From eb6cc5c5b5cb2dc2369b6055a9ce797117ab4555 Mon Sep 17 00:00:00 2001 From: Justin Smith Date: Wed, 11 Dec 2024 09:19:14 -0500 Subject: [PATCH] Update FIPS indicator test for newly supported operations --- aws-lc-rs/src/digest/tests/fips.rs | 6 ++--- aws-lc-rs/src/rsa/tests/fips.rs | 10 ++----- aws-lc-rs/src/signature/tests/fips.rs | 38 +++++++++++++-------------- 3 files changed, 24 insertions(+), 30 deletions(-) diff --git a/aws-lc-rs/src/digest/tests/fips.rs b/aws-lc-rs/src/digest/tests/fips.rs index 3d0dddf16a1..f2a83d33d5d 100644 --- a/aws-lc-rs/src/digest/tests/fips.rs +++ b/aws-lc-rs/src/digest/tests/fips.rs @@ -40,6 +40,6 @@ digest_api!(sha256, &SHA256, FipsServiceStatus::Approved); digest_api!(sha384, &SHA384, FipsServiceStatus::Approved); digest_api!(sha512, &SHA512, FipsServiceStatus::Approved); digest_api!(sha512_256, &SHA512_256, FipsServiceStatus::Approved); -digest_api!(sha3_256, &SHA3_256, FipsServiceStatus::NonApproved); -digest_api!(sha3_384, &SHA3_384, FipsServiceStatus::NonApproved); -digest_api!(sha3_512, &SHA3_512, FipsServiceStatus::NonApproved); +digest_api!(sha3_256, &SHA3_256, FipsServiceStatus::Approved); +digest_api!(sha3_384, &SHA3_384, FipsServiceStatus::Approved); +digest_api!(sha3_512, &SHA3_512, FipsServiceStatus::Approved); diff --git a/aws-lc-rs/src/rsa/tests/fips.rs b/aws-lc-rs/src/rsa/tests/fips.rs index 6e96753b5be..f5be772478c 100644 --- a/aws-lc-rs/src/rsa/tests/fips.rs +++ b/aws-lc-rs/src/rsa/tests/fips.rs @@ -81,12 +81,7 @@ generate_key!(rsa2048_signing_generate_key, KeyPair, KeySize::Rsa2048); generate_key!(rsa3072_signing_generate_key, KeyPair, KeySize::Rsa3072); generate_key!(rsa4096_signing_generate_key, KeyPair, KeySize::Rsa4096); -generate_key!( - rsa8192_signing_generate_key, - KeyPair, - KeySize::Rsa8192, - false -); +generate_key!(rsa8192_signing_generate_key, KeyPair, KeySize::Rsa8192); generate_key!( rsa2048_encryption_generate_key, @@ -106,6 +101,5 @@ generate_key!( generate_key!( rsa8192_encryption_generate_key, PrivateDecryptingKey, - KeySize::Rsa8192, - false + KeySize::Rsa8192 ); diff --git a/aws-lc-rs/src/signature/tests/fips.rs b/aws-lc-rs/src/signature/tests/fips.rs index 78524cab7b6..a8ef3e14938 100644 --- a/aws-lc-rs/src/signature/tests/fips.rs +++ b/aws-lc-rs/src/signature/tests/fips.rs @@ -90,14 +90,14 @@ ecdsa_generate_sign_verify!( &ECDSA_P384_SHA3_384_ASN1_SIGNING, ECDSA_P384_SHA3_384_ASN1, FipsServiceStatus::Approved, - FipsServiceStatus::NonApproved + FipsServiceStatus::Approved ); ecdsa_generate_sign_verify!( ecdsa_p384_sha3_384_fixed, &ECDSA_P384_SHA3_384_FIXED_SIGNING, ECDSA_P384_SHA3_384_FIXED, FipsServiceStatus::Approved, - FipsServiceStatus::NonApproved + FipsServiceStatus::Approved ); ecdsa_generate_sign_verify!