diff mbox

crypto: allow rfc3686 aes-ctr variants in fips mode.

Message ID 1455885268-15054-1-git-send-email-meissner@suse.de (mailing list archive)
State Accepted
Delegated to: Herbert Xu
Headers show

Commit Message

Marcus Meissner Feb. 19, 2016, 12:34 p.m. UTC
RFC 3686 CTR in various authenc methods.

rfc3686(ctr(aes)) is already marked fips compliant,
so these should be fine.

Signed-off-by: Marcus Meissner <meissner@suse.de>
---
 crypto/testmgr.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

Comments

Stephan Mueller Feb. 19, 2016, 2:29 p.m. UTC | #1
Am Freitag, 19. Februar 2016, 13:34:28 schrieb Marcus Meissner:

Hi Marcus,

> RFC 3686 CTR in various authenc methods.
> 
> rfc3686(ctr(aes)) is already marked fips compliant,
> so these should be fine.
> 
> Signed-off-by: Marcus Meissner <meissner@suse.de>

Acked-by: Stephan Mueller <smueller@chronox.de>
> ---
>  crypto/testmgr.c | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
> 
> diff --git a/crypto/testmgr.c b/crypto/testmgr.c
> index 190a290..5316d59 100644
> --- a/crypto/testmgr.c
> +++ b/crypto/testmgr.c
> @@ -2167,6 +2167,10 @@ static const struct alg_test_desc alg_test_descs[] =
> { }
>  		}
>  	}, {
> +		.alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
> +		.test = alg_test_null,
> +		.fips_allowed = 1,
> +	}, {
>  		.alg = "authenc(hmac(sha224),cbc(des))",
>  		.test = alg_test_aead,
>  		.suite = {
> @@ -2239,6 +2243,10 @@ static const struct alg_test_desc alg_test_descs[] =
> { .test = alg_test_null,
>  		.fips_allowed = 1,
>  	}, {
> +		.alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
> +		.test = alg_test_null,
> +		.fips_allowed = 1,
> +	}, {
>  		.alg = "authenc(hmac(sha384),cbc(des))",
>  		.test = alg_test_aead,
>  		.suite = {
> @@ -2270,6 +2278,10 @@ static const struct alg_test_desc alg_test_descs[] =
> { .test = alg_test_null,
>  		.fips_allowed = 1,
>  	}, {
> +		.alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
> +		.test = alg_test_null,
> +		.fips_allowed = 1,
> +	}, {
>  		.alg = "authenc(hmac(sha512),cbc(aes))",
>  		.fips_allowed = 1,
>  		.test = alg_test_aead,
> @@ -2315,6 +2327,10 @@ static const struct alg_test_desc alg_test_descs[] =
> { .test = alg_test_null,
>  		.fips_allowed = 1,
>  	}, {
> +		.alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
> +		.test = alg_test_null,
> +		.fips_allowed = 1,
> +	}, {
>  		.alg = "cbc(aes)",
>  		.test = alg_test_skcipher,
>  		.fips_allowed = 1,


Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Herbert Xu Feb. 27, 2016, 7:33 p.m. UTC | #2
On Fri, Feb 19, 2016 at 01:34:28PM +0100, Marcus Meissner wrote:
> RFC 3686 CTR in various authenc methods.
> 
> rfc3686(ctr(aes)) is already marked fips compliant,
> so these should be fine.
> 
> Signed-off-by: Marcus Meissner <meissner@suse.de>

Applied.
diff mbox

Patch

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 190a290..5316d59 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2167,6 +2167,10 @@  static const struct alg_test_desc alg_test_descs[] = {
 			}
 		}
 	}, {
+		.alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
+		.test = alg_test_null,
+		.fips_allowed = 1,
+	}, {
 		.alg = "authenc(hmac(sha224),cbc(des))",
 		.test = alg_test_aead,
 		.suite = {
@@ -2239,6 +2243,10 @@  static const struct alg_test_desc alg_test_descs[] = {
 		.test = alg_test_null,
 		.fips_allowed = 1,
 	}, {
+		.alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
+		.test = alg_test_null,
+		.fips_allowed = 1,
+	}, {
 		.alg = "authenc(hmac(sha384),cbc(des))",
 		.test = alg_test_aead,
 		.suite = {
@@ -2270,6 +2278,10 @@  static const struct alg_test_desc alg_test_descs[] = {
 		.test = alg_test_null,
 		.fips_allowed = 1,
 	}, {
+		.alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
+		.test = alg_test_null,
+		.fips_allowed = 1,
+	}, {
 		.alg = "authenc(hmac(sha512),cbc(aes))",
 		.fips_allowed = 1,
 		.test = alg_test_aead,
@@ -2315,6 +2327,10 @@  static const struct alg_test_desc alg_test_descs[] = {
 		.test = alg_test_null,
 		.fips_allowed = 1,
 	}, {
+		.alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
+		.test = alg_test_null,
+		.fips_allowed = 1,
+	}, {
 		.alg = "cbc(aes)",
 		.test = alg_test_skcipher,
 		.fips_allowed = 1,