Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1579341pxf; Fri, 9 Apr 2021 11:56:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzWJcQP2nxeck7/M1dCJ6CaBpeJx4wh6JklXvPaNivTJgdCc38ThS7S3bqkZhHwkP+AQw1k X-Received: by 2002:a17:907:3e93:: with SMTP id hs19mr17812771ejc.272.1617994609306; Fri, 09 Apr 2021 11:56:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617994609; cv=none; d=google.com; s=arc-20160816; b=Xh9+coVc25OzcVqDWD1A62S6wjwNZTnK1OcwSqYfWAqu22IrxKFJRseip8nSSR1vhx w1FFZks+9oYMpGJRby2uWW2073pHsmNBzzXZxb0IeaWf0uzvZnM30hOe3/+McAO9zzTG Ad8Vtmk+lcgcUTiHbSkhaheYSaS9DVETT/uYKHrlFiLfL4D5qeMdOTn1Ptqg/uEKw7HB 5ZriDnjf4zDUv+TEY2OND6uz1KNJvM5HQ7qiX/PcQ2lMRHqmrW+C+Lzdqm8M7K6Fg7xh UqOfm8QkSJnNRjnk3ER7nPT0WZbVxPZSbV8p7fVnoDnCNkPWEtdSTpWE8SpsAuZrtoOZ 77wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=yMnXr7T8BfdaOGc/OT+vLMiquBJX5PP0rsxLkYP3Q5Y=; b=gLhPZ3Zdz2NYqoZa75G+oaseBFaahjuqMdlbhek+W9QiUtA9APrRKYqn0V2afgnkUu cKEzyGVDpd6FYZwI5F1DwFTxwfMlFq5+spOQMcoLYD2Coaw1PM5kxSgwaD09mdNWdzzB CBKFVa9fSTgRqUB9DEB1LuaAYfHAL9GO63n9JqIm8wKHJ6xocx2LN1vuNrRKx7SZDPK5 J8poZXGYYoh5BeGmazi0IQhtnIB/d1EIzuEIZwag/ijJz2Jf8BGeUciA1WRwL3zcl7sz bnH0rdzRykUz71dhYQiOUXAsULbjmNE+ZnkuctTHqgg0cZQTLVpAE6tBX5rr4GV2g2Bv vu8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=h8OW+3qm; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e13si2485868ejd.412.2021.04.09.11.56.20; Fri, 09 Apr 2021 11:56:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=h8OW+3qm; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234441AbhDIS4b (ORCPT + 99 others); Fri, 9 Apr 2021 14:56:31 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:48067 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234507AbhDIS4b (ORCPT ); Fri, 9 Apr 2021 14:56:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1617994577; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yMnXr7T8BfdaOGc/OT+vLMiquBJX5PP0rsxLkYP3Q5Y=; b=h8OW+3qmvLWimYWKH+irGeJBm0H8KfT3tXVeAsRz7JmxFY74k/m98wTATCdTN5Eb9nhxrd W2c0AXUryo0Ct+BEHrxOrh8txO55LU+EN0eWUCK5o/0DzqfqN5xP+ooZp9rhEahVaO7OCt qb9glRVQOfvQp/vo2Jt3zyLmPZlSuYA= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-59-8FKorO7dNOO2C_ndeRdCIw-1; Fri, 09 Apr 2021 14:56:15 -0400 X-MC-Unique: 8FKorO7dNOO2C_ndeRdCIw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 892B9100806C; Fri, 9 Apr 2021 18:56:14 +0000 (UTC) Received: from ovpn-112-53.phx2.redhat.com (ovpn-112-53.phx2.redhat.com [10.3.112.53]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E314410027C4; Fri, 9 Apr 2021 18:56:06 +0000 (UTC) Message-ID: <5d6137d0e4ea1d67ee495398f2cb12a1c21653fd.camel@redhat.com> Subject: Re: [PATCH net-next] [RESEND] wireguard: disable in FIPS mode From: Simo Sorce To: "Jason A. Donenfeld" Cc: Ard Biesheuvel , Hangbin Liu , Netdev , Toke =?ISO-8859-1?Q?H=F8iland-J=F8rgensen?= , Jakub Kicinski , Ondrej Mosnacek , Linux Crypto Mailing List , "herbert.xu" Date: Fri, 09 Apr 2021 14:56:05 -0400 In-Reply-To: References: <20210407113920.3735505-1-liuhangbin@gmail.com> <20210409024143.GL2900@Leo-laptop-t470s> <20210409024907.GN2900@Leo-laptop-t470s> <0ef180dea02996fc5f4660405f2333220e8ae4c4.camel@redhat.com> Organization: Red Hat, Inc. Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, 2021-04-09 at 12:36 -0600, Jason A. Donenfeld wrote: > On Fri, Apr 9, 2021 at 6:47 AM Simo Sorce wrote: > > > depends on m || !CRYPTO_FIPS > > > > > > but I am a bit concerned that the rather intricate kconfig > > > dependencies between the generic and arch-optimized versions of those > > > drivers get complicated even further. > > > > Actually this is the opposite direction we are planning to go for > > future fips certifications. > > > > Due to requirements about crypto module naming and versioning in the > > new FIPS-140-3 standard we are planning to always build all the CRYPTO > > as bultin (and maybe even forbid loading additional crypto modules in > > FIPS mode). This is clearly just a vendor choice and has no bearing on > > what upstream ultimately will do, but just throwing it here as a data > > point. > > I'm wondering: do you intend to apply similar patches to all the other > uses of "non-FIPS-certified" crypto in the kernel? I've already > brought up big_key.c, for example. Also if you're intent on adding > this check to WireGuard, because it tunnels packets without using > FIPS-certified crypto primitives, do you also plan on adding this > check to other network tunnels that don't tunnel packets using > FIPS-certified crypto primitives? For example, GRE, VXLAN, GENEVE? I'd > be inclined to take this patch more seriously if it was exhaustive and > coherent for your use case. The targeted hit on WireGuard seems > incoherent as a standalone patch, making it hard to even evaluate. Hi Jason, I can't speak for Hangbin, we do not work for the same company and I was not aware of his efforts until this patch landed. For my part we were already looking at big_key, wireguard and other areas internally, but were not thinking of sending upstream patches like these w/o first a good assessment with our teams and lab that they were proper and sufficient. > So > I think either you should send an exhaustive patch series that forbids > all use of non-FIPS crypto anywhere in the kernel (another example: > net/core/secure_seq.c) in addition to all tunneling modules that don't > use FIPS-certified crypto, or figure out how to disable the lib/crypto > primitives that you want to be disabled in "fips mode". With a > coherent patchset for either of these, we can then evaluate it. Yes a cohesive approach would be ideal, but I do not know if pushing substantially the same checks we have in the Crypto API down to lib/crypto is the right way to go, I am not oppose but I guess Herbert would have to chime in here. -- Simo Sorce RHEL Crypto Team Red Hat, Inc