On 10.02.2015 18:22, Marcus Meissner wrote:
> Hi Jussi,
> 
> We were trying to use rfc4543(gcm(aes)) in the kernel for FIPS mode,
> but the testvectors seem to fail.

You probably need to add '.fips_allowed = 1,' in testmgr.c for 
"rfc4543(gcm(aes))" to enable algorithm in fips mode.

> 
> Did you verify that they work? Are these the ones from Page 18 of 
> https://tools.ietf.org/html/draft-mcgrew-gcm-test-01, as there the 
> "plaintext" 
> and "aaad" seem to be switched?

rfc4543() wrapper constructs the aad from '.assoc' and '.input'.

-Jussi

> 
> Ciao, Marcus
> 


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to