From patchwork Wed Dec 21 22:41:11 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vladis Dronov <vdronov@redhat.com>
X-Patchwork-Id: 35560
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp28402wrn;
        Wed, 21 Dec 2022 15:08:13 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXspYWA0MZcTt2eSBMylDgO7dXF97VFlU7OJYf8GFaN7Bym5RqtaBxR5fWRJNcptXGk2YrLT
X-Received: by 2002:a17:90a:7343:b0:219:20b8:a6fe with SMTP id
 j3-20020a17090a734300b0021920b8a6femr3878014pjs.46.1671664092868;
        Wed, 21 Dec 2022 15:08:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1671664092; cv=none;
        d=google.com; s=arc-20160816;
        b=qvSRk1QPetIWf1gz/jNmwUoXULgyQZXUsAwWNDxNI5oT8yw7K4IJoAGoBiOE6NdW/g
         TTNmCWmPN26H8eqYEDPSF4on6qPaheGKwzORqz6JgmfzpxP3nas8d02l3TdB15nlvcgc
         2pzNz2qdOfFMpJrsGN02YSfJcy85BmQhSCeeC8c+k6kTyKavSvzkG5Klu530TsxL0Wzv
         qZc60Cpyv9SXetBxNyEQdFf56s5OtzGmuGFVBy4gCwAJ6/BDuGhnA4mj0IRR+sLtJ0Nb
         9rbeq0SF0RjcBs+w41bir7OLEfzSnFLpoCLkwEJ0AvxxjvIKvIe9cT/NbV2ExyQ3zCeG
         uYMg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=mv0JdiEUm8fY4r7rY54vtlemTUttCXqsgsmptQYzLmc=;
        b=eKc5AurL7GTW60AXRW3jdBHleRc/rZn7gUE+BnpI7dGKQfIBMC9L0TtpoaHtdi6Gwe
         wmPKdIxMmHuir03DKqskEDnmyfCjaTPPEkhE0m4e6ExygRAhhPS9HzKa/+ANzopcN5/d
         TOZ+EAaF/w6S48mXSOuxf+05UFPsmJ7H7sbd5uuDakkJlZo27HgVAwKSe5WDSEXXEcHf
         /QoovOxaf4EF17sVCpNZpaD9tWBY4RkIVdEqw2LLm7ILDJpc0acpV99htVmQiFFXCIke
         +igTJLIMZ2+MXj5cwmasIIXd0Z8Z+0ar7QCvZyB52HMWV9Elm9beFEtOJjBRZj1LHsLR
         Ih4g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=cYljFLhc;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 85-20020a630458000000b00476b6fa2963si17303274pge.599.2022.12.21.15.07.50;
        Wed, 21 Dec 2022 15:08:12 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=cYljFLhc;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235132AbiLUWnd (ORCPT <rfc822;pacteraone@gmail.com> + 99 others);
        Wed, 21 Dec 2022 17:43:33 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51414 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235143AbiLUWnF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Dec 2022 17:43:05 -0500
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF78523E9C
        for <linux-kernel@vger.kernel.org>;
 Wed, 21 Dec 2022 14:42:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1671662541;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=mv0JdiEUm8fY4r7rY54vtlemTUttCXqsgsmptQYzLmc=;
        b=cYljFLhcJFt3MYTEGZ+b0yGSZk0JDANahCTwnX/dsijkpT/D4ByryZaaNsY0YtbibWAs8M
        c9Q5Wv4MNBgMzyAYGCzJXtOIfvf88SyaQhRXEbdOmD5ba5pTeqXHiLCK2DWGokPG7ULtuj
        9Wv1KRAthi/ssWOzNI4wTw2in5kf+/U=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-116-fKIoZ0QBPd-fRFtYSUZekg-1; Wed, 21 Dec 2022 17:42:17 -0500
X-MC-Unique: fKIoZ0QBPd-fRFtYSUZekg-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
 [10.11.54.1])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4522A858F0E;
        Wed, 21 Dec 2022 22:42:17 +0000 (UTC)
Received: from rules.brq.redhat.com (ovpn-208-11.brq.redhat.com
 [10.40.208.11])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 409A040C2004;
        Wed, 21 Dec 2022 22:42:14 +0000 (UTC)
From: Vladis Dronov <vdronov@redhat.com>
To: herbert@gondor.apana.org.au, davem@davemloft.net
Cc: nstange@suse.de, elliott@hpe.com, linux-crypto@vger.kernel.org,
        linux-kernel@vger.kernel.org, smueller@chronox.de,
        vdronov@redhat.com
Subject: [PATCH 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS
 mode
Date: Wed, 21 Dec 2022 23:41:11 +0100
Message-Id: <20221221224111.19254-7-vdronov@redhat.com>
In-Reply-To: <20221221224111.19254-1-vdronov@redhat.com>
References: <20221221224111.19254-1-vdronov@redhat.com>
MIME-Version: 1.0
Content-type: text/plain
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1752866848157494156?=
X-GMAIL-MSGID: =?utf-8?q?1752866848157494156?=

From: Nicolai Stange <nstange@suse.de>

The kernel provides implementations of the NIST ECDSA signature
verification primitives. For key sizes of 256 and 384 bits respectively
they are approved and can be enabled in FIPS mode. Do so.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
 crypto/testmgr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index a223cf5f3626..795c4858c741 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5034,12 +5034,14 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "ecdsa-nist-p256",
 		.test = alg_test_akcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.akcipher = __VECS(ecdsa_nist_p256_tv_template)
 		}
 	}, {
 		.alg = "ecdsa-nist-p384",
 		.test = alg_test_akcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.akcipher = __VECS(ecdsa_nist_p384_tv_template)
 		}