mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto/internal/fips140test: add SSH KDF ACVP tests 

Adds ACVP test coverage for the SP 800-135rev1 SSH KDF based on the NIST
spec:

  https://pages.nist.gov/ACVP/draft-celi-acvp-kdf-ssh.html

Only SHA1, SHA2-224, SHA2-256, SHA2-384, and SHA2-512 are valid hash
algorithms for the SSH KDF algorithm. We do not include SHA-1 since it
is out of scope for our FIPS module.

Similarly only TDES, AES-128, AES-192 and AES-256 are valid ciphers, and
we do not include TDES.

Updates #69642

Change-Id: I70e45b77a91bd8aa631da30fab54c97e974f433c
Reviewed-on: https://go-review.googlesource.com/c/go/+/636355
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
This commit is contained in:
Daniel McCarney 2024-12-15 17:33:48 -05:00 committed by Gopher Robot
parent 072eea9b3b
commit 86aca87788
3 changed files with 46 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/crypto/internal/fips140test/acvp_capabilities.json
View File

@ -62,5 +62,6 @@
{"algorithm":"CMAC-AES","capabilities":[{"direction":["gen","ver"],"msgLen":[{"min":0,"max":524288,"increment":8}],"keyLen":[128,256],"macLen":[{"min":8,"max":128,"increment":8}]}],"revision":"1.0"},
{"algorithm":"TLS-v1.2","mode":"KDF","revision":"RFC7627","hashAlg":["SHA2-256","SHA2-384","SHA2-512"]},
{"algorithm":"TLS-v1.3","mode":"KDF","revision":"RFC8446","hmacAlg":["SHA2-256","SHA2-384"],"runningMode":["DHE","PSK","PSK-DHE"]}
{"algorithm":"TLS-v1.3","mode":"KDF","revision":"RFC8446","hmacAlg":["SHA2-256","SHA2-384"],"runningMode":["DHE","PSK","PSK-DHE"]},
{"algorithm":"kdf-components","mode":"ssh","revision":"1.0","hashAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512"],"cipher":["AES-128","AES-192","AES-256"]}
]

3
src/crypto/internal/fips140test/acvp_test.config.json
View File

@ -45,5 +45,6 @@
{"Wrapper": "go", "In": "vectors/CMAC-AES.bz2", "Out": "expected/CMAC-AES.bz2"},
{"Wrapper": "go", "In": "vectors/TLS-v1.2.bz2", "Out": "expected/TLS-v1.2.bz2"},
{"Wrapper": "go", "In": "vectors/TLS-v1.3.bz2", "Out": "expected/TLS-v1.3.bz2"}
{"Wrapper": "go", "In": "vectors/TLS-v1.3.bz2", "Out": "expected/TLS-v1.3.bz2"},
{"Wrapper": "go", "In": "vectors/kdf-components.bz2", "Out": "expected/kdf-components.bz2"}
]

43
src/crypto/internal/fips140test/acvp_test.go
View File

@ -36,6 +36,7 @@ import (
"crypto/internal/fips140/sha256"
"crypto/internal/fips140/sha3"
"crypto/internal/fips140/sha512"
"crypto/internal/fips140/ssh"
"crypto/internal/fips140/subtle"
"crypto/internal/fips140/tls12"
"crypto/internal/fips140/tls13"
@ -120,6 +121,8 @@ var (
// https://pages.nist.gov/ACVP/draft-celi-acvp-kdf-tls.html#section-7.2
// TLS 1.3 KDF algorithm capabilities:
// https://pages.nist.gov/ACVP/draft-hammett-acvp-kdf-tls-v1.3.html#section-7.2
// SSH KDF algorithm capabilities:
// https://pages.nist.gov/ACVP/draft-celi-acvp-kdf-ssh.html#section-7.2
//go:embed acvp_capabilities.json
capabilitiesJson []byte
@ -237,6 +240,17 @@ var (
"TLSKDF/1.2/SHA2-256": cmdTlsKdf12Aft(func() fips140.Hash { return sha256.New() }),
"TLSKDF/1.2/SHA2-384": cmdTlsKdf12Aft(func() fips140.Hash { return sha512.New384() }),
"TLSKDF/1.2/SHA2-512": cmdTlsKdf12Aft(func() fips140.Hash { return sha512.New() }),
// Note: only SHA2-224, SHA2-256, SHA2-384 and SHA2-512 are valid hash functions for SSHKDF.
// See https://pages.nist.gov/ACVP/draft-celi-acvp-kdf-ssh.html#section-7.2.1
"SSHKDF/SHA2-224/client": cmdSshKdfAft(func() fips140.Hash { return sha256.New224() }, ssh.ClientKeys),
"SSHKDF/SHA2-224/server": cmdSshKdfAft(func() fips140.Hash { return sha256.New224() }, ssh.ServerKeys),
"SSHKDF/SHA2-256/client": cmdSshKdfAft(func() fips140.Hash { return sha256.New() }, ssh.ClientKeys),
"SSHKDF/SHA2-256/server": cmdSshKdfAft(func() fips140.Hash { return sha256.New() }, ssh.ServerKeys),
"SSHKDF/SHA2-384/client": cmdSshKdfAft(func() fips140.Hash { return sha512.New384() }, ssh.ClientKeys),
"SSHKDF/SHA2-384/server": cmdSshKdfAft(func() fips140.Hash { return sha512.New384() }, ssh.ServerKeys),
"SSHKDF/SHA2-512/client": cmdSshKdfAft(func() fips140.Hash { return sha512.New() }, ssh.ClientKeys),
"SSHKDF/SHA2-512/server": cmdSshKdfAft(func() fips140.Hash { return sha512.New() }, ssh.ServerKeys),
}
)
@ -1372,12 +1386,39 @@ func cmdTlsKdf12Aft(h func() fips140.Hash) command {
}
}
func cmdSshKdfAft(hFunc func() fips140.Hash, direction ssh.Direction) command {
return command{
requiredArgs: 4, // K, H, SessionID, cipher
handler: func(args [][]byte) ([][]byte, error) {
k := args[0]
h := args[1]
sessionID := args[2]
cipher := string(args[3])
var keyLen int
switch cipher {
case "AES-128":
keyLen = 16
case "AES-192":
keyLen = 24
case "AES-256":
keyLen = 32
default:
return nil, fmt.Errorf("unsupported cipher: %q", cipher)
}
ivKey, encKey, intKey := ssh.Keys(hFunc, direction, k, h, sessionID, 16, keyLen, hFunc().Size())
return [][]byte{ivKey, encKey, intKey}, nil
},
}
}
func TestACVP(t *testing.T) {
testenv.SkipIfShortAndSlow(t)
const (
bsslModule = "boringssl.googlesource.com/boringssl.git"
bsslVersion = "v0.0.0-20250108043213-d3f61eeacbf7"
bsslVersion = "v0.0.0-20250116010235-21f54b2730ee"
goAcvpModule = "github.com/cpu/go-acvp"
goAcvpVersion = "v0.0.0-20250102201911-6839fc40f9f8"
)