From patchwork Sun Oct 29 20:48:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 13439886 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9FE9FC4167B for ; Sun, 29 Oct 2023 20:48:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230293AbjJ2Usk (ORCPT ); Sun, 29 Oct 2023 16:48:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51150 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229529AbjJ2Ush (ORCPT ); Sun, 29 Oct 2023 16:48:37 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8F5CFB6 for ; Sun, 29 Oct 2023 13:48:35 -0700 (PDT) Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id DD25B3F697 for ; Sun, 29 Oct 2023 20:48:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1698612512; bh=kX0qGSlIN+myPQHKGzUHfDf+7TPtp+Gi684hQoqwER0=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=Xe+MkepyVY1uDDUDr8GTbeICmfgs9rSXk4tV79Ug1j66wOKExXIUBG6ydQpCInQf7 OXP+agFHsG64ukG92UI6CEnYmeAULMNJCB9hf8WFoU5NM4cmI1kEXeVUKtHZ+WAgOb Emb4jC1web7kNfE4DExhZyh3W6B6qnW+JY+jK/lwD4/77kU1eDz3Ftk29a7ZyY3wO5 ryonrVEhSQrzW9nHiDouFyUKrlX+ppn9ncI1qTsSr5uSvDbtmRxuBDk/vzCeSZWOT1 GfTech6BswgvVY0mXy6hZs+NoE5xXoej7dMKLCQQIX3Vr4n5yUjGv2F5NeIs13wN7P gONx2bOetejOQ== Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-32da8de4833so2015491f8f.3 for ; Sun, 29 Oct 2023 13:48:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698612512; x=1699217312; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kX0qGSlIN+myPQHKGzUHfDf+7TPtp+Gi684hQoqwER0=; b=qyiP7G+riWv+hXcgqH8uJbHjo2zA5HgFEFG45s1I6Mgq7qTk81AcIypozjZU4MqpKl Y/koflGACKvTJZF+kYktZ6J9pXhL2SLxQw38eQnxnfItQGx08mx/fWD/dnxiY49Nk3eY L6KJwJm4VIdsHNpoVrRHVlcZ9Kma4jQ0s2kRPIEi1ikY/PrvbnrrM1bRz7W+yC2PwYaa Zll4MAmmWeSj/piLf3Ss0GKKZBEupRW+61eTmUwXcTHPaJIMe29Bcs8tYcchlsLoYx7d KPhGPGCDbOcAo/91nkWz5JxfVdPUlczrfe8zcXePB4YVc62Yu2vjcfsOQRxlgB/H71cf WiiQ== X-Gm-Message-State: AOJu0Yy6OnGiVNdxAM4Gjr/T8RnrE+w+nSgH6qZWGliBMDw1Di19Gs2C CrImDfcT8btieW9o+eCYni4sSCNblGEAPl0zC3887LCRJQheZEW7ruNQCwpWq22Q6gWh0YIh6lu ySar10cvlo09vJaaah24/odnCnAuLuV69rX9gwmC2Iw== X-Received: by 2002:a5d:6051:0:b0:32d:a4c4:f700 with SMTP id j17-20020a5d6051000000b0032da4c4f700mr5575138wrt.38.1698612512451; Sun, 29 Oct 2023 13:48:32 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGjfCBiBEk+QucpwQLyHGqr1cR+Dvm3Yy3IgwtdHlACLwzb9JDkKDgf7RgNPULwzHs69RsgQw== X-Received: by 2002:a5d:6051:0:b0:32d:a4c4:f700 with SMTP id j17-20020a5d6051000000b0032da4c4f700mr5575127wrt.38.1698612512143; Sun, 29 Oct 2023 13:48:32 -0700 (PDT) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id u9-20020a5d6ac9000000b0032d687fd9d0sm6599715wrw.19.2023.10.29.13.48.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 13:48:31 -0700 (PDT) From: Dimitri John Ledkov To: Herbert Xu , "David S. Miller" , Stephan Mueller Cc: simo@redhat.com, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/4] crypto: drbg - ensure most preferred type is FIPS health checked Date: Sun, 29 Oct 2023 22:48:20 +0200 Message-Id: <20231029204823.663930-1-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org drbg supports multiple types of drbg, and multiple parameters of each. Health check sanity only checks one drbg of a single type. One can enable all three types of drbg. And instead of checking the most preferred algorithm (last one wins), it is currently checking first one instead. Update ifdef to ensure that healthcheck prefers HMAC, over HASH, over CTR, last one wins, like all other code and functions. Fixes: 541af946fe ("crypto: drbg - SP800-90A Deterministic Random Bit Generator") Signed-off-by: Dimitri John Ledkov Reviewed-by: Stephan Mueller --- crypto/drbg.