From 4a3cef2036097d323b6cc0bbe90fc4d8c7588660 Mon Sep 17 00:00:00 2001 From: Russ Cox Date: Wed, 20 Nov 2024 09:03:35 -0500 Subject: [PATCH] all: rename crypto/internal/fips to crypto/internal/fips140 Sometimes we've used the 140 suffix (GOFIPS140, crypto/fips140) and sometimes not (crypto/internal/fips, cmd/go/internal/fips). Use it always, to avoid having to remember which is which. Also, there are other FIPS standards, like AES (FIPS 197), SHA-2 (FIPS 180), and so on, which have nothing to do with FIPS 140. Best to be clear. For #70123. Change-Id: I33b29dabd9e8b2703d2af25e428f88bc81c7c307 Reviewed-on: https://go-review.googlesource.com/c/go/+/630115 Reviewed-by: Filippo Valsorda LUCI-TryBot-Result: Go LUCI Auto-Submit: Russ Cox Reviewed-by: Roland Shoemaker --- lib/fips140/Makefile | 6 +- lib/fips140/README.md | 4 +- lib/fips140/fips140.sum | 2 +- .../compile/internal/ssa/stmtlines_test.go | 2 +- src/cmd/dist/test.go | 6 +- .../{fips/fips.go => fips140/fips140.go} | 47 +++++++------ .../internal/{fips => fips140}/fips_test.go | 2 +- .../go/internal/{fips => fips140}/mkzip.go | 12 ++-- src/cmd/go/internal/load/godebug.go | 4 +- src/cmd/go/internal/load/pkg.go | 22 +++---- src/cmd/go/internal/modload/init.go | 6 +- src/cmd/go/internal/modload/load.go | 4 +- src/cmd/go/internal/work/buildid.go | 6 +- src/cmd/go/internal/work/gc.go | 4 +- src/cmd/go/testdata/script/fipssnap.txt | 24 +++---- src/cmd/internal/obj/{fips.go => fips140.go} | 28 ++++---- .../link/internal/ld/{fips.go => fips140.go} | 8 +-- src/cmd/link/internal/loader/loader.go | 2 +- src/crypto/aes/aes.go | 2 +- src/crypto/cipher/cbc.go | 4 +- src/crypto/cipher/cfb.go | 2 +- src/crypto/cipher/ctr.go | 4 +- src/crypto/cipher/ctr_aes_test.go | 2 +- src/crypto/cipher/gcm.go | 10 +-- src/crypto/cipher/gcm_test.go | 10 +-- src/crypto/cipher/ofb.go | 2 +- src/crypto/des/cipher.go | 2 +- src/crypto/ecdh/nist.go | 2 +- src/crypto/ecdh/x25519.go | 2 +- src/crypto/ecdsa/ecdsa.go | 2 +- src/crypto/ed25519/ed25519.go | 2 +- src/crypto/elliptic/nistec.go | 2 +- src/crypto/elliptic/nistec_p256.go | 2 +- src/crypto/hmac/hmac.go | 2 +- src/crypto/internal/entropy/entropy.go | 2 +- .../internal/fips/check/checktest/asm.s | 6 -- .../aes/_asm/ctr/ctr_amd64_asm.go | 0 .../{fips => fips140}/aes/_asm/ctr/go.mod | 0 .../{fips => fips140}/aes/_asm/ctr/go.sum | 0 .../aes/_asm/standard/aes_amd64.go | 0 .../aes/_asm/standard/go.mod | 0 .../aes/_asm/standard/go.sum | 0 .../internal/{fips => fips140}/aes/aes.go | 8 +-- .../{fips => fips140}/aes/aes_amd64.s | 0 .../{fips => fips140}/aes/aes_arm64.s | 0 .../internal/{fips => fips140}/aes/aes_asm.go | 4 +- .../{fips => fips140}/aes/aes_generic.go | 2 +- .../{fips => fips140}/aes/aes_noasm.go | 0 .../{fips => fips140}/aes/aes_ppc64x.s | 0 .../{fips => fips140}/aes/aes_s390x.go | 2 +- .../{fips => fips140}/aes/aes_s390x.s | 0 .../{fips => fips140}/aes/aes_test.go | 0 .../internal/{fips => fips140}/aes/cast.go | 6 +- .../internal/{fips => fips140}/aes/cbc.go | 4 +- .../{fips => fips140}/aes/cbc_noasm.go | 0 .../{fips => fips140}/aes/cbc_ppc64x.go | 0 .../{fips => fips140}/aes/cbc_s390x.go | 0 .../internal/{fips => fips140}/aes/const.go | 0 .../internal/{fips => fips140}/aes/ctr.go | 6 +- .../{fips => fips140}/aes/ctr_amd64.s | 0 .../{fips => fips140}/aes/ctr_arm64.s | 0 .../{fips => fips140}/aes/ctr_arm64_gen.go | 0 .../internal/{fips => fips140}/aes/ctr_asm.go | 0 .../{fips => fips140}/aes/ctr_noasm.go | 0 .../{fips => fips140}/aes/ctr_s390x.go | 4 +- .../aes/gcm/_asm/gcm/gcm_amd64_asm.go | 0 .../{fips => fips140}/aes/gcm/_asm/gcm/go.mod | 0 .../{fips => fips140}/aes/gcm/_asm/gcm/go.sum | 0 .../{fips => fips140}/aes/gcm/cast.go | 10 +-- .../{fips => fips140}/aes/gcm/cmac.go | 8 +-- .../{fips => fips140}/aes/gcm/ctrkdf.go | 6 +- .../internal/{fips => fips140}/aes/gcm/gcm.go | 10 +-- .../{fips => fips140}/aes/gcm/gcm_amd64.s | 0 .../{fips => fips140}/aes/gcm/gcm_arm64.s | 0 .../{fips => fips140}/aes/gcm/gcm_asm.go | 6 +- .../{fips => fips140}/aes/gcm/gcm_generic.go | 6 +- .../{fips => fips140}/aes/gcm/gcm_noasm.go | 0 .../{fips => fips140}/aes/gcm/gcm_nonces.go | 28 ++++---- .../{fips => fips140}/aes/gcm/gcm_ppc64x.go | 8 +-- .../{fips => fips140}/aes/gcm/gcm_ppc64x.s | 0 .../{fips => fips140}/aes/gcm/gcm_s390x.go | 8 +-- .../{fips => fips140}/aes/gcm/gcm_s390x.s | 0 .../{fips => fips140}/aes/gcm/ghash.go | 6 +- .../aes/gcm/interface_test.go | 2 +- .../{fips => fips140}/aes/interface_test.go | 2 +- .../internal/{fips => fips140}/alias/alias.go | 0 .../{fips => fips140}/bigmod/_asm/go.mod | 2 +- .../{fips => fips140}/bigmod/_asm/go.sum | 0 .../bigmod/_asm/nat_amd64_asm.go | 2 +- .../internal/{fips => fips140}/bigmod/nat.go | 4 +- .../{fips => fips140}/bigmod/nat_386.s | 0 .../{fips => fips140}/bigmod/nat_amd64.s | 0 .../{fips => fips140}/bigmod/nat_arm.s | 0 .../{fips => fips140}/bigmod/nat_arm64.s | 0 .../{fips => fips140}/bigmod/nat_asm.go | 2 +- .../{fips => fips140}/bigmod/nat_loong64.s | 2 +- .../{fips => fips140}/bigmod/nat_noasm.go | 0 .../{fips => fips140}/bigmod/nat_ppc64x.s | 0 .../{fips => fips140}/bigmod/nat_riscv64.s | 0 .../{fips => fips140}/bigmod/nat_s390x.s | 0 .../{fips => fips140}/bigmod/nat_test.go | 0 .../{fips => fips140}/bigmod/nat_wasm.go | 0 src/crypto/internal/{fips => fips140}/cast.go | 8 +-- .../internal/{fips => fips140}/check/asan.go | 0 .../internal/{fips => fips140}/check/check.go | 12 ++-- .../internal/fips140/check/checktest/asm.s | 6 ++ .../{fips => fips140}/check/checktest/test.go | 6 +- .../{fips => fips140}/check/noasan.go | 0 .../internal/{fips => fips140}/drbg/cast.go | 6 +- .../{fips => fips140}/drbg/ctrdrbg.go | 14 ++-- .../internal/{fips => fips140}/drbg/rand.go | 4 +- .../internal/{fips => fips140}/ecdh/cast.go | 8 +-- .../internal/{fips => fips140}/ecdh/ecdh.go | 44 ++++++------- .../{fips => fips140}/ecdh/order_test.go | 0 .../internal/{fips => fips140}/ecdsa/cast.go | 12 ++-- .../internal/{fips => fips140}/ecdsa/ecdsa.go | 26 ++++---- .../{fips => fips140}/ecdsa/ecdsa_noasm.go | 0 .../{fips => fips140}/ecdsa/ecdsa_s390x.go | 4 +- .../{fips => fips140}/ecdsa/ecdsa_s390x.s | 0 .../{fips => fips140}/ecdsa/ecdsa_test.go | 2 +- .../{fips => fips140}/ecdsa/hmacdrbg.go | 10 +-- .../{fips => fips140}/ed25519/cast.go | 8 +-- .../{fips => fips140}/ed25519/ed25519.go | 28 ++++---- .../{fips => fips140}/edwards25519/doc.go | 0 .../edwards25519/edwards25519.go | 4 +- .../edwards25519/edwards25519_test.go | 2 +- .../edwards25519/field/_asm/fe_amd64_asm.go | 2 +- .../edwards25519/field/_asm/go.mod | 2 +- .../edwards25519/field/_asm/go.sum | 0 .../edwards25519/field/fe.go | 6 +- .../edwards25519/field/fe_alias_test.go | 0 .../edwards25519/field/fe_amd64.go | 0 .../edwards25519/field/fe_amd64.s | 0 .../edwards25519/field/fe_amd64_noasm.go | 0 .../edwards25519/field/fe_arm64.go | 0 .../edwards25519/field/fe_arm64.s | 0 .../edwards25519/field/fe_arm64_noasm.go | 0 .../edwards25519/field/fe_bench_test.go | 0 .../edwards25519/field/fe_generic.go | 0 .../edwards25519/field/fe_test.go | 0 .../{fips => fips140}/edwards25519/scalar.go | 2 +- .../edwards25519/scalar_alias_test.go | 0 .../edwards25519/scalar_fiat.go | 0 .../edwards25519/scalar_test.go | 0 .../edwards25519/scalarmult.go | 0 .../edwards25519/scalarmult_test.go | 0 .../{fips => fips140}/edwards25519/tables.go | 2 +- .../edwards25519/tables_test.go | 0 .../{fips/fips.go => fips140/fips140.go} | 4 +- src/crypto/internal/{fips => fips140}/hash.go | 2 +- .../internal/{fips => fips140}/hkdf/cast.go | 8 +-- .../internal/{fips => fips140}/hkdf/hkdf.go | 12 ++-- .../internal/{fips => fips140}/hmac/cast.go | 6 +- .../internal/{fips => fips140}/hmac/hmac.go | 18 ++--- .../internal/{fips => fips140}/indicator.go | 6 +- .../internal/{fips => fips140}/mlkem/cast.go | 6 +- .../internal/{fips => fips140}/mlkem/field.go | 4 +- .../{fips => fips140}/mlkem/field_test.go | 0 .../{fips => fips140}/mlkem/generate1024.go | 0 .../{fips => fips140}/mlkem/mlkem1024.go | 20 +++--- .../{fips => fips140}/mlkem/mlkem768.go | 20 +++--- .../{fips => fips140}/nistec/_asm/go.mod | 2 +- .../{fips => fips140}/nistec/_asm/go.sum | 0 .../{fips => fips140}/nistec/_asm/p256_asm.go | 2 +- .../nistec/benchmark_test.go | 2 +- .../{fips => fips140}/nistec/fiat/Dockerfile | 0 .../{fips => fips140}/nistec/fiat/README | 0 .../nistec/fiat/benchmark_test.go | 2 +- .../{fips => fips140}/nistec/fiat/cast.go | 2 +- .../{fips => fips140}/nistec/fiat/generate.go | 2 +- .../{fips => fips140}/nistec/fiat/p224.go | 2 +- .../nistec/fiat/p224_fiat64.go | 0 .../nistec/fiat/p224_invert.go | 0 .../{fips => fips140}/nistec/fiat/p256.go | 2 +- .../nistec/fiat/p256_fiat64.go | 0 .../nistec/fiat/p256_invert.go | 0 .../{fips => fips140}/nistec/fiat/p384.go | 2 +- .../nistec/fiat/p384_fiat64.go | 0 .../nistec/fiat/p384_invert.go | 0 .../{fips => fips140}/nistec/fiat/p521.go | 2 +- .../nistec/fiat/p521_fiat64.go | 0 .../nistec/fiat/p521_invert.go | 0 .../{fips => fips140}/nistec/generate.go | 4 +- .../{fips => fips140}/nistec/nistec.go | 2 +- .../internal/{fips => fips140}/nistec/p224.go | 4 +- .../{fips => fips140}/nistec/p224_sqrt.go | 2 +- .../internal/{fips => fips140}/nistec/p256.go | 8 +-- .../{fips => fips140}/nistec/p256_asm.go | 2 +- .../{fips => fips140}/nistec/p256_asm_amd64.s | 0 .../{fips => fips140}/nistec/p256_asm_arm64.s | 0 .../nistec/p256_asm_ppc64le.s | 0 .../{fips => fips140}/nistec/p256_asm_s390x.s | 0 .../{fips => fips140}/nistec/p256_asm_test.go | 0 .../{fips => fips140}/nistec/p256_ordinv.go | 0 .../nistec/p256_ordinv_noasm.go | 0 .../{fips => fips140}/nistec/p256_table.go | 0 .../nistec/p256_table_test.go | 2 +- .../internal/{fips => fips140}/nistec/p384.go | 4 +- .../internal/{fips => fips140}/nistec/p521.go | 4 +- .../internal/{fips => fips140}/rsa/cast.go | 8 +-- .../{fips => fips140}/rsa/pkcs1v15.go | 8 +-- .../{fips => fips140}/rsa/pkcs1v15_test.go | 0 .../{fips => fips140}/rsa/pkcs1v22.go | 54 +++++++-------- .../{fips => fips140}/rsa/pkcs1v22_test.go | 0 .../internal/{fips => fips140}/rsa/rsa.go | 18 ++--- .../{fips => fips140}/sha256/_asm/go.mod | 0 .../{fips => fips140}/sha256/_asm/go.sum | 0 .../sha256/_asm/sha256block_amd64_asm.go | 2 +- .../sha256/_asm/sha256block_amd64_avx2.go | 0 .../sha256/_asm/sha256block_amd64_shani.go | 0 .../internal/{fips => fips140}/sha256/cast.go | 4 +- .../{fips => fips140}/sha256/sha256.go | 6 +- .../{fips => fips140}/sha256/sha256block.go | 0 .../sha256/sha256block_386.s | 0 .../sha256/sha256block_amd64.go | 2 +- .../sha256/sha256block_amd64.s | 0 .../sha256/sha256block_arm64.go | 2 +- .../sha256/sha256block_arm64.s | 0 .../sha256/sha256block_asm.go | 0 .../sha256/sha256block_loong64.s | 0 .../sha256/sha256block_noasm.go | 0 .../sha256/sha256block_ppc64x.go | 2 +- .../sha256/sha256block_ppc64x.s | 0 .../sha256/sha256block_riscv64.s | 0 .../sha256/sha256block_s390x.go | 2 +- .../sha256/sha256block_s390x.s | 0 .../{fips => fips140}/sha3/_asm/go.mod | 0 .../{fips => fips140}/sha3/_asm/go.sum | 0 .../sha3/_asm/keccakf_amd64_asm.go | 2 +- .../internal/{fips => fips140}/sha3/cast.go | 4 +- .../internal/{fips => fips140}/sha3/hashes.go | 0 .../{fips => fips140}/sha3/keccakf.go | 4 +- .../internal/{fips => fips140}/sha3/sha3.go | 6 +- .../{fips => fips140}/sha3/sha3_amd64.go | 0 .../{fips => fips140}/sha3/sha3_amd64.s | 0 .../{fips => fips140}/sha3/sha3_noasm.go | 0 .../{fips => fips140}/sha3/sha3_s390x.go | 4 +- .../{fips => fips140}/sha3/sha3_s390x.s | 0 .../internal/{fips => fips140}/sha3/shake.go | 6 +- .../{fips => fips140}/sha512/_asm/go.mod | 0 .../{fips => fips140}/sha512/_asm/go.sum | 0 .../sha512/_asm/sha512block_amd64_asm.go | 2 +- .../internal/{fips => fips140}/sha512/cast.go | 4 +- .../{fips => fips140}/sha512/sha512.go | 6 +- .../{fips => fips140}/sha512/sha512block.go | 0 .../sha512/sha512block_amd64.go | 2 +- .../sha512/sha512block_amd64.s | 0 .../sha512/sha512block_arm64.go | 2 +- .../sha512/sha512block_arm64.s | 0 .../sha512/sha512block_asm.go | 0 .../sha512/sha512block_loong64.s | 0 .../sha512/sha512block_noasm.go | 0 .../sha512/sha512block_ppc64x.go | 2 +- .../sha512/sha512block_ppc64x.s | 0 .../sha512/sha512block_riscv64.s | 0 .../sha512/sha512block_s390x.go | 2 +- .../sha512/sha512block_s390x.s | 0 .../internal/{fips => fips140}/ssh/kdf.go | 6 +- .../{fips => fips140}/subtle/constant_time.go | 0 .../internal/{fips => fips140}/subtle/xor.go | 2 +- .../{fips => fips140}/subtle/xor_amd64.go | 0 .../{fips => fips140}/subtle/xor_amd64.s | 0 .../{fips => fips140}/subtle/xor_arm64.go | 0 .../{fips => fips140}/subtle/xor_arm64.s | 0 .../{fips => fips140}/subtle/xor_generic.go | 0 .../{fips => fips140}/subtle/xor_loong64.go | 0 .../{fips => fips140}/subtle/xor_loong64.s | 0 .../{fips => fips140}/subtle/xor_ppc64x.go | 0 .../{fips => fips140}/subtle/xor_ppc64x.s | 0 .../internal/{fips => fips140}/tls12/cast.go | 8 +-- .../internal/{fips => fips140}/tls12/tls12.go | 20 +++--- .../internal/{fips => fips140}/tls13/cast.go | 8 +-- .../internal/{fips => fips140}/tls13/tls13.go | 40 +++++------ .../byteorder/byteorder.go | 0 .../{fipsdeps => fips140deps}/cpu/cpu.go | 0 .../{fipsdeps => fips140deps}/fipsdeps.go | 2 +- .../fipsdeps_test.go | 30 ++++----- .../godebug/godebug.go | 0 .../acvp_capabilities.json | 0 .../acvp_test.config.json | 0 .../{fipstest => fips140test}/acvp_test.go | 38 +++++------ .../{fipstest => fips140test}/alias_test.go | 2 +- .../{fipstest => fips140test}/cast_test.go | 38 +++++------ .../{fipstest => fips140test}/check_test.go | 4 +- .../{fipstest => fips140test}/cmac_test.go | 4 +- .../{fipstest => fips140test}/ctrdrbg_test.go | 4 +- .../edwards25519_test.go | 2 +- .../{fipstest => fips140test}/fips_test.go | 2 +- .../{fipstest => fips140test}/hkdf_test.go | 16 ++--- .../indicator_test.go | 62 ++++++++--------- .../{fipstest => fips140test}/mlkem_test.go | 4 +- .../nistec_ordinv_test.go | 2 +- .../{fipstest => fips140test}/nistec_test.go | 2 +- .../{fipstest => fips140test}/sha3_test.go | 8 +-- .../{fipstest => fips140test}/sshkdf_test.go | 2 +- .../{fipstest => fips140test}/xaes_test.go | 8 +-- src/crypto/internal/hpke/hpke.go | 2 +- src/crypto/rand/rand.go | 6 +- src/crypto/rc4/rc4.go | 2 +- src/crypto/rsa/fips.go | 2 +- src/crypto/rsa/pkcs1v15.go | 2 +- src/crypto/rsa/pss_test.go | 4 +- src/crypto/rsa/rsa.go | 4 +- src/crypto/rsa/rsa_test.go | 4 +- src/crypto/sha256/sha256.go | 2 +- src/crypto/sha512/sha512.go | 2 +- src/crypto/subtle/constant_time.go | 2 +- src/crypto/subtle/xor.go | 2 +- src/crypto/tls/cipher_suites.go | 6 +- src/crypto/tls/handshake_client.go | 4 +- src/crypto/tls/handshake_client_tls13.go | 6 +- src/crypto/tls/handshake_server_tls13.go | 4 +- src/crypto/tls/key_schedule.go | 6 +- src/crypto/tls/key_schedule_test.go | 4 +- src/crypto/tls/prf.go | 2 +- src/go/build/deps_test.go | 66 +++++++++---------- src/runtime/panic.go | 2 +- src/runtime/runtime1.go | 4 +- src/slices/slices.go | 2 +- 319 files changed, 689 insertions(+), 692 deletions(-) rename src/cmd/go/internal/{fips/fips.go => fips140/fips140.go} (88%) rename src/cmd/go/internal/{fips => fips140}/fips_test.go (99%) rename src/cmd/go/internal/{fips => fips140}/mkzip.go (89%) rename src/cmd/internal/obj/{fips.go => fips140.go} (94%) rename src/cmd/link/internal/ld/{fips.go => fips140.go} (98%) delete mode 100644 src/crypto/internal/fips/check/checktest/asm.s rename src/crypto/internal/{fips => fips140}/aes/_asm/ctr/ctr_amd64_asm.go (100%) rename src/crypto/internal/{fips => fips140}/aes/_asm/ctr/go.mod (100%) rename src/crypto/internal/{fips => fips140}/aes/_asm/ctr/go.sum (100%) rename src/crypto/internal/{fips => fips140}/aes/_asm/standard/aes_amd64.go (100%) rename src/crypto/internal/{fips => fips140}/aes/_asm/standard/go.mod (100%) rename src/crypto/internal/{fips => fips140}/aes/_asm/standard/go.sum (100%) rename src/crypto/internal/{fips => fips140}/aes/aes.go (96%) rename src/crypto/internal/{fips => fips140}/aes/aes_amd64.s (100%) rename src/crypto/internal/{fips => fips140}/aes/aes_arm64.s (100%) rename src/crypto/internal/{fips => fips140}/aes/aes_asm.go (97%) rename src/crypto/internal/{fips => fips140}/aes/aes_generic.go (99%) rename src/crypto/internal/{fips => fips140}/aes/aes_noasm.go (100%) rename src/crypto/internal/{fips => fips140}/aes/aes_ppc64x.s (100%) rename src/crypto/internal/{fips => fips140}/aes/aes_s390x.go (98%) rename src/crypto/internal/{fips => fips140}/aes/aes_s390x.s (100%) rename src/crypto/internal/{fips => fips140}/aes/aes_test.go (100%) rename src/crypto/internal/{fips => fips140}/aes/cast.go (91%) rename src/crypto/internal/{fips => fips140}/aes/cbc.go (97%) rename src/crypto/internal/{fips => fips140}/aes/cbc_noasm.go (100%) rename src/crypto/internal/{fips => fips140}/aes/cbc_ppc64x.go (100%) rename src/crypto/internal/{fips => fips140}/aes/cbc_s390x.go (100%) rename src/crypto/internal/{fips => fips140}/aes/const.go (100%) rename src/crypto/internal/{fips => fips140}/aes/ctr.go (97%) rename src/crypto/internal/{fips => fips140}/aes/ctr_amd64.s (100%) rename src/crypto/internal/{fips => fips140}/aes/ctr_arm64.s (100%) rename src/crypto/internal/{fips => fips140}/aes/ctr_arm64_gen.go (100%) rename src/crypto/internal/{fips => fips140}/aes/ctr_asm.go (100%) rename src/crypto/internal/{fips => fips140}/aes/ctr_noasm.go (100%) rename src/crypto/internal/{fips => fips140}/aes/ctr_s390x.go (94%) rename src/crypto/internal/{fips => fips140}/aes/gcm/_asm/gcm/gcm_amd64_asm.go (100%) rename src/crypto/internal/{fips => fips140}/aes/gcm/_asm/gcm/go.mod (100%) rename src/crypto/internal/{fips => fips140}/aes/gcm/_asm/gcm/go.sum (100%) rename src/crypto/internal/{fips => fips140}/aes/gcm/cast.go (85%) rename src/crypto/internal/{fips => fips140}/aes/gcm/cmac.go (93%) rename src/crypto/internal/{fips => fips140}/aes/gcm/ctrkdf.go (94%) rename src/crypto/internal/{fips => fips140}/aes/gcm/gcm.go (96%) rename src/crypto/internal/{fips => fips140}/aes/gcm/gcm_amd64.s (100%) rename src/crypto/internal/{fips => fips140}/aes/gcm/gcm_arm64.s (100%) rename src/crypto/internal/{fips => fips140}/aes/gcm/gcm_asm.go (97%) rename src/crypto/internal/{fips => fips140}/aes/gcm/gcm_generic.go (97%) rename src/crypto/internal/{fips => fips140}/aes/gcm/gcm_noasm.go (100%) rename src/crypto/internal/{fips => fips140}/aes/gcm/gcm_nonces.go (94%) rename src/crypto/internal/{fips => fips140}/aes/gcm/gcm_ppc64x.go (97%) rename src/crypto/internal/{fips => fips140}/aes/gcm/gcm_ppc64x.s (100%) rename src/crypto/internal/{fips => fips140}/aes/gcm/gcm_s390x.go (98%) rename src/crypto/internal/{fips => fips140}/aes/gcm/gcm_s390x.s (100%) rename src/crypto/internal/{fips => fips140}/aes/gcm/ghash.go (98%) rename src/crypto/internal/{fips => fips140}/aes/gcm/interface_test.go (87%) rename src/crypto/internal/{fips => fips140}/aes/interface_test.go (92%) rename src/crypto/internal/{fips => fips140}/alias/alias.go (100%) rename src/crypto/internal/{fips => fips140}/bigmod/_asm/go.mod (86%) rename src/crypto/internal/{fips => fips140}/bigmod/_asm/go.sum (100%) rename src/crypto/internal/{fips => fips140}/bigmod/_asm/nat_amd64_asm.go (98%) rename src/crypto/internal/{fips => fips140}/bigmod/nat.go (99%) rename src/crypto/internal/{fips => fips140}/bigmod/nat_386.s (100%) rename src/crypto/internal/{fips => fips140}/bigmod/nat_amd64.s (100%) rename src/crypto/internal/{fips => fips140}/bigmod/nat_arm.s (100%) rename src/crypto/internal/{fips => fips140}/bigmod/nat_arm64.s (100%) rename src/crypto/internal/{fips => fips140}/bigmod/nat_asm.go (96%) rename src/crypto/internal/{fips => fips140}/bigmod/nat_loong64.s (97%) rename src/crypto/internal/{fips => fips140}/bigmod/nat_noasm.go (100%) rename src/crypto/internal/{fips => fips140}/bigmod/nat_ppc64x.s (100%) rename src/crypto/internal/{fips => fips140}/bigmod/nat_riscv64.s (100%) rename src/crypto/internal/{fips => fips140}/bigmod/nat_s390x.s (100%) rename src/crypto/internal/{fips => fips140}/bigmod/nat_test.go (100%) rename src/crypto/internal/{fips => fips140}/bigmod/nat_wasm.go (100%) rename src/crypto/internal/{fips => fips140}/cast.go (92%) rename src/crypto/internal/{fips => fips140}/check/asan.go (100%) rename src/crypto/internal/{fips => fips140}/check/check.go (92%) create mode 100644 src/crypto/internal/fips140/check/checktest/asm.s rename src/crypto/internal/{fips => fips140}/check/checktest/test.go (88%) rename src/crypto/internal/{fips => fips140}/check/noasan.go (100%) rename src/crypto/internal/{fips => fips140}/drbg/cast.go (94%) rename src/crypto/internal/{fips => fips140}/drbg/ctrdrbg.go (93%) rename src/crypto/internal/{fips => fips140}/drbg/rand.go (97%) rename src/crypto/internal/{fips => fips140}/ecdh/cast.go (90%) rename src/crypto/internal/{fips => fips140}/ecdh/ecdh.go (94%) rename src/crypto/internal/{fips => fips140}/ecdh/order_test.go (100%) rename src/crypto/internal/{fips => fips140}/ecdsa/cast.go (93%) rename src/crypto/internal/{fips => fips140}/ecdsa/ecdsa.go (96%) rename src/crypto/internal/{fips => fips140}/ecdsa/ecdsa_noasm.go (100%) rename src/crypto/internal/{fips => fips140}/ecdsa/ecdsa_s390x.go (98%) rename src/crypto/internal/{fips => fips140}/ecdsa/ecdsa_s390x.s (100%) rename src/crypto/internal/{fips => fips140}/ecdsa/ecdsa_test.go (98%) rename src/crypto/internal/{fips => fips140}/ecdsa/hmacdrbg.go (94%) rename src/crypto/internal/{fips => fips140}/ed25519/cast.go (92%) rename src/crypto/internal/{fips => fips140}/ed25519/ed25519.go (96%) rename src/crypto/internal/{fips => fips140}/edwards25519/doc.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/edwards25519.go (99%) rename src/crypto/internal/{fips => fips140}/edwards25519/edwards25519_test.go (99%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/_asm/fe_amd64_asm.go (99%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/_asm/go.mod (83%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/_asm/go.sum (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/fe.go (99%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/fe_alias_test.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/fe_amd64.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/fe_amd64.s (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/fe_amd64_noasm.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/fe_arm64.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/fe_arm64.s (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/fe_arm64_noasm.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/fe_bench_test.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/fe_generic.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/field/fe_test.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/scalar.go (99%) rename src/crypto/internal/{fips => fips140}/edwards25519/scalar_alias_test.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/scalar_fiat.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/scalar_test.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/scalarmult.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/scalarmult_test.go (100%) rename src/crypto/internal/{fips => fips140}/edwards25519/tables.go (99%) rename src/crypto/internal/{fips => fips140}/edwards25519/tables_test.go (100%) rename src/crypto/internal/{fips/fips.go => fips140/fips140.go} (84%) rename src/crypto/internal/{fips => fips140}/hash.go (98%) rename src/crypto/internal/{fips => fips140}/hkdf/cast.go (83%) rename src/crypto/internal/{fips => fips140}/hkdf/hkdf.go (74%) rename src/crypto/internal/{fips => fips140}/hmac/cast.go (87%) rename src/crypto/internal/{fips => fips140}/hmac/hmac.go (92%) rename src/crypto/internal/{fips => fips140}/indicator.go (93%) rename src/crypto/internal/{fips => fips140}/mlkem/cast.go (93%) rename src/crypto/internal/{fips => fips140}/mlkem/field.go (99%) rename src/crypto/internal/{fips => fips140}/mlkem/field_test.go (100%) rename src/crypto/internal/{fips => fips140}/mlkem/generate1024.go (100%) rename src/crypto/internal/{fips => fips140}/mlkem/mlkem1024.go (96%) rename src/crypto/internal/{fips => fips140}/mlkem/mlkem768.go (96%) rename src/crypto/internal/{fips => fips140}/nistec/_asm/go.mod (80%) rename src/crypto/internal/{fips => fips140}/nistec/_asm/go.sum (100%) rename src/crypto/internal/{fips => fips140}/nistec/_asm/p256_asm.go (99%) rename src/crypto/internal/{fips => fips140}/nistec/benchmark_test.go (98%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/Dockerfile (100%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/README (100%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/benchmark_test.go (96%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/cast.go (80%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/generate.go (99%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/p224.go (99%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/p224_fiat64.go (100%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/p224_invert.go (100%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/p256.go (99%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/p256_fiat64.go (100%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/p256_invert.go (100%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/p384.go (99%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/p384_fiat64.go (100%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/p384_invert.go (100%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/p521.go (99%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/p521_fiat64.go (100%) rename src/crypto/internal/{fips => fips140}/nistec/fiat/p521_invert.go (100%) rename src/crypto/internal/{fips => fips140}/nistec/generate.go (99%) rename src/crypto/internal/{fips => fips140}/nistec/nistec.go (94%) rename src/crypto/internal/{fips => fips140}/nistec/p224.go (99%) rename src/crypto/internal/{fips => fips140}/nistec/p224_sqrt.go (98%) rename src/crypto/internal/{fips => fips140}/nistec/p256.go (99%) rename src/crypto/internal/{fips => fips140}/nistec/p256_asm.go (99%) rename src/crypto/internal/{fips => fips140}/nistec/p256_asm_amd64.s (100%) rename src/crypto/internal/{fips => fips140}/nistec/p256_asm_arm64.s (100%) rename src/crypto/internal/{fips => fips140}/nistec/p256_asm_ppc64le.s (100%) rename src/crypto/internal/{fips => fips140}/nistec/p256_asm_s390x.s (100%) rename src/crypto/internal/{fips => fips140}/nistec/p256_asm_test.go (100%) rename src/crypto/internal/{fips => fips140}/nistec/p256_ordinv.go (100%) rename src/crypto/internal/{fips => fips140}/nistec/p256_ordinv_noasm.go (100%) rename src/crypto/internal/{fips => fips140}/nistec/p256_table.go (100%) rename src/crypto/internal/{fips => fips140}/nistec/p256_table_test.go (96%) rename src/crypto/internal/{fips => fips140}/nistec/p384.go (99%) rename src/crypto/internal/{fips => fips140}/nistec/p521.go (99%) rename src/crypto/internal/{fips => fips140}/rsa/cast.go (98%) rename src/crypto/internal/{fips => fips140}/rsa/pkcs1v15.go (97%) rename src/crypto/internal/{fips => fips140}/rsa/pkcs1v15_test.go (100%) rename src/crypto/internal/{fips => fips140}/rsa/pkcs1v22.go (89%) rename src/crypto/internal/{fips => fips140}/rsa/pkcs1v22_test.go (100%) rename src/crypto/internal/{fips => fips140}/rsa/rsa.go (94%) rename src/crypto/internal/{fips => fips140}/sha256/_asm/go.mod (100%) rename src/crypto/internal/{fips => fips140}/sha256/_asm/go.sum (100%) rename src/crypto/internal/{fips => fips140}/sha256/_asm/sha256block_amd64_asm.go (99%) rename src/crypto/internal/{fips => fips140}/sha256/_asm/sha256block_amd64_avx2.go (100%) rename src/crypto/internal/{fips => fips140}/sha256/_asm/sha256block_amd64_shani.go (100%) rename src/crypto/internal/{fips => fips140}/sha256/cast.go (91%) rename src/crypto/internal/{fips => fips140}/sha256/sha256.go (98%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block.go (100%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block_386.s (100%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block_amd64.go (95%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block_amd64.s (100%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block_arm64.go (93%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block_arm64.s (100%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block_asm.go (100%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block_loong64.s (100%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block_noasm.go (100%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block_ppc64x.go (95%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block_ppc64x.s (100%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block_riscv64.s (100%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block_s390x.go (94%) rename src/crypto/internal/{fips => fips140}/sha256/sha256block_s390x.s (100%) rename src/crypto/internal/{fips => fips140}/sha3/_asm/go.mod (100%) rename src/crypto/internal/{fips => fips140}/sha3/_asm/go.sum (100%) rename src/crypto/internal/{fips => fips140}/sha3/_asm/keccakf_amd64_asm.go (99%) rename src/crypto/internal/{fips => fips140}/sha3/cast.go (91%) rename src/crypto/internal/{fips => fips140}/sha3/hashes.go (100%) rename src/crypto/internal/{fips => fips140}/sha3/keccakf.go (99%) rename src/crypto/internal/{fips => fips140}/sha3/sha3.go (98%) rename src/crypto/internal/{fips => fips140}/sha3/sha3_amd64.go (100%) rename src/crypto/internal/{fips => fips140}/sha3/sha3_amd64.s (100%) rename src/crypto/internal/{fips => fips140}/sha3/sha3_noasm.go (100%) rename src/crypto/internal/{fips => fips140}/sha3/sha3_s390x.go (98%) rename src/crypto/internal/{fips => fips140}/sha3/sha3_s390x.s (100%) rename src/crypto/internal/{fips => fips140}/sha3/shake.go (97%) rename src/crypto/internal/{fips => fips140}/sha512/_asm/go.mod (100%) rename src/crypto/internal/{fips => fips140}/sha512/_asm/go.sum (100%) rename src/crypto/internal/{fips => fips140}/sha512/_asm/sha512block_amd64_asm.go (99%) rename src/crypto/internal/{fips => fips140}/sha512/cast.go (93%) rename src/crypto/internal/{fips => fips140}/sha512/sha512.go (98%) rename src/crypto/internal/{fips => fips140}/sha512/sha512block.go (100%) rename src/crypto/internal/{fips => fips140}/sha512/sha512block_amd64.go (94%) rename src/crypto/internal/{fips => fips140}/sha512/sha512block_amd64.s (100%) rename src/crypto/internal/{fips => fips140}/sha512/sha512block_arm64.go (93%) rename src/crypto/internal/{fips => fips140}/sha512/sha512block_arm64.s (100%) rename src/crypto/internal/{fips => fips140}/sha512/sha512block_asm.go (100%) rename src/crypto/internal/{fips => fips140}/sha512/sha512block_loong64.s (100%) rename src/crypto/internal/{fips => fips140}/sha512/sha512block_noasm.go (100%) rename src/crypto/internal/{fips => fips140}/sha512/sha512block_ppc64x.go (95%) rename src/crypto/internal/{fips => fips140}/sha512/sha512block_ppc64x.s (100%) rename src/crypto/internal/{fips => fips140}/sha512/sha512block_riscv64.s (100%) rename src/crypto/internal/{fips => fips140}/sha512/sha512block_s390x.go (94%) rename src/crypto/internal/{fips => fips140}/sha512/sha512block_s390x.s (100%) rename src/crypto/internal/{fips => fips140}/ssh/kdf.go (90%) rename src/crypto/internal/{fips => fips140}/subtle/constant_time.go (100%) rename src/crypto/internal/{fips => fips140}/subtle/xor.go (95%) rename src/crypto/internal/{fips => fips140}/subtle/xor_amd64.go (100%) rename src/crypto/internal/{fips => fips140}/subtle/xor_amd64.s (100%) rename src/crypto/internal/{fips => fips140}/subtle/xor_arm64.go (100%) rename src/crypto/internal/{fips => fips140}/subtle/xor_arm64.s (100%) rename src/crypto/internal/{fips => fips140}/subtle/xor_generic.go (100%) rename src/crypto/internal/{fips => fips140}/subtle/xor_loong64.go (100%) rename src/crypto/internal/{fips => fips140}/subtle/xor_loong64.s (100%) rename src/crypto/internal/{fips => fips140}/subtle/xor_ppc64x.go (100%) rename src/crypto/internal/{fips => fips140}/subtle/xor_ppc64x.s (100%) rename src/crypto/internal/{fips => fips140}/tls12/cast.go (86%) rename src/crypto/internal/{fips => fips140}/tls12/tls12.go (75%) rename src/crypto/internal/{fips => fips140}/tls13/cast.go (85%) rename src/crypto/internal/{fips => fips140}/tls13/tls13.go (83%) rename src/crypto/internal/{fipsdeps => fips140deps}/byteorder/byteorder.go (100%) rename src/crypto/internal/{fipsdeps => fips140deps}/cpu/cpu.go (100%) rename src/crypto/internal/{fipsdeps => fips140deps}/fipsdeps.go (96%) rename src/crypto/internal/{fipsdeps => fips140deps}/fipsdeps_test.go (77%) rename src/crypto/internal/{fipsdeps => fips140deps}/godebug/godebug.go (100%) rename src/crypto/internal/{fipstest => fips140test}/acvp_capabilities.json (100%) rename src/crypto/internal/{fipstest => fips140test}/acvp_test.config.json (100%) rename src/crypto/internal/{fipstest => fips140test}/acvp_test.go (92%) rename src/crypto/internal/{fipstest => fips140test}/alias_test.go (97%) rename src/crypto/internal/{fipstest => fips140test}/cast_test.go (77%) rename src/crypto/internal/{fipstest => fips140test}/check_test.go (98%) rename src/crypto/internal/{fipstest => fips140test}/cmac_test.go (93%) rename src/crypto/internal/{fipstest => fips140test}/ctrdrbg_test.go (97%) rename src/crypto/internal/{fipstest => fips140test}/edwards25519_test.go (93%) rename src/crypto/internal/{fipstest => fips140test}/fips_test.go (91%) rename src/crypto/internal/{fipstest => fips140test}/hkdf_test.go (97%) rename src/crypto/internal/{fipstest => fips140test}/indicator_test.go (52%) rename src/crypto/internal/{fipstest => fips140test}/mlkem_test.go (99%) rename src/crypto/internal/{fipstest => fips140test}/nistec_ordinv_test.go (98%) rename src/crypto/internal/{fipstest => fips140test}/nistec_test.go (99%) rename src/crypto/internal/{fipstest => fips140test}/sha3_test.go (99%) rename src/crypto/internal/{fipstest => fips140test}/sshkdf_test.go (98%) rename src/crypto/internal/{fipstest => fips140test}/xaes_test.go (97%) diff --git a/lib/fips140/Makefile b/lib/fips140/Makefile index 7a97eb6557..cd657ae72f 100644 --- a/lib/fips140/Makefile +++ b/lib/fips140/Makefile @@ -13,7 +13,7 @@ # # Note that once published a snapshot zip file should never # be modified. We record the sha256 hashes of the zip files -# in fips140.sum, and the cmd/go/internal/fips test checks +# in fips140.sum, and the cmd/go/internal/fips140 test checks # that the zips match. # # When the zip file is finalized, run 'make updatesum' to update @@ -27,7 +27,7 @@ default: # copy and edit the 'go run' command by hand to use a different branch. v%.zip: git fetch origin master - go run ../../src/cmd/go/internal/fips/mkzip.go -b master v$* + go run ../../src/cmd/go/internal/fips140/mkzip.go -b master v$* # normally mkzip refuses to overwrite an existing zip file. # make v1.2.3.rm removes the zip file and and unpacked @@ -43,4 +43,4 @@ v%.test: # make updatesum updates the fips140.sum file. updatesum: - go test cmd/go/internal/fips -update + go test cmd/go/internal/fips140 -update diff --git a/lib/fips140/README.md b/lib/fips140/README.md index 6427ddb7a9..38ca130d6f 100644 --- a/lib/fips140/README.md +++ b/lib/fips140/README.md @@ -1,9 +1,9 @@ -This directory holds snapshots of the crypto/internal/fips tree +This directory holds snapshots of the crypto/internal/fips140 tree that are being validated and certified for FIPS-140 use. The file x.txt (for example, inprocess.txt, certified.txt) defines the meaning of the FIPS version alias x, listing the exact version to use. -The zip files are created by cmd/go/internal/fips/mkzip.go. +The zip files are created by cmd/go/internal/fips140/mkzip.go. The fips140.sum file lists checksums for the zip files. See the Makefile for recipes. diff --git a/lib/fips140/fips140.sum b/lib/fips140/fips140.sum index 3dd9146ff5..013112d9e5 100644 --- a/lib/fips140/fips140.sum +++ b/lib/fips140/fips140.sum @@ -7,5 +7,5 @@ # remove zip files from the list when they are removed from # this directory. To update this file: # -# go test cmd/go/internal/fips -update +# go test cmd/go/internal/fips140 -update # diff --git a/src/cmd/compile/internal/ssa/stmtlines_test.go b/src/cmd/compile/internal/ssa/stmtlines_test.go index f04ca706b6..e17a5402af 100644 --- a/src/cmd/compile/internal/ssa/stmtlines_test.go +++ b/src/cmd/compile/internal/ssa/stmtlines_test.go @@ -103,7 +103,7 @@ func TestStmtLines(t *testing.T) { if pkgname == "runtime" { continue } - if pkgname == "crypto/internal/fips/nistec/fiat" { + if pkgname == "crypto/internal/fips140/nistec/fiat" { continue // golang.org/issue/49372 } if e.Val(dwarf.AttrStmtList) == nil { diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go index ebcf61f8f1..b52af6edc4 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go @@ -834,7 +834,7 @@ func (t *tester) registerTests() { buildmode: "pie", ldflags: "-linkmode=internal", env: []string{"CGO_ENABLED=0"}, - pkg: "crypto/internal/fips/check", + pkg: "crypto/internal/fips140/check", }) // Also test a cgo package. if t.cgoEnabled && t.internalLink() && !disablePIE { @@ -857,7 +857,7 @@ func (t *tester) registerTests() { buildmode: "exe", ldflags: "-linkmode=external", env: []string{"CGO_ENABLED=1"}, - pkg: "crypto/internal/fips/check", + pkg: "crypto/internal/fips140/check", }) if t.externalLinkPIE() && !disablePIE { t.registerTest("external linking, -buildmode=pie", @@ -867,7 +867,7 @@ func (t *tester) registerTests() { buildmode: "pie", ldflags: "-linkmode=external", env: []string{"CGO_ENABLED=1"}, - pkg: "crypto/internal/fips/check", + pkg: "crypto/internal/fips140/check", }) } } diff --git a/src/cmd/go/internal/fips/fips.go b/src/cmd/go/internal/fips140/fips140.go similarity index 88% rename from src/cmd/go/internal/fips/fips.go rename to src/cmd/go/internal/fips140/fips140.go index 0c7a22e39a..7c04a94dd1 100644 --- a/src/cmd/go/internal/fips/fips.go +++ b/src/cmd/go/internal/fips140/fips140.go @@ -9,8 +9,8 @@ // - Whether binaries are built to default to running in FIPS-140 mode, // meaning whether they default to GODEBUG=fips140=on or =off. // -// - Which copy of the crypto/internal/fips source code to use. -// The default is obviously GOROOT/src/crypto/internal/fips, +// - Which copy of the crypto/internal/fips140 source code to use. +// The default is obviously GOROOT/src/crypto/internal/fips140, // but earlier snapshots that have differing levels of external // validation and certification are stored in GOROOT/lib/fips140 // and can be substituted into the build instead. @@ -51,7 +51,7 @@ // // When GOFIPS140 is set to something besides off and latest, [Snapshot] // returns true, indicating that the build should replace the latest copy -// of crypto/internal/fips with an earlier snapshot. The reason to do +// of crypto/internal/fips140 with an earlier snapshot. The reason to do // this is to use a copy that has been through additional lab validation // (an "in-process" module) or NIST certification (a "certified" module). // The snapshots are stored in GOROOT/lib/fips140 in module zip form. @@ -60,19 +60,19 @@ // // A FIPS snapshot like v1.2.3 is integrated into the build in two different ways. // -// First, the snapshot's fips140 directory replaces crypto/internal/fips -// using fsys.Bind. The effect is to appear to have deleted crypto/internal/fips +// First, the snapshot's fips140 directory replaces crypto/internal/fips140 +// using fsys.Bind. The effect is to appear to have deleted crypto/internal/fips140 // and everything below it, replacing it with the single subdirectory -// crypto/internal/fips/v1.2.3, which now has the FIPS packages. +// crypto/internal/fips140/v1.2.3, which now has the FIPS packages. // This virtual file system replacement makes patterns like std and crypto... // automatically see the snapshot packages instead of the original packages -// as they walk GOROOT/src/crypto/internal/fips. +// as they walk GOROOT/src/crypto/internal/fips140. // -// Second, ResolveImport is called to resolve an import like crypto/internal/fips/sha256. +// Second, ResolveImport is called to resolve an import like crypto/internal/fips140/sha256. // When snapshot v1.2.3 is being used, ResolveImport translates that path to -// crypto/internal/fips/v1.2.3/sha256 and returns the actual source directory +// crypto/internal/fips140/v1.2.3/sha256 and returns the actual source directory // in the unpacked snapshot. Using the actual directory instead of the -// virtual directory GOROOT/src/crypto/internal/fips/v1.2.3 makes sure +// virtual directory GOROOT/src/crypto/internal/fips140/v1.2.3 makes sure // that other tools using go list -json output can find the sources, // as well as making sure builds have a real directory in which to run the // assembler, compiler, and so on. The translation of the import path happens @@ -83,15 +83,12 @@ // a snapshot - we could make things work without doing that - but including // the v1.2.3 gives a different version of the code a different name, which is // always a good general rule. In particular, it will mean that govulncheck need -// not have any special cases for crypto/internal/fips at all. The reports simply +// not have any special cases for crypto/internal/fips140 at all. The reports simply // need to list the relevant symbols in a given Go version. (For example, if a bug // is only in the in-tree copy but not the snapshots, it doesn't list the snapshot // symbols; if it's in any snapshots, it has to list the specific snapshot symbols // in addition to the “normal” symbol.) -// -// TODO: crypto/internal/fips is going to move to crypto/internal/fips140, -// at which point all the crypto/internal/fips references need to be updated. -package fips +package fips140 import ( "cmd/go/internal/base" @@ -120,7 +117,7 @@ func Init() { initVersion() initDir() if Snapshot() { - fsys.Bind(Dir(), filepath.Join(cfg.GOROOT, "src/crypto/internal/fips")) + fsys.Bind(Dir(), filepath.Join(cfg.GOROOT, "src/crypto/internal/fips140")) } } @@ -150,7 +147,7 @@ func Enabled() bool { } // Snapshot reports whether FIPS mode is using a source snapshot -// rather than $GOROOT/src/crypto/internal/fips. +// rather than $GOROOT/src/crypto/internal/fips140. // That is, it reports whether GOFIPS140 is set to something besides "latest" or "off". func Snapshot() bool { checkInit() @@ -200,11 +197,11 @@ func initVersion() { base.Fatalf("go: unknown GOFIPS140 version %q", v) } -// Dir reports the directory containing the crypto/internal/fips source code. -// If Snapshot() is false, Dir returns GOROOT/src/crypto/internal/fips. +// Dir reports the directory containing the crypto/internal/fips140 source code. +// If Snapshot() is false, Dir returns GOROOT/src/crypto/internal/fips140. // Otherwise Dir ensures that the snapshot has been unpacked into the // module cache and then returns the directory in the module cache -// corresponding to the crypto/internal/fips directory. +// corresponding to the crypto/internal/fips140 directory. func Dir() string { checkInit() return dir @@ -215,7 +212,7 @@ var dir string func initDir() { v := version if v == "latest" || v == "off" { - dir = filepath.Join(cfg.GOROOT, "src/crypto/internal/fips") + dir = filepath.Join(cfg.GOROOT, "src/crypto/internal/fips140") return } @@ -230,15 +227,15 @@ func initDir() { } // ResolveImport resolves the import path imp. -// If it is of the form crypto/internal/fips/foo -// (not crypto/internal/fips/v1.2.3/foo) +// If it is of the form crypto/internal/fips140/foo +// (not crypto/internal/fips140/v1.2.3/foo) // and we are using a snapshot, then LookupImport -// rewrites the path to crypto/internal/fips/v1.2.3/foo +// rewrites the path to crypto/internal/fips140/v1.2.3/foo // and returns that path and its location in the unpacked // FIPS snapshot. func ResolveImport(imp string) (newPath, dir string, ok bool) { checkInit() - const fips = "crypto/internal/fips" + const fips = "crypto/internal/fips140" if !Snapshot() || !str.HasPathPrefix(imp, fips) { return "", "", false } diff --git a/src/cmd/go/internal/fips/fips_test.go b/src/cmd/go/internal/fips140/fips_test.go similarity index 99% rename from src/cmd/go/internal/fips/fips_test.go rename to src/cmd/go/internal/fips140/fips_test.go index a2f0acba2b..53f0c9ab58 100644 --- a/src/cmd/go/internal/fips/fips_test.go +++ b/src/cmd/go/internal/fips140/fips_test.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package fips +package fips140 import ( "crypto/sha256" diff --git a/src/cmd/go/internal/fips/mkzip.go b/src/cmd/go/internal/fips140/mkzip.go similarity index 89% rename from src/cmd/go/internal/fips/mkzip.go rename to src/cmd/go/internal/fips140/mkzip.go index 384be51083..1fb1a14e73 100644 --- a/src/cmd/go/internal/fips/mkzip.go +++ b/src/cmd/go/internal/fips140/mkzip.go @@ -11,7 +11,7 @@ // Usage: // // cd GOROOT/lib/fips140 -// go run ../../src/cmd/go/internal/fips/mkzip.go [-b branch] v1.2.3 +// go run ../../src/cmd/go/internal/fips140/mkzip.go [-b branch] v1.2.3 // // Mkzip creates a zip file named for the version on the command line // using the sources in the named branch (default origin/master, @@ -73,21 +73,21 @@ func main() { // and it is the path where the zip file will be unpacked in the module cache. // The path must begin with a domain name to satisfy the module validation rules, // but otherwise the path is not used. The cmd/go code using these zips - // knows that the zip contains crypto/internal/fips. + // knows that the zip contains crypto/internal/fips140. goroot := "../.." var zbuf bytes.Buffer err = modzip.CreateFromVCS(&zbuf, module.Version{Path: "golang.org/fips140", Version: version}, - goroot, *flagBranch, "src/crypto/internal/fips") + goroot, *flagBranch, "src/crypto/internal/fips140") if err != nil { log.Fatal(err) } // Write new zip file with longer paths: fips140/v1.2.3/foo.go instead of foo.go. // That way we can bind the fips140 directory onto the - // GOROOT/src/crypto/internal/fips directory and get a - // crypto/internal/fips/v1.2.3 with the snapshot code - // and an otherwise empty crypto/internal/fips directory. + // GOROOT/src/crypto/internal/fips140 directory and get a + // crypto/internal/fips140/v1.2.3 with the snapshot code + // and an otherwise empty crypto/internal/fips140 directory. zr, err := zip.NewReader(bytes.NewReader(zbuf.Bytes()), int64(zbuf.Len())) if err != nil { log.Fatal(err) diff --git a/src/cmd/go/internal/load/godebug.go b/src/cmd/go/internal/load/godebug.go index db73c73a15..8ea8ffab1a 100644 --- a/src/cmd/go/internal/load/godebug.go +++ b/src/cmd/go/internal/load/godebug.go @@ -14,7 +14,7 @@ import ( "strconv" "strings" - "cmd/go/internal/fips" + "cmd/go/internal/fips140" "cmd/go/internal/gover" "cmd/go/internal/modload" ) @@ -65,7 +65,7 @@ func defaultGODEBUG(p *Package, directives, testDirectives, xtestDirectives []bu // If GOFIPS140 is set to anything but "off", // default to GODEBUG=fips140=on. - if fips.Enabled() { + if fips140.Enabled() { if m == nil { m = make(map[string]string) } diff --git a/src/cmd/go/internal/load/pkg.go b/src/cmd/go/internal/load/pkg.go index b7e8565e5f..4daa0df45c 100644 --- a/src/cmd/go/internal/load/pkg.go +++ b/src/cmd/go/internal/load/pkg.go @@ -32,7 +32,7 @@ import ( "cmd/go/internal/base" "cmd/go/internal/cfg" - "cmd/go/internal/fips" + "cmd/go/internal/fips140" "cmd/go/internal/fsys" "cmd/go/internal/gover" "cmd/go/internal/imports" @@ -407,7 +407,7 @@ func (p *Package) copyBuild(opts PackageOpts, pp *build.Package) { p.BinaryOnly = pp.BinaryOnly // TODO? Target - p.Goroot = pp.Goroot || fips.Snapshot() && str.HasFilePathPrefix(p.Dir, fips.Dir()) + p.Goroot = pp.Goroot || fips140.Snapshot() && str.HasFilePathPrefix(p.Dir, fips140.Dir()) p.Standard = p.Goroot && p.ImportPath != "" && search.IsStandardImportPath(p.ImportPath) p.GoFiles = pp.GoFiles p.CgoFiles = pp.CgoFiles @@ -885,7 +885,7 @@ func loadPackageData(ctx context.Context, path, parentPath, parentDir, parentRoo } r := resolvedImportCache.Do(importKey, func() resolvedImport { var r resolvedImport - if newPath, dir, ok := fips.ResolveImport(path); ok { + if newPath, dir, ok := fips140.ResolveImport(path); ok { r.path = newPath r.dir = dir } else if cfg.ModulesEnabled { @@ -1523,15 +1523,15 @@ func disallowInternal(ctx context.Context, srcDir string, importer *Package, imp // directory, so the usual directory rules don't work apply, or rather they // apply differently depending on whether we are using a snapshot or the // in-tree copy of the code. We apply a consistent rule here: - // crypto/internal/fips can only see crypto/internal, never top-of-tree internal. - // Similarly, crypto/... can see crypto/internal/fips even though the usual rules + // crypto/internal/fips140 can only see crypto/internal, never top-of-tree internal. + // Similarly, crypto/... can see crypto/internal/fips140 even though the usual rules // would not allow it in snapshot mode. - if str.HasPathPrefix(importerPath, "crypto") && str.HasPathPrefix(p.ImportPath, "crypto/internal/fips") { - return nil // crypto can use crypto/internal/fips + if str.HasPathPrefix(importerPath, "crypto") && str.HasPathPrefix(p.ImportPath, "crypto/internal/fips140") { + return nil // crypto can use crypto/internal/fips140 } - if str.HasPathPrefix(importerPath, "crypto/internal/fips") { + if str.HasPathPrefix(importerPath, "crypto/internal/fips140") { if str.HasPathPrefix(p.ImportPath, "crypto/internal") { - return nil // crypto/internal/fips can use crypto/internal + return nil // crypto/internal/fips140 can use crypto/internal } // TODO: Delete this switch once the usages are removed. switch p.ImportPath { @@ -2462,8 +2462,8 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) { if cfg.RawGOEXPERIMENT != "" { appendSetting("GOEXPERIMENT", cfg.RawGOEXPERIMENT) } - if fips.Enabled() { - appendSetting("GOFIPS140", fips.Version()) + if fips140.Enabled() { + appendSetting("GOFIPS140", fips140.Version()) } appendSetting("GOOS", cfg.BuildContext.GOOS) if key, val, _ := cfg.GetArchEnv(); key != "" && val != "" { diff --git a/src/cmd/go/internal/modload/init.go b/src/cmd/go/internal/modload/init.go index 2142291445..c1bca7e732 100644 --- a/src/cmd/go/internal/modload/init.go +++ b/src/cmd/go/internal/modload/init.go @@ -23,7 +23,7 @@ import ( "cmd/go/internal/base" "cmd/go/internal/cfg" - "cmd/go/internal/fips" + "cmd/go/internal/fips140" "cmd/go/internal/fsys" "cmd/go/internal/gover" "cmd/go/internal/lockedfile" @@ -356,7 +356,7 @@ func BinDir() string { // for example 'go mod tidy', that don't operate in workspace mode. func InitWorkfile() { // Initialize fsys early because we need overlay to read go.work file. - fips.Init() + fips140.Init() if err := fsys.Init(); err != nil { base.Fatal(err) } @@ -416,7 +416,7 @@ func Init() { } initialized = true - fips.Init() + fips140.Init() // Keep in sync with WillBeEnabled. We perform extra validation here, and // there are lots of diagnostics and side effects, so we can't use diff --git a/src/cmd/go/internal/modload/load.go b/src/cmd/go/internal/modload/load.go index e25e45c38d..746cefd256 100644 --- a/src/cmd/go/internal/modload/load.go +++ b/src/cmd/go/internal/modload/load.go @@ -115,7 +115,7 @@ import ( "cmd/go/internal/base" "cmd/go/internal/cfg" - "cmd/go/internal/fips" + "cmd/go/internal/fips140" "cmd/go/internal/fsys" "cmd/go/internal/gover" "cmd/go/internal/imports" @@ -1958,7 +1958,7 @@ func (ld *loader) pkgTest(ctx context.Context, pkg *loadPkg, testFlags loadPkgFl // stdVendor returns the canonical import path for the package with the given // path when imported from the standard-library package at parentPath. func (ld *loader) stdVendor(parentPath, path string) string { - if p, _, ok := fips.ResolveImport(path); ok { + if p, _, ok := fips140.ResolveImport(path); ok { return p } if search.IsStandardImportPath(path) { diff --git a/src/cmd/go/internal/work/buildid.go b/src/cmd/go/internal/work/buildid.go index d6121fbb19..56248ffdc4 100644 --- a/src/cmd/go/internal/work/buildid.go +++ b/src/cmd/go/internal/work/buildid.go @@ -15,7 +15,7 @@ import ( "cmd/go/internal/base" "cmd/go/internal/cache" "cmd/go/internal/cfg" - "cmd/go/internal/fips" + "cmd/go/internal/fips140" "cmd/go/internal/fsys" "cmd/go/internal/str" "cmd/internal/buildid" @@ -457,7 +457,7 @@ func (b *Builder) useCache(a *Action, actionHash cache.ActionID, target string, // to $WORK/b001 from the cache, // but we went years without caching binaries anyway, // so not caching them for FIPS will be fine, at least to start. - if a.Mode == "link" && fips.Enabled() && a.Package != nil && !strings.HasSuffix(a.Package.ImportPath, ".test") { + if a.Mode == "link" && fips140.Enabled() && a.Package != nil && !strings.HasSuffix(a.Package.ImportPath, ".test") { return false } @@ -520,7 +520,7 @@ func (b *Builder) useCache(a *Action, actionHash cache.ActionID, target string, oldBuildID := a.buildID a.buildID = id[1] + buildIDSeparator + id[2] linkID := buildid.HashToString(b.linkActionID(a.triggers[0])) - if id[0] == linkID && !fips.Enabled() { + if id[0] == linkID && !fips140.Enabled() { // Best effort attempt to display output from the compile and link steps. // If it doesn't work, it doesn't work: reusing the cached binary is more // important than reprinting diagnostic information. diff --git a/src/cmd/go/internal/work/gc.go b/src/cmd/go/internal/work/gc.go index 573554e8bf..3a173efee8 100644 --- a/src/cmd/go/internal/work/gc.go +++ b/src/cmd/go/internal/work/gc.go @@ -19,7 +19,7 @@ import ( "cmd/go/internal/base" "cmd/go/internal/cfg" - "cmd/go/internal/fips" + "cmd/go/internal/fips140" "cmd/go/internal/fsys" "cmd/go/internal/gover" "cmd/go/internal/load" @@ -615,7 +615,7 @@ func (gcToolchain) ld(b *Builder, root *Action, targetPath, importcfg, mainpkg s if cfg.BuildBuildmode == "plugin" { ldflags = append(ldflags, "-pluginpath", pluginPath(root)) } - if fips.Enabled() { + if fips140.Enabled() { ldflags = append(ldflags, "-fipso", filepath.Join(root.Objdir, "fips.o")) } diff --git a/src/cmd/go/testdata/script/fipssnap.txt b/src/cmd/go/testdata/script/fipssnap.txt index 83e36f5365..17a9d647a1 100644 --- a/src/cmd/go/testdata/script/fipssnap.txt +++ b/src/cmd/go/testdata/script/fipssnap.txt @@ -13,15 +13,15 @@ stdout fips140=on # std lists fips snapshot and not regular fips go list std -stdout crypto/internal/fips/$snap/sha256 -! stdout crypto/internal/fips/sha256 -! stdout crypto/internal/fips/check +stdout crypto/internal/fips140/$snap/sha256 +! stdout crypto/internal/fips140/sha256 +! stdout crypto/internal/fips140/check # build does not use regular fips go list -json -test -stdout crypto/internal/fips/$snap/sha256 -! stdout crypto/internal/fips/sha256 -! stdout crypto/internal/fips/check +stdout crypto/internal/fips140/$snap/sha256 +! stdout crypto/internal/fips140/sha256 +! stdout crypto/internal/fips140/check # again with GOFIPS140=$alias env GOFIPS140=$alias @@ -32,15 +32,15 @@ stdout fips140=on # std lists fips snapshot and not regular fips go list std -stdout crypto/internal/fips/$snap/sha256 -! stdout crypto/internal/fips/sha256 -! stdout crypto/internal/fips/check +stdout crypto/internal/fips140/$snap/sha256 +! stdout crypto/internal/fips140/sha256 +! stdout crypto/internal/fips140/check # build does not use regular fips go list -json -test -stdout crypto/internal/fips/$snap/sha256 -! stdout crypto/internal/fips/sha256 -! stdout crypto/internal/fips/check +stdout crypto/internal/fips140/$snap/sha256 +! stdout crypto/internal/fips140/sha256 +! stdout crypto/internal/fips140/check [short] skip diff --git a/src/cmd/internal/obj/fips.go b/src/cmd/internal/obj/fips140.go similarity index 94% rename from src/cmd/internal/obj/fips.go rename to src/cmd/internal/obj/fips140.go index 978028f70a..326301aa87 100644 --- a/src/cmd/internal/obj/fips.go +++ b/src/cmd/internal/obj/fips140.go @@ -26,14 +26,14 @@ restrict those to the actual cryptographic packages. Since we're not hashing the whole binary, we need to record the parts of the binary that contain FIPS code, specifically the part of the -binary corresponding to the crypto/internal/fips package subtree. +binary corresponding to the crypto/internal/fips140 package subtree. To do that, we create special symbol types STEXTFIPS, SRODATAFIPS, SNOPTRDATAFIPS, and SDATAFIPS, which those packages use instead of STEXT, SRODATA, SNOPTRDATA, and SDATA. The linker groups symbols by their type, so that naturally makes the FIPS parts contiguous within a given type. The linker then writes out in a special symbol the start and end of each of these FIPS-specific sections, alongside the -expected HMAC-SHA256 of them. At startup, the crypto/internal/fips/check +expected HMAC-SHA256 of them. At startup, the crypto/internal/fips140/check package has an init function that recomputes the hash and checks it against the recorded expectation. @@ -74,11 +74,11 @@ A similar issue happens with: The compiler invents an anonymous array and then treats the code as in the first example. In both cases, a load-time relocation applied -before the crypto/internal/fips/check init function would invalidate +before the crypto/internal/fips140/check init function would invalidate the hash. Instead, we disable the “link time initialization” optimizations in the compiler (package staticinit) for the fips packages. That way, the slice initialization is deferred to its own init function. -As long as the package in question imports crypto/internal/fips/check, +As long as the package in question imports crypto/internal/fips140/check, the hash check will happen before the package's own init function runs, and so the hash check will see the slice header written by the linker, with a slice base pointer predictably nil instead of the @@ -95,11 +95,11 @@ for every new relocation in a symbol in a FIPS package (as reported by The cryptographic code+data must be included in the hash-verified data. In general we accomplish that by putting all symbols from -crypto/internal/fips/... packages into the hash-verified data. +crypto/internal/fips140/... packages into the hash-verified data. But not all. Note that wrapper code that layers a Go API atop the cryptographic -core is unverified. For example, crypto/internal/fips/sha256 is part of +core is unverified. For example, crypto/internal/fips140/sha256 is part of the FIPS module and verified but the crypto/sha256 package that wraps it is outside the module and unverified. Also, runtime support like the implementation of malloc and garbage collection is outside the @@ -146,7 +146,7 @@ import ( const enableFIPS = true -// IsFIPS reports whether we are compiling one of the crypto/internal/fips/... packages. +// IsFIPS reports whether we are compiling one of the crypto/internal/fips140/... packages. func (ctxt *Link) IsFIPS() bool { if strings.HasSuffix(ctxt.Pkgpath, "_test") { // External test packages are outside the FIPS hash scope. @@ -154,7 +154,7 @@ func (ctxt *Link) IsFIPS() bool { // emit absolute relocations in the global data. return false } - return ctxt.Pkgpath == "crypto/internal/fips" || strings.HasPrefix(ctxt.Pkgpath, "crypto/internal/fips/") + return ctxt.Pkgpath == "crypto/internal/fips140" || strings.HasPrefix(ctxt.Pkgpath, "crypto/internal/fips140/") } // bisectFIPS controls bisect-based debugging of FIPS symbol assignment. @@ -191,7 +191,7 @@ func EnableFIPS() bool { // It should instead pass -shared to the compiler to get true // position-independent code, at which point FIPS verification // would work fine. FIPS verification does work fine on -buildmode=exe, - // but -buildmode=pie is the default, so crypto/internal/fips/check + // but -buildmode=pie is the default, so crypto/internal/fips140/check // would fail during all.bash if we enabled FIPS here. // Perhaps the default should be changed back to -buildmode=exe, // after which we could remove this case, but until then, @@ -221,11 +221,11 @@ func (s *LSym) setFIPSType(ctxt *Link) { return } - // Name must begin with crypto/internal/fips, then dot or slash. + // Name must begin with crypto/internal/fips140, then dot or slash. // The quick check for 'c' before the string compare is probably overkill, // but this function is called a fair amount, and we don't want to // slow down all the non-FIPS compilations. - const prefix = "crypto/internal/fips" + const prefix = "crypto/internal/fips140" name := s.Name if len(name) <= len(prefix) || (name[len(prefix)] != '.' && name[len(prefix)] != '/') || name[0] != 'c' || name[:len(prefix)] != prefix { return @@ -239,7 +239,7 @@ func (s *LSym) setFIPSType(ctxt *Link) { // Now we're at least handling a FIPS symbol. // It's okay to be slower now, since this code only runs when compiling a few packages. - // Even in the crypto/internal/fips packages, + // Even in the crypto/internal/fips140 packages, // we exclude various Go runtime metadata, // so that it can be allowed to contain data relocations. if strings.Contains(name, ".init") || @@ -257,7 +257,7 @@ func (s *LSym) setFIPSType(ctxt *Link) { // This symbol is linknamed to go:fipsinfo, // so we shouldn't see it, but skip it just in case. - if s.Name == "crypto/internal/fips/check.linkinfo" { + if s.Name == "crypto/internal/fips140/check.linkinfo" { return } @@ -289,7 +289,7 @@ func (s *LSym) setFIPSType(ctxt *Link) { // checkFIPSReloc should be called for every relocation applied to s. // It rejects absolute (non-PC-relative) address relocations when building // with go build -buildmode=pie (which triggers the compiler's -shared flag), -// because those relocations will be applied before crypto/internal/fips/check +// because those relocations will be applied before crypto/internal/fips140/check // can hash-verify the FIPS code+data, which will make the verification fail. func (s *LSym) checkFIPSReloc(ctxt *Link, rel Reloc) { if !ctxt.Flag_shared { diff --git a/src/cmd/link/internal/ld/fips.go b/src/cmd/link/internal/ld/fips140.go similarity index 98% rename from src/cmd/link/internal/ld/fips.go rename to src/cmd/link/internal/ld/fips140.go index a88fdd822d..c1887ee50a 100644 --- a/src/cmd/link/internal/ld/fips.go +++ b/src/cmd/link/internal/ld/fips140.go @@ -43,7 +43,7 @@ The new special symbols are created by [loadfips]. Having collated the FIPS symbols, we need to compute the hash and then leave both the expected hash and the FIPS address ranges -for the run-time check in crypto/internal/fips/check. +for the run-time check in crypto/internal/fips140/check. We do that by creating a special symbol named go:fipsinfo of the form struct { @@ -55,7 +55,7 @@ We do that by creating a special symbol named go:fipsinfo of the form } } -The crypto/internal/fips/check uses linkname to access this symbol, +The crypto/internal/fips140/check uses linkname to access this symbol, which is of course not included in the hash. # FIPS Info Calculation @@ -85,7 +85,7 @@ two random 32-byte strings differ. For debugging, the linker flag -fipso can be set to the name of a file (such as /tmp/fips.o) where the linker will write the “FIPS object” that is being hashed. -There is also commented-out code in crypto/internal/fips/check that +There is also commented-out code in crypto/internal/fips140/check that will write /tmp/fipscheck.o during the run-time verification. When the hashes differ, the first step is to uncomment the @@ -151,7 +151,7 @@ func loadfips(ctxt *Link) { if ctxt.BuildMode == BuildModePlugin { // not sure why this doesn't work return } - // Write