crypto/internal/fips: import crypto/internal/fips/check throughout

The module must do the integrity self-check before any other operation
in FIPS mode.

For #69536

Change-Id: I8db52ea94e867812008a6e7a86ca2c648a0018c6
Reviewed-on: https://go-review.googlesource.com/c/go/+/629056
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>

diff --git a/src/crypto/internal/fips/aes/cast.go b/src/crypto/internal/fips/aes/cast.go
index e1aea8a19ba7230fcbb3915db89095caf11673f0..4a143a43b2eb087bd4a96928afe66ec4a70df988 100644 (file)
--- a/src/crypto/internal/fips/aes/cast.go
+++ b/src/crypto/internal/fips/aes/cast.go
@@ -7,6 +7,7 @@ package aes
 import (
        "bytes"
        "crypto/internal/fips"
+       _ "crypto/internal/fips/check"
        "errors"
 )
 

diff --git a/src/crypto/internal/fips/aes/gcm/cast.go b/src/crypto/internal/fips/aes/gcm/cast.go
index 3a2b6b78770c4003a5170e1dee91faac7694a7c6..1373a01944574b17d1d0f0686c31e84e07e16b4c 100644 (file)
--- a/src/crypto/internal/fips/aes/gcm/cast.go
+++ b/src/crypto/internal/fips/aes/gcm/cast.go
@@ -7,6 +7,7 @@ package gcm
 import (
        "crypto/internal/fips"
        "crypto/internal/fips/aes"
+       _ "crypto/internal/fips/check"
        "errors"
 )
 

diff --git a/src/crypto/internal/fips/bigmod/nat.go b/src/crypto/internal/fips/bigmod/nat.go
index 49000f1e74338264c8fae68c0c64e52ce711283e..26148390a0a5af65b5cdfe651f734d2475e15905 100644 (file)
--- a/src/crypto/internal/fips/bigmod/nat.go
+++ b/src/crypto/internal/fips/bigmod/nat.go
@@ -5,6 +5,7 @@
 package bigmod
 
 import (
+       _ "crypto/internal/fips/check"
        "crypto/internal/fipsdeps/byteorder"
        "errors"
        "math/bits"

diff --git a/src/crypto/internal/fips/drbg/cast.go b/src/crypto/internal/fips/drbg/cast.go
index bf21a04ade306688b8519177cac6deb93cfcddbd..5f973c7f150957660989020ecf35b10ad06a945c 100644 (file)
--- a/src/crypto/internal/fips/drbg/cast.go
+++ b/src/crypto/internal/fips/drbg/cast.go
@@ -7,6 +7,7 @@ package drbg
 import (
        "bytes"
        "crypto/internal/fips"
+       _ "crypto/internal/fips/check"
        "errors"
 )
 

diff --git a/src/crypto/internal/fips/ecdh/cast.go b/src/crypto/internal/fips/ecdh/cast.go
index 766ca9cad70b41c0353c13073de801683368cadb..e053bb6461997a4ff5026eb59631150ad63a58d2 100644 (file)
--- a/src/crypto/internal/fips/ecdh/cast.go
+++ b/src/crypto/internal/fips/ecdh/cast.go
@@ -7,6 +7,7 @@ package ecdh
 import (
        "bytes"
        "crypto/internal/fips"
+       _ "crypto/internal/fips/check"
        "crypto/internal/fips/nistec"
        "errors"
        "sync"

diff --git a/src/crypto/internal/fips/ecdsa/cast.go b/src/crypto/internal/fips/ecdsa/cast.go
index 280516aea7276e92bdfef8dc87fe8a28f9229b55..6b0c7099723f0c2f464c4a57fe665bb82c31d1fb 100644 (file)
--- a/src/crypto/internal/fips/ecdsa/cast.go
+++ b/src/crypto/internal/fips/ecdsa/cast.go
@@ -7,6 +7,7 @@ package ecdsa
 import (
        "bytes"
        "crypto/internal/fips"
+       _ "crypto/internal/fips/check"
        "crypto/internal/fips/sha512"
        "errors"
        "sync"

diff --git a/src/crypto/internal/fips/ed25519/cast.go b/src/crypto/internal/fips/ed25519/cast.go
index 54b6371a9e9139be647f6f6e74dbd7e31704f323..aa6ba668c02910e5301a87197f817c66a37ec686 100644 (file)
--- a/src/crypto/internal/fips/ed25519/cast.go
+++ b/src/crypto/internal/fips/ed25519/cast.go
@@ -7,6 +7,7 @@ package ed25519
 import (
        "bytes"
        "crypto/internal/fips"
+       _ "crypto/internal/fips/check"
        "errors"
        "sync"
 )

diff --git a/src/crypto/internal/fips/edwards25519/edwards25519.go b/src/crypto/internal/fips/edwards25519/edwards25519.go
index c5bcfc231e8ef6075d7edf01978318a3be21c8d6..b190290af30b04a9f61994fc97db8d60b4f164c1 100644 (file)
--- a/src/crypto/internal/fips/edwards25519/edwards25519.go
+++ b/src/crypto/internal/fips/edwards25519/edwards25519.go
@@ -5,6 +5,7 @@
 package edwards25519
 
