From patchwork Mon Oct 30 12:05:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 13440521 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B935C4332F for ; Mon, 30 Oct 2023 12:05:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233131AbjJ3MFw (ORCPT ); Mon, 30 Oct 2023 08:05:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37672 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233095AbjJ3MFr (ORCPT ); Mon, 30 Oct 2023 08:05:47 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 877BCCC for ; Mon, 30 Oct 2023 05:05:45 -0700 (PDT) Received: from mail-lj1-f198.google.com (mail-lj1-f198.google.com [209.85.208.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id B54413FD39 for ; Mon, 30 Oct 2023 12:05:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1698667543; bh=goPlhkL/xzNb2R4OkDT742TxqiPYA+4C52wqVnxeTeU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ViAmbB4aptfuB10K4nwvaQsoxkNVtCrGfGQb5NO4WQ9w8DkqCJLsiM10Vb9mZ0FtJ 09QB1iEKbnOdPSZBBlOsHF17sos+B4KHLHzDxCBWJ1cIZ4n57H6e+jD9BCvxVSnold EWC7h6nQZ3CIg5Nw7oVQeU+H4GFAhHqYycdAi09NtxCVqSXJVmgnH3Z3Z0/3WTODd6 fDFasvU1DdQi8RUna1RAhOQtCw13VcgkTtEVLKVZHEk0g7cf+ZkRAqnUTFSRKV714Q hJ1yl6jWylmc4oMSk/LMIxBvz64rxJ25CJoI5i3gCHb31h2U+a7S6N5tVDEgPvIqdK leSoP3s4qjuqA== Received: by mail-lj1-f198.google.com with SMTP id 38308e7fff4ca-2c50257772bso44283281fa.3 for ; Mon, 30 Oct 2023 05:05:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698667543; x=1699272343; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=goPlhkL/xzNb2R4OkDT742TxqiPYA+4C52wqVnxeTeU=; b=o5DdnalLK68wCiwii5Q6Ld/VvBHK5kCgVSA6DvQzhvX+mygaa+XRqhEY2eM/TVpPXe oWnnMPGM7F1Vjso7gXJXVR0vJlmHGNmn3RxhNC7wyPX435ErvAKaAjvX46rqeZOKHqoj 9+r2Dk01PG0p89ZDyPoFv+9Aw0/7i3DOOAD7rTbjX2EaHcmPIlcdaN11iKluEJ3XUW5P IwidvNeL4bDaUArbYJM6En3QeeeH0BC6Wc70sWP+8oPgfoSDF7ZYu0qRN04qhMpb8J/7 6nVtHcGbHCGAHKatL/n0EMfYMtlJkBIqFI45+mcMdZvt4mBE2Kjj0kCsxGTvUpvNt0DH yrWg== X-Gm-Message-State: AOJu0Yyj++edxgj1UhfPHfp8Uv2VzwortGcf3M6zxHA8uDGxgmtVQe4R t+fJje/iJWmo/VF7kI79nyNbcFInhSMkhjCcwWJOb+U76hZDxbN3TRMXunV7E8mRcASHHvUtzzu HfcKGRA9XxqX7tnCxEYdyjUVlxKGeBFXZloq36IZ+qg== X-Received: by 2002:a05:6512:3b97:b0:507:9777:a34a with SMTP id g23-20020a0565123b9700b005079777a34amr9719642lfv.39.1698667543060; Mon, 30 Oct 2023 05:05:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGoJXGtoW+Yqd/RvASlxF5C9PTbciLZsCRzR68/fGUZamt97cY67cCfeewUQXDLtQyX5xXHTg== X-Received: by 2002:a05:6512:3b97:b0:507:9777:a34a with SMTP id g23-20020a0565123b9700b005079777a34amr9719602lfv.39.1698667542331; Mon, 30 Oct 2023 05:05:42 -0700 (PDT) Received: from localhost ([159.148.223.140]) by smtp.gmail.com with ESMTPSA id n18-20020a056512311200b005056ccb222asm1418808lfb.105.2023.10.30.05.05.