Received: by 2002:a05:7412:3290:b0:fa:6e18:a558 with SMTP id ev16csp423748rdb; Thu, 25 Jan 2024 22:33:02 -0800 (PST) X-Google-Smtp-Source: AGHT+IHRnaaWiM5qpSI4bkSl25lcZbsH4rIUtsg6tx+EjL+oPmPaybuQSzI+e+dcvqxFDE13kOg5 X-Received: by 2002:a05:600c:548d:b0:40e:89ff:105f with SMTP id iv13-20020a05600c548d00b0040e89ff105fmr473343wmb.17.1706250782147; Thu, 25 Jan 2024 22:33:02 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706250782; cv=pass; d=google.com; s=arc-20160816; b=ZyA12ZK2og+TIwAp1nfY2rdKq+daSSkhzpxqAD6C6aMtbu3dphbEsTj+/ZZkA8neUj BDYLh+qVrAQIk96NT1q8QFNDL+BzIAZIjRnU0IgBG0Cj8i/Sz/KZfnJ25UfYIA3J/SBX 22yUqFnIZBctURnNWWJiZQ+eB8u9HJxj63iTZPsxHwpNWsKNJ07mlw/PcCbloRwr/M4b eqM83Far+Cqwday80lm+kZJtwwYPS7CrHW1LYtir/UI3vizW2f3T0i7V0vFyLzO6evZ+ 7B1Q13L25T+SSq5zy1xRPmJcmHiAEq5mXznACBq3BrIT+TPYe/xeOz4H56Zp6mjTfiCx mHlw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:subject:from:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:date:message-id:dkim-signature; bh=q1k5w2Lq0DudZ7eohvl3aYv4LAxDlVOInw2urlfHPns=; fh=xsnm8G2UXimLIsiAyfFEAH+JQdEctNqK5MGBUeM8d48=; b=A4WwxGME4yHs0sS0IeYSbcNdGDOuuqRWvWLnVED01/NPXAlIznFGLhuArvqH6+gZ8W fSuK7BdUuBo8TWPT8xS9SzArcPwraZELRbcyHCNwBBt6sR2hBAxobNGd2EAsTEJ94I1b U5d9VyeQKnHoC7S41OTUNpsfqudX2L6JLxwXEyJ8OoTJDnyR0wXegA+O2ACfgT+eRLv6 ZsCz7QdTzR+ZlbZshlQaLiURX94X8kUx8SawgWno6YGPQHvrOxtN8ZhJnYW+GLIULMzS Sl3MYRfIooo3oqRZEURUNZ3xOiI744g4JzYlVbHi+XD+DjKT4sCLgu+JKabVWYNDprPu skSw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@jvdsn.com header.s=mail header.b=7dZap3Ml; arc=pass (i=1 spf=pass spfdomain=jvdsn.com dkim=pass dkdomain=jvdsn.com dmarc=pass fromdomain=jvdsn.com); spf=pass (google.com: domain of linux-crypto+bounces-1641-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1641-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=jvdsn.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id cd15-20020a170906b34f00b00a2b23f08c5asi257914ejb.808.2024.01.25.22.33.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jan 2024 22:33:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-1641-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@jvdsn.com header.s=mail header.b=7dZap3Ml; arc=pass (i=1 spf=pass spfdomain=jvdsn.com dkim=pass dkdomain=jvdsn.com dmarc=pass fromdomain=jvdsn.com); spf=pass (google.com: domain of linux-crypto+bounces-1641-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1641-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=jvdsn.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 4BFEE1F23BDA for ; Fri, 26 Jan 2024 06:33:01 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CD878C2E3; Fri, 26 Jan 2024 06:13:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=jvdsn.com header.i=@jvdsn.com header.b="7dZap3Ml" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.jvdsn.com (smtp.jvdsn.com [129.153.194.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE2BBBE65 for ; Fri, 26 Jan 2024 06:13:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=129.153.194.31 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706249590; cv=none; b=NgghGuluT05CvHBwOebUL60PgEzdX1y/rh1lZOSGh69XWjeNvyUKi3Yu3nQ2drQSgFfWT1Beqkmfw34nxIzAMMmXi1FqgWW7kS5IbfJgzUBTRKkJDhppCzaj7PWozw9MTyOb5tudphtz/QDYm+Nc2qe46A2agOFAoTdOYD7h+VM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706249590; c=relaxed/simple; bh=pXO9bmd7s3XRMWB3J0KjhHGGtIDYTGw3RaJ8EEuMvKg=; h=Message-ID:Date:MIME-Version:From:Subject:To:Cc:References: In-Reply-To:Content-Type; b=ED8xAtYO98eB78kzEQKC1FWwwdQQ3XQhrN63n14Fu7QbOhMwgsoPbc0Q9osozAHZ47fLTxf+s1UNxla6NqGZZKOoV1ff06LgHi9y0gFuLu2EH+Lxepl5UTysHnsGpxxpF45lAaFUfNql83L62gmCEx9khKbmVPutDrighQbEySI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=jvdsn.com; spf=pass smtp.mailfrom=jvdsn.com; dkim=pass (2048-bit key) header.d=jvdsn.com header.i=@jvdsn.com header.b=7dZap3Ml; arc=none smtp.client-ip=129.153.194.31 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=jvdsn.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=jvdsn.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=jvdsn.com; s=mail; t=1706249582; bh=pXO9bmd7s3XRMWB3J0KjhHGGtIDYTGw3RaJ8EEuMvKg=; h=Date:From:Subject:To:Cc:References:In-Reply-To; b=7dZap3MlqLJTqXYNExjKJzQDrgs3JUeR1exAQtXp7feapH6OJD2syZDg9XqYAe2ni 4PROaRZAotppufnAKrbhWmERcMgYA+Z4n0vSyooTd6vPJnzGQrAy2xTNcFUf0dYt0H iCEPeb4+Ve0MfroyeI1RiPYw5OFjSBdlQy8dH3vxI/2YC17PwTxwjwHCOW8EoBPRjj etuecqw1xi/c3KWLBtA6dHuJ27w8g/EPH9b883V/KskbRYwDeyKom6HuZWw01AMYBI m9qAG5DTAzhCW8jbpGtv05wCBn7tN7tQZMKBQwdDZkHS9nLaf2w5eoVXqFMFwdCXPr D7aJsmW8ySL1Q== Message-ID: Date: Fri, 26 Jan 2024 00:13:00 -0600 Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Joachim Vandersmissen Subject: Re: [PATCH] crypto: rsa - restrict plaintext/ciphertext values more in FIPS mode To: Herbert Xu Cc: linux-crypto@vger.kernel.org References: <20240121194901.344206-1-git@jvdsn.com> Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi Herbert, On 1/25/24 23:58, Herbert Xu wrote: > On Sun, Jan 21, 2024 at 01:49:00PM -0600, Joachim Vandersmissen wrote: >> static int _rsa_enc(const struct rsa_mpi_key *key, MPI c, MPI m) >> { >> + /* For FIPS, SP 800-56Br2, Section 7.1.1 requires 1 < m < n - 1 */ >> + if (fips_enabled && rsa_check_payload_fips(m, key->n)) >> + return -EINVAL; >> + >> /* (1) Validate 0 <= m < n */ >> if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0) >> return -EINVAL; > I think this check makes sense in general, so why not simply > replace the second check above with the new check? Yes, mathematically speaking the values 1 and n - 1 aren't suitable for RSA (they will always be fixed points). I simply didn't want to introduce a breaking change. If you think a breaking change is acceptable, I can update the patch to replace the RFC3447 check with the stricter check. > > Thanks,