From: Stephan Mueller <smueller@chronox.de>
To: Gary R Hook <ghook@amd.com>
Cc: linux-crypto@vger.kernel.org
Subject: Re: testmgr.h
Date: Tue, 09 Aug 2016 15:31:46 +0200 [thread overview]
Message-ID: <33428843.kG9ECo6VM2@tauon.atsec.com> (raw)
In-Reply-To: <e1ec0bc6-59cf-22d7-f8fd-59a337393b6d@amd.com>
Am Dienstag, 9. August 2016, 08:21:43 CEST schrieb Gary R Hook:
Hi Gary,
> Q: Is there a policy (de facto or otherwise) on adding tests to testmgr.h?
> Two cases:
>
> 1) Tests from the NIST document(s) on various ciphers and hashes wherein
> we add to an existing set of tests? For example, 3DES ECB mode, or AES
> GCM? I suppose this question is really about, "how much is enough?"
>
> 2) Adding testing for a mode that has not heretofore been included? For
> example, 3DES CFB mode? Pretty sure the answer here is "yes".
>
> Over-arching concern: do we want to include official NIST test cases, or
> eschew them?
>
> There was no obvious reference to this (by way of grepping for testmgr)
> in any of the existing Documentation. That I could find. If I missed
> something, please excuse me.
It is always helpful to use test vectors that are created by some third
parties. These are NIST test vectors or test vectors in RFCs. In some cases,
vectors were created using OpenSSL.
Regarding the question how much: I can only answer to the FIPS 140-2
requirements: all tests that need to be there for FIPS 140-2 are there for
those with fips_allowed=1.
Ciao
Stephan
prev parent reply other threads:[~2016-08-09 13:31 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-09 13:21 testmgr.h Gary R Hook
2016-08-09 13:31 ` Stephan Mueller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=33428843.kG9ECo6VM2@tauon.atsec.com \
--to=smueller@chronox.de \
--cc=ghook@amd.com \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox