Re: [PATCH 3/4] crypto: drbg - ensure drbg hmac sha512 is used in FIPS selftests

From: Stephan Mueller
Date: Mon Oct 30 2023 - 06:26:01 EST

Next message: Byungchul Park: "Re: [v3 1/3] mm/rmap: Recognize non-writable TLB entries during TLB batch flush"
Previous message: Christian Brauner: "Re: [GIT PULL for v6.7] autofs updates"
In reply to: Dimitri John Ledkov: "[PATCH 3/4] crypto: drbg - ensure drbg hmac sha512 is used in FIPS selftests"
Next in thread: Dimitri John Ledkov: "[PATCH 4/4] crypto: drbg - Remove SHA1 from drbg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Sonntag, 29. Oktober 2023, 21:48:22 CET schrieb Dimitri John Ledkov:

Hi Dimitri,

> Update code comment, self test & healthcheck to use HMAC SHA512,
> instead of HMAC SHA256. These changes are in dead-code, or FIPS
> enabled code-paths only and have not effect on usual kernel builds.
>
> On systems booting in FIPS mode that has the effect of switch sanity
> selftest to HMAC sha512 based (which has been the default DRBG).
>
> Fixes: 9b7b94683a ("crypto: DRBG - switch to HMAC SHA512 DRBG as default
> DRBG") Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@xxxxxxxxxxxxx>
> ---
> crypto/drbg.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/crypto/drbg.c b/crypto/drbg.c
> index b120e2866b..99666193d9 100644
> --- a/crypto/drbg.c
> +++ b/crypto/drbg.c
> @@ -111,9 +111,9 @@
> * as stdrng. Each DRBG receives an increasing cra_priority values the
> later * they are defined in this array (see drbg_fill_array).
> *
> - * HMAC DRBGs are favored over Hash DRBGs over CTR DRBGs, and
> - * the SHA256 / AES 256 over other ciphers. Thus, the favored
> - * DRBGs are the latest entries in this array.
> + * HMAC DRBGs are favored over Hash DRBGs over CTR DRBGs, and the
> + * HMAC-SHA512 / SHA256 / AES 256 over other ciphers. Thus, the
> + * favored DRBGs are the latest entries in this array.
> */
> static const struct drbg_core drbg_cores[] = {
> #ifdef CONFIG_CRYPTO_DRBG_CTR
> @@ -1475,8 +1475,8 @@ static int drbg_generate(struct drbg_state *drbg,
> int err = 0;
> pr_devel("DRBG: start to perform self test\n");
> if (drbg->core->flags & DRBG_HMAC)
> - err = alg_test("drbg_pr_hmac_sha256",
> - "drbg_pr_hmac_sha256", 0, 0);
> + err = alg_test("drbg_pr_hmac_sha512",
> + "drbg_pr_hmac_sha512", 0, 0);
> else if (drbg->core->flags & DRBG_CTR)
> err = alg_test("drbg_pr_ctr_aes256",
> "drbg_pr_ctr_aes256", 0, 0);
> @@ -2023,7 +2023,7 @@ static inline int __init drbg_healthcheck_sanity(void)
> drbg_convert_tfm_core("drbg_nopr_sha256", &coreref, &pr);
> #endif
> #ifdef CONFIG_CRYPTO_DRBG_HMAC
> - drbg_convert_tfm_core("drbg_nopr_hmac_sha256", &coreref, &pr);
> + drbg_convert_tfm_core("drbg_nopr_hmac_sha512", &coreref, &pr);
> #endif
>
> drbg = kzalloc(sizeof(struct drbg_state), GFP_KERNEL);

Reviewed-by: Stephan Mueller <smueller@xxxxxxxxxx>

Ciao
Stephan

Next message: Byungchul Park: "Re: [v3 1/3] mm/rmap: Recognize non-writable TLB entries during TLB batch flush"
Previous message: Christian Brauner: "Re: [GIT PULL for v6.7] autofs updates"
In reply to: Dimitri John Ledkov: "[PATCH 3/4] crypto: drbg - ensure drbg hmac sha512 is used in FIPS selftests"
Next in thread: Dimitri John Ledkov: "[PATCH 4/4] crypto: drbg - Remove SHA1 from drbg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]