1
0
mirror of https://github.com/golang/go synced 2024-11-23 00:00:07 -07:00
Commit Graph

61663 Commits

Author SHA1 Message Date
Filippo Valsorda
1e1c0a7ea8 crypto/ed25519: move implementation to crypto/internal/fips/ed25519
For #69536

Change-Id: Ifba3e2bcb03966f2ed576d3f88e2e09193215b4a
Reviewed-on: https://go-review.googlesource.com/c/go/+/628856
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
2024-11-19 23:03:14 +00:00
Filippo Valsorda
7eb10ca691 crypto/internal/edwards25519: move to crypto/internal/fips/edwards25519
Left most of the tests in for now as they are almost all internal and
hard to externalize.

String initialization in the FIPS module has some issues, so switched
field.TestSqrtRatio to storing decoded byte slices instead.

For #69536

Change-Id: If9e4a2bb780a37a8d102a22ffd13c5293d11a8a6
Reviewed-on: https://go-review.googlesource.com/c/go/+/628776
Reviewed-by: Russ Cox <rsc@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
2024-11-19 23:03:10 +00:00
Filippo Valsorda
7e1af3bf74 crypto/internal/fips: handle the one possible PCT failure
Since ECDSA private keys are irredeemably malleable, an application
could construct one where the public key doesn't match the private key.
They'd be very much on their own, but crashing the program feels a bit
harsh.

Add this one to the list of issues caused by exposing the ECDSA (and
RSA) key values as big.Ints.

For #69536

Change-Id: Iaa65c73d7145e74f860ca097fa9641448442fbf9
Reviewed-on: https://go-review.googlesource.com/c/go/+/628855
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 23:02:31 +00:00
Filippo Valsorda
931700a95e crypto: centralize external test module fetches
This has the important advantage of using the system GOMODCACHE when it
exists, avoiding the download on every "go test".

While at it, also consistently use testenv.Command.

Change-Id: Ic999ffa281f6da73fe601b0feba29e60982cce3d
Reviewed-on: https://go-review.googlesource.com/c/go/+/628755
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2024-11-19 23:02:28 +00:00
Filippo Valsorda
9776d028f4 crypto/ecdsa: implement deterministic and hedged signatures
For the future, some test vectors we should generate and then share
through Wycheproof or CCTV:
 - A private key with a leading zero byte.
 - A hash longer than the modulus.
 - A hash longer than the P-521 modulus by a few bits.
 - Reductions happening in hashToNat and bits2octets.

Fixes #64802

Change-Id: Ia0f89781b2c78eedd5103cf0e9720630711c37ad
Reviewed-on: https://go-review.googlesource.com/c/go/+/628681
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
2024-11-19 23:02:26 +00:00
Filippo Valsorda
5321fc265c crypto/internal/fips/ecdsa: add HMAC_DRBG
We'll use this for deterministic and hedged ECDSA.

For #69536

Change-Id: Ifb3d963a084fb4914536826250589ff8862add9f
Reviewed-on: https://go-review.googlesource.com/c/go/+/628680
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
2024-11-19 23:02:24 +00:00
Filippo Valsorda
45c6cc3020 crypto/internal/fips/ecdsa: add CAST, PCT, DRBG, and FIPS 186-5 references
The previous CL focused on moving the implementation as-is, while this
makes it FIPS-compliant.

For #69536

Change-Id: I75fa56c7e13ba20246bacf9fda4599c9f25a1c63
Reviewed-on: https://go-review.googlesource.com/c/go/+/628678
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2024-11-19 23:02:22 +00:00
Filippo Valsorda
b22c585c2a crypto/ecdsa: move s390x assembly to crypto/internal/fips/ecdsa
For #69536

Change-Id: I85088acb3da788f688f78efff39320bd517e617d
Reviewed-on: https://go-review.googlesource.com/c/go/+/628679
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2024-11-19 23:01:47 +00:00
Filippo Valsorda
03f075b56e crypto/ecdsa: move implementation to crypto/internal/fips/ecdsa
For #69536

Change-Id: I8794d75c11cdadd91e420541b26af35e62006af4
Reviewed-on: https://go-review.googlesource.com/c/go/+/628677
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 23:01:44 +00:00
Filippo Valsorda
6f5194767e crypto/internal/bigmod: move to crypto/internal/fips/bigmod
For #69536

Change-Id: Ic096282c521958083d0ba816d62d908f6fcf7dbe
Reviewed-on: https://go-review.googlesource.com/c/go/+/628676
Reviewed-by: Russ Cox <rsc@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2024-11-19 23:01:42 +00:00
Filippo Valsorda
e24eb3ab36 crypto/internal/bigmod: drop math/big dependency
If when the dust settles the Bytes and SetBytes round-trip is visible in
profiles (only plausible in RSA), then we can add a SetBits method like
in CL 511375.

Change-Id: I3e6677e849d7a3786fa7297437b119a47715225f
Reviewed-on: https://go-review.googlesource.com/c/go/+/628675
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
2024-11-19 23:01:40 +00:00
Filippo Valsorda
566cf1c108 crypto/ecdh: move implementation to crypto/internal/fips/ecdh
This intentionally gives up on the property of not computing the public
key until requested. It was nice, but it was making the code too
complex. The average use case is to call PublicKey immediately after
GenerateKey anyway.

Added support in the module for P-224, just in case we'd ever want to
support it in crypto/ecdh.

Tried various ways to fix test/fixedbugs/issue52193.go to be meaningful,
but crypto/ecdh is pretty complex and all the solutions would end up
locking in crypto/ecdh structure rather than compiler behavior. The rest
of that test is good enough on its own anyway. If we do the work in the
future of making crypto/ecdh zero-allocations using the affordances of
the compiler, we can add a more robust TestAllocations on our side.

For #69536

Change-Id: I68ac3955180cb31f6f96a0ef57604aaed88ab311
Reviewed-on: https://go-review.googlesource.com/c/go/+/628315
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 23:01:37 +00:00
Filippo Valsorda
2f35e1375e crypto/internal/nistec: move to crypto/internal/fips/nistec
For #69536

Change-Id: Id9d76aefbbe1f7c957973380c6eaeb5bfb9de967
Reviewed-on: https://go-review.googlesource.com/c/go/+/627957
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Commit-Queue: Filippo Valsorda <filippo@golang.org>
2024-11-19 23:01:35 +00:00
Filippo Valsorda
17bf224a4d crypto/internal/nistec: don't use go:embed
For #69536

Change-Id: I8ff3fdd70f540559d83abe006985bcee11ffde91
Reviewed-on: https://go-review.googlesource.com/c/go/+/628775
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2024-11-19 22:30:28 +00:00
Filippo Valsorda
8c2a04f169 crypto/internal/nistec: port cleanups and docs from p256_asm.go to purego
Change-Id: Ieaad0692f4301cc301a0dd2eadca2f2f9e96bff0
Reviewed-on: https://go-review.googlesource.com/c/go/+/627942
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
2024-11-19 22:30:19 +00:00
Filippo Valsorda
e46eefde2e crypto/internal/nistec: use precomputed P-256 generators in purego
Change-Id: I73cd2ff857512a90585b860906061b71d1c19e41
Reviewed-on: https://go-review.googlesource.com/c/go/+/627941
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 22:30:17 +00:00
Filippo Valsorda
245f9ba3c0 crypto/internal/nistec: put elements directly in point struct in purego P-256
Mostly done to make loading the affine table easier, but has a bit of
performance advantage.

goos: darwin
goarch: arm64
pkg: crypto/internal/nistec
cpu: Apple M2
                      │ edeef4a9d6  │            c85d3a55d6             │
                      │   sec/op    │   sec/op     vs base              │
ScalarMult/P256-8       98.80µ ± 1%   97.40µ ± 0%  -1.41% (p=0.002 n=6)
ScalarBaseMult/P256-8   20.69µ ± 0%   19.29µ ± 1%  -6.75% (p=0.002 n=6)

Change-Id: Iaee927650e64d0ed4cd3053f32132de8dd7d771d
Reviewed-on: https://go-review.googlesource.com/c/go/+/627940
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
2024-11-19 22:30:13 +00:00
Filippo Valsorda
e75e5246a9 crypto/internal/nistec: drop endianness swap assembly
It has negligible performance impact now that we have compiler
intrinsics, and removing it helps slightly narrow the gap between
the assembly and Go implementations.