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index ff4ebbc68e..2cce18dcfc 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -2018,9 +2018,11 @@ static inline int __init drbg_healthcheck_sanity(void) #ifdef CONFIG_CRYPTO_DRBG_CTR drbg_convert_tfm_core("drbg_nopr_ctr_aes128", &coreref, &pr); -#elif defined CONFIG_CRYPTO_DRBG_HASH +#endif +#ifdef CONFIG_CRYPTO_DRBG_HASH drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr); -#else +#endif +#ifdef CONFIG_CRYPTO_DRBG_HMAC drbg_convert_tfm_core("drbg_nopr_hmac_sha256", &coreref, &pr); #endif From patchwork Sun Oct 29 20:48:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 13439887 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA53EC4167D for ; Sun, 29 Oct 2023 20:48:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230366AbjJ2Usu (ORCPT ); Sun, 29 Oct 2023 16:48:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51212 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230333AbjJ2Usn (ORCPT ); Sun, 29 Oct 2023 16:48:43 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 919D1C2 for ; Sun, 29 Oct 2023 13:48:41 -0700 (PDT) Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 310B73F68B for ; Sun, 29 Oct 2023 20:48:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1698612517; bh=SH87ZmKIdF7eMR0VODUq6DUDb+J0CZk1+c70eMvKp34=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=a4yP+dDLtTWpzjKncI0+02tYIy+9ovORaYZC7yn/dZiHSJI8pyewFc0b3SWN86oAA WfJK+kIrI7ePw8MbriTv2wlU5ZjyLhW0Jju3q7/4iwhVDfhUcwAkWrgJ/B/UFJc4NZ f7IL8pKQ0+2QxG7kwCXvS5UfxFIml4IV9KhTwTDbxppP7Nh+9MwzY249eCXfPf9dqP L3TLsHO/rRGdZ4yZ6sOKLiAteGDqGYwZ+trbrf0cO/htD3uKDoK08MU5XoTqtY3bNA CCMPZdt5wBNupdghX2pw1Bvi9D105hV7wPVECjgFTGmo+WUIAKSareyTYbRuq7S6HR t6CQxo4tDVl0Q== Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-4094158c899so3862565e9.3 for ; Sun, 29 Oct 2023 13:48:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698612515; x=1699217315; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SH87ZmKIdF7eMR0VODUq6DUDb+J0CZk1+c70eMvKp34=; b=cPnXYMDZzefliN2IhSeGC3fz3+yPf4ZR0Xjgj9hv2GTWjfS45A8879htXuYoqYnLv2 TwhEfFQB49Uotudwb7o8O6RJqszbELYY+e4mYZ3Rw10M7Dzzyo+PRhMWdc1KPj6dlvYn bn+ZVfwjsDSIQr2CPSKSbjd+KuKWTdOq+8Ymn3QFZLrirdHONJ4Kb2Y1TbkXFEsNiASJ tKmCPy4/2QrC9S4zktEKgq6w+o+Loba58PzmpZ91xnODh1KZ7v3ZKxC6DJft44aQOOQE 6PBqjt4BqnMthdlbz8Z5C82bK+wIhQNAbSqasPr7SUwRrXPGmdLx1zDCLx4oewXPaR27 x9uQ== X-Gm-Message-State: AOJu0YwI3hV4Er/4caNoiJr+U9zzPhxgFhkmUs1VLbK77LJwMwm9Qbj5 tApm222aKtpl4zs/6VIkOLGG6/VwD8YWNA/zEuDROY0mS+TYerW5eUeH7kvm44yQ35TQsRYVrXm mNCkD+8tmUBbCf8dzayYbbspPiwHOrTeOAWJYWbkn8NZMYGebWNGgxEk= X-Received: by 2002:a05:600c:3ca4:b0:405:36d7:4582 with SMTP id bg36-20020a05600c3ca400b0040536d74582mr7000439wmb.15.1698612515194; Sun, 29 Oct 2023 13:48:35 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFfcuRiTfAb8KkgDcD2BMJfMf4n/bD7ExxxWqJOp/7yNscMqbqqpJFGbwljPWHs0QD5H36qbw== X-Received: by 2002:a05:600c:3ca4:b0:405:36d7:4582 with SMTP id bg36-20020a05600c3ca400b0040536d74582mr7000424wmb.15.1698612514721; Sun, 29 Oct 2023 13:48:34 -0700 (PDT) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id o13-20020a05600c510d00b003fe15ac0934sm4346423wms.1.2023.10.29.13.48.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 13:48:34 -0700 (PDT) From: Dimitri John Ledkov To: Herbert Xu , "David S. Miller" , Stephan Mueller Cc: simo@redhat.com, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/4] crypto: drbg - update FIPS CTR self-checks to aes256 Date: Sun, 29 Oct 2023 22:48:21 +0200 Message-Id: <20231029204823.663930-2-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231029204823.663930-1-dimitri.ledkov@canonical.com> References: <20231029204823.663930-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org When originally drbg was introduced FIPS self-checks for all types but CTR were using the most preferred parameters for each type of DRBG. Update CTR self-check to use aes256. Fixes: 541af946fe ("crypto: drbg - SP800-90A Deterministic Random Bit Generator") Signed-off-by: Dimitri John Ledkov Reviewed-by: Stephan Mueller --- crypto/drbg.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index 2cce18dcfc..b120e2866b 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -1478,8 +1478,8 @@ static int drbg_generate(struct drbg_state *drbg, err = alg_test("drbg_pr_hmac_sha256", "drbg_pr_hmac_sha256", 0, 0); else if (drbg->core->flags & DRBG_CTR) - err = alg_test("drbg_pr_ctr_aes128", - "drbg_pr_ctr_aes128", 0, 0); + err = alg_test("drbg_pr_ctr_aes256", + "drbg_pr_ctr_aes256", 0, 0); else err = alg_test("drbg_pr_sha256", "drbg_pr_sha256", 0, 0); @@ -2017,7 +2017,7 @@ static inline int __init drbg_healthcheck_sanity(void) return 0; #ifdef CONFIG_CRYPTO_DRBG_CTR - drbg_convert_tfm_core("drbg_nopr_ctr_aes128", &coreref, &pr); + drbg_convert_tfm_core("drbg_nopr_ctr_aes256", &coreref, &pr); #endif #ifdef CONFIG_CRYPTO_DRBG_HASH drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr); From patchwork Sun Oct 29 20:48:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 13439889 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04F0BC41535 for ; Sun, 29 Oct 2023 20:48:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230440AbjJ2Usw (ORCPT ); Sun, 29 Oct 2023 16:48:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46104 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230382AbjJ2Usu (ORCPT ); Sun, 29 Oct 2023 16:48:50 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 77301E9 for ; Sun, 29 Oct 2023 13:48:45 -0700 (PDT) Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 8B1B63FD43 for ; Sun, 29 Oct 2023 20:48:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1698612522; bh=D+t9WK33ZVldEiPiicjGvkN9bUf9a57a5jRCbansvZI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=mJJ1DesxL5h7yD2e+dj0Bt7Rf0uR30tQWbKWMVrs7RpZPt0x0VTQzcBbAldUv1Jzg g+dRrFBcDwcFAO2563QVNeKUl2w62anucHFjS10I4aPhwQI6oWz3SQZB9wgABps2vY c/MQCS/NZ/WP9RmMKI/KNQtuBrsMkp4rznZTBYvDPkM7NLOPy80h8EB08E16Zxl8sN pU0suALW5hrNa8vo9nSAfQZ1adt2d/Y6qCT+2TVkMISL7WMQY9ZzfwrYSCnnezm9OQ dVL8yJZu7FtS6E/LPwqJYA7+pb4ph5/Y3yDu1dx5XlTlnS+TJikM4hPdsh+3y/Ht21 45dHeHvETzx1g== Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-32f521150aaso1819523f8f.1 for ; Sun, 29 Oct 2023 13:48:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698612517; x=1699217317; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D+t9WK33ZVldEiPiicjGvkN9bUf9a57a5jRCbansvZI=; b=M4AcdxX6TzvQBsnI0S6QV+QnTCbanMeW7TQ99dNv0ws/X0yRJ6YQfEHMrl/3SFshHr hz8TJu+VZARA2Rwkk50Mm6qpsgvN2aG8y8V5ZUU7P5w3S3trqOXr1qlQ9t7YGJfXx5hk hwAqWFmnxpTvKMFd8FgmWIq59iPAXBLU5L4BNKY6XXvT+hNIXJIySmNLVPg9d7wZck71 ynuJnStscY+xcw/nkF2+F3fkb0hFiDp8vzCbmDezouarHC+qtt4s17uIEY3SxRU56ykw WImzu/DB0A95mvpkZdwUCbVivSv+1VMPCfq160LwfmefXHBAzDTchQbewHsVe+BcHmWR kNXg== X-Gm-Message-State: AOJu0YzwHOjzs6NrgpHdcEBkYYuudkW8ioTUkmiNG1CVOaKuJpmONcI3 IyIlGcvXQ2SzuMu+93RsoY/gCY7cx19CkKPSU/UDSEKxpbA4CzlSGrMLOOQ7Q0RMGNeaK94L4AK SrloxbuXnzIP1Xtgg8t2NIHjJZcgqDoN6cE67X6sNpw== X-Received: by 2002:a05:6000:186c:b0:32f:7c4a:4f28 with SMTP id d12-20020a056000186c00b0032f7c4a4f28mr3694526wri.65.1698612517401; Sun, 29 Oct 2023 13:48:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHsHenVmm1UaPVZaYRrLCgir8dk0xL3UaoH6fChxyf4x2jNAP6txXUbdB0H3Py4ubLecZFXcQ== X-Received: by 2002:a05:6000:186c:b0:32f:7c4a:4f28 with SMTP id d12-20020a056000186c00b0032f7c4a4f28mr3694518wri.65.1698612517100; Sun, 29 Oct 2023 13:48:37 -0700 (PDT) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id y2-20020adffa42000000b0032f7f4089b7sm3382079wrr.43.2023.10.29.13.48.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 13:48:36 -0700 (PDT) From: Dimitri John Ledkov To: Herbert Xu , "David S. Miller" , simo Sorce , =?utf-8?q?Stephan_M=C3=BCller?= Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 3/4] crypto: drbg - ensure drbg hmac sha512 is used in FIPS selftests Date: Sun, 29 Oct 2023 22:48:22 +0200 Message-Id: <20231029204823.663930-3-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231029204823.663930-1-dimitri.ledkov@canonical.com> References: <20231029204823.663930-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Update code comment, self test & healthcheck to use HMAC SHA512, instead of HMAC SHA256. These changes are in dead-code, or FIPS enabled code-paths only and have not effect on usual kernel builds. On systems booting in FIPS mode that has the effect of switch sanity selftest to HMAC sha512 based (which has been the default DRBG). Fixes: 9b7b94683a ("crypto: DRBG - switch to HMAC SHA512 DRBG as default DRBG") Signed-off-by: Dimitri John Ledkov Reviewed-by: Stephan Mueller --- crypto/drbg.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index b120e2866b..99666193d9 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -111,9 +111,9 @@ * as stdrng. Each DRBG receives an increasing cra_priority values the later * they are defined in this array (see drbg_fill_array). * - * HMAC DRBGs are favored over Hash DRBGs over CTR DRBGs, and - * the SHA256 / AES 256 over other ciphers. Thus, the favored - * DRBGs are the latest entries in this array. + * HMAC DRBGs are favored over Hash DRBGs over CTR DRBGs, and the + * HMAC-SHA512 / SHA256 / AES 256 over other ciphers. Thus, the + * favored DRBGs are the latest entries in this array. */ static const struct drbg_core drbg_cores[] = { #ifdef CONFIG_CRYPTO_DRBG_CTR @@ -1475,8 +1475,8 @@ static int drbg_generate(struct drbg_state *drbg, int err = 0; pr_devel("DRBG: start to perform self test\n"); if (drbg->core->flags & DRBG_HMAC) - err = alg_test("drbg_pr_hmac_sha256", - "drbg_pr_hmac_sha256", 0, 0); + err = alg_test("drbg_pr_hmac_sha512", + "drbg_pr_hmac_sha512", 0, 0); else if (drbg->core->flags & DRBG_CTR) err = alg_test("drbg_pr_ctr_aes256", "drbg_pr_ctr_aes256", 0, 0); @@ -2023,7 +2023,7 @@ static inline int __init drbg_healthcheck_sanity(void) drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr); #endif #ifdef CONFIG_CRYPTO_DRBG_HMAC - drbg_convert_tfm_core("drbg_nopr_hmac_sha256", &coreref, &pr); + drbg_convert_tfm_core("drbg_nopr_hmac_sha512", &coreref, &pr); #endif drbg = kzalloc(sizeof(struct drbg_state), GFP_KERNEL); From patchwork Sun Oct 29 20:48:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 13439888 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CBDC1C4332F for ; Sun, 29 Oct 2023 20:48:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229795AbjJ2Usz (ORCPT ); Sun, 29 Oct 2023 16:48:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230344AbjJ2Usu (ORCPT ); Sun, 29 Oct 2023 16:48:50 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5554CFA for ; Sun, 29 Oct 2023 13:48:46 -0700 (PDT) Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 3CF19406D3 for ; Sun, 29 Oct 2023 20:48:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1698612524; bh=CZ05zwSbIcchFahU+bSausQMNazT3la51HxfbHwy+5I=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=X+NuSWCdSFWNAbf6zWXiC6KS+wODp35EpbvePw5fqaVhubkJbOzZWcW/+NwvArhpV dSnDbDRvekprNbsmI7g5OpPRZ1w9AE5pYaIlj204zx0v7olf0HGYPIbtOTBMMVW3L0 QxDanCW2+rZJNI2G956WvhVEQlv5b6s9vqMxnDGkhAC8TZeK+jwU9aDNdsm7FZ98i1 EmLP64P6GWnrp3+Hf+fTCBu8ZTAGTKj4ejo36mqR931SJLU9FDwYjfmB7b+KviMyot EdsInCPvh2aLca2T3wwGFYwMDaPjRv4DqCgHFqLLBP5DYmiRuftoYiRg/Jbs4Cjwhg 2evV+qrNSpPyA== Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-32f521150aaso1819528f8f.1 for ; Sun, 29 Oct 2023 13:48:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698612520; x=1699217320; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CZ05zwSbIcchFahU+bSausQMNazT3la51HxfbHwy+5I=; b=GeNeXmjJoGtceo1fozmiQ8RRJgmrRYCElZkq40TMsxIJqkQrlOkmc0dUWxXIhH67fe ouAv2yCNhiLiAJjRakPaUQuPsZIHqPEd7GZUyD+4TGPEb3iILqrVQ/bJbqU3W1j4lJsv LliFgPeEmR7S3JUHLMB+kROikn7skbISQtw48InRqlWV/irgq0PTDMiAYfRtB0ru9HNN mpMfcVHKvmWIbZBA6CgjnDSTaZz4Hhu20CgxBiuSwxLBiS0q8+4sywhRjATz7kldEBYE O7QQ5AGpkcxsP+mqPH6Xgxh8G2DJ+EcOMLqdVC/6v+IWxTG00ckNzlG/BGbn4XiVy3O/ pD6w== X-Gm-Message-State: AOJu0YwpTSQ4Rs83P6NHiFf2uPjXM1/v+VB8uFUXyXXIU8UGAXC97EMw uHMlyPCvlqr8zPqJom7jeeYN8HtkApFJj8PfD2caRje/BZhMpNbdBIyi4ubZSOEYzxYBpLnN3+M AVWqGvXDXhqJ7mjHZ6CX5dY6SpPgndX5zX4XA7Ty52w== X-Received: by 2002:adf:e881:0:b0:32d:7162:7ffe with SMTP id d1-20020adfe881000000b0032d71627ffemr6439294wrm.69.1698612520286; Sun, 29 Oct 2023 13:48:40 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH3296prb3EpPU46aNfWMI+tY2ZtonmUuq5do3RPO8Q2CMxhHwePLbXIh9Z2jhDbnqlm9vTAg== X-Received: by 2002:adf:e881:0:b0:32d:7162:7ffe with SMTP id d1-20020adfe881000000b0032d71627ffemr6439283wrm.69.1698612520054; Sun, 29 Oct 2023 13:48:40 -0700 (PDT) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id d2-20020adff842000000b0032d9a1f2ec3sm6661495wrq.27.2023.10.29.13.48.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 13:48:39 -0700 (PDT) From: Dimitri John Ledkov To: Herbert Xu , "David S. Miller" , Maxime Coquelin , Alexandre Torgue Cc: simo@redhat.com, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org Subject: [PATCH 4/4] crypto: drbg - Remove SHA1 from drbg Date: Sun, 29 Oct 2023 22:48:23 +0200 Message-Id: <20231029204823.663930-4-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231029204823.663930-1-dimitri.ledkov@canonical.com> References: <20231029204823.663930-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org SP800-90C 3rd draft states that SHA-1 will be removed from all specifications, including drbg by end of 2030. Given kernels built today will be operating past that date, start complying with upcoming requirements. No functional change, as SHA-256 / SHA-512 based DRBG have always been the preferred ones. Signed-off-by: Dimitri John Ledkov Reviewed-by: Stephan Mueller --- crypto/drbg.c | 16 ---------------- crypto/testmgr.c | 25 ++++--------------------- 2 files changed, 