 import (
+       _ "crypto/internal/fips/check"
        "crypto/internal/fips/edwards25519/field"
        "errors"
 )

diff --git a/src/crypto/internal/fips/edwards25519/field/fe.go b/src/crypto/internal/fips/edwards25519/field/fe.go
index e6402afa65f487435a3140162e588af19c3bf440..d0fafdad50dc9ce7a7eefd0573ab9b0e4dd17f40 100644 (file)
--- a/src/crypto/internal/fips/edwards25519/field/fe.go
+++ b/src/crypto/internal/fips/edwards25519/field/fe.go
@@ -6,6 +6,7 @@
 package field
 
 import (
+       _ "crypto/internal/fips/check"
        "crypto/internal/fips/subtle"
        "crypto/internal/fipsdeps/byteorder"
        "errors"

diff --git a/src/crypto/internal/fips/hkdf/cast.go b/src/crypto/internal/fips/hkdf/cast.go
index 67871a4438c64cba6455e4a3d131b5b95cfbed9a..98f6c9713993b9bcf240b7bd4860b721d2f39278 100644 (file)
--- a/src/crypto/internal/fips/hkdf/cast.go
+++ b/src/crypto/internal/fips/hkdf/cast.go
@@ -7,6 +7,7 @@ package hkdf
 import (
        "bytes"
        "crypto/internal/fips"
+       _ "crypto/internal/fips/check"
        "crypto/internal/fips/sha256"
        "errors"
 )

diff --git a/src/crypto/internal/fips/mlkem/cast.go b/src/crypto/internal/fips/mlkem/cast.go
index de4988527ec9095b3a491403aef82fafa5bfad85..a2162ee8ab5323887fcf0cca983e3595bec2a404 100644 (file)
--- a/src/crypto/internal/fips/mlkem/cast.go
+++ b/src/crypto/internal/fips/mlkem/cast.go
@@ -7,6 +7,7 @@ package mlkem
 import (
        "bytes"
        "crypto/internal/fips"
+       _ "crypto/internal/fips/check"
        "errors"
 )
 

diff --git a/src/crypto/internal/fips/nistec/fiat/cast.go b/src/crypto/internal/fips/nistec/fiat/cast.go
new file mode 100644 (file)
index 0000000..1b536fd
--- /dev/null
+++ b/src/crypto/internal/fips/nistec/fiat/cast.go
@@ -0,0 +1,7 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fiat
+
+import _ "crypto/internal/fips/check"

diff --git a/src/crypto/internal/fips/nistec/nistec.go b/src/crypto/internal/fips/nistec/nistec.go
index d1c63dacd59573ef562f33b9b7e772e8ffdbf2eb..c85cfa370de5c446c2927f323a94dc28a2437faa 100644 (file)
--- a/src/crypto/internal/fips/nistec/nistec.go
+++ b/src/crypto/internal/fips/nistec/nistec.go
@@ -12,4 +12,6 @@
 // can't be represented.
 package nistec
 
+import _ "crypto/internal/fips/check"
+
 //go:generate go run generate.go

diff --git a/src/crypto/internal/fips/ssh/kdf.go b/src/crypto/internal/fips/ssh/kdf.go
index ecb3dbe44240f20346b1423e96978dbc3f473f29..defcb7f47c2898dab874737ccb104711de730ad7 100644 (file)
--- a/src/crypto/internal/fips/ssh/kdf.go
+++ b/src/crypto/internal/fips/ssh/kdf.go
@@ -6,7 +6,10 @@
 // Section 7.2 and allowed by SP 800-135 Revision 1.
 package ssh
 
-import "crypto/internal/fips"
+import (
+       "crypto/internal/fips"
+       _ "crypto/internal/fips/check"
+)
 
 type Direction struct {
        ivTag     []byte

diff --git a/src/crypto/internal/fips/tls12/cast.go b/src/crypto/internal/fips/tls12/cast.go
index 9c48947ab1f98c99eb1393912b738ee19d1fe789..33cbd1514a9e1e299a0b4a70c06baa436f334c7b 100644 (file)
--- a/src/crypto/internal/fips/tls12/cast.go
+++ b/src/crypto/internal/fips/tls12/cast.go
@@ -7,6 +7,7 @@ package tls12
 import (
        "bytes"
        "crypto/internal/fips"
+       _ "crypto/internal/fips/check"
        "crypto/internal/fips/sha256"
        "errors"
 )

