From: Nicolai Stange <nstange@suse.de>
To: Vladis Dronov <vdronov@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
Nicolai Stange <nstange@suse.de>,
Elliott Robert <elliott@hpe.com>,
Stephan Mueller <smueller@chronox.de>,
Eric Biggers <ebiggers@google.com>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 3/6] crypto: xts - drop redundant xts key check
Date: Thu, 05 Jan 2023 12:16:30 +0100 [thread overview]
Message-ID: <87pmbtb59t.fsf@suse.de> (raw)
In-Reply-To: <20221229211710.14912-4-vdronov@redhat.com> (Vladis Dronov's message of "Thu, 29 Dec 2022 22:17:07 +0100")
Hi Vladis,
the patch subject prefix is a bit misleading IMO, it kind of suggests
that this patch would apply to the generic crypto/xts.c. How about using
a format similar to e.g. the one from commit 7988fb2c03c8 ("crypto:
s390/aes - convert to skcipher API"), i.e.
"crypto: s390/aes - drop redundant xts key check"
?
Vladis Dronov <vdronov@redhat.com> writes:
> xts_fallback_setkey() in xts_aes_set_key() will now enforce key size
> rule in FIPS mode when setting up the fallback algorithm keys,
I think it would be nice to make it more explicit why/how
xts_fallback_setkey() happens to enforce the key size rules now.
Perhaps amend the above sentence by something like
"xts_fallback_setkey() in xts_aes_set_key() will now implictly enforce
the key size rule in FIPS mode by means of invoking the generic xts
implementation with its key checks for setting up the fallback
algorithm,"
?
> which makes the check in xts_aes_set_key() redundant or
> unreachable. So just drop this check.
>
> xts_fallback_setkey() now makes a key size check in xts_verify_key():
>
> xts_fallback_setkey()
> crypto_skcipher_setkey() [ skcipher_setkey_unaligned() ]
> cipher->setkey() { .setkey = xts_setkey }
> xts_setkey()
> xts_verify_key()
>
> Signed-off-by: Vladis Dronov <vdronov@redhat.com>
> ---
> arch/s390/crypto/aes_s390.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
> index 526c3f40f6a2..c773820e4af9 100644
> --- a/arch/s390/crypto/aes_s390.c
> +++ b/arch/s390/crypto/aes_s390.c
> @@ -398,10 +398,6 @@ static int xts_aes_set_key(struct crypto_skcipher *tfm, const u8 *in_key,
> if (err)
> return err;
>
> - /* In fips mode only 128 bit or 256 bit keys are valid */
> - if (fips_enabled && key_len != 32 && key_len != 64)
> - return -EINVAL;
> -
The change itself looks good, but it might be worth adding a comment
right at the invocation of xts_fallback_setkey() that this includes an
implicit xts_verify_key() check? So that if anybody ever was about to
remove the xts_fallback_setkey() for some reason in the future, it would
give a clear indication that xts_verify_key() needs to get called
directly instead?
Thanks!
Nicolai
> /* Pick the correct function code based on the key length */
> fc = (key_len == 32) ? CPACF_KM_XTS_128 :
> (key_len == 64) ? CPACF_KM_XTS_256 : 0;
--
SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nürnberg, Germany
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
(HRB 36809, AG Nürnberg)
next prev parent reply other threads:[~2023-01-05 11:16 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-29 21:17 [PATCH v3 0/6] Trivial set of FIPS 140-3 related changes Vladis Dronov
2022-12-29 21:17 ` [PATCH v3 1/6] crypto: xts - restrict key lengths to approved values in FIPS mode Vladis Dronov
2022-12-29 21:17 ` [PATCH v3 2/6] crypto: xts - drop xts_check_key() Vladis Dronov
2023-01-05 11:27 ` Nicolai Stange
2022-12-29 21:17 ` [PATCH v3 3/6] crypto: xts - drop redundant xts key check Vladis Dronov
2023-01-05 11:16 ` Nicolai Stange [this message]
2022-12-29 21:17 ` [PATCH v3 4/6] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode Vladis Dronov
2022-12-29 21:17 ` [PATCH v3 5/6] crypto: testmgr - disallow plain ghash " Vladis Dronov
2022-12-29 21:17 ` [PATCH v3 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 " Vladis Dronov
2023-01-06 15:18 ` [PATCH v3 0/6] Trivial set of FIPS 140-3 related changes Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pmbtb59t.fsf@suse.de \
--to=nstange@suse.de \
--cc=davem@davemloft.net \
--cc=ebiggers@google.com \
--cc=elliott@hpe.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
--cc=vdronov@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.