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 05:05:42 -0700 (PDT) From: Dimitri John Ledkov To: Herbert Xu , "David S. Miller" Cc: smueller@chronox.de, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 1/4] crypto: drbg - ensure most preferred type is FIPS health checked Date: Mon, 30 Oct 2023 14:05:13 +0200 Message-Id: <20231030120517.39424-2-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030120517.39424-1-dimitri.ledkov@canonical.com> References: <20231029204823.663930-1-dimitri.ledkov@canonical.com> <20231030120517.39424-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org drbg supports multiple types of drbg, and multiple parameters of each. Health check sanity only checks one drbg of a single type. One can enable all three types of drbg. And instead of checking the most preferred algorithm (last one wins), it is currently checking first one instead. Update ifdef to ensure that healthcheck prefers HMAC, over HASH, over CTR, last one wins, like all other code and functions. This patch updates code from 541af946fe ("crypto: drbg - SP800-90A Deterministic Random Bit Generator"), but is not interesting to cherry-pick for stable updates, because it doesn't affect regular builds, nor has any tangible effect on FIPS certifcation. Signed-off-by: Dimitri John Ledkov Reviewed-by: Stephan Mueller --- crypto/drbg.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index ff4ebbc68e..2cce18dcfc 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -2018,9 +2018,11 @@ static inline int __init drbg_healthcheck_sanity(void) #ifdef CONFIG_CRYPTO_DRBG_CTR drbg_convert_tfm_core("drbg_nopr_ctr_aes128", &coreref, &pr); -#elif defined CONFIG_CRYPTO_DRBG_HASH +#endif +#ifdef CONFIG_CRYPTO_DRBG_HASH drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr); -#else +#endif +#ifdef CONFIG_CRYPTO_DRBG_HMAC drbg_convert_tfm_core("drbg_nopr_hmac_sha256", &coreref, &pr); #endif From patchwork Mon Oct 30 12:05:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 13440522 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D2E16C4167B for ; Mon, 30 Oct 2023 12:05:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233146AbjJ3MFy (ORCPT ); Mon, 30 Oct 2023 08:05:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37714 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233121AbjJ3MFv (ORCPT ); Mon, 30 Oct 2023 08:05:51 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 17BC0E1 for ; Mon, 30 Oct 2023 05:05:48 -0700 (PDT) Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 4C72D3F213 for ; Mon, 30 Oct 2023 12:05:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1698667546; bh=4wJ5Tm/61E15gRGj85phh+y3C3KRS+lk2/KYpXu5K6Q=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=W/Q4n9W/NmSxaLgatHw0Bsf43yi4d1jVl81pjqLpDPJrMLtXDK1oZUnK5eFoBWfz3 nNJl+xp6RZYyYDOMFBcMHY88k3P703DNTUgJ5ZVQhujVV7gHylWj2HqZiLzHF2vd5M IT/kWmfAPkm55jrbErlEc2a11iE0Q59n48gnZsKg8JCRicpd8yt5okLTL9PH0ag+IJ aupZQ7THKVtxfstbv4d6YfTd69ZZYRjSxzvA9qf8HECKU6XqNCXWnBRAVOglbwjpBe 9m+GOTfX3zHA4Objnf2EhhKXNSXBuuuPY9CNNRFmoV2x+YtlwmF6UQUhafWTs2qrgC cl8aIpwG5oFBg== Received: by mail-lj1-f199.google.com with SMTP id 38308e7fff4ca-2c504f93c4eso46471501fa.3 for ; Mon, 30 Oct 2023 05:05:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698667545; x=1699272345; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4wJ5Tm/61E15gRGj85phh+y3C3KRS+lk2/KYpXu5K6Q=; b=LShh8Fj+13Anm085e9eNinfo28ox9JFbWozK4n0tJHf23jyv625tIbkARm/qQBLct7 33VcUdlqrjtuKqJRv/oX6m0IK8vWJtrvW+hnmbEKH8WBoeMMPHgzLG0s8cVunh/2bL4A sqYlBuSyaSnv4EMLP+wSrHFQFKCsxizU+O6N5oHjoCeBhdqjb6tY5oGEBfgYPvVq0CjX L8NLq1r1fSMJO7Cs1ouLr+BxY8pQNudnFtUYyOv35NSWnbzb7OqzIIdo0mVHoJR0XFa0 X/C22C56L9QU7zu4Qz/HAoD/iFL15gFRsCr0kQTdl4yL4hvSc26Oy7GCN0BaKYSrI9hk v7Ew== X-Gm-Message-State: AOJu0Yz2wCKfoPuo+Lt5GbaGgVp5twGWykATZCCmpKWbH1p6UjKEST0X PbP2PWeOVzcchBcziUx9Nxy3L8urRx3cJ78V9Nu3aAeeFVgfmc49gwXIYG5HWWuxcqR9m085fLb iA69r5KPQOrCkqzcLcZmxUEBqO/1cnZR22qQc9FMzlg== X-Received: by 2002:ac2:4546:0:b0:507:9fe7:f321 with SMTP id j6-20020ac24546000000b005079fe7f321mr6505774lfm.54.1698667545662; Mon, 30 Oct 2023 05:05:45 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFFjk4fuhPoH5Sw+MGTPAjK9r/p+eSXaiZ9oDTXTuXG2wBTG7Ty67wk54SY3GRoLzjpZWvuPQ== X-Received: by 2002:ac2:4546:0:b0:507:9fe7:f321 with SMTP id j6-20020ac24546000000b005079fe7f321mr6505764lfm.54.1698667545433; Mon, 30 Oct 2023 05:05:45 -0700 (PDT) Received: from localhost ([159.148.223.140]) by smtp.gmail.com with ESMTPSA id er15-20020a05651248cf00b005031774a51fsm1418994lfb.225.2023.10.30.05.05.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 05:05:45 -0700 (PDT) From: Dimitri John Ledkov To: Herbert Xu , "David S. Miller" Cc: smueller@chronox.de, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 2/4] crypto: drbg - update FIPS CTR self-checks to aes256 Date: Mon, 30 Oct 2023 14:05:14 +0200 Message-Id: <20231030120517.39424-3-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030120517.39424-1-dimitri.ledkov@canonical.com> References: <20231029204823.663930-1-dimitri.ledkov@canonical.com> <20231030120517.39424-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org When originally drbg was introduced FIPS self-checks for all types but CTR were using the most preferred parameters for each type of DRBG. Update CTR self-check to use aes256. This patch updates code from 541af946fe ("crypto: drbg - SP800-90A Deterministic Random Bit Generator"), but is not interesting to cherry-pick for stable updates, because it doesn't affect regular builds, nor has any tangible effect on FIPS certifcation. Signed-off-by: Dimitri John Ledkov Reviewed-by: Stephan Mueller --- crypto/drbg.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index 2cce18dcfc..b120e2866b 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -1478,8 +1478,8 @@ static int drbg_generate(struct drbg_state *drbg, err = alg_test("drbg_pr_hmac_sha256", "drbg_pr_hmac_sha256", 0, 0); else if (drbg->core->flags & DRBG_CTR) - err = alg_test("drbg_pr_ctr_aes128", - "drbg_pr_ctr_aes128", 0, 0); + err = alg_test("drbg_pr_ctr_aes256", + "drbg_pr_ctr_aes256", 0, 0); else err = alg_test("drbg_pr_sha256", "drbg_pr_sha256", 0, 0); @@ -2017,7 +2017,7 @@ static inline int __init drbg_healthcheck_sanity(void) return 0; #ifdef CONFIG_CRYPTO_DRBG_CTR - drbg_convert_tfm_core("drbg_nopr_ctr_aes128", &coreref, &pr); + drbg_convert_tfm_core("drbg_nopr_ctr_aes256", &coreref, &pr); #endif #ifdef CONFIG_CRYPTO_DRBG_HASH drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr); From patchwork Mon Oct 30 12:05:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 13440523 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04740C4332F for ; Mon, 30 Oct 2023 12:06:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233184AbjJ3MGF (ORCPT ); Mon, 30 Oct 2023 08:06:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33796 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233181AbjJ3MGA (ORCPT ); Mon, 30 Oct 2023 08:06:00 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1B42DE for ; Mon, 30 Oct 2023 05:05:52 -0700 (PDT) Received: from mail-lf1-f72.google.com (mail-lf1-f72.google.com [209.85.167.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id C7B583FADC for ; Mon, 30 Oct 2023 12:05:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1698667549; bh=h5yxdWuSdqlkaRjQHxke+23X5/FDQMoqzJ+o1pD1n2g=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=wHipatmLkErybjajkJFvY3wB4wIWBnYeNvTLYgeORRKS2sfvgVr4t7ZWEtnk7bvaJ kJlvRnt7Bvcu/wa6rjtzREGYXMay1TMX2QQhmYq0Um3rveCQ6ntANf0StMFCGRu5Lx ltYe39SFtj6bwrDzHYB5PXOoqm7Rc3zjY9Dwd+xloIz2+lqRtF0trODA5v5/090QH9 8Ti62ejSyVZk21Vn/gB2NbIDONdmxv5IAWWqJb+HQt5BKodQoOO+ishwH7/fEgZniJ iZfqSkNlKVV0FZ2bdAVi3pyjAiJrdB0/jzlul0d/QXnXGyAH2KNOgti1T/dKDmyq03 RR9ImP1LmFmyA== Received: by mail-lf1-f72.google.com with SMTP id 2adb3069b0e04-507cafb69e8so4600675e87.1 for ; Mon, 30 Oct 2023 05:05:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698667549; x=1699272349; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h5yxdWuSdqlkaRjQHxke+23X5/FDQMoqzJ+o1pD1n2g=; b=MXhIVN8mlXDd8jTLntHnOPqqg3hN3f12VIr036sJHhFa9xKZA9jpmbV612BDUdUw6Q MEjZuU6NrZPvwtPFxstS+T4tnpm2Gdt/2V+QBW3CfoB8pCARjDfq70VsouN8m1+r8CTp CWvS6kNJ2Tuhe3bedaOod/a8/OlmBRBkvblm40VxPp3Fb1IEnxX61ucIiXt5Yy4XuVAm +he0beqB6pZXUAB8SfhBBec7jCFsLVtoBNKOkrMl94fAFiyXhHrj9xW5OWui7mfAU1ju ZPdFTqDF3frnhhZxAlFUTbce972SwYEfxcsBNbNzJFuA1awUhT7UKF+2+nDp+Or4SWEe 68JA== X-Gm-Message-State: AOJu0YzUC64i4O3O5qTLjECJKlKcM564OOgLOoI85KUMuNzpM47BclaJ Teav2wg805HK4eqncbrQ51MUfndBxmYnRF7bAwMz/ejliBbjD5IPSMxHR2LEkOpQohyDkVIR5B7 iq7j0+peIMNUgBruPLgPrnVz+fz7uLoNW5vB8BBoTEQ== X-Received: by 2002:ac2:521b:0:b0:507:f0f2:57bd with SMTP id a27-20020ac2521b000000b00507f0f257bdmr6364247lfl.66.1698667549183; Mon, 30 Oct 2023 05:05:49 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFzM3QtUi+dspzOERuStp8X/ZdIJwFRluVwj+L9z7NdGcBGQtHPJC6K3zP92shMJUTXtLLeDQ== X-Received: by 2002:ac2:521b:0:b0:507:f0f2:57bd with SMTP id a27-20020ac2521b000000b00507f0f257bdmr6364236lfl.66.1698667548933; Mon, 30 Oct 2023 05:05:48 -0700 (PDT) Received: from localhost ([159.148.223.140]) by smtp.gmail.com with ESMTPSA id r27-20020ac25f9b000000b005079a4cf2c1sm1407367lfe.239.2023.10.30.05.05.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 05:05:48 -0700 (PDT) From: Dimitri John Ledkov To: Herbert Xu , "David S. Miller" Cc: smueller@chronox.de, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 3/4] crypto: drbg - ensure drbg hmac sha512 is used in FIPS selftests Date: Mon, 30 Oct 2023 14:05:15 +0200 Message-Id: <20231030120517.39424-4-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030120517.39424-1-dimitri.ledkov@canonical.com> References: <20231029204823.663930-1-dimitri.ledkov@canonical.com> <20231030120517.39424-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Update code comment, self test & healthcheck to use HMAC SHA512, instead of HMAC SHA256. These changes are in dead-code, or FIPS enabled code-paths only and have not effect on usual kernel builds. On systems booting in FIPS mode that has the effect of switch sanity selftest to HMAC sha512 based (which has been the default DRBG). This patch updates code from 9b7b94683a ("crypto: DRBG - switch to HMAC SHA512 DRBG as default DRBG"), but is not interesting to cherry-pick for stable updates, because it doesn't affect regular builds, nor has any tangible effect on FIPS certifcation. Signed-off-by: Dimitri John Ledkov Reviewed-by: Stephan Mueller --- crypto/drbg.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index b120e2866b..99666193d9 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -111,9 +111,9 @@ * as stdrng. Each DRBG receives an increasing cra_priority values the later * they are defined in this array (see drbg_fill_array). * - * HMAC DRBGs are favored over Hash DRBGs over CTR DRBGs, and - * the SHA256 / AES 256 over other ciphers. Thus, the favored - * DRBGs are the latest entries in this array. + * HMAC DRBGs are favored over Hash DRBGs over CTR DRBGs, and the + * HMAC-SHA512 / SHA256 / AES 256 over other ciphers. Thus, the + * favored DRBGs are the latest entries in this array. */ static const struct drbg_core drbg_cores[] = { #ifdef CONFIG_CRYPTO_DRBG_CTR @@ -1475,8 +1475,8 @@ static int drbg_generate(struct drbg_state *drbg, int err = 0; pr_devel("DRBG: start to perform self test\n"); if (drbg->core->flags & DRBG_HMAC) - err = alg_test("drbg_pr_hmac_sha256", - "drbg_pr_hmac_sha256", 0, 0); + err = alg_test("drbg_pr_hmac_sha512", + "drbg_pr_hmac_sha512", 0, 0); else if (drbg->core->flags & DRBG_CTR) err = alg_test("drbg_pr_ctr_aes256", "drbg_pr_ctr_aes256", 0, 0); @@ -2023,7 +2023,7 @@ static inline int __init drbg_healthcheck_sanity(void) drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr); #endif #ifdef CONFIG_CRYPTO_DRBG_HMAC - drbg_convert_tfm_core("drbg_nopr_hmac_sha256", &coreref, &pr); + drbg_convert_tfm_core("drbg_nopr_hmac_sha512", &coreref, &pr); #endif drbg = kzalloc(sizeof(struct drbg_state), GFP_KERNEL); From patchwork Mon Oct 30 12:05:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 13440524 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31100C4332F for ; Mon, 30 Oct 2023 12:06:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233103AbjJ3MGU (ORCPT ); Mon, 30 Oct 2023 08:06:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33882 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233238AbjJ3MGJ (ORCPT ); Mon, 30 Oct 2023 08:06:09 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 264641A8 for ; Mon, 30 Oct 2023 05:06:00 -0700 (PDT) Received: from mail-lf1-f71.google.com (mail-lf1-f71.google.com [209.85.167.