Change-Id: Ia02807a973b567952c659bb4868632a73ff3c143
Reviewed-on: https://go-review.googlesource.com/c/go/+/627939
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 22:30:10 +00:00
Filippo Valsorda
5610e05936 crypto/internal/nistec: use mixed addition in purego ScalarBaseMult
The affine addition formula is significantly faster, and sets us up to
reuse the precomputed table from the assembly implementation.

This is an incremental step towards converging the purego and assembly
implementations, with the goal of eventually merging them.

Very proud of how the conditional AddAffine avoids the whole zero/sel
cmov dance, compared to the same logic in the assembly implementation.

Change-Id: Iab008e81869cf8c1565b938e4dd392dd4d5787fd
Reviewed-on: https://go-review.googlesource.com/c/go/+/627938
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2024-11-19 22:30:07 +00:00
Filippo Valsorda
298defcb54 crypto/internal/nistec: use Booth multiplication in purego P-256
Brings ScalarMult from 71 adds/op + 259 doubles/op to 58 adds/op + 263
doubles/op and ScalarBaseMult from 64 adds/op to 42 adds/op, matching
the assembly scalar multiplication algorithm.

Change-Id: I6603b52d1c3b2c25ace471bd36044149f6e8cfab
Reviewed-on: https://go-review.googlesource.com/c/go/+/627937
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2024-11-19 22:30:05 +00:00
Filippo Valsorda
a794fa5f69 crypto/internal/fips: wrap and lock internal dependencies
The changes below src/crypto/internal/fips/ are mechanical.

See fipsdeps.go and fipsdeps_test.go for the rationale.

For #69536

Change-Id: I292ce65237cd8d2fd87fab99814514dd0e69c4a7
Reviewed-on: https://go-review.googlesource.com/c/go/+/627956
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2024-11-19 22:29:14 +00:00
Filippo Valsorda
349d7d92bb crypto/internal/fips: move most tests to crypto/internal/fipstest
As explained in fips_test.go, we generally want to minimize tests inside
the FIPS module. When there is a relevant calling package, the tests
should go there, otherwise in fipstest.

This required redoing a bit the CAST failure tests, but the new version
is actually more robust because it will fail if a _ import is missing.

Since TestCAST doesn't print a line for each passed CAST anymore, made
GODEBUG=fips140=debug do that, in case we need to show it to the lab.

For #69536

Change-Id: I0c1b82a4e9ee39e8df9bbe95bebb0527753f51c8
Reviewed-on: https://go-review.googlesource.com/c/go/+/627955
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 22:29:12 +00:00
Paul E. Murphy
382b20a09e crypto/aes: add optimized AES-CTR for ppc64le
This should be a relatively trivial implementation for PPC64
with minor optimizations depending on GOPPC64 value.
GOPPC64=power9 showed about 5% improvement on power10.

Performance is substantially improved on power10 (compiled
with GOPPC64=power9)

          │   p10.old    │                p10.new                │
          │     B/s      │      B/s       vs base                │
AESCTR/50   632.9Mi ± 0%   1022.4Mi ± 1%   +61.54% (p=0.002 n=6)
AESCTR/1K   798.8Mi ± 0%   4327.3Mi ± 0%  +441.72% (p=0.002 n=6)
AESCTR/8K   828.8Mi ± 0%   5799.6Mi ± 0%  +599.77% (p=0.002 n=6)

And power8:

          │    p8.old    │                p8.new                 │
          │     B/s      │      B/s       vs base                │
AESCTR/50   291.6Mi ± 0%    452.4Mi ± 0%   +55.17% (p=0.002 n=6)
AESCTR/1K   380.8Mi ± 0%   2291.6Mi ± 0%  +501.71% (p=0.002 n=6)
AESCTR/8K   389.4Mi ± 0%   3028.1Mi ± 0%  +677.56% (p=0.002 n=6)

Change-Id: Icc977e0a844a5b73a47a218f33dbee54b72edf4b
Reviewed-on: https://go-review.googlesource.com/c/go/+/626176
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Archana Ravindar <aravinda@redhat.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
2024-11-19 22:07:03 +00:00
Russ Cox
e33f7c42b0 cmd/go/internal/modfetch: export new func Unzip
Add new func Unzip, which is Download (= download+unzip)
without the download. This will be used for unpacking the
FIPS module zips, which are part of the Go distribution,
not downloaded.

