From patchwork Wed Dec 21 22:41:06 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vladis Dronov <vdronov@redhat.com>
X-Patchwork-Id: 35557
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp27221wrn;
        Wed, 21 Dec 2022 15:05:29 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXvh5/lnhrGE+b8Wcs2rWnv/WZUYkV4kA99oiFO4TASFp0ItUlcN5AY2Wd4F3rUo4U1RCM1t
X-Received: by 2002:a17:903:2695:b0:189:a11e:9995 with SMTP id
 jf21-20020a170903269500b00189a11e9995mr3692207plb.13.1671663928842;
        Wed, 21 Dec 2022 15:05:28 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1671663928; cv=none;
        d=google.com; s=arc-20160816;
        b=zg6Y5ASi57YEA0MiCaZG7H9c8CQGAEnTXjab5z9ZPoF0wcyQjhXWvQkRZ+meaf/+b0
         Z0d3+0fyfIUE5IXwpT9Y0SHMpVSKMbRVk3vc/e0+h+JkFtPR4Cq+5uFoz2Uv/YrOLk+V
         Fs6o7cUBCBH9KeKPzXYRsO5rCIdMPBCFdsIBEuTsKppzu6a8uFFi++Nwd8n94RFLNLf7
         hkg0pS8Pa7EdA+beaYt+C3Evy2sRZIAjU6659N3rUOJI04f58GrLYb4jTsasnoSM1PaT
         kp+IQWyGj2rjJdLV3KPWuo2SgnmwyxNmKJTVHcSV6DbnroNEDwx4cVutU+ef0BSw+DoC
         6OOg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=HInbXzTW3Cb08AWmdq+dd1m19tc/OaqTF+DjibQiGV4=;
        b=C2c7uB1BMASrhVGaLFgKotxdfLZB86qQWxTf9L4CTjnbPo7YeQFOu4DFpHb5osn8pN
         fnj4Pml/FjH7N9sTNV2hjy8R9QDaPaiuayKOl/Wab+PZYWGeUTbMVDxo721GzR/vWvkf
         ldLLA/ueUuqvWhjb0fq9DOWh6kJ3xC6JDNDE/fxKjf0iPy+X8UUOSKl6x6PlbEZVY9St
         MZpdpY+wUoon2SQ193sL6JpE6q1CUVtickxyz9qZUSxVWREP0SjsC5MWTY1WwCM/GJrO
         fbryUCAPFeicGsYQGRsAkxOaXQYkngY1LvIWBYmF2z4+rDa4vtBtk+M0FHuw6VKZcuAI
         95aw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=WHu8yeTX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 u6-20020a170902a60600b0018c5dae06f3si16175816plq.410.2022.12.21.15.04.51;
        Wed, 21 Dec 2022 15:05:28 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=WHu8yeTX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235150AbiLUWmc (ORCPT <rfc822;pacteraone@gmail.com> + 99 others);
        Wed, 21 Dec 2022 17:42:32 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51292 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235115AbiLUWmZ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Dec 2022 17:42:25 -0500
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E9B3165B4
        for <linux-kernel@vger.kernel.org>;
 Wed, 21 Dec 2022 14:41:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1671662501;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=HInbXzTW3Cb08AWmdq+dd1m19tc/OaqTF+DjibQiGV4=;
        b=WHu8yeTXXQlP6gZzI44dtEhALqQpCBAUk3W43/oW1QVCnoZ0ZG2JbuHp/8m8z0z7RWx7Qc
        nmL7fxH1OhMmfGcrb5E2ROKq5oPnLI+QjmFhe3b8Rc05i0mckRKKjCYcJZYz7KJnZe18zH
        9s58xOJmTXrdepZMMBaPaSe1KfOIEqo=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-365-8dHjQDtpMTyIwbTTfApP6A-1; Wed, 21 Dec 2022 17:41:36 -0500
X-MC-Unique: 8dHjQDtpMTyIwbTTfApP6A-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
 [10.11.54.1])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1C521196EF88;
        Wed, 21 Dec 2022 22:41:36 +0000 (UTC)
Received: from rules.brq.redhat.com (ovpn-208-11.brq.redhat.com
 [10.40.208.11])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 108F840C2064;
        Wed, 21 Dec 2022 22:41:33 +0000 (UTC)
From: Vladis Dronov <vdronov@redhat.com>
To: herbert@gondor.apana.org.au, davem@davemloft.net
Cc: nstange@suse.de, elliott@hpe.com, linux-crypto@vger.kernel.org,
        linux-kernel@vger.kernel.org, smueller@chronox.de,
        vdronov@redhat.com
Subject: [PATCH 1/6] crypto: xts - restrict key lengths to approved values in
 FIPS mode
Date: Wed, 21 Dec 2022 23:41:06 +0100
Message-Id: <20221221224111.19254-2-vdronov@redhat.com>
In-Reply-To: <20221221224111.19254-1-vdronov@redhat.com>
References: <20221221224111.19254-1-vdronov@redhat.com>
MIME-Version: 1.0
Content-type: text/plain
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1752866675336045104?=
X-GMAIL-MSGID: =?utf-8?q?1752866675336045104?=

From: Nicolai Stange <nstange@suse.de>

According to FIPS 140-3 IG C.I., only (total) key lengths of either
256 bits or 512 bits are allowed with xts(aes). Make xts_verify_key() to
reject anything else in FIPS mode.