the fipsinfo symbol, which crypto/internal/fips/check uses. + // Write the fipsinfo symbol, which crypto/internal/fips140/check uses. ldr := ctxt.loader // TODO lock down linkname info := ldr.CreateSymForUpdate("go:fipsinfo", 0) diff --git a/src/cmd/link/internal/loader/loader.go b/src/cmd/link/internal/loader/loader.go index 688971146d..6fe895a840 100644 --- a/src/cmd/link/internal/loader/loader.go +++ b/src/cmd/link/internal/loader/loader.go @@ -2337,7 +2337,7 @@ var blockedLinknames = map[string][]string{ "runtime.coroswitch": {"iter"}, "runtime.newcoro": {"iter"}, // fips info - "go:fipsinfo": {"crypto/internal/fips/check"}, + "go:fipsinfo": {"crypto/internal/fips140/check"}, } // check if a linkname reference to symbol s from pkg is allowed diff --git a/src/crypto/aes/aes.go b/src/crypto/aes/aes.go index 6ddcdf603a..5bc2d13d67 100644 --- a/src/crypto/aes/aes.go +++ b/src/crypto/aes/aes.go @@ -16,7 +16,7 @@ package aes import ( "crypto/cipher" "crypto/internal/boring" - "crypto/internal/fips/aes" + "crypto/internal/fips140/aes" "strconv" ) diff --git a/src/crypto/cipher/cbc.go b/src/crypto/cipher/cbc.go index 9f94056833..b4536aceb9 100644 --- a/src/crypto/cipher/cbc.go +++ b/src/crypto/cipher/cbc.go @@ -13,8 +13,8 @@ package cipher import ( "bytes" - "crypto/internal/fips/aes" - "crypto/internal/fips/alias" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/alias" "crypto/subtle" ) diff --git a/src/crypto/cipher/cfb.go b/src/crypto/cipher/cfb.go index 7a18f1c231..eccb1afa7d 100644 --- a/src/crypto/cipher/cfb.go +++ b/src/crypto/cipher/cfb.go @@ -7,7 +7,7 @@ package cipher import ( - "crypto/internal/fips/alias" + "crypto/internal/fips140/alias" "crypto/subtle" ) diff --git a/src/crypto/cipher/ctr.go b/src/crypto/cipher/ctr.go index e53e96609b..c868635b8a 100644 --- a/src/crypto/cipher/ctr.go +++ b/src/crypto/cipher/ctr.go @@ -14,8 +14,8 @@ package cipher import ( "bytes" - "crypto/internal/fips/aes" - "crypto/internal/fips/alias" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/alias" "crypto/subtle" ) diff --git a/src/crypto/cipher/ctr_aes_test.go b/src/crypto/cipher/ctr_aes_test.go index 5260732688..3394246778 100644 --- a/src/crypto/cipher/ctr_aes_test.go +++ b/src/crypto/cipher/ctr_aes_test.go @@ -16,7 +16,7 @@ import ( "crypto/cipher" "crypto/internal/boring" "crypto/internal/cryptotest" - fipsaes "crypto/internal/fips/aes" + fipsaes "crypto/internal/fips140/aes" "encoding/hex" "fmt" "math/rand" diff --git a/src/crypto/cipher/gcm.go b/src/crypto/cipher/gcm.go index c75e8eddd1..239e3466ca 100644 --- a/src/crypto/cipher/gcm.go +++ b/src/crypto/cipher/gcm.go @@ -5,9 +5,9 @@ package cipher import ( - "crypto/internal/fips/aes" - "crypto/internal/fips/aes/gcm" - "crypto/internal/fips/alias" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/aes/gcm" + "crypto/internal/fips140/alias" "crypto/subtle" "errors" "internal/byteorder" @@ -127,7 +127,7 @@ func (g gcmWithRandomNonce) Seal(dst, nonce, plaintext, additionalData []byte) [ // In Seal, we could work through the input backwards or intentionally load // ahead before writing. // - // However, the crypto/internal/fips/aes/gcm APIs also check for exact overlap, + // However, the crypto/internal/fips140/aes/gcm APIs also check for exact overlap, // so for now we just do a memmove if we detect overlap. // // ┌───────────────────────────┬ ─ ─ @@ -209,7 +209,7 @@ func newGCMFallback(cipher Block, nonceSize, tagSize int) (AEAD, error) { // gcmFallback is only used for non-AES ciphers, which regrettably we // theoretically support. It's a copy of the generic implementation from -// crypto/internal/fips/aes/gcm/gcm_generic.go, refer to that file for more details. +// crypto/internal/fips140/aes/gcm/gcm_generic.go, refer to that file for more details. type gcmFallback struct { cipher Block nonceSize int diff --git a/src/crypto/cipher/gcm_test.go b/src/crypto/cipher/gcm_test.go index f6679f3d42..ea2b4e29e2 100644 --- a/src/crypto/cipher/gcm_test.go +++ b/src/crypto/cipher/gcm_test.go @@ -10,9 +10,9 @@ import ( "crypto/cipher" "crypto/internal/boring" "crypto/internal/cryptotest" - "crypto/internal/fips" - fipsaes "crypto/internal/fips/aes" - "crypto/internal/fips/aes/gcm" + "crypto/internal/fips140" + fipsaes "crypto/internal/fips140/aes" + "crypto/internal/fips140/aes/gcm" "crypto/rand" "encoding/hex" "errors" @@ -744,9 +744,9 @@ func TestFIPSServiceIndicator(t *testing.T) { return aead } tryNonce := func(aead cipher.AEAD, nonce []byte) bool { - fips.ResetServiceIndicator() + fips140.ResetServiceIndicator() aead.Seal(nil, nonce, []byte("x"), nil) - return fips.ServiceIndicator() + return fips140.ServiceIndicator() } expectTrue := func(t *testing.T, aead cipher.AEAD, nonce []byte) { t.Helper() diff --git a/src/crypto/cipher/ofb.go b/src/crypto/cipher/ofb.go index 339864f4e2..549dc91962 100644 --- a/src/crypto/cipher/ofb.go +++ b/src/crypto/cipher/ofb.go @@ -7,7 +7,7 @@ package cipher import ( - "crypto/internal/fips/alias" + "crypto/internal/fips140/alias" "crypto/subtle" ) diff --git a/src/crypto/des/cipher.go b/src/crypto/des/cipher.go index 361b9621fe..a1ed57cdb1 100644 --- a/src/crypto/des/cipher.go +++ b/src/crypto/des/cipher.go @@ -6,7 +6,7 @@ package des import ( "crypto/cipher" - "crypto/internal/fips/alias" + "crypto/internal/fips140/alias" "internal/byteorder" "strconv" ) diff --git a/src/crypto/ecdh/nist.go b/src/crypto/ecdh/nist.go index 0a80ca0063..903aa26030 100644 --- a/src/crypto/ecdh/nist.go +++ b/src/crypto/ecdh/nist.go @@ -7,7 +7,7 @@ package ecdh import ( "bytes" "crypto/internal/boring" - "crypto/internal/fips/ecdh" + "crypto/internal/fips140/ecdh" "errors" "io" ) diff --git a/src/crypto/ecdh/x25519.go b/src/crypto/ecdh/x25519.go index 336c8e4c47..73c1120bf3 100644 --- a/src/crypto/ecdh/x25519.go +++ b/src/crypto/ecdh/x25519.go @@ -6,7 +6,7 @@ package ecdh import ( "bytes" - "crypto/internal/fips/edwards25519/field" + "crypto/internal/fips140/edwards25519/field" "crypto/internal/randutil" "errors" "io" diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go index 0c2e0bab45..0ad669795c 100644 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go @@ -20,7 +20,7 @@ import ( "crypto/elliptic" "crypto/internal/boring" "crypto/internal/boring/bbig" - "crypto/internal/fips/ecdsa" + "crypto/internal/fips140/ecdsa" "crypto/internal/randutil" "crypto/sha512" "crypto/subtle" diff --git a/src/crypto/ed25519/ed25519.go b/src/crypto/ed25519/ed25519.go index 3b033f14a1..6480463b4a 100644 --- a/src/crypto/ed25519/ed25519.go +++ b/src/crypto/ed25519/ed25519.go @@ -17,7 +17,7 @@ package ed25519 import ( "crypto" - "crypto/internal/fips/ed25519" + "crypto/internal/fips140/ed25519" cryptorand "crypto/rand" "crypto/subtle" "errors" diff --git a/src/crypto/elliptic/nistec.go b/src/crypto/elliptic/nistec.go index b785b2cca6..043e57607c 100644 --- a/src/crypto/elliptic/nistec.go +++ b/src/crypto/elliptic/nistec.go @@ -5,7 +5,7 @@ package elliptic import ( - "crypto/internal/fips/nistec" + "crypto/internal/fips140/nistec" "errors" "math/big" ) diff --git a/src/crypto/elliptic/nistec_p256.go b/src/crypto/elliptic/nistec_p256.go index 14bf167774..41aace7421 100644 --- a/src/crypto/elliptic/nistec_p256.go +++ b/src/crypto/elliptic/nistec_p256.go @@ -7,7 +7,7 @@ package elliptic import ( - "crypto/internal/fips/nistec" + "crypto/internal/fips140/nistec" "math/big" ) diff --git a/src/crypto/hmac/hmac.go b/src/crypto/hmac/hmac.go index b8c909cf01..3b777665cb 100644 --- a/src/crypto/hmac/hmac.go +++ b/src/crypto/hmac/hmac.go @@ -23,7 +23,7 @@ package hmac import ( "crypto/internal/boring" - "crypto/internal/fips/hmac" + "crypto/internal/fips140/hmac" "crypto/subtle" "hash" ) diff --git a/src/crypto/internal/entropy/entropy.go b/src/crypto/internal/entropy/entropy.go index e27b05bda5..5319e9e47a 100644 --- a/src/crypto/internal/entropy/entropy.go +++ b/src/crypto/internal/entropy/entropy.go @@ -3,7 +3,7 @@ // license that can be found in the LICENSE file. // Package entropy provides the passive entropy source for the FIPS 140-3 -// module. It is only used in FIPS mode by [crypto/internal/fips/drbg.Read]. +// module. It is only used in FIPS mode by [crypto/internal/fips140/drbg.Read]. // // This complies with IG 9.3.A, Additional Comment 12, which until January 1, // 2026 allows new modules to meet an [earlier version] of Resolution 2(b): diff --git a/src/crypto/internal/fips/check/checktest/asm.s b/src/crypto/internal/fips/check/checktest/asm.s deleted file mode 100644 index 090f87b1ec..0000000000 --- a/src/crypto/internal/fips/check/checktest/asm.s +++ /dev/null @@ -1,6 +0,0 @@ -//go:build !purego && !wasm - -#include "textflag.h" - -DATA crypto∕internal∕fips∕check∕checktest·RODATA(SB)/4, $2 -GLOBL crypto∕internal∕fips∕check∕checktest·RODATA(SB), RODATA, $4 diff --git a/src/crypto/internal/fips/aes/_asm/ctr/ctr_amd64_asm.go b/src/crypto/internal/fips140/aes/_asm/ctr/ctr_amd64_asm.go similarity index 100% rename from src/crypto/internal/fips/aes/_asm/ctr/ctr_amd64_asm.go rename to src/crypto/internal/fips140/aes/_asm/ctr/ctr_amd64_asm.go diff --git a/src/crypto/internal/fips/aes/_asm/ctr/go.mod b/src/crypto/internal/fips140/aes/_asm/ctr/go.mod similarity index 100% rename from src/crypto/internal/fips/aes/_asm/ctr/go.mod rename to src/crypto/internal/fips140/aes/_asm/ctr/go.mod diff --git a/src/crypto/internal/fips/aes/_asm/ctr/go.sum b/src/crypto/internal/fips140/aes/_asm/ctr/go.sum similarity index 100% rename from src/crypto/internal/fips/aes/_asm/ctr/go.sum rename to src/crypto/internal/fips140/aes/_asm/ctr/go.sum diff --git a/src/crypto/internal/fips/aes/_asm/standard/aes_amd64.go b/src/crypto/internal/fips140/aes/_asm/standard/aes_amd64.go similarity index 100% rename from src/crypto/internal/fips/aes/_asm/standard/aes_amd64.go rename to src/crypto/internal/fips140/aes/_asm/standard/aes_amd64.go diff --git a/src/crypto/internal/fips/aes/_asm/standard/go.mod b/src/crypto/internal/fips140/aes/_asm/standard/go.mod similarity index 100% rename from src/crypto/internal/fips/aes/_asm/standard/go.mod rename to src/crypto/internal/fips140/aes/_asm/standard/go.mod diff --git a/src/crypto/internal/fips/aes/_asm/standard/go.sum b/src/crypto/internal/fips140/aes/_asm/standard/go.sum similarity index 100% rename from src/crypto/internal/fips/aes/_asm/standard/go.sum rename to src/crypto/internal/fips140/aes/_asm/standard/go.sum diff --git a/src/crypto/internal/fips/aes/aes.go b/src/crypto/internal/fips140/aes/aes.go similarity index 96% rename from src/crypto/internal/fips/aes/aes.go rename to src/crypto/internal/fips140/aes/aes.go index 06eff26d0c..739f1a3dbe 100644 --- a/src/crypto/internal/fips/aes/aes.go +++ b/src/crypto/internal/fips140/aes/aes.go @@ -5,8 +5,8 @@ package aes import ( - "crypto/internal/fips" - "crypto/internal/fips/alias" + "crypto/internal/fips140" + "crypto/internal/fips140/alias" "strconv" ) @@ -103,7 +103,7 @@ func (c *Block) Encrypt(dst, src []byte) { if alias.InexactOverlap(dst[:BlockSize], src[:BlockSize]) { panic("crypto/aes: invalid buffer overlap") } - fips.RecordApproved() + fips140.RecordApproved() encryptBlock(c, dst, src) } @@ -117,6 +117,6 @@ func (c *Block) Decrypt(dst, src []byte) { if alias.InexactOverlap(dst[:BlockSize], src[:BlockSize]) { panic("crypto/aes: invalid buffer overlap") } - fips.RecordApproved() + fips140.RecordApproved() decryptBlock(c, dst, src) } diff --git a/src/crypto/internal/fips/aes/aes_amd64.s b/src/crypto/internal/fips140/aes/aes_amd64.s similarity index 100% rename from src/crypto/internal/fips/aes/aes_amd64.s rename to src/crypto/internal/fips140/aes/aes_amd64.s diff --git a/src/crypto/internal/fips/aes/aes_arm64.s b/src/crypto/internal/fips140/aes/aes_arm64.s similarity index 100% rename from src/crypto/internal/fips/aes/aes_arm64.s rename to src/crypto/internal/fips140/aes/aes_arm64.s diff --git a/src/crypto/internal/fips/aes/aes_asm.go b/src/crypto/internal/fips140/aes/aes_asm.go similarity index 97% rename from src/crypto/internal/fips/aes/aes_asm.go rename to src/crypto/internal/fips140/aes/aes_asm.go index 47aca96543..95a07e7a1c 100644 --- a/src/crypto/internal/fips/aes/aes_asm.go +++ b/src/crypto/internal/fips140/aes/aes_asm.go @@ -7,8 +7,8 @@ package aes import ( - "crypto/internal/fipsdeps/cpu" - "crypto/internal/fipsdeps/godebug" + "crypto/internal/fips140deps/cpu" + "crypto/internal/fips140deps/godebug" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/aes/aes_generic.go b/src/crypto/internal/fips140/aes/aes_generic.go similarity index 99% rename from src/crypto/internal/fips/aes/aes_generic.go rename to src/crypto/internal/fips140/aes/aes_generic.go index de7ecb13c2..0112c0a675 100644 --- a/src/crypto/internal/fips/aes/aes_generic.go +++ b/src/crypto/internal/fips140/aes/aes_generic.go @@ -36,7 +36,7 @@ package aes -import "crypto/internal/fipsdeps/byteorder" +import "crypto/internal/fips140deps/byteorder" // Encrypt one block from src into dst, using the expanded key xk. func encryptBlockGeneric(c *blockExpanded, dst, src []byte) { diff --git a/src/crypto/internal/fips/aes/aes_noasm.go b/src/crypto/internal/fips140/aes/aes_noasm.go similarity index 100% rename from src/crypto/internal/fips/aes/aes_noasm.go rename to src/crypto/internal/fips140/aes/aes_noasm.go diff --git a/src/crypto/internal/fips/aes/aes_ppc64x.s b/src/crypto/internal/fips140/aes/aes_ppc64x.s similarity index 100% rename from src/crypto/internal/fips/aes/aes_ppc64x.s rename to src/crypto/internal/fips140/aes/aes_ppc64x.s diff --git a/src/crypto/internal/fips/aes/aes_s390x.go b/src/crypto/internal/fips140/aes/aes_s390x.go similarity index 98% rename from src/crypto/internal/fips/aes/aes_s390x.go rename to src/crypto/internal/fips140/aes/aes_s390x.go index 005aacb300..72d7b6f763 100644 --- a/src/crypto/internal/fips/aes/aes_s390x.go +++ b/src/crypto/internal/fips140/aes/aes_s390x.go @@ -7,7 +7,7 @@ package aes import ( - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140deps/cpu" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/aes/aes_s390x.s b/src/crypto/internal/fips140/aes/aes_s390x.s similarity index 100% rename from src/crypto/internal/fips/aes/aes_s390x.s rename to src/crypto/internal/fips140/aes/aes_s390x.s diff --git a/src/crypto/internal/fips/aes/aes_test.go b/src/crypto/internal/fips140/aes/aes_test.go similarity index 100% rename from src/crypto/internal/fips/aes/aes_test.go rename to src/crypto/internal/fips140/aes/aes_test.go diff --git a/src/crypto/internal/fips/aes/cast.go b/src/crypto/internal/fips140/aes/cast.go similarity index 91% rename from src/crypto/internal/fips/aes/cast.go rename to src/crypto/internal/fips140/aes/cast.go index 4a143a43b2..de8f367652 100644 --- a/src/crypto/internal/fips/aes/cast.go +++ b/src/crypto/internal/fips140/aes/cast.go @@ -6,13 +6,13 @@ package aes import ( "bytes" - "crypto/internal/fips" - _ "crypto/internal/fips/check" + "crypto/internal/fips140" + _ "crypto/internal/fips140/check" "errors" ) func init() { - fips.CAST("AES-CBC", func() error { + fips140.CAST("AES-CBC", func() error { key := []byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, diff --git a/src/crypto/internal/fips/aes/cbc.go b/src/crypto/internal/fips140/aes/cbc.go similarity index 97% rename from src/crypto/internal/fips/aes/cbc.go rename to src/crypto/internal/fips140/aes/cbc.go index d4ec14f1a6..c7837b9d87 100644 --- a/src/crypto/internal/fips/aes/cbc.go +++ b/src/crypto/internal/fips140/aes/cbc.go @@ -5,8 +5,8 @@ package aes import ( - "crypto/internal/fips/alias" - "crypto/internal/fips/subtle" + "crypto/internal/fips140/alias" + "crypto/internal/fips140/subtle" ) type CBCEncrypter struct { diff --git a/src/crypto/internal/fips/aes/cbc_noasm.go b/src/crypto/internal/fips140/aes/cbc_noasm.go similarity index 100% rename from src/crypto/internal/fips/aes/cbc_noasm.go rename to src/crypto/internal/fips140/aes/cbc_noasm.go diff --git a/src/crypto/internal/fips/aes/cbc_ppc64x.go b/src/crypto/internal/fips140/aes/cbc_ppc64x.go similarity index 100% rename from src/crypto/internal/fips/aes/cbc_ppc64x.go rename to src/crypto/internal/fips140/aes/cbc_ppc64x.go diff --git a/src/crypto/internal/fips/aes/cbc_s390x.go b/src/crypto/internal/fips140/aes/cbc_s390x.go similarity index 100% rename from src/crypto/internal/fips/aes/cbc_s390x.go rename to src/crypto/internal/fips140/aes/cbc_s390x.go diff --git a/src/crypto/internal/fips/aes/const.go b/src/crypto/internal/fips140/aes/const.go similarity index 100% rename from src/crypto/internal/fips/aes/const.go rename to src/crypto/internal/fips140/aes/const.go diff --git a/src/crypto/internal/fips/aes/ctr.go b/src/crypto/internal/fips140/aes/ctr.go similarity index 97% rename from src/crypto/internal/fips/aes/ctr.go rename to src/crypto/internal/fips140/aes/ctr.go index 722ec4bc87..ec1959a225 100644 --- a/src/crypto/internal/fips/aes/ctr.go +++ b/src/crypto/internal/fips140/aes/ctr.go @@ -5,9 +5,9 @@ package aes import ( - "crypto/internal/fips/alias" - "crypto/internal/fips/subtle" - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140/alias" + "crypto/internal/fips140/subtle" + "crypto/internal/fips140deps/byteorder" "math/bits" ) diff --git a/src/crypto/internal/fips/aes/ctr_amd64.s b/src/crypto/internal/fips140/aes/ctr_amd64.s similarity index 100% rename from src/crypto/internal/fips/aes/ctr_amd64.s rename to src/crypto/internal/fips140/aes/ctr_amd64.s diff --git a/src/crypto/internal/fips/aes/ctr_arm64.s b/src/crypto/internal/fips140/aes/ctr_arm64.s similarity index 100% rename from src/crypto/internal/fips/aes/ctr_arm64.s rename to src/crypto/internal/fips140/aes/ctr_arm64.s diff --git a/src/crypto/internal/fips/aes/ctr_arm64_gen.go b/src/crypto/internal/fips140/aes/ctr_arm64_gen.go similarity index 100% rename from src/crypto/internal/fips/aes/ctr_arm64_gen.go rename to src/crypto/internal/fips140/aes/ctr_arm64_gen.go diff --git a/src/crypto/internal/fips/aes/ctr_asm.go b/src/crypto/internal/fips140/aes/ctr_asm.go similarity index 100% rename from src/crypto/internal/fips/aes/ctr_asm.go rename to src/crypto/internal/fips140/aes/ctr_asm.go diff --git a/src/crypto/internal/fips/aes/ctr_noasm.go b/src/crypto/internal/fips140/aes/ctr_noasm.go similarity index 100% rename from src/crypto/internal/fips/aes/ctr_noasm.go rename to src/crypto/internal/fips140/aes/ctr_noasm.go diff --git a/src/crypto/internal/fips/aes/ctr_s390x.go b/src/crypto/internal/fips140/aes/ctr_s390x.go similarity index 94% rename from src/crypto/internal/fips/aes/ctr_s390x.go rename to src/crypto/internal/fips140/aes/ctr_s390x.go index aca3fe7ff9..2d6e17927e 100644 --- a/src/crypto/internal/fips/aes/ctr_s390x.go +++ b/src/crypto/internal/fips140/aes/ctr_s390x.go @@ -7,8 +7,8 @@ package aes import ( - "crypto/internal/fips/subtle" - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140/subtle" + "crypto/internal/fips140deps/byteorder" ) func ctrBlocks1(b *Block, dst, src *[BlockSize]byte, ivlo, ivhi uint64) { diff --git a/src/crypto/internal/fips/aes/gcm/_asm/gcm/gcm_amd64_asm.go b/src/crypto/internal/fips140/aes/gcm/_asm/gcm/gcm_amd64_asm.go similarity index 100% rename from src/crypto/internal/fips/aes/gcm/_asm/gcm/gcm_amd64_asm.go rename to src/crypto/internal/fips140/aes/gcm/_asm/gcm/gcm_amd64_asm.go diff --git a/src/crypto/internal/fips/aes/gcm/_asm/gcm/go.mod b/src/crypto/internal/fips140/aes/gcm/_asm/gcm/go.mod similarity index 100% rename from src/crypto/internal/fips/aes/gcm/_asm/gcm/go.mod rename to src/crypto/internal/fips140/aes/gcm/_asm/gcm/go.mod diff --git a/src/crypto/internal/fips/aes/gcm/_asm/gcm/go.sum b/src/crypto/internal/fips140/aes/gcm/_asm/gcm/go.sum similarity index 100% rename from src/crypto/internal/fips/aes/gcm/_asm/gcm/go.sum rename to src/crypto/internal/fips140/aes/gcm/_asm/gcm/go.sum diff --git a/src/crypto/internal/fips/aes/gcm/cast.go b/src/crypto/internal/fips140/aes/gcm/cast.go similarity index 85% rename from src/crypto/internal/fips/aes/gcm/cast.go rename to src/crypto/internal/fips140/aes/gcm/cast.go index 1373a01944..7f1975638a 100644 --- a/src/crypto/internal/fips/aes/gcm/cast.go +++ b/src/crypto/internal/fips140/aes/gcm/cast.go @@ -5,17 +5,17 @@ package gcm import ( - "crypto/internal/fips" - "crypto/internal/fips/aes" - _ "crypto/internal/fips/check" + "crypto/internal/fips140" + "crypto/internal/fips140/aes" + _ "crypto/internal/fips140/check" "errors" ) func init() { // Counter KDF covers CMAC per IG 10.3.B, and CMAC covers GCM per IG 10.3.A // Resolution 1.d(i). AES decryption is covered by the CBC CAST in package - // crypto/internal/fips/aes. - fips.CAST("CounterKDF", func() error { + // crypto/internal/fips140/aes. + fips140.CAST("CounterKDF", func() error { key := []byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, diff --git a/src/crypto/internal/fips/aes/gcm/cmac.go b/src/crypto/internal/fips140/aes/gcm/cmac.go similarity index 93% rename from src/crypto/internal/fips/aes/gcm/cmac.go rename to src/crypto/internal/fips140/aes/gcm/cmac.go index df87c31e4d..e0a9dc43de 100644 --- a/src/crypto/internal/fips/aes/gcm/cmac.go +++ b/src/crypto/internal/fips140/aes/gcm/cmac.go @@ -5,9 +5,9 @@ package gcm import ( - "crypto/internal/fips" - "crypto/internal/fips/aes" - "crypto/internal/fips/subtle" + "crypto/internal/fips140" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/subtle" ) // CMAC implements the CMAC mode from NIST SP 800-38B. @@ -38,7 +38,7 @@ func (c *CMAC) deriveSubkeys() { } func (c *CMAC) MAC(m []byte) [aes.BlockSize]byte { - fips.RecordApproved() + fips140.RecordApproved() _ = c.b // Hoist the nil check out of the loop. var x [aes.BlockSize]byte if len(m) == 0 { diff --git a/src/crypto/internal/fips/aes/gcm/ctrkdf.go b/src/crypto/internal/fips140/aes/gcm/ctrkdf.go similarity index 94% rename from src/crypto/internal/fips/aes/gcm/ctrkdf.go rename to src/crypto/internal/fips140/aes/gcm/ctrkdf.go index 92856337a3..9c7d4971a3 100644 --- a/src/crypto/internal/fips/aes/gcm/ctrkdf.go +++ b/src/crypto/internal/fips140/aes/gcm/ctrkdf.go @@ -5,8 +5,8 @@ package gcm import ( - "crypto/internal/fips" - "crypto/internal/fips/aes" + "crypto/internal/fips140" + "crypto/internal/fips140/aes" ) // CounterKDF implements a KDF in Counter Mode instantiated with CMAC-AES, @@ -30,7 +30,7 @@ func NewCounterKDF(b *aes.Block) *CounterKDF { // DeriveKey derives a key from the given label and context. func (kdf *CounterKDF) DeriveKey(label byte, context [12]byte) [32]byte { - fips.RecordApproved() + fips140.RecordApproved() var output [32]byte var input [aes.BlockSize]byte diff --git a/src/crypto/internal/fips/aes/gcm/gcm.go b/src/crypto/internal/fips140/aes/gcm/gcm.go similarity index 96% rename from src/crypto/internal/fips/aes/gcm/gcm.go rename to src/crypto/internal/fips140/aes/gcm/gcm.go index a88f633b09..20da20c524 100644 --- a/src/crypto/internal/fips/aes/gcm/gcm.go +++ b/src/crypto/internal/fips140/aes/gcm/gcm.go @@ -5,9 +5,9 @@ package gcm import ( - "crypto/internal/fips" - "crypto/internal/fips/aes" - "crypto/internal/fips/alias" + "crypto/internal/fips140" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/alias" "errors" ) @@ -61,7 +61,7 @@ func (g *GCM) Overhead() int { } func (g *GCM) Seal(dst, nonce, plaintext, data []byte) []byte { - fips.RecordNonApproved() + fips140.RecordNonApproved() return g.sealAfterIndicator(dst, nonce, plaintext, data) } @@ -115,7 +115,7 @@ func (g *GCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { panic("crypto/cipher: invalid buffer overlap of output and additional data") } - fips.RecordApproved() + fips140.RecordApproved() if err := open(out, g, nonce, ciphertext, data); err != nil { // We sometimes decrypt and authenticate concurrently, so we overwrite // dst in the event of a tag mismatch. To be consistent across platforms diff --git a/src/crypto/internal/fips/aes/gcm/gcm_amd64.s b/src/crypto/internal/fips140/aes/gcm/gcm_amd64.s similarity index 100% rename from src/crypto/internal/fips/aes/gcm/gcm_amd64.s rename to src/crypto/internal/fips140/aes/gcm/gcm_amd64.s diff --git a/src/crypto/internal/fips/aes/gcm/gcm_arm64.s b/src/crypto/internal/fips140/aes/gcm/gcm_arm64.s similarity index 100% rename from src/crypto/internal/fips/aes/gcm/gcm_arm64.s rename to src/crypto/internal/fips140/aes/gcm/gcm_arm64.s diff --git a/src/crypto/internal/fips/aes/gcm/gcm_asm.go b/src/crypto/internal/fips140/aes/gcm/gcm_asm.go similarity index 97% rename from src/crypto/internal/fips/aes/gcm/gcm_asm.go rename to src/crypto/internal/fips140/aes/gcm/gcm_asm.go index f62b7e3f81..d513f77a2f 100644 --- a/src/crypto/internal/fips/aes/gcm/gcm_asm.go +++ b/src/crypto/internal/fips140/aes/gcm/gcm_asm.go @@ -7,9 +7,9 @@ package gcm import ( - "crypto/internal/fips/aes" - "crypto/internal/fips/subtle" - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/subtle" + "crypto/internal/fips140deps/cpu" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/aes/gcm/gcm_generic.go b/src/crypto/internal/fips140/aes/gcm/gcm_generic.go similarity index 97% rename from src/crypto/internal/fips/aes/gcm/gcm_generic.go rename to src/crypto/internal/fips140/aes/gcm/gcm_generic.go index 2e5f8b5c1a..778392661d 100644 --- a/src/crypto/internal/fips/aes/gcm/gcm_generic.go +++ b/src/crypto/internal/fips140/aes/gcm/gcm_generic.go @@ -5,9 +5,9 @@ package gcm import ( - "crypto/internal/fips/aes" - "crypto/internal/fips/subtle" - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/subtle" + "crypto/internal/fips140deps/byteorder" ) func sealGeneric(out []byte, g *GCM, nonce, plaintext, additionalData []byte) { diff --git a/src/crypto/internal/fips/aes/gcm/gcm_noasm.go b/src/crypto/internal/fips140/aes/gcm/gcm_noasm.go similarity index 100% rename from src/crypto/internal/fips/aes/gcm/gcm_noasm.go rename to src/crypto/internal/fips140/aes/gcm/gcm_noasm.go diff --git a/src/crypto/internal/fips/aes/gcm/gcm_nonces.go b/src/crypto/internal/fips140/aes/gcm/gcm_nonces.go similarity index 94% rename from src/crypto/internal/fips/aes/gcm/gcm_nonces.go rename to src/crypto/internal/fips140/aes/gcm/gcm_nonces.go index db992d14de..b1ac815288 100644 --- a/src/crypto/internal/fips/aes/gcm/gcm_nonces.go +++ b/src/crypto/internal/fips140/aes/gcm/gcm_nonces.go @@ -5,11 +5,11 @@ package gcm import ( - "crypto/internal/fips" - "crypto/internal/fips/aes" - "crypto/internal/fips/alias" - "crypto/internal/fips/drbg" - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/alias" + "crypto/internal/fips140/drbg" + "crypto/internal/fips140deps/byteorder" "math" ) @@ -37,7 +37,7 @@ func SealWithRandomNonce(g *GCM, nonce, out, plaintext, additionalData []byte) { if alias.AnyOverlap(out, additionalData) { panic("crypto/cipher: invalid buffer overlap of output and additional data") } - fips.RecordApproved() + fips140.RecordApproved() drbg.Read(nonce) seal(out, g, nonce, plaintext, additionalData) } @@ -94,12 +94,12 @@ func (g *GCMWithCounterNonce) Seal(dst, nonce, plaintext, data []byte) []byte { } g.next = counter + 1 - fips.RecordApproved() + fips140.RecordApproved() return g.g.sealAfterIndicator(dst, nonce, plaintext, data) } func (g *GCMWithCounterNonce) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { - fips.RecordApproved() + fips140.RecordApproved() return g.g.Open(dst, nonce, ciphertext, data) } @@ -141,12 +141,12 @@ func (g *GCMForTLS12) Seal(dst, nonce, plaintext, data []byte) []byte { } g.next = counter + 1 - fips.RecordApproved() + fips140.RecordApproved() return g.g.sealAfterIndicator(dst, nonce, plaintext, data) } func (g *GCMForTLS12) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { - fips.RecordApproved() + fips140.RecordApproved() return g.g.Open(dst, nonce, ciphertext, data) } @@ -193,12 +193,12 @@ func (g *GCMForTLS13) Seal(dst, nonce, plaintext, data []byte) []byte { } g.next = counter + 1 - fips.RecordApproved() + fips140.RecordApproved() return g.g.sealAfterIndicator(dst, nonce, plaintext, data) } func (g *GCMForTLS13) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { - fips.RecordApproved() + fips140.RecordApproved() return g.g.Open(dst, nonce, ciphertext, data) } @@ -247,11 +247,11 @@ func (g *GCMForSSH) Seal(dst, nonce, plaintext, data []byte) []byte { } g.next = counter + 1 - fips.RecordApproved() + fips140.RecordApproved() return g.g.sealAfterIndicator(dst, nonce, plaintext, data) } func (g *GCMForSSH) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { - fips.RecordApproved() + fips140.RecordApproved() return g.g.Open(dst, nonce, ciphertext, data) } diff --git a/src/crypto/internal/fips/aes/gcm/gcm_ppc64x.go b/src/crypto/internal/fips140/aes/gcm/gcm_ppc64x.go similarity index 97% rename from src/crypto/internal/fips/aes/gcm/gcm_ppc64x.go rename to src/crypto/internal/fips140/aes/gcm/gcm_ppc64x.go index b8c798e442..5084835e88 100644 --- a/src/crypto/internal/fips/aes/gcm/gcm_ppc64x.go +++ b/src/crypto/internal/fips140/aes/gcm/gcm_ppc64x.go @@ -7,10 +7,10 @@ package gcm import ( - "crypto/internal/fips/aes" - "crypto/internal/fips/subtle" - "crypto/internal/fipsdeps/byteorder" - "crypto/internal/fipsdeps/godebug" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/subtle" + "crypto/internal/fips140deps/byteorder" + "crypto/internal/fips140deps/godebug" "crypto/internal/impl" "runtime" ) diff --git a/src/crypto/internal/fips/aes/gcm/gcm_ppc64x.s b/src/crypto/internal/fips140/aes/gcm/gcm_ppc64x.s similarity index 100% rename from src/crypto/internal/fips/aes/gcm/gcm_ppc64x.s rename to src/crypto/internal/fips140/aes/gcm/gcm_ppc64x.s diff --git a/src/crypto/internal/fips/aes/gcm/gcm_s390x.go b/src/crypto/internal/fips140/aes/gcm/gcm_s390x.go similarity index 98% rename from src/crypto/internal/fips/aes/gcm/gcm_s390x.go rename to src/crypto/internal/fips140/aes/gcm/gcm_s390x.go index 2946d0b84b..6d88e18240 100644 --- a/src/crypto/internal/fips/aes/gcm/gcm_s390x.go +++ b/src/crypto/internal/fips140/aes/gcm/gcm_s390x.go @@ -7,10 +7,10 @@ package gcm import ( - "crypto/internal/fips/aes" - "crypto/internal/fips/subtle" - "crypto/internal/fipsdeps/byteorder" - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/subtle" + "crypto/internal/fips140deps/byteorder" + "crypto/internal/fips140deps/cpu" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/aes/gcm/gcm_s390x.s b/src/crypto/internal/fips140/aes/gcm/gcm_s390x.s similarity index 100% rename from src/crypto/internal/fips/aes/gcm/gcm_s390x.s rename to src/crypto/internal/fips140/aes/gcm/gcm_s390x.s diff --git a/src/crypto/internal/fips/aes/gcm/ghash.go b/src/crypto/internal/fips140/aes/gcm/ghash.go similarity index 98% rename from src/crypto/internal/fips/aes/gcm/ghash.go rename to src/crypto/internal/fips140/aes/gcm/ghash.go index d06e995c49..fb60352246 100644 --- a/src/crypto/internal/fips/aes/gcm/ghash.go +++ b/src/crypto/internal/fips140/aes/gcm/ghash.go @@ -5,8 +5,8 @@ package gcm import ( - "crypto/internal/fips" - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140" + "crypto/internal/fips140deps/byteorder" ) // gcmFieldElement represents a value in GF(2¹²⁸). In order to reflect the GCM @@ -25,7 +25,7 @@ type gcmFieldElement struct { // It is not allowed as a stand-alone operation in FIPS mode because it // is not ACVP tested. func GHASH(key *[16]byte, inputs ...