Consider FIPS support on macOS / darwin

[dagood]

As of writing, we've been asked about macOS FIPS support, but we haven't been asked to provide it. I'm opening this issue to keep track of any interest.

My reading of the internal Microsoft crypto policy is that using OpenSSL on macOS would be considered noncompliant. Instead, the platform-provided CommonCrypto, Security Transforms, and Secure Transport APIs must be used. If I'm wrong, or for anyone looking into this from outside Microsoft, maybe this isn't an issue. In that case, golang-fips/openssl#98 is an effort to make the OpenSSL backend work on macOS (and Windows), although we haven't determined for certain that it will work in microsoft/go releases.

I haven't looked into any of those macOS-provided libraries to see what kind of effort it would take to make a backend for it.

[danegsta]

Our team would love support for building FIPS compliant darwin binaries; we're building Go binaries that are part of a toolchain that is otherwise using FIPS compliant .NET binaries for Windows, Linux, and MacOS, so ideally we'd be able to produce FIPS compliant Go binaries for the same set of OS targets.

[qmuntal]

@danegsta supporting macOS is currently not in our backlog. Please send an email to @gdams, our manager, explaining your business case so we can prioritize this effort and see how it can be funded.

[dagood]

My reading of the internal Microsoft crypto policy is that using OpenSSL on macOS would be considered noncompliant. Instead, the platform-provided CommonCrypto, Security Transforms, and Secure Transport APIs must be used.

We got this clarified by someone responsible for the policy--they don't see it this way, which is great news. It's ok to use OpenSSL on macOS, and there isn't any need to rule out the possibility of using macOS native crypto: OpenSSL is always ok, as long as the OpenSSL-specific requirements are met.

Getting this enabled in Microsoft Go will take some work (in addition to tweaking the patch, we would probably want to set up macOS builders to continuously test it), but the path is clear.

[toanant]

@dagood Thanks for the update! I’m interested in learning more about any progress related to the recent discussions on supporting Microsoft Go on macOS. We have a similar use case where we need to create a FIPS-compliant Go binary for macOS.
Any updates or insights you can provide would be greatly appreciated!

[dagood]

We have a draft PR for a macOS builder at #1279 that we plan to keep working on, but no progress yet on a FIPS backend. I suspect though that the work to be done on that will be:

1. Modify patches/0004-Add-OpenSSL-crypto-backend.patch to allow darwin along with linux in the relevant build tags.
2. Regenerate patches/0007-Add-backend-code-gen.patch to update the error messages so go build will let you target darwin without stopping your build.
3. Modify patches/0001-Add-systemcrypto-GOEXPERIMENT.patch so that systemcrypto uses opensslcrypto on darwin.
   • I don't think this step is truly necessary to build your own binary if you're comfortable building your own copy of Go and assign GOEXPERIMENT=opensslcrypto directly rather than use the systemcrypto alias. We'll want to have systemcrypto working in official/signed Microsoft Go builds, though.

(We haven't looked at CommonCrypto/etc., and using OpenSSL on macOS is still the plan for this issue.)

[lmaliniak]

@dagood we're attempting to follow the provided instructions to generate a FIPS build on macOS, but we're encountering errors when applying the patches. Could you please provide more detailed instructions? Alternatively, if you already have a version that supports Darwin, we'd be happy to test it.
Thanks

[lmaliniak]

@dagood, in continue to my previous message, I didn't generate patches/0007-Add-backend-code-gen.patch alone, but run the build after updating patches/0004-Add-OpenSSL-crypto-backend.patch with (darwin || linux) where linux appeared in the code.
here is the build output:
sudo pwsh eng/run.ps1 build -refresh
Building MacOS darwin arm64...
In ' /Users/devuser/dev/fips/go/eng/_util', building './cmd/build' -> /Users/devuser/dev/fips/go/eng/artifacts/toolbin/build
Built 'build'. Running from repo root...
---- Running command: /usr/bin/git [git submodule update --init -f]
Submodule path 'go': checked out '6b2ffc72b67713de4f08915937a64392aa4dbff0'
---- Running command: /usr/bin/git [git rev-parse --show-toplevel]
---- Running command: /usr/bin/git [git rev-parse --show-toplevel]
---- Running command: /usr/bin/git [git am --abort]
---- Running command: /usr/bin/git [git rebase --abort]
---- Running command: /usr/bin/git [git merge --abort]
---- Running command: /usr/bin/git [git reset --hard]
HEAD is now at 6b2ffc72b6 cmd: extract cmd/go's cfg.LookPath into separate pathcache package
---- Running command: /usr/bin/git [git clean -df]
Removing src/cmd/go/internal/modindex/build_test.go
Removing src/crypto/ed25519/boring.go
Removing src/crypto/ed25519/notboring.go
Removing src/crypto/internal/backend/
Removing src/go/build/buildbackend_test.go
Removing src/go/build/testdata/backendtags_openssl/
Removing src/go/build/testdata/backendtags_system/
Removing src/internal/goexperiment/exp_systemcrypto_off.go
Removing src/internal/goexperiment/exp_systemcrypto_on.go
---- Running command: /usr/bin/git [git apply --index --whitespace=nowarn /Users/devuser/dev/fips/go/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch /Users/devuser/dev/fips/go/patches/0002-Add-crypto-backend-foundation.patch /Users/devuser/dev/fips/go/patches/0003-Add-BoringSSL-crypto-backend.patch /Users/devuser/dev/fips/go/patches/0004-Add-OpenSSL-crypto-backend.patch /Users/devuser/dev/fips/go/patches/0005-Add-CNG-crypto-backend.patch /Users/devuser/dev/fips/go/patches/0006-Vendor-crypto-backends.patch /Users/devuser/dev/fips/go/patches/0007-Add-backend-code-gen.patch /Users/devuser/dev/fips/go/patches/0008-Update-default-go.env.patch /Users/devuser/dev/fips/go/patches/0009-Skip-failing-tests-on-Windows.patch /Users/devuser/dev/fips/go/patches/0010-Support-TLS-1.3-in-fipstls-mode.patch /Users/devuser/dev/fips/go/patches/0011-unset-GOFIPS-when-running-the-Go-toolchain.patch /Users/devuser/dev/fips/go/patches/0012-add-support-for-logging-used-Windows-APIs.patch /Users/devuser/dev/fips/go/patches/0013-remove-long-path-support-hack.patch /Users/devuser/dev/fips/go/patches/0014-Omit-internal-go.mod-files-used-for-codegen.patch]
error: patch failed: src/cmd/dist/test.go:1225
error: src/cmd/dist/test.go: patch does not apply
panic: exit status 1

goroutine 1 [running]:
main.main()
/Users/devuser/dev/fips/go/eng/_util/cmd/build/build.go:75 +0x344
Failed to run tool.

[dagood]

Sorry for the quiet here. I've opened #1368 for supporting producing (signed) macOS prebuilt Microsoft Go toolsets, which will make it easier to then work on the FIPS side of things. I'm going to take a stab at getting #1279 through. I don't have direct access to a machine running macOS, but I'm hoping I can get it through CI to the point where others can keep this work going.

Apologies also for the trouble with the patch files... seeing #1362, it looks like you might be editing the .patch files directly rather than using git commands to apply/format/extract them. We have a tool git-go-patch that we use to maintain them. I noticed that we don't link to it anywhere from the microsoft/go repo--I'll fix that.

[gdams]

An important update:

We (the Go team) have been experimenting with several different crypto backends for macOS and intend to go with the CommonCrypto (falling back to CryptoKit where required).

This is still very early days and we don't anticipate having a GA binary for a while but we would be interested in having 1P customers testing out some EA binaries for us (if this is of interest then please drop me an email)

The macOS crypto bindings have been open sourced here: https://github.com/microsoft/go-crypto-darwin and we actively encourage contributions. As with our other backends, it may not be possible to support every single algorithm so we'll fall back to the Go native crypto where necessary.