Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3362940imu;
        Mon, 14 Jan 2019 01:27:11 -0800 (PST)
X-Google-Smtp-Source: ALg8bN6PgE3Xqk+rqMWAp9e1V0/ye7pV8B4/Kjbs+40LYgOG8Pe7I4X7R4FAWSLMRiskuW8WskHu
X-Received: by 2002:a17:902:8e8a:: with SMTP id bg10mr24602315plb.192.1547458031156;
        Mon, 14 Jan 2019 01:27:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1547458031; cv=none;
        d=google.com; s=arc-20160816;
        b=Foo5Yv62G7NZBwnFVHJO4o+DXCkBtro178QL2R+WyXpCPUMilaZOTB++jG6/RdxTE4
         Hhlc75iMrOsSSXPHtFA+wroARF2zGIWBtcT1rOVs/aZl8k4PmpbrjU4ZoPmk2/vXrIfQ
         u0SmkAVmOI5kaA7csZ7l0zGmwDmIdXnVh6hgWGd0j7YkzYHBU//JANuodyLsA31+K9Jw
         NibORcPVgtdVVc340UNWW8At7oUNcoV9HRZrm4lo4s8BsQx6FURQwjRf8rWq745X9nRU
         fOtS306Ynm5z6pjuOTZDEbZZ2pkdUz1IAJpkmHvoi5AazrE6MJYqRlr04q2UkbU0qYJ0
         q43w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=AS3UVO9VUy/yA9TAuYUKM0GaFeRpzoT5J7TlCsaSwF4=;
        b=K2nw+FR84AjfXfDPI8235ojdSW1eNMtou+RF9ODUgFlQvKzjb+70qklUdqBqnr3Lho
         qOCYuBPpDu67PTLxKXMEhsKCLfW1ZgHt72Ebt8cqXZB/E5Dl8RHWhtLNxQyMDweax/pN
         PD38eo9wvyCebCVhd805bRJMZKAgMOhf4V7EaGUg5hSgbOaQSTEB6jwHNUIwsOqTBAFb
         vQvUx9iDdHka51A3XWgS9A8jij+ZSsIg5DYjQeljfXZGpnqaXNY+0GVQJ2FirVEo8n+M
         90BPlMXWNHe0FWdfon04e9g9hpTmhl0BnezPsj3CBDx27k2OB3EXxDammJcRNx9el2AV
         Kpdw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b="ouEM/a0F";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v9si19172907pgo.23.2019.01.14.01.26.55;
        Mon, 14 Jan 2019 01:27:11 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b="ouEM/a0F";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726546AbfANJZt (ORCPT <rfc822;carmate383@gmail.com>
        + 99 others); Mon, 14 Jan 2019 04:25:49 -0500
Received: from mo4-p01-ob.smtp.rzone.de ([81.169.146.164]:16679 "EHLO
        mo4-p01-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726306AbfANJZt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 14 Jan 2019 04:25:49 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1547457946;
        s=strato-dkim-0002; d=chronox.de;
        h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:
        X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender;
        bh=AS3UVO9VUy/yA9TAuYUKM0GaFeRpzoT5J7TlCsaSwF4=;
        b=ouEM/a0Flkvy+Ja1BzzHcepwQM15zaHrULmODDHm0pubzqc7WCwRidHMWQU0Uw3Dij
        jyGduHHtDqrcN2BSoar2rzEs9H1dnAmRnBJzCt1Q8Os8+YYvv+8gIZYSn7GtqV2BGx0M
        khuVbSwRNOe37vOT4/kXVlA4bh5qoiZQJ4NK3LnT/OJzd2BKZG6EKEyLBY45qbwzwVoX
        VsZGAuA6z3oQwzWxjB9Ta0SRnwNNx/9XyRUDWIBvvwngUSxAqhaQq0Yq+k1aSld9g2Uq
        Vpwpg8EDa5wswQ0QHT+fmxw0E0Rvwrv7LL3o0Pijlt38b/4nukUaVHUjMrMBfdU2gUHh
        xvqA==
X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9yWgdNs16dfA/c7fW145n"
X-RZG-CLASS-ID: mo00
Received: from positron.chronox.de
        by smtp.strato.de (RZmta 44.9 AUTH)
        with ESMTPSA id 309bcfv0E9PHq0c
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA))
        (Client did not present a certificate);
        Mon, 14 Jan 2019 10:25:17 +0100 (CET)
From:   Stephan =?ISO-8859-1?Q?M=FCller?= <smueller@chronox.de>
To:     Eric Biggers <ebiggers@kernel.org>
Cc:     Herbert Xu <herbert@gondor.apana.org.au>,
        James Bottomley <James.Bottomley@hansenpartnership.com>,
        Andy Lutomirski <luto@amacapital.net>,
        "Lee, Chun-Yi" <joeyli.kernel@gmail.com>,
        "Rafael J . Wysocki" <rjw@rjwysocki.net>,
        Pavel Machek <pavel@ucw.cz>, linux-kernel@vger.kernel.org,
        linux-pm@vger.kernel.org, keyrings@vger.kernel.org,
        "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
        Chen Yu <yu.c.chen@intel.com>,
        Oliver Neukum <oneukum@suse.com>,
        Ryan Chen <yu.chen.surf@gmail.com>,
        David Howells <dhowells@redhat.com>,
        Giovanni Gherdovich <ggherdovich@suse.cz>,
        Randy Dunlap <rdunlap@infradead.org>,
        Jann Horn <jannh@google.com>,
        Andy Lutomirski <luto@kernel.org>, linux-crypto@vger.kernel.org
Subject: Re: [PATCH 5/6] crypto: hkdf - add known answer tests
Date:   Mon, 14 Jan 2019 10:25:16 +0100
Message-ID: <2750733.sbdFDJOICv@positron.chronox.de>
In-Reply-To: <20190112051914.GB639@sol.localdomain>
References: <20190103143227.9138-1-jlee@suse.com> <9857029.1Sm7LFDBlJ@positron.chronox.de> <20190112051914.GB639@sol.localdomain>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Am Samstag, 12. Januar 2019, 06:19:15 CET schrieb Eric Biggers:

