From patchwork Tue Nov 8 14:20:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolai Stange X-Patchwork-Id: 17060 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp2740701wru; Tue, 8 Nov 2022 06:27:56 -0800 (PST) X-Google-Smtp-Source: AMsMyM7meeP3OJdtm0V3J0sClNe5MkVP2hCLnYYLx+7XkV+ONlOReNbJKI4q+r4efpXdIVPsilq2 X-Received: by 2002:a17:90b:2246:b0:213:48f0:297f with SMTP id hk6-20020a17090b224600b0021348f0297fmr58314159pjb.236.1667917675948; Tue, 08 Nov 2022 06:27:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667917675; cv=none; d=google.com; s=arc-20160816; b=DGtLxeup1aIAlnrMGqomVk81qf2QFl/3dxgB5DKnchhYFggpMTf8GF9Ds+9pdVWniG qPbE58AWMA4fPi2yWdQtfqXRtTs2ehuLA9/Ulj4NGuzwllRB1Ogb35ifBPqk4JzqSc3b tZNsQYYFu2XKoe1zu2/P5uofHQ9nqoN8DqaUGFevLCq/lZo8EFQnWOh+glplJWgCrm0g YeujN6WAna18z9Bk+koeYZ3rAIfT9/wR4u7agKOcGhCoo8ZblkNGHeExJaPEM4YtPPr0 YCHZO+Ody6NXbhQ+TTdgHCQr+a4i0SEVkaoqx3xTxiAu+oAlVBXf9nsAYVmicEkIXfR1 4SAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-signature; bh=uG7bkbR8f1ErSbpnIswqV7scwgYtGlwKnO07NfMV1Ro=; b=0p8/QExrVSKMptJUjy9ATz397KJGqpnjtliCsyY6ZCbN0lZGIdXctwV7lWUn0W8eTp /mB4MkyRNbr70k5hPjunC3bgzhQ8DruGYHneQUHdqLIoUnE+4cK2oI6FN4aYKzAY1oIS pqb4/+ZTVvArRyJuw3XWPKd/fh0xSRbQO8n6eo5uuBpuixqoF65Dk28IxDR2B7FpIoTN UtTB6rwt9MacguPSO1+fA/5gHsSRcxPZ7A5ZYo91y45q7ReggBUTPuFjFMTThmU40pLa 2fDT1o48R4xqez9uowTNoB6hTHdVAdJel8OcSkKEfHu/uhzRuI2r3hU4hchSRAWQ6JaR 8LeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=S2tQIpOs; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=KlJyrsTf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b11-20020a17090a9bcb00b00216058fa03fsi15096185pjw.53.2022.11.08.06.27.36; Tue, 08 Nov 2022 06:27:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=S2tQIpOs; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=KlJyrsTf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234737AbiKHOU5 (ORCPT + 99 others); Tue, 8 Nov 2022 09:20:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57184 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234651AbiKHOUt (ORCPT ); Tue, 8 Nov 2022 09:20:49 -0500 Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 72C36862D2; Tue, 8 Nov 2022 06:20:48 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 2D9EC22A9E; Tue, 8 Nov 2022 14:20:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1667917247; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uG7bkbR8f1ErSbpnIswqV7scwgYtGlwKnO07NfMV1Ro=; b=S2tQIpOsR9mMrPkL1xyeJAXruYNrjsUZ6HF8BLdHGTnO80bnA4iQkodZli0rCTWp17IWc8 G6kffZIEF11rAdTdbELZu1ST4TdSTXfL63M0DMnRrH2pmqypMjsfkU+No7jDGUW6teZcNJ PWzOVo6S0JUb+DhSXB3gdpuJQuSP/vM= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1667917247; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uG7bkbR8f1ErSbpnIswqV7scwgYtGlwKnO07NfMV1Ro=; b=KlJyrsTfyiJ5AaM/jlA9pToJSlXsFBVquwdB4l/WR9qI2U1mbUcggpwAbxZgZCNIAzPvsU DmdguqNlPjek2aAQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 1F98E13398; Tue, 8 Nov 2022 14:20:47 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id kBtiB79lamMTKQAAMHmgww (envelope-from ); Tue, 08 Nov 2022 14:20:47 +0000 From: Nicolai Stange To: Herbert Xu , "David S. Miller" Cc: Vladis Dronov , Stephan Mueller , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Nicolai Stange Subject: [PATCH 1/4] crypto: xts - restrict key lengths to approved values in FIPS mode Date: Tue, 8 Nov 2022 15:20:22 +0100 Message-Id: <20221108142025.13461-2-nstange@suse.de> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221108142025.13461-1-nstange@suse.de> References: <20221108142025.13461-1-nstange@suse.de> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748938445030610812?= X-GMAIL-MSGID: =?utf-8?q?1748938445030610812?= According to FIPS 140-3 IG C.I., only (total) key lengths of either 256 bits or 512 bits are allowed with xts(aes). Make xts_verify_key() to reject anything else in FIPS mode. As xts(aes) is the only approved xts() template instantiation in FIPS mode, the new restriction implemented in xts_verify_key() effectively only applies to this particular construction. Signed-off-by: Nicolai Stange --- include/crypto/xts.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/crypto/xts.h b/include/crypto/xts.h index 0f8dba69feb4..a233c1054df2 100644 --- a/include/crypto/xts.h +++ b/include/crypto/xts.h @@ -35,6 +35,13 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm, if (keylen % 2) return -EINVAL; + /* + * In FIPS mode only a combined key length of either 256 or + * 512 bits is allowed, c.f. FIPS 140-3 IG C.I. + */ + if (fips_enabled && keylen != 32 && keylen != 64) + return -EINVAL; + /* ensure that the AES and tweak key are not identical */ if ((fips_enabled || (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) && From patchwork Tue Nov 8 14:20:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolai Stange X-Patchwork-Id: 17059 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp2740699wru; Tue, 8 Nov 2022 06:27:56 -0800 (PST) X-Google-Smtp-Source: AMsMyM7VTtA6Cm15ppCLMMxbuExHoX7rTldpObPWhLX9B/UEw45jfy6P5V75yVz4mRnYdbasc8+R X-Received: by 2002:a17:902:c944:b0:186:a7d7:c3b with SMTP id i4-20020a170902c94400b00186a7d70c3bmr56581654pla.55.1667917675944; Tue, 08 Nov 2022 06:27:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667917675; cv=none; d=google.com; s=arc-20160816; b=Hls/KyZJbXgNtbT99JNfMuzq8GZZjjHycIzpQ9uEybexPsXTG1tWCmV7b+52MqSswq VXKcOXVyPyTqhnk1TEMAc0OxGgA4kzDorFBySG2qSA+q8eTIqqGuS9Uw0vDB0ia0Lgmb tRRKXVGTI/kBXIiDEf/8d7YqTC0DvNJH78zmyKjxNlyQNv9IgQ6rleegnQa7/EYH2JAV ZdOxh4EviuNFFKhh0kJpi8KL/f3tDZAcYrkYtkQ+AJsbcVfVwckS0XQE+VARWXjbt9fg pyBfIQ4LHR83pefkvW54lIKfmlntETEhUZglg++akI967P5cW204OPWAQ22dGI0aBJnt LyaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-signature; bh=t9ib9ZQ/+innM0aD2x69ESuXh3a/zTGWSIsXZMke6AU=; b=E27LbD1egx3K15R0M3vchl8bajc+dwrF501LJbOspwW+bBl3AREc7Zm0QeSazUt6O1 xLnB0jdCP4bBR2xoyLjmyiEzwItTU1vnMQASl1x23lG/+E5p92uocq9WmC2L1TfLHDTI skSd5HGUtDNStuVWl5VLXo7frtZdIIJCE1MRfgMy7+TRl4Mdge4AMipt3/VnF74NI1+p L6ZfUOj7+gsDt6xlhk6F4Wfo6H4rv98gC47SKyCmjM+2Ql5Sgr+4OFfQouRlT15DXv8Y dD0e+thBiXGSB3dZ4AYmpnz1nOyZyuHDDB904b2PAbwkwhflFhlk9+MDB7bKNGJtPziA RrJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=HnS57Cld; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=TFhOTSr9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s19-20020a17090ad49300b00200919a55b1si16458000pju.180.2022.11.08.06.27.36; Tue, 08 Nov 2022 06:27:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=HnS57Cld; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=TFhOTSr9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234573AbiKHOVA (ORCPT + 99 others); Tue, 8 Nov 2022 09:21:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57222 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234350AbiKHOUv (ORCPT ); Tue, 8 Nov 2022 09:20:51 -0500 Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 59A3D862D6; Tue, 8 Nov 2022 06:20:50 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 14D9C22AA8; Tue, 8 Nov 2022 14:20:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1667917249; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t9ib9ZQ/+innM0aD2x69ESuXh3a/zTGWSIsXZMke6AU=; b=HnS57CldwjnrLHR6RJs1lxMqU/5R71SJ9Pf10dqy6lRxWNuxHDNQsmghv4ua3OmXGGo9UF FZ48pQokWhWUzO+hSYa2Vq08OYK8Sqs3wwp+QYs6ADO0Tz7bx51vS3nx1M6U6rARSaaWHU YRSltZiUOoYd2Pk3UXk9Y6i/XlSbWh8= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1667917249; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t9ib9ZQ/+innM0aD2x69ESuXh3a/zTGWSIsXZMke6AU=; b=TFhOTSr9M9P5QaV8wXtBTQB3imVXYwPUv290JXdVOm5sat3zThaV2EtLf/AzgwyDACYsze zvRu1ujw/ilUhMAw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 04D3413398; Tue, 8 Nov 2022 14:20:49 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id a3S5AMFlamMVKQAAMHmgww (envelope-from ); Tue, 08 Nov 2022 14:20:49 +0000 From: Nicolai Stange To: Herbert Xu , "David S. Miller" Cc: Vladis Dronov , Stephan Mueller , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Nicolai Stange Subject: [PATCH 2/4] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode Date: Tue, 8 Nov 2022 15:20:23 +0100 Message-Id: <20221108142025.13461-3-nstange@suse.de> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221108142025.13461-1-nstange@suse.de> References: <20221108142025.13461-1-nstange@suse.de> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748938444974850512?= X-GMAIL-MSGID: =?utf-8?q?1748938444974850512?= cbcmac(aes) may be used only as part of the ccm(aes) construction in FIPS mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific constructions in FIPS mode") there's support for using spawns which by itself are marked as non-approved from approved template instantiations. So simply mark plain cbcmac(aes) as non-approved in testmgr to block any attempts of direct instantiations in FIPS mode. Signed-off-by: Nicolai Stange --- crypto/testmgr.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index e2806ef044fd..1ffbe3abb84a 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4501,7 +4501,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { #endif .alg = "cbcmac(aes)", - .fips_allowed = 1, .test = alg_test_hash, .suite = { .hash = __VECS(aes_cbcmac_tv_template) From patchwork Tue Nov 8 14:20:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolai Stange X-Patchwork-Id: 17069 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp2741464wru; Tue, 8 Nov 2022 06:29:11 -0800 (PST) X-Google-Smtp-Source: AMsMyM5NJ/DyxXfQK+oG5vSVUdjBrnMyDVOQgTp6XsgIdkrqf0sdrWMIQYheiHJKpLYdh0jsv5Il X-Received: by 2002:a17:902:db11:b0:188:515e:81a5 with SMTP id m17-20020a170902db1100b00188515e81a5mr29499830plx.64.1667917750728; Tue, 08 Nov 2022 06:29:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667917750; cv=none; d=google.com; s=arc-20160816; b=OBPZ7ms66ezRjMFS5PwFi5uB9GVi1M8DZfR429jFVarsXTNLsLCv5ntykEVZw2GrBY cqlkoBqU/dBDSmCMuj6Il/I5yVezFxjtA/UTziNbVZd+fRcbONHNAoNyYVCy7JNhTn+d CAM6farz6sL7L+fOe2FtLMMhlI/knGeRbtQqR/FUCFjTyPGAy7Ewsb9yJf0WNsH7BZZJ BWlZEDQwyIYmiB+iRKRGpBTEI628DuV23PWoNU4Tm4TEFyQi3bbfoFRLVavjVYPMbkm5 EheV8mdV8S2l4awMhm8PC8hEMMmduPOb2K+BsAGXqlif7YsMloKmuotcIynzwlh45aPc yhlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-signature; bh=gPSHPQSCdTnJCBZ6fMK+DYGTstwG8CZs+9HEtDCY0L8=; b=W0ZzWXfbCTmTQCYfutrsZJF/BMrwKXk56E5wbasEECeBBA3sFVGFuGiJ+33kdNnujQ hLbzRSz/QFhcno2Ubee87eCJAyO5L5d6s/CQTYYXCHF/3KrdeixsfITFbC12xAFiaaM8 0bWlJ99OJTcgg+hlVjaLbudYl10bz2P2sc9F8gI42Fts04JmZRNRje8uMk9wOtbH2840 0tjyyQiLPuJ1DQ8Y/CypoxHvEWaJrJxsfjpnbtXwkXVZGB9oTpv7KDGPe+v2Ji12nIaP F2WvQP4gF/NZIvGJurJefcwKSrBnqemWfmJX3xgOoNQSQcQWD+Y8en+B1AZaNqCBnAOh 3ktg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="YypPimf/"; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=5aQPMVpz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o11-20020a170903210b00b001825b1375ebsi11563987ple.544.2022.11.08.06.28.55; Tue, 08 Nov 2022 06:29:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="YypPimf/"; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=5aQPMVpz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235423AbiKHOVU (ORCPT + 99 others); Tue, 8 Nov 2022 09:21:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57674 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235389AbiKHOVJ (ORCPT ); Tue, 8 Nov 2022 09:21:09 -0500 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5B2B8C8A01; Tue, 8 Nov 2022 06:21:01 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 1C51D1FB81; Tue, 8 Nov 2022 14:21:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1667917260; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gPSHPQSCdTnJCBZ6fMK+DYGTstwG8CZs+9HEtDCY0L8=; b=YypPimf/81K/l5dZxvWEYO2mkOFBa0WRCfYZ/QU6VE6lpGMfFOHZy+n/CapWTElDjdU+5l lNJZf4e+lvvJUUbTiw/mqgvT7M5COty8gTohZyVhGVdPKWia/o6kGYhIBLoxFSgOIg7Ndb WGH2TxUDkVLuSsS3z1vO64GOmJrU0M8= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1667917260; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gPSHPQSCdTnJCBZ6fMK+DYGTstwG8CZs+9HEtDCY0L8=; b=5aQPMVpzPztkei8q7HJrOpM67zWqRw1fhsour4s/Muw9aep3N9WA+sWMA8N6eB9fxPkp71 yy1WRDdTv8U2e9Dg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 04E4F13398; Tue, 8 Nov 2022 14:21:00 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id lH4xAcxlamM/KQAAMHmgww (envelope-from ); Tue, 08 Nov 2022 14:21:00 +0000 From: Nicolai Stange To: Herbert Xu , "David S. Miller" Cc: Vladis Dronov , Stephan Mueller , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Nicolai Stange Subject: [PATCH 3/4] crypto: testmgr - disallow plain ghash in FIPS mode Date: Tue, 8 Nov 2022 15:20:24 +0100 Message-Id: <20221108142025.13461-4-nstange@suse.de> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221108142025.13461-1-nstange@suse.de> References: <20221108142025.13461-1-nstange@suse.de> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748938523047029385?