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 4AD4C3F213 for ; Mon, 30 Oct 2023 12:05:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1698667559; bh=euOHMKbk4HXdz0uT+/ZbQgWhVnv6TwkCQv8wxSBXEso=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=VN/+/SoZd+s92QbdYMv3tJ3OcKS++Fc6m7K5FQK1tZJswxlEcln3Ta3o+hsLAa75Y RLt9tGFlP+LSbqNbmytLw286q/W96dzn73zxoLwUgZ9SWRLA7f5qYmGClZaoWyQx17 D/s0K6AIqzqf+0bJgr43aIPqkWEC3ILHocCsCVffmkF5Hyc1UXQ364aryoYiGPxkoU mVLiFN/TdjmI2p925arm4fO8h4/B460Ki8lwyNvcSuKc3HVDKLVV4SdjIl+D2R9hT3 LljluUJR90L2NTi11zKha9XWSKM7yFpeW+eomB4gyCb/K6X1hlPQnne0kuByb8RX67 /XpOlcZ05QOBw== Received: by mail-lf1-f71.google.com with SMTP id 2adb3069b0e04-5079fd9754cso4756317e87.0 for ; Mon, 30 Oct 2023 05:05:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698667558; x=1699272358; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=euOHMKbk4HXdz0uT+/ZbQgWhVnv6TwkCQv8wxSBXEso=; b=fVdrhBj040/nRU3guy4wu9CTMEB0FdJ78jtb/uqnOTutkeZc+zixZdCNRWV8aNIrIx 5Xo9NT5RArH1f7AXWLk8bq+rgznAW/WqVZsKvUYPrP5zP7Nl/F9sJiqV64zC+HJkV2A9 LuxMBjfL4jdzOjA1T6ZyUU0BZ0TiQLLjPY/VItfkg1hUqou49325ysWnaik5LmNps4/8 4Cd++fOSO5K31U7uO8Rmf2w72tPddaWBH6x7zRabJEhwOcW/oPS93KFWE3EA94Aass4U BzlLm4qqcNJa7st65PvdvFdpYR6amwXgsSuggcMTlWj40VtLtMvIjUEdI+Q7ekJOllPx 2P/w== X-Gm-Message-State: AOJu0YyL0PUGxxQmVucvOCe9C1WBPzSbCPdlr5D8qI4UTC6fFCLmp5a2 3ni22efHi7srpW1nTbOyjaqfI8Tv2CBihz+Z4KTt0Ve/F9ZyLnIRfqfkmCB81liD5Hk5l4hSX2I EAeaOEkwyTDru+tOQ7dUBY1b4MoAdI/sok93uf/0ygg== X-Received: by 2002:a05:6512:1116:b0:506:8d2a:5653 with SMTP id l22-20020a056512111600b005068d2a5653mr9066700lfg.47.1698667558574; Mon, 30 Oct 2023 05:05:58 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHobGoxATHBl1iHIySw8NC+ytmlfmxCTt4WgEOGt3ZVe5k5kQZ1w74gV7uAK8lEOt8it1GpZA== X-Received: by 2002:a05:6512:1116:b0:506:8d2a:5653 with SMTP id l22-20020a056512111600b005068d2a5653mr9066667lfg.47.1698667558264; Mon, 30 Oct 2023 05:05:58 -0700 (PDT) Received: from localhost ([159.148.223.140]) by smtp.gmail.com with ESMTPSA id o19-20020ac24353000000b00507962dd2aesm1416736lfl.207.2023.10.30.05.05.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 05:05:57 -0700 (PDT) From: Dimitri John Ledkov To: Herbert Xu , "David S. Miller" , Maxime Coquelin , Alexandre Torgue Cc: smueller@chronox.de, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 4/4] crypto: drbg - Remove SHA1 from drbg Date: Mon, 30 Oct 2023 14:05:16 +0200 Message-Id: <20231030120517.39424-5-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030120517.39424-1-dimitri.ledkov@canonical.com> References: <20231029204823.663930-1-dimitri.ledkov@canonical.com> <20231030120517.39424-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org SP800-90C 3rd draft states that SHA-1 will be removed from all specifications, including drbg by end of 2030. Given kernels built today will be operating past that date, start complying with upcoming requirements. No functional change, as SHA-256 / SHA-512 based DRBG have always been the preferred ones. Signed-off-by: Dimitri John Ledkov Reviewed-by: Stephan Mueller --- crypto/drbg.c | 16 ---------------- crypto/testmgr.c | 25 ++++--------------------- 2 files changed, 4 insertions(+), 37 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index 99666193d9..bccadaedcf 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -139,12 +139,6 @@ static const struct drbg_core drbg_cores[] = { #endif /* CONFIG_CRYPTO_DRBG_CTR */ #ifdef CONFIG_CRYPTO_DRBG_HASH { - .flags = DRBG_HASH | DRBG_STRENGTH128, - .statelen = 55, /* 440 bits */ - .blocklen_bytes = 20, - .cra_name = "sha1", - .backend_cra_name = "sha1", - }, { .flags = DRBG_HASH | DRBG_STRENGTH256, .statelen = 111, /* 888 bits */ .blocklen_bytes = 48, @@ -166,12 +160,6 @@ static const struct drbg_core drbg_cores[] = { #endif /* CONFIG_CRYPTO_DRBG_HASH */ #ifdef CONFIG_CRYPTO_DRBG_HMAC { - .flags = DRBG_HMAC | DRBG_STRENGTH128, - .statelen = 20, /* block length of cipher */ - .blocklen_bytes = 20, - .cra_name = "hmac_sha1", - .backend_cra_name = "hmac(sha1)", - }, { .flags = DRBG_HMAC | DRBG_STRENGTH256, .statelen = 48, /* block length of cipher */ .blocklen_bytes = 48, @@ -648,8 +636,6 @@ MODULE_ALIAS_CRYPTO("drbg_pr_hmac_sha384"); MODULE_ALIAS_CRYPTO("drbg_nopr_hmac_sha384"); MODULE_ALIAS_CRYPTO("drbg_pr_hmac_sha256"); MODULE_ALIAS_CRYPTO("drbg_nopr_hmac_sha256"); -MODULE_ALIAS_CRYPTO("drbg_pr_hmac_sha1"); -MODULE_ALIAS_CRYPTO("drbg_nopr_hmac_sha1"); /* update function of HMAC DRBG as defined in 10.1.2.2 */ static int drbg_hmac_update(struct drbg_state *drbg, struct list_head *seed, @@ -768,8 +754,6 @@ MODULE_ALIAS_CRYPTO("drbg_pr_sha384"); MODULE_ALIAS_CRYPTO("drbg_nopr_sha384"); MODULE_ALIAS_CRYPTO("drbg_pr_sha256"); MODULE_ALIAS_CRYPTO("drbg_nopr_sha256"); -MODULE_ALIAS_CRYPTO("drbg_pr_sha1"); -MODULE_ALIAS_CRYPTO("drbg_nopr_sha1"); /* * Increment buffer diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 216878c8bc..209b21ef79 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4849,14 +4849,6 @@ static const struct alg_test_desc alg_test_descs[] = { .suite = { .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template) } - }, { - /* - * There is no need to specifically test the DRBG with every - * backend cipher -- covered by drbg_nopr_hmac_sha256 test - */ - .alg = "drbg_nopr_hmac_sha1", - .fips_allowed = 1, - .test = alg_test_null, }, { .alg = "drbg_nopr_hmac_sha256", .test = alg_test_drbg, @@ -4865,7 +4857,10 @@ static const struct alg_test_desc alg_test_descs[] = { .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template) } }, { - /* covered by drbg_nopr_hmac_sha256 test */ + /* + * There is no need to specifically test the DRBG with every + * backend cipher -- covered by drbg_nopr_hmac_sha512 test + */ .alg = "drbg_nopr_hmac_sha384", .test = alg_test_null, }, { @@ -4875,10 +4870,6 @@ static const struct alg_test_desc alg_test_descs[] = { .suite = { .drbg = __VECS(drbg_nopr_hmac_sha512_tv_template) } - }, { - .alg = "drbg_nopr_sha1", - .fips_allowed = 1, - .test = alg_test_null, }, { .alg = "drbg_nopr_sha256", .test = alg_test_drbg, @@ -4910,10 +4901,6 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "drbg_pr_ctr_aes256", .fips_allowed = 1, .test = alg_test_null, - }, { - .alg = "drbg_pr_hmac_sha1", - .fips_allowed = 1, - .test = alg_test_null, }, { .alg = "drbg_pr_hmac_sha256", .test = alg_test_drbg, @@ -4929,10 +4916,6 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "drbg_pr_hmac_sha512", .test = alg_test_null, .fips_allowed = 1, - }, { - .alg = "drbg_pr_sha1", - .fips_allowed = 1, - .test = alg_test_null, }, { .alg = "drbg_pr_sha256", .test = alg_test_drbg,