As xts(aes) is the only approved xts() template instantiation in FIPS mode,
the new restriction implemented in xts_verify_key() effectively only
applies to this particular construction.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
 include/crypto/xts.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/include/crypto/xts.h b/include/crypto/xts.h
index 0f8dba69feb4..a233c1054df2 100644
--- a/include/crypto/xts.h
+++ b/include/crypto/xts.h
@@ -35,6 +35,13 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm,
 	if (keylen % 2)
 		return -EINVAL;
 
+	/*
+	 * In FIPS mode only a combined key length of either 256 or
+	 * 512 bits is allowed, c.f. FIPS 140-3 IG C.I.
+	 */
+	if (fips_enabled && keylen != 32 && keylen != 64)
+		return -EINVAL;
+
 	/* ensure that the AES and tweak key are not identical */
 	if ((fips_enabled || (crypto_skcipher_get_flags(tfm) &
 			      CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) &&

From patchwork Wed Dec 21 22:41:07 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vladis Dronov <vdronov@redhat.com>
X-Patchwork-Id: 35556
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp26785wrn;
        Wed, 21 Dec 2022 15:04:31 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXvHJMEKf7o1FiMr/ZAPIbSIsnk23umHurko2HLwGn9KeF6R1N5hpKwyI1MHem5ycEira0st
X-Received: by 2002:a05:6a20:d2c6:b0:af:7233:5bfc with SMTP id
 ir6-20020a056a20d2c600b000af72335bfcmr23609145pzb.8.1671663871236;
        Wed, 21 Dec 2022 15:04:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1671663871; cv=none;
        d=google.com; s=arc-20160816;
        b=uVpCm6duG5vxg8udxBZ4qSRnUKF0AOWPjcGKi7NRazGJBwXgoz88tRMclaUQG7zKjx
         akJ4fPdxexrCmPJw3Munc85CrasFSRXbr/r0urb8R8oAcuzL1ucT8wZFkOn4/xVTE82w
         6YxFPYwW2LkLeS6wFEEhyeyXJc29OyQRTf85b/i2adUMwTZgm2MFYeUYPJlYpppIGfaa
         nqkuMLQ7lzxtGtGtkmlmd6gNqiAGMHmXH7xB2k/wk1yxU1tG0Gdls2rcvRnd6/5Rwkli
         gNUDmVM9LQIFiUztw2g172hNHimMnH7DK4I+tXT3L3QgkNQA+MEtyvkJSW2GicjQll3w
         VP3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=kwJqqlZWZgLxuuvmSlfjzB7OmFV7j8hdyZMfzqN2TDg=;
        b=Aj3TASEYK3Zsypk0290huCkXmLLQFTPUHz/PplB8CA0lMZ8RKuhUm/FrpgXcK3MYrO
         tgjTlPWkLj1oJQp2nscwiPRHnD/eFcyKUYE0H8XWffhOvCxVjw4Ia9ZJMhKGdlX28qlh
         qopPpVilBKZzcVfLqf+rnuVe9+fG+Ht2/ZG6ylVhoBMml2KpfAl+BQvBEVupfNq4UZ0z
         p8oReC6ZOTUn9H6xeripixL/4XzMXDNqoBxbV1ZJdZnaSM3cttYkVsyBeVJ+BXDszZUm
         0ft+T36zrTHYK5ytYN0DNGh/QfwfbzO3sziEzJD9G3izIzfG5ApPpTWwZD80hBVVRK43
         QJmg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=BkmIisXs;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 85-20020a630458000000b00476b6fa2963si17303274pge.599.2022.12.21.15.04.13;
        Wed, 21 Dec 2022 15:04:31 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=BkmIisXs;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235174AbiLUWms (ORCPT <rfc822;pacteraone@gmail.com> + 99 others);
        Wed, 21 Dec 2022 17:42:48 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51322 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235132AbiLUWmk (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Dec 2022 17:42:40 -0500
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8ADA01DA42
        for <linux-kernel@vger.kernel.org>;
 Wed, 21 Dec 2022 14:41:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1671662516;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=kwJqqlZWZgLxuuvmSlfjzB7OmFV7j8hdyZMfzqN2TDg=;
        b=BkmIisXsONKsJvWBC0JxEDttsSM6Z8S8ewx7+tYKSTDbIYSfryR1ZATl053sWE7nFWXZVS
        CiFpnrwX8JdYHpqEBYMg6VyY/viCtnbT2DR4Qmyizwzw2TEMtOzWDF2aZyb3FKhN40A5CH
        lbApFQ5+zwvqA4F0QTu0m9xwmZh7S10=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-452--KixWts-M8G2-wcS8cIkrw-1; Wed, 21 Dec 2022 17:41:51 -0500
X-MC-Unique: -KixWts-M8G2-wcS8cIkrw-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
 [10.11.54.1])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B99C685A588;
        Wed, 21 Dec 2022 22:41:50 +0000 (UTC)
Received: from rules.brq.redhat.com (ovpn-208-11.brq.redhat.com
 [10.40.208.11])
        by smtp.corp.redhat.com (Postfix) with ESMTP id C698F40C2064;
        Wed, 21 Dec 2022 22:41:48 +0000 (UTC)
From: Vladis Dronov <vdronov@redhat.com>
To: herbert@gondor.apana.org.au, davem@davemloft.net
Cc: nstange@suse.de, elliott@hpe.com, linux-crypto@vger.kernel.org,
        linux-kernel@vger.kernel.org, smueller@chronox.de,
        vdronov@redhat.com
Subject: [PATCH 2/6] crypto: xts - drop xts_check_key()
Date: Wed, 21 Dec 2022 23:41:07 +0100
Message-Id: <20221221224111.19254-3-vdronov@redhat.com>
In-Reply-To: <20221221224111.19254-1-vdronov@redhat.com>
References: <20221221224111.19254-1-vdronov@redhat.com>
MIME-Version: 1.0
Content-type: text/plain
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1752866615393698368?=
X-GMAIL-MSGID: =?utf-8?q?1752866615393698368?=

xts_check_key() is obsoleted by xts_verify_key(). Over time XTS crypto
drivers adopted the newer xts_verify_key() variant, but xts_check_key()
is still used by a number of drivers. Switch drivers to use the newer
xts_verify_key() and make a couple of cleanups. This allows us to drop
xts_check_key() completely and avoid redundancy.

Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
---
 arch/s390/crypto/paes_s390.c                  |  2 +-
 drivers/crypto/atmel-aes.c                    |  2 +-
 drivers/crypto/axis/artpec6_crypto.c          |  2 +-
 drivers/crypto/cavium/cpt/cptvf_algs.c        |  8 +++----
 .../crypto/cavium/nitrox/nitrox_skcipher.c    |  8 +++----
 drivers/crypto/ccree/cc_cipher.c              |  2 +-
 .../crypto/marvell/octeontx/otx_cptvf_algs.c  |  2 +-
 .../marvell/octeontx2/otx2_cptvf_algs.c       |  2 +-
 include/crypto/xts.h                          | 21 +++----------------
 9 files changed, 15 insertions(+), 34 deletions(-)

diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c
index a279b7d23a5e..29dc827e0fe8 100644
--- a/arch/s390/crypto/paes_s390.c
+++ b/arch/s390/crypto/paes_s390.c
@@ -474,7 +474,7 @@ static int xts_paes_set_key(struct crypto_skcipher *tfm, const u8 *in_key,
 		return rc;
 
 	/*
-	 * xts_check_key verifies the key length is not odd and makes
+	 * xts_verify_key verifies the key length is not odd and makes
 	 * sure that the two keys are not the same. This can be done
 	 * on the two protected keys as well
 	 */
diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c
index 886bf258544c..130f8bf09a9a 100644
--- a/drivers/crypto/atmel-aes.c
+++ b/drivers/crypto/atmel-aes.c
@@ -1879,7 +1879,7 @@ static int atmel_aes_xts_setkey(struct crypto_skcipher *tfm, const u8 *key,
 	struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
 	int err;
 
-	err = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen);
+	err = xts_verify_key(tfm, key, keylen);
 	if (err)
 		return err;
 
diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c
index 51c66afbe677..f6f41e316dfe 100644
--- a/drivers/crypto/axis/artpec6_crypto.c
+++ b/drivers/crypto/axis/artpec6_crypto.c
@@ -1621,7 +1621,7 @@ artpec6_crypto_xts_set_key(struct crypto_skcipher *cipher, const u8 *key,
 		crypto_skcipher_ctx(cipher);
 	int ret;
 
-	ret = xts_check_key(&cipher->base, key, keylen);
+	ret = xts_verify_key(cipher, key, keylen);
 	if (ret)
 		return ret;
 
diff --git a/drivers/crypto/cavium/cpt/cptvf_algs.c b/drivers/crypto/cavium/cpt/cptvf_algs.c
index 9eca0c302186..0b38c2600b86 100644
--- a/drivers/crypto/cavium/cpt/cptvf_algs.c
+++ b/drivers/crypto/cavium/cpt/cptvf_algs.c
@@ -232,13 +232,12 @@ static int cvm_decrypt(struct skcipher_request *req)
 static int cvm_xts_setkey(struct crypto_skcipher *cipher, const u8 *key,
 		   u32 keylen)
 {
-	struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher);
-	struct cvm_enc_ctx *ctx = crypto_tfm_ctx(tfm);
+	struct cvm_enc_ctx *ctx = crypto_skcipher_ctx(cipher);
 	int err;
 	const u8 *key1 = key;
 	const u8 *key2 = key + (keylen / 2);
 
-	err = xts_check_key(tfm, key, keylen);
+	err = xts_verify_key(cipher, key, keylen);
 	if (err)
 		return err;
 	ctx->key_len = keylen;
@@ -289,8 +288,7 @@ static int cvm_validate_keylen(struct cvm_enc_ctx *ctx, u32 keylen)
 static int cvm_setkey(struct crypto_skcipher *cipher, const u8 *key,
 		      u32 keylen, u8 cipher_type)
 {
-	struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher);
-	struct cvm_enc_ctx *ctx = crypto_tfm_ctx(tfm);
+	struct cvm_enc_ctx *ctx = crypto_skcipher_ctx(cipher);
 
 	ctx->cipher_type = cipher_type;
 	if (!cvm_validate_keylen(ctx, keylen)) {
diff --git a/drivers/crypto/cavium/nitrox/nitrox_skcipher.c b/drivers/crypto/cavium/nitrox/nitrox_skcipher.c
index 248b4fff1c72..138261dcd032 100644
--- a/drivers/crypto/cavium/nitrox/nitrox_skcipher.c
+++ b/drivers/crypto/cavium/nitrox/nitrox_skcipher.c
@@ -337,12 +337,11 @@ static int nitrox_3des_decrypt(struct skcipher_request *skreq)
 static int nitrox_aes_xts_setkey(struct crypto_skcipher *cipher,
 				 const u8 *key, unsigned int keylen)
 {
-	struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher);
-	struct nitrox_crypto_ctx *nctx = crypto_tfm_ctx(tfm);
+	struct nitrox_crypto_ctx *nctx = crypto_skcipher_ctx(cipher);
 	struct flexi_crypto_context *fctx;
 	int aes_keylen, ret;
 
