Am Montag, 24. April 2017, 09:07:45 CEST schrieb Gilad Ben-Yossef:
Hi Gilad,
> I guess we could change the function to indicate that a key is valid
> for decryption but not encryption
> and have the implementation limiting based on that if there is an
> interest in SP800-131A compliance.
I would
Am Montag, 24. April 2017, 09:04:13 CEST schrieb Gilad Ben-Yossef:
Hi Gilad,
>
> Thanks you for the clarification. As I think is obvious by now I am
> not a FIPS expert by any stretch.
>
> Isn't the requirements on DRBG or KDF invocations pertain to key
> generation only?
> What happens if you
On Mon, Apr 24, 2017 at 9:21 AM, Stephan Müller wrote:
> Am Montag, 24. April 2017, 08:16:50 CEST schrieb Stephan Müller:
>
> Hi Gilad,
>
>> >
>> > int __des3_ede_setkey(u32 *expkey, u32 *flags, const u8 *key,
>> >
>> > unsigned int keylen)
>> >
>> > However, this does not ch
On Mon, Apr 24, 2017 at 9:16 AM, Stephan Müller wrote:
> Am Montag, 24. April 2017, 08:06:09 CEST schrieb Gilad Ben-Yossef:
>
> Hi Gilad,
>>
>> Well, it turns out there is and we do :-)
>>
>> This is from crypto/des_generic.c:
>>
>> /*
>> * RFC2451:
>> *
>> * For DES-EDE3, there is no known n
Am Montag, 24. April 2017, 08:16:50 CEST schrieb Stephan Müller:
Hi Gilad,
> >
> > int __des3_ede_setkey(u32 *expkey, u32 *flags, const u8 *key,
> >
> > unsigned int keylen)
> >
> > However, this does not check that k1 == k3. In this case DES3
> > becomes 2DES (2-keys TDE
Am Montag, 24. April 2017, 08:06:09 CEST schrieb Gilad Ben-Yossef:
Hi Gilad,
>
> Well, it turns out there is and we do :-)
>
> This is from crypto/des_generic.c:
>
> /*
> * RFC2451:
> *
> * For DES-EDE3, there is no known need to reject weak or
> * complementation keys. Any weakness is
On Sun, Apr 23, 2017 at 12:48 PM, Gilad Ben-Yossef wrote:
> Hi,
>
> Thank you for the review.
>
> On Thu, Apr 20, 2017 at 4:39 PM, Stephan Müller wrote:
>
>>> +/* The function verifies that tdes keys are not weak.*/
>>> +static int ssi_fips_verify_3des_keys(const u8 *key, unsigned int keylen)
>>>
Am Sonntag, 23. April 2017, 11:48:58 CEST schrieb Gilad Ben-Yossef:
Hi Gilad,
> I do wonder if there is value in alternate behavior of stopping crypto
> API on FIPS error rather than a panic though. I will try to get an
> explanation why we do it this way.
In FIPS, all crypto function must cease
Hi,
Thank you for the review.
On Thu, Apr 20, 2017 at 4:39 PM, Stephan Müller wrote:
>> +/* The function verifies that tdes keys are not weak.*/
>> +static int ssi_fips_verify_3des_keys(const u8 *key, unsigned int keylen)
>> +{
>> +#ifdef CCREE_FIPS_SUPPORT
>> +tdes_keys_t *tdes_key = (
Am Donnerstag, 20. April 2017, 15:13:00 CEST schrieb Gilad Ben-Yossef:
Hi Gilad,
> +/* The function verifies that tdes keys are not weak.*/
> +static int ssi_fips_verify_3des_keys(const u8 *key, unsigned int keylen)
> +{
> +#ifdef CCREE_FIPS_SUPPORT
> +tdes_keys_t *tdes_key = (tdes_keys_t
Add FIPS mode support to CryptoCell driver
Signed-off-by: Gilad Ben-Yossef
---
drivers/staging/ccree/Kconfig |9 +
drivers/staging/ccree/Makefile |1 +
drivers/staging/ccree/ssi_aead.c|6 +
drivers/staging/ccree/ssi_cipher.c | 52 +
drivers/staging/c
11 matches
Mail list logo