From patchwork Thu Dec 29 21:17:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 37513 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2594832wrt; Thu, 29 Dec 2022 13:21:34 -0800 (PST) X-Google-Smtp-Source: AMrXdXtUqn+yB3F4WA+Ot99uApLz0hp+wkMnZp+JaRLXs1ouVOXqq+Hbc8l0EgHFo/1WtFy0rNz3 X-Received: by 2002:aa7:88c3:0:b0:580:963d:8064 with SMTP id k3-20020aa788c3000000b00580963d8064mr35852906pff.20.1672348894023; Thu, 29 Dec 2022 13:21:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672348894; cv=none; d=google.com; s=arc-20160816; b=KzSQhxpDiE8h5kAmkM2aAQ2vJncYvpPkmIye0fVIfPKCYSEaCorKn+RfghvQyIhhzI sLiYynrQwxvuZfLwyf1Ry44uUT1ceAFKnKiT+d761iKED96IVU1P7wTtMnyAADAYXShw toZSLLPv/VsOIVliHxl1TASapM3WRAhDk6JAZKD9e8qxANB3ugNL00aksWefXretI7eL 587H1YRljqz+1TW2EVxcmzJeXOqZhK+yP6Hpg4YFyVSrjo9V7FARiVuxtwQStih1Cfkn Bg4fo0qBaobsAQFzS7iWeog3kJNdfHsuDSTf+sU82munbpZ74QuD9E4aag4BfcZhWZR5 nKVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=HInbXzTW3Cb08AWmdq+dd1m19tc/OaqTF+DjibQiGV4=; b=XP0C0DN759q7SwME0huEafOCCgRSIYZHQyAi6npo3H2YzVwHOT+ADSnrbNmaYdy1n4 Ra839vrTSGXHfBCTvvVjXv6ns7JkUFL6NrGOHWNPAAEn/4Q9ixB1YllBTeLDdpBOT1ej hMlgJ3iJHXPD5lKvGB8NCzGZl3ApGDb7OXWHbKK48kjKifFachUvvrb6IxS61qcMrfLp t6f5TaASZPpY7Jyt/Dt+W11i4BSbWNLmUM/LAkohyHv0ZP66l36UXC6sFjDEQHxLyE0d H1PNBgYKWR/EeG8aGflfOWg5LW/2eC5A82Wzbx+6iZrLOCrvbA9GFCbSSGZ0pDL14A6F Chmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YgjYDn1C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d10-20020a056a0024ca00b0057731e4f614si3732599pfv.85.2022.12.29.13.21.21; Thu, 29 Dec 2022 13:21:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YgjYDn1C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233814AbiL2VSh (ORCPT + 99 others); Thu, 29 Dec 2022 16:18:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39652 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234205AbiL2VSR (ORCPT ); Thu, 29 Dec 2022 16:18:17 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 744F26308 for ; Thu, 29 Dec 2022 13:17:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1672348647; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HInbXzTW3Cb08AWmdq+dd1m19tc/OaqTF+DjibQiGV4=; b=YgjYDn1CXN3BhSvHeBdXsGQCj49ZScvoawr+AJcsCtPUab4pFSjCEk8cvAQz5Vx8961u1u 9o69iUIwu/YxvHBQx66rEhqZy0ufc6vhmQj62dFKAuyW8+/lvaCDiltNTjDXFK29hh1Ei0 G5wMZeZOFyoMDulPXDKaynOsSdw2dgU= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-84-b4_ZkEDMNJOK7ZlJvgxDyw-1; Thu, 29 Dec 2022 16:17:23 -0500 X-MC-Unique: b4_ZkEDMNJOK7ZlJvgxDyw-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 825CC8533DA; Thu, 29 Dec 2022 21:17:22 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3E53C492B00; Thu, 29 Dec 2022 21:17:20 +0000 (UTC) From: Vladis Dronov To: Herbert Xu , "David S . Miller" Cc: Nicolai Stange , Elliott Robert , Stephan Mueller , Eric Biggers , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov Subject: [PATCH v3 1/6] crypto: xts - restrict key lengths to approved values in FIPS mode Date: Thu, 29 Dec 2022 22:17:05 +0100 Message-Id: <20221229211710.14912-2-vdronov@redhat.com> In-Reply-To: <20221229211710.14912-1-vdronov@redhat.com> References: <20221229211710.14912-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753584913603423432?= X-GMAIL-MSGID: =?utf-8?q?1753584913603423432?= From: Nicolai Stange According to FIPS 140-3 IG C.I., only (total) key lengths of either 256 bits or 512 bits are allowed with xts(aes). Make xts_verify_key() to reject anything else in FIPS mode. As xts(aes) is the only approved xts() template instantiation in FIPS mode, the new restriction implemented in xts_verify_key() effectively only applies to this particular construction. Signed-off-by: Nicolai Stange Signed-off-by: Vladis Dronov --- include/crypto/xts.