initial implementation of macOS crypto backend

Author: gdams

eng/_util/buildutil/buildutil.go

@@ -91,6 +91,7 @@ func AppendExperimentEnv(experiment string) {
 	if strings.Contains(experiment, "opensslcrypto") ||
 		strings.Contains(experiment, "cngcrypto") ||
 		strings.Contains(experiment, "boringcrypto") ||
+		strings.Contains(experiment, "darwincrypto") ||
 		strings.Contains(experiment, "systemcrypto") {
 
 		experiment += ",allowcryptofallback"

eng/pipeline/stages/go-builder-matrix-stages.yml

@@ -86,6 +86,7 @@ stages:
           - { os: linux, arch: amd64, config: test, distro: ubuntu }
           - { os: linux, arch: amd64, config: test, distro: mariner2 }
           - { os: linux, arch: amd64, config: test, distro: azurelinux3 }
+          - { experiment: darwincrypto, os: darwin, arch: amd64, config: test }
           - { experiment: opensslcrypto, os: linux, arch: amd64, config: test }
           - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, fips: true }
           - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: ubuntu }

patches/0001-Add-systemcrypto-GOEXPERIMENT.patch

@@ -11,18 +11,18 @@ information about the behavior.
 Includes new tests in "build_test.go" and "buildbackend_test.go" to help
 maintain this feature. For more information, see the test files.
 ---
- src/cmd/go/internal/modindex/build.go         | 54 ++++++++++++++
- src/cmd/go/internal/modindex/build_test.go    | 73 +++++++++++++++++++
- src/go/build/build.go                         | 54 ++++++++++++++
- src/go/build/buildbackend_test.go             | 66 +++++++++++++++++
+ src/cmd/go/internal/modindex/build.go         | 57 +++++++++++++
+ src/cmd/go/internal/modindex/build_test.go    | 73 ++++++++++++++++
+ src/go/build/build.go                         | 57 +++++++++++++
+ src/go/build/buildbackend_test.go             | 84 +++++++++++++++++++
  .../testdata/backendtags_openssl/main.go      |  3 +
  .../testdata/backendtags_openssl/openssl.go   |  3 +
  .../build/testdata/backendtags_system/main.go |  3 +
  .../backendtags_system/systemcrypto.go        |  3 +
- .../goexperiment/exp_systemcrypto_off.go      |  9 +++
- .../goexperiment/exp_systemcrypto_on.go       |  9 +++
+ .../goexperiment/exp_systemcrypto_off.go      |  9 ++
+ .../goexperiment/exp_systemcrypto_on.go       |  9 ++
  src/internal/goexperiment/flags.go            | 15 ++++
- 11 files changed, 292 insertions(+)
+ 11 files changed, 316 insertions(+)
  create mode 100644 src/cmd/go/internal/modindex/build_test.go
  create mode 100644 src/go/build/buildbackend_test.go
  create mode 100644 src/go/build/testdata/backendtags_openssl/main.go
@@ -33,16 +33,17 @@ maintain this feature. For more information, see the test files.
  create mode 100644 src/internal/goexperiment/exp_systemcrypto_on.go
 
 diff --git a/src/cmd/go/internal/modindex/build.go b/src/cmd/go/internal/modindex/build.go
-index b57f2f6368f0fe..9ddde1ce9a2286 100644
+index b4dacb0f523a8d..4315c288d10cb3 100644
 --- a/src/cmd/go/internal/modindex/build.go
 +++ b/src/cmd/go/internal/modindex/build.go
-@@ -880,13 +880,67 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool {
+@@ -886,13 +886,70 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool {
  		name = "goexperiment.boringcrypto" // boringcrypto is an old name for goexperiment.boringcrypto
  	}
 
 +	const system = "goexperiment.systemcrypto"
 +	const openssl = "goexperiment.opensslcrypto"
 +	const cng = "goexperiment.cngcrypto"
++	const darwin = "goexperiment.darwincrypto"
 +	const boring = "goexperiment.boringcrypto"
 +	// Implement the SystemCrypto GOEXPERIMENT logic. This is done here rather
 +	// than during GOEXPERIMENT parsing so "-tags goexperiment.systemcrypto"
@@ -63,11 +64,12 @@ index b57f2f6368f0fe..9ddde1ce9a2286 100644
 +	satisfiedByAnyBackend := name == system
 +	satisfiedBySystemCrypto :=
 +		(ctxt.GOOS == "linux" && name == openssl) ||
-+			(ctxt.GOOS == "windows" && name == cng)
++			(ctxt.GOOS == "windows" && name == cng) ||
++			(ctxt.GOOS == "darwin" && name == darwin)
 +	satisfiedBy := func(tag string) bool {
 +		if satisfiedByAnyBackend {
 +			switch tag {
-+			case openssl, cng, boring:
++			case openssl, cng, darwin, boring:
 +				return true
 +			}
 +		}
@@ -81,6 +83,7 @@ index b57f2f6368f0fe..9ddde1ce9a2286 100644
 +		if satisfiedByAnyBackend {
 +			allTags[openssl] = true
 +			allTags[cng] = true
++			allTags[darwin] = true
 +			allTags[boring] = true
 +		}
 +		if satisfiedBySystemCrypto {
@@ -184,16 +187,17 @@ index 00000000000000..1756c5d027fee0
 +	}
 +}
 diff --git a/src/go/build/build.go b/src/go/build/build.go
-index dd6cdc903a21a8..48adcfed5cf3cb 100644
+index 9ffffda08a99b1..78fd536fa6a6d1 100644
 --- a/src/go/build/build.go
 +++ b/src/go/build/build.go
-@@ -1947,13 +1947,67 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool {
+@@ -1984,13 +1984,70 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool {
  		name = "goexperiment.boringcrypto" // boringcrypto is an old name for goexperiment.boringcrypto
  	}
 
