Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp869055pxf; Thu, 8 Apr 2021 14:57:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwCSC6DJA5UReb6OuTdtNHN+hR0rc5wDFdMgDzimKsNU9PM+Vflz8FGuuersxz7nByqz97x X-Received: by 2002:a17:906:f56:: with SMTP id h22mr13396550ejj.494.1617919043856; Thu, 08 Apr 2021 14:57:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617919043; cv=none; d=google.com; s=arc-20160816; b=A1XWC9/149qxnXLYWyiY1u1dsAv2VA3XO0f5t2wtjPOrSrUs83Qi0l+wHk/vvGpxee f2U11pcSGMpGKWyhUjkaa1O6Z/CuFNzsEQGNIO02QPDMvbJfaOmsgjy6AjgDYGf+uvtL lSJmqo13Aja/tDCFCN7EiEMfVtX6DwkeLzlbC2rFRvRymqx93HkHkZeSXZ9W7pVoUrbU hqCfzZFBfHMj85Q0gFJnx/3yQ3JmyCu5gHVG2hIityFm6cymKzD5S8A/GWJQAE0iXtcG 8dC3puYSCOQdsCfmur7FyfMRpRb1/tDpOuSdx1NpjMJpwfzfDz5Lvd+Bd0JaHSB0O4HV udwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=E8c9jpFWITAOlT7m5p8zO+XndS8kVhIlBnFNm7YNzCI=; b=dtz6VMKPGCA51jl9CmQeOrxKONXKyC9ecYIkeqOesXFp0xAgvsLqovwG9xmlSj96QY 8SwHIhb7JQ1KJzVdXnqdrge/NqQxhbnOcDzn78AsQL2XJ9MnGfg6hA0TR4etCkgv6ho3 OQmyvP99qjBeu1JyoeFPgJ+VKWlOQFolGOI59q126fz93400TIb4bvl9X/d6urZ5+EVi nO2Bv2Q+rm/eW8mnQlmcM7BTrFe/y4GbU0YCHhIwi1ULFRhLHakmi3QlOYKCIajnIcRT cmi2j3Y7n1zYG0v7WkmbwuuYTDiLXXP6EuhquCC5aZhd9dINBz7+9lyxxShxz6ipuMWd yW4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=GtjVOs3X; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dp16si478824ejc.480.2021.04.08.14.56.53; Thu, 08 Apr 2021 14:57:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=GtjVOs3X; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232350AbhDHV40 (ORCPT + 99 others); Thu, 8 Apr 2021 17:56:26 -0400 Received: from mail.zx2c4.com ([104.131.123.232]:40568 "EHLO mail.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232158AbhDHV40 (ORCPT ); Thu, 8 Apr 2021 17:56:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1617918971; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=E8c9jpFWITAOlT7m5p8zO+XndS8kVhIlBnFNm7YNzCI=; b=GtjVOs3XfNptCCR15XckGdJGWug0G7ZvYVcqi+hSoWm7kTKYImxHBS+3wbXFS6CBEz/uZb Xte6O20rHqpIo8RZyjRP4cmE7cZe2HdjnZaIiDZlh+ZZbuCRQdGkBD2aSHPUNFtV2ykg9H 97c96WbtxaUJAqVLIk4/1nOYc9vD9Bw= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id b9c7ebea (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Thu, 8 Apr 2021 21:56:11 +0000 (UTC) Received: by mail-yb1-f177.google.com with SMTP id j206so4331730ybj.11; Thu, 08 Apr 2021 14:56:11 -0700 (PDT) X-Gm-Message-State: AOAM532Hp4h268A85hbef0Rzzx+9dUeYVIf4vQffOtYIKEBpN3aei5Nq HWIQiWr3TR03p6vAosgXth2KQQoWVpDpv3WFB28= X-Received: by 2002:a05:6902:1003:: with SMTP id w3mr9879167ybt.123.1617918970511; Thu, 08 Apr 2021 14:56:10 -0700 (PDT) MIME-Version: 1.0 References: <20210407113920.3735505-1-liuhangbin@gmail.com> In-Reply-To: From: "Jason A. Donenfeld" Date: Thu, 8 Apr 2021 15:55:59 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH net-next] [RESEND] wireguard: disable in FIPS mode To: Simo Sorce Cc: Hangbin Liu , Netdev , =?UTF-8?B?VG9rZSBIw7hpbGFuZC1Kw7hyZ2Vuc2Vu?= , Jakub Kicinski , Ondrej Mosnacek , Linux Crypto Mailing List Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Apr 8, 2021 at 7:55 AM Simo Sorce wrote: > > I'm not sure this makes so much sense to do _in wireguard_. If you > > feel like the FIPS-allergic part is actually blake, 25519, chacha, and > > poly1305, then wouldn't it make most sense to disable _those_ modules > > instead? And then the various things that rely on those (such as > > wireguard, but maybe there are other things too, like > > security/keys/big_key.c) would be naturally disabled transitively? > > The reason why it is better to disable the whole module is that it > provide much better feedback to users. Letting init go through and then > just fail operations once someone tries to use it is much harder to > deal with in terms of figuring out what went wrong. > Also wireguard seem to be poking directly into the algorithms > implementations and not use the crypto API, so disabling individual > algorithm via the regular fips_enabled mechanism at runtime doesn't > work. What I'm suggesting _would_ work in basically the exact same way as this patch. Namely, something like: diff --git a/lib/crypto/curve25519.c b/lib/crypto/curve25519.c index 288a62cd29b2..b794f49c291a 100644 --- a/lib/crypto/curve25519.c +++ b/lib/crypto/curve25519.c @@ -12,11 +12,15 @@ #include #include #include +#include bool curve25519_selftest(void); static int __init mod_init(void) { + if (!fips_enabled) + return -EOPNOTSUPP; + if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) && WARN_ON(!curve25519_selftest())) return -ENODEV; Making the various lib/crypto/* modules return EOPNOTSUPP will in turn mean that wireguard will refuse to load, due to !fips_enabled. It has the positive effect that all other things that use it will also be EOPNOTSUPP. For example, what are you doing about big_key.c? Right now, I assume nothing. But this way, you'd get all of the various effects for free. Are you going to continuously audit all uses of non-FIPS crypto and add `if (!fips_enabled)` to every new use case, always, everywhere, from now into the boundless future? By adding `if (!fips_enabled)` to wireguard, that's what you're signing yourself up for. Instead, by restricting the lib/crypto/* modules to !fips_enabled, you can get all of those transitive effects without having to do anything additional. Alternatively, I agree with Eric - why not just consider this outside your boundary? Jason