Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1539676pxb; Wed, 2 Feb 2022 07:14:48 -0800 (PST) X-Google-Smtp-Source: ABdhPJwfmtZSkw83jBigIFm+dFaLkZcrt5+6xLBJx8CXTVPcHQS4PdErj3nG7s5uysQkb3It0O4x X-Received: by 2002:a63:6b42:: with SMTP id g63mr1019688pgc.602.1643814888221; Wed, 02 Feb 2022 07:14:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643814888; cv=none; d=google.com; s=arc-20160816; b=R6RxTAtznUn6tQmpos7z8LwftoJ8OcAs67deR0SAklg5ele4z0V/zWarnVBm1H//9j DJZIG9Pj/6JowYFrHPeMZLxi9j4lw8p9GY8JCV/9Rjph1QChOhbp9wUjOPO0wgaFuzO7 j0LPQuebZ0YmdkMOlZc2UC0FrPuGa7HYMZn7DXj4KCsd7EA/e6RlKNtdQss5yZc1cSGm ARTOE8q9y9Q1Uk62aHazk4bhXC/P32nR71sUJbx7vhEKmbeEw8MI8alS+SqGe4HlTJAi 1wqZqGA1Z2Bvrj+MiD7EN/z90SMIGSIck4cNs7g6u1EadrlhCIYdErX2mSjzfEJX+2MP CP2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Hoq+1GvjyDP+LnUuXsbVZdQkiPxTQoykQ/5FRvYeElw=; b=ICYGt+u66INMozvu2TpP/ksEyOtza1UHvhJt6Db9mX515Owf8MuyoB/b7J13+gBGNu 97OqerZcuoWu5+gAWnqOqQ9XZKI3f7KSCvIzLZZkRqS675Xc3L2ANWvVZYhA6wYVrX7g VytFmSMmJ4DU6Hw4B9R7GWmoW80UA9wXGJ/qsIKoz0CC/LW9oZfvRT7wgZjLzHrsTp7E s3b8EvJpxUgTq5Vyg2fAjkbYYOqgoAyRWB4a6382GOo8WrLj4sfD0sQJTVbWAIC6olKn gnI7Ij1Sm4idJI3zIaQjA4c9Rf5FfCQ0r6CuD8yFmUTAaS94A40icRV6mVpgevHh+5ik XxhQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=C39kp7xV; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b2si18168389plx.189.2022.02.02.07.14.29; Wed, 02 Feb 2022 07:14:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=C39kp7xV; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235056AbiBAImL (ORCPT + 99 others); Tue, 1 Feb 2022 03:42:11 -0500 Received: from mo4-p01-ob.smtp.rzone.de ([81.169.146.164]:40533 "EHLO mo4-p01-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231712AbiBAImK (ORCPT ); Tue, 1 Feb 2022 03:42:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1643704927; s=strato-dkim-0002; d=chronox.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=Hoq+1GvjyDP+LnUuXsbVZdQkiPxTQoykQ/5FRvYeElw=; b=C39kp7xVmGOdV2Un4zN91oNG4CPdczt0PY/Y8eI/rfLzVX7Fq/eBJQXEX/3MLrHSAb e2AgWqpgk1KFtOXJ3d76+hxC4ZDhmIp8rs5z/mPplfY6DJqHNd0uLDWj4MfBlJd9TOSu LBJVRBCvdENF/BWXn6J1ptepeKfxjDUbewEFbXJx0H3Yee2kywMe2YEyWRHMklbov4U6 8at2odNj6lt7/ki1IDU6lQbzqqzvntPD66oz2n7tz0wd6mzwVwK4eoNCB9OflrpP9vMd qTbWLO1YyFeSCDtoRLsnu2vntp+lMZF02cXC/IXWCi4icNvvFSC31EyllZ2FPzYIGo3i XKpg== Authentication-Results: strato.com; dkim=none X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9zW8BKRp5UFiyGZZ4jof7Xg==" X-RZG-CLASS-ID: mo00 Received: from positron.chronox.de by smtp.strato.de (RZmta 47.39.0 AUTH) with ESMTPSA id z28df7y118g63Jt (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Tue, 1 Feb 2022 09:42:06 +0100 (CET) From: Stephan =?ISO-8859-1?Q?M=FCller?= To: Herbert Xu Cc: linux-crypto@vger.kernel.org, Niolai Stange , Simo Sorce Subject: [PATCH v2 0/2] crypto: HMAC - disallow keys < 112 bits in FIPS mode Date: Tue, 01 Feb 2022 09:40:24 +0100 Message-ID: <4609802.vXUDI8C0e8@positron.chronox.de> In-Reply-To: References: <2075651.9o76ZdvQCi@positron.chronox.de> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi, this is patch set version 2 for adding the HMAC limitation to disallow keys < 112 bits in FIPS mode. Version 2 changes: As requested, instead of ifdef'ing test vectors out that violate the constraint added with this patch set, they are compiled but disabled in FIPS mode based on the .fips_skip flag. The first patch adds the generic support for the fips_skip flag to hashes / HMAC test vectors similarly to the support found for symmetric algorithms. The second patch uses the fips_skip flag to mark offending test vectors. Stephan Mueller (2): crypto: HMAC - add fips_skip support crypto: HMAC - disallow keys < 112 bits in FIPS mode crypto/hmac.c | 4 ++++ crypto/testmgr.c | 3 +++ crypto/testmgr.h | 11 +++++++++++ 3 files changed, 18 insertions(+) -- 2.33.1