 +	const system = "goexperiment.systemcrypto"
 +	const openssl = "goexperiment.opensslcrypto"
 +	const cng = "goexperiment.cngcrypto"
++	const darwin = "goexperiment.darwincrypto"
 +	const boring = "goexperiment.boringcrypto"
 +	// Implement the SystemCrypto GOEXPERIMENT logic. This is done here rather
 +	// than during GOEXPERIMENT parsing so "-tags goexperiment.systemcrypto"
@@ -214,11 +218,12 @@ index dd6cdc903a21a8..48adcfed5cf3cb 100644
 +	satisfiedByAnyBackend := name == system
 +	satisfiedBySystemCrypto :=
 +		(ctxt.GOOS == "linux" && name == openssl) ||
-+			(ctxt.GOOS == "windows" && name == cng)
++			(ctxt.GOOS == "windows" && name == cng) ||
++			(ctxt.GOOS == "darwin" && name == darwin)
 +	satisfiedBy := func(tag string) bool {
 +		if satisfiedByAnyBackend {
 +			switch tag {
-+			case openssl, cng, boring:
++			case openssl, cng, darwin, boring:
 +				return true
 +			}
 +		}
@@ -232,6 +237,7 @@ index dd6cdc903a21a8..48adcfed5cf3cb 100644
 +		if satisfiedByAnyBackend {
 +			allTags[openssl] = true
 +			allTags[cng] = true
++			allTags[darwin] = true
 +			allTags[boring] = true
 +		}
 +		if satisfiedBySystemCrypto {
@@ -257,10 +263,10 @@ index dd6cdc903a21a8..48adcfed5cf3cb 100644
  		}
 diff --git a/src/go/build/buildbackend_test.go b/src/go/build/buildbackend_test.go
 new file mode 100644
-index 00000000000000..a22abbb42e37c0
+index 00000000000000..096b9b4566667c
 --- /dev/null
 +++ b/src/go/build/buildbackend_test.go
-@@ -0,0 +1,66 @@
+@@ -0,0 +1,84 @@
 +// Copyright 2023 The Go Authors. All rights reserved.
 +// Use of this source code is governed by a BSD-style
 +// license that can be found in the LICENSE file.
@@ -326,6 +332,24 @@ index 00000000000000..a22abbb42e37c0
 +	if !reflect.DeepEqual(p.GoFiles, wantFiles) {
 +		t.Errorf("GoFiles = %v, want %v", p.GoFiles, wantFiles)
 +	}
++
++	ctxt.GOARCH = "amd64"
++	ctxt.GOOS = "darwin"
++	ctxt.BuildTags = []string{"goexperiment.darwincrypto"}
++	p, err = ctxt.ImportDir("testdata/backendtags_openssl", 0)
++	if err != nil {
++		t.Fatal(err)
++	}
++	// Given the current GOOS (darwin), systemcrypto would not affect the
++	// decision, so we don't want it to be included in AllTags.
++	want = []string{"goexperiment.opensslcrypto"}
++	if !reflect.DeepEqual(p.AllTags, want) {
++		t.Errorf("AllTags = %v, want %v", p.AllTags, want)
++	}
++	wantFiles = []string{"main.go"}
++	if !reflect.DeepEqual(p.GoFiles, wantFiles) {
++		t.Errorf("GoFiles = %v, want %v", p.GoFiles, wantFiles)
++	}
 +}
 diff --git a/src/go/build/testdata/backendtags_openssl/main.go b/src/go/build/testdata/backendtags_openssl/main.go
 new file mode 100644
@@ -394,14 +418,14 @@ index 00000000000000..9c5b0bbc7b99dc
 +const SystemCrypto = true
 +const SystemCryptoInt = 1
 diff --git a/src/internal/goexperiment/flags.go b/src/internal/goexperiment/flags.go
-index ae3cbaf89fa5dd..de79140b2d4780 100644
+index 31b3d0315b64f8..de1dfa6e567a71 100644
 --- a/src/internal/goexperiment/flags.go
 +++ b/src/internal/goexperiment/flags.go
 @@ -60,6 +60,21 @@ type Flags struct {
  	StaticLockRanking bool
  	BoringCrypto      bool
 
-+	// SystemCrypto enables the OpenSSL or CNG crypto experiment depending on
++	// SystemCrypto enables the OpenSSL, CNG or Darwin crypto experiment depending on
 +	// which one is appropriate on the target GOOS.
 +	//
 +	// If SystemCrypto is enabled but no crypto experiment is appropriate on the

patches/0002-Add-crypto-backend-foundation.patch

@@ -69,14 +69,15 @@ Subject: [PATCH] Add crypto backend foundation
  src/crypto/tls/handshake_server_tls13.go      |  24 +-
  src/crypto/tls/internal/fips140tls/fipstls.go |   3 +-
  src/crypto/tls/prf.go                         |  41 ++++
+ src/go/build/buildbackend_test.go             |   2 +-
  src/go/build/deps_test.go                     |   8 +-
  src/hash/boring_test.go                       |   9 +
  src/hash/example_test.go                      |   2 +
  src/hash/marshal_test.go                      |   5 +
  src/hash/notboring_test.go                    |   9 +
  src/net/smtp/smtp_test.go                     |  72 ++++--
  src/runtime/runtime_boring.go                 |   5 +
- 72 files changed, 1181 insertions(+), 86 deletions(-)
+ 73 files changed, 1182 insertions(+), 87 deletions(-)
  create mode 100644 src/crypto/dsa/boring.go
  create mode 100644 src/crypto/dsa/notboring.go
  create mode 100644 src/crypto/ed25519/boring.go
@@ -619,11 +620,11 @@ index 00000000000000..3a7d7b76c8d8d7
 +}
 +
 +type boringPub struct {
-+	key  *boring.PublicKeyEd25519
++	key  boring.PublicKeyEd25519
 +	orig [PublicKeySize]byte
 +}
 +
-+func boringPublicKey(pub PublicKey) (*boring.PublicKeyEd25519, error) {
++func boringPublicKey(pub PublicKey) (boring.PublicKeyEd25519, error) {
 +	// Use the pointer to the underlying pub array as key.
 +	p := unsafe.SliceData(pub)
 +	b := pubCache.Get(p)
@@ -635,19 +636,19 @@ index 00000000000000..3a7d7b76c8d8d7
 +	copy(b.orig[:], pub)
 +	key, err := boring.NewPublicKeyEd25119(b.orig[:])
 +	if err != nil {
-+		return nil, err
++		return key, err
 +	}
 +	b.key = key
 +	pubCache.Put(p, b)
 +	return key, nil
 +}
 +
 +type boringPriv struct {
-+	key  *boring.PrivateKeyEd25519
++	key  boring.PrivateKeyEd25519
 +	orig [PrivateKeySize]byte
 +}
 +
-+func boringPrivateKey(priv PrivateKey) (*boring.PrivateKeyEd25519, error) {
++func boringPrivateKey(priv PrivateKey) (boring.PrivateKeyEd25519, error) {
 +	// Use the pointer to the underlying priv array as key.
 +	p := unsafe.SliceData(priv)
 +	b := privCache.Get(p)
@@ -659,7 +660,7 @@ index 00000000000000..3a7d7b76c8d8d7
 +	copy(b.orig[:], priv)
 +	key, err := boring.NewPrivateKeyEd25119(b.orig[:])
 +	if err != nil {
-+		return nil, err
++		return key, err
 +	}
 +	b.key = key
 +	privCache.Put(p, b)
@@ -807,10 +808,10 @@ index 00000000000000..b0cdd44d81c753
 +
 +import boring "crypto/internal/backend"
 +
-+func boringPublicKey(PublicKey) (*boring.PublicKeyEd25519, error) {
++func boringPublicKey(PublicKey) (boring.PublicKeyEd25519, error) {
 +	panic("boringcrypto: not available")
 +}
-+func boringPrivateKey(PrivateKey) (*boring.PrivateKeyEd25519, error) {
++func boringPrivateKey(PrivateKey) (boring.PrivateKeyEd25519, error) {
 +	panic("boringcrypto: not available")
 +}
 diff --git a/src/crypto/hkdf/hkdf.go b/src/crypto/hkdf/hkdf.go
@@ -1317,37 +1318,37 @@ index 00000000000000..71e0ec9dc25a02
 +
 +type PublicKeyEd25519 struct{}
 +
-+func (k *PublicKeyEd25519) Bytes() ([]byte, error) {
++func (k PublicKeyEd25519) Bytes() ([]byte, error) {
 +	panic("cryptobackend: not available")
 +}
 +
 +type PrivateKeyEd25519 struct{}
 +
-+func (k *PrivateKeyEd25519) Bytes() ([]byte, error) {
++func (k PrivateKeyEd25519) Bytes() ([]byte, error) {
 +	panic("cryptobackend: not available")
 +}
 +
-+func GenerateKeyEd25519() (*PrivateKeyEd25519, error) {
++func GenerateKeyEd25519() (PrivateKeyEd25519, error) {
 +	panic("cryptobackend: not available")
 +}
 +
-+func NewPrivateKeyEd25119(priv []byte) (*PrivateKeyEd25519, error) {
++func NewPrivateKeyEd25119(priv []byte) (PrivateKeyEd25519, error) {
 +	panic("cryptobackend: not available")
 +}
 +
-+func NewPublicKeyEd25119(pub []byte) (*PublicKeyEd25519, error) {
++func NewPublicKeyEd25119(pub []byte) (PublicKeyEd25519, error) {
 +	panic("cryptobackend: not available")
 +}
 +
-+func NewPrivateKeyEd25519FromSeed(seed []byte) (*PrivateKeyEd25519, error) {
++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) {
 +	panic("cryptobackend: not available")
 +}
 +
-+func SignEd25519(priv *PrivateKeyEd25519, message []byte) ([]byte, error) {
++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) {
 +	panic("cryptobackend: not available")
 +}
 +
-+func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error {
++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error {
 +	panic("cryptobackend: not available")
 +}
 +
@@ -2317,6 +2318,19 @@ index e7369542a73270..ff52175e4ac636 100644
  		return tls12.PRF(hashFunc, secret, label, seed, keyLen)
  	}
  }
+diff --git a/src/go/build/buildbackend_test.go b/src/go/build/buildbackend_test.go
+index 096b9b4566667c..aa3c5f1007ed79 100644
+--- a/src/go/build/buildbackend_test.go
++++ b/src/go/build/buildbackend_test.go
+@@ -55,7 +55,7 @@ func TestCryptoBackendAllTags(t *testing.T) {
+ 	if err != nil {
+ 		t.Fatal(err)
+ 	}
+-	want = []string{"goexperiment.boringcrypto", "goexperiment.cngcrypto", "goexperiment.opensslcrypto", "goexperiment.systemcrypto"}
++	want = []string{"goexperiment.boringcrypto", "goexperiment.cngcrypto", "goexperiment.darwincrypto", "goexperiment.opensslcrypto", "goexperiment.systemcrypto"}
+ 	if !reflect.DeepEqual(p.AllTags, want) {
+ 		t.Errorf("AllTags = %v, want %v", p.AllTags, want)
+ 	}
 diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
 index cc7f4df7f388ea..58082b3636f209 100644
 --- a/src/go/build/deps_test.go