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/crypto/xts.h b/include/crypto/xts.h index 0f8dba69feb4..a233c1054df2 100644 --- a/include/crypto/xts.h +++ b/include/crypto/xts.h @@ -35,6 +35,13 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm, if (keylen % 2) return -EINVAL; + /* + * In FIPS mode only a combined key length of either 256 or + * 512 bits is allowed, c.f. FIPS 140-3 IG C.I. + */ + if (fips_enabled && keylen != 32 && keylen != 64) + return -EINVAL; + /* ensure that the AES and tweak key are not identical */ if ((fips_enabled || (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) && From patchwork Thu Dec 29 21:17:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 37515 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2594927wrt; Thu, 29 Dec 2022 13:21:56 -0800 (PST) X-Google-Smtp-Source: AMrXdXst4sMH4O87slrxWARrCdQ3dvn8OM8fMNoMnCZcQUgzTv8x40P5aarptcmlw/G2JHYRE56p X-Received: by 2002:a05:6a21:99a4:b0:a3:94cd:1435 with SMTP id ve36-20020a056a2199a400b000a394cd1435mr48439107pzb.38.1672348916441; Thu, 29 Dec 2022 13:21:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672348916; cv=none; d=google.com; s=arc-20160816; b=LsgLNtPvbU4OjlDRZ25aYeOB2kXY6PQwzYBMjUhQk5zMI0mEkrCc2b1skLWs/ylFNd KjQQjspeMGfRTlpegQ9KD2GwTyGSKwUvyJ8Z4vG5ZRpT8YLPa1/knjkGNriDFwJnlvuu owhv2Ar5R4uy8AtX8WNHDhKdYPzLAUSrNqHijUQPEOhA+8zsK+BY1jqI8TzGXsIwQacd eA1lbFxNP61Yw01Q5t75LKvG7pE20Lb8BTXAGqVrhQMoDEu+6QGRKDaMZR7ndhxAVVKa agW2nJi9ErmdaF27V4Oo0HZMIQ1lyLoQjamC0XGFjVFQO0+EKNBcVuUqo5Cenu3fzUfZ 0DdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4TT6ZnS4c4XNNryd0dblg0NDQpCD/OKbVNdhp0j+A+E=; b=GTrEuOqY0A33insFZC1RXCO302j4nar5ab1XLXJSWQuSABpp0CrRVoa3mA9UAf1P3Q TMHqv6wySVN4zuOe01LS5boV9M5oWl1mEo84filGZpOyBTpRj+8zMALV2be3psW1xE6U 9bTw0ZKLDRbRap5FzkCSju6exPNJHg7UL96Ylj3QNkpzdjZQl2hflFbfYldt3kiDiqD9 XKjZmUeJUrQwSD5Nclf8hr3c/1rDqAgG+wZdpuJuqUfxZtWlSIun42SVfh7ecO4gxr9+ 2CzGtrezXR1W5nw35kzqmKj/u16J5EtG2oiehfZxtJ7tIdpj/GBryxuwDq/TE11/bk7v 1aTQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=En9xINuc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f65-20020a625144000000b005750d19295esi18584644pfb.369.2022.12.29.13.21.44; Thu, 29 Dec 2022 13:21:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=En9xINuc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234216AbiL2VSz (ORCPT + 99 others); Thu, 29 Dec 2022 16:18:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39674 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234207AbiL2VST (ORCPT ); Thu, 29 Dec 2022 16:18:19 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F8ABB48E for ; Thu, 29 Dec 2022 13:17:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1672348649; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4TT6ZnS4c4XNNryd0dblg0NDQpCD/OKbVNdhp0j+A+E=; b=En9xINuci63qFozfyNkG0zg/EuW/xquG1UTBGmw4/PzR9gIUTwTcNdeKSL3HNRXe2/Ct/T SsPoDpjT8iLJxj2J6tXETr+XuMaLAgX8yb0NrxdSHGO4TT+bBhICXMAKV848qOKRSeKsmr PYp33UPMS80m8TtZxZPkdO24uxAMkrA= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-461-odd_7TpmMEqDQaQiH0_bhA-1; Thu, 29 Dec 2022 16:17:26 -0500 X-MC-Unique: odd_7TpmMEqDQaQiH0_bhA-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4882D3C02521; Thu, 29 Dec 2022 21:17:25 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id E6CC8492B00; Thu, 29 Dec 2022 21:17:22 +0000 (UTC) From: Vladis Dronov To: Herbert Xu , "David S . Miller" Cc: Nicolai Stange , Elliott Robert , Stephan Mueller , Eric Biggers , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov Subject: [PATCH v3 2/6] crypto: xts - drop xts_check_key() Date: Thu, 29 Dec 2022 22:17:06 +0100 Message-Id: <20221229211710.14912-3-vdronov@redhat.com> In-Reply-To: <20221229211710.14912-1-vdronov@redhat.com> References: <20221229211710.14912-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753584937337118672?= X-GMAIL-MSGID: =?utf-8?q?1753584937337118672?