Leonidas S. Barbosa
2014-09-18 18:43:02 UTC
Hi,
I'm facing an issue running tcrypt with rfc4309-aes-ccm.
My hardware and drive only implements support to key size 128, what is
specify in the documentation (http://tools.ietf.org/html/rfc4309) as a
'MUST' support, but does not support the other sizes. However tcrypt
tests
not only 128, but also 192 and 256bits size, which in ietf documentation
are 'MAY' also support.
The issue is if I run my machines with FIPS enable it won't work
at all, since tcrypt will try to the other key sizes and so fails making
my system crash in a kernel panic.
I wondering if this tcrypt to 192 and 256 are correct since it's not
a 'MUST' support size. Either if have any option to disable tcrypt to
test with this other key sizes. And once more, since they are not a must
support, what is the history about this test?
A workround for us in the moment is to disable ccm in FIPs mode.
Best regards,
Leonidas.)
I'm facing an issue running tcrypt with rfc4309-aes-ccm.
My hardware and drive only implements support to key size 128, what is
specify in the documentation (http://tools.ietf.org/html/rfc4309) as a
'MUST' support, but does not support the other sizes. However tcrypt
tests
not only 128, but also 192 and 256bits size, which in ietf documentation
are 'MAY' also support.
The issue is if I run my machines with FIPS enable it won't work
at all, since tcrypt will try to the other key sizes and so fails making
my system crash in a kernel panic.
I wondering if this tcrypt to 192 and 256 are correct since it's not
a 'MUST' support size. Either if have any option to disable tcrypt to
test with this other key sizes. And once more, since they are not a must
support, what is the history about this test?
A workround for us in the moment is to disable ccm in FIPs mode.
Best regards,
Leonidas.)