search

golang / go

The Go programming language
https://go.dev
BSD 3-Clause "New" or "Revised" License
124.1k stars 17.68k forks source link

crypto: support ACVP testing #69642

Open cpu opened 1 month ago

cpu commented 1 month ago

Proposal Details

Note: not a formal proposal since this is internal work without new exposed APIs or observable behaviour. It's primarily surfacing FIPS work for tracking purposes.

Background

Go's FIPS 140-3 validation (#69536) will require that we demonstrate that we are only using approved cryptographic algorithms. Doing so is a pre-requisite for cryptographic module verification (CMVP).

The NIST Cryptographic Algorithm Validation Program (CAVP) allows for certification of algorithm implementations via the Automated Cryptographic Validation Test Program (ACVT) using the Automated Cryptographic Validation Protocol (ACVP). The protocol specification is available online in an IETF RFC-like format.

BoringSSL acvptool

Thankfully, the BoringSSL project has already implemented and documented a pure-Go client that can both interact with the demo NIST server, and operate in an offline mode suitable for CI. It "lowers" the more complex NIST protocol into a simple request/response protocol used over stdin/stdout to speak to a forked module wrapper processes. @aglbriefly discusses its origin in a blog post.

Requirements

To meet the testing requirements Go should offer an acvptool compatible module wrapper for the Go FIPS module.

It should be implemented so that it's possible to build and test from different operating environments (OEs) and with/without processor algorithm accelerators (PAA) features.

It should be integrated into CI so that there is continual assurance that our algorithms will pass when performing live ACVP testing with the NIST test, or production servers.

Since the license in BoringSSL for new code (such as the acvp tooling) is compatible with the Go repository license, I believe we have flexibility in terms of whether we vendor the tooling and test data or use both as-is from the BoringSSL repo. The existing Go code in that repo has no external dependencies that would pose a challenge for integration here.

cpu commented 1 month ago

cpu added the Proposal label 1 hour ago

Apologies, it wasn't clear which new issue flow to use for this issue and when I selected proposal it added this label. I think the label should be removed since it's internal work.

Advice welcome on how to handle this better in the future.

mateusz834 commented 1 month ago

@cpu FYI you can "Open a blank issue." at the bottom of https://github.com/golang/go/issues/new/choose

gopherbot commented 1 month ago

Change https://go.dev/cl/615816 mentions this issue: crypto/internal: add FIPS module test wrapper

mknyszek commented 1 month ago

CC @golang/security

gopherbot commented 1 month ago

Change https://go.dev/cl/619755 mentions this issue: crypto/internal/fips: add PBKDF ACVP testing

gopherbot commented 1 month ago

Change https://go.dev/cl/620935 mentions this issue: crypto/internal/fips: ECDSA ACVP test coverage

gopherbot commented 3 weeks ago

Change https://go.dev/cl/621135 mentions this issue: crypto/internal/fips: add EDDSA ACVP test coverage

gopherbot commented 3 weeks ago

Change https://go.dev/cl/622395 mentions this issue: crypto/internal/fips: add SHAKE-* ACVP test coverage