From patchwork Thu Dec 29 20:37:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 37503 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2581461wrt; Thu, 29 Dec 2022 12:41:51 -0800 (PST) X-Google-Smtp-Source: AMrXdXsMh75xwXq7FZ5ySjTaemx5zB0g/JH0lGm3zeTAGVzh+Q5aaTBQZdQW3XbR6QRyoblGqRth X-Received: by 2002:a17:902:f2ca:b0:189:86cd:d7c0 with SMTP id h10-20020a170902f2ca00b0018986cdd7c0mr36762944plc.18.1672346510945; Thu, 29 Dec 2022 12:41:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672346510; cv=none; d=google.com; s=arc-20160816; b=KEYakTz+N7uSSZ8Ial2VT5n06NroRIx40R9TUHj4Kl3+MVsseB0bfC/yP/AuupuzIy vSwwi/VwWtbVepuZjhSnsGiHzeNp51pobhOM4HE5Zja+xz3taoj1LzBvmQ3dFtqbngoU 3s2J++WxSQxemWg/zdTpmrHr8K1wvRohQ1E2gyC6WwVCOBahHQja6uEyfmP0dqF+bmI8 RdEqUW21SoQwwBGBdkI3ZQwHb8Xhh3yJprIRzjWaVVGLxLtNwiShEzDqwD4PVLbFI2G4 aA1vNkVVJn6zBJ6kRS/ifxgRSVFDr3oXv4NHa5juWEhnENvnuN2AHWZwCSQxjZlZwmYd pIsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=LAKIWiSZV682XUgmCJ12HVI7AYn7q1HQMrD8FfksUtE=; b=YGGXouEAdQfJ/Wad5149/R2I04SuEetcwK3zt0sf9grbdSojpp/7u0UuTlAR8C8CUQ yxT9ivcUpErdk+hRTaqXWBYVkJ0jZ8JOewUS75OqrF6dGGTuO4XdnV2IU8gFkShi/0XV JUMv3NsWZTGrBGrzw3Ye+WJ+T6c2Ar37mgqgNc8JP6UIuy4mltO+p1Uj8z0CBztSATbo zfcOt3HHJIKLd6zktHzLx5by5+oFzVqUyhIEeGBm/oyC5kAxkZCtVzlJoiztQTDHXxZ+ XdIEVt8Vwk6OdCdZdLZ3ykUBEd875PAtOhk7myFwEHfzkMj1RKz+Yu2xajIIOaPFEc19 PDsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Zye2FqFv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l17-20020a170902f69100b00186c37272a6si8488796plg.178.2022.12.29.12.41.39; Thu, 29 Dec 2022 12:41:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Zye2FqFv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234121AbiL2Ujn (ORCPT + 99 others); Thu, 29 Dec 2022 15:39:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51482 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234096AbiL2Uii (ORCPT ); Thu, 29 Dec 2022 15:38:38 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 83BB6167EF for ; Thu, 29 Dec 2022 12:37:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1672346268; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LAKIWiSZV682XUgmCJ12HVI7AYn7q1HQMrD8FfksUtE=; b=Zye2FqFv+TO1jNm0RLNjlu3H6OLWLpdY4lmOyVuwZn470SwYn40wjUObYf/uZ7ylBQNSBw nC5E6Svfuv/HNjPC5en/ZEnJ8IE3jmEAhAcjRtQJ3yhH+3F37YH/u5LfbKQQBD97LRNxnV Qf0z4WPlkc0dIx5eXRlqtiffol67W/I= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-502-7pgl8A9fPbWcbBpmsN2aWA-1; Thu, 29 Dec 2022 15:37:43 -0500 X-MC-Unique: 7pgl8A9fPbWcbBpmsN2aWA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E59B38F6E80; Thu, 29 Dec 2022 20:37:42 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id A21A5112132C; Thu, 29 Dec 2022 20:37:40 +0000 (UTC) From: Vladis Dronov To: Herbert Xu , "David S . Miller" Cc: Nicolai Stange , Elliott Robert , Stephan Mueller , Eric Biggers , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov Subject: [PATCH v2 1/6] crypto: xts - restrict key lengths to approved values in FIPS mode Date: Thu, 29 Dec 2022 21:37:03 +0100 Message-Id: <20221229203708.13628-2-vdronov@redhat.com> In-Reply-To: <20221229203708.13628-1-vdronov@redhat.com> References: <20221229203708.13628-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753582415193822802?= X-GMAIL-MSGID: =?utf-8?q?1753582415193822802?= From: Nicolai Stange According to FIPS 140-3 IG C.I., only (total) key lengths of either 256 bits or 512 bits are allowed with xts(aes). Make xts_verify_key() to reject anything else in FIPS mode. As xts(aes) is the only approved xts() template instantiation in FIPS mode, the new restriction implemented in xts_verify_key() effectively only applies to this particular construction. Signed-off-by: Nicolai Stange Signed-off-by: Vladis Dronov Reviewed-by: Eric Biggers --- include/crypto/xts.