| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Dec 2021 01:48:48 +0100
From: Nicolai Stange <nstange@...e.de>
To: Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>
Cc: Stephan Müller <smueller@...onox.de>,
Hannes Reinecke <hare@...e.de>, Torsten Duwe <duwe@...e.de>,
Zaibo Xu <xuzaibo@...wei.com>,
Giovanni Cabiddu <giovanni.cabiddu@...el.com>,
David Howells <dhowells@...hat.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
qat-linux@...el.com, keyrings@...r.kernel.org,
Nicolai Stange <nstange@...e.de>
Subject: [PATCH 08/18] crypto: testmgr - run only subset of DH vectors based on config
With the previous patches, the testmgr now has up to four test vectors for
DH which all test more or less the same thing:
- the two vectors from before this series,
- the vector for the ffdhe2048 group, enabled if
CONFIG_CRYPTO_DH_GROUPS_RFC7919 is set and
- the vector for the modp2048 group, similarly enabled if
CONFIG_CRYPTO_DH_GROUPS_RFC3526 is set.
In order to avoid too much redundancy during DH testing, enable only a
subset of these depending on the kernel config:
- if CONFIG_CRYPTO_DH_GROUPS_RFC7919 is set, enable only the ffdhe2048
vector,
- otherwise, if CONFIG_CRYPTO_DH_GROUPS_RFC3526 is set, enable only
the modp2048 vector and
- only enable the original two vectors if neither of these options
has been selected.
Note that an upcoming patch will make the DH implementation to reject any
domain parameters not corresponding to some safe-prime group approved by
SP800-56Arev3 in FIPS mode. Thus, having CONFIG_FIPS enabled, but
both of CONFIG_CRYPTO_DH_GROUPS_RFC7919 and
CONFIG_CRYPTO_DH_GROUPS_RFC3526 unset wouldn't make much sense as it would
render the DH implementation unusable in FIPS mode. Conversely, any
reasonable configuration would ensure that the original, non-conforming
test vectors would not get to run in FIPS mode.
Signed-off-by: Nicolai Stange <nstange@...e.de>
---
crypto/testmgr.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index d18844c7499e..b295512c8f22 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -1331,8 +1331,7 @@ static const struct kpp_testvec dh_tv_template[] = {
.expected_a_public_size = 256,
.expected_ss_size = 256,
},
-#endif /* IS_ENABLED(CONFIG_CRYPTO_DH_GROUPS_RFC7919) */
-#if IS_ENABLED(CONFIG_CRYPTO_DH_GROUPS_RFC3526)
+#elif IS_ENABLED(CONFIG_CRYPTO_DH_GROUPS_RFC3526)
{
.secret =
#ifdef __LITTLE_ENDIAN
@@ -1423,7 +1422,7 @@ static const struct kpp_testvec dh_tv_template[] = {
.expected_a_public_size = 256,
.expected_ss_size = 256,
},
-#endif /* IS_ENABLED(CONFIG_CRYPTO_DH_GROUPS_RFC3526) */
+#else
{
.secret =
#ifdef __LITTLE_ENDIAN
@@ -1642,6 +1641,7 @@ static const struct kpp_testvec dh_tv_template[] = {
.expected_a_public_size = 256,
.expected_ss_size = 256,
},
+#endif
};
static const struct kpp_testvec curve25519_tv_template[] = {
--
2.26.2
Powered by blists - more mailing lists