Re: [PATCH] crypto: testmgr - allow authenc(hmac(sha{256,384}),cts(cbc(aes))) in FIPS mode
From: Viacheslav Dubeyko
Date: Wed Jun 03 2026 - 13:17:49 EST
On Wed, 2026-06-03 at 17:50 +0200, Ilya Dryomov wrote:
> hmac(sha256), hmac(sha384) and cts(cbc(aes)) algorithms have been
> marked as FIPS allowed for years. Mark the respective authenc()
> constructions per RFC 8009 ("AES Encryption with HMAC-SHA2 for
> Kerberos 5") as such as well.
>
> SP 800-57 Part 3 Rev. 1 from Jan 2015 [1] links the draft of what
> became RFC 8009 in Oct 2016 as approved in section 6.3 Procurement
> Guidance (item/recommendation 3).
>
> [1] https://csrc.nist.gov/pubs/sp/800/57/pt3/r1/final
>
> Signed-off-by: Ilya Dryomov <idryomov@xxxxxxxxx>
> ---
> crypto/testmgr.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/crypto/testmgr.c b/crypto/testmgr.c
> index 4d86efae65b2..7788e6fa80ce 100644
> --- a/crypto/testmgr.c
> +++ b/crypto/testmgr.c
> @@ -4215,6 +4215,7 @@ static const struct alg_test_desc
> alg_test_descs[] = {
> .alg = "authenc(hmac(sha256),cts(cbc(aes)))",
> .generic_driver = "authenc(hmac-sha256-
> lib,cts(cbc(aes-lib)))",
> .test = alg_test_aead,
> + .fips_allowed = 1,
> .suite = {
> .aead =
> __VECS(krb5_test_aes128_cts_hmac_sha256_128)
> }
> @@ -4256,6 +4257,7 @@ static const struct alg_test_desc
> alg_test_descs[] = {
> .alg = "authenc(hmac(sha384),cts(cbc(aes)))",
> .generic_driver = "authenc(hmac-sha384-
> lib,cts(cbc(aes-lib)))",
> .test = alg_test_aead,
> + .fips_allowed = 1,
> .suite = {
> .aead =
> __VECS(krb5_test_aes256_cts_hmac_sha384_192)
> }
Makes sense.
Reviewed-by: Viacheslav Dubeyko <Slava.Dubeyko@xxxxxxx>
Thanks,
Slava.