Update FIPS indicator test for newly supported operations

aws · Dec 11, 2024 · eb6cc5c · eb6cc5c
1 parent c4f4538
commit eb6cc5c
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 30 deletions.
diff --git a/aws-lc-rs/src/digest/tests/fips.rs b/aws-lc-rs/src/digest/tests/fips.rs
@@ -40,6 +40,6 @@ digest_api!(sha256, &SHA256, FipsServiceStatus::Approved);
 digest_api!(sha384, &SHA384, FipsServiceStatus::Approved);
 digest_api!(sha512, &SHA512, FipsServiceStatus::Approved);
 digest_api!(sha512_256, &SHA512_256, FipsServiceStatus::Approved);
-digest_api!(sha3_256, &SHA3_256, FipsServiceStatus::NonApproved);
-digest_api!(sha3_384, &SHA3_384, FipsServiceStatus::NonApproved);
-digest_api!(sha3_512, &SHA3_512, FipsServiceStatus::NonApproved);
+digest_api!(sha3_256, &SHA3_256, FipsServiceStatus::Approved);
+digest_api!(sha3_384, &SHA3_384, FipsServiceStatus::Approved);
+digest_api!(sha3_512, &SHA3_512, FipsServiceStatus::Approved);
diff --git a/aws-lc-rs/src/rsa/tests/fips.rs b/aws-lc-rs/src/rsa/tests/fips.rs
@@ -81,12 +81,7 @@ generate_key!(rsa2048_signing_generate_key, KeyPair, KeySize::Rsa2048);
 generate_key!(rsa3072_signing_generate_key, KeyPair, KeySize::Rsa3072);
 generate_key!(rsa4096_signing_generate_key, KeyPair, KeySize::Rsa4096);
 
-generate_key!(
-    rsa8192_signing_generate_key,
-    KeyPair,
-    KeySize::Rsa8192,
-    false
-);
+generate_key!(rsa8192_signing_generate_key, KeyPair, KeySize::Rsa8192);
 
 generate_key!(
     rsa2048_encryption_generate_key,
@@ -106,6 +101,5 @@ generate_key!(
 generate_key!(
     rsa8192_encryption_generate_key,
     PrivateDecryptingKey,
-    KeySize::Rsa8192,
-    false
+    KeySize::Rsa8192
 );
diff --git a/aws-lc-rs/src/signature/tests/fips.rs b/aws-lc-rs/src/signature/tests/fips.rs
@@ -90,14 +90,14 @@ ecdsa_generate_sign_verify!(
     &ECDSA_P384_SHA3_384_ASN1_SIGNING,
     ECDSA_P384_SHA3_384_ASN1,
     FipsServiceStatus::Approved,
-    FipsServiceStatus::NonApproved
+    FipsServiceStatus::Approved
 );
 ecdsa_generate_sign_verify!(
     ecdsa_p384_sha3_384_fixed,
     &ECDSA_P384_SHA3_384_FIXED_SIGNING,
     ECDSA_P384_SHA3_384_FIXED,
     FipsServiceStatus::Approved,
-    FipsServiceStatus::NonApproved
+    FipsServiceStatus::Approved
 );
 ecdsa_generate_sign_verify!(
     ecdsa_p384_sha384_asn1,
@@ -118,14 +118,14 @@ ecdsa_generate_sign_verify!(
     &ECDSA_P521_SHA3_512_ASN1_SIGNING,
     ECDSA_P521_SHA3_512_ASN1,
     FipsServiceStatus::Approved,
-    FipsServiceStatus::NonApproved
+    FipsServiceStatus::Approved
 );
 ecdsa_generate_sign_verify!(
     ecdsa_p521_sha3_512_fixed,
     &ECDSA_P521_SHA3_512_FIXED_SIGNING,
     ECDSA_P521_SHA3_512_FIXED,
     FipsServiceStatus::Approved,
-    FipsServiceStatus::NonApproved
+    FipsServiceStatus::Approved
 );
 ecdsa_generate_sign_verify!(
     ecdsa_p521_sha512_asn1,
@@ -148,7 +148,7 @@ fn ed25519() {
 
     let key_document = assert_fips_status_indicator!(
         Ed25519KeyPair::generate_pkcs8(&rng),
-        FipsServiceStatus::NonApproved
+        FipsServiceStatus::Approved
     )
     .unwrap();
 
@@ -160,7 +160,7 @@ fn ed25519() {
 
     let signature = assert_fips_status_indicator!(
         keypair.sign(TEST_MESSAGE.as_bytes()),
-        FipsServiceStatus::NonApproved
+        FipsServiceStatus::Approved
     );
 
     let public_key = keypair.public_key();
@@ -171,7 +171,7 @@ fn ed25519() {
             TEST_MESSAGE.as_bytes(),
             signature.as_ref()
         ),
-        FipsServiceStatus::NonApproved
+        FipsServiceStatus::Approved
     )
     .unwrap();
 }
@@ -308,24 +308,24 @@ rsa_sign_verify!(
     &TEST_RSA_8192_PRIVATE_PKCS8_DER[..],
     &RSA_PKCS1_SHA256,
     RSA_PKCS1_2048_8192_SHA256,
-    FipsServiceStatus::NonApproved,
-    FipsServiceStatus::NonApproved
+    FipsServiceStatus::Approved,
+    FipsServiceStatus::Approved
 );
 rsa_sign_verify!(
     rsa_pkcs1_8192_sha384,
     &TEST_RSA_8192_PRIVATE_PKCS8_DER[..],
     &RSA_PKCS1_SHA384,
     RSA_PKCS1_2048_8192_SHA384,
-    FipsServiceStatus::NonApproved,
-    FipsServiceStatus::NonApproved
+    FipsServiceStatus::Approved,
+    FipsServiceStatus::Approved
 );
 rsa_sign_verify!(
     rsa_pkcs1_8192_sha512,
     &TEST_RSA_8192_PRIVATE_PKCS8_DER[..],
     &RSA_PKCS1_SHA512,
     RSA_PKCS1_2048_8192_SHA512,
-    FipsServiceStatus::NonApproved,
-    FipsServiceStatus::NonApproved
+    FipsServiceStatus::Approved,
+    FipsServiceStatus::Approved
 );
 rsa_sign_verify!(
     rsa_pss_2048_sha256,
@@ -380,24 +380,24 @@ rsa_sign_verify!(
     &TEST_RSA_8192_PRIVATE_PKCS8_DER[..],
     &RSA_PSS_SHA256,
     RSA_PSS_2048_8192_SHA256,
-    FipsServiceStatus::NonApproved,
-    FipsServiceStatus::NonApproved
+    FipsServiceStatus::Approved,
+    FipsServiceStatus::Approved
 );
 rsa_sign_verify!(
     rsa_pss_8192_sha384,
     &TEST_RSA_8192_PRIVATE_PKCS8_DER[..],
     &RSA_PSS_SHA384,
     RSA_PSS_2048_8192_SHA384,
-    FipsServiceStatus::NonApproved,
-    FipsServiceStatus::NonApproved
+    FipsServiceStatus::Approved,
+    FipsServiceStatus::Approved
 );
 rsa_sign_verify!(
     rsa_pss_8192_sha512,
     &TEST_RSA_8192_PRIVATE_PKCS8_DER[..],
     &RSA_PSS_SHA512,
     RSA_PSS_2048_8192_SHA512,
-    FipsServiceStatus::NonApproved,
-    FipsServiceStatus::NonApproved
+    FipsServiceStatus::Approved,
+    FipsServiceStatus::Approved
 );
 
 macro_rules! rsa_verify {