-	ret = xts_check_key(tfm, key, keylen);
+	ret = xts_verify_key(cipher, key, keylen);
 	if (ret)
 		return ret;
 
@@ -362,8 +361,7 @@ static int nitrox_aes_xts_setkey(struct crypto_skcipher *cipher,
 static int nitrox_aes_ctr_rfc3686_setkey(struct crypto_skcipher *cipher,
 					 const u8 *key, unsigned int keylen)
 {
-	struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher);
-	struct nitrox_crypto_ctx *nctx = crypto_tfm_ctx(tfm);
+	struct nitrox_crypto_ctx *nctx = crypto_skcipher_ctx(cipher);
 	struct flexi_crypto_context *fctx;
 	int aes_keylen;
 
diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c
index 309da6334a0a..2cd44d7457a4 100644
--- a/drivers/crypto/ccree/cc_cipher.c
+++ b/drivers/crypto/ccree/cc_cipher.c
@@ -460,7 +460,7 @@ static int cc_cipher_setkey(struct crypto_skcipher *sktfm, const u8 *key,
 	}
 
 	if (ctx_p->cipher_mode == DRV_CIPHER_XTS &&
-	    xts_check_key(tfm, key, keylen)) {
+	    xts_verify_key(sktfm, key, keylen)) {
 		dev_dbg(dev, "weak XTS key");
 		return -EINVAL;
 	}
diff --git a/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c b/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c
index 80ba77c793a7..83493dd0416f 100644
--- a/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c
+++ b/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c
@@ -398,7 +398,7 @@ static int otx_cpt_skcipher_xts_setkey(struct crypto_skcipher *tfm,
 	const u8 *key1 = key;
 	int ret;
 
-	ret = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen);
+	ret = xts_verify_key(tfm, key, keylen);
 	if (ret)
 		return ret;
 	ctx->key_len = keylen;
diff --git a/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c b/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c
index 30b423605c9c..443202caa140 100644
--- a/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c
+++ b/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c
@@ -412,7 +412,7 @@ static int otx2_cpt_skcipher_xts_setkey(struct crypto_skcipher *tfm,
 	const u8 *key1 = key;
 	int ret;
 
-	ret = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen);
+	ret = xts_verify_key(tfm, key, keylen);
 	if (ret)
 		return ret;
 	ctx->key_len = keylen;
diff --git a/include/crypto/xts.h b/include/crypto/xts.h
index a233c1054df2..5a6a2cc89d49 100644
--- a/include/crypto/xts.h
+++ b/include/crypto/xts.h
@@ -8,23 +8,6 @@
 
 #define XTS_BLOCK_SIZE 16
 
-static inline int xts_check_key(struct crypto_tfm *tfm,
-				const u8 *key, unsigned int keylen)
-{
-	/*
-	 * key consists of keys of equal size concatenated, therefore
-	 * the length must be even.
-	 */
-	if (keylen % 2)
-		return -EINVAL;
-
-	/* ensure that the AES and tweak key are not identical */
-	if (fips_enabled && !crypto_memneq(key, key + (keylen / 2), keylen / 2))
-		return -EINVAL;
-
-	return 0;
-}
-
 static inline int xts_verify_key(struct crypto_skcipher *tfm,
 				 const u8 *key, unsigned int keylen)
 {
@@ -42,7 +25,9 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm,
 	if (fips_enabled && keylen != 32 && keylen != 64)
 		return -EINVAL;
 
-	/* ensure that the AES and tweak key are not identical */
+	/* ensure that the AES and tweak key are not identical
+	 * when in FIPS mode or the FORBID_WEAK_KEYS flag is set.
+	 */
 	if ((fips_enabled || (crypto_skcipher_get_flags(tfm) &
 			      CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) &&
 	    !crypto_memneq(key, key + (keylen / 2), keylen / 2))

