From patchwork Thu Dec 29 21:17:10 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vladis Dronov <vdronov@redhat.com>
X-Patchwork-Id: 37517
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2595529wrt;
        Thu, 29 Dec 2022 13:24:08 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXvAGP5fZ+SedlxLb/nszVZhYNs9Df05dXEM5vCp5uEY1OJO2iENREu72ueAQbiCSQLcrJZP
X-Received: by 2002:a17:902:ce85:b0:18f:a0de:6ad0 with SMTP id
 f5-20020a170902ce8500b0018fa0de6ad0mr38745657plg.55.1672349047970;
        Thu, 29 Dec 2022 13:24:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672349047; cv=none;
        d=google.com; s=arc-20160816;
        b=rXYJzqjrmtOL289o4ZMVyrZ8EHcm+LXkuavBMQEYKc6CUogFMsK1/Wbv/bhA63rayT
         Y2KVj7l2z8W14J5yz2+UtAp8WdzGrkYbxpMk2LUyqmHCRSqHFU65s1wedQzD4miLrkcl
         wAHKGydB/suPxK4JvP+LCQV7K60oIlJibDCZzqQQHT4MngJICam1290FAzHjAQMMWLSm
         cGspZAzJDCv9lNog+Qi/MeyrplQr4omhSef1pAD42t8vOVmZ4fGxU6lMpxu9FIoxYo3G
         0Q6xyaxiKs0eXDZ6o4JSaqpdrmvKCJi0QD6eZcelIwKi3dbwD+5p19019mpgRQHB/bXl
         qNkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=mv0JdiEUm8fY4r7rY54vtlemTUttCXqsgsmptQYzLmc=;
        b=yIwjR4nPItZunljSZdJ5qJ7MAp3Zr7gSjkDBoIy68rZfwpRQUIO3SU4r4sk/TH8zlK
         hJq7mobv2sriw+93/XYLLbrNcSy0tCT/0py58EiMmZ6S9y/MZBDLVlkU8WRfbJ/97v0b
         wuDtFEKUJIVIT91v27AU/AOedSUHq73LwZcIXI7DOc5RH0Y95VdvL2d9Uf6tkwcNaBvb
         JMcOntk/MLT93jlVX5fTobwgEGfz1sWHfNfhbyvBTU9e6XRW7sr6NEFaj9v+Fcwdj+N3
         By6t7W5/sbWbfHulRYgTgs6TyKD9orQFzXT13kwxH2nIG4xCrY3AlVVq1yYg+gU5H7Zs
         o11g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=Z4Wts5Gi;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 d3-20020a170903230300b0018685c559a1si20049309plh.383.2022.12.29.13.23.55;
        Thu, 29 Dec 2022 13:24:07 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=Z4Wts5Gi;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234199AbiL2VTh (ORCPT <rfc822;eddaouddi.ayoub@gmail.com>
        + 99 others); Thu, 29 Dec 2022 16:19:37 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39750 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234219AbiL2VSY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 29 Dec 2022 16:18:24 -0500
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 96AAE1707B
        for <linux-kernel@vger.kernel.org>;
 Thu, 29 Dec 2022 13:17:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1672348661;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=mv0JdiEUm8fY4r7rY54vtlemTUttCXqsgsmptQYzLmc=;
        b=Z4Wts5GiJBcr1Dlw34XzU7Ipop5nqxsC+e8N9OXIFTmsRudygdY6AcavTdTRudTjpLgqew
        9G2I3uLw2NhC9v0rbu8pqXxSluQyHZbkqUooifqx28yRaOMpOVbBHrWS7qMNANunmLcQfx
        TKe/94fBZmErc2jrL/r78slO+0jABos=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-664-nogLPySSPCmKjss8zI-pRA-1; Thu, 29 Dec 2022 16:17:36 -0500
X-MC-Unique: nogLPySSPCmKjss8zI-pRA-1
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com
 [10.11.54.10])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DE14C1C05AC5;
        Thu, 29 Dec 2022 21:17:35 +0000 (UTC)
Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 7FBC5492B00;
        Thu, 29 Dec 2022 21:17:33 +0000 (UTC)
From: Vladis Dronov <vdronov@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
        "David S . Miller" <davem@davemloft.net>
Cc: Nicolai Stange <nstange@suse.de>, Elliott Robert <elliott@hpe.com>,
        Stephan Mueller <smueller@chronox.de>,
        Eric Biggers <ebiggers@google.com>,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
        Vladis Dronov <vdronov@redhat.com>
Subject: [PATCH v3 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in
 FIPS mode
Date: Thu, 29 Dec 2022 22:17:10 +0100
Message-Id: <20221229211710.14912-7-vdronov@redhat.com>
In-Reply-To: <20221229211710.14912-1-vdronov@redhat.com>
References: <20221229211710.14912-1-vdronov@redhat.com>
MIME-Version: 1.0
Content-type: text/plain
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1753585075483053284?=
X-GMAIL-MSGID: =?utf-8?q?1753585075483053284?=

From: Nicolai Stange <nstange@suse.de>

The kernel provides implementations of the NIST ECDSA signature
verification primitives. For key sizes of 256 and 384 bits respectively
they are approved and can be enabled in FIPS mode. Do so.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
 crypto/testmgr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index a223cf5f3626..795c4858c741 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5034,12 +5034,14 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "ecdsa-nist-p256",
 		.test = alg_test_akcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.akcipher = __VECS(ecdsa_nist_p256_tv_template)
 		}
 	}, {
 		.alg = "ecdsa-nist-p384",
 		.test = alg_test_akcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.akcipher = __VECS(ecdsa_nist_p384_tv_template)
 		}