Hi Eric,

[...]
> 
> > +			}
> > +		}
> > +	}, {
> > +		.alg = "hkdf(hmac(sha224))",
> > +		.test = alg_test_null,
> > +		.fips_allowed = 1,
> 
> I think it is dumb to add algorithms to the testmgr with no tests just so
> the 'fips_allowed' flag can be set. 

Currently it is the only way. But I agree that it could be done better.

> And doesn't FIPS sometimes require
> tests anyway?  I don't think the "null test" should count as a test :-)

Yes, it DOES count as a test (as strange as it may sound)! :-)

The FIPS requirements are as follows:

- raw ciphers must be subject to a FIPS test with one block chaining mode to 
cover that cipher with all block chaining modes (e.g. you can test ecb(aes) to 
cover AES with *all* existing block chaining modes).

- for compound crypto algorithm (like RSA with respect to hashes, KDF with 
respect to the keyed message digest, HMAC with respect to hashes), the 
wrapping crypto algorithm needs to be tested with *one* wrapped cipher at 
least (but also not more. E.g. if you have a self test for, say, all SHA-1 and 
SHA-2, you only need one HMAC SHA test or one KDF HMAC SHA test.

- in some circumstances, it is even permissible to test wrapping crypto 
algorithms where the underlying algo is implicitly tested. E.g. if you have a 
HMAC SHA-256 test, you do not need an individual SHA-256 test.


> 
> Perhaps just include sha256 and sha512, and have tests for them?

Do you happen to have an official SHA-512 HKDF test vector? RFC5869 only has 
SHA-1 and SHA-256 tests.
> 

[...]
> > 
> > +/* Test vectors from RFC 5869 appendix A */
> > +static struct kdf_testvec hkdf_hmac_sha256_tv_template[] = {
> 
> const
> 
> Likewise for all other kdf_testvecs.

const does not work with __VECS :-(

I leave it without const at the moment. I think the __VECS should be updated 
along with all test vectors.

[...]

Ciao
Stephan