fix(rand): Use crypto/rand instead of math/rand in FIPS mode [BE-12071] (#961)

Co-authored-by: codecov-ai[bot] <156709835+codecov-ai[bot]@users.noreply.github.com>
2025-08-07 14:55:27 +02:00 · 2025-08-06 10:19:15 +12:00 · 2025-08-06 10:19:15 +12:00 · 84b4b30f21
commit 84b4b30f21
parent 6c47598cd9
7 changed files with 281 additions and 7 deletions
--- a/pkg/librand/rand.go
+++ b/pkg/librand/rand.go
@ -0,0 +1,47 @@
+package librand
+
+import (
+	"crypto/rand"
+	"fmt"
+	"math/big"
+	mrand "math/rand/v2"
+
+	"github.com/portainer/portainer/pkg/fips"
+)
+
+func Intn(max int) int {
+	return intn(max, fips.FIPSMode())
+}
+
+func intn(max int, fips bool) int {
+	return int(int64n(int64(max), fips))
+}
+
+func int64n(max int64, fips bool) int64 {
+	if !fips {
+		return mrand.Int64N(max)
+	}
+
+	i, err := rand.Int(rand.Reader, big.NewInt(max))
+	if err != nil {
+		panic(fmt.Sprintf("failed to generate a random number: %v", err))
+	}
+	if !i.IsInt64() {
+		panic("generated random number cannot be represented as an int64")
+	}
+
+	return i.Int64()
+}
+
+func Float64() float64 {
+	return randomFloat64(fips.FIPSMode())
+}
+
+func randomFloat64(fips bool) float64 {
+	if !fips {
+		return mrand.Float64()
+	}
+
+	// This is based of this comment https://cs.opensource.google/go/go/+/refs/tags/go1.24.5:src/math/rand/v2/rand.go;l=209
+	return float64(int64n(1<<53, fips) / (1 << 53))
+}
--- a/pkg/librand/rand_test.go
+++ b/pkg/librand/rand_test.go
@ -0,0 +1,81 @@
+package librand
+
+import (
+	"testing"
+
+	"github.com/portainer/portainer/pkg/fips"
+)
+
+func init() {
+	fips.InitFIPS(false)
+}
+
+func TestIntn(t *testing.T) {
+	i := Intn(10)
+
+	if i >= 10 || i < 0 {
+		t.Fatalf("random number %d wasn't within interval", i)
+	}
+}
+
+func TestInternalIntn(t *testing.T) {
+	testCases := []struct {
+		name string
+		max  int
+		fips bool
+	}{
+		{
+			name: "non-fips mode",
+			max:  10,
+			fips: false,
+		},
+		{
+			name: "fips mode",
+			max:  10,
+			fips: true,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			i := intn(tc.max, tc.fips)
+
+			if i >= tc.max || i < 0 {
+				t.Fatalf("random number %d wasn't within interval", i)
+			}
+		})
+	}
+}
+
+func TestFloat64(t *testing.T) {
+	f := Float64()
+
+	if f >= 1 || f < 0 {
+		t.Fatalf("random float %v wasn't within interval", f)
+	}
+}
+
+func TestInternalFloat64(t *testing.T) {
+	testCases := []struct {
+		name string
+		fips bool
+	}{
+		{
+			name: "non-fips mode",
+			fips: false,
+		},
+		{
+			name: "fips mode",
+			fips: true,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			f := randomFloat64(tc.fips)
+			if f >= 1 || f < 0 {
+				t.Fatalf("random float %v wasn't within interval", f)
+			}
+		})
+	}
+}