= xts_check_key() is obsoleted by xts_verify_key(). Over time XTS crypto drivers adopted the newer xts_verify_key() variant, but xts_check_key() is still used by a number of drivers. Switch drivers to use the newer xts_verify_key() and make a couple of cleanups. This allows us to drop xts_check_key() completely and avoid redundancy. Signed-off-by: Vladis Dronov Reviewed-by: Eric Biggers Reviewed-by: Nicolai Stange --- arch/s390/crypto/paes_s390.c | 2 +- drivers/crypto/atmel-aes.c | 2 +- drivers/crypto/axis/artpec6_crypto.c | 2 +- drivers/crypto/cavium/cpt/cptvf_algs.c | 8 +++---- .../crypto/cavium/nitrox/nitrox_skcipher.c | 8 +++---- drivers/crypto/ccree/cc_cipher.c | 2 +- .../crypto/marvell/octeontx/otx_cptvf_algs.c | 2 +- .../marvell/octeontx2/otx2_cptvf_algs.c | 2 +- include/crypto/xts.h | 22 ++++--------------- 9 files changed, 16 insertions(+), 34 deletions(-) diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c index a279b7d23a5e..29dc827e0fe8 100644 --- a/arch/s390/crypto/paes_s390.c +++ b/arch/s390/crypto/paes_s390.c @@ -474,7 +474,7 @@ static int xts_paes_set_key(struct crypto_skcipher *tfm, const u8 *in_key, return rc; /* - * xts_check_key verifies the key length is not odd and makes + * xts_verify_key verifies the key length is not odd and makes * sure that the two keys are not the same. This can be done * on the two protected keys as well */ diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c index 886bf258544c..130f8bf09a9a 100644 --- a/drivers/crypto/atmel-aes.c +++ b/drivers/crypto/atmel-aes.c @@ -1879,7 +1879,7 @@ static int atmel_aes_xts_setkey(struct crypto_skcipher *tfm, const u8 *key, struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm); int err; - err = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen); + err = xts_verify_key(tfm, key, keylen); if (err) return err; diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c index 51c66afbe677..f6f41e316dfe 100644 --- a/drivers/crypto/axis/artpec6_crypto.c +++ b/drivers/crypto/axis/artpec6_crypto.c @@ -1621,7 +1621,7 @@ artpec6_crypto_xts_set_key(struct crypto_skcipher *cipher, const u8 *key, crypto_skcipher_ctx(cipher); int ret; - ret = xts_check_key(&cipher->base, key, keylen); + ret = xts_verify_key(cipher, key, keylen); if (ret) return ret; diff --git a/drivers/crypto/cavium/cpt/cptvf_algs.c b/drivers/crypto/cavium/cpt/cptvf_algs.c index 9eca0c302186..0b38c2600b86 100644 --- a/drivers/crypto/cavium/cpt/cptvf_algs.c +++ b/drivers/crypto/cavium/cpt/cptvf_algs.c @@ -232,13 +232,12 @@ static int cvm_decrypt(struct skcipher_request *req) static int cvm_xts_setkey(struct crypto_skcipher *cipher, const u8 *key, u32 keylen) { - struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); - struct cvm_enc_ctx *ctx = crypto_tfm_ctx(tfm); + struct cvm_enc_ctx *ctx = crypto_skcipher_ctx(cipher); int err; const u8 *key1 = key; const u8 *key2 = key + (keylen / 2); - err = xts_check_key(tfm, key, keylen); + err = xts_verify_key(cipher, key, keylen); if (err) return err; ctx->key_len = keylen; @@ -289,8 +288,7 @@ static int cvm_validate_keylen(struct cvm_enc_ctx *ctx, u32 keylen) static int cvm_setkey(struct crypto_skcipher *cipher, const u8 *key, u32 keylen, u8 cipher_type) { - struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); - struct cvm_enc_ctx *ctx = crypto_tfm_ctx(tfm); + struct cvm_enc_ctx *ctx = crypto_skcipher_ctx(cipher); ctx->cipher_type = cipher_type; if (!cvm_validate_keylen(ctx, keylen)) { diff --git a/drivers/crypto/cavium/nitrox/nitrox_skcipher.c b/drivers/crypto/cavium/nitrox/nitrox_skcipher.c index 248b4fff1c72..138261dcd032 100644 --- a/drivers/crypto/cavium/nitrox/nitrox_skcipher.c +++ b/drivers/crypto/cavium/nitrox/nitrox_skcipher.c @@ -337,12 +337,11 @@ static int nitrox_3des_decrypt(struct skcipher_request *skreq) static int nitrox_aes_xts_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) { - struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); - struct nitrox_crypto_ctx *nctx = crypto_tfm_ctx(tfm); + struct nitrox_crypto_ctx *nctx = crypto_skcipher_ctx(cipher); struct flexi_crypto_context *fctx; int aes_keylen, ret; - ret = xts_check_key(tfm, key, keylen); + ret = xts_verify_key(cipher, key, keylen); if (ret) return ret; @@ -362,8 +361,7 @@ static int nitrox_aes_xts_setkey(struct crypto_skcipher *cipher, static int nitrox_aes_ctr_rfc3686_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) { - struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); - struct nitrox_crypto_ctx *nctx = crypto_tfm_ctx(tfm); + struct nitrox_crypto_ctx *nctx = crypto_skcipher_ctx(cipher); struct flexi_crypto_context *fctx; int aes_keylen; diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index 309da6334a0a..2cd44d7457a4 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -460,7 +460,7 @@ static int cc_cipher_setkey(struct crypto_skcipher *sktfm, const u8 *key, } if (ctx_p->cipher_mode == DRV_CIPHER_XTS && - xts_check_key(tfm, key, keylen)) { + xts_verify_key(sktfm, key, keylen)) { dev_dbg(dev, "weak XTS key"); return -EINVAL; } diff --git a/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c b/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c index 80ba77c793a7..83493dd0416f 100644 --- a/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c +++ b/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c @@ -398,7 +398,7 @@ static int otx_cpt_skcipher_xts_setkey(struct crypto_skcipher *tfm, const u8 *key1 = key; int ret; - ret = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen); + ret = xts_verify_key(tfm, key, keylen); if (ret) return ret; ctx->key_len = keylen; diff --git a/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c b/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c index 30b423605c9c..443202caa140 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c +++ b/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c @@ -412,7 +412,7 @@ static int otx2_cpt_skcipher_xts_setkey(struct crypto_skcipher *tfm, const u8 *key1 = key; int ret; - ret = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen); + ret = xts_verify_key(tfm, key, keylen); if (ret) return ret; ctx->key_len = keylen; diff --git a/include/crypto/xts.h b/include/crypto/xts.h index a233c1054df2..15b16c4853d8 100644 --- a/include/crypto/xts.h +++ b/include/crypto/xts.h @@ -8,23 +8,6 @@ #define XTS_BLOCK_SIZE 16 -static inline int xts_check_key(struct crypto_tfm *tfm, - const u8 *key, unsigned int keylen) -{ - /* - * key consists of keys of equal size concatenated, therefore - * the length must be even. - */ - if (keylen % 2) - return -EINVAL; - - /* ensure that the AES and tweak key are not identical */ - if (fips_enabled && !crypto_memneq(key, key + (keylen / 2), keylen / 2)) - return -EINVAL; - - return 0; -} - static inline int xts_verify_key(struct crypto_skcipher *tfm, const u8 *key, unsigned int keylen) { @@ -42,7 +25,10 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm, if (fips_enabled && keylen != 32 && keylen != 64) return -EINVAL; - /* ensure that the AES and tweak key are not identical */ + /* + * Ensure that the AES and tweak key are not identical when + * in FIPS mode or the FORBID_WEAK_KEYS flag is set. + */ if ((fips_enabled || (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) && !crypto_memneq(key, key + (keylen / 2), keylen / 2)) From patchwork Thu Dec 29 21:17:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 37514 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2594879wrt; Thu, 29 Dec 2022 13:21:45 -0800 (PST) X-Google-Smtp-Source: AMrXdXt644z9c9BNI3Mn8WcUnugutQuXGyis/cBHlzuwgfnjf9Ua4B3UqUAROT4t4xM5GnHInzp4 X-Received: by 2002:a17:90b:384d:b0:225:b446:91ef with SMTP id nl13-20020a17090b384d00b00225b44691efmr28737096pjb.29.1672348905253; Thu, 29 Dec 2022 13:21:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672348905; cv=none; d=google.com; s=arc-20160816; b=YKRH63hMTqOiVsO9F1bva3dtPFqpZIX/dSQyyknHa8+KTHKrencF885dK8FQZIfvR/ +el+SoKEULm8FVR6meOXYiUxaAkP4aGVOY2gHytuihvajKaYhpYt8uwcdEXiZTl8/rUI CqGeZwd09qMWbhA65X4vc9JzVqELkbvqMxg1Ax7g6oCSN2UNNOxVAdCrM+kzADo/MBWY RuQCfBcr8n1oTRvQ+5CG7lEzglidOEBiwD9zNurPYs/Ti9SufT+osYGir9z6wcXlawg0 