Patch to add checking of DES3 test vectors using CBC mode. FIPS-1402-2
compliance mandates that any supported mode of oepration must include a self
test. This satisfies that requirement for cbc(des_ebe). Tested successfully by
me
Regards
Neil
Signed-off-by: Neil Horman <[email protected]>
tcrypt.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 6beabc5..ca7d37b 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1180,6 +1180,11 @@ static void do_test(void)
test_cipher("ecb(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
DES3_EDE_DEC_TEST_VECTORS);
+ test_cipher("cbc(des3_ede)", ENCRYPT, des3_ede_enc_tv_template,
+ DES3_EDE_ENC_TEST_VECTORS);
+ test_cipher("cbc(des3_ede)", DECRYPT, des3_ede_dec_tv_template,
+ DES3_EDE_DEC_TEST_VECTORS);
+
test_hash("md4", md4_tv_template, MD4_TEST_VECTORS);
test_hash("sha224", sha224_tv_template, SHA224_TEST_VECTORS);
--
/****************************************************
* Neil Horman <[email protected]>
* Software Engineer, Red Hat
****************************************************/
On Wed, May 21, 2008 at 04:09:38PM -0400, Neil Horman wrote:
> Patch to add checking of DES3 test vectors using CBC mode. FIPS-1402-2
> compliance mandates that any supported mode of oepration must include a self
> test. This satisfies that requirement for cbc(des_ebe). Tested successfully by
> me
Sorry but this makes no sense. The test vectors you're feeding
into it are only one block long. For a single block (and no IV)
there is no difference between ECB and CBC. So please add some
real CBC test vectors for this.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Thu, May 22, 2008 at 08:03:00AM +0800, Herbert Xu wrote:
> On Wed, May 21, 2008 at 04:09:38PM -0400, Neil Horman wrote:
> > Patch to add checking of DES3 test vectors using CBC mode. FIPS-1402-2
> > compliance mandates that any supported mode of oepration must include a self
> > test. This satisfies that requirement for cbc(des_ebe). Tested successfully by
> > me
>
> Sorry but this makes no sense. The test vectors you're feeding
> into it are only one block long. For a single block (and no IV)
> there is no difference between ECB and CBC. So please add some
> real CBC test vectors for this.
>
You're right, it doesn't make any sense. I'm sorry, I'm not sure what I'm
thinking. I'll repost when I generate some test vectors. Patch rescinded.
Sorry for the noise.
Regards
Neil
> Thanks,
> --
> Visit Openswan at http://www.openswan.org/
> Email: Herbert Xu ~{PmV>HI~} <[email protected]>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
/***************************************************
*Neil Horman
*[email protected]
*gpg keyid: 1024D / 0x92A74FA1
*http://pgp.mit.edu
***************************************************/