= X-GMAIL-MSGID: =?utf-8?q?1748938523047029385?= ghash may be used only as part of the gcm(aes) construction in FIPS mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific constructions in FIPS mode") there's support for using spawns which by itself are marked as non-approved from approved template instantiations. So simply mark plain ghash as non-approved in testmgr to block any attempts of direct instantiations in FIPS mode. Signed-off-by: Nicolai Stange --- crypto/testmgr.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 1ffbe3abb84a..6d91a2acd119 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5125,7 +5125,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "ghash", .test = alg_test_hash, - .fips_allowed = 1, .suite = { .hash = __VECS(ghash_tv_template) } From patchwork Tue Nov 8 14:20:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolai Stange X-Patchwork-Id: 17061 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp2740714wru; Tue, 8 Nov 2022 06:27:58 -0800 (PST) X-Google-Smtp-Source: AMsMyM6xx4UMWV/j3sXnwb7Xqx7HjUOuRqmZgH91Vsr+BtoDBCR4OTXm8337TNN//NGksOtX21Hp X-Received: by 2002:a63:e446:0:b0:470:2c91:44c4 with SMTP id i6-20020a63e446000000b004702c9144c4mr23404733pgk.536.1667917678378; Tue, 08 Nov 2022 06:27:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667917678; cv=none; d=google.com; s=arc-20160816; b=VYwWVkFmVsip3uyrDF+uaOc79gwxUizyX0IfIMtYYscLb5st7QpI3nVYWqnnaoAgJh DbOw93PvhGo3eR0e6v6gXoIGlWLNiKJpPZlYpqdnIFhulajyY2pC3WksfDcp5Frzlpyt 4hEZcqzbgptLGJwVGm0AVJu9FzEB1FRdtIOB9E7J9i1v/epeE9LSBuTRryIbmBbKwEBj 8GILA36NPgAHPrkHbpoT5sUiSxfQ0rojgPsKdzoUwDxPOjs/ujFgCRbqael3I2ykEMFb BfchKMRjhy02N/bJ3DO2bbd+TSbyVXjFSy5pvu4uBV0MaYtMJ/W6TL+ygL9ARsPWK6xM VxXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-signature; bh=3T0eeo4rDxCTZEodATTbmKUVD7KoHxSR9GUsWoJPUyA=; b=optnZxjV4EsXIF45VWOtDnFs6L0+GGAqES6x7HSAs+xcb6JeMwepReW0pypc4EqHNo FsC4iiFwwSHiWEBQ4isDkJpdgj6WBi3Fx36La70eNi5jaU39vwClFfoLFeIVA7uc5uqy psbpq9hRQJY4DKPMsKpaln2zyg7w+MMwsbZUrZxWOI7ua7b0wZzDfYWVJvL2JM5I4U3g +vvGZtlB38evlRfjUjDCC9vffqk3umufeD3XBkZzxdktucKOU/0KxqjvCHIRzUlMR3u0 qeEzRXNYevQ2HJon67VKPZ1QS4UNYR1w0mBeQcr+GnGixm/JRDXcNJwXuIOJSPa1vJnO gv/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=tlNczIRO; dkim=neutral (no key) header.i=@suse.de header.b=rNJym0SU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pw4-20020a17090b278400b0020b0b8df3d2si12831744pjb.57.2022.11.08.06.27.44; Tue, 08 Nov 2022 06:27:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=tlNczIRO; dkim=neutral (no key) header.i=@suse.de header.b=rNJym0SU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235396AbiKHOVe (ORCPT + 99 others); Tue, 8 Nov 2022 09:21:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57392 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233895AbiKHOVL (ORCPT ); Tue, 8 Nov 2022 09:21:11 -0500 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8D4BEC8A30; Tue, 8 Nov 2022 06:21:03 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 4DCF81FB84; Tue, 8 Nov 2022 14:21:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1667917262; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3T0eeo4rDxCTZEodATTbmKUVD7KoHxSR9GUsWoJPUyA=; b=tlNczIRO1IJ5wuS9cdVO5s3WPJFQ1XDcV9CAmgBCOXm0j7Y4dNGiaB1kqqudITvlvK7/6K ljvnrI5beWnDFxu6xg0IUAlLoEnRLuFPRy668Ju1tSwctagOgT4r8RYAgB9sjflJvM4xfs llStYI6EatCkLg/en3BWq9PAHd6cYxU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1667917262; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3T0eeo4rDxCTZEodATTbmKUVD7KoHxSR9GUsWoJPUyA=; b=rNJym0SULVMg4fQl4TbvAqFcaF02Iv7fFma9H6oFWAxqttwZOuw+WZb5TKs8uK3857TPO/ 3SkUNT42aRuKcnAQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 3944813398; Tue, 8 Nov 2022 14:21:02 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id F5j2Dc5lamNJKQAAMHmgww (envelope-from ); Tue, 08 Nov 2022 14:21:02 +0000 From: Nicolai Stange To: Herbert Xu , "David S. Miller" Cc: Vladis Dronov , Stephan Mueller , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Nicolai Stange Subject: [PATCH 4/4] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode Date: Tue, 8 Nov 2022 15:20:25 +0100 Message-Id: <20221108142025.13461-5-nstange@suse.de> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221108142025.13461-1-nstange@suse.de> References: <20221108142025.13461-1-nstange@suse.de> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748938447366956659?= X-GMAIL-MSGID: =?utf-8?q?1748938447366956659?= The kernel provides implementations of the NIST ECDSA signature verification primitives. For key sizes of 256 and 384 bits respectively they are approved and can be enabled in FIPS mode. Do so. Signed-off-by: Nicolai Stange --- crypto/testmgr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 6d91a2acd119..f641f9c830d8 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5034,12 +5034,14 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "ecdsa-nist-p256", .test = alg_test_akcipher, + .fips_allowed = 1, .suite = { .akcipher = __VECS(ecdsa_nist_p256_tv_template) } }, { .alg = "ecdsa-nist-p384", .test = alg_test_akcipher, + .fips_allowed = 1, .suite = { .akcipher = __VECS(ecdsa_nist_p384_tv_template) } From patchwork Wed Dec 21 15:25:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 35417 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp3588206wrn; Wed, 21 Dec 2022 07:31:02 -0800 (PST) X-Google-Smtp-Source: AMrXdXtEQSHgQlIuLYpG6l/AFdXGebMQqOGRxu8UcP/OqkSmIrKFFEhUK/Lq6okZSdoLCYAxntqf X-Received: by 2002:a17:907:1b0b:b0:7c1:6344:84a with SMTP id mp11-20020a1709071b0b00b007c16344084amr2678306ejc.5.1671636662574; Wed, 21 Dec 2022 07:31:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671636662; cv=none; d=google.com; s=arc-20160816; b=gwcTC1mEANjkDLYfTTvk5yrasLjcanzAey15YccAZ7njNkpcxXjdn8Z5ChOYrgRyYI DnuNTJRcVDppJh7J8IxdOKYVNM4QF4KpNBAF1eiyju20/miRCZYlLgEYvwZpddl/6eG0 o+2A4wRQraicjDfp7nAKxzxfWDoAgIRDckxXFBCKzubJX6ka1IbvPcwljRO0GBzJmpQZ 9Ief25Pismzeaxa95R7ys7D7/InEoKcAS1vYHCpCkAF92/POvuXNf79CaI8OmCvoYanD /gpKT28GgjL9stLI4J0Dqa1jtT4WRCKPZAOxU/lkJr/JEyMFJX2BY/VImmLgOQRJdy02 otgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IBBAPxnl7DwOOsdKQMEBGtzB4FUQAydS0fgSBc7KeGs=; b=O/RHcyDLFswhRXtrd8AT7VxmQjqwgeONNQyZ7WWYohfJPWxg1I0dyFJDj218XsooE9 8tyhzf82/NIp+ChZhOxP3qSeE4GsNnGTX3QWo+zdKOGDMbSyMYXUUiBbL99GMSlzZfzx sTq4Xh3nvU79UawyeljTmh4cJdMlRmlzByWis9r/LzrVH2zWOvqxDP7KOq0lW0FZrpnb 8jBPEr9MiR/NTHyGbOTi3GrAa3zos7FKqv9DxytBsRKkDitphueoN8PgxcN18+DOslEs oIL0dR/FXVaWDHLJNZPYyKfMDG2WfUUhb0U/lD74OItx74uAQ82BIMeDmdEIvfK3teUM O3Cg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YJkwA98i; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id se20-20020a170906ce5400b007c164149597si11548641ejb.891.2022.12.21.07.30.34; Wed, 21 Dec 2022 07:31:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YJkwA98i; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234872AbiLUPaM (ORCPT + 99 others); Wed, 21 Dec 2022 10:30:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234834AbiLUP32 (ORCPT ); Wed, 21 Dec 2022 10:29:28 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 74EFC25E80 for ; Wed, 21 Dec 2022 07:26:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1671636363; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IBBAPxnl7DwOOsdKQMEBGtzB4FUQAydS0fgSBc7KeGs=; b=YJkwA98iJMTSeyGvjjorteL9qNkS6hfzGD+NfuN0PC3kSaSuHlqdnV7K/enJQ9TFP+Y/Xj s3BlC/XXKkthi32jtZjzoZH6FlLWvT1JwMmxfJi24Y1IIWwIz4J7JZl8v0HO4SD4xv8ni8 dxLfWkDIPtUXMu2HWqZa9dstSnEVlI0= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-298-63KRRxRYO-2yACRTfpl55A-1; Wed, 21 Dec 2022 10:26:00 -0500 X-MC-Unique: 63KRRxRYO-2yACRTfpl55A-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 04FC387B2A1; Wed, 21 Dec 2022 15:26:00 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-25.brq.redhat.com [10.40.208.25]) by smtp.corp.redhat.com (Postfix) with ESMTP id C019B40C2064; Wed, 21 Dec 2022 15:25:57 +0000 (UTC) From: Vladis Dronov To: nstange@suse.de Cc: davem@davemloft.net, herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, smueller@chronox.de, vdronov@redhat.com Subject: [PATCH 5/6] crypto: xts - drop xts_check_key() Date: Wed, 21 Dec 2022 16:25:17 +0100 Message-Id: <20221221152517.8567-1-vdronov@redhat.com> In-Reply-To: <20221108142025.13461-1-nstange@suse.de> References: <20221108142025.13461-1-nstange@suse.de> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1752838085234502817?