5vBfHbZL9MANsdQWCcbps1PjMFWCI5pS9gLIMmQuaXWCYb2sTtU3vy8LulevTlOIT7ni phhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=kwfJcVBxWNMAZYpPSPCoOdNBGIp3nX0+9louWAKvFDk=; b=Zi+PvGc6sB7Z3AeoeZFIBlmQA07QtMLYh90RLiHPj8z/iTzackdthw9uh3LY070m0J iws4sZ561nTRFGkX92oTwS9U9OD9z1GguVNTmkWpmx7oIXVR/hhlFZsSu0nast9uCIX9 ckrV//CeydDCu/fZyJRSSeeBajsu/UrCLxU2bdiHYDsZ7dXeTLrqGdkakbTojVwAj07y soV6zZP5Qd0aKtYHYuruNUD4u/twMMp/XVv7mU6se9EHrNWcaJCkfmvJvVXE39ckIXCB 2+W8u8lCjhWTUuzK4FnrUkMfciElEVoCJ7t7FqMLW5iPL7mWMjg08kO7jIrqNlqNlgxA VG7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YUIHjnC0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lx14-20020a17090b4b0e00b0021bc843908esi25127755pjb.119.2022.12.29.13.21.33; Thu, 29 Dec 2022 13:21:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YUIHjnC0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234270AbiL2VSn (ORCPT + 99 others); Thu, 29 Dec 2022 16:18:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39686 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234206AbiL2VSR (ORCPT ); Thu, 29 Dec 2022 16:18:17 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5B662BC32 for ; Thu, 29 Dec 2022 13:17:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1672348651; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kwfJcVBxWNMAZYpPSPCoOdNBGIp3nX0+9louWAKvFDk=; b=YUIHjnC0xTzv5EZEMU1k4u4a/hXLTr+ZmvOj0t18H63Qu0iVO6mnrnEf97RTQXweMu+uoz zZrmcSRBPX4pKcGtt5lU2QkgueTTb+3IqZbeq63syQGoKYglGOT7rIKHCyCrVhCWo8FVa+ JrSJORenijhXhdj5YInJqv95tJ8jl1g= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-537-JWXU0-KVNMuepvPYIMb6zQ-1; Thu, 29 Dec 2022 16:17:28 -0500 X-MC-Unique: JWXU0-KVNMuepvPYIMb6zQ-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D113B8F6E83; Thu, 29 Dec 2022 21:17:27 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8E13B492B00; Thu, 29 Dec 2022 21:17:25 +0000 (UTC) From: Vladis Dronov To: Herbert Xu , "David S . Miller" Cc: Nicolai Stange , Elliott Robert , Stephan Mueller , Eric Biggers , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov Subject: [PATCH v3 3/6] crypto: xts - drop redundant xts key check Date: Thu, 29 Dec 2022 22:17:07 +0100 Message-Id: <20221229211710.14912-4-vdronov@redhat.com> In-Reply-To: <20221229211710.14912-1-vdronov@redhat.com> References: <20221229211710.14912-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753584925688302689?= X-GMAIL-MSGID: =?utf-8?q?1753584925688302689?= xts_fallback_setkey() in xts_aes_set_key() will now enforce key size rule in FIPS mode when setting up the fallback algorithm keys, which makes the check in xts_aes_set_key() redundant or unreachable. So just drop this check. xts_fallback_setkey() now makes a key size check in xts_verify_key(): xts_fallback_setkey() crypto_skcipher_setkey() [ skcipher_setkey_unaligned() ] cipher->setkey() { .setkey = xts_setkey } xts_setkey() xts_verify_key() Signed-off-by: Vladis Dronov --- arch/s390/crypto/aes_s390.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c index 526c3f40f6a2..c773820e4af9 100644 --- a/arch/s390/crypto/aes_s390.c +++ b/arch/s390/crypto/aes_s390.c @@ -398,10 +398,6 @@ static int xts_aes_set_key(struct crypto_skcipher *tfm, const u8 *in_key, if (err) return err; - /* In fips mode only 128 bit or 256 bit keys are valid */ - if (fips_enabled && key_len != 32 && key_len != 64) - return -EINVAL; - /* Pick the correct function code based on the key length */ fc = (key_len == 32) ? CPACF_KM_XTS_128 : (key_len == 64) ? CPACF_KM_XTS_256 : 0; From patchwork Thu Dec 29 21:17:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 37512 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2594571wrt; Thu, 29 Dec 2022 13:20:47 -0800 (PST) X-Google-Smtp-Source: AMrXdXvYwDgwOqgxrr0ZliK5xi/Jbk4YEeCZIWKO0RfRu+AlkkgoDyTu6Kf1jLlzGMqHO7sHlVZ9 X-Received: by 2002:a62:a21e:0:b0:581:95a7:d2f4 with SMTP id m30-20020a62a21e000000b0058195a7d2f4mr7724645pff.9.1672348847398; Thu, 29 Dec 2022 13:20:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672348847; cv=none; d=google.com; s=arc-20160816; b=hFqN9X6BbqWiqGchBpEcql/ISk25wrbCPVLAtZAVewDveWJTzeSJ5ywJKvptxdgtvg wzJzGZ1LgT2IcXHCujDeun+K05dkLd3EHq6ohtpb6FojBcotDqIyXeDQylBl+BpRpHq7 2gFmhzso7lztCG7dVUINYlpDhN9sTB47JL1Zn5m+0314EC9p691FYZeMxHViEHkSC1kJ RzZmojZebHHx6KuoONpzx6bJOYzm5NHtLjdPp54v5sNtlTsaIiCrMs/WfZ3AF9/YZajm 5og36TdMx9Lvze+5ujf95cC9RdgZoQ8+oNoROxoI5lyMztx8SKhhijX/iHTNK88fbOLW k3Mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pplydIw3aMKsqvdgTdU8/nS7VlTB2EzgwMqQkCaddDc=; b=u4XU0/ViFb8ZhxRIFq9CIV03W4PDvA/ezXEIfRJK4bMDJg+OLY/HEWuEnyJRR2Hijn r1GHM2eZDDqV4qvZpj9VoxbuPk5XIIbpqHqNFGZAITqdR4rihLV24ZrFsSuiIE4Uchu3 8AfB9HVVd8IfP4C3cWI19yUMTErh/Y5Ukzp8/St6RgxlKOE745rq4LRX/oDQohmB65rC KlSYmm5BNw2qHQctScKtlQ7rLNUgWhyU0TTnVjwFsp/yf8Qhvqys5gYnpckOw0+Xu2ag aCdV8Mpa0XZQLMjUt2bXqFSAZAWZM/M14KPQ9+S5KgWzX6Ai2Z28l9AcZFP7jylEVP6w +6zg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=iNXCv+o8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d10-20020a056a0024ca00b0057731e4f614si3732599pfv.85.2022.12.29.13.20.35; Thu, 29 Dec 2022 13:20:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=iNXCv+o8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234211AbiL2VSc (ORCPT + 99 others); Thu, 29 Dec 2022 16:18:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39708 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234084AbiL2VSP (ORCPT ); Thu, 29 Dec 2022 16:18:15 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF8A6CE01 for ; Thu, 29 Dec 2022 13:17:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1672348654; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pplydIw3aMKsqvdgTdU8/nS7VlTB2EzgwMqQkCaddDc=; b=iNXCv+o8ua4uPU6rd5rI0p4ZbIMGQ0etGTwbX/EOqfzkVbBpMvlxuBYzrqKLu1QQYK/EL5 xWT+hS99KmEqByjc8Ffb2vcgWnjNwqu2AwZWwGI1zrwnnRyhPgYyHgVi2bDrIA84vxLzzz J8BTZgSKIsdb+kxV5WSFRsjEBtpb0mc= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-447-owDk3qTrMFuKZDB4zJksYg-1; Thu, 29 Dec 2022 16:17:31 -0500 X-MC-Unique: owDk3qTrMFuKZDB4zJksYg-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7EA13858F09; Thu, 29 Dec 2022 21:17:30 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id 43B4F492B00; Thu, 29 Dec 2022 21:17:28 +0000 (UTC) From: Vladis Dronov To: Herbert Xu , "David S . Miller" Cc: Nicolai Stange , Elliott Robert , Stephan Mueller , Eric Biggers , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov Subject: [PATCH v3 4/6] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode Date: Thu, 29 Dec 2022 22:17:08 +0100 Message-Id: <20221229211710.14912-5-vdronov@redhat.com> In-Reply-To: <20221229211710.14912-1-vdronov@redhat.com> References: <20221229211710.14912-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753584865182307164?= X-GMAIL-MSGID: =?utf-8?q?1753584865182307164?= From: Nicolai Stange cbcmac(aes) may be used only as part of the ccm(aes) construction in FIPS mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific constructions in FIPS mode") there's support for using spawns which by itself are marked as non-approved from approved template instantiations. So simply mark plain cbcmac(aes) as non-approved in testmgr to block any attempts of direct instantiations in FIPS mode. Signed-off-by: Nicolai Stange Signed-off-by: Vladis Dronov --- crypto/testmgr.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 4476ac97baa5..562463a77a76 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4501,7 +4501,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { #endif .alg = "cbcmac(aes)", - .fips_allowed = 1, .test = alg_test_hash, .suite = { .hash = __VECS(aes_cbcmac_tv_template) From patchwork Thu Dec 29 21:17:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 37516 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2595357wrt; Thu, 29 Dec 2022 13:23:31 -0800 (PST) X-Google-Smtp-Source: AMrXdXvXUBlbBxMMxV8819OMdrpbgydsGuUud4sD70UDfd38HUTFGzb4gNzQOtVlQHsG0kkG1EPK