From 60f6d2f6230c5085ad25a9e3ebdaaae2aefdfe36 Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Wed, 8 Oct 2025 13:02:36 +0200 Subject: [PATCH] crypto/internal/fips140/entropy: support SHA-384 sizes for ACVP tests MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Change-Id: I6a6a6964decc662d753ee3eec357570bd3c95e2d Reviewed-on: https://go-review.googlesource.com/c/go/+/710056 Auto-Submit: Filippo Valsorda LUCI-TryBot-Result: Go LUCI Reviewed-by: Roland Shoemaker Reviewed-by: Nooras Saba‎ Reviewed-by: Daniel McCarney --- src/crypto/internal/fips140/entropy/sha384.go | 57 +++++++++++++++---- .../internal/fips140test/entropy_test.go | 13 ++++- 2 files changed, 58 insertions(+), 12 deletions(-) diff --git a/src/crypto/internal/fips140/entropy/sha384.go b/src/crypto/internal/fips140/entropy/sha384.go index ec23cfc9ad..c20f76b579 100644 --- a/src/crypto/internal/fips140/entropy/sha384.go +++ b/src/crypto/internal/fips140/entropy/sha384.go @@ -8,19 +8,22 @@ import "math/bits" // This file includes a SHA-384 implementation to insulate the entropy source // from any changes in the FIPS 140-3 module's crypto/internal/fips140/sha512 -// package. We only support 1024-byte inputs. +// package. We support 1024-byte inputs for the entropy source, and arbitrary +// length inputs for ACVP testing. + +var initState = [8]uint64{ + 0xcbbb9d5dc1059ed8, + 0x629a292a367cd507, + 0x9159015a3070dd17, + 0x152fecd8f70e5939, + 0x67332667ffc00b31, + 0x8eb44a8768581511, + 0xdb0c2e0d64f98fa7, + 0x47b5481dbefa4fa4, +} func SHA384(p *[1024]byte) [48]byte { - h := [8]uint64{ - 0xcbbb9d5dc1059ed8, - 0x629a292a367cd507, - 0x9159015a3070dd17, - 0x152fecd8f70e5939, - 0x67332667ffc00b31, - 0x8eb44a8768581511, - 0xdb0c2e0d64f98fa7, - 0x47b5481dbefa4fa4, - } + h := initState sha384Block(&h, (*[128]byte)(p[0:128])) sha384Block(&h, (*[128]byte)(p[128:256])) @@ -36,6 +39,38 @@ func SHA384(p *[1024]byte) [48]byte { bePutUint64(padlen[112+8:], 1024*8) sha384Block(&h, &padlen) + return digestBytes(&h) +} + +func TestingOnlySHA384(p []byte) [48]byte { + if len(p) == 1024 { + return SHA384((*[1024]byte)(p)) + } + + h := initState + bitLen := uint64(len(p)) * 8 + + // Process full 128-byte blocks. + for len(p) >= 128 { + sha384Block(&h, (*[128]byte)(p[:128])) + p = p[128:] + } + + // Process final block and padding. + var finalBlock [128]byte + copy(finalBlock[:], p) + finalBlock[len(p)] = 0x80 + if len(p) >= 112 { + sha384Block(&h, &finalBlock) + finalBlock = [128]byte{} + } + bePutUint64(finalBlock[112+8:], bitLen) + sha384Block(&h, &finalBlock) + + return digestBytes(&h) +} + +func digestBytes(h *[8]uint64) [48]byte { var digest [48]byte bePutUint64(digest[0:], h[0]) bePutUint64(digest[8:], h[1]) diff --git a/src/crypto/internal/fips140test/entropy_test.go b/src/crypto/internal/fips140test/entropy_test.go index a84b50c62b..ef6909efba 100644 --- a/src/crypto/internal/fips140test/entropy_test.go +++ b/src/crypto/internal/fips140test/entropy_test.go @@ -11,6 +11,7 @@ import ( "crypto/internal/cryptotest" "crypto/internal/fips140/drbg" "crypto/internal/fips140/entropy" + "crypto/rand" "crypto/sha256" "crypto/sha512" "encoding/hex" @@ -159,6 +160,16 @@ func TestEntropySHA384(t *testing.T) { if got != want { t.Errorf("SHA384() = %x, want %x", got, want) } + + for l := range 1024*3 + 1 { + input := make([]byte, l) + rand.Read(input) + want := sha512.Sum384(input) + got := entropy.TestingOnlySHA384(input) + if got != want { + t.Errorf("TestingOnlySHA384(%d bytes) = %x, want %x", l, got, want) + } + } } func TestEntropyRepetitionCountTest(t *testing.T) { @@ -230,7 +241,7 @@ func TestEntropyUnchanged(t *testing.T) { // entropy source through the Entropy Source Validation program, // independently of the FIPS 140-3 module. It must not change even across // FIPS 140-3 module versions, in order to reuse the ESV certificate. - exp := "35976eb8a11678c79777da07aaab5511d4325701f837777df205f6e7b20c6821" + exp := "1b68d4c091ef66c6006602e4ed3ac10f8a82ad193708ec99d63b145e3baa3e6c" if got := hex.EncodeToString(h.Sum(nil)); got != exp { t.Errorf("hash of crypto/internal/fips140/entropy = %s, want %s", got, exp) } -- 2.52.0