From patchwork Wed Dec 21 22:41:08 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vladis Dronov <vdronov@redhat.com>
X-Patchwork-Id: 35559
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp28254wrn;
        Wed, 21 Dec 2022 15:07:50 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXvcvtGn/Yj2XTJSiseO5Nf6A8BVaxN8f5nB8XZeFr0L4G0uMPskMS14IKkWWeQZX7V9WV2J
X-Received: by 2002:a17:902:d303:b0:189:b3bf:c0b5 with SMTP id
 b3-20020a170902d30300b00189b3bfc0b5mr3730322plc.34.1671664070356;
        Wed, 21 Dec 2022 15:07:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1671664070; cv=none;
        d=google.com; s=arc-20160816;
        b=p2ZdQO3yvMXFVzbYjFWVyjTMsiGvxGStqlqUFZ5sr8OwzSEGpU4XX5v27yPJfNPuh3
         6nwpH+PYzZCihmYvJ0bS1V6SwbTvKDlFsJy5SlhBMVOtLVrJmaLMJiqzIdEPpODMit2p
         OF23izmghBrx0vNkWC5O+u6yD23L4iICJf/pdeQaAqHmUf3D8dbwMA2i9OXlJT04pnJu
         +ezYuDQJWrWTxwPBF8P6fZXlpEjS5vrCJpteLbizJP5+BfZ6EtLiPUMd2GDJI7tMGCnj
         AcYpTsQq09ryOiYcKmvbK2ASSbDaHzBG9R43t5fYD/dkyQM2FWgKCkM7uiWAA0dDX4YU
         GF/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=kwfJcVBxWNMAZYpPSPCoOdNBGIp3nX0+9louWAKvFDk=;
        b=RHHhRFL5JOw6tbL1+d5vObktPHYp+6qHogxCFmQzA3wBZVtP5gAA6d81RRAALN3IZ2
         DGxi0ydOLNn9p+utFH7ihEcEszk6b0aG/rQNbRzl5bUGgHcflWxOqAamk0mGO1a8+ipw
         K3ABTskGgvAKfUV/5coftcfE7CBvNUZWzwD7ARvJM6sVEIIY/LZIi8ab5L7t2I//FFgu
         A1gu/QdVScydkk8O1wSVsk7eJxm6GPwaTAaDv7NtRvDHlUiYeJvp1qVd7KXtKkwjtJry
         RlEcjMCx8+URx1b1ZrMK0WQhj7MvAdN68mLi8ytD/9DI7i5cplS62B5HeA0v58hGLXok
         Z/dQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=bL9g5tse;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 h7-20020a170902704700b00189eaaea1basi16304602plt.552.2022.12.21.15.07.12;
        Wed, 21 Dec 2022 15:07:50 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=bL9g5tse;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235229AbiLUWnI (ORCPT <rfc822;pacteraone@gmail.com> + 99 others);
        Wed, 21 Dec 2022 17:43:08 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51344 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235155AbiLUWmx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Dec 2022 17:42:53 -0500
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4BDBCCD0
        for <linux-kernel@vger.kernel.org>;
 Wed, 21 Dec 2022 14:42:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1671662529;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=kwfJcVBxWNMAZYpPSPCoOdNBGIp3nX0+9louWAKvFDk=;
        b=bL9g5tse5QJ2+wYe/PbYBnXc0qgCssyPLFVPZ49reXTA8uNPaJaHEoV0ckSOJzF0KBDw47
        2Ls/EOcEGcEyR/JaLX2z53m7B8pbgh3/FQI5p8UpumxBTXhK9L0KUlVmo9BUUuYDbj6CWW
        /yVAi3B6yEVAmxevX+avKcOI8AGfTe4=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-523-2MYamv_BNpCM3A4WlGyW7A-1; Wed, 21 Dec 2022 17:42:06 -0500
X-MC-Unique: 2MYamv_BNpCM3A4WlGyW7A-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
 [10.11.54.1])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DF71229AA39D;
        Wed, 21 Dec 2022 22:42:05 +0000 (UTC)
Received: from rules.brq.redhat.com (ovpn-208-11.brq.redhat.com
 [10.40.208.11])
        by smtp.corp.redhat.com (Postfix) with ESMTP id DD71240C2064;
        Wed, 21 Dec 2022 22:42:03 +0000 (UTC)
From: Vladis Dronov <vdronov@redhat.com>
To: herbert@gondor.apana.org.au, davem@davemloft.net
Cc: nstange@suse.de, elliott@hpe.com, linux-crypto@vger.kernel.org,
        linux-kernel@vger.kernel.org, smueller@chronox.de,
        vdronov@redhat.com
Subject: [PATCH 3/6] crypto: xts - drop redundant xts key check
Date: Wed, 21 Dec 2022 23:41:08 +0100
Message-Id: <20221221224111.19254-4-vdronov@redhat.com>
In-Reply-To: <20221221224111.19254-1-vdronov@redhat.com>
References: <20221221224111.19254-1-vdronov@redhat.com>
MIME-Version: 1.0
Content-type: text/plain
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1752866824479914733?=
X-GMAIL-MSGID: =?utf-8?q?1752866824479914733?=

xts_fallback_setkey() in xts_aes_set_key() will now enforce key size
rule in FIPS mode when setting up the fallback algorithm keys, which
makes the check in xts_aes_set_key() redundant or unreachable. So just
drop this check.

xts_fallback_setkey() now makes a key size check in xts_verify_key():

xts_fallback_setkey()
  crypto_skcipher_setkey() [ skcipher_setkey_unaligned() ]
    cipher->setkey() { .setkey = xts_setkey }
      xts_setkey()
        xts_verify_key()

Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
 arch/s390/crypto/aes_s390.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
index 526c3f40f6a2..c773820e4af9 100644
--- a/arch/s390/crypto/aes_s390.c
+++ b/arch/s390/crypto/aes_s390.c
@@ -398,10 +398,6 @@ static int xts_aes_set_key(struct crypto_skcipher *tfm, const u8 *in_key,
 	if (err)
 		return err;
 
-	/* In fips mode only 128 bit or 256 bit keys are valid */
-	if (fips_enabled && key_len != 32 && key_len != 64)
-		return -EINVAL;
-
 	/* Pick the correct function code based on the key length */
 	fc = (key_len == 32) ? CPACF_KM_XTS_128 :
 	     (key_len == 64) ? CPACF_KM_XTS_256 : 0;