X-Received: by 2002:a17:907:a64b:b0:7c0:faff:ab43 with SMTP id vu11-20020a170907a64b00b007c0faffab43mr26175091ejc.26.1672349011438; Thu, 29 Dec 2022 13:23:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672349011; cv=none; d=google.com; s=arc-20160816; b=OsgBchDJ87wdjTqOXCKopeg7fUlsaLKOPn9N9vKzuTNFxBFya8YWjbN0ElTAKkYkT5 BaJZ2meCyOzyN5b96k603M2CoA4dgC3yWDWzqnkGLIMhrRPlcqqoNpTgPspWBCzdEfCX BHuH+Md6MlElqRffHR3mMpukob3FzVml5To6+lUEJU2bhTZVPiV/J1QBrEZZRpsojDkk mYwVQjJFSyig8dkoWYRXzfkgaSfPRZiY7EflAX9Pa95qI76rd5c2tbc4m8KFCadg9zLA nYzvc2cWc98m4V9cEVDfJWcA0BteelULA9DzPZ1AeUyxwBqWqWhfPYxR3QMiMToOv8dZ b0qA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=l9hhi/SANunKmoKwXebRhuBJH3zZsPz8xdoxFhR57EY=; b=RvIWhrpJCchVvAMKlh0IjVUGRhER0GWr7yklOgoFSa0ZN5hFfn80aCEpndBhkYEo15 3b2fKGftP+8cc3eCDTNXua+wSy/3Y1nBEnWtHWVnFkhb0QK2YkI/n/gjreDXzve5Pns5 cD8t8/PQn+y9+/pNJSXUIGnX32Tbk49oXx/qAWJ0xvpwnF7YUD1sN7vJKZcOdsnC5T4f fjJkQo2enEIdlW2E1oUt2cuAIG/fT+FvvVrr+E76kJoF5MqZzQ2d3+y7tgn1a4nxq819 HvgmD28aGJ7TPv9HTNf6i7BV662QA9AjgxEmGsQ14yFLx+nZxaJmOVskz+R8c104E+WB Ci8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KaPzllQG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hs12-20020a1709073e8c00b007c10638840asi16196704ejc.75.2022.12.29.13.23.07; Thu, 29 Dec 2022 13:23:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KaPzllQG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234282AbiL2VS5 (ORCPT + 99 others); Thu, 29 Dec 2022 16:18:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39720 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234208AbiL2VSW (ORCPT ); Thu, 29 Dec 2022 16:18:22 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C4F9DBC27 for ; Thu, 29 Dec 2022 13:17:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1672348657; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=l9hhi/SANunKmoKwXebRhuBJH3zZsPz8xdoxFhR57EY=; b=KaPzllQGUiy0NzVs0fsQLWIEk0NAIxBk8aKEZzp6SiNcdaVOf8d7ZcFADL1OUAhuIJzBE7 2c/7qocuadbl88yMUCsURHQYhuAMOut0DY6Y77TDr0JJPd6RDv1owkBlyPn+Qhxx1TS2Bv oM8r/ui0LzI4Pduu5jwbsWhBhI9q5cI= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-592-6Ovcs_-INPSoQJHseSVycg-1; Thu, 29 Dec 2022 16:17:33 -0500 X-MC-Unique: 6Ovcs_-INPSoQJHseSVycg-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 13A62101B429; Thu, 29 Dec 2022 21:17:33 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id D2568492B00; Thu, 29 Dec 2022 21:17:30 +0000 (UTC) From: Vladis Dronov To: Herbert Xu , "David S . Miller" Cc: Nicolai Stange , Elliott Robert , Stephan Mueller , Eric Biggers , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov Subject: [PATCH v3 5/6] crypto: testmgr - disallow plain ghash in FIPS mode Date: Thu, 29 Dec 2022 22:17:09 +0100 Message-Id: <20221229211710.14912-6-vdronov@redhat.com> In-Reply-To: <20221229211710.14912-1-vdronov@redhat.com> References: <20221229211710.14912-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753585036613725715?= X-GMAIL-MSGID: =?utf-8?q?1753585036613725715?= From: Nicolai Stange ghash may be used only as part of the gcm(aes) construction in FIPS mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific constructions in FIPS mode") there's support for using spawns which by itself are marked as non-approved from approved template instantiations. So simply mark plain ghash as non-approved in testmgr to block any attempts of direct instantiations in FIPS mode. Signed-off-by: Nicolai Stange Signed-off-by: Vladis Dronov --- crypto/testmgr.