM.bz2"}, - - {"Wrapper": "go", "In": "vectors/CMAC-AES.bz2", "Out": "expected/CMAC-AES.bz2"}, - - {"Wrapper": "go", "In": "vectors/TLS-v1.2.bz2", "Out": "expected/TLS-v1.2.bz2"}, - {"Wrapper": "go", "In": "vectors/TLS-v1.3.bz2", "Out": "expected/TLS-v1.3.bz2"}, - - {"Wrapper": "go", "In": "vectors/kdf-components.bz2", "Out": "expected/kdf-components.bz2"}, - - {"Wrapper": "go", "In": "vectors/RSA.bz2", "Out": "expected/RSA.bz2"} -] diff --git a/src/crypto/internal/fips140test/cast_fips140v1.0_test.go b/src/crypto/internal/fips140test/cast_fips140v1.0_test.go index 4780966208..b9ddfe4d8b 100644 --- a/src/crypto/internal/fips140test/cast_fips140v1.0_test.go +++ b/src/crypto/internal/fips140test/cast_fips140v1.0_test.go @@ -6,4 +6,4 @@ package fipstest -func fips140v2Conditionals() {} +func fips140v126Conditionals() {} diff --git a/src/crypto/internal/fips140test/cast_fips140v1.26_test.go b/src/crypto/internal/fips140test/cast_fips140v1.26_test.go new file mode 100644 index 0000000000..ef79068c38 --- /dev/null +++ b/src/crypto/internal/fips140test/cast_fips140v1.26_test.go @@ -0,0 +1,16 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !fips140v1.0 + +package fipstest + +import "crypto/internal/fips140/mldsa" + +func fips140v126Conditionals() { + // ML-DSA sign and verify PCT + kMLDSA := mldsa.GenerateKey44() + // ML-DSA-44 + mldsa.SignDeterministic(kMLDSA, make([]byte, 32), "") +} diff --git a/src/crypto/internal/fips140test/cast_fips140v2.0_test.go b/src/crypto/internal/fips140test/cast_fips140v2.0_test.go deleted file mode 100644 index 06e0513a7f..0000000000 --- a/src/crypto/internal/fips140test/cast_fips140v2.0_test.go +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright 2024 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !fips140v1.0 - -package fipstest - -import "crypto/internal/fips140/mldsa" - -func fips140v2Conditionals() { - // ML-DSA sign and verify PCT - kMLDSA := mldsa.GenerateKey44() - // ML-DSA-44 - mldsa.SignDeterministic(kMLDSA, make([]byte, 32), "") -} diff --git a/src/crypto/internal/fips140test/cast_test.go b/src/crypto/internal/fips140test/cast_test.go index 5a80006622..817dcb9a35 100644 --- a/src/crypto/internal/fips140test/cast_test.go +++ b/src/crypto/internal/fips140test/cast_test.go @@ -115,7 +115,7 @@ func TestAllCASTs(t *testing.T) { // TestConditionals causes the conditional CASTs and PCTs to be invoked. func TestConditionals(t *testing.T) { - fips140v2Conditionals() + fips140v126Conditionals() // ML-KEM PCT kMLKEM, err := mlkem.GenerateKey768() if err != nil { diff --git a/src/crypto/internal/rand/rand_fips140v1.0.go b/src/crypto/internal/rand/rand_fips140v1.0.go new file mode 100644 index 0000000000..29eba7e0bc --- /dev/null +++ b/src/crypto/internal/rand/rand_fips140v1.0.go @@ -0,0 +1,13 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build fips140v1.0 + +package rand + +import "io" + +func fips140SetTestingReader(r io.Reader) { + panic("cryptotest.SetGlobalRandom is not supported when building against Go Cryptographic Module v1.0.0") +} diff --git a/src/crypto/internal/rand/rand_fips140v1.26.go b/src/crypto/internal/rand/rand_fips140v1.26.go new file mode 100644 index 0000000000..0dc18e7883 --- /dev/null +++ b/src/crypto/internal/rand/rand_fips140v1.26.go @@ -0,0 +1,16 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !fips140v1.0 + +package rand + +import ( + "crypto/internal/fips140/drbg" + "io" +) + +func fips140SetTestingReader(r io.Reader) { + drbg.SetTestingReader(r) +} diff --git a/src/crypto/internal/rand/rand_fipsv1.0.go b/src/crypto/internal/rand/rand_fipsv1.0.go deleted file mode 100644 index 29eba7e0bc..0000000000 --- a/src/crypto/internal/rand/rand_fipsv1.0.go +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright 2025 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build fips140v1.0 - -package rand - -import "io" - -func fips140SetTestingReader(r io.Reader) { - panic("cryptotest.SetGlobalRandom is not supported when building against Go Cryptographic Module v1.0.0") -} diff --git a/src/crypto/internal/rand/rand_fipsv2.0.go b/src/crypto/internal/rand/rand_fipsv2.0.go deleted file mode 100644 index 0dc18e7883..0000000000 --- a/src/crypto/internal/rand/rand_fipsv2.0.go +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright 2025 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !fips140v1.0 - -package rand - -import ( - "crypto/internal/fips140/drbg" - "io" -) - -func fips140SetTestingReader(r io.Reader) { - drbg.SetTestingReader(r) -} -- cgit v1.3