From patchwork Wed Dec 21 22:41:09 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vladis Dronov <vdronov@redhat.com>
X-Patchwork-Id: 35558
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp28238wrn;
        Wed, 21 Dec 2022 15:07:49 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXtxxkIO3ZUYpe19/bmspliXQUeusO0wNxM9i1jRQI8dQHeAYnnQ2X0sYyUUS6P2ORmLoM+h
X-Received: by 2002:a17:902:8688:b0:189:e7ea:9ff9 with SMTP id
 g8-20020a170902868800b00189e7ea9ff9mr3740248plo.42.1671664069121;
        Wed, 21 Dec 2022 15:07:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1671664069; cv=none;
        d=google.com; s=arc-20160816;
        b=hD8UAQLG0UPyh8WKSTsnP6THY/2k9lkQRcKm9G/WvOxUdKFwy1YgAymImyR6Lv0pSS
         btic3TQaUUMgsG9wEttpQw2/45Te7poy/LONuN+Na4Fb4Z1REiI1kFVoKxGiVwSIDfsz
         tMN8sXfxnZqBWxjmOc5blXiPv0okUmw2UCLaQb4bVR1XxG6D0CjN2MND520gz9myoQog
         QoFwFFlR0XFz7XJZ4XmfTbSEvLBvn1FgRgTb964dguEfMmKQUCmo7p4D9LBuHVXdoABT
         a8N5H9S9JvJpxXBovz/gh6lgjbX5ixmOGmeofPoDZcfO8pT/rgnpPIK+1e3QGHv3sTXv
         mOZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=pplydIw3aMKsqvdgTdU8/nS7VlTB2EzgwMqQkCaddDc=;
        b=GJKEvx2/1/U3kEq6fv83hP15DayAI0Pa9HrrVR0z8VGBzsmCiLNDjvptynAup9bYBu
         S1XRt8y6kuFbXH0eZDvPIm0oha1KTZveIlB081fFlgID2SjnFuTfbPpCMEeR1bUTGYZB
         51/ZmU4ciZLV19sI0AtVcbVArIOH0CrehiK5K6AThP6fisxU0IFmXJbj2QQy6P+pam/6
         WAJXYLOD9DtHU6xSemmZYjK2kIG9oTkXmgs+eXSFLPWGa8yNfphECIbXaD3qC/zajh5S
         QN1yB3v3kt+y534e5YpWobih/wTZOFpCAFIiDxNvuT1YSRcL/2oL66CIgEuKTPsuKL1r
         wzzg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=eTGtk7C1;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 u6-20020a170902a60600b0018c5dae06f3si16175816plq.410.2022.12.21.15.07.19;
        Wed, 21 Dec 2022 15:07:49 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=eTGtk7C1;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235241AbiLUWnM (ORCPT <rfc822;pacteraone@gmail.com> + 99 others);
        Wed, 21 Dec 2022 17:43:12 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51382 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235068AbiLUWm7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Dec 2022 17:42:59 -0500
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8EDDC2036F
        for <linux-kernel@vger.kernel.org>;
 Wed, 21 Dec 2022 14:42:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1671662533;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=pplydIw3aMKsqvdgTdU8/nS7VlTB2EzgwMqQkCaddDc=;
        b=eTGtk7C1DG7G3oNhBH/YNMkG7X0P0SU2s83HGrZS6XDJO5XPSdCA6hS67yGJl6f7jP/Ou7
        YnbiS9sw7tCyqSkqg0eiOARQ2D4vRodwmw9gL7flZa27Ib0J48dsODIUW1GiJKjYCpk1x5
        +R7t5giT6hGWpfKNNBXpWH11/hTLKZE=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-642-keguWWWrPN6K1b3PzfrVGw-1; Wed, 21 Dec 2022 17:42:10 -0500
X-MC-Unique: keguWWWrPN6K1b3PzfrVGw-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
 [10.11.54.1])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 02D3C1C05134;
        Wed, 21 Dec 2022 22:42:10 +0000 (UTC)
Received: from rules.brq.redhat.com (ovpn-208-11.brq.redhat.com
 [10.40.208.11])
        by smtp.corp.redhat.com (Postfix) with ESMTP id EB35B40C2064;
        Wed, 21 Dec 2022 22:42:07 +0000 (UTC)
From: Vladis Dronov <vdronov@redhat.com>
To: herbert@gondor.apana.org.au, davem@davemloft.net
Cc: nstange@suse.de, elliott@hpe.com, linux-crypto@vger.kernel.org,
        linux-kernel@vger.kernel.org, smueller@chronox.de,
        vdronov@redhat.com
Subject: [PATCH 4/6] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode
Date: Wed, 21 Dec 2022 23:41:09 +0100
Message-Id: <20221221224111.19254-5-vdronov@redhat.com>
In-Reply-To: <20221221224111.19254-1-vdronov@redhat.com>
References: <20221221224111.19254-1-vdronov@redhat.com>
MIME-Version: 1.0
Content-type: text/plain
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1752866822802315247?=
X-GMAIL-MSGID: =?utf-8?q?1752866822802315247?=

From: Nicolai Stange <nstange@suse.de>

cbcmac(aes) may be used only as part of the ccm(aes) construction in FIPS
mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific
constructions in FIPS mode") there's support for using spawns which by
itself are marked as non-approved from approved template instantiations.
So simply mark plain cbcmac(aes) as non-approved in testmgr to block any
attempts of direct instantiations in FIPS mode.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
 crypto/testmgr.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 4476ac97baa5..562463a77a76 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4501,7 +4501,6 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 #endif
 		.alg = "cbcmac(aes)",
-		.fips_allowed = 1,
 		.test = alg_test_hash,
 		.suite = {
 			.hash = __VECS(aes_cbcmac_tv_template)