diff --git a/src/crypto/internal/fips/tls13/cast.go b/src/crypto/internal/fips/tls13/cast.go
index 54b4a70ac890c9cf26607bd7d97b0d129426b6de..9b727afdc40d4bb5496d8ddfdc05b747af06ed7c 100644 (file)
--- a/src/crypto/internal/fips/tls13/cast.go
+++ b/src/crypto/internal/fips/tls13/cast.go
@@ -7,6 +7,7 @@ package tls13
 import (
        "bytes"
        "crypto/internal/fips"
+       _ "crypto/internal/fips/check"
        "crypto/internal/fips/sha256"
        "errors"
 )

diff --git a/src/crypto/internal/fipsdeps/fipsdeps_test.go b/src/crypto/internal/fipsdeps/fipsdeps_test.go
index 1d5ec25a127119aeedbebb0230a10719138cd4ae..d9f6b684f8f07f371df9ebd4b7a7bc4ca6918b91 100644 (file)
--- a/src/crypto/internal/fipsdeps/fipsdeps_test.go
+++ b/src/crypto/internal/fipsdeps/fipsdeps_test.go
@@ -45,24 +45,54 @@ func TestImports(t *testing.T) {
                t.Fatalf("go list: %v\n%s", err, out)
        }
 
-       // Ensure we don't import any unexpected internal package from the FIPS
-       // module, since we can't change the module source after it starts
-       // validation. This locks in the API of otherwise internal packages.
+       allPackages := make(map[string]bool)
+
+       // importCheck is the set of packages that import crypto/internal/fips/check.
+       importCheck := make(map[string]bool)
+
        for _, line := range strings.Split(string(out), "\n") {
                if line == "" {
                        continue
                }
-               parts := strings.Fields(line)
-               if parts[1] == "crypto/internal/fips" ||
-                       strings.HasPrefix(parts[1], "crypto/internal/fips/") ||
-                       strings.HasPrefix(parts[1], "crypto/internal/fipsdeps/") {
+               pkg, importedPkg, _ := strings.Cut(line, " ")
+
+               allPackages[pkg] = true
+
+               if importedPkg == "crypto/internal/fips/check" {
+                       importCheck[pkg] = true
+               }
+
+               // Ensure we don't import any unexpected internal package from the FIPS
+               // module, since we can't change the module source after it starts
+               // validation. This locks in the API of otherwise internal packages.
+               if importedPkg == "crypto/internal/fips" ||
+                       strings.HasPrefix(importedPkg, "crypto/internal/fips/") ||
+                       strings.HasPrefix(importedPkg, "crypto/internal/fipsdeps/") {
                        continue
                }
-               if AllowedInternalPackages[parts[1]] {
+               if AllowedInternalPackages[importedPkg] {
                        continue
                }
-               if strings.Contains(parts[1], "internal") {
-                       t.Errorf("unexpected import of internal package: %s -> %s", parts[0], parts[1])
+               if strings.Contains(importedPkg, "internal") {
+                       t.Errorf("unexpected import of internal package: %s -> %s", pkg, importedPkg)
+               }
+       }
+
+       // Ensure that all packages except check and check's dependencies import check.
+       for pkg := range allPackages {
+               switch pkg {
+               case "crypto/internal/fips/check":
+               case "crypto/internal/fips":
+               case "crypto/internal/fips/alias":
+               case "crypto/internal/fips/subtle":
+               case "crypto/internal/fips/hmac":
+               case "crypto/internal/fips/sha3":
+               case "crypto/internal/fips/sha256":
+               case "crypto/internal/fips/sha512":
+               default:
+                       if !importCheck[pkg] {
+                               t.Errorf("package %s does not import crypto/internal/fips/check", pkg)
+                       }
                }
        }
 }

diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go
index 3c3aba84c586ce931f3fddc6c9be9be1b666964d..d87c689c9001ad0d3cd5316c77ac87df10b7eb1d 100644 (file)
--- a/src/crypto/sha256/sha256.go
+++ b/src/crypto/sha256/sha256.go
@@ -9,7 +9,6 @@ package sha256
 import (
        "crypto"
        "crypto/internal/boring"
-       _ "crypto/internal/fips/check"
        "crypto/internal/fips/sha256"
        "hash"
 )

diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
index 29e26fffbf1537d57b69d774f004a86c9827e073..3481461ef9d84eae654ee951b4804e7bf24051d4 100644 (file)
--- a/src/go/build/deps_test.go
+++ b/src/go/build/deps_test.go
@@ -462,14 +462,14 @@ var depsRules = `
        < crypto/internal/fips
        < crypto/internal/fips/alias
        < crypto/internal/fips/subtle
-       < crypto/internal/fips/aes
-       < crypto/internal/fips/drbg
-       < crypto/internal/fips/aes/gcm
        < crypto/internal/fips/sha256
        < crypto/internal/fips/sha512
        < crypto/internal/fips/sha3
        < crypto/internal/fips/hmac
        < crypto/internal/fips/check
+       < crypto/internal/fips/aes
+       < crypto/internal/fips/drbg
+       < crypto/internal/fips/aes/gcm
        < crypto/internal/fips/hkdf
        < crypto/internal/fips/mlkem
        < crypto/internal/fips/ssh