Change-Id: Ia04f8c376db8cb1cf27acb5567dd256afb10f410
Reviewed-on: https://go-review.googlesource.com/c/go/+/629200
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Michael Matloob <matloob@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 21:52:30 +00:00
Russ Cox
9935dd99da cmd/go: add basic GOFIPS140 support
GOFIPS140 does two things: (1) control whether to build binaries that
run in FIPS-140 mode by default, and (2) control which version of the
crypto/internal/fips source tree to use during a build.

This CL implements part (1). It recognizes the GOFIPS140 settings
"off" and "latest" and uses them to set the default GODEBUG=fips140
setting to "off" or "on" accordingly.

The documentation for GOFIPS140 is in a follow-up CL.

See cmd/go/internal/fips/fips.go for an overview.

For #70200.

Change-Id: I045f8ae0f19778a1e72a5cd2b6a7b0c88934fc30
Reviewed-on: https://go-review.googlesource.com/c/go/+/629198
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Michael Matloob <matloob@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 21:52:28 +00:00
Keith Randall
d13e6d0b08 internal/runtime/maps: hash copy of key instead of key itself
Hashing the key means we have to take the address of it. That inhibits
subsequent optimizations on the key variable.

By hashing a copy, we incur an extra store at the hash callsite, but
we no longer need a load of the key in the inner loop. It can live
in a register throughout. (Technically, it gets spilled around
the call to the hasher, but it gets restored outside the loop.)

Maybe one day we can have special hash functions that take
int64/int32/string instead of *int64/*int32/*string.

Change-Id: Iba3133f6e82328f53c0abcb5eec13ee47c4969d1
Reviewed-on: https://go-review.googlesource.com/c/go/+/629419
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
2024-11-19 21:15:55 +00:00
Keith Randall
c14fc500c7 internal/runtime/maps: assume constant elem offset with int64 and string keys
Note this doesn't work with int32 keys because alignment padding can change
the offset of the element.

Change-Id: I27804d3cfc7cc1b7f995f7e29630f0824f0ee899
Reviewed-on: https://go-review.googlesource.com/c/go/+/629418
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
2024-11-19 21:15:45 +00:00
Keith Randall
253a9933d1 internal/runtime/maps: use simpler calculation for slot element
This reduces the adds required at the return point from 3 to 1.
(The multiply inside g.elem() does get CSE'd with the one inside
g.key(), but the rest of the adds don't.)

Instead, compute the element as just a fixed offset from the key.

Change-Id: Ia4d7664efafcdca5e9daeb77d270651bb186232c
Reviewed-on: https://go-review.googlesource.com/c/go/+/629535
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
2024-11-19 21:15:38 +00:00
Paul E. Murphy
2e60747590 crypto/internal/fips/aes/gcm: skip TestAllocations on PPC64
TestAllocations is failing on PPC64 causing all PPC64 CI to fail.

Skip the test until it can be debugged.

For #70448

Change-Id: Ic18e402f4af5939a90eba2e1f2b182699013ed55
Reviewed-on: https://go-review.googlesource.com/c/go/+/629697
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
2024-11-19 20:47:33 +00:00
Filippo Valsorda
8f9a420a72 crypto/internal/fips/mlkem: implement CAST, PCT, and service indicator
For #69536

Change-Id: Id9d2f6553ab006d0d26986d22a4a756b9cf1bf71
Reviewed-on: https://go-review.googlesource.com/c/go/+/626936
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
2024-11-19 20:43:08 +00:00
Filippo Valsorda
791d9827be crypto/internal/fips: disable CASTs if FIPS mode is not enabled
Change-Id: Idabfe29e16d9ae6da7fbb078f9738bb4a7c5347b
Reviewed-on: https://go-review.googlesource.com/c/go/+/626935
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2024-11-19 20:43:05 +00:00
Filippo Valsorda
ed413f3fe0 crypto/internal/fips/mlkem: implement ML-KEM-1024
Decided to automatically duplicate the high-level code to avoid growing
the ML-KEM-768 data structures.

