From: Nicolai Stange <nstange@suse.de>
To: Vladis Dronov <vdronov@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
Nicolai Stange <nstange@suse.de>,
Elliott Robert <elliott@hpe.com>,
Stephan Mueller <smueller@chronox.de>,
Eric Biggers <ebiggers@google.com>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 3/6] crypto: xts - drop redundant xts key check
Date: Thu, 05 Jan 2023 12:16:30 +0100 [thread overview]
Message-ID: <87pmbtb59t.fsf@suse.de> (raw)
In-Reply-To: <20221229211710.14912-4-vdronov@redhat.com> (Vladis Dronov's message of "Thu, 29 Dec 2022 22:17:07 +0100")
Hi Vladis,
the patch subject prefix is a bit misleading IMO, it kind of suggests
that this patch would apply to the generic crypto/xts.c. How about using
a format similar to e.g. the one from commit 7988fb2c03c8 ("crypto:
s390/aes - convert to skcipher API"), i.e.
"crypto: s390/aes - drop redundant xts key check"
?
Vladis Dronov <vdronov@redhat.com> writes:
> xts_fallback_setkey() in xts_aes_set_key() will now enforce key size
> rule in FIPS mode when setting up the fallback algorithm keys,
I think it would be nice to make it more explicit why/how
xts_fallback_setkey() happens to enforce the key size rules now.
Perhaps amend the above sentence by something like
"xts_fallback_setkey() in xts_aes_set_key() will now implictly enforce
the key size rule in FIPS mode by means of invoking the generic xts
implementation with its key checks for setting up the fallback
algorithm,"
?
> which makes the check in xts_aes_set_key() redundant or
> unreachable. So just drop this check.
>
> xts_fallback_setkey() now makes a key size check in xts_verify_key():
>
> xts_fallback_setkey()
> crypto_skcipher_setkey() [ skcipher_setkey_unaligned() ]
> cipher->setkey() { .setkey = xts_setkey }
> xts_setkey()
> xts_verify_key()
>
> Signed-off-by: Vladis Dronov <vdronov@redhat.com>
> ---
> arch/s390/crypto/aes_s390.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
> index 526c3f40f6a2..c773820e4af9 100644
> --- a/arch/s390/crypto/aes_s390.c
> +++ b/arch/s390/crypto/aes_s390.c
> @@ -398,10 +398,6 @@ static int xts_aes_set_key(struct crypto_skcipher *tfm, const u8 *in_key,
> if (err)
> return err;
>
> - /* In fips mode only 128 bit or 256 bit keys are valid */
> - if (fips_enabled && key_len != 32 && key_len != 64)
> - return -EINVAL;
> -
The change itself looks good, but it might be worth adding a comment
right at the invocation of xts_fallback_setkey() that this includes an
implicit xts_verify_key() check? So that if anybody ever was about to
remove the xts_fallback_setkey() for some reason in the future, it would
give a clear indication that xts_verify_key() needs to get called
directly instead?
Thanks!
Nicolai
> /* Pick the correct function code based on the key length */
> fc = (key_len == 32) ? CPACF_KM_XTS_128 :
> (key_len == 64) ? CPACF_KM_XTS_256 : 0;
--
SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nürnberg, Germany
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
(HRB 36809, AG Nürnberg)
next prev parent reply other threads:[~2023-01-05 11:17 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-29 21:17 [PATCH v3 0/6] Trivial set of FIPS 140-3 related changes Vladis Dronov
2022-12-29 21:17 ` [PATCH v3 1/6] crypto: xts - restrict key lengths to approved values in FIPS mode Vladis Dronov
2022-12-29 21:17 ` [PATCH v3 2/6] crypto: xts - drop xts_check_key() Vladis Dronov
2023-01-05 11:27 ` Nicolai Stange
2022-12-29 21:17 ` [PATCH v3 3/6] crypto: xts - drop redundant xts key check Vladis Dronov
2023-01-05 11:16 ` Nicolai Stange [this message]
2022-12-29 21:17 ` [PATCH v3 4/6] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode Vladis Dronov
2022-12-29 21:17 ` [PATCH v3 5/6] crypto: testmgr - disallow plain ghash " Vladis Dronov
2022-12-29 21:17 ` [PATCH v3 6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 " Vladis Dronov
2023-01-06 15:18 ` [PATCH v3 0/6] Trivial set of FIPS 140-3 related changes Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pmbtb59t.fsf@suse.de \
--to=nstange@suse.de \
--cc=davem@davemloft.net \
--cc=ebiggers@google.com \
--cc=elliott@hpe.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
--cc=vdronov@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox