Hi,
This patchset and cover letter was initially composed by Nicolai Stange
and sent earlier as:
https://lore.kernel.org/r/[email protected]/
with a subject: [PATCH 0/4] Trivial set of FIPS 140-3 related changes
I'm adding patches 2 and 3 which (I hope) resolve issues spotted by
reviewers of previous version of the patchset. This new patchset should
ease our future kernel work on the FIPS mode.
I'm quoting Nicolai's cover letter here:
> Hi all,
>
> these four rather unrelated patches are basically a dump of some of the
> more trivial changes required for working towards FIPS 140-3 conformance.
>
> Please pick as you deem appropriate.
>
> Thanks!
>
> Nicolai
v2:
- fixed a block comment formatting
- "Reviewed-by: Eric Biggers" was copied from the v1 thread:
https://lore.kernel.org/r/[email protected]/
Nicolai Stange (4):
crypto: xts - restrict key lengths to approved values in FIPS mode
crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode
crypto: testmgr - disallow plain ghash in FIPS mode
crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode
Vladis Dronov (2):
crypto: xts - drop xts_check_key()
crypto: xts - drop redundant xts key check
arch/s390/crypto/aes_s390.c | 4 ---
arch/s390/crypto/paes_s390.c | 2 +-
crypto/testmgr.c | 4 +--
drivers/crypto/atmel-aes.c | 2 +-
drivers/crypto/axis/artpec6_crypto.c | 2 +-
drivers/crypto/cavium/cpt/cptvf_algs.c | 8 +++---
.../crypto/cavium/nitrox/nitrox_skcipher.c | 8 +++---
drivers/crypto/ccree/cc_cipher.c | 2 +-
.../crypto/marvell/octeontx/otx_cptvf_algs.c | 2 +-
.../marvell/octeontx2/otx2_cptvf_algs.c | 2 +-
include/crypto/xts.h | 25 +++++++------------
11 files changed, 23 insertions(+), 38 deletions(-)
base-commit: b6bb9676f2165d518b35ba3bea5f1fcfc0d969bf
--
2.38.1
From: Nicolai Stange <[email protected]>
ghash may be used only as part of the gcm(aes) construction in FIPS
mode. Since commit d6097b8d5d55 ("crypto: api - allow algs only in specific
constructions in FIPS mode") there's support for using spawns which by
itself are marked as non-approved from approved template instantiations.
So simply mark plain ghash as non-approved in testmgr to block any attempts
of direct instantiations in FIPS mode.
Signed-off-by: Nicolai Stange <[email protected]>
Signed-off-by: Vladis Dronov <[email protected]>
Reviewed-by: Eric Biggers <[email protected]>
---
crypto/testmgr.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 562463a77a76..a223cf5f3626 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5125,7 +5125,6 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "ghash",
.test = alg_test_hash,
- .fips_allowed = 1,
.suite = {
.hash = __VECS(ghash_tv_template)
}
--
2.38.1
From: Nicolai Stange <[email protected]>
The kernel provides implementations of the NIST ECDSA signature
verification primitives. For key sizes of 256 and 384 bits respectively
they are approved and can be enabled in FIPS mode. Do so.
Signed-off-by: Nicolai Stange <[email protected]>
Signed-off-by: Vladis Dronov <[email protected]>
Reviewed-by: Eric Biggers <[email protected]>
---
crypto/testmgr.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index a223cf5f3626..795c4858c741 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5034,12 +5034,14 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "ecdsa-nist-p256",
.test = alg_test_akcipher,
+ .fips_allowed = 1,
.suite = {
.akcipher = __VECS(ecdsa_nist_p256_tv_template)
}
}, {
.alg = "ecdsa-nist-p384",
.test = alg_test_akcipher,
+ .fips_allowed = 1,
.suite = {
.akcipher = __VECS(ecdsa_nist_p384_tv_template)
}
--
2.38.1
On Thu, Dec 29, 2022 at 09:37:08PM +0100, Vladis Dronov wrote:
> From: Nicolai Stange <[email protected]>
>
> The kernel provides implementations of the NIST ECDSA signature
> verification primitives. For key sizes of 256 and 384 bits respectively
> they are approved and can be enabled in FIPS mode. Do so.
>
> Signed-off-by: Nicolai Stange <[email protected]>
> Signed-off-by: Vladis Dronov <[email protected]>
> Reviewed-by: Eric Biggers <[email protected]>
Please don't add my Reviewed-by to patches I didn't review. I only gave
Reviewed-by on "[PATCH 2/6] crypto: xts - drop xts_check_key()". I didn't look
at the other patches in the series much, as I'm not very interested in them.
- Eric
On Thu, Dec 29, 2022 at 10:02 PM Eric Biggers <[email protected]> wrote:
> ... skip ...
> Please don't add my Reviewed-by to patches I didn't review. I only gave
> Reviewed-by on "[PATCH 2/6] crypto: xts - drop xts_check_key()". I didn't look
> at the other patches in the series much, as I'm not very interested in them.
>
> - Eric
My bad. I'm sorry for misunderstanding and this traffic and mess. Let me send v3
with your review tag for the patch 2/6 only.
Best regards,
Vladis