patches/0003-Add-BoringSSL-crypto-backend.patch

@@ -235,37 +235,37 @@ index 00000000000000..b1bd6d5ba756d7
 +
 +type PublicKeyEd25519 struct{}
 +
-+func (k *PublicKeyEd25519) Bytes() ([]byte, error) {
++func (k PublicKeyEd25519) Bytes() ([]byte, error) {
 +	panic("cryptobackend: not available")
 +}
 +
 +type PrivateKeyEd25519 struct{}
 +
-+func (k *PrivateKeyEd25519) Bytes() ([]byte, error) {
++func (k PrivateKeyEd25519) Bytes() ([]byte, error) {
 +	panic("cryptobackend: not available")
 +}
 +
-+func GenerateKeyEd25519() (*PrivateKeyEd25519, error) {
++func GenerateKeyEd25519() (PrivateKeyEd25519, error) {
 +	panic("cryptobackend: not available")
 +}
 +
-+func NewPrivateKeyEd25119(priv []byte) (*PrivateKeyEd25519, error) {
++func NewPrivateKeyEd25119(priv []byte) (PrivateKeyEd25519, error) {
 +	panic("cryptobackend: not available")
 +}
 +
-+func NewPublicKeyEd25119(pub []byte) (*PublicKeyEd25519, error) {
++func NewPublicKeyEd25119(pub []byte) (PublicKeyEd25519, error) {
 +	panic("cryptobackend: not available")
 +}
 +
-+func NewPrivateKeyEd25519FromSeed(seed []byte) (*PrivateKeyEd25519, error) {
++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) {
 +	panic("cryptobackend: not available")
 +}
 +
-+func SignEd25519(priv *PrivateKeyEd25519, message []byte) ([]byte, error) {
++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) {
 +	panic("cryptobackend: not available")
 +}
 +
-+func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error {
++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error {
 +	panic("cryptobackend: not available")
 +}
 +