linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] crypto: mark cts(cbc(aes)) as FIPS allowed
@ 2018-11-04 10:05 Gilad Ben-Yossef
  2018-11-05  8:50 ` Stephan Mueller
  2018-11-09  9:54 ` Herbert Xu
  0 siblings, 2 replies; 6+ messages in thread
From: Gilad Ben-Yossef @ 2018-11-04 10:05 UTC (permalink / raw)
  To: Herbert Xu, David S. Miller
  Cc: Ofir Drang, Yael Chemla, linux-crypto, linux-kernel

As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is
allowed as a FIPS mode algorithm. Mark it as such.

[1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
---
 crypto/testmgr.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index b1f79c6..1a371d01 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2805,6 +2805,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "cts(cbc(aes))",
 		.test = alg_test_skcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.cipher = __VECS(cts_mode_tv_template)
 		}
-- 
2.7.4


^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: mark cts(cbc(aes)) as FIPS allowed
  2018-11-04 10:05 [PATCH] crypto: mark cts(cbc(aes)) as FIPS allowed Gilad Ben-Yossef
@ 2018-11-05  8:50 ` Stephan Mueller
  2018-11-05  9:18   ` Gilad Ben-Yossef
  2018-11-09  9:54 ` Herbert Xu
  1 sibling, 1 reply; 6+ messages in thread
From: Stephan Mueller @ 2018-11-05  8:50 UTC (permalink / raw)
  To: Gilad Ben-Yossef
  Cc: Herbert Xu, David S. Miller, Ofir Drang, Yael Chemla,
	linux-crypto, linux-kernel

Am Sonntag, 4. November 2018, 11:05:24 CET schrieb Gilad Ben-Yossef:

Hi Gilad,

> As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is
> allowed as a FIPS mode algorithm. Mark it as such.
> 
> [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final

There are several types of CTS approaches. Only three of those are listed in 
the SP800-38A addendum. The source code only refers to some RFCs.

Did you check whether the CTS implementation matches one or more of the types 
listed in the addendum? If yes, may I suggest to add a small statement in the 
code noting this fact?

Thanks a lot.

Ciao
Stephan



^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: mark cts(cbc(aes)) as FIPS allowed
  2018-11-05  8:50 ` Stephan Mueller
@ 2018-11-05  9:18   ` Gilad Ben-Yossef
  2018-11-05 10:20     ` Ard Biesheuvel
  0 siblings, 1 reply; 6+ messages in thread
From: Gilad Ben-Yossef @ 2018-11-05  9:18 UTC (permalink / raw)
  To: Stephan Müller
  Cc: Herbert Xu, David Miller, Ofir Drang, Yael Chemla,
	Linux Crypto Mailing List, Linux kernel mailing list

Hi Stephan,

On Mon, Nov 5, 2018 at 10:50 AM Stephan Mueller <smueller@chronox.de> wrote:
>
> Am Sonntag, 4. November 2018, 11:05:24 CET schrieb Gilad Ben-Yossef:
>
> Hi Gilad,
>
> > As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is
> > allowed as a FIPS mode algorithm. Mark it as such.
> >
> > [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
>
> There are several types of CTS approaches. Only three of those are listed in
> the SP800-38A addendum. The source code only refers to some RFCs.
>
> Did you check whether the CTS implementation matches one or more of the types
> listed in the addendum? If yes, may I suggest to add a small statement in the
> code noting this fact?

Yes, AFAIK the software implements CBC-CS3 as described in the document.
You have a very good point about this not document anywhere. I will
send a patch.

While we're at it, does someone find it useful if I implemented the
other two modes?
They are part of the standard as well, although I am not sure that in
itself is sufficient cause.


Gilad

--
Gilad Ben-Yossef
Chief Coffee Drinker

values of β will give rise to dom!

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: mark cts(cbc(aes)) as FIPS allowed
  2018-11-05  9:18   ` Gilad Ben-Yossef
@ 2018-11-05 10:20     ` Ard Biesheuvel
  2018-11-05 10:30       ` Stephan Mueller
  0 siblings, 1 reply; 6+ messages in thread
From: Ard Biesheuvel @ 2018-11-05 10:20 UTC (permalink / raw)
  To: Gilad Ben-Yossef
  Cc: Stephan Müller, Herbert Xu, David Miller, Ofir Drang,
	Yael Chemla, Linux Crypto Mailing List,
	Linux kernel mailing list

On 5 November 2018 at 10:18, Gilad Ben-Yossef <gilad@benyossef.com> wrote:
> Hi Stephan,
>
> On Mon, Nov 5, 2018 at 10:50 AM Stephan Mueller <smueller@chronox.de> wrote:
>>
>> Am Sonntag, 4. November 2018, 11:05:24 CET schrieb Gilad Ben-Yossef:
>>
>> Hi Gilad,
>>
>> > As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is
>> > allowed as a FIPS mode algorithm. Mark it as such.
>> >
>> > [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
>>
>> There are several types of CTS approaches. Only three of those are listed in
>> the SP800-38A addendum. The source code only refers to some RFCs.
>>
>> Did you check whether the CTS implementation matches one or more of the types
>> listed in the addendum? If yes, may I suggest to add a small statement in the
>> code noting this fact?
>
> Yes, AFAIK the software implements CBC-CS3 as described in the document.
> You have a very good point about this not document anywhere. I will
> send a patch.
>

I agree that it makes sense to document this.

> While we're at it, does someone find it useful if I implemented the
> other two modes?
> They are part of the standard as well, although I am not sure that in
> itself is sufficient cause.
>

Nope. The linux crypto API is not a general purpose cryptography
toolkit, it should only offer what we actually use in the kernel, or
we'll either end up with bitrot or with a disproportionate maintenance
burden for stuff nobody actually uses.

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: mark cts(cbc(aes)) as FIPS allowed
  2018-11-05 10:20     ` Ard Biesheuvel
@ 2018-11-05 10:30       ` Stephan Mueller
  0 siblings, 0 replies; 6+ messages in thread
From: Stephan Mueller @ 2018-11-05 10:30 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Gilad Ben-Yossef, Herbert Xu, David Miller, Ofir Drang,
	Yael Chemla, Linux Crypto Mailing List,
	Linux kernel mailing list

Am Montag, 5. November 2018, 11:20:28 CET schrieb Ard Biesheuvel:

Hi Ard, Gilad,

> On 5 November 2018 at 10:18, Gilad Ben-Yossef <gilad@benyossef.com> wrote:
> > Hi Stephan,
> > 
> > On Mon, Nov 5, 2018 at 10:50 AM Stephan Mueller <smueller@chronox.de> 
wrote:
> >> Am Sonntag, 4. November 2018, 11:05:24 CET schrieb Gilad Ben-Yossef:
> >> 
> >> Hi Gilad,
> >> 
> >> > As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is
> >> > allowed as a FIPS mode algorithm. Mark it as such.
> >> > 
> >> > [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
> >> 
> >> There are several types of CTS approaches. Only three of those are listed
> >> in the SP800-38A addendum. The source code only refers to some RFCs.
> >> 
> >> Did you check whether the CTS implementation matches one or more of the
> >> types listed in the addendum? If yes, may I suggest to add a small
> >> statement in the code noting this fact?
> > 
> > Yes, AFAIK the software implements CBC-CS3 as described in the document.
> > You have a very good point about this not document anywhere. I will
> > send a patch.
> 
> I agree that it makes sense to document this.

Thanks for adding this. With this statement, the initial patch of adding the 
fips_allowed flag is:

Reviewed-by: Stephan Mueller <smueller@chronox.de>

Ciao
Stephan



^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: mark cts(cbc(aes)) as FIPS allowed
  2018-11-04 10:05 [PATCH] crypto: mark cts(cbc(aes)) as FIPS allowed Gilad Ben-Yossef
  2018-11-05  8:50 ` Stephan Mueller
@ 2018-11-09  9:54 ` Herbert Xu
  1 sibling, 0 replies; 6+ messages in thread
From: Herbert Xu @ 2018-11-09  9:54 UTC (permalink / raw)
  To: Gilad Ben-Yossef
  Cc: David S. Miller, Ofir Drang, Yael Chemla, linux-crypto, linux-kernel

On Sun, Nov 04, 2018 at 10:05:24AM +0000, Gilad Ben-Yossef wrote:
> As per Sp800-38A addendum from Oct 2010[1], cts(cbc(aes)) is
> allowed as a FIPS mode algorithm. Mark it as such.
> 
> [1] https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
> 
> Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
> ---
>  crypto/testmgr.c | 1 +
>  1 file changed, 1 insertion(+)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-11-09  9:54 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-04 10:05 [PATCH] crypto: mark cts(cbc(aes)) as FIPS allowed Gilad Ben-Yossef
2018-11-05  8:50 ` Stephan Mueller
2018-11-05  9:18   ` Gilad Ben-Yossef
2018-11-05 10:20     ` Ard Biesheuvel
2018-11-05 10:30       ` Stephan Mueller
2018-11-09  9:54 ` Herbert Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).