[]byte) []byte { - fips.RecordNonApproved() + fips140.RecordNonApproved() var out [gcmBlockSize]byte ghash(&out, key, inputs...) return out[:] diff --git a/src/crypto/internal/fips/aes/gcm/interface_test.go b/src/crypto/internal/fips140/aes/gcm/interface_test.go similarity index 87% rename from src/crypto/internal/fips/aes/gcm/interface_test.go rename to src/crypto/internal/fips140/aes/gcm/interface_test.go index d5f869e8f6..48f96cad80 100644 --- a/src/crypto/internal/fips/aes/gcm/interface_test.go +++ b/src/crypto/internal/fips140/aes/gcm/interface_test.go @@ -6,7 +6,7 @@ package gcm_test import ( "crypto/cipher" - "crypto/internal/fips/aes/gcm" + "crypto/internal/fips140/aes/gcm" ) var _ cipher.AEAD = (*gcm.GCM)(nil) diff --git a/src/crypto/internal/fips/aes/interface_test.go b/src/crypto/internal/fips140/aes/interface_test.go similarity index 92% rename from src/crypto/internal/fips/aes/interface_test.go rename to src/crypto/internal/fips140/aes/interface_test.go index 17e59b25ff..fdc6fb00a1 100644 --- a/src/crypto/internal/fips/aes/interface_test.go +++ b/src/crypto/internal/fips140/aes/interface_test.go @@ -6,7 +6,7 @@ package aes_test import ( "crypto/cipher" - "crypto/internal/fips/aes" + "crypto/internal/fips140/aes" ) var _ cipher.Block = (*aes.Block)(nil) diff --git a/src/crypto/internal/fips/alias/alias.go b/src/crypto/internal/fips140/alias/alias.go similarity index 100% rename from src/crypto/internal/fips/alias/alias.go rename to src/crypto/internal/fips140/alias/alias.go diff --git a/src/crypto/internal/fips/bigmod/_asm/go.mod b/src/crypto/internal/fips140/bigmod/_asm/go.mod similarity index 86% rename from src/crypto/internal/fips/bigmod/_asm/go.mod rename to src/crypto/internal/fips140/bigmod/_asm/go.mod index e51aa3cb2b..3773fa5aac 100644 --- a/src/crypto/internal/fips/bigmod/_asm/go.mod +++ b/src/crypto/internal/fips140/bigmod/_asm/go.mod @@ -1,4 +1,4 @@ -module crypto/internal/fips/bigmod/_asm +module crypto/internal/fips140/bigmod/_asm go 1.19 diff --git a/src/crypto/internal/fips/bigmod/_asm/go.sum b/src/crypto/internal/fips140/bigmod/_asm/go.sum similarity index 100% rename from src/crypto/internal/fips/bigmod/_asm/go.sum rename to src/crypto/internal/fips140/bigmod/_asm/go.sum diff --git a/src/crypto/internal/fips/bigmod/_asm/nat_amd64_asm.go b/src/crypto/internal/fips140/bigmod/_asm/nat_amd64_asm.go similarity index 98% rename from src/crypto/internal/fips/bigmod/_asm/nat_amd64_asm.go rename to src/crypto/internal/fips140/bigmod/_asm/nat_amd64_asm.go index 8c1bedcc78..548216dc48 100644 --- a/src/crypto/internal/fips/bigmod/_asm/nat_amd64_asm.go +++ b/src/crypto/internal/fips140/bigmod/_asm/nat_amd64_asm.go @@ -15,7 +15,7 @@ import ( //go:generate go run . -out ../nat_amd64.s -pkg bigmod func main() { - Package("crypto/internal/fips/bigmod") + Package("crypto/internal/fips140/bigmod") ConstraintExpr("!purego") addMulVVW(1024) diff --git a/src/crypto/internal/fips/bigmod/nat.go b/src/crypto/internal/fips140/bigmod/nat.go similarity index 99% rename from src/crypto/internal/fips/bigmod/nat.go rename to src/crypto/internal/fips140/bigmod/nat.go index 26148390a0..0a305b4ce6 100644 --- a/src/crypto/internal/fips/bigmod/nat.go +++ b/src/crypto/internal/fips140/bigmod/nat.go @@ -5,8 +5,8 @@ package bigmod import ( - _ "crypto/internal/fips/check" - "crypto/internal/fipsdeps/byteorder" + _ "crypto/internal/fips140/check" + "crypto/internal/fips140deps/byteorder" "errors" "math/bits" ) diff --git a/src/crypto/internal/fips/bigmod/nat_386.s b/src/crypto/internal/fips140/bigmod/nat_386.s similarity index 100% rename from src/crypto/internal/fips/bigmod/nat_386.s rename to src/crypto/internal/fips140/bigmod/nat_386.s diff --git a/src/crypto/internal/fips/bigmod/nat_amd64.s b/src/crypto/internal/fips140/bigmod/nat_amd64.s similarity index 100% rename from src/crypto/internal/fips/bigmod/nat_amd64.s rename to src/crypto/internal/fips140/bigmod/nat_amd64.s diff --git a/src/crypto/internal/fips/bigmod/nat_arm.s b/src/crypto/internal/fips140/bigmod/nat_arm.s similarity index 100% rename from src/crypto/internal/fips/bigmod/nat_arm.s rename to src/crypto/internal/fips140/bigmod/nat_arm.s diff --git a/src/crypto/internal/fips/bigmod/nat_arm64.s b/src/crypto/internal/fips140/bigmod/nat_arm64.s similarity index 100% rename from src/crypto/internal/fips/bigmod/nat_arm64.s rename to src/crypto/internal/fips140/bigmod/nat_arm64.s diff --git a/src/crypto/internal/fips/bigmod/nat_asm.go b/src/crypto/internal/fips140/bigmod/nat_asm.go similarity index 96% rename from src/crypto/internal/fips/bigmod/nat_asm.go rename to src/crypto/internal/fips140/bigmod/nat_asm.go index 78ee32ac09..e3d125149a 100644 --- a/src/crypto/internal/fips/bigmod/nat_asm.go +++ b/src/crypto/internal/fips140/bigmod/nat_asm.go @@ -7,7 +7,7 @@ package bigmod import ( - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140deps/cpu" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/bigmod/nat_loong64.s b/src/crypto/internal/fips140/bigmod/nat_loong64.s similarity index 97% rename from src/crypto/internal/fips/bigmod/nat_loong64.s rename to src/crypto/internal/fips140/bigmod/nat_loong64.s index d88deb65b1..4e88586da8 100644 --- a/src/crypto/internal/fips/bigmod/nat_loong64.s +++ b/src/crypto/internal/fips140/bigmod/nat_loong64.s @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// derived from crypto/internal/fips/bigmod/nat_riscv64.s +// derived from crypto/internal/fips140/bigmod/nat_riscv64.s //go:build !purego diff --git a/src/crypto/internal/fips/bigmod/nat_noasm.go b/src/crypto/internal/fips140/bigmod/nat_noasm.go similarity index 100% rename from src/crypto/internal/fips/bigmod/nat_noasm.go rename to src/crypto/internal/fips140/bigmod/nat_noasm.go diff --git a/src/crypto/internal/fips/bigmod/nat_ppc64x.s b/src/crypto/internal/fips140/bigmod/nat_ppc64x.s similarity index 100% rename from src/crypto/internal/fips/bigmod/nat_ppc64x.s rename to src/crypto/internal/fips140/bigmod/nat_ppc64x.s diff --git a/src/crypto/internal/fips/bigmod/nat_riscv64.s b/src/crypto/internal/fips140/bigmod/nat_riscv64.s similarity index 100% rename from src/crypto/internal/fips/bigmod/nat_riscv64.s rename to src/crypto/internal/fips140/bigmod/nat_riscv64.s diff --git a/src/crypto/internal/fips/bigmod/nat_s390x.s b/src/crypto/internal/fips140/bigmod/nat_s390x.s similarity index 100% rename from src/crypto/internal/fips/bigmod/nat_s390x.s rename to src/crypto/internal/fips140/bigmod/nat_s390x.s diff --git a/src/crypto/internal/fips/bigmod/nat_test.go b/src/crypto/internal/fips140/bigmod/nat_test.go similarity index 100% rename from src/crypto/internal/fips/bigmod/nat_test.go rename to src/crypto/internal/fips140/bigmod/nat_test.go diff --git a/src/crypto/internal/fips/bigmod/nat_wasm.go b/src/crypto/internal/fips140/bigmod/nat_wasm.go similarity index 100% rename from src/crypto/internal/fips/bigmod/nat_wasm.go rename to src/crypto/internal/fips140/bigmod/nat_wasm.go diff --git a/src/crypto/internal/fips/cast.go b/src/crypto/internal/fips140/cast.go similarity index 92% rename from src/crypto/internal/fips/cast.go rename to src/crypto/internal/fips140/cast.go index 4d056de7b5..66e21d8a90 100644 --- a/src/crypto/internal/fips/cast.go +++ b/src/crypto/internal/fips140/cast.go @@ -2,10 +2,10 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package fips +package fips140 import ( - "crypto/internal/fipsdeps/godebug" + "crypto/internal/fips140deps/godebug" "errors" "strings" _ "unsafe" // for go:linkname @@ -13,7 +13,7 @@ import ( // fatal is [runtime.fatal], pushed via linkname. // -//go:linkname fatal crypto/internal/fips.fatal +//go:linkname fatal crypto/internal/fips140.fatal func fatal(string) // failfipscast is a GODEBUG key allowing simulation of a CAST or PCT failure, @@ -31,7 +31,7 @@ var failfipscast = godebug.Value("#failfipscast") // The name must not contain commas, colons, hashes, or equal signs. // // If a package p calls CAST from its init function, an import of p should also -// be added to crypto/internal/fipstest. If a package p calls CAST on the first +// be added to crypto/internal/fips140test. If a package p calls CAST on the first // use of the algorithm, an invocation of that algorithm should be added to // fipstest.TestConditionals. func CAST(name string, f func() error) { diff --git a/src/crypto/internal/fips/check/asan.go b/src/crypto/internal/fips140/check/asan.go similarity index 100% rename from src/crypto/internal/fips/check/asan.go rename to src/crypto/internal/fips140/check/asan.go diff --git a/src/crypto/internal/fips/check/check.go b/src/crypto/internal/fips140/check/check.go similarity index 92% rename from src/crypto/internal/fips/check/check.go rename to src/crypto/internal/fips140/check/check.go index 7938df8142..d8526e151d 100644 --- a/src/crypto/internal/fips/check/check.go +++ b/src/crypto/internal/fips140/check/check.go @@ -4,7 +4,7 @@ // Package check implements the FIPS-140 load-time code+data verification. // Every FIPS package providing cryptographic functionality except hmac and sha256 -// must import crypto/internal/fips/check, so that the verification happens +// must import crypto/internal/fips140/check, so that the verification happens // before initialization of package global variables. // The hmac and sha256 packages are used by this package, so they cannot import it. // Instead, those packages must be careful not to change global variables during init. @@ -13,10 +13,10 @@ package check import ( - "crypto/internal/fips/hmac" - "crypto/internal/fips/sha256" - "crypto/internal/fipsdeps/byteorder" - "crypto/internal/fipsdeps/godebug" + "crypto/internal/fips140/hmac" + "crypto/internal/fips140/sha256" + "crypto/internal/fips140deps/byteorder" + "crypto/internal/fips140deps/godebug" "io" "runtime" "unsafe" @@ -80,7 +80,7 @@ func init() { if asanEnabled { // ASAN disapproves of reading swaths of global memory below. // One option would be to expose runtime.asanunpoison through - // crypto/internal/fipsdeps and then call it to unpoison the range + // crypto/internal/fips140deps and then call it to unpoison the range // before reading it, but it is unclear whether that would then cause // false negatives. For now, FIPS+ASAN doesn't need to work. // If this is made to work, also re-enable the test in check_test.go. diff --git a/src/crypto/internal/fips140/check/checktest/asm.s b/src/crypto/internal/fips140/check/checktest/asm.s new file mode 100644 index 0000000000..003b14e9de --- /dev/null +++ b/src/crypto/internal/fips140/check/checktest/asm.s @@ -0,0 +1,6 @@ +//go:build !purego && !wasm + +#include "textflag.h" + +DATA crypto∕internal∕fips140∕check∕checktest·RODATA(SB)/4, $2 +GLOBL crypto∕internal∕fips140∕check∕checktest·RODATA(SB), RODATA, $4 diff --git a/src/crypto/internal/fips/check/checktest/test.go b/src/crypto/internal/fips140/check/checktest/test.go similarity index 88% rename from src/crypto/internal/fips/check/checktest/test.go rename to src/crypto/internal/fips140/check/checktest/test.go index 66efe31a09..13429ef4ec 100644 --- a/src/crypto/internal/fips/check/checktest/test.go +++ b/src/crypto/internal/fips140/check/checktest/test.go @@ -3,11 +3,11 @@ // license that can be found in the LICENSE file. // Package checktest defines some code and data for use in -// the crypto/internal/fips/check test. +// the crypto/internal/fips140/check test. package checktest import ( - _ "crypto/internal/fips/check" + _ "crypto/internal/fips140/check" "runtime" _ "unsafe" // go:linkname ) @@ -17,7 +17,7 @@ var NOPTRDATA int = 1 // The linkname here disables asan registration of this global, // because asan gets mad about rodata globals. // -//go:linkname RODATA crypto/internal/fips/check/checktest.RODATA +//go:linkname RODATA crypto/internal/fips140/check/checktest.RODATA var RODATA int32 // set to 2 in asm.s // DATA needs to have both a pointer and an int so that _some_ of it gets diff --git a/src/crypto/internal/fips/check/noasan.go b/src/crypto/internal/fips140/check/noasan.go similarity index 100% rename from src/crypto/internal/fips/check/noasan.go rename to src/crypto/internal/fips140/check/noasan.go diff --git a/src/crypto/internal/fips/drbg/cast.go b/src/crypto/internal/fips140/drbg/cast.go similarity index 94% rename from src/crypto/internal/fips/drbg/cast.go rename to src/crypto/internal/fips140/drbg/cast.go index 5f973c7f15..24c0e0f108 100644 --- a/src/crypto/internal/fips/drbg/cast.go +++ b/src/crypto/internal/fips140/drbg/cast.go @@ -6,8 +6,8 @@ package drbg import ( "bytes" - "crypto/internal/fips" - _ "crypto/internal/fips/check" + "crypto/internal/fips140" + _ "crypto/internal/fips140/check" "errors" ) @@ -15,7 +15,7 @@ func init() { // Per IG 10.3.A, Resolution 7: "A KAT of a DRBG may be performed by: // Instantiate with known data, Reseed with other known data, Generate and // then compare the result to a pre-computed value." - fips.CAST("CTR_DRBG", func() error { + fips140.CAST("CTR_DRBG", func() error { entropy := &[SeedSize]byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, diff --git a/src/crypto/internal/fips/drbg/ctrdrbg.go b/src/crypto/internal/fips140/drbg/ctrdrbg.go similarity index 93% rename from src/crypto/internal/fips/drbg/ctrdrbg.go rename to src/crypto/internal/fips140/drbg/ctrdrbg.go index fb05bf9ca8..cd1b40d10c 100644 --- a/src/crypto/internal/fips/drbg/ctrdrbg.go +++ b/src/crypto/internal/fips140/drbg/ctrdrbg.go @@ -5,10 +5,10 @@ package drbg import ( - "crypto/internal/fips" - "crypto/internal/fips/aes" - "crypto/internal/fips/subtle" - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/subtle" + "crypto/internal/fips140deps/byteorder" "math/bits" ) @@ -37,7 +37,7 @@ const ( func NewCounter(entropy *[SeedSize]byte) *Counter { // CTR_DRBG_Instantiate_algorithm, per Section 10.2.1.3.1. - fips.RecordApproved() + fips140.RecordApproved() K := make([]byte, keySize) V := make([]byte, aes.BlockSize) @@ -87,7 +87,7 @@ func increment(v *[aes.BlockSize]byte) { func (c *Counter) Reseed(entropy, additionalInput *[SeedSize]byte) { // CTR_DRBG_Reseed_algorithm, per Section 10.2.1.4.1. - fips.RecordApproved() + fips140.RecordApproved() var seed [SeedSize]byte subtle.XORBytes(seed[:], entropy[:], additionalInput[:]) @@ -98,7 +98,7 @@ func (c *Counter) Reseed(entropy, additionalInput *[SeedSize]byte) { // Generate produces at most maxRequestSize bytes of random data in out. func (c *Counter) Generate(out []byte, additionalInput *[SeedSize]byte) (reseedRequired bool) { // CTR_DRBG_Generate_algorithm, per Section 10.2.1.5.1. - fips.RecordApproved() + fips140.RecordApproved() if len(out) > maxRequestSize { panic("crypto/drbg: internal error: request size exceeds maximum") diff --git a/src/crypto/internal/fips/drbg/rand.go b/src/crypto/internal/fips140/drbg/rand.go similarity index 97% rename from src/crypto/internal/fips/drbg/rand.go rename to src/crypto/internal/fips140/drbg/rand.go index 4f4a5701aa..736a4b0cc0 100644 --- a/src/crypto/internal/fips/drbg/rand.go +++ b/src/crypto/internal/fips140/drbg/rand.go @@ -6,7 +6,7 @@ package drbg import ( "crypto/internal/entropy" - "crypto/internal/fips" + "crypto/internal/fips140" "crypto/internal/sysrand" "sync" ) @@ -18,7 +18,7 @@ var drbg *Counter // uses an SP 800-90A Rev. 1 Deterministic Random Bit Generator (DRBG). // Otherwise, it uses the operating system's random number generator. func Read(b []byte) { - if !fips.Enabled { + if !fips140.Enabled { sysrand.Read(b) return } diff --git a/src/crypto/internal/fips/ecdh/cast.go b/src/crypto/internal/fips140/ecdh/cast.go similarity index 90% rename from src/crypto/internal/fips/ecdh/cast.go rename to src/crypto/internal/fips140/ecdh/cast.go index e053bb6461..b9b2def321 100644 --- a/src/crypto/internal/fips/ecdh/cast.go +++ b/src/crypto/internal/fips140/ecdh/cast.go @@ -6,16 +6,16 @@ package ecdh import ( "bytes" - "crypto/internal/fips" - _ "crypto/internal/fips/check" - "crypto/internal/fips/nistec" + "crypto/internal/fips140" + _ "crypto/internal/fips140/check" + "crypto/internal/fips140/nistec" "errors" "sync" ) var fipsSelfTest = sync.OnceFunc(func() { // Per IG D.F, Scenario 2, path (1). - fips.CAST("KAS-ECC-SSC P-256", func() error { + fips140.CAST("KAS-ECC-SSC P-256", func() error { privateKey := []byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, diff --git a/src/crypto/internal/fips/ecdh/ecdh.go b/src/crypto/internal/fips140/ecdh/ecdh.go similarity index 94% rename from src/crypto/internal/fips/ecdh/ecdh.go rename to src/crypto/internal/fips140/ecdh/ecdh.go index 032f033dea..d2757bbf16 100644 --- a/src/crypto/internal/fips/ecdh/ecdh.go +++ b/src/crypto/internal/fips140/ecdh/ecdh.go @@ -6,10 +6,10 @@ package ecdh import ( "bytes" - "crypto/internal/fips" - "crypto/internal/fips/drbg" - "crypto/internal/fips/nistec" - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140" + "crypto/internal/fips140/drbg" + "crypto/internal/fips140/nistec" + "crypto/internal/fips140deps/byteorder" "crypto/internal/randutil" "errors" "io" @@ -33,7 +33,7 @@ type point[T any] interface { // DRBG (and the function runs considerably slower). func GenerateKeyP224(rand io.Reader) (privateKey, publicKey []byte, err error) { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return generateKey(rand, nistec.NewP224Point, p224Order) } @@ -44,7 +44,7 @@ func GenerateKeyP224(rand io.Reader) (privateKey, publicKey []byte, err error) { // DRBG (and the function runs considerably slower). func GenerateKeyP256(rand io.Reader) (privateKey, publicKey []byte, err error) { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return generateKey(rand, nistec.NewP256Point, p256Order) } @@ -55,7 +55,7 @@ func GenerateKeyP256(rand io.Reader) (privateKey, publicKey []byte, err error) { // DRBG (and the function runs considerably slower). func GenerateKeyP384(rand io.Reader) (privateKey, publicKey []byte, err error) { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return generateKey(rand, nistec.NewP384Point, p384Order) } @@ -66,7 +66,7 @@ func GenerateKeyP384(rand io.Reader) (privateKey, publicKey []byte, err error) { // DRBG (and the function runs considerably slower). func GenerateKeyP521(rand io.Reader) (privateKey, publicKey []byte, err error) { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return generateKey(rand, nistec.NewP521Point, p521Order) } @@ -76,7 +76,7 @@ func generateKey[P point[P]](rand io.Reader, newPoint func() P, scalarOrder []by for { key := make([]byte, len(scalarOrder)) - if fips.Enabled { + if fips140.Enabled { drbg.Read(key) } else { randutil.MaybeReadByte(rand) @@ -105,22 +105,22 @@ func generateKey[P point[P]](rand io.Reader, newPoint func() P, scalarOrder []by } func ImportKeyP224(privateKey []byte) (publicKey []byte, err error) { - fips.RecordNonApproved() + fips140.RecordNonApproved() return checkKeyAndComputePublicKey(privateKey, nistec.NewP224Point, p224Order) } func ImportKeyP256(privateKey []byte) (publicKey []byte, err error) { - fips.RecordNonApproved() + fips140.RecordNonApproved() return checkKeyAndComputePublicKey(privateKey, nistec.NewP256Point, p256Order) } func ImportKeyP384(privateKey []byte) (publicKey []byte, err error) { - fips.RecordNonApproved() + fips140.RecordNonApproved() return checkKeyAndComputePublicKey(privateKey, nistec.NewP384Point, p384Order) } func ImportKeyP521(privateKey []byte) (publicKey []byte, err error) { - fips.RecordNonApproved() + fips140.RecordNonApproved() return checkKeyAndComputePublicKey(privateKey, nistec.NewP521Point, p521Order) } @@ -156,7 +156,7 @@ func checkKeyAndComputePublicKey[P point[P]](key []byte, newPoint func() P, scal // Comment 1 goes out of its way to say that "the PCT shall be performed // consistent [...], even if the underlying standard does not require a // PCT". So we do it. And make ECDH nearly 50% slower (only) in FIPS mode. - if err := fips.PCT("ECDH PCT", func() error { + if err := fips140.PCT("ECDH PCT", func() error { p1, err := newPoint().ScalarBaseMult(key) if err != nil { return err @@ -174,25 +174,25 @@ func checkKeyAndComputePublicKey[P point[P]](key []byte, newPoint func() P, scal func CheckPublicKeyP224(publicKey []byte) error { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return checkPublicKey(publicKey, nistec.NewP224Point) } func CheckPublicKeyP256(publicKey []byte) error { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return checkPublicKey(publicKey, nistec.NewP256Point) } func CheckPublicKeyP384(publicKey []byte) error { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return checkPublicKey(publicKey, nistec.NewP384Point) } func CheckPublicKeyP521(publicKey []byte) error { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return checkPublicKey(publicKey, nistec.NewP521Point) } @@ -215,25 +215,25 @@ func checkPublicKey[P point[P]](key []byte, newPoint func() P) error { func ECDHP224(privateKey, publicKey []byte) ([]byte, error) { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return ecdh(privateKey, publicKey, nistec.NewP224Point) } func ECDHP256(privateKey, publicKey []byte) ([]byte, error) { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return ecdh(privateKey, publicKey, nistec.NewP256Point) } func ECDHP384(privateKey, publicKey []byte) ([]byte, error) { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return ecdh(privateKey, publicKey, nistec.NewP384Point) } func ECDHP521(privateKey, publicKey []byte) ([]byte, error) { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return ecdh(privateKey, publicKey, nistec.NewP521Point) } diff --git a/src/crypto/internal/fips/ecdh/order_test.go b/src/crypto/internal/fips140/ecdh/order_test.go similarity index 100% rename from src/crypto/internal/fips/ecdh/order_test.go rename to src/crypto/internal/fips140/ecdh/order_test.go diff --git a/src/crypto/internal/fips/ecdsa/cast.go b/src/crypto/internal/fips140/ecdsa/cast.go similarity index 93% rename from src/crypto/internal/fips/ecdsa/cast.go rename to src/crypto/internal/fips140/ecdsa/cast.go index 6b0c709972..a324cf929d 100644 --- a/src/crypto/internal/fips/ecdsa/cast.go +++ b/src/crypto/internal/fips140/ecdsa/cast.go @@ -6,9 +6,9 @@ package ecdsa import ( "bytes" - "crypto/internal/fips" - _ "crypto/internal/fips/check" - "crypto/internal/fips/sha512" + "crypto/internal/fips140" + _ "crypto/internal/fips140/check" + "crypto/internal/fips140/sha512" "errors" "sync" ) @@ -52,7 +52,7 @@ func testHash() []byte { } func fipsPCT[P Point[P]](c *Curve[P], k *PrivateKey) error { - return fips.PCT("ECDSA PCT", func() error { + return fips140.PCT("ECDSA PCT", func() error { hash := testHash() sig, err := Sign(c, sha512.New, k, nil, hash) if err != nil { @@ -63,7 +63,7 @@ func fipsPCT[P Point[P]](c *Curve[P], k *PrivateKey) error { } var fipsSelfTest = sync.OnceFunc(func() { - fips.CAST("ECDSA P-256 SHA2-512 sign and verify", func() error { + fips140.CAST("ECDSA P-256 SHA2-512 sign and verify", func() error { k := testPrivateKey() Z := []byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, @@ -103,7 +103,7 @@ var fipsSelfTest = sync.OnceFunc(func() { }) var fipsSelfTestDeterministic = sync.OnceFunc(func() { - fips.CAST("DetECDSA P-256 SHA2-512 sign", func() error { + fips140.CAST("DetECDSA P-256 SHA2-512 sign", func() error { k := testPrivateKey() hash := testHash() want := &Signature{ diff --git a/src/crypto/internal/fips/ecdsa/ecdsa.go b/src/crypto/internal/fips140/ecdsa/ecdsa.go similarity index 96% rename from src/crypto/internal/fips/ecdsa/ecdsa.go rename to src/crypto/internal/fips140/ecdsa/ecdsa.go index a4834307d4..61b40122a0 100644 --- a/src/crypto/internal/fips/ecdsa/ecdsa.go +++ b/src/crypto/internal/fips140/ecdsa/ecdsa.go @@ -6,10 +6,10 @@ package ecdsa import ( "bytes" - "crypto/internal/fips" - "crypto/internal/fips/bigmod" - "crypto/internal/fips/drbg" - "crypto/internal/fips/nistec" + "crypto/internal/fips140" + "crypto/internal/fips140/bigmod" + "crypto/internal/fips140/drbg" + "crypto/internal/fips140/nistec" "crypto/internal/randutil" "errors" "io" @@ -157,7 +157,7 @@ var p521Order = []byte{0x01, 0xff, 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09} func NewPrivateKey[P Point[P]](c *Curve[P], D, Q []byte) (*PrivateKey, error) { - fips.RecordApproved() + fips140.RecordApproved() pub, err := NewPublicKey(c, Q) if err != nil { return nil, err @@ -190,10 +190,10 @@ func NewPublicKey[P Point[P]](c *Curve[P], Q []byte) (*PublicKey, error) { // // In FIPS mode, rand is ignored. func GenerateKey[P Point[P]](c *Curve[P], rand io.Reader) (*PrivateKey, error) { - fips.RecordApproved() + fips140.RecordApproved() k, Q, err := randomPoint(c, func(b []byte) error { - if fips.Enabled { + if fips140.Enabled { drbg.Read(b) return nil } else { @@ -283,11 +283,11 @@ type Signature struct { // to that length. // // The signature is randomized. If FIPS mode is enabled, rand is ignored. -func Sign[P Point[P], H fips.Hash](c *Curve[P], h func() H, priv *PrivateKey, rand io.Reader, hash []byte) (*Signature, error) { +func Sign[P Point[P], H fips140.Hash](c *Curve[P], h func() H, priv *PrivateKey, rand io.Reader, hash []byte) (*Signature, error) { if priv.pub.curve != c.curve { return nil, errors.New("ecdsa: private key does not match curve") } - fips.RecordApproved() + fips140.RecordApproved() fipsSelfTest() // Random ECDSA is dangerous, because a failure of the RNG would immediately @@ -296,7 +296,7 @@ func Sign[P Point[P], H fips.Hash](c *Curve[P], h func() H, priv *PrivateKey, ra // advantage of closely resembling Deterministic ECDSA. Z := make([]byte, len(priv.d)) - if fips.Enabled { + if fips140.Enabled { drbg.Read(Z) } else { randutil.MaybeReadByte(rand) @@ -321,11 +321,11 @@ func Sign[P Point[P], H fips.Hash](c *Curve[P], h func() H, priv *PrivateKey, ra // hash is longer than the bit-length of the private key's curve order, the hash // will be truncated to that length. This applies Deterministic ECDSA as // specified in FIPS 186-5 and RFC 6979. -func SignDeterministic[P Point[P], H fips.Hash](c *Curve[P], h func() H, priv *PrivateKey, hash []byte) (*Signature, error) { +func SignDeterministic[P Point[P], H fips140.Hash](c *Curve[P], h func() H, priv *PrivateKey, hash []byte) (*Signature, error) { if priv.pub.curve != c.curve { return nil, errors.New("ecdsa: private key does not match curve") } - fips.RecordApproved() + fips140.RecordApproved() fipsSelfTestDeterministic() drbg := newDRBG(h, priv.d, bits2octets(c, hash), nil) // RFC 6979, Section 3.3 return sign(c, priv, drbg, hash) @@ -457,7 +457,7 @@ func Verify[P Point[P]](c *Curve[P], pub *PublicKey, hash []byte, sig *Signature if pub.curve != c.curve { return errors.New("ecdsa: public key does not match curve") } - fips.RecordApproved() + fips140.RecordApproved() fipsSelfTest() return verify(c, pub, hash, sig) } diff --git a/src/crypto/internal/fips/ecdsa/ecdsa_noasm.go b/src/crypto/internal/fips140/ecdsa/ecdsa_noasm.go similarity index 100% rename from src/crypto/internal/fips/ecdsa/ecdsa_noasm.go rename to src/crypto/internal/fips140/ecdsa/ecdsa_noasm.go diff --git a/src/crypto/internal/fips/ecdsa/ecdsa_s390x.go b/src/crypto/internal/fips140/ecdsa/ecdsa_s390x.go similarity index 98% rename from src/crypto/internal/fips/ecdsa/ecdsa_s390x.go rename to src/crypto/internal/fips140/ecdsa/ecdsa_s390x.go index 01e877067d..01379f998f 100644 --- a/src/crypto/internal/fips/ecdsa/ecdsa_s390x.go +++ b/src/crypto/internal/fips140/ecdsa/ecdsa_s390x.go @@ -7,8 +7,8 @@ package ecdsa import ( - "crypto/internal/fips/bigmod" - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140/bigmod" + "crypto/internal/fips140deps/cpu" "crypto/internal/impl" "errors" ) diff --git a/src/crypto/internal/fips/ecdsa/ecdsa_s390x.s b/src/crypto/internal/fips140/ecdsa/ecdsa_s390x.s similarity index 100% rename from src/crypto/internal/fips/ecdsa/ecdsa_s390x.s rename to src/crypto/internal/fips140/ecdsa/ecdsa_s390x.s diff --git a/src/crypto/internal/fips/ecdsa/ecdsa_test.go b/src/crypto/internal/fips140/ecdsa/ecdsa_test.go similarity index 98% rename from src/crypto/internal/fips/ecdsa/ecdsa_test.go rename to src/crypto/internal/fips140/ecdsa/ecdsa_test.go index 583a19de4c..1bbdb667d2 100644 --- a/src/crypto/internal/fips/ecdsa/ecdsa_test.go +++ b/src/crypto/internal/fips140/ecdsa/ecdsa_test.go @@ -6,7 +6,7 @@ package ecdsa import ( "bytes" - "crypto/internal/fips/bigmod" + "crypto/internal/fips140/bigmod" "crypto/rand" "io" "testing" diff --git a/src/crypto/internal/fips/ecdsa/hmacdrbg.go b/src/crypto/internal/fips140/ecdsa/hmacdrbg.go similarity index 94% rename from src/crypto/internal/fips/ecdsa/hmacdrbg.go rename to src/crypto/internal/fips140/ecdsa/hmacdrbg.go index da3f72e522..6fd7ac6974 100644 --- a/src/crypto/internal/fips/ecdsa/hmacdrbg.go +++ b/src/crypto/internal/fips140/ecdsa/hmacdrbg.go @@ -6,8 +6,8 @@ package ecdsa import ( "bytes" - "crypto/internal/fips" - "crypto/internal/fips/hmac" + "crypto/internal/fips140" + "crypto/internal/fips140/hmac" ) // hmacDRBG is an SP 800-90A Rev. 1 HMAC_DRBG. @@ -48,9 +48,9 @@ type personalizationString interface { isPersonalizationString() } -func newDRBG[H fips.Hash](hash func() H, entropy, nonce []byte, s personalizationString) *hmacDRBG { +func newDRBG[H fips140.Hash](hash func() H, entropy, nonce []byte, s personalizationString) *hmacDRBG { // HMAC_DRBG_Instantiate_algorithm, per Section 10.1.2.3. - fips.RecordApproved() + fips140.RecordApproved() d := &hmacDRBG{ newHMAC: func(key []byte) *hmac.HMAC { @@ -126,7 +126,7 @@ func pad000(h *hmac.HMAC, writtenSoFar int) { // Generate produces at most maxRequestSize bytes of random data in out. func (d *hmacDRBG) Generate(out []byte) { // HMAC_DRBG_Generate_algorithm, per Section 10.1.2.5. - fips.RecordApproved() + fips140.RecordApproved() if len(out) > maxRequestSize { panic("ecdsa: internal error: request size exceeds maximum") diff --git a/src/crypto/internal/fips/ed25519/cast.go b/src/crypto/internal/fips140/ed25519/cast.go similarity index 92% rename from src/crypto/internal/fips/ed25519/cast.go rename to src/crypto/internal/fips140/ed25519/cast.go index 8ac7a6f688..a680c2514b 100644 --- a/src/crypto/internal/fips/ed25519/cast.go +++ b/src/crypto/internal/fips140/ed25519/cast.go @@ -6,14 +6,14 @@ package ed25519 import ( "bytes" - "crypto/internal/fips" - _ "crypto/internal/fips/check" + "crypto/internal/fips140" + _ "crypto/internal/fips140/check" "errors" "sync" ) func fipsPCT(k *PrivateKey) error { - return fips.PCT("Ed25519 sign and verify PCT", func() error { + return fips140.PCT("Ed25519 sign and verify PCT", func() error { return pairwiseTest(k) }) } @@ -43,7 +43,7 @@ func verifyWithoutSelfTest(pub *PublicKey, message, sig []byte) error { } var fipsSelfTest = sync.OnceFunc(func() { - fips.CAST("Ed25519 sign and verify", func() error { + fips140.CAST("Ed25519 sign and verify", func() error { seed := [32]byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, diff --git a/src/crypto/internal/fips/ed25519/ed25519.go b/src/crypto/internal/fips140/ed25519/ed25519.go similarity index 96% rename from src/crypto/internal/fips/ed25519/ed25519.go rename to src/crypto/internal/fips140/ed25519/ed25519.go index 2746933622..9824cbdf81 100644 --- a/src/crypto/internal/fips/ed25519/ed25519.go +++ b/src/crypto/internal/fips140/ed25519/ed25519.go @@ -6,10 +6,10 @@ package ed25519 import ( "bytes" - "crypto/internal/fips" - "crypto/internal/fips/drbg" - "crypto/internal/fips/edwards25519" - "crypto/internal/fips/sha512" + "crypto/internal/fips140" + "crypto/internal/fips140/drbg" + "crypto/internal/fips140/edwards25519" + "crypto/internal/fips140/sha512" "errors" "io" "strconv" @@ -71,8 +71,8 @@ func GenerateKey(rand io.Reader) (*PrivateKey, error) { } func generateKey(priv *PrivateKey, rand io.Reader) (*PrivateKey, error) { - fips.RecordApproved() - if fips.Enabled { + fips140.RecordApproved() + if fips140.Enabled { drbg.Read(priv.seed[:]) } else { if _, err := io.ReadFull(rand, priv.seed[:]); err != nil { @@ -93,7 +93,7 @@ func NewPrivateKeyFromSeed(seed []byte) (*PrivateKey, error) { } func newPrivateKeyFromSeed(priv *PrivateKey, seed []byte) (*PrivateKey, error) { - fips.RecordApproved() + fips140.RecordApproved() if l := len(seed); l != seedSize { return nil, errors.New("ed25519: bad seed length: " + strconv.Itoa(l)) } @@ -127,7 +127,7 @@ func NewPrivateKey(priv []byte) (*PrivateKey, error) { } func newPrivateKey(priv *PrivateKey, privBytes []byte) (*PrivateKey, error) { - fips.RecordApproved() + fips140.RecordApproved() if l := len(privBytes); l != privateKeySize { return nil, errors.New("ed25519: bad private key length: " + strconv.Itoa(l)) } @@ -196,7 +196,7 @@ func Sign(priv *PrivateKey, message []byte) []byte { func sign(signature []byte, priv *PrivateKey, message []byte) []byte { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return signWithDom(signature, priv, message, domPrefixPure, "") } @@ -209,7 +209,7 @@ func SignPH(priv *PrivateKey, message []byte, context string) ([]byte, error) { func signPH(signature []byte, priv *PrivateKey, message []byte, context string) ([]byte, error) { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() if l := len(message); l != sha512Size { return nil, errors.New("ed25519: bad Ed25519ph message hash length: " + strconv.Itoa(l)) } @@ -229,7 +229,7 @@ func SignCtx(priv *PrivateKey, message []byte, context string) ([]byte, error) { func signCtx(signature []byte, priv *PrivateKey, message []byte, context string) ([]byte, error) { fipsSelfTest() // FIPS 186-5 specifies Ed25519 and Ed25519ph (with context), but not Ed25519ctx. - fips.RecordNonApproved() + fips140.RecordNonApproved() // Note that per RFC 8032, Section 5.1, the context SHOULD NOT be empty. if l := len(context); l > 255 { return nil, errors.New("ed25519: bad Ed25519ctx context length: " + strconv.Itoa(l)) @@ -285,13 +285,13 @@ func Verify(pub *PublicKey, message, sig []byte) error { func verify(pub *PublicKey, message, sig []byte) error { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() return verifyWithDom(pub, message, sig, domPrefixPure, "") } func VerifyPH(pub *PublicKey, message []byte, sig []byte, context string) error { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() if l := len(message); l != sha512Size { return errors.New("ed25519: bad Ed25519ph message hash length: " + strconv.Itoa(l)) } @@ -304,7 +304,7 @@ func VerifyPH(pub *PublicKey, message []byte, sig []byte, context string) error func VerifyCtx(pub *PublicKey, message []byte, sig []byte, context string) error { fipsSelfTest() // FIPS 186-5 specifies Ed25519 and Ed25519ph (with context), but not Ed25519ctx. - fips.RecordNonApproved() + fips140.RecordNonApproved() if l := len(context); l > 255 { return errors.New("ed25519: bad Ed25519ctx context length: " + strconv.Itoa(l)) } diff --git a/src/crypto/internal/fips/edwards25519/doc.go b/src/crypto/internal/fips140/edwards25519/doc.