Am Dienstag, 9. Februar 2016, 10:32:37 schrieb Marcus Meissner: Hi Marcus, >IPSEC for aes-ctr requests: > > authenc(digest_null,rfc3686(ctr(aes))) > >which can be used in FIPS mode. > >rfc3686(ctr(aes)) is already allowed for FIPS usage. > >I also allowed "digest_null" for FIPS usage. > >Signed-off-by: Marcus Meissner <meissner@xxxxxxx> I am sorry, but I would say NACK here. The reason is that the authenc() ciphers are AEAD ciphers. Such ciphers are defined to be allowed for FIPS 140-2 usage in SP800-38F. But that SP only allows ciphers if there is an authentication (i.e. a MAC) involved. With the added authenc() algo, there seems to be no MAC. In addition, the NULL cipher definitely cannot be considered allowed in FIPS mode. >--- > crypto/testmgr.c | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/crypto/testmgr.c b/crypto/testmgr.c >index 190a290..6ad8ba2 100644 >--- a/crypto/testmgr.c >+++ b/crypto/testmgr.c >@@ -2089,6 +2089,10 @@ static const struct alg_test_desc alg_test_descs[] = { >} > } > }, { >+ .alg = "authenc(digest_null,rfc3686(ctr(aes)))", >+ .test = alg_test_null, >+ .fips_allowed = 1, >+ }, { > .alg = "authenc(hmac(md5),ecb(cipher_null))", > .test = alg_test_aead, > .suite = { >@@ -2768,6 +2772,7 @@ static const struct alg_test_desc alg_test_descs[] = { > }, { > .alg = "digest_null", > .test = alg_test_null, >+ .fips_allowed = 1, > }, { > .alg = "drbg_nopr_ctr_aes128", > .test = alg_test_drbg, Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html