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 562463a77a76..a223cf5f3626 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5125,7 +5125,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "ghash", .test = alg_test_hash, - .fips_allowed = 1, .suite = { .hash = __VECS(ghash_tv_template) } From patchwork Thu Dec 29 21:17:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 37517 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2595529wrt; Thu, 29 Dec 2022 13:24:08 -0800 (PST) X-Google-Smtp-Source: AMrXdXvAGP5fZ+SedlxLb/nszVZhYNs9Df05dXEM5vCp5uEY1OJO2iENREu72ueAQbiCSQLcrJZP X-Received: by 2002:a17:902:ce85:b0:18f:a0de:6ad0 with SMTP id f5-20020a170902ce8500b0018fa0de6ad0mr38745657plg.55.1672349047970; Thu, 29 Dec 2022 13:24:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672349047; cv=none; d=google.com; s=arc-20160816; b=rXYJzqjrmtOL289o4ZMVyrZ8EHcm+LXkuavBMQEYKc6CUogFMsK1/Wbv/bhA63rayT Y2KVj7l2z8W14J5yz2+UtAp8WdzGrkYbxpMk2LUyqmHCRSqHFU65s1wedQzD4miLrkcl wAHKGydB/suPxK4JvP+LCQV7K60oIlJibDCZzqQQHT4MngJICam1290FAzHjAQMMWLSm cGspZAzJDCv9lNog+Qi/MeyrplQr4omhSef1pAD42t8vOVmZ4fGxU6lMpxu9FIoxYo3G 0Q6xyaxiKs0eXDZ6o4JSaqpdrmvKCJi0QD6eZcelIwKi3dbwD+5p19019mpgRQHB/bXl qNkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=mv0JdiEUm8fY4r7rY54vtlemTUttCXqsgsmptQYzLmc=; b=yIwjR4nPItZunljSZdJ5qJ7MAp3Zr7gSjkDBoIy68rZfwpRQUIO3SU4r4sk/TH8zlK hJq7mobv2sriw+93/XYLLbrNcSy0tCT/0py58EiMmZ6S9y/MZBDLVlkU8WRfbJ/97v0b wuDtFEKUJIVIT91v27AU/AOedSUHq73LwZcIXI7DOc5RH0Y95VdvL2d9Uf6tkwcNaBvb JMcOntk/MLT93jlVX5fTobwgEGfz1sWHfNfhbyvBTU9e6XRW7sr6NEFaj9v+Fcwdj+N3 By6t7W5/sbWbfHulRYgTgs6TyKD9orQFzXT13kwxH2nIG4xCrY3AlVVq1yYg+gU5H7Zs o11g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Z4Wts5Gi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d3-20020a170903230300b0018685c559a1si20049309plh.383.2022.12.29.13.23.55; Thu, 29 Dec 2022 13:24:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Z4Wts5Gi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234199AbiL2VTh (ORCPT + 99 others); Thu, 29 Dec 2022 16:19:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39750 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234219AbiL2VSY (ORCPT ); Thu, 29 Dec 2022 16:18:24 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 96AAE1707B for ; Thu, 29 Dec 2022 13:17:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1672348661; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mv0JdiEUm8fY4r7rY54vtlemTUttCXqsgsmptQYzLmc=; b=Z4Wts5GiJBcr1Dlw34XzU7Ipop5nqxsC+e8N9OXIFTmsRudygdY6AcavTdTRudTjpLgqew 9G2I3uLw2NhC9v0rbu8pqXxSluQyHZbkqUooifqx28yRaOMpOVbBHrWS7qMNANunmLcQfx TKe/94fBZmErc2jrL/r78slO+0jABos= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-664-nogLPySSPCmKjss8zI-pRA-1; Thu, 29 Dec 2022 16:17:36 -0500 X-MC-Unique: nogLPySSPCmKjss8zI-pRA-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DE14C1C05AC5; Thu, 29 Dec 2022 21:17:35 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-2.brq.redhat.com [10.40.208.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7FBC5492B00; Thu, 29 Dec 2022 21:17:33 +0000 (UTC) From: Vladis Dronov To: Herbert Xu , "David S . Miller" Cc: Nicolai Stange , Elliott Robert , Stephan Mueller , Eric Biggers , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov Subject: [PATCH v3 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode Date: Thu, 29 Dec 2022 22:17:10 +0100 Message-Id: <20221229211710.14912-7-vdronov@redhat.com> In-Reply-To: <20221229211710.14912-1-vdronov@redhat.com> References: <20221229211710.14912-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753585075483053284?= X-GMAIL-MSGID: =?utf-8?q?1753585075483053284?= From: Nicolai Stange The kernel provides implementations of the NIST ECDSA signature verification primitives. For key sizes of 256 and 384 bits respectively they are approved and can be enabled in FIPS mode. Do so. Signed-off-by: Nicolai Stange Signed-off-by: Vladis Dronov --- crypto/testmgr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index a223cf5f3626..795c4858c741 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5034,12 +5034,14 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "ecdsa-nist-p256", .test = alg_test_akcipher, + .fips_allowed = 1, .suite = { .akcipher = __VECS(ecdsa_nist_p256_tv_template) } }, { .alg = "ecdsa-nist-p384", .test = alg_test_akcipher, + .fips_allowed = 1, .suite = { .akcipher = __VECS(ecdsa_nist_p384_tv_template) }