FIPS counters for AES-CTR.
Change-Id: I0ea4c600741c3604d7b3b6df614b40d8c57116e4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46504
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/crypto/crypto_test.cc b/crypto/crypto_test.cc
index ccb0956..03b909d 100644
--- a/crypto/crypto_test.cc
+++ b/crypto/crypto_test.cc
@@ -49,6 +49,14 @@
EVP_aes_256_gcm,
fips_counter_evp_aes_256_gcm,
},
+ {
+ EVP_aes_128_ctr,
+ fips_counter_evp_aes_128_ctr,
+ },
+ {
+ EVP_aes_256_ctr,
+ fips_counter_evp_aes_256_ctr,
+ },
};
uint8_t key[EVP_MAX_KEY_LENGTH] = {0};
diff --git a/crypto/fipsmodule/cipher/e_aes.c b/crypto/fipsmodule/cipher/e_aes.c
index 9186186..f77133f 100644
--- a/crypto/fipsmodule/cipher/e_aes.c
+++ b/crypto/fipsmodule/cipher/e_aes.c
@@ -141,10 +141,22 @@
static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
- int ret, mode;
+ int ret;
EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+ const int mode = ctx->cipher->flags & EVP_CIPH_MODE_MASK;
- mode = ctx->cipher->flags & EVP_CIPH_MODE_MASK;
+ if (mode == EVP_CIPH_CTR_MODE) {
+ switch (ctx->key_len) {
+ case 16:
+ boringssl_fips_inc_counter(fips_counter_evp_aes_128_ctr);
+ break;
+
+ case 32:
+ boringssl_fips_inc_counter(fips_counter_evp_aes_256_ctr);
+ break;
+ }
+ }
+
if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) {
if (hwaes_capable()) {
ret = aes_hw_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index e3773e5..93b1a9b 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -80,8 +80,10 @@
enum fips_counter_t {
fips_counter_evp_aes_128_gcm = 0,
fips_counter_evp_aes_256_gcm = 1,
+ fips_counter_evp_aes_128_ctr = 2,
+ fips_counter_evp_aes_256_ctr = 3,
- fips_counter_max = 1,
+ fips_counter_max = 3,
};
// FIPS_read_counter returns a counter of the number of times the specific
