From c39fe18fea16d6bdbd5526a7b7d7b59e84ae0144 Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Tue, 9 Dec 2025 00:39:54 +0100 Subject: [PATCH] crypto/mlkem/mlkemtest: error out in fips140=only mode Updates #70514 Change-Id: I1d1a0b4a2c7ee4cb6e8e0700dd3463a46a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/728502 LUCI-TryBot-Result: Go LUCI Reviewed-by: Roland Shoemaker Auto-Submit: Filippo Valsorda Reviewed-by: Dmitri Shuralyov --- src/crypto/mlkem/mlkemtest/mlkemtest.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/crypto/mlkem/mlkemtest/mlkemtest.go b/src/crypto/mlkem/mlkemtest/mlkemtest.go index 39e3994ea9..40f64862bd 100644 --- a/src/crypto/mlkem/mlkemtest/mlkemtest.go +++ b/src/crypto/mlkem/mlkemtest/mlkemtest.go @@ -7,6 +7,7 @@ package mlkemtest import ( fips140mlkem "crypto/internal/fips140/mlkem" + "crypto/internal/fips140only" "crypto/mlkem" "errors" ) @@ -20,6 +21,9 @@ func Encapsulate768(ek *mlkem.EncapsulationKey768, random []byte) (sharedKey, ci if len(random) != 32 { return nil, nil, errors.New("mlkemtest: Encapsulate768: random must be 32 bytes") } + if fips140only.Enforced() { + return nil, nil, errors.New("crypto/mlkem/mlkemtest: use of derandomized encapsulation is not allowed in FIPS 140-only mode") + } k, err := fips140mlkem.NewEncapsulationKey768(ek.Bytes()) if err != nil { return nil, nil, errors.New("mlkemtest: Encapsulate768: failed to reconstruct key: " + err.Error()) @@ -37,6 +41,9 @@ func Encapsulate1024(ek *mlkem.EncapsulationKey1024, random []byte) (sharedKey, if len(random) != 32 { return nil, nil, errors.New("mlkemtest: Encapsulate1024: random must be 32 bytes") } + if fips140only.Enforced() { + return nil, nil, errors.New("crypto/mlkem/mlkemtest: use of derandomized encapsulation is not allowed in FIPS 140-only mode") + } k, err := fips140mlkem.NewEncapsulationKey1024(ek.Bytes()) if err != nil { return nil, nil, errors.New("mlkemtest: Encapsulate1024: failed to reconstruct key: " + err.Error())