qiurui
/
Centos-kernel-stream-10
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-10.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: seqiv - flag instantiations as FIPS compliant 

JIRA: https://issues.redhat.com/browse/RHEL-54183
Upstream Status: RHEL only

Forwardport of 45e87c3b9284 ("crypto: seqiv - flag instantiations as FIPS
compliant") from C9S. This patch has no chances to be accepted upstream,
see the commit message below.

Author: Nicolai Stange <nstange@suse.de>

    crypto: seqiv - flag instantiations as FIPS compliant

    For gcm(aes) with external IV generation, FIPS 140-3 requires the
    verification of all external IV generation operations in order to ensure
    the uniqueness of the IV (see IG C.H). This is being deemed unfeasible and
    thus, only internal IV generation, i.e. wrapping gcm(aes) with seqiv(),
    can effectively be considered as approved.

    The standard approach would be to disallow plain gcm(aes) and to only
    allow seqiv(gcm(aes)) in FIPS mode. However, there are quite some plain
    gcm(aes) usage sites in the kernel: a quick grep reveals samba, macsec,
    ceph, mac80211, tipc, tls, etc. and breaking these in FIPS mode would be
    highly undesirable. It might perhaps be possible to convert some of these
    to seqiv(gcm(aes)), but for some others it might be entirely impossible due
    to e.g. protocol constraints.

    For the time being, an alternative approach has been proposed as a
    workaround: make seqiv() set a new flag, CRYPTO_TFM_FIPS_COMPLIANCE, on the
    transforms and document that in the particular case of gcm(aes), callers
    must check for this flag in order to determine FIPS compliance.

    Implement this.

    Signed-off-by: Nicolai Stange <nstange@suse.de>

Signed-off-by: Vladis Dronov <vdronov@redhat.com>
This commit is contained in:
Vladis Dronov 2024-08-13 19:38:32 +02:00 committed by Justin M. Forbes
parent d3e6ca7b0d
commit e21c248235
No known key found for this signature in database
GPG Key ID: B8FA7924A4B1C140
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
crypto/seqiv.c
View File

@ -132,6 +132,19 @@ static int seqiv_aead_decrypt(struct aead_request *req)
return crypto_aead_decrypt(subreq);
}
static int aead_init_seqiv(struct crypto_aead *aead)
{
int err;
err = aead_init_geniv(aead);
if (err)
return err;
crypto_aead_set_flags(aead, CRYPTO_TFM_FIPS_COMPLIANCE);
return 0;
}
static int seqiv_aead_create(struct crypto_template *tmpl, struct rtattr **tb)
{
struct aead_instance *inst;
@ -149,7 +162,7 @@ static int seqiv_aead_create(struct crypto_template *tmpl, struct rtattr **tb)
inst->alg.encrypt = seqiv_aead_encrypt;
inst->alg.decrypt = seqiv_aead_decrypt;
inst->alg.init = aead_init_geniv;
inst->alg.init = aead_init_seqiv;
inst->alg.exit = aead_exit_geniv;
inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx);

2
include/linux/crypto.h
View File

@ -135,6 +135,8 @@
#define CRYPTO_TFM_REQ_MAY_BACKLOG 0x00000400
#define CRYPTO_TFM_REQ_NEED_RESEED 0x00000800
#define CRYPTO_TFM_FIPS_COMPLIANCE 0x80000000
/*
* Miscellaneous stuff.
*/