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/doc.go rename to src/crypto/internal/fips140/edwards25519/doc.go diff --git a/src/crypto/internal/fips/edwards25519/edwards25519.go b/src/crypto/internal/fips140/edwards25519/edwards25519.go similarity index 99% rename from src/crypto/internal/fips/edwards25519/edwards25519.go rename to src/crypto/internal/fips140/edwards25519/edwards25519.go index b190290af3..395cf18adb 100644 --- a/src/crypto/internal/fips/edwards25519/edwards25519.go +++ b/src/crypto/internal/fips140/edwards25519/edwards25519.go @@ -5,8 +5,8 @@ package edwards25519 import ( - _ "crypto/internal/fips/check" - "crypto/internal/fips/edwards25519/field" + _ "crypto/internal/fips140/check" + "crypto/internal/fips140/edwards25519/field" "errors" ) diff --git a/src/crypto/internal/fips/edwards25519/edwards25519_test.go b/src/crypto/internal/fips140/edwards25519/edwards25519_test.go similarity index 99% rename from src/crypto/internal/fips/edwards25519/edwards25519_test.go rename to src/crypto/internal/fips140/edwards25519/edwards25519_test.go index f2c6f8694f..5f85e397ec 100644 --- a/src/crypto/internal/fips/edwards25519/edwards25519_test.go +++ b/src/crypto/internal/fips140/edwards25519/edwards25519_test.go @@ -5,7 +5,7 @@ package edwards25519 import ( - "crypto/internal/fips/edwards25519/field" + "crypto/internal/fips140/edwards25519/field" "encoding/hex" "reflect" "testing" diff --git a/src/crypto/internal/fips/edwards25519/field/_asm/fe_amd64_asm.go b/src/crypto/internal/fips140/edwards25519/field/_asm/fe_amd64_asm.go similarity index 99% rename from src/crypto/internal/fips/edwards25519/field/_asm/fe_amd64_asm.go rename to src/crypto/internal/fips140/edwards25519/field/_asm/fe_amd64_asm.go index 36df39fca0..e509052160 100644 --- a/src/crypto/internal/fips/edwards25519/field/_asm/fe_amd64_asm.go +++ b/src/crypto/internal/fips140/edwards25519/field/_asm/fe_amd64_asm.go @@ -16,7 +16,7 @@ import ( //go:generate go run . -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field func main() { - Package("crypto/internal/fips/edwards25519/field") + Package("crypto/internal/fips140/edwards25519/field") ConstraintExpr("!purego") feMul() feSquare() diff --git a/src/crypto/internal/fips/edwards25519/field/_asm/go.mod b/src/crypto/internal/fips140/edwards25519/field/_asm/go.mod similarity index 83% rename from src/crypto/internal/fips/edwards25519/field/_asm/go.mod rename to src/crypto/internal/fips140/edwards25519/field/_asm/go.mod index 273b1f5473..6eb11fe7cd 100644 --- a/src/crypto/internal/fips/edwards25519/field/_asm/go.mod +++ b/src/crypto/internal/fips140/edwards25519/field/_asm/go.mod @@ -1,4 +1,4 @@ -module crypto/internal/fips/edwards25519/field/_asm +module crypto/internal/fips140/edwards25519/field/_asm go 1.19 diff --git a/src/crypto/internal/fips/edwards25519/field/_asm/go.sum b/src/crypto/internal/fips140/edwards25519/field/_asm/go.sum similarity index 100% rename from src/crypto/internal/fips/edwards25519/field/_asm/go.sum rename to src/crypto/internal/fips140/edwards25519/field/_asm/go.sum diff --git a/src/crypto/internal/fips/edwards25519/field/fe.go b/src/crypto/internal/fips140/edwards25519/field/fe.go similarity index 99% rename from src/crypto/internal/fips/edwards25519/field/fe.go rename to src/crypto/internal/fips140/edwards25519/field/fe.go index d0fafdad50..2d76ba7274 100644 --- a/src/crypto/internal/fips/edwards25519/field/fe.go +++ b/src/crypto/internal/fips140/edwards25519/field/fe.go @@ -6,9 +6,9 @@ package field import ( - _ "crypto/internal/fips/check" - "crypto/internal/fips/subtle" - "crypto/internal/fipsdeps/byteorder" + _ "crypto/internal/fips140/check" + "crypto/internal/fips140/subtle" + "crypto/internal/fips140deps/byteorder" "errors" "math/bits" ) diff --git a/src/crypto/internal/fips/edwards25519/field/fe_alias_test.go b/src/crypto/internal/fips140/edwards25519/field/fe_alias_test.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/field/fe_alias_test.go rename to src/crypto/internal/fips140/edwards25519/field/fe_alias_test.go diff --git a/src/crypto/internal/fips/edwards25519/field/fe_amd64.go b/src/crypto/internal/fips140/edwards25519/field/fe_amd64.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/field/fe_amd64.go rename to src/crypto/internal/fips140/edwards25519/field/fe_amd64.go diff --git a/src/crypto/internal/fips/edwards25519/field/fe_amd64.s b/src/crypto/internal/fips140/edwards25519/field/fe_amd64.s similarity index 100% rename from src/crypto/internal/fips/edwards25519/field/fe_amd64.s rename to src/crypto/internal/fips140/edwards25519/field/fe_amd64.s diff --git a/src/crypto/internal/fips/edwards25519/field/fe_amd64_noasm.go b/src/crypto/internal/fips140/edwards25519/field/fe_amd64_noasm.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/field/fe_amd64_noasm.go rename to src/crypto/internal/fips140/edwards25519/field/fe_amd64_noasm.go diff --git a/src/crypto/internal/fips/edwards25519/field/fe_arm64.go b/src/crypto/internal/fips140/edwards25519/field/fe_arm64.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/field/fe_arm64.go rename to src/crypto/internal/fips140/edwards25519/field/fe_arm64.go diff --git a/src/crypto/internal/fips/edwards25519/field/fe_arm64.s b/src/crypto/internal/fips140/edwards25519/field/fe_arm64.s similarity index 100% rename from src/crypto/internal/fips/edwards25519/field/fe_arm64.s rename to src/crypto/internal/fips140/edwards25519/field/fe_arm64.s diff --git a/src/crypto/internal/fips/edwards25519/field/fe_arm64_noasm.go b/src/crypto/internal/fips140/edwards25519/field/fe_arm64_noasm.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/field/fe_arm64_noasm.go rename to src/crypto/internal/fips140/edwards25519/field/fe_arm64_noasm.go diff --git a/src/crypto/internal/fips/edwards25519/field/fe_bench_test.go b/src/crypto/internal/fips140/edwards25519/field/fe_bench_test.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/field/fe_bench_test.go rename to src/crypto/internal/fips140/edwards25519/field/fe_bench_test.go diff --git a/src/crypto/internal/fips/edwards25519/field/fe_generic.go b/src/crypto/internal/fips140/edwards25519/field/fe_generic.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/field/fe_generic.go rename to src/crypto/internal/fips140/edwards25519/field/fe_generic.go diff --git a/src/crypto/internal/fips/edwards25519/field/fe_test.go b/src/crypto/internal/fips140/edwards25519/field/fe_test.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/field/fe_test.go rename to src/crypto/internal/fips140/edwards25519/field/fe_test.go diff --git a/src/crypto/internal/fips/edwards25519/scalar.go b/src/crypto/internal/fips140/edwards25519/scalar.go similarity index 99% rename from src/crypto/internal/fips/edwards25519/scalar.go rename to src/crypto/internal/fips140/edwards25519/scalar.go index ec2c7fa398..9d60146d79 100644 --- a/src/crypto/internal/fips/edwards25519/scalar.go +++ b/src/crypto/internal/fips140/edwards25519/scalar.go @@ -5,7 +5,7 @@ package edwards25519 import ( - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140deps/byteorder" "errors" ) diff --git a/src/crypto/internal/fips/edwards25519/scalar_alias_test.go b/src/crypto/internal/fips140/edwards25519/scalar_alias_test.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/scalar_alias_test.go rename to src/crypto/internal/fips140/edwards25519/scalar_alias_test.go diff --git a/src/crypto/internal/fips/edwards25519/scalar_fiat.go b/src/crypto/internal/fips140/edwards25519/scalar_fiat.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/scalar_fiat.go rename to src/crypto/internal/fips140/edwards25519/scalar_fiat.go diff --git a/src/crypto/internal/fips/edwards25519/scalar_test.go b/src/crypto/internal/fips140/edwards25519/scalar_test.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/scalar_test.go rename to src/crypto/internal/fips140/edwards25519/scalar_test.go diff --git a/src/crypto/internal/fips/edwards25519/scalarmult.go b/src/crypto/internal/fips140/edwards25519/scalarmult.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/scalarmult.go rename to src/crypto/internal/fips140/edwards25519/scalarmult.go diff --git a/src/crypto/internal/fips/edwards25519/scalarmult_test.go b/src/crypto/internal/fips140/edwards25519/scalarmult_test.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/scalarmult_test.go rename to src/crypto/internal/fips140/edwards25519/scalarmult_test.go diff --git a/src/crypto/internal/fips/edwards25519/tables.go b/src/crypto/internal/fips140/edwards25519/tables.go similarity index 99% rename from src/crypto/internal/fips/edwards25519/tables.go rename to src/crypto/internal/fips140/edwards25519/tables.go index 4d2a653d43..801b76771d 100644 --- a/src/crypto/internal/fips/edwards25519/tables.go +++ b/src/crypto/internal/fips140/edwards25519/tables.go @@ -5,7 +5,7 @@ package edwards25519 import ( - "crypto/internal/fips/subtle" + "crypto/internal/fips140/subtle" ) // A dynamic lookup table for variable-base, constant-time scalar muls. diff --git a/src/crypto/internal/fips/edwards25519/tables_test.go b/src/crypto/internal/fips140/edwards25519/tables_test.go similarity index 100% rename from src/crypto/internal/fips/edwards25519/tables_test.go rename to src/crypto/internal/fips140/edwards25519/tables_test.go diff --git a/src/crypto/internal/fips/fips.go b/src/crypto/internal/fips140/fips140.go similarity index 84% rename from src/crypto/internal/fips/fips.go rename to src/crypto/internal/fips140/fips140.go index 30c8ba8673..cec9d13e35 100644 --- a/src/crypto/internal/fips/fips.go +++ b/src/crypto/internal/fips140/fips140.go @@ -2,9 +2,9 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package fips +package fips140 -import "crypto/internal/fipsdeps/godebug" +import "crypto/internal/fips140deps/godebug" var Enabled bool diff --git a/src/crypto/internal/fips/hash.go b/src/crypto/internal/fips140/hash.go similarity index 98% rename from src/crypto/internal/fips/hash.go rename to src/crypto/internal/fips140/hash.go index abea818791..bc6c7ca2f5 100644 --- a/src/crypto/internal/fips/hash.go +++ b/src/crypto/internal/fips140/hash.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package fips +package fips140 import "io" diff --git a/src/crypto/internal/fips/hkdf/cast.go b/src/crypto/internal/fips140/hkdf/cast.go similarity index 83% rename from src/crypto/internal/fips/hkdf/cast.go rename to src/crypto/internal/fips140/hkdf/cast.go index 98f6c97139..422ca9e309 100644 --- a/src/crypto/internal/fips/hkdf/cast.go +++ b/src/crypto/internal/fips140/hkdf/cast.go @@ -6,14 +6,14 @@ package hkdf import ( "bytes" - "crypto/internal/fips" - _ "crypto/internal/fips/check" - "crypto/internal/fips/sha256" + "crypto/internal/fips140" + _ "crypto/internal/fips140/check" + "crypto/internal/fips140/sha256" "errors" ) func init() { - fips.CAST("HKDF-SHA2-256", func() error { + fips140.CAST("HKDF-SHA2-256", func() error { input := []byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, diff --git a/src/crypto/internal/fips/hkdf/hkdf.go b/src/crypto/internal/fips140/hkdf/hkdf.go similarity index 74% rename from src/crypto/internal/fips/hkdf/hkdf.go rename to src/crypto/internal/fips140/hkdf/hkdf.go index 745a0525bb..982775129b 100644 --- a/src/crypto/internal/fips/hkdf/hkdf.go +++ b/src/crypto/internal/fips140/hkdf/hkdf.go @@ -5,13 +5,13 @@ package hkdf import ( - "crypto/internal/fips" - "crypto/internal/fips/hmac" + "crypto/internal/fips140" + "crypto/internal/fips140/hmac" ) -func Extract[H fips.Hash](h func() H, secret, salt []byte) []byte { +func Extract[H fips140.Hash](h func() H, secret, salt []byte) []byte { if len(secret) < 112/8 { - fips.RecordNonApproved() + fips140.RecordNonApproved() } if salt == nil { salt = make([]byte, h().Size()) @@ -22,7 +22,7 @@ func Extract[H fips.Hash](h func() H, secret, salt []byte) []byte { return extractor.Sum(nil) } -func Expand[H fips.Hash](h func() H, pseudorandomKey, info []byte, keyLen int) []byte { +func Expand[H fips140.Hash](h func() H, pseudorandomKey, info []byte, keyLen int) []byte { out := make([]byte, 0, keyLen) expander := hmac.New(h, pseudorandomKey) hmac.MarkAsUsedInHKDF(expander) @@ -49,7 +49,7 @@ func Expand[H fips.Hash](h func() H, pseudorandomKey, info []byte, keyLen int) [ return out } -func Key[H fips.Hash](h func() H, secret, salt, info []byte, keyLen int) []byte { +func Key[H fips140.Hash](h func() H, secret, salt, info []byte, keyLen int) []byte { prk := Extract(h, secret, salt) return Expand(h, prk, info, keyLen) } diff --git a/src/crypto/internal/fips/hmac/cast.go b/src/crypto/internal/fips140/hmac/cast.go similarity index 87% rename from src/crypto/internal/fips/hmac/cast.go rename to src/crypto/internal/fips140/hmac/cast.go index 292e311123..9573e39e5b 100644 --- a/src/crypto/internal/fips/hmac/cast.go +++ b/src/crypto/internal/fips140/hmac/cast.go @@ -6,13 +6,13 @@ package hmac import ( "bytes" - "crypto/internal/fips" - "crypto/internal/fips/sha256" + "crypto/internal/fips140" + "crypto/internal/fips140/sha256" "errors" ) func init() { - fips.CAST("HMAC-SHA2-256", func() error { + fips140.CAST("HMAC-SHA2-256", func() error { input := []byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, diff --git a/src/crypto/internal/fips/hmac/hmac.go b/src/crypto/internal/fips140/hmac/hmac.go similarity index 92% rename from src/crypto/internal/fips/hmac/hmac.go rename to src/crypto/internal/fips140/hmac/hmac.go index e47de385df..320d78f268 100644 --- a/src/crypto/internal/fips/hmac/hmac.go +++ b/src/crypto/internal/fips140/hmac/hmac.go @@ -8,10 +8,10 @@ package hmac import ( - "crypto/internal/fips" - "crypto/internal/fips/sha256" - "crypto/internal/fips/sha3" - "crypto/internal/fips/sha512" + "crypto/internal/fips140" + "crypto/internal/fips140/sha256" + "crypto/internal/fips140/sha3" + "crypto/internal/fips140/sha512" ) // key is zero padded to the block size of the hash function @@ -29,7 +29,7 @@ type marshalable interface { type HMAC struct { opad, ipad []byte - outer, inner fips.Hash + outer, inner fips140.Hash // If marshaled is true, then opad and ipad do not contain a padded // copy of the key, but rather the marshaled state of outer/inner after @@ -46,12 +46,12 @@ func (h *HMAC) Sum(in []byte) []byte { // legacy use (i.e. verification only) and we don't support that. However, // HKDF uses the HMAC key for the salt, which is allowed to be shorter. if h.keyLen < 112/8 && !h.forHKDF { - fips.RecordNonApproved() + fips140.RecordNonApproved() } switch h.inner.(type) { case *sha256.Digest, *sha512.Digest, *sha3.Digest: default: - fips.RecordNonApproved() + fips140.RecordNonApproved() } origLen := len(in) @@ -127,8 +127,8 @@ func (h *HMAC) Reset() { h.marshaled = true } -// New returns a new HMAC hash using the given [fips.Hash] type and key. -func New[H fips.Hash](h func() H, key []byte) *HMAC { +// New returns a new HMAC hash using the given [fips140.Hash] type and key. +func New[H fips140.Hash](h func() H, key []byte) *HMAC { hm := &HMAC{keyLen: len(key)} hm.outer = h() hm.inner = h() diff --git a/src/crypto/internal/fips/indicator.go b/src/crypto/internal/fips140/indicator.go similarity index 93% rename from src/crypto/internal/fips/indicator.go rename to src/crypto/internal/fips140/indicator.go index 984b39ad2e..229e0715e7 100644 --- a/src/crypto/internal/fips/indicator.go +++ b/src/crypto/internal/fips140/indicator.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package fips +package fips140 import _ "unsafe" // for go:linkname @@ -16,10 +16,10 @@ import _ "unsafe" // for go:linkname // negative. Finally, we expose indicatorUnset as negative to the user, so that // we don't need to explicitly annotate fully non-approved services. -//go:linkname getIndicator crypto/internal/fips.getIndicator +//go:linkname getIndicator crypto/internal/fips140.getIndicator func getIndicator() uint8 -//go:linkname setIndicator crypto/internal/fips.setIndicator +//go:linkname setIndicator crypto/internal/fips140.setIndicator func setIndicator(uint8) const ( diff --git a/src/crypto/internal/fips/mlkem/cast.go b/src/crypto/internal/fips140/mlkem/cast.go similarity index 93% rename from src/crypto/internal/fips/mlkem/cast.go rename to src/crypto/internal/fips140/mlkem/cast.go index a2162ee8ab..d3ae84ec3f 100644 --- a/src/crypto/internal/fips/mlkem/cast.go +++ b/src/crypto/internal/fips140/mlkem/cast.go @@ -6,13 +6,13 @@ package mlkem import ( "bytes" - "crypto/internal/fips" - _ "crypto/internal/fips/check" + "crypto/internal/fips140" + _ "crypto/internal/fips140/check" "errors" ) func init() { - fips.CAST("ML-KEM-768", func() error { + fips140.CAST("ML-KEM-768", func() error { var d = &[32]byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, diff --git a/src/crypto/internal/fips/mlkem/field.go b/src/crypto/internal/fips140/mlkem/field.go similarity index 99% rename from src/crypto/internal/fips/mlkem/field.go rename to src/crypto/internal/fips140/mlkem/field.go index 720e07528e..1a42818247 100644 --- a/src/crypto/internal/fips/mlkem/field.go +++ b/src/crypto/internal/fips140/mlkem/field.go @@ -5,8 +5,8 @@ package mlkem import ( - "crypto/internal/fips/sha3" - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140/sha3" + "crypto/internal/fips140deps/byteorder" "errors" ) diff --git a/src/crypto/internal/fips/mlkem/field_test.go b/src/crypto/internal/fips140/mlkem/field_test.go similarity index 100% rename from src/crypto/internal/fips/mlkem/field_test.go rename to src/crypto/internal/fips140/mlkem/field_test.go diff --git a/src/crypto/internal/fips/mlkem/generate1024.go b/src/crypto/internal/fips140/mlkem/generate1024.go similarity index 100% rename from src/crypto/internal/fips/mlkem/generate1024.go rename to src/crypto/internal/fips140/mlkem/generate1024.go diff --git a/src/crypto/internal/fips/mlkem/mlkem1024.go b/src/crypto/internal/fips140/mlkem/mlkem1024.go similarity index 96% rename from src/crypto/internal/fips/mlkem/mlkem1024.go rename to src/crypto/internal/fips140/mlkem/mlkem1024.go index 30c9f3f0fb..5aa3c69243 100644 --- a/src/crypto/internal/fips/mlkem/mlkem1024.go +++ b/src/crypto/internal/fips140/mlkem/mlkem1024.go @@ -3,10 +3,10 @@ package mlkem import ( - "crypto/internal/fips" - "crypto/internal/fips/drbg" - "crypto/internal/fips/sha3" - "crypto/internal/fips/subtle" + "crypto/internal/fips140" + "crypto/internal/fips140/drbg" + "crypto/internal/fips140/sha3" + "crypto/internal/fips140/subtle" "errors" ) @@ -91,11 +91,11 @@ func generateKey1024(dk *DecapsulationKey1024) (*DecapsulationKey1024, error) { var z [32]byte drbg.Read(z[:]) kemKeyGen1024(dk, &d, &z) - if err := fips.PCT("ML-KEM PCT", func() error { return kemPCT1024(dk) }); err != nil { + if err := fips140.PCT("ML-KEM PCT", func() error { return kemPCT1024(dk) }); err != nil { // This clearly can't happen, but FIPS 140-3 requires us to check. panic(err) } - fips.RecordApproved() + fips140.RecordApproved() return dk, nil } @@ -122,11 +122,11 @@ func newKeyFromSeed1024(dk *DecapsulationKey1024, seed []byte) (*DecapsulationKe d := (*[32]byte)(seed[:32]) z := (*[32]byte)(seed[32:]) kemKeyGen1024(dk, d, z) - if err := fips.PCT("ML-KEM PCT", func() error { return kemPCT1024(dk) }); err != nil { + if err := fips140.PCT("ML-KEM PCT", func() error { return kemPCT1024(dk) }); err != nil { // This clearly can't happen, but FIPS 140-3 requires us to check. panic(err) } - fips.RecordApproved() + fips140.RecordApproved() return dk, nil } @@ -215,7 +215,7 @@ func (ek *EncapsulationKey1024) encapsulate(cc *[CiphertextSize1024]byte) (ciphe drbg.Read(m[:]) // Note that the modulus check (step 2 of the encapsulation key check from // FIPS 203, Section 7.2) is performed by polyByteDecode in parseEK1024. - fips.RecordApproved() + fips140.RecordApproved() return kemEncaps1024(cc, ek, &m) } @@ -341,7 +341,7 @@ func (dk *DecapsulationKey1024) Decapsulate(ciphertext []byte) (sharedKey []byte // // It implements ML-KEM.Decaps_internal according to FIPS 203, Algorithm 18. func kemDecaps1024(dk *DecapsulationKey1024, c *[CiphertextSize1024]byte) (K []byte) { - fips.RecordApproved() + fips140.RecordApproved() m := pkeDecrypt1024(&dk.decryptionKey1024, c) g := sha3.New512() g.Write(m[:]) diff --git a/src/crypto/internal/fips/mlkem/mlkem768.go b/src/crypto/internal/fips140/mlkem/mlkem768.go similarity index 96% rename from src/crypto/internal/fips/mlkem/mlkem768.go rename to src/crypto/internal/fips140/mlkem/mlkem768.go index dcab3d8842..0c91ceadc4 100644 --- a/src/crypto/internal/fips/mlkem/mlkem768.go +++ b/src/crypto/internal/fips140/mlkem/mlkem768.go @@ -24,10 +24,10 @@ package mlkem //go:generate go run generate1024.go -input mlkem768.go -output mlkem1024.go import ( - "crypto/internal/fips" - "crypto/internal/fips/drbg" - "crypto/internal/fips/sha3" - "crypto/internal/fips/subtle" + "crypto/internal/fips140" + "crypto/internal/fips140/drbg" + "crypto/internal/fips140/sha3" + "crypto/internal/fips140/subtle" "errors" ) @@ -148,11 +148,11 @@ func generateKey(dk *DecapsulationKey768) (*DecapsulationKey768, error) { var z [32]byte drbg.Read(z[:]) kemKeyGen(dk, &d, &z) - if err := fips.PCT("ML-KEM PCT", func() error { return kemPCT(dk) }); err != nil { + if err := fips140.PCT("ML-KEM PCT", func() error { return kemPCT(dk) }); err != nil { // This clearly can't happen, but FIPS 140-3 requires us to check. panic(err) } - fips.RecordApproved() + fips140.RecordApproved() return dk, nil } @@ -179,11 +179,11 @@ func newKeyFromSeed(dk *DecapsulationKey768, seed []byte) (*DecapsulationKey768, d := (*[32]byte)(seed[:32]) z := (*[32]byte)(seed[32:]) kemKeyGen(dk, d, z) - if err := fips.PCT("ML-KEM PCT", func() error { return kemPCT(dk) }); err != nil { + if err := fips140.PCT("ML-KEM PCT", func() error { return kemPCT(dk) }); err != nil { // This clearly can't happen, but FIPS 140-3 requires us to check. panic(err) } - fips.RecordApproved() + fips140.RecordApproved() return dk, nil } @@ -272,7 +272,7 @@ func (ek *EncapsulationKey768) encapsulate(cc *[CiphertextSize768]byte) (ciphert drbg.Read(m[:]) // Note that the modulus check (step 2 of the encapsulation key check from // FIPS 203, Section 7.2) is performed by polyByteDecode in parseEK. - fips.RecordApproved() + fips140.RecordApproved() return kemEncaps(cc, ek, &m) } @@ -398,7 +398,7 @@ func (dk *DecapsulationKey768) Decapsulate(ciphertext []byte) (sharedKey []byte, // // It implements ML-KEM.Decaps_internal according to FIPS 203, Algorithm 18. func kemDecaps(dk *DecapsulationKey768, c *[CiphertextSize768]byte) (K []byte) { - fips.RecordApproved() + fips140.RecordApproved() m := pkeDecrypt(&dk.decryptionKey, c) g := sha3.New512() g.Write(m[:]) diff --git a/src/crypto/internal/fips/nistec/_asm/go.mod b/src/crypto/internal/fips140/nistec/_asm/go.mod similarity index 80% rename from src/crypto/internal/fips/nistec/_asm/go.mod rename to src/crypto/internal/fips140/nistec/_asm/go.mod index eb361dbaf5..09daa24027 100644 --- a/src/crypto/internal/fips/nistec/_asm/go.mod +++ b/src/crypto/internal/fips140/nistec/_asm/go.mod @@ -1,4 +1,4 @@ -module crypto/internal/fips/nistec/_asm +module crypto/internal/fips140/nistec/_asm go 1.24 diff --git a/src/crypto/internal/fips/nistec/_asm/go.sum b/src/crypto/internal/fips140/nistec/_asm/go.sum similarity index 100% rename from src/crypto/internal/fips/nistec/_asm/go.sum rename to src/crypto/internal/fips140/nistec/_asm/go.sum diff --git a/src/crypto/internal/fips/nistec/_asm/p256_asm.go b/src/crypto/internal/fips140/nistec/_asm/p256_asm.go similarity index 99% rename from src/crypto/internal/fips/nistec/_asm/p256_asm.go rename to src/crypto/internal/fips140/nistec/_asm/p256_asm.go index 5616513a24..c32e7edf74 100644 --- a/src/crypto/internal/fips/nistec/_asm/p256_asm.go +++ b/src/crypto/internal/fips140/nistec/_asm/p256_asm.go @@ -43,7 +43,7 @@ var ( ) func main() { - Package("crypto/internal/fips/nistec") + Package("crypto/internal/fips140/nistec") ConstraintExpr("!purego") p256MovCond() p256NegCond() diff --git a/src/crypto/internal/fips/nistec/benchmark_test.go b/src/crypto/internal/fips140/nistec/benchmark_test.go similarity index 98% rename from src/crypto/internal/fips/nistec/benchmark_test.go rename to src/crypto/internal/fips140/nistec/benchmark_test.go index 17d131e05b..1b8d4f4e71 100644 --- a/src/crypto/internal/fips/nistec/benchmark_test.go +++ b/src/crypto/internal/fips140/nistec/benchmark_test.go @@ -5,7 +5,7 @@ package nistec_test import ( - "crypto/internal/fips/nistec" + "crypto/internal/fips140/nistec" "crypto/rand" "testing" ) diff --git a/src/crypto/internal/fips/nistec/fiat/Dockerfile b/src/crypto/internal/fips140/nistec/fiat/Dockerfile similarity index 100% rename from src/crypto/internal/fips/nistec/fiat/Dockerfile rename to src/crypto/internal/fips140/nistec/fiat/Dockerfile diff --git a/src/crypto/internal/fips/nistec/fiat/README b/src/crypto/internal/fips140/nistec/fiat/README similarity index 100% rename from src/crypto/internal/fips/nistec/fiat/README rename to src/crypto/internal/fips140/nistec/fiat/README diff --git a/src/crypto/internal/fips/nistec/fiat/benchmark_test.go b/src/crypto/internal/fips140/nistec/fiat/benchmark_test.go similarity index 96% rename from src/crypto/internal/fips/nistec/fiat/benchmark_test.go rename to src/crypto/internal/fips140/nistec/fiat/benchmark_test.go index 013d76f7ba..eed6952962 100644 --- a/src/crypto/internal/fips/nistec/fiat/benchmark_test.go +++ b/src/crypto/internal/fips140/nistec/fiat/benchmark_test.go @@ -5,7 +5,7 @@ package fiat_test import ( - "crypto/internal/fips/nistec/fiat" + "crypto/internal/fips140/nistec/fiat" "testing" ) diff --git a/src/crypto/internal/fips/nistec/fiat/cast.go b/src/crypto/internal/fips140/nistec/fiat/cast.go similarity index 80% rename from src/crypto/internal/fips/nistec/fiat/cast.go rename to src/crypto/internal/fips140/nistec/fiat/cast.go index 1b536fd7d7..39fecd4249 100644 --- a/src/crypto/internal/fips/nistec/fiat/cast.go +++ b/src/crypto/internal/fips140/nistec/fiat/cast.go @@ -4,4 +4,4 @@ package fiat -import _ "crypto/internal/fips/check" +import _ "crypto/internal/fips140/check" diff --git a/src/crypto/internal/fips/nistec/fiat/generate.go b/src/crypto/internal/fips140/nistec/fiat/generate.go similarity index 99% rename from src/crypto/internal/fips/nistec/fiat/generate.go rename to src/crypto/internal/fips140/nistec/fiat/generate.go index 831524970b..b8c5a1389c 100644 --- a/src/crypto/internal/fips/nistec/fiat/generate.go +++ b/src/crypto/internal/fips140/nistec/fiat/generate.go @@ -152,7 +152,7 @@ const tmplWrapper = `// Copyright 2021 The Go Authors. All rights reserved. package fiat import ( - "crypto/internal/fips/subtle" + "crypto/internal/fips140/subtle" "errors" ) diff --git a/src/crypto/internal/fips/nistec/fiat/p224.go b/src/crypto/internal/fips140/nistec/fiat/p224.go similarity index 99% rename from src/crypto/internal/fips/nistec/fiat/p224.go rename to src/crypto/internal/fips140/nistec/fiat/p224.go index 0973f173c1..cdce9f7018 100644 --- a/src/crypto/internal/fips/nistec/fiat/p224.go +++ b/src/crypto/internal/fips140/nistec/fiat/p224.go @@ -7,7 +7,7 @@ package fiat import ( - "crypto/internal/fips/subtle" + "crypto/internal/fips140/subtle" "errors" ) diff --git a/src/crypto/internal/fips/nistec/fiat/p224_fiat64.go b/src/crypto/internal/fips140/nistec/fiat/p224_fiat64.go similarity index 100% rename from src/crypto/internal/fips/nistec/fiat/p224_fiat64.go rename to src/crypto/internal/fips140/nistec/fiat/p224_fiat64.go diff --git a/src/crypto/internal/fips/nistec/fiat/p224_invert.go b/src/crypto/internal/fips140/nistec/fiat/p224_invert.go similarity index 100% rename from src/crypto/internal/fips/nistec/fiat/p224_invert.go rename to src/crypto/internal/fips140/nistec/fiat/p224_invert.go diff --git a/src/crypto/internal/fips/nistec/fiat/p256.go b/src/crypto/internal/fips140/nistec/fiat/p256.go similarity index 99% rename from src/crypto/internal/fips/nistec/fiat/p256.go rename to src/crypto/internal/fips140/nistec/fiat/p256.go index 7933e05bcf..fb7284977a 100644 --- a/src/crypto/internal/fips/nistec/fiat/p256.go +++ b/src/crypto/internal/fips140/nistec/fiat/p256.go @@ -7,7 +7,7 @@ package fiat import ( - "crypto/internal/fips/subtle" + "crypto/internal/fips140/subtle" "errors" ) diff --git a/src/crypto/internal/fips/nistec/fiat/p256_fiat64.go b/src/crypto/internal/fips140/nistec/fiat/p256_fiat64.go similarity index 100% rename from src/crypto/internal/fips/nistec/fiat/p256_fiat64.go rename to src/crypto/internal/fips140/nistec/fiat/p256_fiat64.go diff --git a/src/crypto/internal/fips/nistec/fiat/p256_invert.go b/src/crypto/internal/fips140/nistec/fiat/p256_invert.go similarity index 100% rename from src/crypto/internal/fips/nistec/fiat/p256_invert.go rename to src/crypto/internal/fips140/nistec/fiat/p256_invert.go diff --git a/src/crypto/internal/fips/nistec/fiat/p384.go b/src/crypto/internal/fips140/nistec/fiat/p384.go similarity index 99% rename from src/crypto/internal/fips/nistec/fiat/p384.go