From patchwork Wed Dec 21 22:41:10 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vladis Dronov <vdronov@redhat.com>
X-Patchwork-Id: 35561
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp28569wrn;
        Wed, 21 Dec 2022 15:08:41 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXtc7RWW1HNlbawtj28RXP/XYp0nISuWlDo7yw4FQwz9C3LDTyxrjcXNMzGtnPejYn9Uukp6
X-Received: by 2002:a05:6a20:548e:b0:9d:efd3:66ca with SMTP id
 i14-20020a056a20548e00b0009defd366camr5822508pzk.17.1671664120825;
        Wed, 21 Dec 2022 15:08:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1671664120; cv=none;
        d=google.com; s=arc-20160816;
        b=YuvUNUmCGz6NR0QFJFLwMHQMKXwyJcv7ZxpcExHZQw9Plz5EPgfLwzdGVABNK1gf/T
         BMJ1gMUYE1mE8exZG9f+ARb7Eu5muMBMxya0tqJVkKA0wBhAMJxVxxCk8+ne9mj7eKwj
         Buhb3Fj2nWi639tSficprwor2pquKndx4G1er2WH+GFHqRrmjzvbBsaqJahItxAuglCe
         8hDUMyy0urgLCdb7ZMggnEqPL66HulPGDdRQNLse6hxo0bCX81/IgDlIzhuqTs6RaN1j
         M0vPJuNfXvJ+zxlTJs5spEPR4XG+PTaPGAyBqDRFBcUMIvxiOEK+AHfy9OCL6Nd3kG0Z
         Bvhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=l9hhi/SANunKmoKwXebRhuBJH3zZsPz8xdoxFhR57EY=;
        b=QCx9BYTJ5aesOhlbAwJHFRXZndXcLQmKTn5ry9UREowfy7oyObXJ20XF5LKjDURd16
         pRsMbPSn26rLa10T5IYNbD0APBOogEfedUea9gF8EX1JzL158Sr6nCtgtzg3j1p0IUr6
         wpzH9mUW8wuZZiUabx9qcOTvc5bj7yoOGnZ97CpQiSZRK6nYVz1+Xpdsf4JmTkmnVm5d
         KaKg4PrfKIT9zoNnU14L6gEgUKyUo3z4kwB0tBBVsY+SZDQWXyvWzCORnKx8eeetsfHu
         cuWOuxR4JDzhErSOV+YFGpKeBaZnoC5+/z+GDkrBmIAgKWV57PSkr27Hs4+VkCnW13x4
         2stg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=aLSHGJza;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 u6-20020a170902a60600b0018c5dae06f3si16175816plq.410.2022.12.21.15.08.27;
        Wed, 21 Dec 2022 15:08:40 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=aLSHGJza;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235265AbiLUWno (ORCPT <rfc822;pacteraone@gmail.com> + 99 others);
        Wed, 21 Dec 2022 17:43:44 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51396 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235194AbiLUWnL (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Dec 2022 17:43:11 -0500
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1EFD52333F
        for <linux-kernel@vger.kernel.org>;
 Wed, 21 Dec 2022 14:42:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1671662539;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=l9hhi/SANunKmoKwXebRhuBJH3zZsPz8xdoxFhR57EY=;
        b=aLSHGJzafz6PyZWAdoZ4XLlBV4u+iOM6ATPKxO/KGUIq8ASEVSeX0MI0JXOydcRUN1RoJy
        585pYESpmh5nTnS72VKilY1fIiHvwAuz7ao9THFV02RVbhGXyTDu4qSxLnczcNXjq6GTfl
        Jfnt7sKlB12Vd/4I+Oc3TDQe6nzXMsg=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-91-nYX_X2v-NmSrQ-6l_vld1g-1; Wed, 21 Dec 2022 17:42:14 -0500
X-MC-Unique: nYX_X2v-NmSrQ-6l_vld1g-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
 [10.11.54.1])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 79D2329AA385;
        Wed, 21 Dec 2022 22:42:13 +0000 (UTC)
Received: from rules.brq.redhat.com (ovpn-208-11.brq.redhat.com
 [10.40.208.11])
        by smtp.corp.redhat.com (Postfix) with ESMTP id B7BCB40C2064;
        Wed, 21 Dec 2022 22:42:11 +0000 (UTC)
From: Vladis Dronov <vdronov@redhat.com>
To: herbert@gondor.apana.org.au, davem@davemloft.net
Cc: nstange@suse.de, elliott@hpe.com, linux-crypto@vger.kernel.org,
        linux-kernel@vger.kernel.org, smueller@chronox.de,
        vdronov@redhat.com
Subject: [PATCH 5/6] crypto: testmgr - disallow plain ghash in FIPS mode
Date: Wed, 21 Dec 2022 23:41:10 +0100
Message-Id: <20221221224111.19254-6-vdronov@redhat.com>
In-Reply-To: <20221221224111.19254-1-vdronov@redhat.com>
References: <20221221224111.19254-1-vdronov@redhat.com>
MIME-Version: 1.0
Content-type: text/plain
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1752866876735853564?=
X-GMAIL-MSGID: =?utf-8?q?1752866876735853564?=

From: Nicolai Stange <nstange@suse.de>

ghash may be used only as part of the gcm(aes) construction in FIPS
mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific
constructions in FIPS mode") there's support for using spawns which by
itself are marked as non-approved from approved template instantiations.
So simply mark plain ghash as non-approved in testmgr to block any attempts
of direct instantiations in FIPS mode.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
 crypto/testmgr.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 562463a77a76..a223cf5f3626 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5125,7 +5125,6 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "ghash",
 		.test = alg_test_hash,
-		.fips_allowed = 1,
 		.suite = {
 			.hash = __VECS(ghash_tv_template)
 		}

