Costs of asym self tests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

albeit it makes most sense to have asym self tests in the test manager as we 
do right now, may I suggest some changes to it as follows. The issue I see is 
that asym operations are very expensive.

As we currently have RSA only, I can only refer to its implementation. But in 
general, all new-and-coming asym self tests should be assessed accordingly.

May I suggest to do the following:

- remove all self tests except the 2k tests. As the math works independent of 
the key size, testing one key size is sufficient to demonstrate that the math 
still works.

- If we booted in FIPS mode, and we have PKCS#1 compiled, then:

	* do not execute the raw RSA self test mentioned above

	* perform an enc/dec test using the kernel crypto API with a 2k key

	* if the asym key API is compiled, add a self test for siggen/ver

With this approach, I would see that we limit the impact of the self test to 
"normal" users as well as FIPS related use cases.

If agreed, I could offer to implement the changes.

Note, currently the self tests for RSA is not appropriate to allow the cipher 
in FIPS mode (i.e. the fips_allowed=1 flag is actually not correct in the 
current implementation).

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux