From: Nicolai Stange <nstange@suse.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Stephan Mueller <smueller@chronox.de>,
Nicolai Stange <nstange@suse.de>,
"David S. Miller" <davem@davemloft.net>,
Hannes Reinecke <hare@suse.de>, Torsten Duwe <duwe@suse.de>,
Zaibo Xu <xuzaibo@huawei.com>,
Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
David Howells <dhowells@redhat.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
qat-linux@intel.com, keyrings@vger.kernel.org, simo@redhat.com,
Eric Biggers <ebiggers@kernel.org>, Petr Vorel <pvorel@suse.cz>
Subject: Re: [PATCH] crypto: api - Disallow sha1 in FIPS-mode while allowing hmac(sha1)
Date: Tue, 11 Jan 2022 08:50:18 +0100 [thread overview]
Message-ID: <871r1eyamd.fsf@suse.de> (raw)
In-Reply-To: <Yd0gInht+V+Kcsw2@gondor.apana.org.au> (Herbert Xu's message of "Tue, 11 Jan 2022 17:13:54 +1100")
Hi Herbert,
Herbert Xu <herbert@gondor.apana.org.au> writes:
> On Fri, Jan 07, 2022 at 01:44:34PM +1100, Herbert Xu wrote:
>>
>> I'm already writing this up for sha1 anyway so let me polish it
>> off and I'll post it soon which you can then reuse it for dh.
>
> Here is something that seems to work for sha1/hmac. Please let
> me know if you see any issues with this approach for dh.
>
> Thanks,
>
> ---8<---
> Currently we do not distinguish between algorithms that fail on
> the self-test vs. those which are disabled in FIPS mode (not allowed).
> Both are marked as having failed the self-test.
>
> As it has been requested that we need to disable sha1 in FIPS
> mode while still allowing hmac(sha1) this approach needs to change.
>
> This patch allows this scenario by adding a new flag FIPS_INTERNAL
> to indicate those algorithms that have passed the self-test and are
> not FIPS-allowed. They can then be used for the self-testing of
> other algorithms or by those that are explicitly allowed to use them
> (currently just hmac).
I haven't tried, but wouldn't this allow the instantiation of e.g.
hmac(blake2s-256) in FIPS mode?
Thanks,
Nicolai
>
> Note that as a side-effect of this patch algorithms which are not
> FIPS-allowed will now return ENOENT instead of ELIBBAD. Hopefully
> this is not an issue as some people were relying on this already.
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>
--
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg), GF: Ivo Totev
next prev parent reply other threads:[~2022-01-11 7:50 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-09 9:03 [PATCH v2 00/18] crypto: dh - infrastructure for NVM in-band auth and FIPS conformance Nicolai Stange
2021-12-09 9:03 ` [PATCH v2 01/18] crypto: dh - remove struct dh's ->q member Nicolai Stange
2021-12-09 9:03 ` [PATCH v2 02/18] crypto: dh - constify struct dh's pointer members Nicolai Stange
2021-12-09 9:03 ` [PATCH v2 03/18] crypto: dh - optimize domain parameter serialization for well-known groups Nicolai Stange
2021-12-10 11:33 ` Hannes Reinecke
2021-12-13 10:06 ` Nicolai Stange
2021-12-13 10:10 ` Hannes Reinecke
2021-12-17 5:52 ` Herbert Xu
2021-12-20 15:27 ` Nicolai Stange
2021-12-29 2:14 ` Herbert Xu
2022-01-06 14:30 ` Stephan Mueller
2022-01-07 2:44 ` Herbert Xu
2022-01-07 6:37 ` Nicolai Stange
2022-01-11 6:13 ` [PATCH] crypto: api - Disallow sha1 in FIPS-mode while allowing hmac(sha1) Herbert Xu
2022-01-11 7:50 ` Nicolai Stange [this message]
2022-01-11 10:34 ` Herbert Xu
2022-01-14 6:16 ` [v2 PATCH] " Herbert Xu
2022-01-14 9:09 ` Nicolai Stange
2022-01-14 10:55 ` Herbert Xu
2022-01-14 12:34 ` Nicolai Stange
2022-01-14 12:35 ` Stephan Mueller
2022-01-14 12:54 ` James Bottomley
2022-01-26 9:01 ` Stephan Mueller
2022-01-28 14:14 ` Nicolai Stange
2022-01-28 15:49 ` Stephan Mueller
2022-02-02 10:09 ` Nicolai Stange
2022-01-07 7:01 ` [PATCH v2 03/18] crypto: dh - optimize domain parameter serialization for well-known groups Nicolai Stange
2021-12-09 9:03 ` [PATCH v2 04/18] crypto: dh - introduce RFC 7919 safe-prime groups Nicolai Stange
2021-12-10 11:34 ` Hannes Reinecke
2021-12-09 9:03 ` [PATCH v2 05/18] crypto: testmgr - add DH RFC 7919 ffdhe3072 test vector Nicolai Stange
2021-12-10 11:34 ` Hannes Reinecke
2021-12-09 9:03 ` [PATCH v2 06/18] crypto: dh - introduce RFC 3526 safe-prime groups Nicolai Stange
2021-12-10 11:35 ` Hannes Reinecke
2021-12-09 9:03 ` [PATCH v2 07/18] crypto: testmgr - add DH RFC 3526 modp2048 test vector Nicolai Stange
2021-12-09 9:03 ` [PATCH v2 08/18] crypto: testmgr - run only subset of DH vectors based on config Nicolai Stange
2021-12-10 11:36 ` Hannes Reinecke
2021-12-09 9:03 ` [PATCH v2 09/18] crypto: dh - implement private key generation primitive Nicolai Stange
2021-12-09 9:03 ` [PATCH v2 10/18] crypto: dh - introduce support for ephemeral key generation to dh-generic Nicolai Stange
2021-12-09 9:03 ` [PATCH v2 11/18] crypto: dh - introduce support for ephemeral key generation to hpre driver Nicolai Stange
2021-12-09 9:03 ` [PATCH v2 12/18] crypto: dh - introduce support for ephemeral key generation to qat driver Nicolai Stange
2021-12-15 21:54 ` Giovanni Cabiddu
2021-12-09 9:03 ` [PATCH v2 13/18] crypto: testmgr - add DH test vectors for key generation Nicolai Stange
2021-12-10 11:37 ` Hannes Reinecke
2021-12-09 9:03 ` [PATCH v2 14/18] lib/mpi: export mpi_rshift Nicolai Stange
2021-12-09 9:03 ` [PATCH v2 15/18] crypto: dh - store group id in dh-generic's dh_ctx Nicolai Stange
2021-12-09 9:03 ` [PATCH v2 16/18] crypto: dh - calculate Q from P for the full public key verification Nicolai Stange
2021-12-09 9:03 ` [PATCH v2 17/18] crypto: dh - try to match domain parameters to a known safe-prime group Nicolai Stange
2021-12-09 9:03 ` [PATCH v2 18/18] crypto: dh - accept only approved safe-prime groups in FIPS mode Nicolai Stange
2021-12-10 11:37 ` Hannes Reinecke
2021-12-10 7:56 ` [PATCH v2 00/18] crypto: dh - infrastructure for NVM in-band auth and FIPS conformance Stephan Mueller
2021-12-10 10:00 ` Nicolai Stange
2021-12-10 11:38 ` Hannes Reinecke
2021-12-13 10:12 ` Nicolai Stange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871r1eyamd.fsf@suse.de \
--to=nstange@suse.de \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=duwe@suse.de \
--cc=ebiggers@kernel.org \
--cc=giovanni.cabiddu@intel.com \
--cc=hare@suse.de \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pvorel@suse.cz \
--cc=qat-linux@intel.com \
--cc=simo@redhat.com \
--cc=smueller@chronox.de \
--cc=xuzaibo@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).