Google Git
Sign in
boringssl/boringssl.git/0da75f35d51ab7fbfa8efaf71c87606ee26f5db3^!/.
commit
0da75f35d51ab7fbfa8efaf71c87606ee26f5db3
[log]
author
Adam Langley <alangley@gmail.com>
Tue Mar 30 16:28:49 2021 -0700
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Tue Mar 30 23:57:56 2021 +0000
tree
0d795c61570011739a69b019d9453724472d8ad8
parent
3af62269df3525ea526a2b6de0d7c70e8f8d5919 [diff]
FIPS counters for AES-CTR.

Change-Id: I0ea4c600741c3604d7b3b6df614b40d8c57116e4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46504
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/crypto/crypto_test.cc b/crypto/crypto_test.cc
index ccb0956..03b909d 100644
--- a/crypto/crypto_test.cc
+++ b/crypto/crypto_test.cc

@@ -49,6 +49,14 @@
         EVP_aes_256_gcm,
         fips_counter_evp_aes_256_gcm,
     },
+    {
+        EVP_aes_128_ctr,
+        fips_counter_evp_aes_128_ctr,
+    },
+    {
+        EVP_aes_256_ctr,
+        fips_counter_evp_aes_256_ctr,
+    },
   };
 
   uint8_t key[EVP_MAX_KEY_LENGTH] = {0};

diff --git a/crypto/fipsmodule/cipher/e_aes.c b/crypto/fipsmodule/cipher/e_aes.c
index 9186186..f77133f 100644
--- a/crypto/fipsmodule/cipher/e_aes.c
+++ b/crypto/fipsmodule/cipher/e_aes.c

@@ -141,10 +141,22 @@
 
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
                         const uint8_t *iv, int enc) {
-  int ret, mode;
+  int ret;
   EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+  const int mode = ctx->cipher->flags & EVP_CIPH_MODE_MASK;
 
-  mode = ctx->cipher->flags & EVP_CIPH_MODE_MASK;
+  if (mode == EVP_CIPH_CTR_MODE) {
+    switch (ctx->key_len) {
+      case 16:
+        boringssl_fips_inc_counter(fips_counter_evp_aes_128_ctr);
+        break;
+
+      case 32:
+        boringssl_fips_inc_counter(fips_counter_evp_aes_256_ctr);
+        break;
+    }
+  }
+
   if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) {
     if (hwaes_capable()) {
       ret = aes_hw_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);

diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index e3773e5..93b1a9b 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h

@@ -80,8 +80,10 @@
 enum fips_counter_t {
   fips_counter_evp_aes_128_gcm = 0,
   fips_counter_evp_aes_256_gcm = 1,
+  fips_counter_evp_aes_128_ctr = 2,
+  fips_counter_evp_aes_256_ctr = 3,
 
-  fips_counter_max = 1,
+  fips_counter_max = 3,
 };
 
 // FIPS_read_counter returns a counter of the number of times the specific