4 insertions(+), 37 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index 99666193d9..bccadaedcf 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -139,12 +139,6 @@ static const struct drbg_core drbg_cores[] = { #endif /* CONFIG_CRYPTO_DRBG_CTR */ #ifdef CONFIG_CRYPTO_DRBG_HASH { - .flags = DRBG_HASH | DRBG_STRENGTH128, - .statelen = 55, /* 440 bits */ - .blocklen_bytes = 20, - .cra_name = "sha1", - .backend_cra_name = "sha1", - }, { .flags = DRBG_HASH | DRBG_STRENGTH256, .statelen = 111, /* 888 bits */ .blocklen_bytes = 48, @@ -166,12 +160,6 @@ static const struct drbg_core drbg_cores[] = { #endif /* CONFIG_CRYPTO_DRBG_HASH */ #ifdef CONFIG_CRYPTO_DRBG_HMAC { - .flags = DRBG_HMAC | DRBG_STRENGTH128, - .statelen = 20, /* block length of cipher */ - .blocklen_bytes = 20, - .cra_name = "hmac_sha1", - .backend_cra_name = "hmac(sha1)", - }, { .flags = DRBG_HMAC | DRBG_STRENGTH256, .statelen = 48, /* block length of cipher */ .blocklen_bytes = 48, @@ -648,8 +636,6 @@ MODULE_ALIAS_CRYPTO("drbg_pr_hmac_sha384"); MODULE_ALIAS_CRYPTO("drbg_nopr_hmac_sha384"); MODULE_ALIAS_CRYPTO("drbg_pr_hmac_sha256"); MODULE_ALIAS_CRYPTO("drbg_nopr_hmac_sha256"); -MODULE_ALIAS_CRYPTO("drbg_pr_hmac_sha1"); -MODULE_ALIAS_CRYPTO("drbg_nopr_hmac_sha1"); /* update function of HMAC DRBG as defined in 10.1.2.2 */ static int drbg_hmac_update(struct drbg_state *drbg, struct list_head *seed, @@ -768,8 +754,6 @@ MODULE_ALIAS_CRYPTO("drbg_pr_sha384"); MODULE_ALIAS_CRYPTO("drbg_nopr_sha384"); MODULE_ALIAS_CRYPTO("drbg_pr_sha256"); MODULE_ALIAS_CRYPTO("drbg_nopr_sha256"); -MODULE_ALIAS_CRYPTO("drbg_pr_sha1"); -MODULE_ALIAS_CRYPTO("drbg_nopr_sha1"); /* * Increment buffer diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 216878c8bc..209b21ef79 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4849,14 +4849,6 @@ static const struct alg_test_desc alg_test_descs[] = { .suite = { .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template) } - }, { - /* - * There is no need to specifically test the DRBG with every - * backend cipher -- covered by drbg_nopr_hmac_sha256 test - */ - .alg = "drbg_nopr_hmac_sha1", - .fips_allowed = 1, - .test = alg_test_null, }, { .alg = "drbg_nopr_hmac_sha256", .test = alg_test_drbg, @@ -4865,7 +4857,10 @@ static const struct alg_test_desc alg_test_descs[] = { .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template) } }, { - /* covered by drbg_nopr_hmac_sha256 test */ + /* + * There is no need to specifically test the DRBG with every + * backend cipher -- covered by drbg_nopr_hmac_sha512 test + */ .alg = "drbg_nopr_hmac_sha384", .test = alg_test_null, }, { @@ -4875,10 +4870,6 @@ static const struct alg_test_desc alg_test_descs[] = { .suite = { .drbg = __VECS(drbg_nopr_hmac_sha512_tv_template) } - }, { - .alg = "drbg_nopr_sha1", - .fips_allowed = 1, - .test = alg_test_null, }, { .alg = "drbg_nopr_sha256", .test = alg_test_drbg, @@ -4910,10 +4901,6 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "drbg_pr_ctr_aes256", .fips_allowed = 1, .test = alg_test_null, - }, { - .alg = "drbg_pr_hmac_sha1", - .fips_allowed = 1, - .test = alg_test_null, }, { .alg = "drbg_pr_hmac_sha256", .test = alg_test_drbg, @@ -4929,10 +4916,6 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "drbg_pr_hmac_sha512", .test = alg_test_null, .fips_allowed = 1, - }, { - .alg = "drbg_pr_sha1", - .fips_allowed = 1, - .test = alg_test_null, }, { .alg = "drbg_pr_sha256", .test = alg_test_drbg,