From: Jarod Wilson <jarod@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Neil Horman <nhorman@tuxdriver.com>
Subject: Re: [PATCH] crypto: don't raise alarm for no ctr(aes*) tests in fips mode
Date: Mon, 04 May 2009 23:45:08 -0400 [thread overview]
Message-ID: <49FFB644.5030201@redhat.com> (raw)
In-Reply-To: <20090505010847.GA13071@gondor.apana.org.au>
On 05/04/2009 09:08 PM, Herbert Xu wrote:
> On Mon, May 04, 2009 at 02:56:58PM -0400, Jarod Wilson wrote:
>> Ah... Now I think I see... We can provide an initial counter w/o a
>> problem, but counter incrementation is implementation-specific, so
>
> Not in Linux. If you're going to provide ctr you'd better increment
> in the way the current implementation does it. Otherwise anything
> that wraps around it, such as RFC3686 will fail.
>
> Another way to put it, only the counter mode as used in RFC 3686,
> CCM and GCM is what we call ctr.
Yeah, no, I didn't mean within Linux we'd have different implementations,
I meant e.g. Linux vs. Windows vs. a Cisco router or what have you as far
as the base counter increment routine being implementation-specific.
Can't keep all the RFCs and SPs and whatnot straight in my head, and they
aren't in front of me, but I thought I read that the basic counter increment
routine wasn't mandated to be any specific way, the only mandate was to
ensure unique values. Suggestions for how to do so were made though.
That all seems to coincide with the AESAVS's assertion that automated
testing of ctr(aes) isn't possible, if one considers that Monte Carlo tests
are typically a standard part of all the other ciphers/modes full
validation test suites. I just initially read that to mean that self-tests
weren't possible, while I now believe its only referring to exhaustive
CAVS testing (i.e. w/MCT) not being possible, due to potential differences
from one counter inc routine to another.
Its also possible I'm losing my mind though.
--
Jarod Wilson
jarod@redhat.com
next prev parent reply other threads:[~2009-05-05 3:45 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-29 1:18 [PATCH] crypto: don't raise alarm for no ctr(aes*) tests in fips mode Jarod Wilson
2009-04-29 10:50 ` Neil Horman
2009-04-29 12:46 ` Jarod Wilson
2009-04-30 21:13 ` [PATCH v2] crypto: don't raise alarm for no ctr(aes) tests Jarod Wilson
2009-05-01 11:54 ` Neil Horman
2009-05-04 11:10 ` [PATCH] crypto: don't raise alarm for no ctr(aes*) tests in fips mode Herbert Xu
2009-05-04 18:56 ` Jarod Wilson
2009-05-05 1:08 ` Herbert Xu
2009-05-05 3:45 ` Jarod Wilson [this message]
2009-05-05 5:29 ` Herbert Xu
2009-05-05 13:04 ` Jarod Wilson
2009-05-04 20:24 ` [PATCH] crypto: add ctr(aes) test vectors Jarod Wilson
2009-05-05 13:18 ` Herbert Xu
2009-05-05 13:55 ` Jarod Wilson
2009-05-05 14:42 ` [PATCH v2] " Jarod Wilson
2009-05-06 9:30 ` Herbert Xu
2009-05-06 12:51 ` Jarod Wilson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49FFB644.5030201@redhat.com \
--to=jarod@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox