From: Simo Sorce <simo@redhat.com>
To: Ard Biesheuvel <ardb@kernel.org>, "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: "Hangbin Liu" <liuhangbin@gmail.com>,
Netdev <netdev@vger.kernel.org>,
"Toke Høiland-Jørgensen" <toke@redhat.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Ondrej Mosnacek" <omosnace@redhat.com>,
"Linux Crypto Mailing List" <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH net-next] [RESEND] wireguard: disable in FIPS mode
Date: Fri, 09 Apr 2021 08:47:02 -0400 [thread overview]
Message-ID: <0ef180dea02996fc5f4660405f2333220e8ae4c4.camel@redhat.com> (raw)
In-Reply-To: <CAMj1kXG-e_NtLkAdLYp70x5ft_Q1Bn9rmdXs4awt7FEd5PQ4+Q@mail.gmail.com>
On Fri, 2021-04-09 at 08:02 +0200, Ard Biesheuvel wrote:
> On Fri, 9 Apr 2021 at 05:03, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> > On Fri, Apr 09, 2021 at 10:49:07AM +0800, Hangbin Liu wrote:
> > > On Thu, Apr 08, 2021 at 08:44:35PM -0600, Jason A. Donenfeld wrote:
> > > > Since it's just a normal module library, you can simply do this in the
> > > > module_init function, rather than deep within registration
> > > > abstractions.
> > >
> > > I did a try but looks it's not that simple. Not sure if it's because wireguard
> > > calls the library directly. Need to check more...
> >
> > Something like the below should work...
> >
>
> The below only works if all the code is modular. initcall return
> values are ignored for builtin code, and so the library functions will
> happily work regardless of fips_enabled, and there is generally no
> guarantee that no library calls can be made before the initcall() is
> invoked.
>
> For ordinary crypto API client code, the algorithm in question may be
> an a priori unknown, and so the only sensible place to put this check
> is where the algorithms are registered or instantiated.
>
> For code such as WireGuard that is hardwired to use a single set of
> (forbidden! :-)) algorithms via library calls, the simplest way to do
> this securely is to disable the whole thing, even though I agree it is
> not the most elegant solution.
>
> If we go with Jason's approach, we would need to mandate each of these
> drivers can only be built as a module if the kernel is built with
> FIPS-200 support. This is rather trivial by itself, i.e.,
>
> depends on m || !CRYPTO_FIPS
>
> but I am a bit concerned that the rather intricate kconfig
> dependencies between the generic and arch-optimized versions of those
> drivers get complicated even further.
Actually this is the opposite direction we are planning to go for
future fips certifications.
Due to requirements about crypto module naming and versioning in the
new FIPS-140-3 standard we are planning to always build all the CRYPTO
as bultin (and maybe even forbid loading additional crypto modules in
FIPS mode). This is clearly just a vendor choice and has no bearing on
what upstream ultimately will do, but just throwing it here as a data
point.
Plus, as you note, it would overly complicate the interfaces.
As much as the check in wireguard is inelegant, it is much simpler to
understand and is not invasive.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
next prev parent reply other threads:[~2021-04-09 12:47 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 11:39 [PATCH net-next] [RESEND] wireguard: disable in FIPS mode Hangbin Liu
2021-04-07 21:12 ` Eric Biggers
2021-04-08 1:06 ` Hangbin Liu
2021-04-08 11:58 ` Hangbin Liu
2021-04-08 15:11 ` Eric Biggers
2021-04-09 2:11 ` Hangbin Liu
2021-04-09 7:08 ` Stephan Mueller
2021-04-09 8:08 ` Hangbin Liu
2021-04-09 16:26 ` Simo Sorce
2021-04-09 18:29 ` Jason A. Donenfeld
2021-04-12 2:11 ` Hangbin Liu
2021-04-07 21:15 ` Jason A. Donenfeld
2021-04-08 6:52 ` Hangbin Liu
2021-04-08 7:36 ` Ondrej Mosnacek
2021-04-08 13:55 ` Simo Sorce
2021-04-08 21:55 ` Jason A. Donenfeld
2021-04-08 22:16 ` Simo Sorce
2021-04-09 2:41 ` Hangbin Liu
2021-04-09 2:44 ` Jason A. Donenfeld
2021-04-09 2:49 ` Hangbin Liu
2021-04-09 3:03 ` Jason A. Donenfeld
2021-04-09 6:02 ` Ard Biesheuvel
2021-04-09 12:47 ` Simo Sorce [this message]
2021-04-09 18:36 ` Jason A. Donenfeld
2021-04-09 18:56 ` Simo Sorce
2021-04-12 12:46 ` Simo Sorce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0ef180dea02996fc5f4660405f2333220e8ae4c4.camel@redhat.com \
--to=simo@redhat.com \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=liuhangbin@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=toke@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).