crypto/internal/fips140/entropy: move to crypto/internal/entropy/v1.0.0

FiloSottile · gopherbot · commit 8539691d0c0c · 2025-10-21T07:01:54.000-07:00
The lab confirmed the that entropy source doesn't have to be inside the module boundary, although changing the entropy source of a module does require recertification. Move the v1.0.0 entropy source out of crypto/internal/fips140, to a versioned path that lets us keep multiple versions (which would be used by different modules) if we wish to. Change-Id: I6a6a69647e9dfca1c375650a0869bdc001d65173 Reviewed-on: https://go-review.googlesource.com/c/go/+/710057 Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
diff --git a/src/crypto/internal/entropy/entropy.go b/src/crypto/internal/entropy/entropy.go
@@ -4,8 +4,10 @@
 
 // Package entropy provides the passive entropy source for the FIPS 140-3
 // module. It is only used in FIPS mode by [crypto/internal/fips140/drbg.Read]
-// from the FIPS 140-3 Go Cryptographic Module v1.0.0. Later versions of the
-// module have an internal CPU jitter-based entropy source.
+// from the FIPS 140-3 Go Cryptographic Module v1.0.0.
+//
+// Later versions of the module use the CPU jitter-based entropy source in the
+// crypto/internal/entropy/v1.0.0 sub-package.
 //
 // This complied with IG 9.3.A, Additional Comment 12, which until January 1,
 // 2026 allows new modules to meet an [earlier version] of Resolution 2(b):
diff --git a/src/crypto/internal/entropy/v1.0.0/entropy.go b/src/crypto/internal/entropy/v1.0.0/entropy.go
diff --git a/src/crypto/internal/entropy/v1.0.0/sha384.go b/src/crypto/internal/entropy/v1.0.0/sha384.go
diff --git a/src/crypto/internal/fips140/drbg/rand.go b/src/crypto/internal/fips140/drbg/rand.go
@@ -9,8 +9,8 @@
 package drbg
 
 import (
+	entropy "crypto/internal/entropy/v1.0.0"
 	"crypto/internal/fips140"
-	"crypto/internal/fips140/entropy"
 	"crypto/internal/randutil"
 	"crypto/internal/sysrand"
 	"io"
diff --git a/src/crypto/internal/fips140deps/fipsdeps_test.go b/src/crypto/internal/fips140deps/fipsdeps_test.go
@@ -16,10 +16,11 @@ import (
 //
 // DO NOT add new packages here just to make the tests pass.
 var AllowedInternalPackages = map[string]bool{
-	// entropy.Depleted is the external passive entropy source, and sysrand.Read
+	// entropy.Depleted/Seed is the entropy source, and sysrand.Read
 	// is the actual (but uncredited!) random bytes source.
-	"crypto/internal/entropy": true,
-	"crypto/internal/sysrand": true,
+	"crypto/internal/entropy":        true,
+	"crypto/internal/entropy/v1.0.0": true,
+	"crypto/internal/sysrand":        true,
 
 	// impl.Register is how the packages expose their alternative
 	// implementations to tests outside the module.
@@ -88,8 +89,7 @@ func TestImports(t *testing.T) {
 		}
 	}
 
-	// Ensure that all packages except check, check's dependencies, and the
-	// entropy source (which is used only from .../fips140/drbg) import check.
+	// Ensure that all packages except check and check's dependencies import check.
 	for pkg := range allPackages {
 		switch pkg {
 		case "crypto/internal/fips140/check":
@@ -100,7 +100,6 @@ func TestImports(t *testing.T) {
 		case "crypto/internal/fips140/sha3":
 		case "crypto/internal/fips140/sha256":
 		case "crypto/internal/fips140/sha512":
-		case "crypto/internal/fips140/entropy":
 		default:
 			if !importCheck[pkg] {
 				t.Errorf("package %s does not import crypto/internal/fips140/check", pkg)
diff --git a/src/crypto/internal/fips140test/entropy_test.go b/src/crypto/internal/fips140test/entropy_test.go
@@ -9,8 +9,8 @@ package fipstest
 import (
 	"bytes"
 	"crypto/internal/cryptotest"
+	entropy "crypto/internal/entropy/v1.0.0"
 	"crypto/internal/fips140/drbg"
-	"crypto/internal/fips140/entropy"
 	"crypto/rand"
 	"crypto/sha256"
 	"crypto/sha512"
@@ -217,7 +217,7 @@ func TestEntropyUnchanged(t *testing.T) {
 	testenv.MustHaveSource(t)
 
 	h := sha256.New()
-	root := os.DirFS("../fips140/entropy")
+	root := os.DirFS("../entropy/v1.0.0")
 	if err := fs.WalkDir(root, ".", func(path string, d fs.DirEntry, err error) error {
 		if err != nil {
 			return err
@@ -237,13 +237,13 @@ func TestEntropyUnchanged(t *testing.T) {
 		t.Fatalf("WalkDir: %v", err)
 	}
 
-	// The crypto/internal/fips140/entropy package is certified as a FIPS 140-3
+	// The crypto/internal/entropy/v1.0.0 package is certified as a FIPS 140-3
 	// entropy source through the Entropy Source Validation program,
 	// independently of the FIPS 140-3 module. It must not change even across
 	// FIPS 140-3 module versions, in order to reuse the ESV certificate.
 	exp := "2541273241ae8aafe55026328354ed3799df1e2fb308b2097833203a42911b53"
 	if got := hex.EncodeToString(h.Sum(nil)); got != exp {
-		t.Errorf("hash of crypto/internal/fips140/entropy = %s, want %s", got, exp)
+		t.Errorf("hash of crypto/internal/entropy/v1.0.0 = %s, want %s", got, exp)
 	}
 }
 
diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
@@ -490,13 +490,13 @@ var depsRules = `
 	time, internal/syscall/windows < crypto/internal/fips140deps/time;
 
 	crypto/internal/fips140deps/time, errors, math/bits, sync/atomic, unsafe
-	< crypto/internal/fips140/entropy;
+	< crypto/internal/entropy/v1.0.0;
 
 	STR, hash,
 	crypto/internal/impl,
 	crypto/internal/entropy,
 	crypto/internal/randutil,
-	crypto/internal/fips140/entropy,
+	crypto/internal/entropy/v1.0.0,
 	crypto/internal/fips140deps/byteorder,
 	crypto/internal/fips140deps/cpu,
 	crypto/internal/fips140deps/godebug