= X-GMAIL-MSGID: =?utf-8?q?1752838085234502817?= xts_check_key() is obsoleted by xts_verify_key(). Over time XTS crypto drivers adopted the newer xts_verify_key() variant, but xts_check_key() is still used by a number of drivers. Switch drivers to use the newer xts_verify_key() and make a couple of cleanups. This allows us to drop xts_check_key() completely and avoid redundancy. Signed-off-by: Vladis Dronov --- arch/s390/crypto/paes_s390.c | 2 +- drivers/crypto/atmel-aes.c | 2 +- drivers/crypto/axis/artpec6_crypto.c | 2 +- drivers/crypto/cavium/cpt/cptvf_algs.c | 8 +++---- .../crypto/cavium/nitrox/nitrox_skcipher.c | 8 +++---- drivers/crypto/ccree/cc_cipher.c | 2 +- .../crypto/marvell/octeontx/otx_cptvf_algs.c | 2 +- .../marvell/octeontx2/otx2_cptvf_algs.c | 2 +- include/crypto/xts.h | 21 +++---------------- 9 files changed, 15 insertions(+), 34 deletions(-) diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c index a279b7d23a5e..29dc827e0fe8 100644 --- a/arch/s390/crypto/paes_s390.c +++ b/arch/s390/crypto/paes_s390.c @@ -474,7 +474,7 @@ static int xts_paes_set_key(struct crypto_skcipher *tfm, const u8 *in_key, return rc; /* - * xts_check_key verifies the key length is not odd and makes + * xts_verify_key verifies the key length is not odd and makes * sure that the two keys are not the same. This can be done * on the two protected keys as well */ diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c index 886bf258544c..130f8bf09a9a 100644 --- a/drivers/crypto/atmel-aes.c +++ b/drivers/crypto/atmel-aes.c @@ -1879,7 +1879,7 @@ static int atmel_aes_xts_setkey(struct crypto_skcipher *tfm, const u8 *key, struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm); int err; - err = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen); + err = xts_verify_key(tfm, key, keylen); if (err) return err; diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c index 51c66afbe677..f6f41e316dfe 100644 --- a/drivers/crypto/axis/artpec6_crypto.c +++ b/drivers/crypto/axis/artpec6_crypto.c @@ -1621,7 +1621,7 @@ artpec6_crypto_xts_set_key(struct crypto_skcipher *cipher, const u8 *key, crypto_skcipher_ctx(cipher); int ret; - ret = xts_check_key(&cipher->base, key, keylen); + ret = xts_verify_key(cipher, key, keylen); if (ret) return ret; diff --git a/drivers/crypto/cavium/cpt/cptvf_algs.c b/drivers/crypto/cavium/cpt/cptvf_algs.c index ce3b91c612f0..6a7760544780 100644 --- a/drivers/crypto/cavium/cpt/cptvf_algs.c +++ b/drivers/crypto/cavium/cpt/cptvf_algs.c @@ -232,13 +232,12 @@ static int cvm_decrypt(struct skcipher_request *req) static int cvm_xts_setkey(struct crypto_skcipher *cipher, const u8 *key, u32 keylen) { - struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); - struct cvm_enc_ctx *ctx = crypto_tfm_ctx(tfm); + struct cvm_enc_ctx *ctx = crypto_skcipher_ctx(cipher); int err; const u8 *key1 = key; const u8 *key2 = key + (keylen / 2); - err = xts_check_key(tfm, key, keylen); + err = xts_verify_key(cipher, key, keylen); if (err) return err; ctx->key_len = keylen; @@ -289,8 +288,7 @@ static int cvm_validate_keylen(struct cvm_enc_ctx *ctx, u32 keylen) static int cvm_setkey(struct crypto_skcipher *cipher, const u8 *key, u32 keylen, u8 cipher_type) { - struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); - struct cvm_enc_ctx *ctx = crypto_tfm_ctx(tfm); + struct cvm_enc_ctx *ctx = crypto_skcipher_ctx(cipher); ctx->cipher_type = cipher_type; if (!cvm_validate_keylen(ctx, keylen)) { diff --git a/drivers/crypto/cavium/nitrox/nitrox_skcipher.c b/drivers/crypto/cavium/nitrox/nitrox_skcipher.c index 248b4fff1c72..138261dcd032 100644 --- a/drivers/crypto/cavium/nitrox/nitrox_skcipher.c +++ b/drivers/crypto/cavium/nitrox/nitrox_skcipher.c @@ -337,12 +337,11 @@ static int nitrox_3des_decrypt(struct skcipher_request *skreq) static int nitrox_aes_xts_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) { - struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); - struct nitrox_crypto_ctx *nctx = crypto_tfm_ctx(tfm); + struct nitrox_crypto_ctx *nctx = crypto_skcipher_ctx(cipher); struct flexi_crypto_context *fctx; int aes_keylen, ret; - ret = xts_check_key(tfm, key, keylen); + ret = xts_verify_key(cipher, key, keylen); if (ret) return ret; @@ -362,8 +361,7 @@ static int nitrox_aes_xts_setkey(struct crypto_skcipher *cipher, static int nitrox_aes_ctr_rfc3686_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) { - struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); - struct nitrox_crypto_ctx *nctx = crypto_tfm_ctx(tfm); + struct nitrox_crypto_ctx *nctx = crypto_skcipher_ctx(cipher); struct flexi_crypto_context *fctx; int aes_keylen; diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index 309da6334a0a..2cd44d7457a4 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -460,7 +460,7 @@ static int cc_cipher_setkey(struct crypto_skcipher *sktfm, const u8 *key, } if (ctx_p->cipher_mode == DRV_CIPHER_XTS && - xts_check_key(tfm, key, keylen)) { + xts_verify_key(sktfm, key, keylen)) { dev_dbg(dev, "weak XTS key"); return -EINVAL; } diff --git a/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c b/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c index 01c48ddc4eeb..b9e7433aba8e 100644 --- a/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c +++ b/drivers/crypto/marvell/octeontx/otx_cptvf_algs.c @@ -398,7 +398,7 @@ static int otx_cpt_skcipher_xts_setkey(struct crypto_skcipher *tfm, const u8 *key1 = key; int ret; - ret = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen); + ret = xts_verify_key(tfm, key, keylen); if (ret) return ret; ctx->key_len = keylen; diff --git a/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c b/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c index 67530e90bbfe..11b7f504bbd7 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c +++ b/drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c @@ -412,7 +412,7 @@ static int otx2_cpt_skcipher_xts_setkey(struct crypto_skcipher *tfm, const u8 *key1 = key; int ret; - ret = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen); + ret = xts_verify_key(tfm, key, keylen); if (ret) return ret; ctx->key_len = keylen; diff --git a/include/crypto/xts.h b/include/crypto/xts.h index a233c1054df2..5a6a2cc89d49 100644 --- a/include/crypto/xts.h +++ b/include/crypto/xts.h @@ -8,23 +8,6 @@ #define XTS_BLOCK_SIZE 16 -static inline int xts_check_key(struct crypto_tfm *tfm, - const u8 *key, unsigned int keylen) -{ - /* - * key consists of keys of equal size concatenated, therefore - * the length must be even. - */ - if (keylen % 2) - return -EINVAL; - - /* ensure that the AES and tweak key are not identical */ - if (fips_enabled && !crypto_memneq(key, key + (keylen / 2), keylen / 2)) - return -EINVAL; - - return 0; -} - static inline int xts_verify_key(struct crypto_skcipher *tfm, const u8 *key, unsigned int keylen) { @@ -42,7 +25,9 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm, if (fips_enabled && keylen != 32 && keylen != 64) return -EINVAL; - /* ensure that the AES and tweak key are not identical */ + /* ensure that the AES and tweak key are not identical + * when in FIPS mode or the FORBID_WEAK_KEYS flag is set. + */ if ((fips_enabled || (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) && !crypto_memneq(key, key + (keylen / 2), keylen / 2)) From patchwork Wed Dec 21 15:26:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladis Dronov X-Patchwork-Id: 35422 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp3593590wrn; Wed, 21 Dec 2022 07:41:58 -0800 (PST) X-Google-Smtp-Source: AMrXdXu2aegPPBMMBpyVDCrv9LUPmfDS66x1Vg1lbh2R876L95nSnyjHG7fqVbD6nohEeLVbeOUh