From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755373AbZEDS54 (ORCPT ); Mon, 4 May 2009 14:57:56 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751912AbZEDS5r (ORCPT ); Mon, 4 May 2009 14:57:47 -0400 Received: from mx2.redhat.com ([66.187.237.31]:58809 "EHLO mx2.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751765AbZEDS5q (ORCPT ); Mon, 4 May 2009 14:57:46 -0400 From: Jarod Wilson Organization: Red Hat, Inc. To: Herbert Xu Subject: Re: [PATCH] crypto: don't raise alarm for no ctr(aes*) tests in fips mode Date: Mon, 4 May 2009 14:56:58 -0400 User-Agent: KMail/1.11.2 (Linux/2.6.29.1-102.fc11.x86_64; KDE/4.2.2; x86_64; ; ) Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Neil Horman References: <200904282118.22823.jarod@redhat.com> <20090504111010.GA4991@gondor.apana.org.au> In-Reply-To: <20090504111010.GA4991@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200905041456.59427.jarod@redhat.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Monday 04 May 2009 07:10:10 Herbert Xu wrote: > On Tue, Apr 28, 2009 at 09:18:22PM -0400, Jarod Wilson wrote: > > Per the NIST AESAVS document, Appendix A[1], it isn't possible to > > have automated self-tests for counter-mode AES, but people are > > misled to believe something is wrong by the message that says there > > is no test for ctr(aes). Simply suppress all 'no test for ctr(aes*' > > messages if fips_enabled is set to avoid confusion. > > This is not true at all. In our implementation the counter is > set through the IV so it definitely is possible to test counter > mode algorithms in Linux. Ah... Now I think I see... We can provide an initial counter w/o a problem, but counter incrementation is implementation-specific, so we can't have automated tests that cover multiple enc/dec ops, but if we limit ourselves to just one op, self-tests should be perfectly doable, and NIST SP 800-38A, Appendix F.5 has vectors we could make use of (using just the block #1 values). At least, spot-checking the vectors, I'm getting the expected results for the 1st block. Okay, I'll whip something up in a sec. -- Jarod Wilson jarod@redhat.com