Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1126829pxf; Fri, 9 Apr 2021 00:09:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzeq7vLUngchxs1DAJRBjp7O0/e4SdC+Akda/FZVvMQSBUp3mDSDc0amo8jxrJedUx15H+y X-Received: by 2002:a62:f84a:0:b029:245:17e4:bde2 with SMTP id c10-20020a62f84a0000b029024517e4bde2mr5539901pfm.64.1617952180404; Fri, 09 Apr 2021 00:09:40 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1617952180; cv=pass; d=google.com; s=arc-20160816; b=abL7JoOQ5GBxtjwldQ7le8gM39xHfsep3OoX3PZkcP5EtBcMNuKKMTgUJyeT/Sn/cV B89wpytPVuq2jqVwLqye4L9+jn3XnLW3OmeuYGspenIvtLQ++bbs3gk2oMhUEnpaQzJz +xJDbyFu9F2k22yis6NThIINUlynncMxyMZPHlHtKZOpm84oaEivcTmX163ARa00LBuG 4A9TyiV2/djCEFAada4RAW9SVeM9iJgvZQJ3DE5pfDV7H7ExA1ud72NXhDbVg7qt5pxP rxYbnDh4WPFt+d3N2WDKq5kkHdSkMu19Ujzu3Xz2FANu9TWzpwWcN8NPYIdQYe2ur93Z hTiw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=Bg6gn2LOvwTZ42howqjgccJ3uIiQX7ptCiz4jhSxmsA=; b=F4jvqGK08xyO83n0DeNLPZN25jM6ZWvfB4FeMEfRv2+RsK1QhQ+IzMCwAqOciUtxoq PzXtH1tKlKEsapqVM6nMMM4FxN5ZU9hzLoRlC91rqOhXm085vVJWJIBFEErdjeAUiaIR JX+0U3QC2gDplp9q8TCkYFJgLglkXfWclWZf1abqGKFCnVbba/yfHhYHBSJyZnMvg0ly 6Thp6/1XkbzJFhazMuBnUn6QRj9z/r0rboV42YuXBK4s3ELg+w/VQx3Sj1zVXIsEGlSt wSafa6M+6sRKflTo/tKCcJqPZldAJVimgh6HTnvBzxuUOfO1sGn+Xy/4vm/jdrfzpwJO A+1Q== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b="EZ/4R+OC"; arc=pass (i=1); spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e22si1954532pgl.481.2021.04.09.00.09.19; Fri, 09 Apr 2021 00:09:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b="EZ/4R+OC"; arc=pass (i=1); spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233333AbhDIHIw (ORCPT + 99 others); Fri, 9 Apr 2021 03:08:52 -0400 Received: from mo4-p01-ob.smtp.rzone.de ([81.169.146.166]:22540 "EHLO mo4-p01-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232796AbhDIHIw (ORCPT ); Fri, 9 Apr 2021 03:08:52 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1617952102; cv=none; d=strato.com; s=strato-dkim-0002; b=od1vyhFW61SKsfyryISOtz3sQDNdFyJHp8ZmjFBwsPN6WRQIjj5c0YZ1cSQIioMZlM 7eN1UMr1+onaviJrXJSt8eJ48uWgGIyB+iWc0XQF8Z7vzJAfRPge9ZDF26zx23W0JXJT DiHDJYBlX7nCLuYkkdIoYQXf3IKcWGhlau3nQNYgFB03KlWBdMwy16p5YO+Whmq1y9D6 2W6cbD6yw7hr9k1epA4HG1aMcMuGqDN3woayP9FPBqsb6dlwDLW8u8+Vw8B4+O4cFSpe GO+X9EOCtrAlOOYw8Xq+DsqbLAmYiDuSFhGLQ1tC4+5+e6+I/86VI1RH26pGQbcHiUOg C0eA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1617952102; s=strato-dkim-0002; d=strato.com; h=References:In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Cc:Date: From:Subject:Sender; bh=Bg6gn2LOvwTZ42howqjgccJ3uIiQX7ptCiz4jhSxmsA=; b=WP1jGw5mZVdj+254EruxVNcjGvPkUIztWcfOP1xxyWCWSsOmmMvDV2JRcKE0hLI18o qsA/q2QDVQl+Y+X/KyDQPyQG3rV8kHK+GY/knOjv4b4FHNaHvwkeDLw8w6j8B/EbWbgH aejz6sFhVHxsKVLlwxd5tURxBYMetypMoAEn36zYsolWNVy6+GX5sRYrNy0g5F5/E1rt j6OZFAs1DjblymWl2s/u/btsvfHco8crRhmxYhLk/+wuSzd7PHGqBRjpk6ljHjhItswF osAqRQgJKK/0P/ZEhuOuRDaMoe5TAIoTdXud7CsKdcvdSu9iDXltKa9NsNLZ1ZHXupG+ HGlw== ARC-Authentication-Results: i=1; strato.com; dkim=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1617952102; s=strato-dkim-0002; d=chronox.de; h=References:In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Cc:Date: From:Subject:Sender; bh=Bg6gn2LOvwTZ42howqjgccJ3uIiQX7ptCiz4jhSxmsA=; b=EZ/4R+OCZU8lp+IC9v/0CvzdQsI+6FPgJShMPFpwhsMdpMJbgXYTINwnvS9qr/ndhc /NtzppttEnEyZO3kQSSPjuOGuoMpRVBtFk4tXrjDph8svc3ZYiLy/yK3gNaDoewXRrkM +RH1tte6mx6/0POaFi7GdZLD15BjdqExstMurGSyywmEshewIdn68eaMUaNE7oYcvvCY BjFXJnHfUu9/A7SEk6b5PNgu0pBqAMQqB+C0CfMLp0O1czhlJy2NjloGJV02DT/FFh+2 iycUug6C3HrJ3sa42/N0hhOECyvnAcv/M/nA5IRIGP09VnjOgx12EkPR+My4C8jgrjyW 7oQA== Authentication-Results: strato.com; dkim=none X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNzyCzy1Sfr67uExK884EC0GFGHavJSpCkMFYXg==" X-RZG-CLASS-ID: mo00 Received: from tauon.chronox.de by smtp.strato.de (RZmta 47.24.0 DYNA|AUTH) with ESMTPSA id R06d2dx3978LC2i (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Fri, 9 Apr 2021 09:08:21 +0200 (CEST) Message-ID: <7c2b6eff291b2d326e96c3a5f9cd70aa4ef92df3.camel@chronox.de> Subject: Re: [PATCH net-next] [RESEND] wireguard: disable in FIPS mode From: Stephan Mueller To: Hangbin Liu , Eric Biggers Cc: netdev@vger.kernel.org, "Jason A . Donenfeld" , Toke =?ISO-8859-1?Q?H=F8iland-J=F8rgensen?= , Jakub Kicinski , Herbert Xu , Ondrej Mosnacek , linux-crypto@vger.kernel.org Date: Fri, 09 Apr 2021 09:08:20 +0200 In-Reply-To: <20210409021121.GK2900@Leo-laptop-t470s> References: <20210407113920.3735505-1-liuhangbin@gmail.com> <20210408010640.GH2900@Leo-laptop-t470s> <20210408115808.GJ2900@Leo-laptop-t470s> <20210409021121.GK2900@Leo-laptop-t470s> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.4 (3.38.4-1.fc33) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Am Freitag, dem 09.04.2021 um 10:11 +0800 schrieb Hangbin Liu: > On Thu, Apr 08, 2021 at 08:11:34AM -0700, Eric Biggers wrote: > > On Thu, Apr 08, 2021 at 07:58:08PM +0800, Hangbin Liu wrote: > > > On Thu, Apr 08, 2021 at 09:06:52AM +0800, Hangbin Liu wrote: > > > > > Also, couldn't you just consider WireGuard to be outside your FIPS > > > > > module > > > > > boundary, which would remove it from the scope of the certification? > > > > > > > > > > And how do you handle all the other places in the kernel that use > > > > > ChaCha20 and > > > > > SipHash?  For example, drivers/char/random.c? > > > > > > > > Good question, I will check it and reply to you later. > > > > > > I just read the code. The drivers/char/random.c do has some fips > > > specific > > > parts(seems not related to crypto). After commit e192be9d9a30 ("random: > > > replace > > > non-blocking pool with a Chacha20-based CRNG") we moved part of chacha > > > code to > > > lib/chacha20.c and make that code out of control. > > > > > So you are saying that you removed drivers/char/random.c and > > lib/chacha20.c from > > your FIPS module boundary?  Why not do the same for WireGuard? > > No, I mean this looks like a bug (using not allowed crypto in FIPS mode) and > we should fix it. The entirety of random.c is not compliant to FIPS rules. ChaCha20 is the least of the problems. SP800-90B is the challenge. This is one of the motivation of the design and architecture of the LRNG allowing different types of crypto and have a different approach to post-process the data. https://github.com/smuellerDD/lrng Ciao Stephan > > Thanks > Hangbin