For #70122

Change-Id: I5c705b71ee1e23adba9113d5cf6b6e505c028967
Reviewed-on: https://go-review.googlesource.com/c/go/+/621983
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2024-11-19 20:43:01 +00:00
Tobias Klauser
e82308c198 internal/syscall/unix, os: add and use Waitid syscall wrapper on linux
Instead of open-coding the waitid syscall wrapper add it to
internal/syscall/unix. As the syscall is currently only used on Linux,
switch the implementation in os.(*Process).blockUntilWaitable to use the
128-byte unix.SiginfoChild type instead of a plain 128-byte buffer.

Also use ignoringEINTR for the waitid calls instead of open-coding it.

Change-Id: I8dc47e361faa1f5e912d5de021f119c91c9f12f5
Reviewed-on: https://go-review.googlesource.com/c/go/+/629655
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
2024-11-19 20:40:51 +00:00
Russ Cox
5fdadffe3d cmd/dist: add FIPS snapshot build tests
Check that all the FIPS zips build.

Change-Id: Iec22d9295178f95862060e57a8ac9ed657f69943
Reviewed-on: https://go-review.googlesource.com/c/go/+/629197
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
2024-11-19 19:47:16 +00:00
Russ Cox
d9de8ba83c cmd/go: make vet work with -overlay
It never worked before, an apparent oversight.
This will also make tests work, since tests run vet.

The new FIPS mode will use overlays, so this was
keeping go test from working in that mode.

Fixes #44957.

Change-Id: I3a77846b3b3f9a3a53118aaece93ee93214a36a6
Reviewed-on: https://go-review.googlesource.com/c/go/+/629199
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
2024-11-19 19:46:57 +00:00
Damien Neil
d90ce588ea internal/synctest: new package for testing concurrent code
Add an internal (for now) implementation of testing/synctest.

The synctest.Run function executes a tree of goroutines in an
isolated environment using a fake clock. The synctest.Wait function
allows a test to wait for all other goroutines within the test
to reach a blocking point.

For #67434
For #69687

Change-Id: Icb39e54c54cece96517e58ef9cfb18bf68506cfc
Reviewed-on: https://go-review.googlesource.com/c/go/+/591997
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 19:40:40 +00:00
Damien Neil
944df9a751 runtime: use indirect call in adjustSignalStack to avoid nosplit overflow
Avoids a nosplit stack overflow on OpenBSD after CL 591997
increases the adjustSignalStack stack by 16 bytes.

Change-Id: I2c990de6c7cd8d2aca6e6b98133da120c8a4174b
Reviewed-on: https://go-review.googlesource.com/c/go/+/629696
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 19:40:27 +00:00
Filippo Valsorda
7e6b38e052 crypto/internal/mlkem768: move to crypto/internal/fips/mlkem
In the process, replace out-of-module imports with their FIPS versions.

For #69536

Change-Id: I83e900b7c38ecf760382e5dca7fd0b1eaa5a5589
Reviewed-on: https://go-review.googlesource.com/c/go/+/626879
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
2024-11-19 19:25:22 +00:00
Filippo Valsorda
9854fc3e86 crypto/internal/mlkem768: add -768 suffix to all exported identifiers
In preparation for introducing ML-KEM-1024.

Aside from the constants at the top, all other changes were automated.

Change-Id: I0fafce9a776c7b0b9179be1c858709cabf60e80f
Reviewed-on: https://go-review.googlesource.com/c/go/+/621981
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 19:25:19 +00:00
Filippo Valsorda
1e733b638f crypto/internal/mlkem768: add EncapsulationKey type
Change-Id: I3feacb044caa15ac9bbfc11f5d90bebf8a505510
Reviewed-on: https://go-review.googlesource.com/c/go/+/621980
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Russ Cox <rsc@golang.org>
2024-11-19 19:25:16 +00:00
Filippo Valsorda
81fc3d2239 crypto/internal/mlkem768: remove crypto/rand.Read error checking
After #66821 crypto/rand.Read can't return an error.

Change-Id: I185063a25ef70986448f2a300e5578de17f6e61e
Reviewed-on: https://go-review.googlesource.com/c/go/+/621979
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
2024-11-19 19:25:14 +00:00
Filippo Valsorda
0568cda10a crypto/internal/mlkem768: move field implementation to its own file
Change-Id: Id2676f1fd446feda506a3f1d4fbdadffe87ecc95
Reviewed-on: https://go-review.googlesource.com/c/go/+/621978
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
2024-11-19 19:25:12 +00:00
Filippo Valsorda
ffb8b1c586 crypto/internal/mlkem768: make Decapsulate a method
This will make it easier to support multiple sizes if needed.

