Hi,
In February I already tagged some authenc ciphers for FIPS compatibility.
I currently revisit this to get testmgr running all the tests in strict FIPS
mode.
The authenc() class is troublesome.
There is a HASH + ENC part of this method, but you can also add associated data,
which is not enc
On Wed, May 25, 2016 at 03:05:28PM +0200, Marcus Meissner wrote:
> On Wed, May 25, 2016 at 01:39:46PM +0200, Stephan Mueller wrote:
> > Am Mittwoch, 25. Mai 2016, 13:36:10 schrieb Marcus Meissner:
> >
> > Hi Marcus,
> >
> > > Hi,
> > >
> >
On Wed, May 25, 2016 at 01:39:46PM +0200, Stephan Mueller wrote:
> Am Mittwoch, 25. Mai 2016, 13:36:10 schrieb Marcus Meissner:
>
> Hi Marcus,
>
> > Hi,
> >
> > On Wed, May 25, 2016 at 09:10:31AM +0200, Stephan Mueller wrote:
> > > Am Mittwoch, 25. Mai
Hi,
On Wed, May 25, 2016 at 09:10:31AM +0200, Stephan Mueller wrote:
> Am Mittwoch, 25. Mai 2016, 09:07:52 schrieb Marcus Meissner:
>
> Hi Marcus,
>
> > Hi,
> >
> > when enabling the testmgr framework and FIPS in 4.6 and 4.4 an
Hi,
when enabling the testmgr framework and FIPS in 4.6 and 4.4 and running
"modprobe tcrypt"
[ 1153.298266] alg: hash: Failed to load transform for hmac(crc32): -2
[ 1153.340636] tcrypt: one or more tests failed!
I spent some hours making sense of what is missing, but I got lost in the maze
of
RFC 3686 CTR in various authenc methods.
rfc3686(ctr(aes)) is already marked fips compliant,
so these should be fine.
Signed-off-by: Marcus Meissner
---
crypto/testmgr.c | 16
1 file changed, 16 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 190a290
IPSEC for aes-ctr requests:
authenc(digest_null,rfc3686(ctr(aes)))
which can be used in FIPS mode.
rfc3686(ctr(aes)) is already allowed for FIPS usage.
I also allowed "digest_null" for FIPS usage.
Signed-off-by: Marcus Meissner
---
crypto/testmgr.c | 5 +
1 file
(2nd try that adds missing , to build.)
Signed-off-by: Marcus Meissner
---
crypto/testmgr.c | 16
1 file changed, 16 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index ae8c57fd..7d66cf8 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2143,6 +2143,10
On Fri, Feb 05, 2016 at 02:41:01PM +0100, Stephan Mueller wrote:
> Am Freitag, 5. Februar 2016, 14:22:25 schrieb Marcus Meissner:
>
> Hi Marcus,
>
> >Some more authenc() wrapped algorithms are FIPS compliant, tag
> >them as such.
>
> Is this patch a duplica
Some more authenc() wrapped algorithms are FIPS compliant, tag
them as such.
Signed-off-by: Marcus Meissner
---
crypto/testmgr.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index ff6a799..b0cbad8 100644
--- a/crypto/testmgr.c
+++ b/crypto
Some more authenc() wrapped algorithms are FIPS compliant, tag
them as such.
Signed-off-by: Marcus Meissner
---
crypto/testmgr.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index ff6a799..b0cbad8 100644
--- a/crypto/testmgr.c
+++ b/crypto
Signed-off-by: Marcus Meissner
---
crypto/testmgr.c | 16
1 file changed, 16 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index ae8c57fd..ff6a799 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2143,6 +2143,10 @@ static const struct alg_test_desc
Hi,
I had some offline discussion with Stephan and it seems to me
at least that it is very hard to use the described "Deterministic"
method under Linux while at the same time still keeping the
uniqueness requirement to stay FIPS 140-2 certifiable.
How about going full randomized IV generation on
On Tue, Feb 10, 2015 at 07:39:22PM +0200, Jussi Kivilinna wrote:
> On 10.02.2015 18:22, Marcus Meissner wrote:
> > Hi Jussi,
> >
> > We were trying to use rfc4543(gcm(aes)) in the kernel for FIPS mode,
> > but the testvectors seem to fail.
>
> You probably ne
14 matches
Mail list logo
