diff options
author | kste <kste@google.com> | 2020-07-08 06:00:13 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2020-07-08 06:00:49 -0700 |
commit | 31e6b6abcf2ecc0383c9734b55becfec959cdec7 (patch) | |
tree | efa710765833cb7730fb289ed57f15cd62dbfc14 /cc/config | |
parent | c43c2f3b8061f792f33401f94f8ef10170c0c4f0 (diff) | |
download | tink-31e6b6abcf2ecc0383c9734b55becfec959cdec7.tar.gz |
Internal change.
PiperOrigin-RevId: 320172771
Diffstat (limited to 'cc/config')
-rw-r--r-- | cc/config/tink_fips_enabled_test.cc | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/cc/config/tink_fips_enabled_test.cc b/cc/config/tink_fips_enabled_test.cc index f43e5f4de..57681df11 100644 --- a/cc/config/tink_fips_enabled_test.cc +++ b/cc/config/tink_fips_enabled_test.cc @@ -13,6 +13,7 @@ /////////////////////////////////////////////////////////////////////////////// #include "gmock/gmock.h" #include "gtest/gtest.h" +#include "openssl/crypto.h" #include "tink/aead.h" #include "tink/aead/aead_config.h" #include "tink/aead/aead_key_templates.h" @@ -45,7 +46,11 @@ class FipsCompatibleWithBoringCrypto { crypto::tink::FipsCompatibility::kRequiresBoringCrypto; }; -TEST(TinkFipsTest, CompatibilityChecks) { +TEST(TinkFipsTest, CompatibilityChecksWithBoringCrypto) { + if (FIPS_mode()) { + GTEST_SKIP() << "Test only run if BoringCrypto module is available."; + } + // In FIPS only mode compatibility checks should disallow algorithms // with the FipsCompatibility::kNone flag. EXPECT_THAT(CheckFipsCompatibility<FipsIncompatible>(), @@ -55,6 +60,22 @@ TEST(TinkFipsTest, CompatibilityChecks) { EXPECT_THAT(CheckFipsCompatibility<FipsCompatibleWithBoringCrypto>(), IsOk()); } +TEST(TinkFipsTest, CompatibilityChecksWithoutBoringCrypto) { + if (!FIPS_mode()) { + GTEST_SKIP() << "Test only run if BoringCrypto module is not available."; + } + + // In FIPS only mode compatibility checks should disallow algorithms + // with the FipsCompatibility::kNone flag. + EXPECT_THAT(CheckFipsCompatibility<FipsIncompatible>(), + StatusIs(util::error::INTERNAL)); + + // FIPS validated implementations are not allowed if BoringCrypto is not + // available. + EXPECT_THAT(CheckFipsCompatibility<FipsCompatibleWithBoringCrypto>(), + StatusIs(util::error::INTERNAL()); +} + } // namespace } // namespace tink } // namespace crypto |