netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Simo Sorce <simo@redhat.com>
Cc: "Hangbin Liu" <liuhangbin@gmail.com>,
	Netdev <netdev@vger.kernel.org>,
	"Toke Høiland-Jørgensen" <toke@redhat.com>,
	"Jakub Kicinski" <kuba@kernel.org>,
	"Ondrej Mosnacek" <omosnace@redhat.com>,
	"Linux Crypto Mailing List" <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH net-next] [RESEND] wireguard: disable in FIPS mode
Date: Thu, 8 Apr 2021 15:55:59 -0600	[thread overview]
Message-ID: <CAHmME9pRSOANrdvegLm9x8VTNWKcMtoymYrgStuSx+nsu=jpwA@mail.gmail.com> (raw)
In-Reply-To: <c47d99b9d0efeea4e6cd238c2affc0fbe296b53c.camel@redhat.com>

On Thu, Apr 8, 2021 at 7:55 AM Simo Sorce <simo@redhat.com> wrote:
> > I'm not sure this makes so much sense to do _in wireguard_. If you
> > feel like the FIPS-allergic part is actually blake, 25519, chacha, and
> > poly1305, then wouldn't it make most sense to disable _those_ modules
> > instead? And then the various things that rely on those (such as
> > wireguard, but maybe there are other things too, like
> > security/keys/big_key.c) would be naturally disabled transitively?
>
> The reason why it is better to disable the whole module is that it
> provide much better feedback to users. Letting init go through and then
> just fail operations once someone tries to use it is much harder to
> deal with in terms of figuring out what went wrong.
> Also wireguard seem to be poking directly into the algorithms
> implementations and not use the crypto API, so disabling individual
> algorithm via the regular fips_enabled mechanism at runtime doesn't
> work.

What I'm suggesting _would_ work in basically the exact same way as
this patch. Namely, something like:

diff --git a/lib/crypto/curve25519.c b/lib/crypto/curve25519.c
index 288a62cd29b2..b794f49c291a 100644
--- a/lib/crypto/curve25519.c
+++ b/lib/crypto/curve25519.c
@@ -12,11 +12,15 @@
 #include <crypto/curve25519.h>
 #include <linux/module.h>
 #include <linux/init.h>
+#include <linux/fips.h>

 bool curve25519_selftest(void);

 static int __init mod_init(void)
 {
+ if (!fips_enabled)
+ return -EOPNOTSUPP;
+
  if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) &&
      WARN_ON(!curve25519_selftest()))
  return -ENODEV;

Making the various lib/crypto/* modules return EOPNOTSUPP will in turn
mean that wireguard will refuse to load, due to !fips_enabled. It has
the positive effect that all other things that use it will also be
EOPNOTSUPP.

For example, what are you doing about big_key.c? Right now, I assume
nothing. But this way, you'd get all of the various effects for free.
Are you going to continuously audit all uses of non-FIPS crypto and
add `if (!fips_enabled)` to every new use case, always, everywhere,
from now into the boundless future? By adding `if (!fips_enabled)` to
wireguard, that's what you're signing yourself up for. Instead, by
restricting the lib/crypto/* modules to !fips_enabled, you can get all
of those transitive effects without having to do anything additional.

Alternatively, I agree with Eric - why not just consider this outside
your boundary?

Jason

  reply	other threads:[~2021-04-08 21:56 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-07 11:39 [PATCH net-next] [RESEND] wireguard: disable in FIPS mode Hangbin Liu
2021-04-07 21:12 ` Eric Biggers
2021-04-08  1:06   ` Hangbin Liu
2021-04-08 11:58     ` Hangbin Liu
2021-04-08 15:11       ` Eric Biggers
2021-04-09  2:11         ` Hangbin Liu
2021-04-09  7:08           ` Stephan Mueller
2021-04-09  8:08             ` Hangbin Liu
2021-04-09 16:26               ` Simo Sorce
2021-04-09 18:29               ` Jason A. Donenfeld
2021-04-12  2:11                 ` Hangbin Liu
2021-04-07 21:15 ` Jason A. Donenfeld
2021-04-08  6:52   ` Hangbin Liu
2021-04-08  7:36     ` Ondrej Mosnacek
2021-04-08 13:55   ` Simo Sorce
2021-04-08 21:55     ` Jason A. Donenfeld [this message]
2021-04-08 22:16       ` Simo Sorce
2021-04-09  2:41       ` Hangbin Liu
2021-04-09  2:44         ` Jason A. Donenfeld
2021-04-09  2:49           ` Hangbin Liu
2021-04-09  3:03             ` Jason A. Donenfeld
2021-04-09  6:02               ` Ard Biesheuvel
2021-04-09 12:47                 ` Simo Sorce
2021-04-09 18:36                   ` Jason A. Donenfeld
2021-04-09 18:56                     ` Simo Sorce
2021-04-12 12:46                       ` Simo Sorce

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAHmME9pRSOANrdvegLm9x8VTNWKcMtoymYrgStuSx+nsu=jpwA@mail.gmail.com' \
    --to=jason@zx2c4.com \
    --cc=kuba@kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=liuhangbin@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=omosnace@redhat.com \
    --cc=simo@redhat.com \
    --cc=toke@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).