rename to src/crypto/internal/fips140/nistec/fiat/p384.go index 667c62b01c..505b7e9a2d 100644 --- a/src/crypto/internal/fips/nistec/fiat/p384.go +++ b/src/crypto/internal/fips140/nistec/fiat/p384.go @@ -7,7 +7,7 @@ package fiat import ( - "crypto/internal/fips/subtle" + "crypto/internal/fips140/subtle" "errors" ) diff --git a/src/crypto/internal/fips/nistec/fiat/p384_fiat64.go b/src/crypto/internal/fips140/nistec/fiat/p384_fiat64.go similarity index 100% rename from src/crypto/internal/fips/nistec/fiat/p384_fiat64.go rename to src/crypto/internal/fips140/nistec/fiat/p384_fiat64.go diff --git a/src/crypto/internal/fips/nistec/fiat/p384_invert.go b/src/crypto/internal/fips140/nistec/fiat/p384_invert.go similarity index 100% rename from src/crypto/internal/fips/nistec/fiat/p384_invert.go rename to src/crypto/internal/fips140/nistec/fiat/p384_invert.go diff --git a/src/crypto/internal/fips/nistec/fiat/p521.go b/src/crypto/internal/fips140/nistec/fiat/p521.go similarity index 99% rename from src/crypto/internal/fips/nistec/fiat/p521.go rename to src/crypto/internal/fips140/nistec/fiat/p521.go index 7106470572..48141900ff 100644 --- a/src/crypto/internal/fips/nistec/fiat/p521.go +++ b/src/crypto/internal/fips140/nistec/fiat/p521.go @@ -7,7 +7,7 @@ package fiat import ( - "crypto/internal/fips/subtle" + "crypto/internal/fips140/subtle" "errors" ) diff --git a/src/crypto/internal/fips/nistec/fiat/p521_fiat64.go b/src/crypto/internal/fips140/nistec/fiat/p521_fiat64.go similarity index 100% rename from src/crypto/internal/fips/nistec/fiat/p521_fiat64.go rename to src/crypto/internal/fips140/nistec/fiat/p521_fiat64.go diff --git a/src/crypto/internal/fips/nistec/fiat/p521_invert.go b/src/crypto/internal/fips140/nistec/fiat/p521_invert.go similarity index 100% rename from src/crypto/internal/fips/nistec/fiat/p521_invert.go rename to src/crypto/internal/fips140/nistec/fiat/p521_invert.go diff --git a/src/crypto/internal/fips/nistec/generate.go b/src/crypto/internal/fips140/nistec/generate.go similarity index 99% rename from src/crypto/internal/fips/nistec/generate.go rename to src/crypto/internal/fips140/nistec/generate.go index 105ce79d66..7786dc556f 100644 --- a/src/crypto/internal/fips/nistec/generate.go +++ b/src/crypto/internal/fips140/nistec/generate.go @@ -140,8 +140,8 @@ const tmplNISTEC = `// Copyright 2022 The Go Authors. All rights reserved. package nistec import ( - "crypto/internal/fips/nistec/fiat" - "crypto/internal/fips/subtle" + "crypto/internal/fips140/nistec/fiat" + "crypto/internal/fips140/subtle" "errors" "sync" ) diff --git a/src/crypto/internal/fips/nistec/nistec.go b/src/crypto/internal/fips140/nistec/nistec.go similarity index 94% rename from src/crypto/internal/fips/nistec/nistec.go rename to src/crypto/internal/fips140/nistec/nistec.go index c85cfa370d..7ec9818818 100644 --- a/src/crypto/internal/fips/nistec/nistec.go +++ b/src/crypto/internal/fips140/nistec/nistec.go @@ -12,6 +12,6 @@ // can't be represented. package nistec -import _ "crypto/internal/fips/check" +import _ "crypto/internal/fips140/check" //go:generate go run generate.go diff --git a/src/crypto/internal/fips/nistec/p224.go b/src/crypto/internal/fips140/nistec/p224.go similarity index 99% rename from src/crypto/internal/fips/nistec/p224.go rename to src/crypto/internal/fips140/nistec/p224.go index ef6e7e6baf..82bced251f 100644 --- a/src/crypto/internal/fips/nistec/p224.go +++ b/src/crypto/internal/fips140/nistec/p224.go @@ -7,8 +7,8 @@ package nistec import ( - "crypto/internal/fips/nistec/fiat" - "crypto/internal/fips/subtle" + "crypto/internal/fips140/nistec/fiat" + "crypto/internal/fips140/subtle" "errors" "sync" ) diff --git a/src/crypto/internal/fips/nistec/p224_sqrt.go b/src/crypto/internal/fips140/nistec/p224_sqrt.go similarity index 98% rename from src/crypto/internal/fips/nistec/p224_sqrt.go rename to src/crypto/internal/fips140/nistec/p224_sqrt.go index c83e965bb4..338c2491ed 100644 --- a/src/crypto/internal/fips/nistec/p224_sqrt.go +++ b/src/crypto/internal/fips140/nistec/p224_sqrt.go @@ -5,7 +5,7 @@ package nistec import ( - "crypto/internal/fips/nistec/fiat" + "crypto/internal/fips140/nistec/fiat" "sync" ) diff --git a/src/crypto/internal/fips/nistec/p256.go b/src/crypto/internal/fips140/nistec/p256.go similarity index 99% rename from src/crypto/internal/fips/nistec/p256.go rename to src/crypto/internal/fips140/nistec/p256.go index e83fc034bd..c957c54247 100644 --- a/src/crypto/internal/fips/nistec/p256.go +++ b/src/crypto/internal/fips140/nistec/p256.go @@ -7,10 +7,10 @@ package nistec import ( - "crypto/internal/fips/nistec/fiat" - "crypto/internal/fips/subtle" - "crypto/internal/fipsdeps/byteorder" - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140/nistec/fiat" + "crypto/internal/fips140/subtle" + "crypto/internal/fips140deps/byteorder" + "crypto/internal/fips140deps/cpu" "errors" "math/bits" "sync" diff --git a/src/crypto/internal/fips/nistec/p256_asm.go b/src/crypto/internal/fips140/nistec/p256_asm.go similarity index 99% rename from src/crypto/internal/fips/nistec/p256_asm.go rename to src/crypto/internal/fips140/nistec/p256_asm.go index 08e771cc10..f00e70d99d 100644 --- a/src/crypto/internal/fips/nistec/p256_asm.go +++ b/src/crypto/internal/fips140/nistec/p256_asm.go @@ -15,7 +15,7 @@ package nistec import ( - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140deps/byteorder" "errors" "math/bits" "runtime" diff --git a/src/crypto/internal/fips/nistec/p256_asm_amd64.s b/src/crypto/internal/fips140/nistec/p256_asm_amd64.s similarity index 100% rename from src/crypto/internal/fips/nistec/p256_asm_amd64.s rename to src/crypto/internal/fips140/nistec/p256_asm_amd64.s diff --git a/src/crypto/internal/fips/nistec/p256_asm_arm64.s b/src/crypto/internal/fips140/nistec/p256_asm_arm64.s similarity index 100% rename from src/crypto/internal/fips/nistec/p256_asm_arm64.s rename to src/crypto/internal/fips140/nistec/p256_asm_arm64.s diff --git a/src/crypto/internal/fips/nistec/p256_asm_ppc64le.s b/src/crypto/internal/fips140/nistec/p256_asm_ppc64le.s similarity index 100% rename from src/crypto/internal/fips/nistec/p256_asm_ppc64le.s rename to src/crypto/internal/fips140/nistec/p256_asm_ppc64le.s diff --git a/src/crypto/internal/fips/nistec/p256_asm_s390x.s b/src/crypto/internal/fips140/nistec/p256_asm_s390x.s similarity index 100% rename from src/crypto/internal/fips/nistec/p256_asm_s390x.s rename to src/crypto/internal/fips140/nistec/p256_asm_s390x.s diff --git a/src/crypto/internal/fips/nistec/p256_asm_test.go b/src/crypto/internal/fips140/nistec/p256_asm_test.go similarity index 100% rename from src/crypto/internal/fips/nistec/p256_asm_test.go rename to src/crypto/internal/fips140/nistec/p256_asm_test.go diff --git a/src/crypto/internal/fips/nistec/p256_ordinv.go b/src/crypto/internal/fips140/nistec/p256_ordinv.go similarity index 100% rename from src/crypto/internal/fips/nistec/p256_ordinv.go rename to src/crypto/internal/fips140/nistec/p256_ordinv.go diff --git a/src/crypto/internal/fips/nistec/p256_ordinv_noasm.go b/src/crypto/internal/fips140/nistec/p256_ordinv_noasm.go similarity index 100% rename from src/crypto/internal/fips/nistec/p256_ordinv_noasm.go rename to src/crypto/internal/fips140/nistec/p256_ordinv_noasm.go diff --git a/src/crypto/internal/fips/nistec/p256_table.go b/src/crypto/internal/fips140/nistec/p256_table.go similarity index 100% rename from src/crypto/internal/fips/nistec/p256_table.go rename to src/crypto/internal/fips140/nistec/p256_table.go diff --git a/src/crypto/internal/fips/nistec/p256_table_test.go b/src/crypto/internal/fips140/nistec/p256_table_test.go similarity index 96% rename from src/crypto/internal/fips/nistec/p256_table_test.go rename to src/crypto/internal/fips140/nistec/p256_table_test.go index 0fb95ccf82..5b2757da2b 100644 --- a/src/crypto/internal/fips/nistec/p256_table_test.go +++ b/src/crypto/internal/fips140/nistec/p256_table_test.go @@ -8,7 +8,7 @@ package nistec import ( "bytes" - "crypto/internal/fips/nistec/fiat" + "crypto/internal/fips140/nistec/fiat" "fmt" "testing" ) diff --git a/src/crypto/internal/fips/nistec/p384.go b/src/crypto/internal/fips140/nistec/p384.go similarity index 99% rename from src/crypto/internal/fips/nistec/p384.go rename to src/crypto/internal/fips140/nistec/p384.go index 49226d96df..318c08a979 100644 --- a/src/crypto/internal/fips/nistec/p384.go +++ b/src/crypto/internal/fips140/nistec/p384.go @@ -7,8 +7,8 @@ package nistec import ( - "crypto/internal/fips/nistec/fiat" - "crypto/internal/fips/subtle" + "crypto/internal/fips140/nistec/fiat" + "crypto/internal/fips140/subtle" "errors" "sync" ) diff --git a/src/crypto/internal/fips/nistec/p521.go b/src/crypto/internal/fips140/nistec/p521.go similarity index 99% rename from src/crypto/internal/fips/nistec/p521.go rename to src/crypto/internal/fips140/nistec/p521.go index f724d0233a..8ade8a3304 100644 --- a/src/crypto/internal/fips/nistec/p521.go +++ b/src/crypto/internal/fips140/nistec/p521.go @@ -7,8 +7,8 @@ package nistec import ( - "crypto/internal/fips/nistec/fiat" - "crypto/internal/fips/subtle" + "crypto/internal/fips140/nistec/fiat" + "crypto/internal/fips140/subtle" "errors" "sync" ) diff --git a/src/crypto/internal/fips/rsa/cast.go b/src/crypto/internal/fips140/rsa/cast.go similarity index 98% rename from src/crypto/internal/fips/rsa/cast.go rename to src/crypto/internal/fips140/rsa/cast.go index 41666e6a0b..a547d985e8 100644 --- a/src/crypto/internal/fips/rsa/cast.go +++ b/src/crypto/internal/fips140/rsa/cast.go @@ -6,9 +6,9 @@ package rsa import ( "bytes" - "crypto/internal/fips" - "crypto/internal/fips/bigmod" - _ "crypto/internal/fips/check" + "crypto/internal/fips140" + "crypto/internal/fips140/bigmod" + _ "crypto/internal/fips140/check" "errors" "sync" ) @@ -185,7 +185,7 @@ func testHash() []byte { } var fipsSelfTest = sync.OnceFunc(func() { - fips.CAST("RSASSA-PKCS-v1.5 2048-bit sign and verify", func() error { + fips140.CAST("RSASSA-PKCS-v1.5 2048-bit sign and verify", func() error { k := testPrivateKey() hash := []byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, diff --git a/src/crypto/internal/fips/rsa/pkcs1v15.go b/src/crypto/internal/fips140/rsa/pkcs1v15.go similarity index 97% rename from src/crypto/internal/fips/rsa/pkcs1v15.go rename to src/crypto/internal/fips140/rsa/pkcs1v15.go index a3f8f5b339..b8261bd1e5 100644 --- a/src/crypto/internal/fips/rsa/pkcs1v15.go +++ b/src/crypto/internal/fips140/rsa/pkcs1v15.go @@ -8,7 +8,7 @@ package rsa import ( "bytes" - "crypto/internal/fips" + "crypto/internal/fips140" "errors" ) @@ -45,7 +45,7 @@ var hashPrefixes = map[string][]byte{ // or the empty string to indicate that the message is signed directly. func SignPKCS1v15(priv *PrivateKey, hash string, hashed []byte) ([]byte, error) { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() checkApprovedHashName(hash) return signPKCS1v15(priv, hash, hashed) @@ -92,7 +92,7 @@ func pkcs1v15ConstructEM(pub *PublicKey, hash string, hashed []byte) ([]byte, er // or the empty string to indicate that the message is signed directly. func VerifyPKCS1v15(pub *PublicKey, hash string, hashed []byte, sig []byte) error { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() checkApprovedHashName(hash) return verifyPKCS1v15(pub, hash, hashed, sig) @@ -131,6 +131,6 @@ func checkApprovedHashName(hash string) { case "SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA-512/224", "SHA-512/256", "SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512": default: - fips.RecordNonApproved() + fips140.RecordNonApproved() } } diff --git a/src/crypto/internal/fips/rsa/pkcs1v15_test.go b/src/crypto/internal/fips140/rsa/pkcs1v15_test.go similarity index 100% rename from src/crypto/internal/fips/rsa/pkcs1v15_test.go rename to src/crypto/internal/fips140/rsa/pkcs1v15_test.go diff --git a/src/crypto/internal/fips/rsa/pkcs1v22.go b/src/crypto/internal/fips140/rsa/pkcs1v22.go similarity index 89% rename from src/crypto/internal/fips/rsa/pkcs1v22.go rename to src/crypto/internal/fips140/rsa/pkcs1v22.go index 753d96e7b1..2e82317ffa 100644 --- a/src/crypto/internal/fips/rsa/pkcs1v22.go +++ b/src/crypto/internal/fips140/rsa/pkcs1v22.go @@ -9,12 +9,12 @@ package rsa import ( "bytes" - "crypto/internal/fips" - "crypto/internal/fips/drbg" - "crypto/internal/fips/sha256" - "crypto/internal/fips/sha3" - "crypto/internal/fips/sha512" - "crypto/internal/fips/subtle" + "crypto/internal/fips140" + "crypto/internal/fips140/drbg" + "crypto/internal/fips140/sha256" + "crypto/internal/fips140/sha3" + "crypto/internal/fips140/sha512" + "crypto/internal/fips140/subtle" "errors" "io" ) @@ -48,7 +48,7 @@ func incCounter(c *[4]byte) { // mgf1XOR XORs the bytes in out with a mask generated using the MGF1 function // specified in PKCS #1 v2.1. -func mgf1XOR(out []byte, hash fips.Hash, seed []byte) { +func mgf1XOR(out []byte, hash fips140.Hash, seed []byte) { var counter [4]byte var digest []byte @@ -67,7 +67,7 @@ func mgf1XOR(out []byte, hash fips.Hash, seed []byte) { } } -func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash fips.Hash) ([]byte, error) { +func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash fips140.Hash) ([]byte, error) { // See RFC 8017, Section 9.1.1. hLen := hash.Size() @@ -144,7 +144,7 @@ func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash fips.Hash) ([]byt const pssSaltLengthAutodetect = -1 -func emsaPSSVerify(mHash, em []byte, emBits, sLen int, hash fips.Hash) error { +func emsaPSSVerify(mHash, em []byte, emBits, sLen int, hash fips140.Hash) error { // See RFC 8017, Section 9.1.2. hLen := hash.Size() @@ -207,7 +207,7 @@ func emsaPSSVerify(mHash, em []byte, emBits, sLen int, hash fips.Hash) error { // FIPS 186-5, Section 5.4(g): "the length (in bytes) of the salt (sLen) // shall satisfy 0 ≤ sLen ≤ hLen". if sLen > hLen { - fips.RecordNonApproved() + fips140.RecordNonApproved() } // 10. If the emLen - hLen - sLen - 2 leftmost octets of DB are not zero @@ -250,14 +250,14 @@ func emsaPSSVerify(mHash, em []byte, emBits, sLen int, hash fips.Hash) error { // PSSMaxSaltLength returns the maximum salt length for a given public key and // hash function. -func PSSMaxSaltLength(pub *PublicKey, hash fips.Hash) (int, error) { +func PSSMaxSaltLength(pub *PublicKey, hash fips140.Hash) (int, error) { saltLength := (pub.N.BitLen()-1+7)/8 - 2 - hash.Size() if saltLength < 0 { return 0, ErrMessageTooLong } // FIPS 186-5, Section 5.4(g): "the length (in bytes) of the salt (sLen) // shall satisfy 0 ≤ sLen ≤ hLen". - if fips.Enabled && saltLength > hash.Size() { + if fips140.Enabled && saltLength > hash.Size() { return hash.Size(), nil } return saltLength, nil @@ -266,9 +266,9 @@ func PSSMaxSaltLength(pub *PublicKey, hash fips.Hash) (int, error) { // SignPSS calculates the signature of hashed using RSASSA-PSS. // // In FIPS mode, rand is ignored and can be nil. -func SignPSS(rand io.Reader, priv *PrivateKey, hash fips.Hash, hashed []byte, saltLength int) ([]byte, error) { +func SignPSS(rand io.Reader, priv *PrivateKey, hash fips140.Hash, hashed []byte, saltLength int) ([]byte, error) { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() checkApprovedHash(hash) // Note that while we don't commit to deterministic execution with respect @@ -283,10 +283,10 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash fips.Hash, hashed []byte, sa // FIPS 186-5, Section 5.4(g): "the length (in bytes) of the salt (sLen) // shall satisfy 0 ≤ sLen ≤ hLen". if saltLength > hash.Size() { - fips.RecordNonApproved() + fips140.RecordNonApproved() } salt := make([]byte, saltLength) - if fips.Enabled { + if fips140.Enabled { drbg.Read(salt) } else { if _, err := io.ReadFull(rand, salt); err != nil { @@ -317,21 +317,21 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash fips.Hash, hashed []byte, sa } // VerifyPSS verifies sig with RSASSA-PSS automatically detecting the salt length. -func VerifyPSS(pub *PublicKey, hash fips.Hash, digest []byte, sig []byte) error { +func VerifyPSS(pub *PublicKey, hash fips140.Hash, digest []byte, sig []byte) error { return verifyPSS(pub, hash, digest, sig, pssSaltLengthAutodetect) } // VerifyPSS verifies sig with RSASSA-PSS and an expected salt length. -func VerifyPSSWithSaltLength(pub *PublicKey, hash fips.Hash, digest []byte, sig []byte, saltLength int) error { +func VerifyPSSWithSaltLength(pub *PublicKey, hash fips140.Hash, digest []byte, sig []byte, saltLength int) error { if saltLength < 0 { return errors.New("crypto/rsa: salt length cannot be negative") } return verifyPSS(pub, hash, digest, sig, saltLength) } -func verifyPSS(pub *PublicKey, hash fips.Hash, digest []byte, sig []byte, saltLength int) error { +func verifyPSS(pub *PublicKey, hash fips140.Hash, digest []byte, sig []byte, saltLength int) error { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() checkApprovedHash(hash) if err := checkPublicKey(pub); err != nil { return err @@ -363,18 +363,18 @@ func verifyPSS(pub *PublicKey, hash fips.Hash, digest []byte, sig []byte, saltLe return emsaPSSVerify(digest, em, emBits, saltLength, hash) } -func checkApprovedHash(hash fips.Hash) { +func checkApprovedHash(hash fips140.Hash) { switch hash.(type) { case *sha256.Digest, *sha512.Digest, *sha3.Digest: default: - fips.RecordNonApproved() + fips140.RecordNonApproved() } } // EncryptOAEP encrypts the given message with RSAES-OAEP. // // In FIPS mode, random is ignored and can be nil. -func EncryptOAEP(hash fips.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error) { +func EncryptOAEP(hash fips140.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error) { // Note that while we don't commit to deterministic execution with respect // to the random stream, we also don't apply MaybeReadByte, so per Hyrum's // Law it's probably relied upon by some. It's a tolerable promise because a @@ -382,7 +382,7 @@ func EncryptOAEP(hash fips.Hash, random io.Reader, pub *PublicKey, msg []byte, l // well-specified way. fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() checkApprovedHash(hash) if err := checkPublicKey(pub); err != nil { return nil, err @@ -404,7 +404,7 @@ func EncryptOAEP(hash fips.Hash, random io.Reader, pub *PublicKey, msg []byte, l db[len(db)-len(msg)-1] = 1 copy(db[len(db)-len(msg):], msg) - if fips.Enabled { + if fips140.Enabled { drbg.Read(seed) } else { _, err := io.ReadFull(random, seed) @@ -420,9 +420,9 @@ func EncryptOAEP(hash fips.Hash, random io.Reader, pub *PublicKey, msg []byte, l } // DecryptOAEP decrypts ciphertext using RSAES-OAEP. -func DecryptOAEP(hash, mgfHash fips.Hash, priv *PrivateKey, ciphertext []byte, label []byte) ([]byte, error) { +func DecryptOAEP(hash, mgfHash fips140.Hash, priv *PrivateKey, ciphertext []byte, label []byte) ([]byte, error) { fipsSelfTest() - fips.RecordApproved() + fips140.RecordApproved() checkApprovedHash(hash) k := priv.pub.Size() diff --git a/src/crypto/internal/fips/rsa/pkcs1v22_test.go b/src/crypto/internal/fips140/rsa/pkcs1v22_test.go similarity index 100% rename from src/crypto/internal/fips/rsa/pkcs1v22_test.go rename to src/crypto/internal/fips140/rsa/pkcs1v22_test.go diff --git a/src/crypto/internal/fips/rsa/rsa.go b/src/crypto/internal/fips140/rsa/rsa.go similarity index 94% rename from src/crypto/internal/fips/rsa/rsa.go rename to src/crypto/internal/fips140/rsa/rsa.go index d7a7b03c6d..91655142dd 100644 --- a/src/crypto/internal/fips/rsa/rsa.go +++ b/src/crypto/internal/fips140/rsa/rsa.go @@ -5,8 +5,8 @@ package rsa import ( - "crypto/internal/fips" - "crypto/internal/fips/bigmod" + "crypto/internal/fips140" + "crypto/internal/fips140/bigmod" "errors" ) @@ -68,7 +68,7 @@ func NewPrivateKey(N []byte, e int, d, P, Q, dP, dQ, qInv []byte) (*PrivateKey, // TODO(filippo): implement CRT computation. For now, NewPrivateKey is // always called with CRT values. if dP == nil || dQ == nil || qInv == nil { - panic("crypto/internal/fips/rsa: internal error: missing CRT parameters") + panic("crypto/internal/fips140/rsa: internal error: missing CRT parameters") } qInvN, err := bigmod.NewNat().SetBytes(qInv, p) if err != nil { @@ -116,7 +116,7 @@ func checkPublicKey(pub *PublicKey) error { return errors.New("crypto/rsa: missing public modulus") } if pub.N.BitLen() < 2048 || pub.N.BitLen() > 16384 { - fips.RecordNonApproved() + fips140.RecordNonApproved() } if pub.E < 2 { return errors.New("crypto/rsa: public exponent too small or negative") @@ -124,7 +124,7 @@ func checkPublicKey(pub *PublicKey) error { // FIPS 186-5, Section 5.5(e): "The exponent e shall be an odd, positive // integer such that 2¹⁶ < e < 2²⁵⁶." if pub.E <= 1<<16 || pub.E&1 == 0 { - fips.RecordNonApproved() + fips140.RecordNonApproved() } // We require pub.E to fit into a 32-bit integer so that we // do not have different behavior depending on whether @@ -138,7 +138,7 @@ func checkPublicKey(pub *PublicKey) error { // Encrypt performs the RSA public key operation. func Encrypt(pub *PublicKey, plaintext []byte) ([]byte, error) { - fips.RecordNonApproved() + fips140.RecordNonApproved() if err := checkPublicKey(pub); err != nil { return nil, err } @@ -162,14 +162,14 @@ const noCheck = false // DecryptWithoutCheck performs the RSA private key operation. func DecryptWithoutCheck(priv *PrivateKey, ciphertext []byte) ([]byte, error) { - fips.RecordNonApproved() + fips140.RecordNonApproved() return decrypt(priv, ciphertext, noCheck) } // DecryptWithCheck performs the RSA private key operation and checks the // result to defend against errors in the CRT computation. func DecryptWithCheck(priv *PrivateKey, ciphertext []byte) ([]byte, error) { - fips.RecordNonApproved() + fips140.RecordNonApproved() return decrypt(priv, ciphertext, withCheck) } @@ -187,7 +187,7 @@ func decrypt(priv *PrivateKey, ciphertext []byte, check bool) ([]byte, error) { if priv.dP == nil { // Legacy codepath for deprecated multi-prime keys. - fips.RecordNonApproved() + fips140.RecordNonApproved() m = bigmod.NewNat().Exp(c, priv.d.Bytes(N), N) } else { diff --git a/src/crypto/internal/fips/sha256/_asm/go.mod b/src/crypto/internal/fips140/sha256/_asm/go.mod similarity index 100% rename from src/crypto/internal/fips/sha256/_asm/go.mod rename to src/crypto/internal/fips140/sha256/_asm/go.mod diff --git a/src/crypto/internal/fips/sha256/_asm/go.sum b/src/crypto/internal/fips140/sha256/_asm/go.sum similarity index 100% rename from src/crypto/internal/fips/sha256/_asm/go.sum rename to src/crypto/internal/fips140/sha256/_asm/go.sum diff --git a/src/crypto/internal/fips/sha256/_asm/sha256block_amd64_asm.go b/src/crypto/internal/fips140/sha256/_asm/sha256block_amd64_asm.go similarity index 99% rename from src/crypto/internal/fips/sha256/_asm/sha256block_amd64_asm.go rename to src/crypto/internal/fips140/sha256/_asm/sha256block_amd64_asm.go index 3f5d5bdc23..b26c2418e5 100644 --- a/src/crypto/internal/fips/sha256/_asm/sha256block_amd64_asm.go +++ b/src/crypto/internal/fips140/sha256/_asm/sha256block_amd64_asm.go @@ -59,7 +59,7 @@ func main() { os.Setenv("GOOS", "linux") os.Setenv("GOARCH", "amd64") - Package("crypto/internal/fips/sha256") + Package("crypto/internal/fips140/sha256") ConstraintExpr("!purego") blockAMD64() blockAVX2() diff --git a/src/crypto/internal/fips/sha256/_asm/sha256block_amd64_avx2.go b/src/crypto/internal/fips140/sha256/_asm/sha256block_amd64_avx2.go similarity index 100% rename from src/crypto/internal/fips/sha256/_asm/sha256block_amd64_avx2.go rename to src/crypto/internal/fips140/sha256/_asm/sha256block_amd64_avx2.go diff --git a/src/crypto/internal/fips/sha256/_asm/sha256block_amd64_shani.go b/src/crypto/internal/fips140/sha256/_asm/sha256block_amd64_shani.go similarity index 100% rename from src/crypto/internal/fips/sha256/_asm/sha256block_amd64_shani.go rename to src/crypto/internal/fips140/sha256/_asm/sha256block_amd64_shani.go diff --git a/src/crypto/internal/fips/sha256/cast.go b/src/crypto/internal/fips140/sha256/cast.go similarity index 91% rename from src/crypto/internal/fips/sha256/cast.go rename to src/crypto/internal/fips140/sha256/cast.go index ea40ebe76c..2994d35d10 100644 --- a/src/crypto/internal/fips/sha256/cast.go +++ b/src/crypto/internal/fips140/sha256/cast.go @@ -6,12 +6,12 @@ package sha256 import ( "bytes" - "crypto/internal/fips" + "crypto/internal/fips140" "errors" ) func init() { - fips.CAST("SHA2-256", func() error { + fips140.CAST("SHA2-256", func() error { input := []byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, diff --git a/src/crypto/internal/fips/sha256/sha256.go b/src/crypto/internal/fips140/sha256/sha256.go similarity index 98% rename from src/crypto/internal/fips/sha256/sha256.go rename to src/crypto/internal/fips140/sha256/sha256.go index 16b9aae316..e8c7c25f06 100644 --- a/src/crypto/internal/fips/sha256/sha256.go +++ b/src/crypto/internal/fips140/sha256/sha256.go @@ -7,8 +7,8 @@ package sha256 import ( - "crypto/internal/fips" - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140" + "crypto/internal/fips140deps/byteorder" "errors" ) @@ -182,7 +182,7 @@ func (d *Digest) Write(p []byte) (nn int, err error) { } func (d *Digest) Sum(in []byte) []byte { - fips.RecordApproved() + fips140.RecordApproved() // Make a copy of d so that caller can keep writing and summing. d0 := *d hash := d0.checkSum() diff --git a/src/crypto/internal/fips/sha256/sha256block.go b/src/crypto/internal/fips140/sha256/sha256block.go similarity index 100% rename from src/crypto/internal/fips/sha256/sha256block.go rename to src/crypto/internal/fips140/sha256/sha256block.go diff --git a/src/crypto/internal/fips/sha256/sha256block_386.s b/src/crypto/internal/fips140/sha256/sha256block_386.s similarity index 100% rename from src/crypto/internal/fips/sha256/sha256block_386.s rename to src/crypto/internal/fips140/sha256/sha256block_386.s diff --git a/src/crypto/internal/fips/sha256/sha256block_amd64.go b/src/crypto/internal/fips140/sha256/sha256block_amd64.go similarity index 95% rename from src/crypto/internal/fips/sha256/sha256block_amd64.go rename to src/crypto/internal/fips140/sha256/sha256block_amd64.go index 05455ce779..291a565b1c 100644 --- a/src/crypto/internal/fips/sha256/sha256block_amd64.go +++ b/src/crypto/internal/fips140/sha256/sha256block_amd64.go @@ -7,7 +7,7 @@ package sha256 import ( - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140deps/cpu" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/sha256/sha256block_amd64.s b/src/crypto/internal/fips140/sha256/sha256block_amd64.s similarity index 100% rename from src/crypto/internal/fips/sha256/sha256block_amd64.s rename to src/crypto/internal/fips140/sha256/sha256block_amd64.s diff --git a/src/crypto/internal/fips/sha256/sha256block_arm64.go b/src/crypto/internal/fips140/sha256/sha256block_arm64.go similarity index 93% rename from src/crypto/internal/fips/sha256/sha256block_arm64.go rename to src/crypto/internal/fips140/sha256/sha256block_arm64.go index 3e96db0fb7..ee91b4af2c 100644 --- a/src/crypto/internal/fips/sha256/sha256block_arm64.go +++ b/src/crypto/internal/fips140/sha256/sha256block_arm64.go @@ -7,7 +7,7 @@ package sha256 import ( - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140deps/cpu" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/sha256/sha256block_arm64.s b/src/crypto/internal/fips140/sha256/sha256block_arm64.s similarity index 100% rename from src/crypto/internal/fips/sha256/sha256block_arm64.s rename to src/crypto/internal/fips140/sha256/sha256block_arm64.s diff --git a/src/crypto/internal/fips/sha256/sha256block_asm.go b/src/crypto/internal/fips140/sha256/sha256block_asm.go similarity index 100% rename from src/crypto/internal/fips/sha256/sha256block_asm.go rename to src/crypto/internal/fips140/sha256/sha256block_asm.go diff --git a/src/crypto/internal/fips/sha256/sha256block_loong64.s b/src/crypto/internal/fips140/sha256/sha256block_loong64.s similarity index 100% rename from src/crypto/internal/fips/sha256/sha256block_loong64.s rename to src/crypto/internal/fips140/sha256/sha256block_loong64.s diff --git a/src/crypto/internal/fips/sha256/sha256block_noasm.go b/src/crypto/internal/fips140/sha256/sha256block_noasm.go similarity index 100% rename from src/crypto/internal/fips/sha256/sha256block_noasm.go rename to src/crypto/internal/fips140/sha256/sha256block_noasm.go diff --git a/src/crypto/internal/fips/sha256/sha256block_ppc64x.go b/src/crypto/internal/fips140/sha256/sha256block_ppc64x.go similarity index 95% rename from src/crypto/internal/fips/sha256/sha256block_ppc64x.go rename to src/crypto/internal/fips140/sha256/sha256block_ppc64x.go index 102dc6b713..735b4fcab0 100644 --- a/src/crypto/internal/fips/sha256/sha256block_ppc64x.go +++ b/src/crypto/internal/fips140/sha256/sha256block_ppc64x.go @@ -7,7 +7,7 @@ package sha256 import ( - "crypto/internal/fipsdeps/godebug" + "crypto/internal/fips140deps/godebug" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/sha256/sha256block_ppc64x.s b/src/crypto/internal/fips140/sha256/sha256block_ppc64x.s similarity index 100% rename from src/crypto/internal/fips/sha256/sha256block_ppc64x.s rename to src/crypto/internal/fips140/sha256/sha256block_ppc64x.s diff --git a/src/crypto/internal/fips/sha256/sha256block_riscv64.s b/src/crypto/internal/fips140/sha256/sha256block_riscv64.s similarity index 100% rename from src/crypto/internal/fips/sha256/sha256block_riscv64.s rename to src/crypto/internal/fips140/sha256/sha256block_riscv64.s diff --git a/src/crypto/internal/fips/sha256/sha256block_s390x.go b/src/crypto/internal/fips140/sha256/sha256block_s390x.go similarity index 94% rename from src/crypto/internal/fips/sha256/sha256block_s390x.go rename to src/crypto/internal/fips140/sha256/sha256block_s390x.go index f99f4ccb75..503c3e4952 100644 --- a/src/crypto/internal/fips/sha256/sha256block_s390x.go +++ b/src/crypto/internal/fips140/sha256/sha256block_s390x.go @@ -7,7 +7,7 @@ package sha256 import ( - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140deps/cpu" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/sha256/sha256block_s390x.s b/src/crypto/internal/fips140/sha256/sha256block_s390x.s similarity index 100% rename from src/crypto/internal/fips/sha256/sha256block_s390x.s rename to src/crypto/internal/fips140/sha256/sha256block_s390x.s diff --git a/src/crypto/internal/fips/sha3/_asm/go.mod b/src/crypto/internal/fips140/sha3/_asm/go.mod similarity index 100% rename from src/crypto/internal/fips/sha3/_asm/go.mod rename to src/crypto/internal/fips140/sha3/_asm/go.mod diff --git a/src/crypto/internal/fips/sha3/_asm/go.sum b/src/crypto/internal/fips140/sha3/_asm/go.sum similarity index 100% rename from src/crypto/internal/fips/sha3/_asm/go.sum rename to src/crypto/internal/fips140/sha3/_asm/go.sum diff --git a/src/crypto/internal/fips/sha3/_asm/keccakf_amd64_asm.go b/src/crypto/internal/fips140/sha3/_asm/keccakf_amd64_asm.go similarity index 99% rename from src/crypto/internal/fips/sha3/_asm/keccakf_amd64_asm.go rename to src/crypto/internal/fips140/sha3/_asm/keccakf_amd64_asm.go index bdaafb72c5..02242c9a01 100644 --- a/src/crypto/internal/fips/sha3/_asm/keccakf_amd64_asm.go +++ b/src/crypto/internal/fips140/sha3/_asm/keccakf_amd64_asm.go @@ -106,7 +106,7 @@ func main() { os.Setenv("GOOS", "linux") os.Setenv("GOARCH", "amd64") - Package("crypto/internal/fips/sha3") + Package("crypto/internal/fips140/sha3") ConstraintExpr("!purego") keccakF1600() Generate() diff --git a/src/crypto/internal/fips/sha3/cast.go b/src/crypto/internal/fips140/sha3/cast.go similarity index 91% rename from src/crypto/internal/fips/sha3/cast.go rename to src/crypto/internal/fips140/sha3/cast.go index 6173f5b147..4a1ef486a2 100644 --- a/src/crypto/internal/fips/sha3/cast.go +++ b/src/crypto/internal/fips140/sha3/cast.go @@ -6,12 +6,12 @@ package sha3 import ( "bytes" - "crypto/internal/fips" + "crypto/internal/fips140" "errors" ) func init() { - fips.CAST("cSHAKE128", func() error { + fips140.CAST("cSHAKE128", func() error { input := []byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, diff --git a/src/crypto/internal/fips/sha3/hashes.go b/src/crypto/internal/fips140/sha3/hashes.go similarity index 100% rename from src/crypto/internal/fips/sha3/hashes.go rename to src/crypto/internal/fips140/sha3/hashes.go diff --git a/src/crypto/internal/fips/sha3/keccakf.go b/src/crypto/internal/fips140/sha3/keccakf.go similarity index 99% rename from src/crypto/internal/fips/sha3/keccakf.go rename to src/crypto/internal/fips140/sha3/keccakf.go index 19d697bd0f..398b125000 100644 --- a/src/crypto/internal/fips/sha3/keccakf.go +++ b/src/crypto/internal/fips140/sha3/keccakf.go @@ -5,8 +5,8 @@ package sha3 import ( - "crypto/internal/fipsdeps/byteorder" - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140deps/byteorder" + "crypto/internal/fips140deps/cpu" "math/bits" "unsafe" ) diff --git a/src/crypto/internal/fips/sha3/sha3.go b/src/crypto/internal/fips140/sha3/sha3.go similarity index 98% rename from src/crypto/internal/fips/sha3/sha3.go rename to src/crypto/internal/fips140/sha3/sha3.go index 90c8a6ac72..7513f8ef5d 100644 --- a/src/crypto/internal/fips/sha3/sha3.go +++ b/src/crypto/internal/fips140/sha3/sha3.go @@ -11,8 +11,8 @@ package sha3 import ( - "crypto/internal/fips" - "crypto/internal/fips/subtle" + "crypto/internal/fips140" + "crypto/internal/fips140/subtle" "errors" ) @@ -146,7 +146,7 @@ func (d *Digest) readGeneric(out []byte) (n int, err error) { // Sum appends the current hash to b and returns the resulting slice. // It does not change the underlying hash state. func (d *Digest) Sum(b []byte) []byte { - fips.RecordApproved() + fips140.RecordApproved() return d.sum(b) } diff --git a/src/crypto/internal/fips/sha3/sha3_amd64.go b/src/crypto/internal/fips140/sha3/sha3_amd64.go similarity index 100% rename from src/crypto/internal/fips/sha3/sha3_amd64.go rename to src/crypto/internal/fips140/sha3/sha3_amd64.go diff --git a/src/crypto/internal/fips/sha3/sha3_amd64.s b/src/crypto/internal/fips140/sha3/sha3_amd64.s similarity index 100% rename from src/crypto/internal/fips/sha3/sha3_amd64.s rename to src/crypto/internal/fips140/sha3/sha3_amd64.s diff --git a/src/crypto/internal/fips/sha3/sha3_noasm.go b/src/crypto/internal/fips140/sha3/sha3_noasm.go similarity index 100% rename from src/crypto/internal/fips/sha3/sha3_noasm.go rename to src/crypto/internal/fips140/sha3/sha3_noasm.go diff --git a/src/crypto/internal/fips/sha3/sha3_s390x.go b/src/crypto/internal/fips140/sha3/sha3_s390x.go similarity index 98% rename from src/crypto/internal/fips/sha3/sha3_s390x.go rename to src/crypto/internal/fips140/sha3/sha3_s390x.go index 5e749e3d24..0afc9b9aa1 100644 --- a/src/crypto/internal/fips/sha3/sha3_s390x.go +++ b/src/crypto/internal/fips140/sha3/sha3_s390x.go @@ -7,8 +7,8 @@ package sha3 import ( - "crypto/internal/fips/subtle" - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140/subtle" + "crypto/internal/fips140deps/cpu" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/sha3/sha3_s390x.s b/src/crypto/internal/fips140/sha3/sha3_s390x.s similarity index 100% rename from src/crypto/internal/fips/sha3/sha3_s390x.s rename to src/crypto/internal/fips140/sha3/sha3_s390x.s diff --git a/src/crypto/internal/fips/sha3/shake.go b/src/crypto/internal/fips140/sha3/shake.go similarity index 97% rename from src/crypto/internal/fips/sha3/shake.go rename to src/crypto/internal/fips140/sha3/shake.go index 6bda24e42f..fc5a60a130 100644 --- a/src/crypto/internal/fips/sha3/shake.go +++ b/src/crypto/internal/fips140/sha3/shake.go @@ -6,8 +6,8 @@ package sha3 import ( "bytes" - "crypto/internal/fips" - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140" + "crypto/internal/fips140deps/byteorder" "errors" "math/bits" ) @@ -72,7 +72,7 @@ func (s *SHAKE) Sum(in []byte) []byte { return s.d.Sum(in) } func (s *SHAKE) Write(p []byte) (n int, err error) { return s.d.Write(p) } func (s *SHAKE) Read(out []byte) (n int, err error) { - fips.RecordApproved() + fips140.RecordApproved() // Note that read is not exposed on Digest since SHA-3 does not offer // variable output length. It is only used internally by Sum. return s.d.read(out) diff --git a/src/crypto/internal/fips/sha512/_asm/go.mod b/src/crypto/internal/fips140/sha512/_asm/go.mod similarity index 100% rename from src/crypto/internal/fips/sha512/_asm/go.mod rename to src/crypto/internal/fips140/sha512/_asm/go.mod diff --git a/src/crypto/internal/fips/sha512/_asm/go.sum b/src/crypto/internal/fips140/sha512/_asm/go.sum similarity index 100% rename from src/crypto/internal/fips/sha512/_asm/go.sum rename to src/crypto/internal/fips140/sha512/_asm/go.sum diff --git a/src/crypto/internal/fips/sha512/_asm/sha512block_amd64_asm.go b/src/crypto/internal/fips140/sha512/_asm/sha512block_amd64_asm.go similarity index 99% rename from src/crypto/internal/fips/sha512/_asm/sha512block_amd64_asm.go rename to src/crypto/internal/fips140/sha512/_asm/sha512block_amd64_asm.go index 642f4a2fb2..ed7b1766bf 100644 --- a/src/crypto/internal/fips/sha512/_asm/sha512block_amd64_asm.go +++ b/src/crypto/internal/fips140/sha512/_asm/sha512block_amd64_asm.go @@ -144,7 +144,7 @@ func main() { os.Setenv("GOOS", "linux") os.Setenv("GOARCH", "amd64") - Package("crypto/internal/fips/sha512") + Package("crypto/internal/fips140/sha512") ConstraintExpr("!purego") blockAMD64() blockAVX2() diff --git a/src/crypto/internal/fips/sha512/cast.go b/src/crypto/internal/fips140/sha512/cast.go similarity index 93% rename from src/crypto/internal/fips/sha512/cast.go rename to src/crypto/internal/fips140/sha512/cast.go index 94e95667bb..6feba3de09 100644 --- a/src/crypto/internal/fips/sha512/cast.go +++ b/src/crypto/internal/fips140/sha512/cast.go @@ -6,12 +6,12 @@ package sha512 import ( "bytes" - "crypto/internal/fips" + "crypto/internal/fips140" "errors" ) func init() { - fips.CAST("SHA2-512", func() error { + fips140.CAST("SHA2-512", func() error { input := []byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, diff --git a/src/crypto/internal/fips/sha512/sha512.go b/src/crypto/internal/fips140/sha512/sha512.go similarity index 98% rename from src/crypto/internal/fips/sha512/sha512.go rename to src/crypto/internal/fips140/sha512/sha512.go index ee0bdea92a..55c90a8cd6 100644 --- a/src/crypto/internal/fips/sha512/sha512.go +++ b/src/crypto/internal/fips140/sha512/sha512.go @@ -7,8 +7,8 @@ package sha512 import ( - "crypto/internal/fips" - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140" + "crypto/internal/fips140deps/byteorder" "errors" ) @@ -252,7 +252,7 @@ func (d *Digest) Write(p []byte) (nn int, err error) { } func (d *Digest) Sum(in []byte) []byte { - fips.RecordApproved() + fips140.RecordApproved() // Make a copy of d so that caller can keep writing and summing. d0 := new(Digest) *d0 = *d diff --git a/src/crypto/internal/fips/sha512/sha512block.go b/src/crypto/internal/fips140/sha512/sha512block.go similarity index 100% rename from src/crypto/internal/fips/sha512/sha512block.go rename to src/crypto/internal/fips140/sha512/sha512block.go diff --git a/src/crypto/internal/fips/sha512/sha512block_amd64.go b/src/crypto/internal/fips140/sha512/sha512block_amd64.go similarity index 94% rename from src/crypto/internal/fips/sha512/sha512block_amd64.go rename to src/crypto/internal/fips140/sha512/sha512block_amd64.go index a633f8f604..185909ec5d 100644 --- a/src/crypto/internal/fips/sha512/sha512block_amd64.go +++ b/src/crypto/internal/fips140/sha512/sha512block_amd64.go @@ -7,7 +7,7 @@ package sha512 import ( - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140deps/cpu" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/sha512/sha512block_amd64.s b/src/crypto/internal/fips140/sha512/sha512block_amd64.s similarity index 100% rename from src/crypto/internal/fips/sha512/sha512block_amd64.s rename to src/crypto/internal/fips140/sha512/sha512block_amd64.s diff --git a/src/crypto/internal/fips/sha512/sha512block_arm64.go b/src/crypto/internal/fips140/sha512/sha512block_arm64.go similarity index 93% rename from src/crypto/internal/fips/sha512/sha512block_arm64.go rename to src/crypto/internal/fips140/sha512/sha512block_arm64.go index cf6733b862..d6a3ab06ee 100644 --- a/src/crypto/internal/fips/sha512/sha512block_arm64.go +++ b/src/crypto/internal/fips140/sha512/sha512block_arm64.go @@ -7,7 +7,7 @@ package sha512 import ( - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140deps/cpu" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/sha512/sha512block_arm64.s b/src/crypto/internal/fips140/sha512/sha512block_arm64.s similarity index 100% rename from src/crypto/internal/fips/sha512/sha512block_arm64.s rename to src/crypto/internal/fips140/sha512/sha512block_arm64.s diff --git a/src/crypto/internal/fips/sha512/sha512block_asm.go b/src/crypto/internal/fips140/sha512/sha512block_asm.go similarity index 100% rename from src/crypto/internal/fips/sha512/sha512block_asm.go rename to src/crypto/internal/fips140/sha512/sha512block_asm.go diff --git a/src/crypto/internal/fips/sha512/sha512block_loong64.s b/src/crypto/internal/fips140/sha512/sha512block_loong64.s similarity index 100% rename from src/crypto/internal/fips/sha512/sha512block_loong64.s rename to src/crypto/internal/fips140/sha512/sha512block_loong64.s diff --git a/src/crypto/internal/fips/sha512/sha512block_noasm.go b/src/crypto/internal/fips140/sha512/sha512block_noasm.go similarity index 100% rename from src/crypto/internal/fips/sha512/sha512block_noasm.go rename to src/crypto/internal/fips140/sha512/sha512block_noasm.go diff --git a/src/crypto/internal/fips/sha512/sha512block_ppc64x.go b/src/crypto/internal/fips140/sha512/sha512block_ppc64x.go similarity index 95% rename from src/crypto/internal/fips/sha512/sha512block_ppc64x.go rename to src/crypto/internal/fips140/sha512/sha512block_ppc64x.go index c0040e3b7d..e5098d3970 100644 --- a/src/crypto/internal/fips/sha512/sha512block_ppc64x.go +++ b/src/crypto/internal/fips140/sha512/sha512block_ppc64x.go @@ -7,7 +7,7 @@ package sha512 import ( - "crypto/internal/fipsdeps/godebug" + "crypto/internal/fips140deps/godebug" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/sha512/sha512block_ppc64x.s b/src/crypto/internal/fips140/sha512/sha512block_ppc64x.s similarity index 100% rename from src/crypto/internal/fips/sha512/sha512block_ppc64x.s rename to src/crypto/internal/fips140/sha512/sha512block_ppc64x.s diff --git a/src/crypto/internal/fips/sha512/sha512block_riscv64.s b/src/crypto/internal/fips140/sha512/sha512block_riscv64.s similarity index 100% rename from src/crypto/internal/fips/sha512/sha512block_riscv64.s rename to src/crypto/internal/fips140/sha512/sha512block_riscv64.s diff --git a/src/crypto/internal/fips/sha512/sha512block_s390x.go b/src/crypto/internal/fips140/sha512/sha512block_s390x.go similarity index 94% rename from src/crypto/internal/fips/sha512/sha512block_s390x.go rename to src/crypto/internal/fips140/sha512/sha512block_s390x.go index f665c57a03..175424068e 100644 --- a/src/crypto/internal/fips/sha512/sha512block_s390x.go +++ b/src/crypto/internal/fips140/sha512/sha512block_s390x.go @@ -7,7 +7,7 @@ package sha512 import ( - "crypto/internal/fipsdeps/cpu" + "crypto/internal/fips140deps/cpu" "crypto/internal/impl" ) diff --git a/src/crypto/internal/fips/sha512/sha512block_s390x.s b/src/crypto/internal/fips140/sha512/sha512block_s390x.s similarity index 100% rename from src/crypto/internal/fips/sha512/sha512block_s390x.s rename to src/crypto/internal/fips140/sha512/sha512block_s390x.s diff --git a/src/crypto/internal/fips/ssh/kdf.go b/src/crypto/internal/fips140/ssh/kdf.go similarity index 90% rename from src/crypto/internal/fips/ssh/kdf.go rename to src/crypto/internal/fips140/ssh/kdf.go index defcb7f47c..837af199c4 100644 --- a/src/crypto/internal/fips/ssh/kdf.go +++ b/src/crypto/internal/fips140/ssh/kdf.go @@ -7,8 +7,8 @@ package ssh import ( - "crypto/internal/fips" - _ "crypto/internal/fips/check" + "crypto/internal/fips140" + _ "crypto/internal/fips140/check" ) type Direction struct { @@ -24,7 +24,7 @@ func init() { ClientKeys = Direction{[]byte{'A'}, []byte{'C'}, []byte{'E'}} } -func Keys[Hash fips.Hash](hash func() Hash, d Direction, +func Keys[Hash fips140.Hash](hash func() Hash, d Direction, K, H, sessionID []byte, ivKeyLen, keyLen, macKeyLen int, ) (ivKey, key, macKey []byte) { diff --git a/src/crypto/internal/fips/subtle/constant_time.go b/src/crypto/internal/fips140/subtle/constant_time.go similarity index 100% rename from src/crypto/internal/fips/subtle/constant_time.go rename to src/crypto/internal/fips140/subtle/constant_time.go diff --git a/src/crypto/internal/fips/subtle/xor.go b/src/crypto/internal/fips140/subtle/xor.go similarity index 95% rename from src/crypto/internal/fips/subtle/xor.go rename to src/crypto/internal/fips140/subtle/xor.go index 76e8ee036d..b1e22ff36e 100644 --- a/src/crypto/internal/fips/subtle/xor.go +++ b/src/crypto/internal/fips140/subtle/xor.go @@ -4,7 +4,7 @@ package subtle -import "crypto/internal/fips/alias" +import "crypto/internal/fips140/alias" // XORBytes sets dst[i] = x[i] ^ y[i] for all i < n = min(len(x), len(y)), // returning n, the number of bytes written to dst. diff --git a/src/crypto/internal/fips/subtle/xor_amd64.go b/src/crypto/internal/fips140/subtle/xor_amd64.go similarity index 100% rename from src/crypto/internal/fips/subtle/xor_amd64.go rename to src/crypto/internal/fips140/subtle/xor_amd64.go diff --git a/src/crypto/internal/fips/subtle/xor_amd64.s b/src/crypto/internal/fips140/subtle/xor_amd64.s similarity index 100% rename from src/crypto/internal/fips/subtle/xor_amd64.s rename to src/crypto/internal/fips140/subtle/xor_amd64.s diff --git a/src/crypto/internal/fips/subtle/xor_arm64.go b/src/crypto/internal/fips140/subtle/xor_arm64.go similarity index 100% rename from src/crypto/internal/fips/subtle/xor_arm64.go rename to src/crypto/internal/fips140/subtle/xor_arm64.go diff --git a/src/crypto/internal/fips/subtle/xor_arm64.s b/src/crypto/internal/fips140/subtle/xor_arm64.s similarity index 100% rename from src/crypto/internal/fips/subtle/xor_arm64.s rename to src/crypto/internal/fips140/subtle/xor_arm64.s diff --git a/src/crypto/internal/fips/subtle/xor_generic.go b/src/crypto/internal/fips140/subtle/xor_generic.go similarity index 100% rename from src/crypto/internal/fips/subtle/xor_generic.go rename to src/crypto/internal/fips140/subtle/xor_generic.go diff --git a/src/crypto/internal/fips/subtle/xor_loong64.go b/src/crypto/internal/fips140/subtle/xor_loong64.go similarity index 100% rename from src/crypto/internal/fips/subtle/xor_loong64.go rename to src/crypto/internal/fips140/subtle/xor_loong64.go diff --git a/src/crypto/internal/fips/subtle/xor_loong64.s b/src/crypto/internal/fips140/subtle/xor_loong64.s similarity index 100% rename from src/crypto/internal/fips/subtle/xor_loong64.s rename to src/crypto/internal/fips140/subtle/xor_loong64.s diff --git a/src/crypto/internal/fips/subtle/xor_ppc64x.go b/src/crypto/internal/fips140/subtle/xor_ppc64x.go similarity index 100% rename from src/crypto/internal/fips/subtle/xor_ppc64x.go rename to src/crypto/internal/fips140/subtle/xor_ppc64x.go diff --git a/src/crypto/internal/fips/subtle/xor_ppc64x.s b/src/crypto/internal/fips140/subtle/xor_ppc64x.s similarity index 100% rename from src/crypto/internal/fips/subtle/xor_ppc64x.s rename to src/crypto/internal/fips140/subtle/xor_ppc64x.s diff --git a/src/crypto/internal/fips/tls12/cast.go b/src/crypto/internal/fips140/tls12/cast.go similarity index 86% rename from src/crypto/internal/fips/tls12/cast.go rename to src/crypto/internal/fips140/tls12/cast.go index 33cbd1514a..d77bf41335 100644 --- a/src/crypto/internal/fips/tls12/cast.go +++ b/src/crypto/internal/fips140/tls12/cast.go @@ -6,14 +6,14 @@ package tls12 import ( "bytes" - "crypto/internal/fips" - _ "crypto/internal/fips/check" - "crypto/internal/fips/sha256" + "crypto/internal/fips140" + _ "crypto/internal/fips140/check" + "crypto/internal/fips140/sha256" "errors" ) func init() { - fips.CAST("TLSv1.2-SHA2-256", func() error { + fips140.CAST("TLSv1.2-SHA2-256", func() error { input := []byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, diff --git a/src/crypto/internal/fips/tls12/tls12.go b/src/crypto/internal/fips140/tls12/tls12.go similarity index 75% rename from src/crypto/internal/fips/tls12/tls12.go rename to src/crypto/internal/fips140/tls12/tls12.go index 0a70e9d963..b07e02c85f 100644 --- a/src/crypto/internal/fips/tls12/tls12.go +++ b/src/crypto/internal/fips140/tls12/tls12.go @@ -5,15 +5,15 @@ package tls12 import ( - "crypto/internal/fips" - "crypto/internal/fips/hmac" - "crypto/internal/fips/sha256" - "crypto/internal/fips/sha512" + "crypto/internal/fips140" + "crypto/internal/fips140/hmac" + "crypto/internal/fips140/sha256" + "crypto/internal/fips140/sha512" ) // PRF implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, // Section 5 and allowed by SP 800-135, Revision 1, Section 4.2.2. -func PRF[H fips.Hash](hash func() H, secret []byte, label string, seed []byte, keyLen int) []byte { +func PRF[H fips140.Hash](hash func() H, secret []byte, label string, seed []byte, keyLen int) []byte { labelAndSeed := make([]byte, len(label)+len(seed)) copy(labelAndSeed, label) copy(labelAndSeed[len(label):], seed) @@ -24,7 +24,7 @@ func PRF[H fips.Hash](hash func() H, secret []byte, label string, seed []byte, k } // pHash implements the P_hash function, as defined in RFC 5246, Section 5. -func pHash[H fips.Hash](hash func() H, result, secret, seed []byte) { +func pHash[H fips140.Hash](hash func() H, result, secret, seed []byte) { h := hmac.New(hash, secret) h.Write(seed) a := h.Sum(nil) @@ -48,21 +48,21 @@ const extendedMasterSecretLabel = "extended master secret" // MasterSecret implements the TLS 1.2 extended master secret derivation, as // defined in RFC 7627 and allowed by SP 800-135, Revision 1, Section 4.2.2. -func MasterSecret[H fips.Hash](hash func() H, preMasterSecret, transcript []byte) []byte { +func MasterSecret[H fips140.Hash](hash func() H, preMasterSecret, transcript []byte) []byte { // "The TLS 1.2 KDF is an approved KDF when the following conditions are // satisfied: [...] (3) P_HASH uses either SHA-256, SHA-384 or SHA-512." h := hash() switch any(h).(type) { case *sha256.Digest: if h.Size() != 32 { - fips.RecordNonApproved() + fips140.RecordNonApproved() } case *sha512.Digest: if h.Size() != 46 && h.Size() != 64 { - fips.RecordNonApproved() + fips140.RecordNonApproved() } default: - fips.RecordNonApproved() + fips140.RecordNonApproved() } return PRF(hash, preMasterSecret, extendedMasterSecretLabel, transcript, masterSecretLength) diff --git a/src/crypto/internal/fips/tls13/cast.go b/src/crypto/internal/fips140/tls13/cast.go similarity index 85% rename from src/crypto/internal/fips/tls13/cast.go rename to src/crypto/internal/fips140/tls13/cast.go index 9b727afdc4..ad1fe6e460 100644 --- a/src/crypto/internal/fips/tls13/cast.go +++ b/src/crypto/internal/fips140/tls13/cast.go @@ -6,14 +6,14 @@ package tls13 import ( "bytes" - "crypto/internal/fips" - _ "crypto/internal/fips/check" - "crypto/internal/fips/sha256" + "crypto/internal/fips140" + _ "crypto/internal/fips140/check" + "crypto/internal/fips140/sha256" "errors" ) func init() { - fips.CAST("TLSv1.3-SHA2-256", func() error { + fips140.CAST("TLSv1.3-SHA2-256", func() error { input := []byte{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, diff --git a/src/crypto/internal/fips/tls13/tls13.go b/src/crypto/internal/fips140/tls13/tls13.go similarity index 83% rename from src/crypto/internal/fips/tls13/tls13.go rename to src/crypto/internal/fips140/tls13/tls13.go index b712af3670..f2c8250f3b 100644 --- a/src/crypto/internal/fips/tls13/tls13.go +++ b/src/crypto/internal/fips140/tls13/tls13.go @@ -7,9 +7,9 @@ package tls13 import ( - "crypto/internal/fips" - "crypto/internal/fips/hkdf" - "crypto/internal/fipsdeps/byteorder" + "crypto/internal/fips140" + "crypto/internal/fips140/hkdf" + "crypto/internal/fips140deps/byteorder" ) // We don't set the service indicator in this package but we delegate that to @@ -17,7 +17,7 @@ import ( // its own. // ExpandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1. -func ExpandLabel[H fips.Hash](hash func() H, secret []byte, label string, context []byte, length int) []byte { +func ExpandLabel[H fips140.Hash](hash func() H, secret []byte, label string, context []byte, length int) []byte { if len("tls13 ")+len(label) > 255 || len(context) > 255 { // It should be impossible for this to panic: labels are fixed strings, // and context is either a fixed-length computed hash, or parsed from a @@ -39,14 +39,14 @@ func ExpandLabel[H fips.Hash](hash func() H, secret []byte, label string, contex return hkdf.Expand(hash, secret, hkdfLabel, length) } -func extract[H fips.Hash](hash func() H, newSecret, currentSecret []byte) []byte { +func extract[H fips140.Hash](hash func() H, newSecret, currentSecret []byte) []byte { if newSecret == nil { newSecret = make([]byte, hash().Size()) } return hkdf.Extract(hash, newSecret, currentSecret) } -func deriveSecret[H fips.Hash](hash func() H, secret []byte, label string, transcript fips.Hash) []byte { +func deriveSecret[H fips140.Hash](hash func() H, secret []byte, label string, transcript fips140.Hash) []byte { if transcript == nil { transcript = hash() } @@ -67,13 +67,13 @@ const ( type EarlySecret struct { secret []byte - hash func() fips.Hash + hash func() fips140.Hash } -func NewEarlySecret[H fips.Hash](hash func() H, psk []byte) *EarlySecret { +func NewEarlySecret[H fips140.Hash](hash func() H, psk []byte) *EarlySecret { return &EarlySecret{ secret: extract(hash, psk, nil), - hash: func() fips.Hash { return hash() }, + hash: func() fips140.Hash { return hash() }, } } @@ -83,13 +83,13 @@ func (s *EarlySecret) ResumptionBinderKey() []byte { // ClientEarlyTrafficSecret derives the client_early_traffic_secret from the // early secret and the transcript up to the ClientHello. -func (s *EarlySecret) ClientEarlyTrafficSecret(transcript fips.Hash) []byte { +func (s *EarlySecret) ClientEarlyTrafficSecret(transcript fips140.Hash) []byte { return deriveSecret(s.hash, s.secret, clientEarlyTrafficLabel, transcript) } type HandshakeSecret struct { secret []byte - hash func() fips.Hash + hash func() fips140.Hash } func (s *EarlySecret) HandshakeSecret(sharedSecret []byte) *HandshakeSecret { @@ -102,19 +102,19 @@ func (s *EarlySecret) HandshakeSecret(sharedSecret []byte) *HandshakeSecret { // ClientHandshakeTrafficSecret derives the client_handshake_traffic_secret from // the handshake secret and the transcript up to the ServerHello. -func (s *HandshakeSecret) ClientHandshakeTrafficSecret(transcript fips.Hash) []byte { +func (s *HandshakeSecret) ClientHandshakeTrafficSecret(transcript fips140.Hash) []byte { return deriveSecret(s.hash, s.secret, clientHandshakeTrafficLabel, transcript) } // ServerHandshakeTrafficSecret derives the server_handshake_traffic_secret from // the handshake secret and the transcript up to the ServerHello. -func (s *HandshakeSecret) ServerHandshakeTrafficSecret(transcript fips.Hash) []byte { +func (s *HandshakeSecret) ServerHandshakeTrafficSecret(transcript fips140.Hash) []byte { return deriveSecret(s.hash, s.secret, serverHandshakeTrafficLabel, transcript) } type MasterSecret struct { secret []byte - hash func() fips.Hash + hash func() fips140.Hash } func (s *HandshakeSecret) MasterSecret() *MasterSecret { @@ -127,30 +127,30 @@ func (s *HandshakeSecret) MasterSecret() *MasterSecret { // ClientApplicationTrafficSecret derives the client_application_traffic_secret_0 // from the master secret and the transcript up to the server Finished. -func (s *MasterSecret) ClientApplicationTrafficSecret(transcript fips.Hash) []byte { +func (s *MasterSecret) ClientApplicationTrafficSecret(transcript fips140.Hash) []byte { return deriveSecret(s.hash, s.secret, clientApplicationTrafficLabel, transcript) } // ServerApplicationTrafficSecret derives the server_application_traffic_secret_0 // from the master secret and the transcript up to the server Finished. -func (s *MasterSecret) ServerApplicationTrafficSecret(transcript fips.Hash) []byte { +func (s *MasterSecret) ServerApplicationTrafficSecret(transcript fips140.Hash) []byte { return deriveSecret(s.hash, s.secret, serverApplicationTrafficLabel, transcript) } // ResumptionMasterSecret derives the resumption_master_secret from the master secret // and the transcript up to the client Finished. -func (s *MasterSecret) ResumptionMasterSecret(transcript fips.Hash) []byte { +func (s *MasterSecret) ResumptionMasterSecret(transcript fips140.Hash) []byte { return deriveSecret(s.hash, s.secret, resumptionLabel, transcript) } type ExporterMasterSecret struct { secret []byte - hash func() fips.Hash + hash func() fips140.Hash } // ExporterMasterSecret derives the exporter_master_secret from the master secret // and the transcript up to the server Finished. -func (s *MasterSecret) ExporterMasterSecret(transcript fips.Hash) *ExporterMasterSecret { +func (s *MasterSecret) ExporterMasterSecret(transcript fips140.Hash) *ExporterMasterSecret { return &ExporterMasterSecret{ secret: deriveSecret(s.hash, s.secret, exporterLabel, transcript), hash: s.hash, @@ -159,7 +159,7 @@ func (s *MasterSecret) ExporterMasterSecret(transcript fips.Hash) *ExporterMaste // EarlyExporterMasterSecret derives the exporter_master_secret from the early secret // and the transcript up to the ClientHello. -func (s *EarlySecret) EarlyExporterMasterSecret(transcript fips.Hash) *ExporterMasterSecret { +func (s *EarlySecret) EarlyExporterMasterSecret(transcript fips140.Hash) *ExporterMasterSecret { return &ExporterMasterSecret{ secret: deriveSecret(s.hash, s.secret, earlyExporterLabel, transcript), hash: s.hash, diff --git a/src/crypto/internal/fipsdeps/byteorder/byteorder.go b/src/crypto/internal/fips140deps/byteorder/byteorder.go similarity index 100% rename from src/crypto/internal/fipsdeps/byteorder/byteorder.go rename to src/crypto/internal/fips140deps/byteorder/byteorder.go diff --git a/src/crypto/internal/fipsdeps/cpu/cpu.go b/src/crypto/internal/fips140deps/cpu/cpu.go similarity index 100% rename from src/crypto/internal/fipsdeps/cpu/cpu.go rename to src/crypto/internal/fips140deps/cpu/cpu.go diff --git a/src/crypto/internal/fipsdeps/fipsdeps.go b/src/crypto/internal/fips140deps/fipsdeps.go similarity index 96% rename from src/crypto/internal/fipsdeps/fipsdeps.go rename to src/crypto/internal/fips140deps/fipsdeps.go index b89e095255..307144339f 100644 --- a/src/crypto/internal/fipsdeps/fipsdeps.go +++ b/src/crypto/internal/fips140deps/fipsdeps.go @@ -4,6 +4,6 @@ // Package fipsdeps contains wrapper packages for internal APIs that are exposed // to the FIPS module. Since modules are frozen upon validation and supported -// for a number of future versions, APIs exposed by crypto/internal/fipsdeps/... +// for a number of future versions, APIs exposed by crypto/internal/fips140deps/... // must not be changed until the modules that use them are no longer supported. package fipsdeps diff --git a/src/crypto/internal/fipsdeps/fipsdeps_test.go b/src/crypto/internal/fips140deps/fipsdeps_test.go similarity index 77% rename from src/crypto/internal/fipsdeps/fipsdeps_test.go rename to src/crypto/internal/fips140deps/fipsdeps_test.go index d9f6b684f8..488cc1caa5 100644 --- a/src/crypto/internal/fipsdeps/fipsdeps_test.go +++ b/src/crypto/internal/fips140deps/fipsdeps_test.go @@ -39,7 +39,7 @@ func TestImports(t *testing.T) { {{end -}} {{range .XTestImports -}} {{$path}} {{.