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/crypto/xts.h b/include/crypto/xts.h index 0f8dba69feb4..a233c1054df2 100644 --- a/include/crypto/xts.h +++ b/include/crypto/xts.h @@ -35,6 +35,13 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm, if (keylen % 2) return -EINVAL; + /* + * In FIPS mode only a combined key length of either 256 or + * 512 bits is allowed, c.f. FIPS 140-3 IG C.I. + */ + if (fips_enabled && keylen != 32 && keylen != 64) + return -EINVAL; + /* ensure that the AES and tweak key are not identical */ if ((fips_enabled || (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) && From patchwork Thu Dec 29 20:37:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 37502 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2581367wrt; Thu, 29 Dec 2022 12:41:32 -0800 (PST) X-Google-Smtp-Source: AMrXdXuNNycRBGjec9wbLUPWE5j3yQP9lLblN8AMi+xGjQhPUntvtlEsyyWM3QRIBfwgcCs2KKPH X-Received: by 2002:a17:90a:45:b0:225:e016:e2fe with SMTP id 5-20020a17090a004500b00225e016e2femr23067513pjb.31.1672346491971; Thu, 29 Dec 2022 12:41:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672346491; cv=none; d=google.com; s=arc-20160816; b=Sd+5WbSZ3/f9+Gs+qllFCoxZyDJbtrZ37+sLNjjCi9lqD2NJID+xIFl2NcOUN9VNDX DTmA4sBbUIEPpZkc2PgvIilGozRWMf0Lw2vKJvydt41G/IaIy0a22pxm/k8o17zMSHvM 6AaZvjPTvJAEwvIXa7NBN+q6H54bSzIx2JgHZ7gA/aFBmP/d3MJBXWM2Ce34WvfdisjE FwX5P+9w9uw9YpngHSGIhbpdLM/K0Xf5W/1ZppDvjKxfkuaVKYV6DteAY/hptR2CrNgg puzPEDdcrSksNwGXiBkiErUB9Sf4pVdVJZjwlanf3XpHZEZXi8frTWwH1WNscZmkjI9s sBOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4TT6ZnS4c4XNNryd0dblg0NDQpCD/OKbVNdhp0j+A+E=; b=wo62QNvntdhZm0i6BRF/iL7Tvs1VCDhLQeaRy5q3EPQyfAXZm/TpZNlxkQqjrXVyHa 0hQRVKbfu6fHDDhor8eMpiBhBALXU73sCUdjJmeV/vtSj6QMe1AOofpAEKMi1puxdVoW KUtJxpTz8WPkjgvNXtB1K6+18Yij7mBrOx3QvwKhow2448599DQ1lI/iFkySWOw1G66O 3YGRaannGL4dkJkQPW0+ExwEDMyXyKh4t3vTs/Cnc6jtC6Yf+p8UUQJYb4hTSfvDtIzJ bqGIjU9ZGVRElNcIqum3C4AjdePmOIqb6QhcQkbE4zdXSOOSrUjV/zIYr/Pk8S1baO6g mluQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=cneDBfrq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a18-20020a17090ad81200b00219044e1bbdsi18864763pjv.25.2022.12.29.12.41.19; Thu, 29 Dec 2022 12:41:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=cneDBfrq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234109AbiL2Ujj (ORCPT + 99 others); Thu, 29 Dec 2022 15:39:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51428 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234097AbiL2Uii (ORCPT ); Thu, 29 Dec 2022 15:38:38 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3B8E11740D for ; Thu, 29 Dec 2022 12:37:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1672346267; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4TT6ZnS4c4XNNryd0dblg0NDQpCD/OKbVNdhp0j+A+E=; b=cneDBfrqmm+XWT5Oaa01zVxqGYjBfElO/Ks3ks4eo26deyifgYPU4JgpuFUej52WyoArO7 ftNcZMzeHVkIGPuqBl7Z2LCKCKSeBlit9UmZ58O+sKuKmNlTTweMurCr1EAvLY8pjuDdZu TdsFuEkYHfVGQtf7UhIuZeyy/86Y8+k= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-386-2xsDZWeQOCSNy2qsoLlUbA-1; Thu, 29 Dec 2022 15:37:46 -0500 X-MC-Unique: 2xsDZWeQOCSNy2qsoLlUbA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 92C461C05AC5; Thu, 29 Dec 2022 20:37:45 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5D0F3112132C; Thu, 29 Dec 2022 20:37:43 +0000 (UTC) From: Vladis Dronov To: Herbert Xu , "David S . Miller" Cc: Nicolai Stange , Elliott Robert , Stephan Mueller , Eric Biggers , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov Subject: [PATCH v2 2/6] crypto: xts - drop xts_check_key() Date: Thu, 29 Dec 2022 21:37:04 +0100 Message-Id: <20221229203708.13628-3-vdronov@redhat.com> In-Reply-To: <20221229203708.13628-1-vdronov@redhat.com> References: <20221229203708.13628-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753582395421570329?= X-GMAIL-MSGID: =?utf-8?q?1753582395421570329?= xts_check_key() is obsoleted by xts_verify_key(). Over time XTS crypto drivers adopted the newer xts_verify_key() variant, but xts_check_key() is still used by a number of drivers. Switch drivers to use the newer xts_verify_key() and make a couple of cleanups. This allows us to drop xts_check_key() completely and avoid redundancy. Signed-off-by: Vladis Dronov Reviewed-by: Eric Biggers --- arch/s390/crypto/paes_s390.c | 2 +- drivers/crypto/atmel-aes.c | 2 +- drivers/crypto/axis/artpec6_crypto.c | 2 +- drivers/crypto/cavium/cpt/cptvf_algs.c | 8 +++---- .../crypto/cavium/nitrox/nitrox_skcipher.c | 8 +++---- drivers/crypto/ccree/cc_cipher.c | 2 +- .../crypto/marvell/octeontx/otx_cptvf_algs.c | 2 +- .../marvell/octeontx2/otx2_cptvf_algs.c | 2 +- include/crypto/xts.h | 22 ++++--------------- 9 files changed, 16 insertions(+), 34 deletions(-) diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c index a279b7d23a5e..29dc827e0fe8 100644 --- a/arch/s390/crypto/paes_s390.c +++ b/arch/s390/crypto/paes_s390.c @@ -474,7 +474,7 @@ static int xts_paes_set_key(struct crypto_skcipher *tfm, const u8 *in_key, return rc; /* - * xts_check_key verifies the key length is not odd and makes + * xts_verify_key verifies the key length is not odd and makes * sure that the two keys are not the same. This can be done * on the two protected keys as well */ diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c index 886bf258544c..130f8bf09a9a 100644 --- a/drivers/crypto/atmel-aes.c +++ b/drivers/crypto/atmel-aes.c @@ -1879,7 +1879,7 @@ static int atmel_aes_xts_setkey(struct crypto_skcipher *tfm, const u8 *key, struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm); int err; - err = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen); + err = xts_verify_key(tfm, key, keylen); if (err) return err; diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c index 51c66afbe677..f6f41e316dfe 100644 --- a/drivers/crypto/axis/artpec6_crypto.c +++ b/drivers/crypto/axis/artpec6_crypto.c @@ -1621,7 +1621,7 @@ artpec6_crypto_xts_set_key(struct crypto_skcipher *cipher, const u8 *key, crypto_skcipher_ctx(cipher); int ret; - ret = xts_check_key(&cipher->base, key, keylen); + ret = xts_verify_key(cipher, key, keylen); if (ret) return ret; diff --git a/drivers/crypto/cavium/cpt/cptvf_algs.c b/drivers/crypto/cavium/cpt/cptvf_algs.c index 9eca0c302186..0b38c2600b86 100644 --- a/drivers/crypto/cavium/cpt/cptvf_algs.c +++ b/drivers/crypto/cavium/cpt/cptvf_algs.c @@ -232,13 +232,12 @@ static int cvm_decrypt(struct skcipher_request *req) static int cvm_xts_setkey(struct crypto_skcipher *cipher, const u8 *key, u32 keylen) { - struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); - struct cvm_enc_ctx *ctx = crypto_tfm_ctx(tfm); + struct cvm_enc_ctx *ctx = crypto_skcipher_ctx(cipher); int err; const u8 *key1 = key; const u8 *key2 = key + (keylen / 2); - err = xts_check_key(tfm, key, keylen); + err = xts_verify_key(cipher, key, keylen); if (err) return err; ctx->key_len = keylen; @@ -289,8 +288,7 @@ static int cvm_validate_keylen(struct cvm_enc_ctx *ctx, u32 keylen) static int cvm_setkey(struct crypto_skcipher *cipher, const u8 *key, u32 keylen, u8 cipher_type) { - struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); - struct cvm_enc_ctx *ctx = crypto_tfm_ctx(tfm); + struct cvm_enc_ctx *ctx = crypto_skcipher_ctx(cipher); ctx->cipher_type = cipher_type; if (!cvm_validate_keylen(ctx, keylen)) { diff --git a/drivers/crypto/cavium/nitrox/nitrox_skcipher.c b/drivers/crypto/cavium/nitrox/nitrox_skcipher.c index 248b4fff1c72..138261dcd032 100644 --- a/drivers/crypto/cavium/nitrox/nitrox_skcipher.c +++ b/drivers/crypto/cavium/nitrox/nitrox_skcipher.c @@ -337,12 +337,11 @@ static int nitrox_3des_decrypt(struct skcipher_request *skreq) static int nitrox_aes_xts_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) { - struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); - struct nitrox_crypto_ctx *nctx = crypto_tfm_ctx(tfm); + struct nitrox_crypto_ctx *nctx = crypto_skcipher_ctx(cipher); struct flexi_crypto_context *fctx; int aes_keylen, ret; - ret = xts_check_key(tfm, key, keylen); + ret = xts_verify_key(cipher, key, keylen); if (ret) return ret; @@ -362,8 +361,7 @@ static int nitrox_aes_xts_setkey(struct crypto_skcipher *cipher, static int nitrox_aes_ctr_rfc3686_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) { - struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); - struct nitrox_crypto_ctx *nctx = crypto_tfm_ctx(tfm); + struct nitrox_crypto_ctx *nctx = crypto_skcipher_ctx(cipher); struct flexi_crypto_context *fctx; int aes_keylen; diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index 309da6334a0a..2cd44d7457a4 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -460,7 +460,7 @@ static int cc_cipher_setkey(struct crypto_skcipher *sktfm, const u8 *key, } if (ctx_p->cipher_mode == DRV_CIPHER_XTS && - xts_check_key(tfm, key, keylen)) { + xts_verify_key(sktfm, key, keylen)) { dev_dbg(dev, "weak XTS key"); return -EINVAL; } diff --git a/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c b/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c index 80ba77c793a7..83493dd0416f 100644 --- a/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c +++ b/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c @@ -398,7 +398,7 @@ static int otx_cpt_skcipher_xts_setkey(struct crypto_skcipher *tfm, const u8 *key1 = key; int ret; - ret = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen); + ret = xts_verify_key(tfm, key, keylen); if (ret) return ret; ctx->key_len = keylen; diff --git a/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c b/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c index 30b423605c9c..443202caa140 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c +++ b/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c @@ -412,7 +412,7 @@ static int otx2_cpt_skcipher_xts_setkey(struct crypto_skcipher *tfm, const u8 *key1 = key; int ret; - ret = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen); + ret = xts_verify_key(tfm, key, keylen); if (ret) return ret; ctx->key_len = keylen; diff --git a/include/crypto/xts.h b/include/crypto/xts.h index a233c1054df2..15b16c4853d8 100644 --- a/include/crypto/xts.h +++ b/include/crypto/xts.h @@ -8,23 +8,6 @@ #define XTS_BLOCK_SIZE 16 -static inline int xts_check_key(struct crypto_tfm *tfm, - const u8 *key, unsigned int keylen) -{ - /* - * key consists of keys of equal size concatenated, therefore - * the length must be even. - */ - if (keylen % 2) - return -EINVAL; - - /* ensure that the AES and tweak key are not identical */ - if (fips_enabled && !crypto_memneq(key, key + (keylen / 2), keylen / 2)) - return -EINVAL; - - return 0; -} - static inline int xts_verify_key(struct crypto_skcipher *tfm, const u8 *key, unsigned int keylen) { @@ -42,7 +25,10 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm, if (fips_enabled && keylen != 32 && keylen != 64) return -EINVAL; - /* ensure that the AES and tweak key are not identical */ + /* + * Ensure that the AES and tweak key are not identical when + * in FIPS mode or the FORBID_WEAK_KEYS flag is set. + */ if ((fips_enabled || (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) && !crypto_memneq(key, key + (keylen / 2), keylen / 2)) From patchwork Thu Dec 29 20:37:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 37504 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2581595wrt; Thu, 29 Dec 2022 12:42:15 -0800 (PST) X-Google-Smtp-Source: AMrXdXtWvGRwAYXSzoPmtRrTqXeM4HqppfiOHwGATx1brKrGL0RruWKQHNWj2T3PTifRL+vpMKgz X-Received: by 2002:a17:903:1d0:b0:192:4f32:3ba7 with SMTP id e16-20020a17090301d000b001924f323ba7mr36863252plh.18.1672346534727; Thu, 29 Dec 2022 12:42:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672346534; cv=none; d=google.com; s=arc-20160816; b=AfluD5LCAr9dSM544m/zn51o+YZDvVxFiQ5po/r6RxO1tg1yY4Bd24K09F7EqZywGl K3W2AwFXgH6AUgNEylxu37zb4NEXAalU2kGLZTiqrOOLB2rO2ZkZfJ5x5souXfcSXv7E vxvZy9DSpG6PS2sLVM/vv3q3LywSNpjwI78bFpmEgTRwrjTjJutly2XV2qw27nEpmXx8 iGFUbqApaNquDq6FE/s/hoYXpOprPXXbvOBFKnbp5gUHZbr9b0mm7YsmlUzQRmYmcXxu