authenc methods vs FIPS in light of unencrypted associated data

From: Marcus Meissner
Date: Thu Jun 02 2016 - 12:01:15 EST

Next message: Boris Brezillon: "Re: [PATCH 0/4] mtd: nand: Add support for Evatronix NANDFLASH-CTRL"
Previous message: Dietmar Eggemann: "Re: [RFC PATCH 3/3] sched/fair: Change @running of __update_load_avg() to @update_util"
Next in thread: Stephan Mueller: "Re: authenc methods vs FIPS in light of unencrypted associated data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

In February I already tagged some authenc ciphers for FIPS compatibility.

I currently revisit this to get testmgr running all the tests in strict FIPS mode.

The authenc() class is troublesome.

There is a HASH + ENC part of this method, but you can also add associated data,
which is not encrypted. (using the ctx->null cipher in crypto/authenc.c)

But in FIPS mode the crypto_authenc_init_tfm does:

null = crypto_get_default_null_skcipher();

which results in error, as the crypto_alloc_blkcipher("ecb(cipher_null)", 0, 0);
results in failure due to "ecb(cipher_null)" not FIPS compliant.

How to handle this?

I think GCM also does not encrypt, just hashes, the associated data, it just does
copy the content itself and does not use a virtual cipher.

Ciao, Marcus

Next message: Boris Brezillon: "Re: [PATCH 0/4] mtd: nand: Add support for Evatronix NANDFLASH-CTRL"
Previous message: Dietmar Eggemann: "Re: [RFC PATCH 3/3] sched/fair: Change @running of __update_load_avg() to @update_util"
Next in thread: Stephan Mueller: "Re: authenc methods vs FIPS in light of unencrypted associated data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]