go crypto: support ACVP testing

Proposal Details

Note: not a formal proposal since this is internal work without new exposed APIs or observable behaviour. It's primarily surfacing FIPS work for tracking purposes.

Background

Go's FIPS 140-3 validation (#69536) will require that we demonstrate that we are only using approved cryptographic algorithms. Doing so is a pre-requisite for cryptographic module verification (CMVP).

The NIST Cryptographic Algorithm Validation Program (CAVP) allows for certification of algorithm implementations via the Automated Cryptographic Validation Test Program (ACVT) using the Automated Cryptographic Validation Protocol (ACVP). The protocol specification is available online in an IETF RFC-like format.

BoringSSL acvptool

Thankfully, the BoringSSL project has already implemented and documented a pure-Go client that can both interact with the demo NIST server, and operate in an offline mode suitable for CI. It "lowers" the more complex NIST protocol into a simple request/response protocol used over stdin/stdout to speak to a forked module wrapper processes. @aglbriefly discusses its origin in a blog post.

Requirements

To meet the testing requirements Go should offer an acvptool compatible module wrapper for the Go FIPS module.

It should be implemented so that it's possible to build and test from different operating environments (OEs) and with/without processor algorithm accelerators (PAA) features.

It should be integrated into CI so that there is continual assurance that our algorithms will pass when performing live ACVP testing with the NIST test, or production servers.

Since the license in BoringSSL for new code (such as the acvp tooling) is compatible with the Go repository license, I believe we have flexibility in terms of whether we vendor the tooling and test data or use both as-is from the BoringSSL repo. The existing Go code in that repo has no external dependencies that would pose a challenge for integration here.

Sep 26 '24 16:09 cpu

cpu added the Proposal label 1 hour ago

Apologies, it wasn't clear which new issue flow to use for this issue and when I selected proposal it added this label. I think the label should be removed since it's internal work.

Advice welcome on how to handle this better in the future.

Sep 26 '24 17:09 cpu

@cpu FYI you can "Open a blank issue." at the bottom of https://github.com/golang/go/issues/new/choose

Sep 26 '24 18:09 mateusz834

Change https://go.dev/cl/615816 mentions this issue: crypto/internal: add FIPS module test wrapper

Sep 26 '24 18:09 gopherbot

CC @golang/security

Sep 30 '24 12:09 mknyszek

Change https://go.dev/cl/619755 mentions this issue: crypto/internal/fips: add PBKDF ACVP testing

Oct 11 '24 15:10 gopherbot

Change https://go.dev/cl/620935 mentions this issue: crypto/internal/fips: ECDSA ACVP test coverage

Oct 17 '24 19:10 gopherbot

Change https://go.dev/cl/621135 mentions this issue: crypto/internal/fips: add EDDSA ACVP test coverage

Oct 23 '24 13:10 gopherbot

Change https://go.dev/cl/622395 mentions this issue: crypto/internal/fips: add SHAKE-* ACVP test coverage

Oct 24 '24 17:10 gopherbot

Change https://go.dev/cl/635762 mentions this issue: crypto/internal/fips14test: add CMAC-AES ACVP tests

Dec 13 '24 19:12 gopherbot

Change https://go.dev/cl/636115 mentions this issue: crypto/internal/fips140test: add KDA HKDF ACVP tests

Dec 13 '24 21:12 gopherbot

Change https://go.dev/cl/636116 mentions this issue: crypto/internal/fips140test: add TLS-v1.2 ACVP tests

Dec 14 '24 19:12 gopherbot

Change https://go.dev/cl/636117 mentions this issue: crypto/internal/fips140test: add TLS-v1.3 ACVP tests

Dec 14 '24 19:12 gopherbot

Change https://go.dev/cl/636355 mentions this issue: crypto/internal/fips140test: add SSH KDF ACVP tests

Dec 15 '24 22:12 gopherbot

Change https://go.dev/cl/627655 mentions this issue: crypto/internal/fips140test: add AES ACVP tests

Dec 17 '24 19:12 gopherbot

Change https://go.dev/cl/637439 mentions this issue: crypto/internal/fips140test: add ML-KEM ACVP tests

Dec 18 '24 19:12 gopherbot

Change https://go.dev/cl/637916 mentions this issue: crypto/internal/fips140test: add KAS-ECC-SSC ACVP tests

Dec 19 '24 19:12 gopherbot

Change https://go.dev/cl/639775 mentions this issue: crypto/internal/fips140test: add hmac DRBG ACVP tests

Jan 02 '25 18:01 gopherbot

Change https://go.dev/cl/639795 mentions this issue: crypto/internal/fips140test: add ctr DRBG ACVP tests

Jan 02 '25 20:01 gopherbot

Change https://go.dev/cl/639776 mentions this issue: crypto/internal/fips140test: add counter KDF ACVP tests

Jan 02 '25 22:01 gopherbot

Change https://go.dev/cl/640016 mentions this issue: crypto/internal/fips140test: add feedback KDF ACVP tests

Jan 03 '25 20:01 gopherbot

Change https://go.dev/cl/642135 mentions this issue: crypto/internal/fips140test: add RSA ACVP tests

Jan 10 '25 18:01 gopherbot

Change https://go.dev/cl/644643 mentions this issue: crypto/internal/fips140test: add cSHAKE ACVP tests

Jan 27 '25 13:01 gopherbot

Change https://go.dev/cl/644641 mentions this issue: crypto/internal/fips140test: add OneStepNoCounter ACVP tests

Jan 27 '25 13:01 gopherbot

Change https://go.dev/cl/648455 mentions this issue: crypto/internal/fips140test: add cSHAKE ACVP tests

Feb 11 '25 15:02 gopherbot

Change https://go.dev/cl/648435 mentions this issue: crypto/internal/fips140test: add OneStepNoCounter ACVP tests

Feb 11 '25 15:02 gopherbot

All required ACVP support has been merged in-tree :tada:

Feb 12 '25 18:02 cpu