[go] crypto/internal/fips140test: add entropy SHA2-384 testing

0 views
Skip to first unread message

Gopher Robot (Gerrit)

unread,
Oct 22, 2025, 8:59:24 PM (12 hours ago) Oct 22
to Daniel McCarney, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, David Chase, Roland Shoemaker, Go LUCI, golang-co...@googlegroups.com

Gopher Robot submitted the change

Change information

Commit message:
crypto/internal/fips140test: add entropy SHA2-384 testing

The crypto/internal/fips140/entropy package vendors a minimal
implementation of SHA2-384 to insulate it from changes in the FIPS
module implementation. This means it also requires ACVP testing separate
from the FIPS module implementation. This commit implements the
required ACVP testing support.

There's no way via the ACVP protocol, or acvptool, to specify that we
want to test a specific SHA2-384 implementation compared to normal. We
use a new environment variable (GOENTROPYSOURCEACVP=1) to make that
distinction.

The capabilities we advertise when testing the entropy SHA2-384
implementation are limited to something that best describes the
input sizes that the entropy module's implementation supports within the
requirements imposed by ACVP. We allow 144 byte messages (3*digest size)
to support MCT and in particular the "standard" MCT algorithm, and allow
1024 byte messages as the production supported message size used by the
entropy module itself.
Change-Id: I6e693a3fa23efba35d8a7d029ddf0b11036621c3
Auto-Submit: Daniel McCarney <dan...@binaryparadox.net>
Reviewed-by: David Chase <drc...@google.com>
Reviewed-by: Filippo Valsorda <fil...@golang.org>
Reviewed-by: Roland Shoemaker <rol...@golang.org>
Files:
  • A src/crypto/internal/fips140test/acvp_capabilities.entropy.json
  • M src/crypto/internal/fips140test/acvp_test.go
Change size: M
Delta: 2 files changed, 76 insertions(+), 1 deletion(-)
Branch: refs/heads/master
Submit Requirements:
  • requirement satisfiedCode-Review: +1 by David Chase, +2 by Roland Shoemaker, +2 by Filippo Valsorda
  • requirement satisfiedTryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI
Open in Gerrit
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: merged
Gerrit-Project: go
Gerrit-Branch: master
Gerrit-Change-Id: I6e693a3fa23efba35d8a7d029ddf0b11036621c3
Gerrit-Change-Number: 711740
Gerrit-PatchSet: 8
Gerrit-Owner: Daniel McCarney <dan...@binaryparadox.net>
Gerrit-Reviewer: Daniel McCarney <dan...@binaryparadox.net>
Gerrit-Reviewer: David Chase <drc...@google.com>
Gerrit-Reviewer: Filippo Valsorda <fil...@golang.org>
Gerrit-Reviewer: Gopher Robot <go...@golang.org>
Gerrit-Reviewer: Roland Shoemaker <rol...@golang.org>
open
diffy
satisfied_requirement
Reply all
Reply to author
Forward
0 new messages