Em/TFFgBERwSrPzsCM39kXVKOeiDnv9fAdsTmt5DVq2zHMlGSBECSsObVfpCZ1s7rgkg S/9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=tKf9f+QOlMAS3BoVwJkZB8zyX8Ws7eszIN1kwxfiCPs=; b=QCFn51AJWV4w476kR9eeDC6W7QxuuuGA6TOQfbj37mS9yBOvYKzE9Bi3GR+0FX6+Xz D/nLZph+8yDakRlr/Tow2AjLQhZrER/TUQK8Wm3SDqjDP79vNzUtXwy5WGhRwN0t28MM BcGwATIM41tpHmGhrmFXIvno5kZMYUSkKFwti0ZBW6KL3lwPdtlkuA9XXqzWVgw9I6Qs ABveZk7MdiYUn21Vkd7BWlkUvpXVUhRpglbdWOSp78XbeI388LOT5+OG4spWFzXi1kSv U1//67zTlYeOLAorbtemdWaO03NHNVbU6AkoubXG/tfyPdR/MjjMyC8pRETvnuS1vIfX YvJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=LrfjwcNI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v6-20020a1709029a0600b0018981c83ffcsi468565plp.4.2022.12.29.12.42.02; Thu, 29 Dec 2022 12:42:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=LrfjwcNI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234102AbiL2Ujd (ORCPT + 99 others); Thu, 29 Dec 2022 15:39:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51438 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234098AbiL2Uij (ORCPT ); Thu, 29 Dec 2022 15:38:39 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7E61A165B2 for ; Thu, 29 Dec 2022 12:37:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1672346271; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tKf9f+QOlMAS3BoVwJkZB8zyX8Ws7eszIN1kwxfiCPs=; b=LrfjwcNIq/VE4GUh2Qag681zX4KBEDTUslOBaOEu8SjhU2oZbRDisorjv7s5NfeEpA2y0i wt8i1432pNjO6RdL91dXS3S0n5uA+kloOrHuYOs9zwI2QBHMYW6P3YcsdM0+g8lTYDNCLa rcKuUgxeYcRVH6HaWwQlRdjeHV49sQs= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-132-aH7VcIvzNtyy6aed1DiV1A-1; Thu, 29 Dec 2022 15:37:48 -0500 X-MC-Unique: aH7VcIvzNtyy6aed1DiV1A-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 05F741C0513D; Thu, 29 Dec 2022 20:37:48 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id D6BC3112132D; Thu, 29 Dec 2022 20:37:45 +0000 (UTC) From: Vladis Dronov To: Herbert Xu , "David S . Miller" Cc: Nicolai Stange , Elliott Robert , Stephan Mueller , Eric Biggers , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov Subject: [PATCH v2 3/6] crypto: xts - drop redundant xts key check Date: Thu, 29 Dec 2022 21:37:05 +0100 Message-Id: <20221229203708.13628-4-vdronov@redhat.com> In-Reply-To: <20221229203708.13628-1-vdronov@redhat.com> References: <20221229203708.13628-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753582440002884415?= X-GMAIL-MSGID: =?utf-8?q?1753582440002884415?= xts_fallback_setkey() in xts_aes_set_key() will now enforce key size rule in FIPS mode when setting up the fallback algorithm keys, which makes the check in xts_aes_set_key() redundant or unreachable. So just drop this check. xts_fallback_setkey() now makes a key size check in xts_verify_key(): xts_fallback_setkey() crypto_skcipher_setkey() [ skcipher_setkey_unaligned() ] cipher->setkey() { .setkey = xts_setkey } xts_setkey() xts_verify_key() Signed-off-by: Vladis Dronov Reviewed-by: Eric Biggers --- arch/s390/crypto/aes_s390.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c index 526c3f40f6a2..c773820e4af9 100644 --- a/arch/s390/crypto/aes_s390.c +++ b/arch/s390/crypto/aes_s390.c @@ -398,10 +398,6 @@ static int xts_aes_set_key(struct crypto_skcipher *tfm, const u8 *in_key, if (err) return err; - /* In fips mode only 128 bit or 256 bit keys are valid */ - if (fips_enabled && key_len != 32 && key_len != 64) - return -EINVAL; - /* Pick the correct function code based on the key length */ fc = (key_len == 32) ? CPACF_KM_XTS_128 : (key_len == 64) ? CPACF_KM_XTS_256 : 0; From patchwork Thu Dec 29 20:37:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 37506 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2582343wrt; Thu, 29 Dec 2022 12:44:30 -0800 (PST) X-Google-Smtp-Source: AMrXdXuOlclRYMvjHiuo4maGAqLNmpujdEeqBzRQA0S8EXb4hDL1aQl5GbGdD7d4xvcwuLFfDDA4 X-Received: by 2002:a17:906:9693:b0:7c1:2980:7fd8 with SMTP id w19-20020a170906969300b007c129807fd8mr20437154ejx.17.1672346670822; Thu, 29 Dec 2022 12:44:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672346670; cv=none; d=google.com; s=arc-20160816; b=M4dSzGf0ZVAjEXQ+QoT1VWtjXkxfuJYp7xLKniZKgRr89Wm7AnCbdKdkGoUxL/dy6j 8w2mNyqmFt3lMei0Y9VZuIG78eYo2S9vumlQX4X/d4WzTfJrZkGoScKk4nWAbsneg+XO NIMBv6lK20A/m8Xftu0TTAJz56Y8qlfiWsmmJJm2MdQCIDxexd22Y43i4KiWDSfe9h+r Q9sJOj7MDtpMXVJZ/cvVwAuSBmTOgEyIoXzQo60VVGWVpr4gzcSqMQor0CdKNdwebyG3 fOu7G59IttgLOHUaac5Ugfzr1TApn6SGT+ofQkAYyAKyqotDe7NCC+6LOT1S8vg7iozp 81MA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=HocLF/KBTVlQUJt7QQMW7FIy1E4x5xixVjqadrM9WOY=; b=HvD6fqKmaF2KMQp/rBSltbGrMdCBRizs82RJ3h0IJWQiPzj7Hnylbb2dUEDNqrGNFH Of0iC5SbR5nuaxVA3OCzpDl0yxOLccyeDl5h0Q/fwzqaUN/ppejZUHnU13nHlFAF0RjR Gjol65Y1tv5fO5HtIz4GCkBVQBfF+D6fdrfLy9aC/I0O7mvkMZdqajvVcWjjolcgKSwf TNGVYvEE0TZ5RJuoE1XkhqHqCWi5YDMRgg6PzMgal5AN2RM/dP3r5LARnElRFnDkkVMI XRVFFzHPvIFC8hY4ZZGFQOn9Wzt4dtTpwnWadylWZuzDtE+N1vVBQi2FYo00POUthhJ7 KJHQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=BH+d48BJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q8-20020a056402040800b0047ef7214329si14880197edv.107.2022.12.29.12.44.06; Thu, 29 Dec 2022 12:44:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=BH+d48BJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234139AbiL2Ujy (ORCPT + 99 others); Thu, 29 Dec 2022 15:39:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51554 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234119AbiL2Uis (ORCPT ); Thu, 29 Dec 2022 15:38:48 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BECE31704C for ; Thu, 29 Dec 2022 12:37:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1672346276; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HocLF/KBTVlQUJt7QQMW7FIy1E4x5xixVjqadrM9WOY=; b=BH+d48BJZzUpDVJ+BGYOU8v3L6myTadiKSqYEfozLOrbLHXNacun/4w1kJWgXJUtWnYQFZ x+xofrg5D5sELp3Mz9xFZxbTyZWOhE/zmTPjM6QB0mRBb+oYTkJDPEQqPwCQwM6uH4kKcO CMFvgjO3pvRxmgGrkFvJGYjrh8odxz8= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-649-3X_ffHm3OjeLDsUUQMHdMQ-1; Thu, 29 Dec 2022 15:37:51 -0500 X-MC-Unique: 3X_ffHm3OjeLDsUUQMHdMQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 96D6229ABA00; Thu, 29 Dec 2022 20:37:50 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id 61AE1112132C; Thu, 29 Dec 2022 20:37:48 +0000 (UTC) From: Vladis Dronov To: Herbert Xu , "David S . Miller" Cc: Nicolai Stange , Elliott Robert , Stephan Mueller , Eric Biggers , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov Subject: [PATCH v2 4/6] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode Date: Thu, 29 Dec 2022 21:37:06 +0100 Message-Id: <20221229203708.13628-5-vdronov@redhat.com> In-Reply-To: <20221229203708.13628-1-vdronov@redhat.com> References: <20221229203708.13628-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753582582658200804?= X-GMAIL-MSGID: =?utf-8?q?1753582582658200804?= From: Nicolai Stange cbcmac(aes) may be used only as part of the ccm(aes) construction in FIPS mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific constructions in FIPS mode") there's support for using spawns which by itself are marked as non-approved from approved template instantiations. So simply mark plain cbcmac(aes) as non-approved in testmgr to block any attempts of direct instantiations in FIPS mode. Signed-off-by: Nicolai Stange Signed-off-by: Vladis Dronov Reviewed-by: Eric Biggers --- crypto/testmgr.