lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2476935.g0THXc6DOC@tauon.atsec.com>
Date:	Tue, 09 Feb 2016 14:44:59 +0100
From:	Stephan Mueller <smueller@...onox.de>
To:	Marcus Meissner <meissner@...e.de>
Cc:	herbert@...dor.apana.org.au, davem@...emloft.net,
	linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] crypto: fips: allow more ipsec related methods

Am Dienstag, 9. Februar 2016, 10:32:37 schrieb Marcus Meissner:

Hi Marcus,

>IPSEC for aes-ctr requests:
>
>	authenc(digest_null,rfc3686(ctr(aes)))
>
>which can be used in FIPS mode.
>
>rfc3686(ctr(aes)) is already allowed for FIPS usage.
>
>I also allowed "digest_null" for FIPS usage.
>
>Signed-off-by: Marcus Meissner <meissner@...e.de>

I am sorry, but I would say NACK here.

The reason is that the authenc() ciphers are AEAD ciphers. Such ciphers are 
defined to be allowed for FIPS 140-2 usage in SP800-38F. But that SP only 
allows ciphers if there is an authentication (i.e. a MAC) involved. With the 
added authenc() algo, there seems to be no MAC.

In addition, the NULL cipher definitely cannot be considered allowed in FIPS 
mode.
>---
> crypto/testmgr.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
>diff --git a/crypto/testmgr.c b/crypto/testmgr.c
>index 190a290..6ad8ba2 100644
>--- a/crypto/testmgr.c
>+++ b/crypto/testmgr.c
>@@ -2089,6 +2089,10 @@ static const struct alg_test_desc alg_test_descs[] = {
>}
> 		}
> 	}, {
>+		.alg = "authenc(digest_null,rfc3686(ctr(aes)))",
>+		.test = alg_test_null,
>+		.fips_allowed = 1,
>+	}, {
> 		.alg = "authenc(hmac(md5),ecb(cipher_null))",
> 		.test = alg_test_aead,
> 		.suite = {
>@@ -2768,6 +2772,7 @@ static const struct alg_test_desc alg_test_descs[] = {
> 	}, {
> 		.alg = "digest_null",
> 		.test = alg_test_null,
>+		.fips_allowed = 1,
> 	}, {
> 		.alg = "drbg_nopr_ctr_aes128",
> 		.test = alg_test_drbg,


Ciao
Stephan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