X-Received: by 2002:a17:90b:1bc2:b0:1b2:eaa7:b718 with SMTP id oa2-20020a17090b1bc200b001b2eaa7b718mr1909362pjb.115.1645498140137; Mon, 21 Feb 2022 18:49:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645498140; cv=none; d=google.com; s=arc-20160816; b=EpsQEAGCjLYaDNxVXgQO5QLsPO9aLeAunmNMMKkO73Sxv84gT6Y9kjhtkp3HKv7kkn ldoMas/7/D9mTgdX2Ub2hHY79Xfg21zb5NBVHdLQJy0RG9rWOU+94FXO5Hw4mDCPPc8E Hmdq1uV3iDbzRixDy4r+MJRPeVcQfDYM9TAAgDYIs/Ue+v7m0sWYkXMH5jqBhUpq+FP+ lP4QsPVG3Knqrc3o/aJEcOd4BSXYlKWVZ+yB99NKpmxw8UeOgyHf1C8NPD8akZaiCt3d 2PzY+8Zeeeg7FM+kYNBda6cyMMCrKG2KWtZaU1yJ8AGHiKjM7sJ02ZXPUaXggdpbxOPP 3X3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-signature; bh=wHU5RAcZQ7wzRYrRFP5tKcrw+t/AEFW4ygcVBSPLyq4=; b=Mm54gfPaDFOBMA6hI3xS+aMEyDtB2pO8f4W7iiXTGueAw85cBLkYy+zJXf1V9yNsME nKlBNECFuhrPYAYkDpffICHFiR9z4mX6rvV+tWxA+NmJQLmyjB0YpoFtN9LR/g64G6bR Dn/r0OQBHwVXz0qpKgl8/NKQ9DPJXwysiaGjUl1et2B7upD27HJAEnStE42JSPoZ8Evk sIy9IEEG0GnraQ6NJYO9tBsT9icriRbVPpN0lfZdErnJIDbcQgvcytiJ3Rixw90Bp+i9 /hgwdQ+ESnp0INhV7jDYQQ1pFAHD/5FfxJ4e5bK1fpDka8vhfs2lTDLXb62w+Nt14zxp Ac+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=V8yE7oxU; dkim=neutral (no key) header.i=@suse.de header.b="TmK2/EuS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w21si18761718pgl.170.2022.02.21.18.48.43; Mon, 21 Feb 2022 18:49:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=V8yE7oxU; dkim=neutral (no key) header.i=@suse.de header.b="TmK2/EuS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1357727AbiBUMRQ (ORCPT + 99 others); Mon, 21 Feb 2022 07:17:16 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:52838 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1357777AbiBUMPa (ORCPT ); Mon, 21 Feb 2022 07:15:30 -0500 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F5295FE3; Mon, 21 Feb 2022 04:11:30 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 8CA9F1F390; Mon, 21 Feb 2022 12:11:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1645445489; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wHU5RAcZQ7wzRYrRFP5tKcrw+t/AEFW4ygcVBSPLyq4=; b=V8yE7oxUdEAR4NSml4Dk/hBD1RDj+SvYd1QR2d52jcznwPJNI6RyjC8OjiQreMTGAGute5 sycMeFKjKn4qyhpihVxoOaK4XRjiHM4DIbDFs/uHv4jJkS24vgjHzllTt9BILa+hTWQgBI M5trhUB/vVz38XvRuEOSgNFThUFD01g= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1645445489; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wHU5RAcZQ7wzRYrRFP5tKcrw+t/AEFW4ygcVBSPLyq4=; b=TmK2/EuSBp2YgHYoOorw+pll8ZO1h1Hk0lZIodkCESE+rVox+ZsFwgJ/6xA2HI26W4epg7 yD2Q3AnVXZ/NUrCw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 7843B13A94; Mon, 21 Feb 2022 12:11:29 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id AovxG3GBE2KhWwAAMHmgww (envelope-from ); Mon, 21 Feb 2022 12:11:29 +0000 From: Nicolai Stange To: Herbert Xu , "David S. Miller" Cc: =?UTF-8?q?Stephan=20M=C3=BCller?= , Hannes Reinecke , Torsten Duwe , David Howells , Jarkko Sakkinen , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org, Nicolai Stange Subject: [PATCH v4 13/15] crypto: dh - disallow plain "dh" usage in FIPS mode Date: Mon, 21 Feb 2022 13:10:59 +0100 Message-Id: <20220221121101.1615-14-nstange@suse.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20220221121101.1615-1-nstange@suse.de> References: <20220221121101.1615-1-nstange@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org SP800-56Arev3, sec. 5.5.2 ("Assurance of Domain-Parameter Validity") asserts that an implementation needs to verify domain paramtere validity, which boils down to either - the domain parameters corresponding to some known safe-prime group explicitly listed to be approved in the document or - for parameters conforming to a "FIPS 186-type parameter-size set", that the implementation needs to perform an explicit domain parameter verification, which would require access to the "seed" and "counter" values used in their generation. The latter is not easily feasible and moreover, SP800-56Arev3 states that safe-prime groups are preferred and that FIPS 186-type parameter sets should only be supported for backward compatibility, if it all. Mark "dh" as not fips_allowed in testmgr. Note that the safe-prime ffdheXYZ(dh) wrappers are not affected by this change: as these enforce some approved safe-prime group each, their usage is still allowed in FIPS mode. This change will effectively render the keyctl(KEYCTL_DH_COMPUTE) syscall unusable in FIPS mode, but it has been brought up that this might even be a good thing ([1]). [1] https://lore.kernel.org/r/20211217055227.GA20698@gondor.apana.org.au Signed-off-by: Nicolai Stange --- crypto/testmgr.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 5fabd7bbfba5..2d632a285869 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4650,7 +4650,6 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "dh", .test = alg_test_kpp, - .fips_allowed = 1, .suite = { .kpp = __VECS(dh_tv_template) } -- 2.26.2