3

The dev.boringcrypto branch of Go replaces the built-in crypto modules with a FIPS-verified version:

We have been working inside Google on a fork of Go that uses BoringCrypto (the core of BoringSSL) for various crypto primitives, in furtherance of some work related to FIPS 140-2. We have heard that some external users of Go would be interested in this code as well, so this branch holds the patches to make Go use BoringCrypto.

Poking around through the source code, I can see the modifications to the low-level crypto code. However, the Go packages that I've been using all use the x/crypto library, which I couldn't see any references to in the branch on first look. I would like some clarification around the suitability of this library in relation to FIPS 140-2 - if I compiled a project that uses x/crypto with a boringcrypto Go build, would the library become FIPS-compliant as well?

If this isn't the case - why not? If Go has a maintained FIPS-verified branch, why wouldn't a fundamental crypto library also have the same modifications?

Ben S
  • 95
  • 1
  • 7

1 Answers1

2

Once there is an active CMVP (Cryptographic module validation programme), for the library you are using, then you can be assured of the FIPS 140-2 validation.

Remember, there are both "compliance" and "accreditation" concepts spoken about in relation to FIPS.

"Compliance" is where the underlying cipher is on the list of approved cryptographic primitives, i.e. AES256-CBC.

"Accreditation/Validation" is where the underlying library has been specifically audited by a NIST approved lab.

It's the latter you must rely upon for FIPS 140-2 production use (FedRAMP etc).

Looks like CMVP #3753 is what you need.

Any modification to the parameters underlying the certificate invalidates the accreditation.

Woodstock
  • 22,184
  • 15
  • 80
  • 118
  • Thanks. This is more of a Go question - BoringSSL, which the dev.boringcrypto branch is based off, is [validated](https://boringssl.googlesource.com/boringssl/+/master/crypto/fipsmodule/FIPS.md). What I want to know is if the `x/crypto` library performs it's own cryptography, or if it uses the underlying boringSSL module without making any modifications (and nullifying the validation) – Ben S Jul 19 '21 at 23:28
  • 2
    The simple way to test is run the lib and try and use non-FIPS crypto... say blake2, or curve25519 or whatever... the core of FIPS is that it shouldn't let you if the lib is in FIPS mode. – Woodstock Jul 20 '21 at 06:40