On Tue, 12 May 2015, Robert Relyea wrote:
So, in FIPS mode, in a standalone test program, what is the correct way to turn g^ir into PK11SymKey.
PK11SymKey *sym_key = PK11_ImportSymKey(slot, CKM_DH_PKCS_DERIVE, PK11_OriginUnwrap, CKA_ENCRYPT, &key_item, NULL); which is of course not valid in FIPS mode.This should be fine for CAVs testing, as long as it is running the same code as it would run if it's in FIPS mode (which it will).
I'm not sure you understood. We have two problems. If we want to run CAVS testing on building packages, and the builder machine runs in FIPS, we have a problem. We would like to run these CAVS tests on daemon startup, even in FIPS mode. Paul -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
