Re: [PATCH v5 0/3] Key-agreement Protocol Primitives (KPP) API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Montag, 9. Mai 2016, 22:40:38 schrieb Salvatore Benedetto:

Hi Salvatore,

> Hi Herb,
> 
> the following patchset introduces a new API for abstracting key-agreement
> protocols such as DH and ECDH. It provides the primitives required for
> implementing the protocol, thus the name KPP (Key-agreement Protocol
> Primitives).
> 
> Regards,
> Salvatore
> 
> Changes from v4:
> * If fips_enabled is set allow only P256 (or higher) as Stephan suggested

Thank you.

What I am wondering though is whether the kernel crashes in FIPS mode with 
this implementation as follows: there are test vectors for P192 which seem(?) 
to be called unconditionally. In FIPS mode, we do not have P192 and the ECC 
code returns an error when using this curve. Thus, wouldn't the self test fail 
for P192?

Now, in FIPS mode, panic() is called when a self test fails.


Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux