Re: [PATCH] crypto/testmgr: mark rfc4106(gcm(aes)) as fips_allowed

From: Stephan Mueller
Date: Fri Jan 23 2015 - 15:07:44 EST


Am Freitag, 23. Januar 2015, 12:42:15 schrieb Jarod Wilson:

Hi Jarod,

>This gcm variant is popular for ipsec use, and there are folks who
>would like to use it while in fips mode. Mark it with fips_allowed=1
>to facilitate that.

Acked-by: Stephan Mueller <smueller@xxxxxxxxx>

For the records: this change is ok as the RFC4106 "wrapper" only
massages the input data like IV or keys without changing the
cryptographic logic of GCM. As the basic cipher is not changed allowing
RFC4106 is harmless with respect to FIPS 140-2 to use and apply this
RFC4106 wrapper. This implies that the RFC4106 wrapper can be used in
FIPS mode.
>
>CC: LKML <linux-kernel@xxxxxxxxxxxxxxx>
>CC: Stephan Mueller <smueller@xxxxxxxxx>
>Signed-off-by: Jarod Wilson <jarod@xxxxxxxxxx>
>---
> crypto/testmgr.c | 1 +
> 1 file changed, 1 insertion(+)
>
>diff --git a/crypto/testmgr.c b/crypto/testmgr.c
>index 235b1ff..758d028 100644
>--- a/crypto/testmgr.c
>+++ b/crypto/testmgr.c
>@@ -3293,6 +3293,7 @@ static const struct alg_test_desc
>alg_test_descs[] = { }, {
> .alg = "rfc4106(gcm(aes))",
> .test = alg_test_aead,
>+ .fips_allowed = 1,
> .suite = {
> .aead = {
> .enc = {


Ciao
Stephan


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/