crypto/mlkem/mlkemtest: error out in fips140=only mode

Updates #70514 Change-Id: I1d1a0b4a2c7ee4cb6e8e0700dd3463a46a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/728502 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2025-12-27 22:25:05 +00:00 · 2025-12-09 00:39:54 +01:00 · 2025-12-09 00:39:54 +01:00 · c39fe18fea
commit c39fe18fea
parent db0ab834d6
1 changed files with 7 additions and 0 deletions
--- a/src/crypto/mlkem/mlkemtest/mlkemtest.go
+++ b/src/crypto/mlkem/mlkemtest/mlkemtest.go
@ -7,6 +7,7 @@ package mlkemtest

 import (
 	fips140mlkem "crypto/internal/fips140/mlkem"
+	"crypto/internal/fips140only"
 	"crypto/mlkem"
 	"errors"
 )
@ -20,6 +21,9 @@ func Encapsulate768(ek *mlkem.EncapsulationKey768, random []byte) (sharedKey, ci
 	if len(random) != 32 {
 		return nil, nil, errors.New("mlkemtest: Encapsulate768: random must be 32 bytes")
 	}
+	if fips140only.Enforced() {
+		return nil, nil, errors.New("crypto/mlkem/mlkemtest: use of derandomized encapsulation is not allowed in FIPS 140-only mode")
+	}
 	k, err := fips140mlkem.NewEncapsulationKey768(ek.Bytes())
 	if err != nil {
 		return nil, nil, errors.New("mlkemtest: Encapsulate768: failed to reconstruct key: " + err.Error())
@ -37,6 +41,9 @@ func Encapsulate1024(ek *mlkem.EncapsulationKey1024, random []byte) (sharedKey,
 	if len(random) != 32 {
 		return nil, nil, errors.New("mlkemtest: Encapsulate1024: random must be 32 bytes")
 	}
+	if fips140only.Enforced() {
+		return nil, nil, errors.New("crypto/mlkem/mlkemtest: use of derandomized encapsulation is not allowed in FIPS 140-only mode")
+	}
 	k, err := fips140mlkem.NewEncapsulationKey1024(ek.Bytes())
 	if err != nil {
 		return nil, nil, errors.New("mlkemtest: Encapsulate1024: failed to reconstruct key: " + err.Error())