| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e93452b8-5779-c2a8-b099-3910eba9a88e@suse.de>
Date: Wed, 1 Dec 2021 08:28:00 +0100
From: Hannes Reinecke <hare@...e.de>
To: Nicolai Stange <nstange@...e.de>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>
Cc: Stephan Müller <smueller@...onox.de>,
Torsten Duwe <duwe@...e.de>, Zaibo Xu <xuzaibo@...wei.com>,
Giovanni Cabiddu <giovanni.cabiddu@...el.com>,
David Howells <dhowells@...hat.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
qat-linux@...el.com, keyrings@...r.kernel.org
Subject: Re: [PATCH 08/18] crypto: testmgr - run only subset of DH vectors
based on config
On 12/1/21 1:48 AM, Nicolai Stange wrote:
> With the previous patches, the testmgr now has up to four test vectors for
> DH which all test more or less the same thing:
> - the two vectors from before this series,
> - the vector for the ffdhe2048 group, enabled if
> CONFIG_CRYPTO_DH_GROUPS_RFC7919 is set and
> - the vector for the modp2048 group, similarly enabled if
> CONFIG_CRYPTO_DH_GROUPS_RFC3526 is set.
>
> In order to avoid too much redundancy during DH testing, enable only a
> subset of these depending on the kernel config:
> - if CONFIG_CRYPTO_DH_GROUPS_RFC7919 is set, enable only the ffdhe2048
> vector,
> - otherwise, if CONFIG_CRYPTO_DH_GROUPS_RFC3526 is set, enable only
> the modp2048 vector and
> - only enable the original two vectors if neither of these options
> has been selected.
>
> Note that an upcoming patch will make the DH implementation to reject any
> domain parameters not corresponding to some safe-prime group approved by
> SP800-56Arev3 in FIPS mode. Thus, having CONFIG_FIPS enabled, but
> both of CONFIG_CRYPTO_DH_GROUPS_RFC7919 and
> CONFIG_CRYPTO_DH_GROUPS_RFC3526 unset wouldn't make much sense as it would
> render the DH implementation unusable in FIPS mode. Conversely, any
> reasonable configuration would ensure that the original, non-conforming
> test vectors would not get to run in FIPS mode.
>
For some weird reason the NVMe spec mandates for its TLS profile the
ffdhe3072 group, so I would prefer if you would be using that as the
default group for testing.
> Signed-off-by: Nicolai Stange <nstange@...e.de>
> ---
> crypto/testmgr.h | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/crypto/testmgr.h b/crypto/testmgr.h
> index d18844c7499e..b295512c8f22 100644
> --- a/crypto/testmgr.h
> +++ b/crypto/testmgr.h
> @@ -1331,8 +1331,7 @@ static const struct kpp_testvec dh_tv_template[] = {
> .expected_a_public_size = 256,
> .expected_ss_size = 256,
> },
> -#endif /* IS_ENABLED(CONFIG_CRYPTO_DH_GROUPS_RFC7919) */
> -#if IS_ENABLED(CONFIG_CRYPTO_DH_GROUPS_RFC3526)
> +#elif IS_ENABLED(CONFIG_CRYPTO_DH_GROUPS_RFC3526)
> {
> .secret =
> #ifdef __LITTLE_ENDIAN
> @@ -1423,7 +1422,7 @@ static const struct kpp_testvec dh_tv_template[] = {
> .expected_a_public_size = 256,
> .expected_ss_size = 256,
> },
> -#endif /* IS_ENABLED(CONFIG_CRYPTO_DH_GROUPS_RFC3526) */
> +#else
> {
> .secret =
> #ifdef __LITTLE_ENDIAN
> @@ -1642,6 +1641,7 @@ static const struct kpp_testvec dh_tv_template[] = {
> .expected_a_public_size = 256,
> .expected_ss_size = 256,
> },
> +#endif
> };
>
> static const struct kpp_testvec curve25519_tv_template[] = {
>
... and maybe add a config option to run a full test.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@...e.de +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Felix Imendörffer
Powered by blists - more mailing lists