Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1539676pxb;
        Wed, 2 Feb 2022 07:14:48 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwfmtZSkw83jBigIFm+dFaLkZcrt5+6xLBJx8CXTVPcHQS4PdErj3nG7s5uysQkb3It0O4x
X-Received: by 2002:a63:6b42:: with SMTP id g63mr1019688pgc.602.1643814888221;
        Wed, 02 Feb 2022 07:14:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1643814888; cv=none;
        d=google.com; s=arc-20160816;
        b=R6RxTAtznUn6tQmpos7z8LwftoJ8OcAs67deR0SAklg5ele4z0V/zWarnVBm1H//9j
         DJZIG9Pj/6JowYFrHPeMZLxi9j4lw8p9GY8JCV/9Rjph1QChOhbp9wUjOPO0wgaFuzO7
         j0LPQuebZ0YmdkMOlZc2UC0FrPuGa7HYMZn7DXj4KCsd7EA/e6RlKNtdQss5yZc1cSGm
         ARTOE8q9y9Q1Uk62aHazk4bhXC/P32nR71sUJbx7vhEKmbeEw8MI8alS+SqGe4HlTJAi
         1wqZqGA1Z2Bvrj+MiD7EN/z90SMIGSIck4cNs7g6u1EadrlhCIYdErX2mSjzfEJX+2MP
         CP2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=Hoq+1GvjyDP+LnUuXsbVZdQkiPxTQoykQ/5FRvYeElw=;
        b=ICYGt+u66INMozvu2TpP/ksEyOtza1UHvhJt6Db9mX515Owf8MuyoB/b7J13+gBGNu
         97OqerZcuoWu5+gAWnqOqQ9XZKI3f7KSCvIzLZZkRqS675Xc3L2ANWvVZYhA6wYVrX7g
         VytFmSMmJ4DU6Hw4B9R7GWmoW80UA9wXGJ/qsIKoz0CC/LW9oZfvRT7wgZjLzHrsTp7E
         s3b8EvJpxUgTq5Vyg2fAjkbYYOqgoAyRWB4a6382GOo8WrLj4sfD0sQJTVbWAIC6olKn
         gnI7Ij1Sm4idJI3zIaQjA4c9Rf5FfCQ0r6CuD8yFmUTAaS94A40icRV6mVpgevHh+5ik
         XxhQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=C39kp7xV;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id b2si18168389plx.189.2022.02.02.07.14.29;
        Wed, 02 Feb 2022 07:14:48 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=C39kp7xV;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235056AbiBAImL (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 99 others); Tue, 1 Feb 2022 03:42:11 -0500
Received: from mo4-p01-ob.smtp.rzone.de ([81.169.146.164]:40533 "EHLO
        mo4-p01-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231712AbiBAImK (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 1 Feb 2022 03:42:10 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1643704927;
    s=strato-dkim-0002; d=chronox.de;
    h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date:
    From:Subject:Sender;
    bh=Hoq+1GvjyDP+LnUuXsbVZdQkiPxTQoykQ/5FRvYeElw=;
    b=C39kp7xVmGOdV2Un4zN91oNG4CPdczt0PY/Y8eI/rfLzVX7Fq/eBJQXEX/3MLrHSAb
    e2AgWqpgk1KFtOXJ3d76+hxC4ZDhmIp8rs5z/mPplfY6DJqHNd0uLDWj4MfBlJd9TOSu
    LBJVRBCvdENF/BWXn6J1ptepeKfxjDUbewEFbXJx0H3Yee2kywMe2YEyWRHMklbov4U6
    8at2odNj6lt7/ki1IDU6lQbzqqzvntPD66oz2n7tz0wd6mzwVwK4eoNCB9OflrpP9vMd
    qTbWLO1YyFeSCDtoRLsnu2vntp+lMZF02cXC/IXWCi4icNvvFSC31EyllZ2FPzYIGo3i
    XKpg==
Authentication-Results: strato.com;
    dkim=none
X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9zW8BKRp5UFiyGZZ4jof7Xg=="
X-RZG-CLASS-ID: mo00
Received: from positron.chronox.de
    by smtp.strato.de (RZmta 47.39.0 AUTH)
    with ESMTPSA id z28df7y118g63Jt
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
        (Client did not present a certificate);
    Tue, 1 Feb 2022 09:42:06 +0100 (CET)
From:   Stephan =?ISO-8859-1?Q?M=FCller?= <smueller@chronox.de>
To:     Herbert Xu <herbert@gondor.apana.org.au>
Cc:     linux-crypto@vger.kernel.org, Niolai Stange <nstange@suse.com>,
        Simo Sorce <simo@redhat.com>
Subject: [PATCH v2 0/2] crypto: HMAC - disallow keys < 112 bits in FIPS mode
Date:   Tue, 01 Feb 2022 09:40:24 +0100
Message-ID: <4609802.vXUDI8C0e8@positron.chronox.de>
In-Reply-To: <YfN1HKqL9GT9R25Z@gondor.apana.org.au>
References: <2075651.9o76ZdvQCi@positron.chronox.de> <YfN1HKqL9GT9R25Z@gondor.apana.org.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Hi,

this is patch set version 2 for adding the HMAC limitation to disallow
keys < 112 bits in FIPS mode.

Version 2 changes:

As requested, instead of ifdef'ing test vectors out that violate the
constraint added with this patch set, they are compiled but disabled in
FIPS mode based on the .fips_skip flag.

The first patch adds the generic support for the fips_skip flag to
hashes / HMAC test vectors similarly to the support found for symmetric
algorithms.

The second patch uses the fips_skip flag to mark offending test vectors.

Stephan Mueller (2):
  crypto: HMAC - add fips_skip support
  crypto: HMAC - disallow keys < 112 bits in FIPS mode

 crypto/hmac.c    |  4 ++++
 crypto/testmgr.c |  3 +++
 crypto/testmgr.h | 11 +++++++++++
 3 files changed, 18 insertions(+)

-- 
2.33.1