diff options
author | Adam Langley <alangley@gmail.com> | 2021-03-09 13:17:06 -0800 |
---|---|---|
committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2021-03-15 22:47:52 +0000 |
commit | f7b87c83fa5a8f3f30058033ea41d4f24836d44a (patch) | |
tree | 898a478895c2697e4c23572494c3121b46bc4e54 /crypto/crypto_test.cc | |
parent | acf6149ad878f66c2de240f24617f280371e13a3 (diff) | |
download | boringssl-f7b87c83fa5a8f3f30058033ea41d4f24836d44a.zip boringssl-f7b87c83fa5a8f3f30058033ea41d4f24836d44a.tar.gz boringssl-f7b87c83fa5a8f3f30058033ea41d4f24836d44a.tar.bz2 |
fips: add counters.
In order to provide evidence to auditors that high-level functions end
up calling into the FIPS module, provide counters that allow for such
monitoring.
Change-Id: I55d45299f3050bf58077715ffa280210db156116
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46124
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Diffstat (limited to 'crypto/crypto_test.cc')
-rw-r--r-- | crypto/crypto_test.cc | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/crypto/crypto_test.cc b/crypto/crypto_test.cc index f6c2374..ccb0956 100644 --- a/crypto/crypto_test.cc +++ b/crypto/crypto_test.cc @@ -19,6 +19,7 @@ #include <openssl/base.h> #include <openssl/crypto.h> +#include <openssl/cipher.h> #include <gtest/gtest.h> @@ -33,3 +34,33 @@ TEST(CryptoTest, Version) { EXPECT_EQ(expected, std::string(OPENSSL_VERSION_TEXT).substr(0, strlen(expected))); } + +#if defined(BORINGSSL_FIPS_COUNTERS) +TEST(CryptoTest, FIPSCountersEVP) { + constexpr struct { + const EVP_CIPHER *(*cipher)(); + fips_counter_t counter; + } kTests[] = { + { + EVP_aes_128_gcm, + fips_counter_evp_aes_128_gcm, + }, + { + EVP_aes_256_gcm, + fips_counter_evp_aes_256_gcm, + }, + }; + + uint8_t key[EVP_MAX_KEY_LENGTH] = {0}; + uint8_t iv[EVP_MAX_IV_LENGTH] = {1}; + + for (const auto& test : kTests) { + const size_t before = FIPS_read_counter(test.counter); + + bssl::ScopedEVP_CIPHER_CTX ctx; + ASSERT_TRUE(EVP_EncryptInit_ex(ctx.get(), test.cipher(), /*engine=*/nullptr, + key, iv)); + ASSERT_GT(FIPS_read_counter(test.counter), before); + } +} +#endif // BORINGSSL_FIPS_COUNTERS |