}} -{{end -}}`, "crypto/internal/fips/...") +{{end -}}`, "crypto/internal/fips140/...") out, err := cmd.CombinedOutput() if err != nil { t.Fatalf("go list: %v\n%s", err, out) @@ -47,7 +47,7 @@ func TestImports(t *testing.T) { allPackages := make(map[string]bool) - // importCheck is the set of packages that import crypto/internal/fips/check. + // importCheck is the set of packages that import crypto/internal/fips140/check. importCheck := make(map[string]bool) for _, line := range strings.Split(string(out), "\n") { @@ -58,16 +58,16 @@ func TestImports(t *testing.T) { allPackages[pkg] = true - if importedPkg == "crypto/internal/fips/check" { + if importedPkg == "crypto/internal/fips140/check" { importCheck[pkg] = true } // Ensure we don't import any unexpected internal package from the FIPS // module, since we can't change the module source after it starts // validation. This locks in the API of otherwise internal packages. - if importedPkg == "crypto/internal/fips" || - strings.HasPrefix(importedPkg, "crypto/internal/fips/") || - strings.HasPrefix(importedPkg, "crypto/internal/fipsdeps/") { + if importedPkg == "crypto/internal/fips140" || + strings.HasPrefix(importedPkg, "crypto/internal/fips140/") || + strings.HasPrefix(importedPkg, "crypto/internal/fips140deps/") { continue } if AllowedInternalPackages[importedPkg] { @@ -81,17 +81,17 @@ func TestImports(t *testing.T) { // Ensure that all packages except check and check's dependencies import check. for pkg := range allPackages { switch pkg { - case "crypto/internal/fips/check": - case "crypto/internal/fips": - case "crypto/internal/fips/alias": - case "crypto/internal/fips/subtle": - case "crypto/internal/fips/hmac": - case "crypto/internal/fips/sha3": - case "crypto/internal/fips/sha256": - case "crypto/internal/fips/sha512": + case "crypto/internal/fips140/check": + case "crypto/internal/fips140": + case "crypto/internal/fips140/alias": + case "crypto/internal/fips140/subtle": + case "crypto/internal/fips140/hmac": + case "crypto/internal/fips140/sha3": + case "crypto/internal/fips140/sha256": + case "crypto/internal/fips140/sha512": default: if !importCheck[pkg] { - t.Errorf("package %s does not import crypto/internal/fips/check", pkg) + t.Errorf("package %s does not import crypto/internal/fips140/check", pkg) } } } diff --git a/src/crypto/internal/fipsdeps/godebug/godebug.go b/src/crypto/internal/fips140deps/godebug/godebug.go similarity index 100% rename from src/crypto/internal/fipsdeps/godebug/godebug.go rename to src/crypto/internal/fips140deps/godebug/godebug.go diff --git a/src/crypto/internal/fipstest/acvp_capabilities.json b/src/crypto/internal/fips140test/acvp_capabilities.json similarity index 100% rename from src/crypto/internal/fipstest/acvp_capabilities.json rename to src/crypto/internal/fips140test/acvp_capabilities.json diff --git a/src/crypto/internal/fipstest/acvp_test.config.json b/src/crypto/internal/fips140test/acvp_test.config.json similarity index 100% rename from src/crypto/internal/fipstest/acvp_test.config.json rename to src/crypto/internal/fips140test/acvp_test.config.json diff --git a/src/crypto/internal/fipstest/acvp_test.go b/src/crypto/internal/fips140test/acvp_test.go similarity index 92% rename from src/crypto/internal/fipstest/acvp_test.go rename to src/crypto/internal/fips140test/acvp_test.go index e59978e880..a5fa38fd60 100644 --- a/src/crypto/internal/fipstest/acvp_test.go +++ b/src/crypto/internal/fips140test/acvp_test.go @@ -22,11 +22,11 @@ import ( "bufio" "bytes" "crypto/internal/cryptotest" - "crypto/internal/fips" - "crypto/internal/fips/hmac" - "crypto/internal/fips/sha256" - "crypto/internal/fips/sha3" - "crypto/internal/fips/sha512" + "crypto/internal/fips140" + "crypto/internal/fips140/hmac" + "crypto/internal/fips140/sha256" + "crypto/internal/fips140/sha3" + "crypto/internal/fips140/sha512" _ "embed" "encoding/binary" "errors" @@ -103,16 +103,16 @@ var ( "SHA3-512": cmdHashAft(sha3.New512()), "SHA3-512/MCT": cmdSha3Mct(sha3.New512()), - "HMAC-SHA2-224": cmdHmacAft(func() fips.Hash { return sha256.New224() }), - "HMAC-SHA2-256": cmdHmacAft(func() fips.Hash { return sha256.New() }), - "HMAC-SHA2-384": cmdHmacAft(func() fips.Hash { return sha512.New384() }), - "HMAC-SHA2-512": cmdHmacAft(func() fips.Hash { return sha512.New() }), - "HMAC-SHA2-512/224": cmdHmacAft(func() fips.Hash { return sha512.New512_224() }), - "HMAC-SHA2-512/256": cmdHmacAft(func() fips.Hash { return sha512.New512_256() }), - "HMAC-SHA3-224": cmdHmacAft(func() fips.Hash { return sha3.New224() }), - "HMAC-SHA3-256": cmdHmacAft(func() fips.Hash { return sha3.New256() }), - "HMAC-SHA3-384": cmdHmacAft(func() fips.Hash { return sha3.New384() }), - "HMAC-SHA3-512": cmdHmacAft(func() fips.Hash { return sha3.New512() }), + "HMAC-SHA2-224": cmdHmacAft(func() fips140.Hash { return sha256.New224() }), + "HMAC-SHA2-256": cmdHmacAft(func() fips140.Hash { return sha256.New() }), + "HMAC-SHA2-384": cmdHmacAft(func() fips140.Hash { return sha512.New384() }), + "HMAC-SHA2-512": cmdHmacAft(func() fips140.Hash { return sha512.New() }), + "HMAC-SHA2-512/224": cmdHmacAft(func() fips140.Hash { return sha512.New512_224() }), + "HMAC-SHA2-512/256": cmdHmacAft(func() fips140.Hash { return sha512.New512_256() }), + "HMAC-SHA3-224": cmdHmacAft(func() fips140.Hash { return sha3.New224() }), + "HMAC-SHA3-256": cmdHmacAft(func() fips140.Hash { return sha3.New256() }), + "HMAC-SHA3-384": cmdHmacAft(func() fips140.Hash { return sha3.New384() }), + "HMAC-SHA3-512": cmdHmacAft(func() fips140.Hash { return sha3.New512() }), } ) @@ -239,7 +239,7 @@ func cmdGetConfig() command { // and writes the resulting digest as a response. // // See https://pages.nist.gov/ACVP/draft-celi-acvp-sha.html -func cmdHashAft(h fips.Hash) command { +func cmdHashAft(h fips140.Hash) command { return command{ requiredArgs: 1, // Message to hash. handler: func(args [][]byte) ([][]byte, error) { @@ -267,7 +267,7 @@ func cmdHashAft(h fips.Hash) command { // // [0]: https://pages.nist.gov/ACVP/draft-celi-acvp-sha.html#section-6.2 // [1]: https://boringssl.googlesource.com/boringssl/+/refs/heads/master/util/fipstools/acvp/ACVP.md#testing-other-fips-modules -func cmdHashMct(h fips.Hash) command { +func cmdHashMct(h fips140.Hash) command { return command{ requiredArgs: 1, // Seed message. handler: func(args [][]byte) ([][]byte, error) { @@ -311,7 +311,7 @@ func cmdHashMct(h fips.Hash) command { // like that handler it does not perform the outer 100 iterations. // // [0]: https://pages.nist.gov/ACVP/draft-celi-acvp-sha3.html#section-6.2.1 -func cmdSha3Mct(h fips.Hash) command { +func cmdSha3Mct(h fips140.Hash) command { return command{ requiredArgs: 1, // Seed message. handler: func(args [][]byte) ([][]byte, error) { @@ -330,7 +330,7 @@ func cmdSha3Mct(h fips.Hash) command { } } -func cmdHmacAft(h func() fips.Hash) command { +func cmdHmacAft(h func() fips140.Hash) command { return command{ requiredArgs: 2, // Message and key handler: func(args [][]byte) ([][]byte, error) { diff --git a/src/crypto/internal/fipstest/alias_test.go b/src/crypto/internal/fips140test/alias_test.go similarity index 97% rename from src/crypto/internal/fipstest/alias_test.go rename to src/crypto/internal/fips140test/alias_test.go index e3cadaa20a..e979cd9c8e 100644 --- a/src/crypto/internal/fipstest/alias_test.go +++ b/src/crypto/internal/fips140test/alias_test.go @@ -5,7 +5,7 @@ package fipstest import ( - "crypto/internal/fips/alias" + "crypto/internal/fips140/alias" "testing" ) diff --git a/src/crypto/internal/fipstest/cast_test.go b/src/crypto/internal/fips140test/cast_test.go similarity index 77% rename from src/crypto/internal/fipstest/cast_test.go rename to src/crypto/internal/fips140test/cast_test.go index b1ddd66132..0c5cc63e3f 100644 --- a/src/crypto/internal/fipstest/cast_test.go +++ b/src/crypto/internal/fips140test/cast_test.go @@ -15,29 +15,29 @@ import ( "testing" // Import packages that define CASTs to test them. - _ "crypto/internal/fips/aes" - _ "crypto/internal/fips/aes/gcm" - _ "crypto/internal/fips/drbg" - "crypto/internal/fips/ecdh" - "crypto/internal/fips/ecdsa" - "crypto/internal/fips/ed25519" - _ "crypto/internal/fips/hkdf" - _ "crypto/internal/fips/hmac" - "crypto/internal/fips/mlkem" - "crypto/internal/fips/rsa" - "crypto/internal/fips/sha256" - _ "crypto/internal/fips/sha3" - _ "crypto/internal/fips/sha512" - _ "crypto/internal/fips/tls12" - _ "crypto/internal/fips/tls13" + _ "crypto/internal/fips140/aes" + _ "crypto/internal/fips140/aes/gcm" + _ "crypto/internal/fips140/drbg" + "crypto/internal/fips140/ecdh" + "crypto/internal/fips140/ecdsa" + "crypto/internal/fips140/ed25519" + _ "crypto/internal/fips140/hkdf" + _ "crypto/internal/fips140/hmac" + "crypto/internal/fips140/mlkem" + "crypto/internal/fips140/rsa" + "crypto/internal/fips140/sha256" + _ "crypto/internal/fips140/sha3" + _ "crypto/internal/fips140/sha512" + _ "crypto/internal/fips140/tls12" + _ "crypto/internal/fips140/tls13" ) func findAllCASTs(t *testing.T) map[string]struct{} { testenv.MustHaveSource(t) - // Ask "go list" for the location of the crypto/internal/fips tree, as it + // Ask "go list" for the location of the crypto/internal/fips140 tree, as it // might be the unpacked frozen tree selected with GOFIPS140. - cmd := testenv.Command(t, testenv.GoToolPath(t), "list", "-f", `{{.Dir}}`, "crypto/internal/fips") + cmd := testenv.Command(t, testenv.GoToolPath(t), "list", "-f", `{{.Dir}}`, "crypto/internal/fips140") out, err := cmd.CombinedOutput() if err != nil { t.Fatalf("go list: %v\n%s", err, out) @@ -45,9 +45,9 @@ func findAllCASTs(t *testing.T) map[string]struct{} { fipsDir := strings.TrimSpace(string(out)) t.Logf("FIPS module directory: %s", fipsDir) - // Find all invocations of fips.CAST or fips.PCT. + // Find all invocations of fips140.CAST or fips140.PCT. allCASTs := make(map[string]struct{}) - castRe := regexp.MustCompile(`fips\.(CAST|PCT)\("([^"]+)"`) + castRe := regexp.MustCompile(`fips140\.(CAST|PCT)\("([^"]+)"`) if err := fs.WalkDir(os.DirFS(fipsDir), ".", func(path string, d fs.DirEntry, err error) error { if err != nil { return err diff --git a/src/crypto/internal/fipstest/check_test.go b/src/crypto/internal/fips140test/check_test.go similarity index 98% rename from src/crypto/internal/fipstest/check_test.go rename to src/crypto/internal/fips140test/check_test.go index c24eee629c..1c7dae4127 100644 --- a/src/crypto/internal/fipstest/check_test.go +++ b/src/crypto/internal/fips140test/check_test.go @@ -5,8 +5,8 @@ package fipstest import ( - . "crypto/internal/fips/check" - "crypto/internal/fips/check/checktest" + . "crypto/internal/fips140/check" + "crypto/internal/fips140/check/checktest" "fmt" "internal/abi" "internal/asan" diff --git a/src/crypto/internal/fipstest/cmac_test.go b/src/crypto/internal/fips140test/cmac_test.go similarity index 93% rename from src/crypto/internal/fipstest/cmac_test.go rename to src/crypto/internal/fips140test/cmac_test.go index 05e421ffe9..a8cc49400a 100644 --- a/src/crypto/internal/fipstest/cmac_test.go +++ b/src/crypto/internal/fips140test/cmac_test.go @@ -6,8 +6,8 @@ package fipstest import ( "bytes" - "crypto/internal/fips/aes" - "crypto/internal/fips/aes/gcm" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/aes/gcm" "testing" ) diff --git a/src/crypto/internal/fipstest/ctrdrbg_test.go b/src/crypto/internal/fips140test/ctrdrbg_test.go similarity index 97% rename from src/crypto/internal/fipstest/ctrdrbg_test.go rename to src/crypto/internal/fips140test/ctrdrbg_test.go index 79efb39b7d..e856a089fa 100644 --- a/src/crypto/internal/fipstest/ctrdrbg_test.go +++ b/src/crypto/internal/fips140test/ctrdrbg_test.go @@ -6,8 +6,8 @@ package fipstest import ( "bytes" - "crypto/internal/fips/drbg" - "crypto/internal/fips/subtle" + "crypto/internal/fips140/drbg" + "crypto/internal/fips140/subtle" "testing" ) diff --git a/src/crypto/internal/fipstest/edwards25519_test.go b/src/crypto/internal/fips140test/edwards25519_test.go similarity index 93% rename from src/crypto/internal/fipstest/edwards25519_test.go rename to src/crypto/internal/fips140test/edwards25519_test.go index b09a167f96..cd4a49dbcf 100644 --- a/src/crypto/internal/fipstest/edwards25519_test.go +++ b/src/crypto/internal/fips140test/edwards25519_test.go @@ -6,7 +6,7 @@ package fipstest import ( "crypto/internal/cryptotest" - . "crypto/internal/fips/edwards25519" + . "crypto/internal/fips140/edwards25519" "testing" ) diff --git a/src/crypto/internal/fipstest/fips_test.go b/src/crypto/internal/fips140test/fips_test.go similarity index 91% rename from src/crypto/internal/fipstest/fips_test.go rename to src/crypto/internal/fips140test/fips_test.go index 7390ac6969..8da5278050 100644 --- a/src/crypto/internal/fipstest/fips_test.go +++ b/src/crypto/internal/fips140test/fips_test.go @@ -3,7 +3,7 @@ // license that can be found in the LICENSE file. // Package fipstest collects external tests that would ordinarily live in -// crypto/internal/fips/... packages. That tree gets snapshot at each +// crypto/internal/fips140/... packages. That tree gets snapshot at each // validation, while we want tests to evolve and still apply to all versions of // the module. Also, we can't fix failing tests in a module snapshot, so we need // to either minimize, skip, or remove them. Finally, the module needs to avoid diff --git a/src/crypto/internal/fipstest/hkdf_test.go b/src/crypto/internal/fips140test/hkdf_test.go similarity index 97% rename from src/crypto/internal/fipstest/hkdf_test.go rename to src/crypto/internal/fips140test/hkdf_test.go index a624af33ab..9ddfe88f4f 100644 --- a/src/crypto/internal/fipstest/hkdf_test.go +++ b/src/crypto/internal/fips140test/hkdf_test.go @@ -9,8 +9,8 @@ package fipstest_test import ( "bytes" "crypto/internal/boring" - "crypto/internal/fips" - "crypto/internal/fips/hkdf" + "crypto/internal/fips140" + "crypto/internal/fips140/hkdf" "crypto/md5" "crypto/sha1" "crypto/sha256" @@ -341,23 +341,23 @@ func TestFIPSServiceIndicator(t *testing.T) { t.Skip("in BoringCrypto mode HMAC is not from the Go FIPS module") } - fips.ResetServiceIndicator() + fips140.ResetServiceIndicator() hkdf.Key(sha256.New, []byte("YELLOW SUBMARINE"), nil, nil, 32) - if !fips.ServiceIndicator() { + if !fips140.ServiceIndicator() { t.Error("FIPS service indicator should be set") } // Key too short. - fips.ResetServiceIndicator() + fips140.ResetServiceIndicator() hkdf.Key(sha256.New, []byte("key"), nil, nil, 32) - if fips.ServiceIndicator() { + if fips140.ServiceIndicator() { t.Error("FIPS service indicator should not be set") } // Salt and info are short, which is ok, but translates to a short HMAC key. - fips.ResetServiceIndicator() + fips140.ResetServiceIndicator() hkdf.Key(sha256.New, []byte("YELLOW SUBMARINE"), []byte("salt"), []byte("info"), 32) - if !fips.ServiceIndicator() { + if !fips140.ServiceIndicator() { t.Error("FIPS service indicator should be set") } } diff --git a/src/crypto/internal/fipstest/indicator_test.go b/src/crypto/internal/fips140test/indicator_test.go similarity index 52% rename from src/crypto/internal/fipstest/indicator_test.go rename to src/crypto/internal/fips140test/indicator_test.go index a193959edf..c42cf34aa5 100644 --- a/src/crypto/internal/fipstest/indicator_test.go +++ b/src/crypto/internal/fips140test/indicator_test.go @@ -5,72 +5,72 @@ package fipstest import ( - "crypto/internal/fips" + "crypto/internal/fips140" "testing" ) func TestIndicator(t *testing.T) { - fips.ResetServiceIndicator() - if fips.ServiceIndicator() { + fips140.ResetServiceIndicator() + if fips140.ServiceIndicator() { t.Error("indicator should be false if no calls are made") } - fips.ResetServiceIndicator() - fips.RecordApproved() - if !fips.ServiceIndicator() { + fips140.ResetServiceIndicator() + fips140.RecordApproved() + if !fips140.ServiceIndicator() { t.Error("indicator should be true if RecordApproved is called") } - fips.ResetServiceIndicator() - fips.RecordApproved() - fips.RecordApproved() - if !fips.ServiceIndicator() { + fips140.ResetServiceIndicator() + fips140.RecordApproved() + fips140.RecordApproved() + if !fips140.ServiceIndicator() { t.Error("indicator should be true if RecordApproved is called multiple times") } - fips.ResetServiceIndicator() - fips.RecordNonApproved() - if fips.ServiceIndicator() { + fips140.ResetServiceIndicator() + fips140.RecordNonApproved() + if fips140.ServiceIndicator() { t.Error("indicator should be false if RecordNonApproved is called") } - fips.ResetServiceIndicator() - fips.RecordApproved() - fips.RecordNonApproved() - if fips.ServiceIndicator() { + fips140.ResetServiceIndicator() + fips140.RecordApproved() + fips140.RecordNonApproved() + if fips140.ServiceIndicator() { t.Error("indicator should be false if both RecordApproved and RecordNonApproved are called") } - fips.ResetServiceIndicator() - fips.RecordNonApproved() - fips.RecordApproved() - if fips.ServiceIndicator() { + fips140.ResetServiceIndicator() + fips140.RecordNonApproved() + fips140.RecordApproved() + if fips140.ServiceIndicator() { t.Error("indicator should be false if both RecordNonApproved and RecordApproved are called") } - fips.ResetServiceIndicator() - fips.RecordNonApproved() + fips140.ResetServiceIndicator() + fips140.RecordNonApproved() done := make(chan struct{}) go func() { - fips.ResetServiceIndicator() - fips.RecordApproved() + fips140.ResetServiceIndicator() + fips140.RecordApproved() close(done) }() <-done - if fips.ServiceIndicator() { + if fips140.ServiceIndicator() { t.Error("indicator should be false if RecordApproved is called in a different goroutine") } - fips.ResetServiceIndicator() - fips.RecordApproved() + fips140.ResetServiceIndicator() + fips140.RecordApproved() done = make(chan struct{}) go func() { - fips.ResetServiceIndicator() - fips.RecordNonApproved() + fips140.ResetServiceIndicator() + fips140.RecordNonApproved() close(done) }() <-done - if !fips.ServiceIndicator() { + if !fips140.ServiceIndicator() { t.Error("indicator should be true if RecordNonApproved is called in a different goroutine") } } diff --git a/src/crypto/internal/fipstest/mlkem_test.go b/src/crypto/internal/fips140test/mlkem_test.go similarity index 99% rename from src/crypto/internal/fipstest/mlkem_test.go rename to src/crypto/internal/fips140test/mlkem_test.go index d9a43034f3..43467456f0 100644 --- a/src/crypto/internal/fipstest/mlkem_test.go +++ b/src/crypto/internal/fips140test/mlkem_test.go @@ -8,8 +8,8 @@ package fipstest_test import ( "bytes" - . "crypto/internal/fips/mlkem" - "crypto/internal/fips/sha3" + . "crypto/internal/fips140/mlkem" + "crypto/internal/fips140/sha3" "crypto/rand" _ "embed" "encoding/hex" diff --git a/src/crypto/internal/fipstest/nistec_ordinv_test.go b/src/crypto/internal/fips140test/nistec_ordinv_test.go similarity index 98% rename from src/crypto/internal/fipstest/nistec_ordinv_test.go rename to src/crypto/internal/fips140test/nistec_ordinv_test.go index 60317e0e44..5eeb3d2526 100644 --- a/src/crypto/internal/fipstest/nistec_ordinv_test.go +++ b/src/crypto/internal/fips140test/nistec_ordinv_test.go @@ -9,7 +9,7 @@ package fipstest import ( "bytes" "crypto/elliptic" - "crypto/internal/fips/nistec" + "crypto/internal/fips140/nistec" "math/big" "testing" ) diff --git a/src/crypto/internal/fipstest/nistec_test.go b/src/crypto/internal/fips140test/nistec_test.go similarity index 99% rename from src/crypto/internal/fipstest/nistec_test.go rename to src/crypto/internal/fips140test/nistec_test.go index 42c671c238..3849add700 100644 --- a/src/crypto/internal/fipstest/nistec_test.go +++ b/src/crypto/internal/fips140test/nistec_test.go @@ -8,7 +8,7 @@ import ( "bytes" "crypto/elliptic" "crypto/internal/cryptotest" - "crypto/internal/fips/nistec" + "crypto/internal/fips140/nistec" "fmt" "math/big" "math/rand" diff --git a/src/crypto/internal/fipstest/sha3_test.go b/src/crypto/internal/fips140test/sha3_test.go similarity index 99% rename from src/crypto/internal/fipstest/sha3_test.go rename to src/crypto/internal/fips140test/sha3_test.go index c9b0e2729d..2bc2a6df23 100644 --- a/src/crypto/internal/fipstest/sha3_test.go +++ b/src/crypto/internal/fips140test/sha3_test.go @@ -9,8 +9,8 @@ package fipstest_test import ( "bytes" "crypto/internal/cryptotest" - "crypto/internal/fips" - . "crypto/internal/fips/sha3" + "crypto/internal/fips140" + . "crypto/internal/fips140/sha3" "encoding" "encoding/hex" "fmt" @@ -539,7 +539,7 @@ func TestMarshalUnmarshal(t *testing.T) { } // TODO(filippo): move this to crypto/internal/cryptotest. -func testMarshalUnmarshal(t *testing.T, h fips.Hash) { +func testMarshalUnmarshal(t *testing.T, h fips140.Hash) { buf := make([]byte, 200) rand.Read(buf) n := rand.Intn(200) @@ -563,7 +563,7 @@ func testMarshalUnmarshal(t *testing.T, h fips.Hash) { } // benchmarkHash tests the speed to hash num buffers of buflen each. -func benchmarkHash(b *testing.B, h fips.Hash, size, num int) { +func benchmarkHash(b *testing.B, h fips140.Hash, size, num int) { b.StopTimer() h.Reset() data := sequentialBytes(size) diff --git a/src/crypto/internal/fipstest/sshkdf_test.go b/src/crypto/internal/fips140test/sshkdf_test.go similarity index 98% rename from src/crypto/internal/fipstest/sshkdf_test.go rename to src/crypto/internal/fips140test/sshkdf_test.go index b942ca86a2..91135205de 100644 --- a/src/crypto/internal/fipstest/sshkdf_test.go +++ b/src/crypto/internal/fips140test/sshkdf_test.go @@ -6,7 +6,7 @@ package fipstest import ( "bytes" - "crypto/internal/fips/ssh" + "crypto/internal/fips140/ssh" "crypto/sha256" "encoding/hex" "testing" diff --git a/src/crypto/internal/fipstest/xaes_test.go b/src/crypto/internal/fips140test/xaes_test.go similarity index 97% rename from src/crypto/internal/fipstest/xaes_test.go rename to src/crypto/internal/fips140test/xaes_test.go index 9e21428c97..9406bfab7b 100644 --- a/src/crypto/internal/fipstest/xaes_test.go +++ b/src/crypto/internal/fips140test/xaes_test.go @@ -7,10 +7,10 @@ package fipstest import ( "bytes" "crypto/internal/cryptotest" - "crypto/internal/fips/aes" - "crypto/internal/fips/aes/gcm" - "crypto/internal/fips/drbg" - "crypto/internal/fips/sha3" + "crypto/internal/fips140/aes" + "crypto/internal/fips140/aes/gcm" + "crypto/internal/fips140/drbg" + "crypto/internal/fips140/sha3" "encoding/hex" "runtime" "testing" diff --git a/src/crypto/internal/hpke/hpke.go b/src/crypto/internal/hpke/hpke.go index 69c1f8b2ba..0d6340cfc5 100644 --- a/src/crypto/internal/hpke/hpke.go +++ b/src/crypto/internal/hpke/hpke.go @@ -9,7 +9,7 @@ import ( "crypto/aes" "crypto/cipher" "crypto/ecdh" - "crypto/internal/fips/hkdf" + "crypto/internal/fips140/hkdf" "crypto/rand" "errors" "internal/byteorder" diff --git a/src/crypto/rand/rand.go b/src/crypto/rand/rand.go index b2dbe13fcd..5dd875e6e7 100644 --- a/src/crypto/rand/rand.go +++ b/src/crypto/rand/rand.go @@ -8,8 +8,8 @@ package rand import ( "crypto/internal/boring" - "crypto/internal/fips" - "crypto/internal/fips/drbg" + "crypto/internal/fips140" + "crypto/internal/fips140/drbg" "crypto/internal/sysrand" "io" _ "unsafe" @@ -42,7 +42,7 @@ type reader struct{} func (r *reader) Read(b []byte) (n int, err error) { boring.Unreachable() - if fips.Enabled { + if fips140.Enabled { drbg.Read(b) } else { sysrand.Read(b) diff --git a/src/crypto/rc4/rc4.go b/src/crypto/rc4/rc4.go index 4c6bab1681..19e6b8a047 100644 --- a/src/crypto/rc4/rc4.go +++ b/src/crypto/rc4/rc4.go @@ -10,7 +10,7 @@ package rc4 import ( - "crypto/internal/fips/alias" + "crypto/internal/fips140/alias" "strconv" ) diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go index ede27258eb..a08de0e75e 100644 --- a/src/crypto/rsa/fips.go +++ b/src/crypto/rsa/fips.go @@ -7,7 +7,7 @@ package rsa import ( "crypto" "crypto/internal/boring" - "crypto/internal/fips/rsa" + "crypto/internal/fips140/rsa" "errors" "hash" "io" diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go index d12313f071..b144be7662 100644 --- a/src/crypto/rsa/pkcs1v15.go +++ b/src/crypto/rsa/pkcs1v15.go @@ -6,7 +6,7 @@ package rsa import ( "crypto/internal/boring" - "crypto/internal/fips/rsa" + "crypto/internal/fips140/rsa" "crypto/internal/randutil" "crypto/subtle" "io" diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go index aeef916cd9..b888dfb41a 100644 --- a/src/crypto/rsa/pss_test.go +++ b/src/crypto/rsa/pss_test.go @@ -8,7 +8,7 @@ import ( "bufio" "compress/bzip2" "crypto" - "crypto/internal/fips" + "crypto/internal/fips140" "crypto/rand" . "crypto/rsa" "crypto/sha256" @@ -181,7 +181,7 @@ func TestPSSSigning(t *testing.T) { opts.SaltLength = test.verifySaltLength err = VerifyPSS(&rsaPrivateKey.PublicKey, hash, hashed, sig, &opts) good := test.good - if fips.Enabled { + if fips140.Enabled { good = test.fipsGood } if (err == nil) != good { diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go index 0cf05348e7..9138a993a6 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@ -28,8 +28,8 @@ import ( "crypto" "crypto/internal/boring" "crypto/internal/boring/bbig" - "crypto/internal/fips/bigmod" - "crypto/internal/fips/rsa" + "crypto/internal/fips140/bigmod" + "crypto/internal/fips140/rsa" "crypto/internal/randutil" "crypto/rand" "crypto/subtle" diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go index ce0227367c..9d084ae2de 100644 --- a/src/crypto/rsa/rsa_test.go +++ b/src/crypto/rsa/rsa_test.go @@ -9,7 +9,7 @@ import ( "bytes" "crypto" "crypto/internal/cryptotest" - "crypto/internal/fips" + "crypto/internal/fips140" "crypto/rand" . "crypto/rsa" "crypto/sha1" @@ -632,7 +632,7 @@ type testEncryptOAEPStruct struct { } func TestEncryptOAEP(t *testing.T) { - if fips.Enabled { + if fips140.Enabled { t.Skip("FIPS mode overrides the deterministic random source") } sha1 := sha1.New() diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go index d87c689c90..069938a22d 100644 --- a/src/crypto/sha256/sha256.go +++ b/src/crypto/sha256/sha256.go @@ -9,7 +9,7 @@ package sha256 import ( "crypto" "crypto/internal/boring" - "crypto/internal/fips/sha256" + "crypto/internal/fips140/sha256" "hash" ) diff --git a/src/crypto/sha512/sha512.go b/src/crypto/sha512/sha512.go index ebdde0feb1..1435eac1f5 100644 --- a/src/crypto/sha512/sha512.go +++ b/src/crypto/sha512/sha512.go @@ -13,7 +13,7 @@ package sha512 import ( "crypto" "crypto/internal/boring" - "crypto/internal/fips/sha512" + "crypto/internal/fips140/sha512" "hash" ) diff --git a/src/crypto/subtle/constant_time.go b/src/crypto/subtle/constant_time.go index a6f663ff43..22c1c64a0d 100644 --- a/src/crypto/subtle/constant_time.go +++ b/src/crypto/subtle/constant_time.go @@ -6,7 +6,7 @@ // code but require careful thought to use correctly. package subtle -import "crypto/internal/fips/subtle" +import "crypto/internal/fips140/subtle" // ConstantTimeCompare returns 1 if the two slices, x and y, have equal contents // and 0 otherwise. The time taken is a function of the length of the slices and diff --git a/src/crypto/subtle/xor.go b/src/crypto/subtle/xor.go index a1582764c2..26c1c779a6 100644 --- a/src/crypto/subtle/xor.go +++ b/src/crypto/subtle/xor.go @@ -4,7 +4,7 @@ package subtle -import "crypto/internal/fips/subtle" +import "crypto/internal/fips140/subtle" // XORBytes sets dst[i] = x[i] ^ y[i] for all i < n = min(len(x), len(y)), // returning n, the number of bytes written to dst. diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go index 1c849e3c27..9e831a983e 100644 --- a/src/crypto/tls/cipher_suites.go +++ b/src/crypto/tls/cipher_suites.go @@ -11,8 +11,8 @@ import ( "crypto/des" "crypto/hmac" "crypto/internal/boring" - fipsaes "crypto/internal/fips/aes" - "crypto/internal/fips/aes/gcm" + fipsaes "crypto/internal/fips140/aes" + "crypto/internal/fips140/aes/gcm" "crypto/rc4" "crypto/sha1" "crypto/sha256" @@ -367,7 +367,7 @@ var tdesCiphers = map[uint16]bool{ } var ( - // Keep in sync with crypto/internal/fips/aes/gcm.supportsAESGCM. + // Keep in sync with crypto/internal/fips140/aes/gcm.supportsAESGCM. hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ && cpu.X86.HasSSE41 && cpu.X86.HasSSSE3 hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCTR && cpu.S390X.HasGHASH diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go index ea9c4c50c5..3926ebd4f4 100644 --- a/src/crypto/tls/handshake_client.go +++ b/src/crypto/tls/handshake_client.go @@ -10,8 +10,8 @@ import ( "crypto" "crypto/ecdsa" "crypto/ed25519" - "crypto/internal/fips/mlkem" - "crypto/internal/fips/tls13" + "crypto/internal/fips140/mlkem" + "crypto/internal/fips140/tls13" "crypto/internal/hpke" "crypto/rsa" "crypto/subtle" diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go index 6ce83b9623..53f1665166 100644 --- a/src/crypto/tls/handshake_client_tls13.go +++ b/src/crypto/tls/handshake_client_tls13.go @@ -9,9 +9,9 @@ import ( "context" "crypto" "crypto/hmac" - "crypto/internal/fips/hkdf" - "crypto/internal/fips/mlkem" - "crypto/internal/fips/tls13" + "crypto/internal/fips140/hkdf" + "crypto/internal/fips140/mlkem" + "crypto/internal/fips140/tls13" "crypto/rsa" "crypto/subtle" "errors" diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go index aa1ffd908a..90c0320402 100644 --- a/src/crypto/tls/handshake_server_tls13.go +++ b/src/crypto/tls/handshake_server_tls13.go @@ -9,8 +9,8 @@ import ( "context" "crypto" "crypto/hmac" - "crypto/internal/fips/mlkem" - "crypto/internal/fips/tls13" + "crypto/internal/fips140/mlkem" + "crypto/internal/fips140/tls13" "crypto/rsa" "errors" "hash" diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go index 99229ea834..60527b0240 100644 --- a/src/crypto/tls/key_schedule.go +++ b/src/crypto/tls/key_schedule.go @@ -7,9 +7,9 @@ package tls import ( "crypto/ecdh" "crypto/hmac" - "crypto/internal/fips/mlkem" - "crypto/internal/fips/sha3" - "crypto/internal/fips/tls13" + "crypto/internal/fips140/mlkem" + "crypto/internal/fips140/sha3" + "crypto/internal/fips140/tls13" "errors" "hash" "io" diff --git a/src/crypto/tls/key_schedule_test.go b/src/crypto/tls/key_schedule_test.go index 0dc3601e47..f96b14c865 100644 --- a/src/crypto/tls/key_schedule_test.go +++ b/src/crypto/tls/key_schedule_test.go @@ -6,8 +6,8 @@ package tls import ( "bytes" - "crypto/internal/fips/mlkem" - "crypto/internal/fips/tls13" + "crypto/internal/fips140/mlkem" + "crypto/internal/fips140/tls13" "crypto/sha256" "encoding/hex" "strings" diff --git a/src/crypto/tls/prf.go b/src/crypto/tls/prf.go index c306ca40e6..e7369542a7 100644 --- a/src/crypto/tls/prf.go +++ b/src/crypto/tls/prf.go @@ -7,7 +7,7 @@ package tls import ( "crypto" "crypto/hmac" - "crypto/internal/fips/tls12" + "crypto/internal/fips140/tls12" "crypto/md5" "crypto/sha1" "crypto/sha256" diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go index 4d18ed0ff2..c31beec72e 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -447,46 +447,46 @@ var depsRules = ` OS < crypto/internal/sysrand < crypto/internal/entropy; - internal/byteorder < crypto/internal/fipsdeps/byteorder; - internal/cpu, internal/goarch < crypto/internal/fipsdeps/cpu; - internal/godebug < crypto/internal/fipsdeps/godebug; + internal/byteorder < crypto/internal/fips140deps/byteorder; + internal/cpu, internal/goarch < crypto/internal/fips140deps/cpu; + internal/godebug < crypto/internal/fips140deps/godebug; # FIPS is the FIPS 140 module. # It must not depend on external crypto packages. STR, crypto/internal/impl, crypto/internal/entropy, crypto/internal/randutil, - crypto/internal/fipsdeps/byteorder, - crypto/internal/fipsdeps/cpu, - crypto/internal/fipsdeps/godebug - < crypto/internal/fips - < crypto/internal/fips/alias - < crypto/internal/fips/subtle - < crypto/internal/fips/sha256 - < crypto/internal/fips/sha512 - < crypto/internal/fips/sha3 - < crypto/internal/fips/hmac - < crypto/internal/fips/check - < crypto/internal/fips/aes - < crypto/internal/fips/drbg - < crypto/internal/fips/aes/gcm - < crypto/internal/fips/hkdf - < crypto/internal/fips/mlkem - < crypto/internal/fips/ssh - < crypto/internal/fips/tls12 - < crypto/internal/fips/tls13 - < crypto/internal/fips/bigmod - < crypto/internal/fips/nistec/fiat - < crypto/internal/fips/nistec - < crypto/internal/fips/ecdh - < crypto/internal/fips/ecdsa - < crypto/internal/fips/edwards25519/field - < crypto/internal/fips/edwards25519 - < crypto/internal/fips/ed25519 - < crypto/internal/fips/rsa + crypto/internal/fips140deps/byteorder, + crypto/internal/fips140deps/cpu, + crypto/internal/fips140deps/godebug + < crypto/internal/fips140 + < crypto/internal/fips140/alias + < crypto/internal/fips140/subtle + < crypto/internal/fips140/sha256 + < crypto/internal/fips140/sha512 + < crypto/internal/fips140/sha3 + < crypto/internal/fips140/hmac + < crypto/internal/fips140/check + < crypto/internal/fips140/aes + < crypto/internal/fips140/drbg + < crypto/internal/fips140/aes/gcm + < crypto/internal/fips140/hkdf + < crypto/internal/fips140/mlkem + < crypto/internal/fips140/ssh + < crypto/internal/fips140/tls12 + < crypto/internal/fips140/tls13 + < crypto/internal/fips140/bigmod + < crypto/internal/fips140/nistec/fiat + < crypto/internal/fips140/nistec + < crypto/internal/fips140/ecdh + < crypto/internal/fips140/ecdsa + < crypto/internal/fips140/edwards25519/field + < crypto/internal/fips140/edwards25519 + < crypto/internal/fips140/ed25519 + < crypto/internal/fips140/rsa < FIPS; - FIPS < crypto/internal/fips/check/checktest; + FIPS < crypto/internal/fips140/check/checktest; NONE < crypto/internal/boring/sig, crypto/internal/boring/syso; sync/atomic < crypto/internal/boring/bcache, crypto/internal/boring/fipstls; @@ -511,7 +511,7 @@ var depsRules = ` < crypto/aes, crypto/des, crypto/hmac, crypto/md5, crypto/rc4, crypto/sha1, crypto/sha256, crypto/sha512; - crypto/boring, crypto/internal/fips/edwards25519/field + crypto/boring, crypto/internal/fips140/edwards25519/field < crypto/ecdh; # Unfortunately, stuck with reflect via encoding/binary. diff --git a/src/runtime/panic.go b/src/runtime/panic.go index 8e8ee8559a..58606e1dce 100644 --- a/src/runtime/panic.go +++ b/src/runtime/panic.go @@ -1043,7 +1043,7 @@ func sysrand_fatal(s string) { fatal(s) } -//go:linkname fips_fatal crypto/internal/fips.fatal +//go:linkname fips_fatal crypto/internal/fips140.fatal func fips_fatal(s string) { fatal(s) } diff --git a/src/runtime/runtime1.go b/src/runtime/runtime1.go index 7a092e8039..b47c589075 100644 --- a/src/runtime/runtime1.go +++ b/src/runtime/runtime1.go @@ -727,12 +727,12 @@ func reflect_addReflectOff(ptr unsafe.Pointer) int32 { return id } -//go:linkname fips_getIndicator crypto/internal/fips.getIndicator +//go:linkname fips_getIndicator crypto/internal/fips140.getIndicator func fips_getIndicator() uint8 { return getg().fipsIndicator } -//go:linkname fips_setIndicator crypto/internal/fips.setIndicator +//go:linkname fips_setIndicator crypto/internal/fips140.setIndicator func fips_setIndicator(indicator uint8) { getg().fipsIndicator = indicator } diff --git a/src/slices/slices.go b/src/slices/slices.go index 13e41ae0d8..40b4d088b0 100644 --- a/src/slices/slices.go +++ b/src/slices/slices.go @@ -449,7 +449,7 @@ func overlaps[E any](a, b []E) bool { return false } // TODO: use a runtime/unsafe facility once one becomes available. See issue 12445. - // Also see crypto/internal/fips/alias/alias.go:AnyOverlap + // Also see crypto/internal/fips140/alias/alias.go:AnyOverlap return uintptr(unsafe.Pointer(&a[0])) <= uintptr(unsafe.Pointer(&b[len(b)-1]))+(elemSize-1) && uintptr(unsafe.Pointer(&b[0])) <= uintptr(unsafe.Pointer(&a[len(a)-1]))+(elemSize-1) } -- 2.48.1