crypto/internal/fips: import crypto/internal/fips/check throughout

The module must do the integrity self-check before any other operation
in FIPS mode.

For #69536

Change-Id: I8db52ea94e867812008a6e7a86ca2c648a0018c6
Reviewed-on: https://go-review.googlesource.com/c/go/+/629056
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
Auto-Submit: Filippo Valsorda <[email protected]>
Reviewed-by: Russ Cox <[email protected]>

Author: FiloSottile

src/crypto/internal/fips/aes/cast.go

@@ -7,6 +7,7 @@ package aes
 import (
 	"bytes"
 	"crypto/internal/fips"
+	_ "crypto/internal/fips/check"
 	"errors"
 )
 

src/crypto/internal/fips/aes/gcm/cast.go

@@ -7,6 +7,7 @@ package gcm
 import (
 	"crypto/internal/fips"
 	"crypto/internal/fips/aes"
+	_ "crypto/internal/fips/check"
 	"errors"
 )
 

src/crypto/internal/fips/bigmod/nat.go

@@ -5,6 +5,7 @@
 package bigmod
 
 import (
+	_ "crypto/internal/fips/check"
 	"crypto/internal/fipsdeps/byteorder"
 	"errors"
 	"math/bits"

src/crypto/internal/fips/drbg/cast.go

@@ -7,6 +7,7 @@ package drbg
 import (
 	"bytes"
 	"crypto/internal/fips"
+	_ "crypto/internal/fips/check"
 	"errors"
 )
 

src/crypto/internal/fips/ecdh/cast.go

@@ -7,6 +7,7 @@ package ecdh
 import (
 	"bytes"
 	"crypto/internal/fips"
+	_ "crypto/internal/fips/check"
 	"crypto/internal/fips/nistec"
 	"errors"
 	"sync"

src/crypto/internal/fips/ecdsa/cast.go

@@ -7,6 +7,7 @@ package ecdsa
 import (
 	"bytes"
 	"crypto/internal/fips"
+	_ "crypto/internal/fips/check"
 	"crypto/internal/fips/sha512"
 	"errors"
 	"sync"

src/crypto/internal/fips/ed25519/cast.go

@@ -7,6 +7,7 @@ package ed25519
 import (
 	"bytes"
 	"crypto/internal/fips"
+	_ "crypto/internal/fips/check"
 	"errors"
 	"sync"
 )

src/crypto/internal/fips/edwards25519/edwards25519.go

@@ -5,6 +5,7 @@
 package edwards25519
 
 import (
+	_ "crypto/internal/fips/check"
 	"crypto/internal/fips/edwards25519/field"
 	"errors"
 )

src/crypto/internal/fips/edwards25519/field/fe.go

@@ -6,6 +6,7 @@
 package field
 
 import (
+	_ "crypto/internal/fips/check"
 	"crypto/internal/fips/subtle"
 	"crypto/internal/fipsdeps/byteorder"
 	"errors"

src/crypto/internal/fips/hkdf/cast.go

@@ -7,6 +7,7 @@ package hkdf
 import (
 	"bytes"
 	"crypto/internal/fips"
+	_ "crypto/internal/fips/check"
 	"crypto/internal/fips/sha256"
 	"errors"
 )

src/crypto/internal/fips/mlkem/cast.go

@@ -7,6 +7,7 @@ package mlkem
 import (
 	"bytes"
 	"crypto/internal/fips"
+	_ "crypto/internal/fips/check"
 	"errors"
 )
 

src/crypto/internal/fips/nistec/fiat/cast.go

@@ -0,0 +1,7 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fiat
+
+import _ "crypto/internal/fips/check"

src/crypto/internal/fips/nistec/nistec.go

@@ -12,4 +12,6 @@
 // can't be represented.
 package nistec
 
+import _ "crypto/internal/fips/check"
+
 //go:generate go run generate.go

src/crypto/internal/fips/ssh/kdf.go

@@ -6,7 +6,10 @@
 // Section 7.2 and allowed by SP 800-135 Revision 1.
 package ssh
 