X-Received: by 2002:a05:6402:4506:b0:46d:35f6:5a9b with SMTP id ez6-20020a056402450600b0046d35f65a9bmr1937722edb.24.1671637318337; Wed, 21 Dec 2022 07:41:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671637318; cv=none; d=google.com; s=arc-20160816; b=NvFd2mqTJ5IGymE5rxKLVOa9XUiUf8EFZACFjt2QdApcgJUgLXGXxxiYs+BeLNhXn+ liXs072uH8iZfy0/BxtDkcbOkkVMymfF5XL/TdnlT6O07Djw2PUUa5DGJ8px+EZuNo0+ W7IygWN0OkfEKfQcXSubzdsygTFC1beNvLlIc2fgl4oJYFVLZdscwuJg39WsaKVse4a6 UEdOYH+NiX2UJ6qm/ULOAR89wbJhQmAWvU7qOP8/LZrcsM8mUic3Dy9BnJVjyza7YnkV rDMaSGsxTzJ2Doy9KSBQ4ksUkM/RapB1cTRLhE9K71C65yqoD51ED76USPAN6QnY3aZi 1Mjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=RL570OHmPW201fZSHberCpl3hdNr7vUODND47Csuw3k=; b=NeDhlAh+NeDJfo1VPaUFhDThFmsFvpz8yrWCWGxpu950m1LPeH/eu996Q3UvtR7MnT qJQnQ8PmgJUZVZAQadXzKjdxZlA9xi92OUt6J7/ZzcRx8tIyUT/MGriObKATWYVds47f jU4Twv0VAsfE8JbKKTOIqBrhAGnkRSwVvjQIW8IIPZhj+HVhQ904/sltEr6u/FMrxtyG q1PxMiW3WDMWw4Z3wkTb0LM4e6yKiwbLNHflgvKFMjEmmol8hTYzcGOSs0BNYlqrkhzy LJe7GZ9y6N8Mh0sfbTDVTMJXNnEqoATAWwH10A9lEspkRr6wIcEOMFqOiVk5uyoO905M Hh5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=FqvUAbWs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id eb7-20020a0564020d0700b0046baedff35bsi16766787edb.291.2022.12.21.07.41.34; Wed, 21 Dec 2022 07:41:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=FqvUAbWs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234882AbiLUPfW (ORCPT + 99 others); Wed, 21 Dec 2022 10:35:22 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37504 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234739AbiLUPes (ORCPT ); Wed, 21 Dec 2022 10:34:48 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F21A428746 for ; Wed, 21 Dec 2022 07:29:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1671636582; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RL570OHmPW201fZSHberCpl3hdNr7vUODND47Csuw3k=; b=FqvUAbWswhK1a2zG4D7fWmmBjxaXW3/GRm/t680eoV6xs3nPLLT7i60fQwj2u2N2oIl/M+ 6/5S3unbnT9dhphzPjw2307bsKTEj6EqA+B8sghZr9kbg15KqE4+CYURXh6GEcirGKfk+a XIg9qD9OD+qSkDlfsqObW208RKoA198= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-674-kk_9dkzeN8exWPYguzi-Cg-1; Wed, 21 Dec 2022 10:26:28 -0500 X-MC-Unique: kk_9dkzeN8exWPYguzi-Cg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0F47D18A64E0; Wed, 21 Dec 2022 15:26:28 +0000 (UTC) Received: from rules.brq.redhat.com (ovpn-208-25.brq.redhat.com [10.40.208.25]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3E12340C2064; Wed, 21 Dec 2022 15:26:26 +0000 (UTC) From: Vladis Dronov To: nstange@suse.de Cc: davem@davemloft.net, herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, smueller@chronox.de, vdronov@redhat.com Subject: [PATCH 6/6] crypto: xts - drop redundant xts key check Date: Wed, 21 Dec 2022 16:26:13 +0100 Message-Id: <20221221152613.8655-1-vdronov@redhat.com> In-Reply-To: <20221108142025.13461-1-nstange@suse.de> References: <20221108142025.13461-1-nstange@suse.de> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1752838772616277533?= X-GMAIL-MSGID: =?utf-8?q?1752838772616277533?= xts_fallback_setkey() in xts_aes_set_key() will now enforce key size rule in FIPS mode when setting up the fallback algorithm keys, which makes the check in xts_aes_set_key() redundant or unreachable. So just drop this check. xts_fallback_setkey() now makes a key size check in xts_verify_key(): xts_fallback_setkey() crypto_skcipher_setkey() [ skcipher_setkey_unaligned() ] cipher->setkey() { .setkey = xts_setkey } xts_setkey() xts_verify_key() Signed-off-by: Vladis Dronov --- arch/s390/crypto/aes_s390.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c index 526c3f40f6a2..c773820e4af9 100644 --- a/arch/s390/crypto/aes_s390.c +++ b/arch/s390/crypto/aes_s390.c @@ -398,10 +398,6 @@ static int xts_aes_set_key(struct crypto_skcipher *tfm, const u8 *in_key, if (err) return err; - /* In fips mode only 128 bit or 256 bit keys are valid */ - if (fips_enabled && key_len != 32 && key_len != 64) - return -EINVAL; - /* Pick the correct function code based on the key length */ fc = (key_len == 32) ? CPACF_KM_XTS_128 : (key_len == 64) ? CPACF_KM_XTS_256 : 0;