From 37b752bb238d35db5640efcc89ae6e61eaedc2da Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Mon, 8 Jun 2026 09:43:28 -0400 Subject: [PATCH] WIP --- noiseutil/fips140.go | 14 +++++--------- noiseutil/fips140_test.go | 13 +++++-------- noiseutil/notboring.go | 8 ++++---- 3 files changed, 14 insertions(+), 21 deletions(-) diff --git a/noiseutil/fips140.go b/noiseutil/fips140.go index 14ea03ce..5793844e 100644 --- a/noiseutil/fips140.go +++ b/noiseutil/fips140.go @@ -1,5 +1,3 @@ -//go:build fips140v1.0 || fips140v1.26 - package noiseutil import ( @@ -12,17 +10,12 @@ import ( "github.com/flynn/noise" ) -// EncryptLockNeeded indicates if calls to Encrypt need a lock -// This is true for fips140 because the Seal function verifies that the -// nonce is strictly increasing. -const EncryptLockNeeded = true - // TODO: Use NewGCMWithCounterNonce once available: // - https://github.com/golang/go/issues/73110 // Using tls.aeadAESGCM gives us the TLS 1.2 GCM, which also verifies // that the nonce is strictly increasing. // -//go:linkname aeadAESGCM crypto/tls.aeadAESGCM +//go:linkname aeadAESGCM crypto/tls.aeadAESGCMTLS13 func aeadAESGCM(key, noncePrefix []byte) cipher.AEAD type cipherFn struct { @@ -37,10 +30,13 @@ func (c cipherFn) CipherName() string { return c.name } var CipherAESGCM noise.CipherFunc = cipherFn{cipherAESGCMFIPS140, "AESGCM"} // tls.aeadAESGCM uses a 4 byte static prefix and an 8 byte nonce -var emptyPrefix = []byte{0, 0, 0, 0} +var emptyPrefix = []byte{0, 0, 0, 0, + 0, 0, 0, 0, + 0, 0, 0, 0} func cipherAESGCMFIPS140(k [32]byte) noise.Cipher { gcm := aeadAESGCM(k[:], emptyPrefix) + gcm.Seal([]byte{}, []byte{0, 0, 0, 0, 0, 0, 0, 0}, []byte{}, []byte{}) return aeadCipher{ gcm, func(n uint64) []byte { diff --git a/noiseutil/fips140_test.go b/noiseutil/fips140_test.go index 8bd2056a..ba2606f7 100644 --- a/noiseutil/fips140_test.go +++ b/noiseutil/fips140_test.go @@ -1,5 +1,3 @@ -//go:build fips140v1.0 || fips140v1.26 - package noiseutil import ( @@ -11,16 +9,15 @@ import ( "github.com/stretchr/testify/assert" ) -func TestEncryptLockNeeded(t *testing.T) { - assert.True(t, EncryptLockNeeded) -} - // Ensure NewAESGCM validates the nonce is non-repeating func TestNewAESGCM(t *testing.T) { - assert.True(t, fips140.Enabled()) + if !fips140.Enabled() { + t.Skip() + return + } key, _ := hex.DecodeString("feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308") - iv, _ := hex.DecodeString("00000000facedbaddecaf888") + iv, _ := hex.DecodeString("facedbaddecaf888") plaintext, _ := hex.DecodeString("d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39") aad, _ := hex.DecodeString("feedfacedeadbeeffeedfacedeadbeefabaddad2") expected, _ := hex.DecodeString("72ce2ea385f88c20d856e9d1248c2ca08562bbe8a61459ffae06ec393540518e9b6b4c40a146053f26a3df83c5384a48d273148b15aba64d970107432b2892741359275676441c1572c3fa9e") diff --git a/noiseutil/notboring.go b/noiseutil/notboring.go index 24a94d19..d12450c8 100644 --- a/noiseutil/notboring.go +++ b/noiseutil/notboring.go @@ -1,13 +1,13 @@ -//go:build !boringcrypto && !fips140v1.0 && !fips140v1.26 +//go:build !boringcrypto package noiseutil import ( - "github.com/flynn/noise" + "crypto/fips140" ) // EncryptLockNeeded indicates if calls to Encrypt need a lock -const EncryptLockNeeded = false +var EncryptLockNeeded = fips140.Enabled() // CipherAESGCM is the standard noise.CipherAESGCM when boringcrypto is not enabled -var CipherAESGCM noise.CipherFunc = noise.CipherAESGCM +// var CipherAESGCM noise.CipherFunc = noise.CipherAESGCM