-import "crypto/internal/fips"
+import (
+	"crypto/internal/fips"
+	_ "crypto/internal/fips/check"
+)
 
 type Direction struct {
 	ivTag     []byte

src/crypto/internal/fips/tls12/cast.go

@@ -7,6 +7,7 @@ package tls12
 import (
 	"bytes"
 	"crypto/internal/fips"
+	_ "crypto/internal/fips/check"
 	"crypto/internal/fips/sha256"
 	"errors"
 )

src/crypto/internal/fips/tls13/cast.go

@@ -7,6 +7,7 @@ package tls13
 import (
 	"bytes"
 	"crypto/internal/fips"
+	_ "crypto/internal/fips/check"
 	"crypto/internal/fips/sha256"
 	"errors"
 )

src/crypto/internal/fipsdeps/fipsdeps_test.go

@@ -45,24 +45,54 @@ func TestImports(t *testing.T) {
 		t.Fatalf("go list: %v\n%s", err, out)
 	}
 
-	// Ensure we don't import any unexpected internal package from the FIPS
-	// module, since we can't change the module source after it starts
-	// validation. This locks in the API of otherwise internal packages.
+	allPackages := make(map[string]bool)
+
+	// importCheck is the set of packages that import crypto/internal/fips/check.
+	importCheck := make(map[string]bool)
+
 	for _, line := range strings.Split(string(out), "\n") {
 		if line == "" {
 			continue
 		}
-		parts := strings.Fields(line)
-		if parts[1] == "crypto/internal/fips" ||
-			strings.HasPrefix(parts[1], "crypto/internal/fips/") ||
-			strings.HasPrefix(parts[1], "crypto/internal/fipsdeps/") {
+		pkg, importedPkg, _ := strings.Cut(line, " ")
+
+		allPackages[pkg] = true
+
+		if importedPkg == "crypto/internal/fips/check" {
+			importCheck[pkg] = true
+		}
+
+		// Ensure we don't import any unexpected internal package from the FIPS
+		// module, since we can't change the module source after it starts
+		// validation. This locks in the API of otherwise internal packages.
+		if importedPkg == "crypto/internal/fips" ||
+			strings.HasPrefix(importedPkg, "crypto/internal/fips/") ||
+			strings.HasPrefix(importedPkg, "crypto/internal/fipsdeps/") {
 			continue
 		}
-		if AllowedInternalPackages[parts[1]] {
+		if AllowedInternalPackages[importedPkg] {
 			continue
 		}
-		if strings.Contains(parts[1], "internal") {
-			t.Errorf("unexpected import of internal package: %s -> %s", parts[0], parts[1])
+		if strings.Contains(importedPkg, "internal") {
+			t.Errorf("unexpected import of internal package: %s -> %s", pkg, importedPkg)
+		}
+	}
+
+	// Ensure that all packages except check and check's dependencies import check.
+	for pkg := range allPackages {
+		switch pkg {
+		case "crypto/internal/fips/check":
+		case "crypto/internal/fips":
+		case "crypto/internal/fips/alias":
+		case "crypto/internal/fips/subtle":
+		case "crypto/internal/fips/hmac":
+		case "crypto/internal/fips/sha3":
+		case "crypto/internal/fips/sha256":
+		case "crypto/internal/fips/sha512":
+		default:
+			if !importCheck[pkg] {
+				t.Errorf("package %s does not import crypto/internal/fips/check", pkg)
+			}
 		}
 	}
 }

src/crypto/sha256/sha256.go

@@ -9,7 +9,6 @@ package sha256
 import (
 	"crypto"
 	"crypto/internal/boring"
-	_ "crypto/internal/fips/check"
 	"crypto/internal/fips/sha256"
 	"hash"
 )

src/go/build/deps_test.go

@@ -462,14 +462,14 @@ var depsRules = `
 	< crypto/internal/fips
 	< crypto/internal/fips/alias
 	< crypto/internal/fips/subtle
-	< crypto/internal/fips/aes
-	< crypto/internal/fips/drbg
-	< crypto/internal/fips/aes/gcm
 	< crypto/internal/fips/sha256
 	< crypto/internal/fips/sha512
 	< crypto/internal/fips/sha3
 	< crypto/internal/fips/hmac
 	< crypto/internal/fips/check
+	< crypto/internal/fips/aes
+	< crypto/internal/fips/drbg
+	< crypto/internal/fips/aes/gcm
 	< crypto/internal/fips/hkdf
 	< crypto/internal/fips/mlkem
 	< crypto/internal/fips/ssh