crypto/internal/fips/pbkdf2: add CAST testing

Per IG 10 3.A a module implementing PBKDF2 must perform a CAST on the derivation of a master key. This commit adds the required CAST test. The salt length (16 bytes), and output length (14 bytes) for the test are selected to meet FIPS requirements. The iteration count must be at least 2 so we use that value exactly for the fastest self-test allowable. We test all underlying prerequisite algorithms (HMAC, digest algorithms) separately. For #69536 Change-Id: Iba9e87ab89eeec1c73adc7e56016674ac8065c39 Reviewed-on: https://go-review.googlesource.com/c/go/+/623195 Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
2024-11-14 14:25:44 -05:00 · 2024-11-14 14:25:44 -05:00 · 3467a91c0b
parent 03c41d2910
commit 3467a91c0b
2 changed files with 43 additions and 1 deletions
--- a/src/crypto/internal/fips140/pbkdf2/cast.go
+++ b/src/crypto/internal/fips140/pbkdf2/cast.go
@ -0,0 +1,43 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package pbkdf2
+
+import (
+	"bytes"
+	"crypto/internal/fips140"
+	_ "crypto/internal/fips140/check"
+	"crypto/internal/fips140/sha256"
+	"errors"
+)
+
+func init() {
+	// Per IG 10.3.A:
+	//   "if the module implements an approved PBKDF (SP 800-132), the module
+	//    shall perform a CAST, at minimum, on the derivation of the Master
+	//   Key (MK) as specified in Section 5.3 of SP 800-132"
+	//   "The Iteration Count parameter does not need to be among those
+	//   supported by the module in the approved mode but shall be at least
+	//   two."
+	fips140.CAST("PBKDF2", func() error {
+		salt := []byte{
+			0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11,
+			0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+		}
+		want := []byte{
+			0xC7, 0x58, 0x76, 0xC0, 0x71, 0x1C, 0x29, 0x75,
+			0x2D, 0x3A, 0xA6, 0xDF, 0x29, 0x96,
+		}
+
+		mk, err := Key(sha256.New, "password", salt, 2, 14)
+		if err != nil {
+			return err
+		}
+		if !bytes.Equal(mk, want) {
+			return errors.New("unexpected result")
+		}
+
+		return nil
+	})
+}
--- a/src/crypto/internal/fips140/pbkdf2/pbkdf2.go
+++ b/src/crypto/internal/fips140/pbkdf2/pbkdf2.go
@ -6,7 +6,6 @@ package pbkdf2

 import (
 	"crypto/internal/fips140"
-	_ "crypto/internal/fips140/check"
 	"crypto/internal/fips140/hmac"
 )