Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp919478pxf;
        Wed, 7 Apr 2021 15:04:41 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzB3yc8iwzyKoeGP8YfpIJbev3Iw67yV0L2kUCtKMDsI70dgp41BdJuTLFaiGMXrERRowNF
X-Received: by 2002:a05:6a00:1595:b029:217:49e9:2429 with SMTP id u21-20020a056a001595b029021749e92429mr4825568pfk.80.1617833080927;
        Wed, 07 Apr 2021 15:04:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617833080; cv=none;
        d=google.com; s=arc-20160816;
        b=qZQC/qDJaUjb65a+CnimGPeJUHojLv5dcCSvAXyagWBs13Zgp/oqst3mKMhoD8P7Tz
         pytE/phUwNNypAgXVJfn5Y7QSIUhH2qnM9OCF0b1FEhjT7u5OV7Wtlg5x6PPZ4sH5tni
         3sziwU8EHUAud524WBf1P3O3BdvnzbOYgULpAXdXcaDfuT+hrzjPciwexO+HptDQLQBp
         VkpOPphUQN/dZs2x4a2ptYvjiGBbbRHGTUZ3H+6zmDfndNTpRc8w7AWTg+JW+J4aS2pH
         +Gm3/OSQui2caEfWBlRW2Tha2FdtIscYHfUjaHEPy16+F9qOePslDjyHc5bFBxHCnc7J
         hYeQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=qw8RLEnrjN6FG53e4HXAWRO+84tYWLn9CPUHWM489WY=;
        b=dECQK0ObqneTYbftK5X5m1I/F59TXyCIb7EOYXn1tqx7hZQtVGDoVau69bVZt7gfDX
         jmO/sCVWgw9+lp9zZfTqQDwXZbFkGkvW6+GiC7nUv+KDtKssfax4Xo645IYGdgQqf8TK
         7e6gZaDoVCkEWpRUzFHEaLH31c/7Y554WD6tcRo2Cw4PyFQTCiZl7Cf1Yszo07q3VEB2
         4L+tUM89fNQzF+poqUkLTbaUEH5tV8w7cp5CJHaHn5dXcbT7k4MxQxIVkeru8Q6aGuvW
         TLx9KpMLrZ13hz3s4eIzhY42X3/+vMxJCKqUrhAJHN2h/zz9qRzYCfTH4imzkU6CDJ7E
         xytg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=kOkMQRKb;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id t12si7856221pjv.153.2021.04.07.15.04.20;
        Wed, 07 Apr 2021 15:04:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=kOkMQRKb;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229828AbhDGVMj (ORCPT <rfc822;dave.gstir+lkml@gmail.com>
        + 99 others); Wed, 7 Apr 2021 17:12:39 -0400
Received: from mail.kernel.org ([198.145.29.99]:41140 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S229469AbhDGVMj (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Wed, 7 Apr 2021 17:12:39 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 2F939611CC;
        Wed,  7 Apr 2021 21:12:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1617829949;
        bh=3ClaiXmoMxpwLarSFjiRGpAykEyCSoeO2i4RKoiLJjw=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=kOkMQRKbNoGZJir5IqZsa5DWckU2utpxegMfi2tXvaKN+tznLQ7b/vsTrWy04J+US
         8wFdOOQgZs0I7yE2+Uvih6z0fTTKY7hiAFLghtdJjMCsAcxhMROLwnOFHyHNccZh61
         Rj0HWfzalucRa9+8Nl+TPR85leQgELeDc6dmc9iXjx8U/Ipl08BNFUdLcAhFaZM4Gp
         /sGicmeMgHkEFuegFgWMF6N9FI2Jwq/m54G/CBeQYa5rj5OWVwH/jpPUvCRqERbbpd
         l9hD5iGXLX/ncCAgPsU6yc9xAr9sqklpN0xnquKMbyH5hbUQyITRFyoQqlHIFdehWC
         18M//9JNefbKQ==
Date:   Wed, 7 Apr 2021 14:12:27 -0700
From:   Eric Biggers <ebiggers@kernel.org>
To:     Hangbin Liu <liuhangbin@gmail.com>
Cc:     netdev@vger.kernel.org, "Jason A . Donenfeld" <Jason@zx2c4.com>,
        Toke =?iso-8859-1?Q?H=F8iland-J=F8rgensen?= <toke@redhat.com>,
        Jakub Kicinski <kuba@kernel.org>,
        Ondrej Mosnacek <omosnace@redhat.com>,
        linux-crypto@vger.kernel.org
Subject: Re: [PATCH net-next] [RESEND] wireguard: disable in FIPS mode
Message-ID: <YG4gO15Q2CzTwlO7@quark.localdomain>
References: <20210407113920.3735505-1-liuhangbin@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210407113920.3735505-1-liuhangbin@gmail.com>
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Wed, Apr 07, 2021 at 07:39:20PM +0800, Hangbin Liu wrote:
> As the cryptos(BLAKE2S, Curve25519, CHACHA20POLY1305) in WireGuard are not
> FIPS certified, the WireGuard module should be disabled in FIPS mode.
> 
> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>

I think you mean "FIPS allowed", not "FIPS certified"?  Even if it used FIPS
allowed algorithms like AES, the Linux kernel doesn't come with any sort of FIPS
certification out of the box.

Also, couldn't you just consider WireGuard to be outside your FIPS module
boundary, which would remove it from the scope of the certification?

And how do you handle all the other places in the kernel that use ChaCha20 and
SipHash?  For example, drivers/char/random.c?

- Eric