| Message ID | 1541325924-14777-1-git-send-email-gilad@benyossef.com |
|---|---|
| State | Accepted |
| Commit | 196ad6043e9fe93c4ae3dac02b5c8fd337f58c2d |
| Headers | show |
| Series | crypto: mark cts(cbc(aes)) as FIPS allowed | expand |
Am Sonntag, 4. November 2018, 11:05:24 CET schrieb Gilad Ben-Yossef: Hi Gilad, > As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is > allowed as a FIPS mode algorithm. Mark it as such. > > [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final There are several types of CTS approaches. Only three of those are listed in the SP800-38A addendum. The source code only refers to some RFCs. Did you check whether the CTS implementation matches one or more of the types listed in the addendum? If yes, may I suggest to add a small statement in the code noting this fact? Thanks a lot. Ciao Stephan
Hi Stephan, On Mon, Nov 5, 2018 at 10:50 AM Stephan Mueller <smueller@chronox.de> wrote: > > Am Sonntag, 4. November 2018, 11:05:24 CET schrieb Gilad Ben-Yossef: > > Hi Gilad, > > > As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is > > allowed as a FIPS mode algorithm. Mark it as such. > > > > [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final > > There are several types of CTS approaches. Only three of those are listed in > the SP800-38A addendum. The source code only refers to some RFCs. > > Did you check whether the CTS implementation matches one or more of the types > listed in the addendum? If yes, may I suggest to add a small statement in the > code noting this fact? Yes, AFAIK the software implements CBC-CS3 as described in the document. You have a very good point about this not document anywhere. I will send a patch. While we're at it, does someone find it useful if I implemented the other two modes? They are part of the standard as well, although I am not sure that in itself is sufficient cause. Gilad -- Gilad Ben-Yossef Chief Coffee Drinker values of β will give rise to dom!
On 5 November 2018 at 10:18, Gilad Ben-Yossef <gilad@benyossef.com> wrote: > Hi Stephan, > > On Mon, Nov 5, 2018 at 10:50 AM Stephan Mueller <smueller@chronox.de> wrote: >> >> Am Sonntag, 4. November 2018, 11:05:24 CET schrieb Gilad Ben-Yossef: >> >> Hi Gilad, >> >> > As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is >> > allowed as a FIPS mode algorithm. Mark it as such. >> > >> > [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final >> >> There are several types of CTS approaches. Only three of those are listed in >> the SP800-38A addendum. The source code only refers to some RFCs. >> >> Did you check whether the CTS implementation matches one or more of the types >> listed in the addendum? If yes, may I suggest to add a small statement in the >> code noting this fact? > > Yes, AFAIK the software implements CBC-CS3 as described in the document. > You have a very good point about this not document anywhere. I will > send a patch. > I agree that it makes sense to document this. > While we're at it, does someone find it useful if I implemented the > other two modes? > They are part of the standard as well, although I am not sure that in > itself is sufficient cause. > Nope. The linux crypto API is not a general purpose cryptography toolkit, it should only offer what we actually use in the kernel, or we'll either end up with bitrot or with a disproportionate maintenance burden for stuff nobody actually uses.
Am Montag, 5. November 2018, 11:20:28 CET schrieb Ard Biesheuvel: Hi Ard, Gilad, > On 5 November 2018 at 10:18, Gilad Ben-Yossef <gilad@benyossef.com> wrote: > > Hi Stephan, > > > > On Mon, Nov 5, 2018 at 10:50 AM Stephan Mueller <smueller@chronox.de> wrote: > >> Am Sonntag, 4. November 2018, 11:05:24 CET schrieb Gilad Ben-Yossef: > >> > >> Hi Gilad, > >> > >> > As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is > >> > allowed as a FIPS mode algorithm. Mark it as such. > >> > > >> > [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final > >> > >> There are several types of CTS approaches. Only three of those are listed > >> in the SP800-38A addendum. The source code only refers to some RFCs. > >> > >> Did you check whether the CTS implementation matches one or more of the > >> types listed in the addendum? If yes, may I suggest to add a small > >> statement in the code noting this fact? > > > > Yes, AFAIK the software implements CBC-CS3 as described in the document. > > You have a very good point about this not document anywhere. I will > > send a patch. > > I agree that it makes sense to document this. Thanks for adding this. With this statement, the initial patch of adding the fips_allowed flag is: Reviewed-by: Stephan Mueller <smueller@chronox.de> Ciao Stephan
On Sun, Nov 04, 2018 at 10:05:24AM +0000, Gilad Ben-Yossef wrote: > As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is > allowed as a FIPS mode algorithm. Mark it as such. > > [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final > > Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> > --- > crypto/testmgr.c | 1 + > 1 file changed, 1 insertion(+) Patch applied. Thanks. -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index b1f79c6..1a371d01 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2805,6 +2805,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "cts(cbc(aes))", .test = alg_test_skcipher, + .fips_allowed = 1, .suite = { .cipher = __VECS(cts_mode_tv_template) }
As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is allowed as a FIPS mode algorithm. Mark it as such. [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> --- crypto/testmgr.c | 1 + 1 file changed, 1 insertion(+) -- 2.7.4