( ecdsa_p384_sha384_asn1, @@ -118,14 +118,14 @@ ecdsa_generate_sign_verify!( &ECDSA_P521_SHA3_512_ASN1_SIGNING, ECDSA_P521_SHA3_512_ASN1, FipsServiceStatus::Approved, - FipsServiceStatus::NonApproved + FipsServiceStatus::Approved ); ecdsa_generate_sign_verify!( ecdsa_p521_sha3_512_fixed, &ECDSA_P521_SHA3_512_FIXED_SIGNING, ECDSA_P521_SHA3_512_FIXED, FipsServiceStatus::Approved, - FipsServiceStatus::NonApproved + FipsServiceStatus::Approved ); ecdsa_generate_sign_verify!( ecdsa_p521_sha512_asn1, @@ -148,7 +148,7 @@ fn ed25519() { let key_document = assert_fips_status_indicator!( Ed25519KeyPair::generate_pkcs8(&rng), - FipsServiceStatus::NonApproved + FipsServiceStatus::Approved ) .unwrap(); @@ -160,7 +160,7 @@ fn ed25519() { let signature = assert_fips_status_indicator!( keypair.sign(TEST_MESSAGE.as_bytes()), - FipsServiceStatus::NonApproved + FipsServiceStatus::Approved ); let public_key = keypair.public_key(); @@ -171,7 +171,7 @@ fn ed25519() { TEST_MESSAGE.as_bytes(), signature.as_ref() ), - FipsServiceStatus::NonApproved + FipsServiceStatus::Approved ) .unwrap(); } @@ -308,24 +308,24 @@ rsa_sign_verify!( &TEST_RSA_8192_PRIVATE_PKCS8_DER[..], &RSA_PKCS1_SHA256, RSA_PKCS1_2048_8192_SHA256, - FipsServiceStatus::NonApproved, - FipsServiceStatus::NonApproved + FipsServiceStatus::Approved, + FipsServiceStatus::Approved ); rsa_sign_verify!( rsa_pkcs1_8192_sha384, &TEST_RSA_8192_PRIVATE_PKCS8_DER[..], &RSA_PKCS1_SHA384, RSA_PKCS1_2048_8192_SHA384, - FipsServiceStatus::NonApproved, - FipsServiceStatus::NonApproved + FipsServiceStatus::Approved, + FipsServiceStatus::Approved ); rsa_sign_verify!( rsa_pkcs1_8192_sha512, &TEST_RSA_8192_PRIVATE_PKCS8_DER[..], &RSA_PKCS1_SHA512, RSA_PKCS1_2048_8192_SHA512, - FipsServiceStatus::NonApproved, - FipsServiceStatus::NonApproved + FipsServiceStatus::Approved, + FipsServiceStatus::Approved ); rsa_sign_verify!( rsa_pss_2048_sha256, @@ -380,24 +380,24 @@ rsa_sign_verify!( &TEST_RSA_8192_PRIVATE_PKCS8_DER[..], &RSA_PSS_SHA256, RSA_PSS_2048_8192_SHA256, - FipsServiceStatus::NonApproved, - FipsServiceStatus::NonApproved + FipsServiceStatus::Approved, + FipsServiceStatus::Approved ); rsa_sign_verify!( rsa_pss_8192_sha384, &TEST_RSA_8192_PRIVATE_PKCS8_DER[..], &RSA_PSS_SHA384, RSA_PSS_2048_8192_SHA384, - FipsServiceStatus::NonApproved, - FipsServiceStatus::NonApproved + FipsServiceStatus::Approved, + FipsServiceStatus::Approved ); rsa_sign_verify!( rsa_pss_8192_sha512, &TEST_RSA_8192_PRIVATE_PKCS8_DER[..], &RSA_PSS_SHA512, RSA_PSS_2048_8192_SHA512, - FipsServiceStatus::NonApproved, - FipsServiceStatus::NonApproved + FipsServiceStatus::Approved, + FipsServiceStatus::Approved ); macro_rules! rsa_verify {