crypto: testmgr - allow authenc(hmac(sha{256,384}),cts(cbc(aes))) in FIPS mode

[PATCH] crypto: testmgr - allow authenc(hmac(sha{256,384}),cts(cbc(aes))) in FIPS mode

Posted by Ilya Dryomov 4 days, 15 hours ago

hmac(sha256), hmac(sha384) and cts(cbc(aes)) algorithms have been
marked as FIPS allowed for years.  Mark the respective authenc()
constructions per RFC 8009 ("AES Encryption with HMAC-SHA2 for
Kerberos 5") as such as well.

SP 800-57 Part 3 Rev. 1 from Jan 2015 [1] links the draft of what
became RFC 8009 in Oct 2016 as approved in section 6.3 Procurement
Guidance (item/recommendation 3).

[1] https://csrc.nist.gov/pubs/sp/800/57/pt3/r1/final

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---
 crypto/testmgr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 4d86efae65b2..7788e6fa80ce 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4215,6 +4215,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 		.alg = "authenc(hmac(sha256),cts(cbc(aes)))",
 		.generic_driver = "authenc(hmac-sha256-lib,cts(cbc(aes-lib)))",
 		.test = alg_test_aead,
+		.fips_allowed = 1,
 		.suite = {
 			.aead = __VECS(krb5_test_aes128_cts_hmac_sha256_128)
 		}
@@ -4256,6 +4257,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 		.alg = "authenc(hmac(sha384),cts(cbc(aes)))",
 		.generic_driver = "authenc(hmac-sha384-lib,cts(cbc(aes-lib)))",
 		.test = alg_test_aead,
+		.fips_allowed = 1,
 		.suite = {
 			.aead = __VECS(krb5_test_aes256_cts_hmac_sha384_192)
 		}
-- 
2.54.0

Re: [PATCH] crypto: testmgr - allow authenc(hmac(sha{256,384}),cts(cbc(aes))) in FIPS mode

Posted by Viacheslav Dubeyko 4 days, 14 hours ago

On Wed, 2026-06-03 at 17:50 +0200, Ilya Dryomov wrote:
> hmac(sha256), hmac(sha384) and cts(cbc(aes)) algorithms have been
> marked as FIPS allowed for years.  Mark the respective authenc()
> constructions per RFC 8009 ("AES Encryption with HMAC-SHA2 for
> Kerberos 5") as such as well.
> 
> SP 800-57 Part 3 Rev. 1 from Jan 2015 [1] links the draft of what
> became RFC 8009 in Oct 2016 as approved in section 6.3 Procurement
> Guidance (item/recommendation 3).
> 
> [1] https://csrc.nist.gov/pubs/sp/800/57/pt3/r1/final
> 
> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
> ---
>  crypto/testmgr.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/crypto/testmgr.c b/crypto/testmgr.c
> index 4d86efae65b2..7788e6fa80ce 100644
> --- a/crypto/testmgr.c
> +++ b/crypto/testmgr.c
> @@ -4215,6 +4215,7 @@ static const struct alg_test_desc
> alg_test_descs[] = {
>  		.alg = "authenc(hmac(sha256),cts(cbc(aes)))",
>  		.generic_driver = "authenc(hmac-sha256-
> lib,cts(cbc(aes-lib)))",
>  		.test = alg_test_aead,
> +		.fips_allowed = 1,
>  		.suite = {
>  			.aead =
> __VECS(krb5_test_aes128_cts_hmac_sha256_128)
>  		}
> @@ -4256,6 +4257,7 @@ static const struct alg_test_desc
> alg_test_descs[] = {
>  		.alg = "authenc(hmac(sha384),cts(cbc(aes)))",
>  		.generic_driver = "authenc(hmac-sha384-
> lib,cts(cbc(aes-lib)))",
>  		.test = alg_test_aead,
> +		.fips_allowed = 1,
>  		.suite = {
>  			.aead =
> __VECS(krb5_test_aes256_cts_hmac_sha384_192)
>  		}

Makes sense.

Reviewed-by: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>

Thanks,
Slava.