Change-Id: I47495559fdbbf678fd98421ad6cb28172e5c810d
Reviewed-on: https://go-review.googlesource.com/c/go/+/621977
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
2024-11-19 19:25:09 +00:00
Filippo Valsorda
9656f9296e crypto/internal/mlkem768: unexport encryptionKey.A
Change-Id: I001e48dbb476e590cd84194f386bf5ea4cc1a1b3
Reviewed-on: https://go-review.googlesource.com/c/go/+/621976
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
2024-11-19 18:50:44 +00:00
Filippo Valsorda
40e62d63a3 crypto/internal/mlkem768: update to final FIPS 203
Main changes are the domain separator in KeyGen, dropping support for
the extended decapsulation key encoding in favor of seeds (see
https://words.filippo.io/ml-kem-seeds/), and documentation changes.

Change-Id: I8773034929094b3242aa39ac6e9d007c2bc94e63
Reviewed-on: https://go-review.googlesource.com/c/go/+/621975
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 18:50:41 +00:00
Joe Tsai
99dad52816 encoding/json: check exact structure of local error types in tests
During the development of error wrapping (#29934),
the tests were modified to stop using reflect.DeepEqual
since the prototype for error wrapping at the time included
frame information of where the error was created.

However, that change diminished the fidelity of the test
so that it is no longer as strict, which affects the endeavor
to implement v1 in terms of the v2 prototype.

For locally declared error types, use reflect.DeepEqual
to check that the exact structure of the error value matches.

Change-Id: I443d418533866ab8d533bca3785fdc741e2c140e
Reviewed-on: https://go-review.googlesource.com/c/go/+/629517
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 18:48:19 +00:00
Russ Cox
4d6170427f cmd/dist: add GOFIPS140 setting
GOFIPS140 will be used to control whether to build binaries that
run in FIPS-140 mode by default, as well as which version of
crypto/internal/fips is used during a given build.
It is a target configuration variable analogous to
GOOS, GOARCH, CGO_ENABLED, and the like, so the
default value is recorded in the toolchain during make.bash.

This CL adds the GOFIPS140 setting to the build process
and records the default for use by cmd/go.

For #70200.

Change-Id: Iafcb5a4207f00fae8bcd93e0184a63c72526abea
Reviewed-on: https://go-review.googlesource.com/c/go/+/629196
Reviewed-by: Michael Matloob <matloob@golang.org>
Auto-Submit: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 18:48:15 +00:00
Russ Cox
3a28cee8fb cmd/go/internal/fsys: add Bind to add bind mounts
fsys.Bind(repl, dir) makes the virtual file system
redirect any references to dir to use repl instead.
In Plan 9 terms, it binds repl onto dir.
In Linux terms, it does a mount --bind of repl onto dir.
Or think of it as being like a symlink dir -> repl being
added to the virtual file system.

This is a separate layer from the overlay so that editors
working in the replacement directory can still apply
their own replacements within that tree, and also so
that editors working in the original dir do not have any
effect at all.

(If the binds and the overlay were in the same sorted list,
we'd have problems with keeping the relative priorities
of individual entries correct.)

Change-Id: Ibc88021cc95a3b8574efd5f37772ccb723aa8f7b
Reviewed-on: https://go-review.googlesource.com/c/go/+/628702
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Michael Matloob <matloob@golang.org>
2024-11-19 18:48:12 +00:00
Paul E. Murphy
fa52db6a3f crypto/internal/fips/aes/gcm: fix PPC64 gcm debug option logic
AES-GCM is always supported, unless the debug option explicitly
turns it off.

Change-Id: Iac17fd8429307d48daa601249a2505bcd1b1f892
Reviewed-on: https://go-review.googlesource.com/c/go/+/629695
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Archana Ravindar <aravinda@redhat.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2024-11-19 18:44:13 +00:00
Filippo Valsorda
48d260cbd9 crypto/internal/fips/aes: add CAST
For #69536

Change-Id: I6ecbe8b05f9f01afe2aa32c59fc56c9e1c6ea6b4
Reviewed-on: https://go-review.googlesource.com/c/go/+/626437
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 18:22:12 +00:00