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 4476ac97baa5..562463a77a76 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4501,7 +4501,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { #endif .alg = "cbcmac(aes)", - .fips_allowed = 1, .test = alg_test_hash, .suite = { .hash = __VECS(aes_cbcmac_tv_template) From patchwork Thu Dec 29 20:37:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 37508 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2582486wrt; Thu, 29 Dec 2022 12:44:58 -0800 (PST) X-Google-Smtp-Source: AMrXdXvq5oFPGiIqSsaDxOnByoULRy310uWv/8KUG34f57P/GE9Txibg99VlKZI9CDem0LtP1tGl X-Received: by 2002:a05:6a00:1d09:b0:581:254d:caa0 with SMTP id a9-20020a056a001d0900b00581254dcaa0mr15739875pfx.6.1672346698126; Thu, 29 Dec 2022 12:44:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672346698; cv=none; d=google.com; s=arc-20160816; b=Swl1FaCm5vMzwupz7VPuGU6snfi11ziT6yFBCU5NCGwQfBcXwM6TLQCmXqNWXrD9gc VzTMAT4MVzqHp89H+X7bPb5vfgoUGDH9Z5fj/e4iet7NTWGWPh14YsLSbfIaU4h+jDL+ c65IkSV4chiNpSl1/zx37bGOtwUbNgNRgXGof/HfTReRhfqNoFIBDSfO3zznUydVw5Ua ZKhLKH2pn8+F+HNeva2Pv7oNdAjtIKO7+MrhqvGoWVxsJ3jeqq2YGEdWuXjH4GQkw4jw 9yoCo9TYg7bLOgfDXkNsvyYdsdPehA4vjX5FbdssMSBxEoG1owc8hn9GrU1beoLrwUP4 LDqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=5DvSnehV36VU/oOzzLcli5gwI8QWk8eQIWnhStrPh7c=; b=s5VH3M7R5n7BV1yLoBgFmXXHYhjgr8OQOLy6LN60OZDx134tebVgGHunps73OrK1ZD gfGTODo1BJ9Oyx9tZPOKMrEfWcl2rk//N7bNEn1XmqPiHSyLW+NG7VQQf2xBB+XrzbBj IlNyyI/vgxTjDh6x7Zr4d73efs6xdmlHEgjGpt21fv5cX4MREWFArtHwS9+8IITo8nYG wuoQ84jH8VSGAFajlN1m82XhQyJVPnAssZSjjdCFZPf3n6tGonlLSo6RSf/Erw3y9xm5 sq1uoXlM2C8J9BQNomyaNbtv75MYzn3i8So2XD3lMlun/OiERMa+8j7jIX2AHu4y4tkd 8RlA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="JYrPcG/9"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bd9-20020a056a00278900b00574d06d6a4fsi21374432pfb.56.2022.12.29.12.44.45; Thu, 29 Dec 2022 12:44:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="JYrPcG/9"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234129AbiL2Ujq (ORCPT + 99 others); Thu, 29 Dec 2022 15:39:46 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234118AbiL2Uis (ORCPT ); Thu, 29 Dec 2022 15:38:48 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C641A17408 for ; Thu, 29 Dec 2022 12:37:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1672346278; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5DvSnehV36VU/oOzzLcli5gwI8QWk8eQIWnhStrPh7c=; b=JYrPcG/94A9vxex83SkOfbM6pAbl6INi7cEnHMpW0XXLZXiTgQonJFoyK8B+ZnxFYod/8A BnJKK07egJqX8SOK6r3Q9stq2vDDXYa9kYtfYKXxC/FRIU1ON5FSvQLNFL3Yr7W7dhnQxq rm4KflqAV/I2t9RDSAXkmaFz68mXqSM= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-125-EGcJBK5tNIC3JtoYLF_WqQ-1; Thu, 29 Dec 2022 15:37:53 -0500 X-MC-Unique: EGcJBK5tNIC3JtoYLF_WqQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2C64B1C05131; Thu, 29 Dec 2022 20:37:53 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id EA295112132C; Thu, 29 Dec 2022 20:37:50 +0000 (UTC) From: Vladis Dronov To: Herbert Xu , "David S . Miller" Cc: Nicolai Stange , Elliott Robert , Stephan Mueller , Eric Biggers , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov Subject: [PATCH v2 5/6] crypto: testmgr - disallow plain ghash in FIPS mode Date: Thu, 29 Dec 2022 21:37:07 +0100 Message-Id: <20221229203708.13628-6-vdronov@redhat.com> In-Reply-To: <20221229203708.13628-1-vdronov@redhat.com> References: <20221229203708.13628-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753582611065249595?= X-GMAIL-MSGID: =?utf-8?q?1753582611065249595?= From: Nicolai Stange ghash may be used only as part of the gcm(aes) construction in FIPS mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific constructions in FIPS mode") there's support for using spawns which by itself are marked as non-approved from approved template instantiations. So simply mark plain ghash as non-approved in testmgr to block any attempts of direct instantiations in FIPS mode. Signed-off-by: Nicolai Stange Signed-off-by: Vladis Dronov Reviewed-by: Eric Biggers --- crypto/testmgr.