diff mbox series

crypto: mark cts(cbc(aes)) as FIPS allowed

Message ID 1541325924-14777-1-git-send-email-gilad@benyossef.com
State Accepted
Commit 196ad6043e9fe93c4ae3dac02b5c8fd337f58c2d
Headers show
Series crypto: mark cts(cbc(aes)) as FIPS allowed | expand

Commit Message

Gilad Ben-Yossef Nov. 4, 2018, 10:05 a.m. UTC
As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is
allowed as a FIPS mode algorithm. Mark it as such.

[1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>

---
 crypto/testmgr.c | 1 +
 1 file changed, 1 insertion(+)

-- 
2.7.4

Comments

Stephan Mueller Nov. 5, 2018, 8:50 a.m. UTC | #1
Am Sonntag, 4. November 2018, 11:05:24 CET schrieb Gilad Ben-Yossef:

Hi Gilad,

> As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is

> allowed as a FIPS mode algorithm. Mark it as such.

> 

> [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final


There are several types of CTS approaches. Only three of those are listed in 
the SP800-38A addendum. The source code only refers to some RFCs.

Did you check whether the CTS implementation matches one or more of the types 
listed in the addendum? If yes, may I suggest to add a small statement in the 
code noting this fact?

Thanks a lot.

Ciao
Stephan
Gilad Ben-Yossef Nov. 5, 2018, 9:18 a.m. UTC | #2
Hi Stephan,

On Mon, Nov 5, 2018 at 10:50 AM Stephan Mueller <smueller@chronox.de> wrote:
>

> Am Sonntag, 4. November 2018, 11:05:24 CET schrieb Gilad Ben-Yossef:

>

> Hi Gilad,

>

> > As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is

> > allowed as a FIPS mode algorithm. Mark it as such.

> >

> > [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final

>

> There are several types of CTS approaches. Only three of those are listed in

> the SP800-38A addendum. The source code only refers to some RFCs.

>

> Did you check whether the CTS implementation matches one or more of the types

> listed in the addendum? If yes, may I suggest to add a small statement in the

> code noting this fact?


Yes, AFAIK the software implements CBC-CS3 as described in the document.
You have a very good point about this not document anywhere. I will
send a patch.

While we're at it, does someone find it useful if I implemented the
other two modes?
They are part of the standard as well, although I am not sure that in
itself is sufficient cause.


Gilad

--
Gilad Ben-Yossef
Chief Coffee Drinker

values of β will give rise to dom!
Ard Biesheuvel Nov. 5, 2018, 10:20 a.m. UTC | #3
On 5 November 2018 at 10:18, Gilad Ben-Yossef <gilad@benyossef.com> wrote:
> Hi Stephan,

>

> On Mon, Nov 5, 2018 at 10:50 AM Stephan Mueller <smueller@chronox.de> wrote:

>>

>> Am Sonntag, 4. November 2018, 11:05:24 CET schrieb Gilad Ben-Yossef:

>>

>> Hi Gilad,

>>

>> > As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is

>> > allowed as a FIPS mode algorithm. Mark it as such.

>> >

>> > [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final

>>

>> There are several types of CTS approaches. Only three of those are listed in

>> the SP800-38A addendum. The source code only refers to some RFCs.

>>

>> Did you check whether the CTS implementation matches one or more of the types

>> listed in the addendum? If yes, may I suggest to add a small statement in the

>> code noting this fact?

>

> Yes, AFAIK the software implements CBC-CS3 as described in the document.

> You have a very good point about this not document anywhere. I will

> send a patch.

>


I agree that it makes sense to document this.

> While we're at it, does someone find it useful if I implemented the

> other two modes?

> They are part of the standard as well, although I am not sure that in

> itself is sufficient cause.

>


Nope. The linux crypto API is not a general purpose cryptography
toolkit, it should only offer what we actually use in the kernel, or
we'll either end up with bitrot or with a disproportionate maintenance
burden for stuff nobody actually uses.
Stephan Mueller Nov. 5, 2018, 10:30 a.m. UTC | #4
Am Montag, 5. November 2018, 11:20:28 CET schrieb Ard Biesheuvel:

Hi Ard, Gilad,

> On 5 November 2018 at 10:18, Gilad Ben-Yossef <gilad@benyossef.com> wrote:

> > Hi Stephan,

> > 

> > On Mon, Nov 5, 2018 at 10:50 AM Stephan Mueller <smueller@chronox.de> 

wrote:
> >> Am Sonntag, 4. November 2018, 11:05:24 CET schrieb Gilad Ben-Yossef:

> >> 

> >> Hi Gilad,

> >> 

> >> > As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is

> >> > allowed as a FIPS mode algorithm. Mark it as such.

> >> > 

> >> > [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final

> >> 

> >> There are several types of CTS approaches. Only three of those are listed

> >> in the SP800-38A addendum. The source code only refers to some RFCs.

> >> 

> >> Did you check whether the CTS implementation matches one or more of the

> >> types listed in the addendum? If yes, may I suggest to add a small

> >> statement in the code noting this fact?

> > 

> > Yes, AFAIK the software implements CBC-CS3 as described in the document.

> > You have a very good point about this not document anywhere. I will

> > send a patch.

> 

> I agree that it makes sense to document this.


Thanks for adding this. With this statement, the initial patch of adding the 
fips_allowed flag is:

Reviewed-by: Stephan Mueller <smueller@chronox.de>


Ciao
Stephan
Herbert Xu Nov. 9, 2018, 9:54 a.m. UTC | #5
On Sun, Nov 04, 2018 at 10:05:24AM +0000, Gilad Ben-Yossef wrote:
> As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is

> allowed as a FIPS mode algorithm. Mark it as such.

> 

> [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final

> 

> Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>

> ---

>  crypto/testmgr.c | 1 +

>  1 file changed, 1 insertion(+)


Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff mbox series

Patch

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index b1f79c6..1a371d01 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2805,6 +2805,7 @@  static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "cts(cbc(aes))",
 		.test = alg_test_skcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = __VECS(cts_mode_tv_template)
 		}