From patchwork Wed Dec 21 22:41:11 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vladis Dronov <vdronov@redhat.com>
X-Patchwork-Id: 35560
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp28402wrn;
        Wed, 21 Dec 2022 15:08:13 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXspYWA0MZcTt2eSBMylDgO7dXF97VFlU7OJYf8GFaN7Bym5RqtaBxR5fWRJNcptXGk2YrLT
X-Received: by 2002:a17:90a:7343:b0:219:20b8:a6fe with SMTP id
 j3-20020a17090a734300b0021920b8a6femr3878014pjs.46.1671664092868;
        Wed, 21 Dec 2022 15:08:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1671664092; cv=none;
        d=google.com; s=arc-20160816;
        b=qvSRk1QPetIWf1gz/jNmwUoXULgyQZXUsAwWNDxNI5oT8yw7K4IJoAGoBiOE6NdW/g
         TTNmCWmPN26H8eqYEDPSF4on6qPaheGKwzORqz6JgmfzpxP3nas8d02l3TdB15nlvcgc
         2pzNz2qdOfFMpJrsGN02YSfJcy85BmQhSCeeC8c+k6kTyKavSvzkG5Klu530TsxL0Wzv
         qZc60Cpyv9SXetBxNyEQdFf56s5OtzGmuGFVBy4gCwAJ6/BDuGhnA4mj0IRR+sLtJ0Nb
         9rbeq0SF0RjcBs+w41bir7OLEfzSnFLpoCLkwEJ0AvxxjvIKvIe9cT/NbV2ExyQ3zCeG
         uYMg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=mv0JdiEUm8fY4r7rY54vtlemTUttCXqsgsmptQYzLmc=;
        b=eKc5AurL7GTW60AXRW3jdBHleRc/rZn7gUE+BnpI7dGKQfIBMC9L0TtpoaHtdi6Gwe
         wmPKdIxMmHuir03DKqskEDnmyfCjaTPPEkhE0m4e6ExygRAhhPS9HzKa/+ANzopcN5/d
         TOZ+EAaF/w6S48mXSOuxf+05UFPsmJ7H7sbd5uuDakkJlZo27HgVAwKSe5WDSEXXEcHf
         /QoovOxaf4EF17sVCpNZpaD9tWBY4RkIVdEqw2LLm7ILDJpc0acpV99htVmQiFFXCIke
         +igTJLIMZ2+MXj5cwmasIIXd0Z8Z+0ar7QCvZyB52HMWV9Elm9beFEtOJjBRZj1LHsLR
         Ih4g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=cYljFLhc;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 85-20020a630458000000b00476b6fa2963si17303274pge.599.2022.12.21.15.07.50;
        Wed, 21 Dec 2022 15:08:12 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=cYljFLhc;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235132AbiLUWnd (ORCPT <rfc822;pacteraone@gmail.com> + 99 others);
        Wed, 21 Dec 2022 17:43:33 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51414 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235143AbiLUWnF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Dec 2022 17:43:05 -0500
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF78523E9C
        for <linux-kernel@vger.kernel.org>;
 Wed, 21 Dec 2022 14:42:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1671662541;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=mv0JdiEUm8fY4r7rY54vtlemTUttCXqsgsmptQYzLmc=;
        b=cYljFLhcJFt3MYTEGZ+b0yGSZk0JDANahCTwnX/dsijkpT/D4ByryZaaNsY0YtbibWAs8M
        c9Q5Wv4MNBgMzyAYGCzJXtOIfvf88SyaQhRXEbdOmD5ba5pTeqXHiLCK2DWGokPG7ULtuj
        9Wv1KRAthi/ssWOzNI4wTw2in5kf+/U=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-116-fKIoZ0QBPd-fRFtYSUZekg-1; Wed, 21 Dec 2022 17:42:17 -0500
X-MC-Unique: fKIoZ0QBPd-fRFtYSUZekg-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
 [10.11.54.1])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4522A858F0E;
        Wed, 21 Dec 2022 22:42:17 +0000 (UTC)
Received: from rules.brq.redhat.com (ovpn-208-11.brq.redhat.com
 [10.40.208.11])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 409A040C2004;
        Wed, 21 Dec 2022 22:42:14 +0000 (UTC)
From: Vladis Dronov <vdronov@redhat.com>
To: herbert@gondor.apana.org.au, davem@davemloft.net
Cc: nstange@suse.de, elliott@hpe.com, linux-crypto@vger.kernel.org,
        linux-kernel@vger.kernel.org, smueller@chronox.de,
        vdronov@redhat.com
Subject: [PATCH 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS
 mode
Date: Wed, 21 Dec 2022 23:41:11 +0100
Message-Id: <20221221224111.19254-7-vdronov@redhat.com>
In-Reply-To: <20221221224111.19254-1-vdronov@redhat.com>
References: <20221221224111.19254-1-vdronov@redhat.com>
MIME-Version: 1.0
Content-type: text/plain
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1752866848157494156?=
X-GMAIL-MSGID: =?utf-8?q?1752866848157494156?=

From: Nicolai Stange <nstange@suse.de>

The kernel provides implementations of the NIST ECDSA signature
verification primitives. For key sizes of 256 and 384 bits respectively
they are approved and can be enabled in FIPS mode. Do so.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
 crypto/testmgr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index a223cf5f3626..795c4858c741 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5034,12 +5034,14 @@ static const struct alg_test_desc alg_test_descs[] = {
 	}, {
 		.alg = "ecdsa-nist-p256",
 		.test = alg_test_akcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.akcipher = __VECS(ecdsa_nist_p256_tv_template)
 		}
 	}, {
 		.alg = "ecdsa-nist-p384",
 		.test = alg_test_akcipher,
+		.fips_allowed = 1,
 		.suite = {
 			.akcipher = __VECS(ecdsa_nist_p384_tv_template)
 		}