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 562463a77a76..a223cf5f3626 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5125,7 +5125,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "ghash", .test = alg_test_hash, - .fips_allowed = 1, .suite = { .hash = __VECS(ghash_tv_template) } From patchwork Thu Dec 29 20:37:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 37505 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2582277wrt; Thu, 29 Dec 2022 12:44:17 -0800 (PST) X-Google-Smtp-Source: AMrXdXu9MijMD51FJQoMMPQQn0ZSON44k5CVGZ9HtVjP33D8lYsCSeYxA4TWLMM6IloccsmHHnzk X-Received: by 2002:a17:90a:d318:b0:219:23e5:dcbe with SMTP id p24-20020a17090ad31800b0021923e5dcbemr46886001pju.19.1672346657055; Thu, 29 Dec 2022 12:44:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672346657; cv=none; d=google.com; s=arc-20160816; b=hzsrIaxsDHcKKkcKTK/j2g1vPtPAkh2JpI/VSJb8DV4k/8zv9nurM6BgWShnNwFwND Dl0hvspA4MdC6mpqNCkC6IO8VsZ77/N9/KIqrR4K/JpjMbnL2NTaIWO3wfk1lmFE6NhF IgOW2KLYoV9wPqQyTvJVg5aryL5KjkTpZaj53rqPgrb61L6t4GWra5/YcNP4XZVkxz1U Gg6vnwQ9TQcKGtlYKIS5L9lttpzpHfbHC79gEEr8fVxTDjfoRXh1sH/y5xLJKCO4PSF4 ajT9jZk9HpCuvcxXCpi1t32hn4Z03m41AgD/cXYda+XEgp7lURIm+FABc0yt3RLjImKn xfjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=M/O7ovWlD6rDqALxE5fmNq+xJQTo2e2KoATZ05+fVUM=; b=iZxolCpQcClzpqrl+sCaf+qm9XJXUG+0G+n0ZRPY6kZFiwvubpfI3VY6EhEFF4PZns 2Do8HfLqcp7kn+bkOXp3vI6ILtvgePvYU0VFwTjCnDgPzLott5Ho3TAf2GHwtSh/Q9bg owKENACy27r0wx8n0iM8Mv9ogg+AUnNdTHbcZS3jDubTtxQb3ipRKg3NqUcgWnayIiLy WfubaiJ/vbE9y40hyCr11qZCPILtu+ecPzEXfEV3wu/SnBx31vRvA5uEmgVFpSWtMslQ b3RNpZebWSe67wiBcCQ6OyI+tuNG5i8ZQE4l+NRbRxSO8LtSjzjp0hILdo1gEL8fkvWy KtjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=i0mYWB8Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pv13-20020a17090b3c8d00b00219de90bdc5si23268717pjb.20.2022.12.29.12.44.04; Thu, 29 Dec 2022 12:44:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=i0mYWB8Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234134AbiL2Uju (ORCPT + 99 others); Thu, 29 Dec 2022 15:39:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51524 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234116AbiL2Uir (ORCPT ); Thu, 29 Dec 2022 15:38:47 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A1E01740A for ; Thu, 29 Dec 2022 12:38:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1672346279; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=M/O7ovWlD6rDqALxE5fmNq+xJQTo2e2KoATZ05+fVUM=; b=i0mYWB8ZyU6WReOfsbQ2ZG9XEQeZEira0S6qdCVt7/Gvr46jKC5wDj5G2YSyrCv2qPfN+W 9tVAGVyp9AZs6P73DIWqzHC/m8c83mTn78Hy5fD/o8EMl/zgtrtMCZ9qxHGx3Rjfdqj+9H 4jCkB0iLxtkfg8Cp7LBYYq4OHxGNBzo= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-617-MPEltkLTPYOClQJQrA3BGA-1; Thu, 29 Dec 2022 15:37:56 -0500 X-MC-Unique: MPEltkLTPYOClQJQrA3BGA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C499929ABA00; Thu, 29 Dec 2022 20:37:55 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id 97DAF112132C; Thu, 29 Dec 2022 20:37:53 +0000 (UTC) From: Vladis Dronov To: Herbert Xu , "David S . Miller" Cc: Nicolai Stange , Elliott Robert , Stephan Mueller , Eric Biggers , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov Subject: [PATCH v2 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode Date: Thu, 29 Dec 2022 21:37:08 +0100 Message-Id: <20221229203708.13628-7-vdronov@redhat.com> In-Reply-To: <20221229203708.13628-1-vdronov@redhat.com> References: <20221229203708.13628-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753582568085956135?= X-GMAIL-MSGID: =?utf-8?q?1753582568085956135?= From: Nicolai Stange The kernel provides implementations of the NIST ECDSA signature verification primitives. For key sizes of 256 and 384 bits respectively they are approved and can be enabled in FIPS mode. Do so. Signed-off-by: Nicolai Stange Signed-off-by: Vladis Dronov Reviewed-by: Eric Biggers --- crypto/testmgr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index a223cf5f3626..795c4858c741 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5034,12 +5034,14 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "ecdsa-nist-p256", .test = alg_test_akcipher, + .fips_allowed = 1, .suite = { .akcipher = __VECS(ecdsa_nist_p256_tv_template) } }, { .alg = "ecdsa-nist-p384", .test = alg_test_akcipher, + .fips_allowed = 1, .suite = { .akcipher = __VECS(ecdsa_nist_p384_tv_template) }