[PATCH 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode

From: Vladis Dronov
Date: Wed Dec 21 2022 - 17:43:36 EST

Next message: Vladis Dronov: "[PATCH 5/6] crypto: testmgr - disallow plain ghash in FIPS mode"
Previous message: Vladis Dronov: "[PATCH 4/6] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode"
In reply to: Vladis Dronov: "[PATCH 4/6] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode"
Next in thread: Vladis Dronov: "[PATCH 5/6] crypto: testmgr - disallow plain ghash in FIPS mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Nicolai Stange <nstange@xxxxxxx>

The kernel provides implementations of the NIST ECDSA signature
verification primitives. For key sizes of 256 and 384 bits respectively
they are approved and can be enabled in FIPS mode. Do so.

Signed-off-by: Nicolai Stange <nstange@xxxxxxx>
Signed-off-by: Vladis Dronov <vdronov@xxxxxxxxxx>
---
crypto/testmgr.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index a223cf5f3626..795c4858c741 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5034,12 +5034,14 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "ecdsa-nist-p256",
.test = alg_test_akcipher,
+ .fips_allowed = 1,
.suite = {
.akcipher = __VECS(ecdsa_nist_p256_tv_template)
}
}, {
.alg = "ecdsa-nist-p384",
.test = alg_test_akcipher,
+ .fips_allowed = 1,
.suite = {
.akcipher = __VECS(ecdsa_nist_p384_tv_template)
}
--
2.38.1

Next message: Vladis Dronov: "[PATCH 5/6] crypto: testmgr - disallow plain ghash in FIPS mode"
Previous message: Vladis Dronov: "[PATCH 4/6] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode"
In reply to: Vladis Dronov: "[PATCH 4/6] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode"
Next in thread: Vladis Dronov: "[PATCH 5/6] crypto: testmgr - disallow plain ghash in FIPS mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]