testmgr in user space

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Herbert,

in case it may help for finding a solution for the testmgr, I do have a test 
system that exercises the kernel crypto API via the AF_ALG interface that I 
use for the libkcapi testing. Of course, that needs polishing to make it 
generally applicable.

However, I see the following obstacles in a user space approach:

- User space currently has no information about which ciphers are currently 
available via the kernel crypto API.  The contents in /proc/crypto only lists 
the ciphers but no templates or the technically prossible permutations of 
templates with ciphers.

- There is currently no "notification" information to user spacewhen a new 
cipher is registered with the kernel crypto API. Maybe crypto_user can be 
extended by a poll?

- There is no technical limitation for ciphers in FIPS mode vs non-FIPS mode 
required. For all FIPS validations up to and including level 2, there is no 
requirement to have a technical limitation that non-approved ciphers cannot be 
used. So, in theory, we could drop this fips_allowed flag enforcement.

- There is no AKCIPHER AF_ALG interface, albeit I am already thinking about a 
lean solution for that -- and I think I have one.

- In FIPS mode, it is currently mandatory that all testing must be completed 
before any cipher is put to use. That means, the user space test manager must 
be started early in the boot cycle (I would expect it typically would be 
started from the initramfs).

While we are at it: wouldn't it make sense to move the tcrypt.c out to the 
tools/ directory?

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux