From patchwork Tue Jun 13 12:32:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Magali Lemes X-Patchwork-Id: 693172 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DDECDC88CB4 for ; Tue, 13 Jun 2023 12:32:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240399AbjFMMck (ORCPT ); Tue, 13 Jun 2023 08:32:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39488 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241375AbjFMMci (ORCPT ); Tue, 13 Jun 2023 08:32:38 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8AF361984 for ; Tue, 13 Jun 2023 05:32:36 -0700 (PDT) Received: from mail-oi1-f199.google.com (mail-oi1-f199.google.com [209.85.167.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 5F1583F12E for ; Tue, 13 Jun 2023 12:32:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686659555; bh=dOdvEfMQ7tMAD4TKPEtU/Y162rlS8uUUjrZkK5fcMV4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AlGxmm3NPeRCL5xhakNWS82xNmSaR14dUKKQPuBkVuWCid7HqvkVrKEYdO7q5FlON O99Ke98ApBgpYzKu1fAb4PHmrE0jEDnYTWVrIBwT8+Swk+HQp9Gaa4a8j7r/h9rT6l wyhrPpi+QXUHE/Zea1oo2bEyrQHN0/40ajcjGT0NLXz/83T+9ToeAP7qQBVJ8YsQIO bfCUtLfBEkeP7pKeMW0zZJFiPFBtOvZEAYjapKPVCemzb92UsqGVTPNya3vscmvaHd D27emKBX868QMqKmzKVFpkNVR8XsIihvJ1DcfK2Vl9LzaxINv0CXCO8UXpcoR//Kfi uBVGWVHzqx8Uw== Received: by mail-oi1-f199.google.com with SMTP id 5614622812f47-39cb2a0b57aso2682383b6e.1 for ; Tue, 13 Jun 2023 05:32:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686659554; x=1689251554; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dOdvEfMQ7tMAD4TKPEtU/Y162rlS8uUUjrZkK5fcMV4=; b=jhRy7xDxrAs0LjqtaHXbfKHHY3xfgqkljti/RteFxuwsX3VmZ+SV+iH9zDEdsqRVyo dimzn0KkWKjPM5TjWWux9Mmp8AwrhFihS89ipGhatNRmGamkwUHKFPoXHAeFOp2qkLF8 dTtd6mYy6ykKa5P0nBz3pXMc8WT5kTWZBtI/NdUYuum+Qol8KXlpd5xmTE3iuPobmC0+ AgJlHxwYPiVUUUg98wsHLcnYVx/lbWtPT01Bb5oyqqbfe9vzIdqkXGvVHVEbJuXMakLt 9kx0oIY1P70QOk6GofZXCfzSFj1vawtxmBf89JFompqGSvXSEKKHlLQil/A9i272FHTE t8TQ== X-Gm-Message-State: AC+VfDzIN5TR4J/RG+aBdhtb9boF98G+NPWRw8CVYAg9wlh7HkE6MpNv dB9Zk5Vb1oNwvm982tjupdSTsN5Evuecym1z6HGp6xVccdViP5KemOm7OUCRXrFvqwbn/nNrIWb FkrusK8U5spQnakhA9yQH+PBq5vvzYW3IOuf2bg7/8RAUMA== X-Received: by 2002:a05:6808:2221:b0:39a:7830:f250 with SMTP id bd33-20020a056808222100b0039a7830f250mr9033212oib.1.1686659553990; Tue, 13 Jun 2023 05:32:33 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7RoHcGYWIZgUHJeY1UXV78LS1K1+OSDeyiYBqiHZ01bS5tDwNvQAEjex3yls8V+mcmzqTp4w== X-Received: by 2002:a05:6808:2221:b0:39a:7830:f250 with SMTP id bd33-20020a056808222100b0039a7830f250mr9033195oib.1.1686659553771; Tue, 13 Jun 2023 05:32:33 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:ac1a:e505:990c:70e9]) by smtp.gmail.com with ESMTPSA id z26-20020a056808049a00b0039c532c9ae1sm4838116oid.55.2023.06.13.05.32.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 05:32:33 -0700 (PDT) From: Magali Lemes To: keescook@chromium.org, shuah@kernel.org Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, Jakub Kicinski , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 1/4] selftests/harness: allow tests to be skipped during setup Date: Tue, 13 Jun 2023 09:32:19 -0300 Message-Id: <20230613123222.631897-2-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613123222.631897-1-magali.lemes@canonical.com> References: <20230613123222.631897-1-magali.lemes@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Before executing each test from a fixture, FIXTURE_SETUP is run once. When SKIP is used in FIXTURE_SETUP, the setup function returns early but the test still proceeds to run, unless another SKIP macro is used within the test definition, leading to some code repetition. Therefore, allow tests to be skipped directly from the setup function. Suggested-by: Jakub Kicinski Signed-off-by: Magali Lemes --- No change in v4. Changes in v3: - Add this patch. tools/testing/selftests/kselftest_harness.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/selftests/kselftest_harness.h index d8bff2005dfc..5fd49ad0c696 100644 --- a/tools/testing/selftests/kselftest_harness.h +++ b/tools/testing/selftests/kselftest_harness.h @@ -249,7 +249,7 @@ /** * FIXTURE_SETUP() - Prepares the setup function for the fixture. - * *_metadata* is included so that EXPECT_* and ASSERT_* work correctly. + * *_metadata* is included so that EXPECT_*, ASSERT_* etc. work correctly. * * @fixture_name: fixture name * @@ -275,7 +275,7 @@ /** * FIXTURE_TEARDOWN() - * *_metadata* is included so that EXPECT_* and ASSERT_* work correctly. + * *_metadata* is included so that EXPECT_*, ASSERT_* etc. work correctly. * * @fixture_name: fixture name * @@ -388,7 +388,7 @@ if (setjmp(_metadata->env) == 0) { \ fixture_name##_setup(_metadata, &self, variant->data); \ /* Let setup failure terminate early. */ \ - if (!_metadata->passed) \ + if (!_metadata->passed || _metadata->skip) \ return; \ _metadata->setup_completed = true; \ fixture_name##_##test_name(_metadata, &self, variant->data); \ From patchwork Tue Jun 13 12:32:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Magali Lemes X-Patchwork-Id: 692345 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67A44C77B7A for ; Tue, 13 Jun 2023 12:32:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240854AbjFMMcs (ORCPT ); Tue, 13 Jun 2023 08:32:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39574 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240612AbjFMMcn (ORCPT ); Tue, 13 Jun 2023 08:32:43 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43F95E7A for ; Tue, 13 Jun 2023 05:32:42 -0700 (PDT) Received: from mail-oi1-f197.google.com (mail-oi1-f197.google.com [209.85.167.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 09EF03F26D for ; Tue, 13 Jun 2023 12:32:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686659560; bh=hHaMBfP8cTjp0xc0R7xoilj8XNV0BDQ4DKwZIDqU/Oo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=jiG6uiNir2yOD0EIDfGwrKl1BlRbsmYe9rnz1oKwWAfJoAM0xSCr/SCAtiq1/9uaR YxS1YgfbyIaq3mefbHq4xGet/VB9Xd54jt3mn8EwgatV4KOlUx8wNarbFCW8M9MlZM JbkXmIbxXAhtnM6yIJ7qThCMzzgzevzFg6WYU6K3KHA4o9iOSI7IZcW+OWuNXRVgR2 fYpREBoYMvgQ2FLiS8jqYDa2grR28j1qzJChvG036ulKpz5AMmoSANL/qQ+tOa0tB+ VplaMaZX9xVUdt2ZqWw7p8D5gquok8Dksyqq0KhqydLQ7bt2ln7esvKzficQTmTEEF j9/48D4icmAvg== Received: by mail-oi1-f197.google.com with SMTP id 5614622812f47-39cdb840b72so1683995b6e.0 for ; Tue, 13 Jun 2023 05:32:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686659558; x=1689251558; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hHaMBfP8cTjp0xc0R7xoilj8XNV0BDQ4DKwZIDqU/Oo=; b=XuPyxXZVwLhohiVxrBjXj2+MPlKG26q1HBCAykOUHeL17J+rE6H0rcKG90YW5oYDGW qz53hCtEkgFVDV9zct1zv8OmoWZPoGvZHgnnjC3sZd+jJLkHq7Jpk95y/pj55twW9W7Z ompO/qmvrj5/wPt3NKc71KlxyslP4Sj5x7i+3x4Vz84iOaE4J05KNIUM2OH9KquEwfpV 6PpNiSkFuXE6vVsYmITJkQ9XJeRjHVCE1pxYek+xLdahmQfVut5/iBD7vmd0HnZ/BYav ZXf/zbD7y+UYx/7ORHchdD6UYiUHOFmlWff4Dh8Pb+Ngzi05EInUb/KCiTjWZsbs7bR5 c//w== X-Gm-Message-State: AC+VfDx6+OKZrCeodDG2okzypbQG2YHJvtdWUsqQWkfI2LGCPSgearPn x622AI0F23Ks1hzW/pXLSNKzYVdE4K0CjAuA95wJfdgGwHp7Ji7RqVuqgpKwmsfnPqBrxZuzVF2 Cdna7y7erO6IRaUatBgKgBij1idUQYGahzYyqgCyt/du7Mw== X-Received: by 2002:a05:6808:9a6:b0:39a:be43:6f13 with SMTP id e6-20020a05680809a600b0039abe436f13mr7138064oig.43.1686659558523; Tue, 13 Jun 2023 05:32:38 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4RfknMhI+ej6W4l7lYiCx6ttQnGKf4kPAEtDH1QaZaaEH5xHKVB655Rt8z4qsy4Iy99d7DmA== X-Received: by 2002:a05:6808:9a6:b0:39a:be43:6f13 with SMTP id e6-20020a05680809a600b0039abe436f13mr7138046oig.43.1686659558292; Tue, 13 Jun 2023 05:32:38 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:ac1a:e505:990c:70e9]) by smtp.gmail.com with ESMTPSA id z26-20020a056808049a00b0039c532c9ae1sm4838116oid.55.2023.06.13.05.32.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 05:32:37 -0700 (PDT) From: Magali Lemes To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, shuah@kernel.org, vfedorenko@novek.ru, tianjia.zhang@linux.alibaba.com Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 2/4] selftests: net: tls: check if FIPS mode is enabled Date: Tue, 13 Jun 2023 09:32:20 -0300 Message-Id: <20230613123222.631897-3-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613123222.631897-1-magali.lemes@canonical.com> References: <20230613123222.631897-1-magali.lemes@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org TLS selftests use the ChaCha20-Poly1305 and SM4 algorithms, which are not FIPS compliant. When fips=1, this set of tests fails. Add a check and only run these tests if not in FIPS mode. Fixes: 4f336e88a870 ("selftests/tls: add CHACHA20-POLY1305 to tls selftests") Fixes: e506342a03c7 ("selftests/tls: add SM4 GCM/CCM to tls selftests") Reviewed-by: Jakub Kicinski Signed-off-by: Magali Lemes --- Changes in v4: - Add R-b tag. - Remove extra newline. Changes in v3: - No need to initialize static variable to zero. - Skip tests during test setup only. - Use the constructor attribute to set fips_enabled before entering main(). Changes in v2: - Put fips_non_compliant into the variants. - Turn fips_enabled into a static global variable. - Read /proc/sys/crypto/fips_enabled only once at main(). tools/testing/selftests/net/tls.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index e699548d4247..ff36844d14b4 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -25,6 +25,8 @@ #define TLS_PAYLOAD_MAX_LEN 16384 #define SOL_TLS 282 +static int fips_enabled; + struct tls_crypto_info_keys { union { struct tls12_crypto_info_aes_gcm_128 aes128; @@ -235,7 +237,7 @@ FIXTURE_VARIANT(tls) { uint16_t tls_version; uint16_t cipher_type; - bool nopad; + bool nopad, fips_non_compliant; }; FIXTURE_VARIANT_ADD(tls, 12_aes_gcm) @@ -254,24 +256,28 @@ FIXTURE_VARIANT_ADD(tls, 12_chacha) { .tls_version = TLS_1_2_VERSION, .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant = true, }; FIXTURE_VARIANT_ADD(tls, 13_chacha) { .tls_version = TLS_1_3_VERSION, .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant = true, }; FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm) { .tls_version = TLS_1_3_VERSION, .cipher_type = TLS_CIPHER_SM4_GCM, + .fips_non_compliant = true, }; FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm) { .tls_version = TLS_1_3_VERSION, .cipher_type = TLS_CIPHER_SM4_CCM, + .fips_non_compliant = true, }; FIXTURE_VARIANT_ADD(tls, 12_aes_ccm) @@ -311,6 +317,9 @@ FIXTURE_SETUP(tls) int one = 1; int ret; + if (fips_enabled && variant->fips_non_compliant) + SKIP(return, "Unsupported cipher in FIPS mode"); + tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12); @@ -1865,4 +1874,17 @@ TEST(prequeue) { close(cfd); } +static void __attribute__((constructor)) fips_check(void) { + int res; + FILE *f; + + f = fopen("/proc/sys/crypto/fips_enabled", "r"); + if (f) { + res = fscanf(f, "%d", &fips_enabled); + if (res != 1) + ksft_print_msg("ERROR: Couldn't read /proc/sys/crypto/fips_enabled\n"); + fclose(f); + } +} + TEST_HARNESS_MAIN From patchwork Tue Jun 13 12:32:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Magali Lemes X-Patchwork-Id: 693171 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED90DC77B7A for ; Tue, 13 Jun 2023 12:32:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240837AbjFMMc4 (ORCPT ); Tue, 13 Jun 2023 08:32:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39686 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241964AbjFMMcw (ORCPT ); Tue, 13 Jun 2023 08:32:52 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0942812A for ; Tue, 13 Jun 2023 05:32:46 -0700 (PDT) Received: from mail-oi1-f197.google.com (mail-oi1-f197.google.com [209.85.167.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 737283F26A for ; Tue, 13 Jun 2023 12:32:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686659564; bh=s8oiugOPYK9Dhcf05PcUqQ0uJRqSYmL//F/FBXFcDYU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=abF36MvdrnPVD0tJpxet2GZaenk5pplCvD7Z8mQ1DzWIl14aBwN574oR4jWOydBUE IwUrlTaPwtZ99u8RWYYYCY+WpIq/2y12znUjq2nHxSzklelBJsYvsxEf8mIUdf1x0y WLjGvdlJZkglaH/bMzMEpQFdk7BJxCxUljwej04vFeWWp9iHOEtzyhme5mC+VcKbqS RCV35bF3EJn5BIL9tQWQMmbHcNL3VoRVoGF7q1hyZQggi0ZV121sM8952y76XR+vi4 hMlA2vKsFA5X5eJnY5p65W3agJ2Hor8FmB0ImA6LGGbvmwa3rDv1ukoXiHF9p/Qvrk Kmx/lSrjAit8A== Received: by mail-oi1-f197.google.com with SMTP id 5614622812f47-39cd7644d31so2056518b6e.1 for ; Tue, 13 Jun 2023 05:32:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686659563; x=1689251563; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=s8oiugOPYK9Dhcf05PcUqQ0uJRqSYmL//F/FBXFcDYU=; b=AtL89baGmJ36d7v8ZUmIayjH81cNaNGKNJ6rsIRFcbrGhQ2pBQ2XJew8zgid77M1+6 CpNYS65nO6hmGCaDrHqAeWvPyRAjb00wqpAsBei6weCVAgSvWKB7P24fe2lBSNZ/ncJM SkDl4xXZiAV+hL6JE04gvyTeUF0rnGU0TpS8aAyEL2gRammK49+oljeCOdolvTV1iFwU ZMFDOMG0UWsbI8SMEYPxuvZJeL3abmfARX/3sg5odgfbJ2BfZsj88osJpORzxJ+z71WP nKeUziXPFi7/iZZsOa9hfwme07FvhZwxkfKxuXuDVyyoTmlik48Kokbckf0xTKRbivWU tX3Q== X-Gm-Message-State: AC+VfDyBpogbvcLMZgYHvaEw3fULtSllybV3kPEDVp/+hLMVKA3KnUU5 iNQcuGtcfGFii/23awcHEUtGxr2GEFLmrkSH3LsILfQvmdfeEXYyIqccKyBlf0tTq4xUB9x9dFa z/fVUzkKbInUDzKypSUDAMUZq57yuMiWfZce0wxmJop0G0w== X-Received: by 2002:a05:6808:2029:b0:39b:8f0c:3936 with SMTP id q41-20020a056808202900b0039b8f0c3936mr8877793oiw.27.1686659563353; Tue, 13 Jun 2023 05:32:43 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ76ZZK3YPGukqTaHOoEllIrqdQ/1dfxoxjqq/bifAMPKB0UdD1asUrpytepcx6C1urVcEQYcg== X-Received: by 2002:a05:6808:2029:b0:39b:8f0c:3936 with SMTP id q41-20020a056808202900b0039b8f0c3936mr8877775oiw.27.1686659563111; Tue, 13 Jun 2023 05:32:43 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:ac1a:e505:990c:70e9]) by smtp.gmail.com with ESMTPSA id z26-20020a056808049a00b0039c532c9ae1sm4838116oid.55.2023.06.13.05.32.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 05:32:42 -0700 (PDT) From: Magali Lemes To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, shuah@kernel.org, dsahern@gmail.com Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, David Ahern , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 3/4] selftests: net: vrf-xfrm-tests: change authentication and encryption algos Date: Tue, 13 Jun 2023 09:32:21 -0300 Message-Id: <20230613123222.631897-4-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613123222.631897-1-magali.lemes@canonical.com> References: <20230613123222.631897-1-magali.lemes@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org The vrf-xfrm-tests tests use the hmac(md5) and cbc(des3_ede) algorithms for performing authentication and encryption, respectively. This causes the tests to fail when fips=1 is set, since these algorithms are not allowed in FIPS mode. Therefore, switch from hmac(md5) and cbc(des3_ede) to hmac(sha1) and cbc(aes), which are FIPS compliant. Fixes: 3f251d741150 ("selftests: Add tests for vrf and xfrms") Reviewed-by: David Ahern Signed-off-by: Magali Lemes --- No change in v4. No change in v3. Changes in v2: - Add R-b tag. tools/testing/selftests/net/vrf-xfrm-tests.sh | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tools/testing/selftests/net/vrf-xfrm-tests.sh b/tools/testing/selftests/net/vrf-xfrm-tests.sh index 184da81f554f..452638ae8aed 100755 --- a/tools/testing/selftests/net/vrf-xfrm-tests.sh +++ b/tools/testing/selftests/net/vrf-xfrm-tests.sh @@ -264,60 +264,60 @@ setup_xfrm() ip -netns host1 xfrm state add src ${HOST1_4} dst ${HOST2_4} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_4} dst ${h2_4} ${devarg} ip -netns host2 xfrm state add src ${HOST1_4} dst ${HOST2_4} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_4} dst ${h2_4} ip -netns host1 xfrm state add src ${HOST2_4} dst ${HOST1_4} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_4} dst ${h1_4} ${devarg} ip -netns host2 xfrm state add src ${HOST2_4} dst ${HOST1_4} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_4} dst ${h1_4} ip -6 -netns host1 xfrm state add src ${HOST1_6} dst ${HOST2_6} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_6} dst ${h2_6} ${devarg} ip -6 -netns host2 xfrm state add src ${HOST1_6} dst ${HOST2_6} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_6} dst ${h2_6} ip -6 -netns host1 xfrm state add src ${HOST2_6} dst ${HOST1_6} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_6} dst ${h1_6} ${devarg} ip -6 -netns host2 xfrm state add src ${HOST2_6} dst ${HOST1_6} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_6} dst ${h1_6} } From patchwork Tue Jun 13 12:32:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Magali Lemes X-Patchwork-Id: 692344 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 331CAC7EE2E for ; Tue, 13 Jun 2023 12:33:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241375AbjFMMdL (ORCPT ); Tue, 13 Jun 2023 08:33:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39708 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242047AbjFMMc6 (ORCPT ); Tue, 13 Jun 2023 08:32:58 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C22071BD2 for ; Tue, 13 Jun 2023 05:32:50 -0700 (PDT) Received: from mail-oi1-f198.google.com (mail-oi1-f198.google.com [209.85.167.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id DCA153F26E for ; Tue, 13 Jun 2023 12:32:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686659568; bh=kHrI60HGgHX5jqkZGeWx9fzAxW6E9mR4OgwfiGnOAxQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=f96N9CTyEtccicTvrNigBS2XUDX38lk3vIKEGmA1ZN5AsE/2NIa/j0pkn+GpilFmm V1nnLeNKigedgfSeIsp8BaWomB0UPJM1h5fi2qe0EAnK9OMevqMKtm50e8uY3NdN9E Pxl+TgGYq05RMf9k4Nm7c3Rr74fgAieHNNx3iwyh1mgkqvIg3gBchCYQdFW9LpKTGj MHZie8LNm9Vl1dcNGdzivsYVwGBaNqBAJSBt/1aIhhj/+AAcMo3LyQoO9H7V9VG4O/ Sr/r13QghqAvW3L1G7k0k6MlpyNjMDv7yHg5YDKeB1L8Ix9SnxZEHHLNToUsMQ/7q4 1xUV6F5Zf05bw== Received: by mail-oi1-f198.google.com with SMTP id 5614622812f47-39aa9617c6bso3380054b6e.1 for ; Tue, 13 Jun 2023 05:32:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686659568; x=1689251568; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kHrI60HGgHX5jqkZGeWx9fzAxW6E9mR4OgwfiGnOAxQ=; b=YouzCpyO8+mcQEPOhz0vKhWFmxFIql4Vzhnkfv47nVm/dYYAfSMGYqSzIeorZPsVYg f9m8iHIrQnYtQkk1DVdJW2ixp6/w6oV5TDFIAOWOTXplka2Fe2jgvaJf7uL2DDidCLrj Tcb9kVaezs8a+9K72ugXhkevEfSWvlXs60PgZHE8Y1VHOuo9u+3pP+tFkX3IxqnJInD1 DK1u1Kv7Unwm97b4XKrQGH1WTNV+4/yLdOV4h7icEZK1dz+wpxSz51S8Sb/yqJhHs7iZ fx+wk4DgspH4IqeoxjhKB/Vngd2ivX7pndK+Ya0aWbwDX+SaMN4BGOXuETAWkihbkCHw WqMw== X-Gm-Message-State: AC+VfDzTyFHC4klHV2OOpyytKFi6H66q5tICJ813H7YqKvkMPiz8w84n TTMz60/rB9gtdwIeQs8vGEgCZjh66Yo/zaF2s8umy/UL9ncFTl5JF8Diu7UHP+sKJGoTtF0TWjR O6MQhKUS/4jKrRXhzd0GNAQEwITPNm1/q/3/NE2wH0Gc7tA== X-Received: by 2002:a54:4808:0:b0:39b:7ba7:bd1e with SMTP id j8-20020a544808000000b0039b7ba7bd1emr6763077oij.11.1686659567824; Tue, 13 Jun 2023 05:32:47 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6OQeh1b10s7ZGLTmJ0pP4jyvk53jHubefHpSrwjFFh9fL4c+WcRZ7ueDOIk1giyyKHQPXWpQ== X-Received: by 2002:a54:4808:0:b0:39b:7ba7:bd1e with SMTP id j8-20020a544808000000b0039b7ba7bd1emr6763057oij.11.1686659567593; Tue, 13 Jun 2023 05:32:47 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:ac1a:e505:990c:70e9]) by smtp.gmail.com with ESMTPSA id z26-20020a056808049a00b0039c532c9ae1sm4838116oid.55.2023.06.13.05.32.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 05:32:47 -0700 (PDT) From: Magali Lemes To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, shuah@kernel.org, dsahern@gmail.com Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, David Ahern , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 4/4] selftests: net: fcnal-test: check if FIPS mode is enabled Date: Tue, 13 Jun 2023 09:32:22 -0300 Message-Id: <20230613123222.631897-5-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613123222.631897-1-magali.lemes@canonical.com> References: <20230613123222.631897-1-magali.lemes@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org There are some MD5 tests which fail when the kernel is in FIPS mode, since MD5 is not FIPS compliant. Add a check and only run those tests if FIPS mode is not enabled. Fixes: f0bee1ebb5594 ("fcnal-test: Add TCP MD5 tests") Fixes: 5cad8bce26e01 ("fcnal-test: Add TCP MD5 tests for VRF") Reviewed-by: David Ahern Signed-off-by: Magali Lemes --- No change in v4. No change in v3. Changes in v2: - Add R-b tag. tools/testing/selftests/net/fcnal-test.sh | 27 ++++++++++++++++------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 21ca91473c09..ee6880ac3e5e 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -92,6 +92,13 @@ NSC_CMD="ip netns exec ${NSC}" which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping) +# Check if FIPS mode is enabled +if [ -f /proc/sys/crypto/fips_enabled ]; then + fips_enabled=`cat /proc/sys/crypto/fips_enabled` +else + fips_enabled=0 +fi + ################################################################################ # utilities @@ -1216,7 +1223,7 @@ ipv4_tcp_novrf() run_cmd nettest -d ${NSA_DEV} -r ${a} log_test_addr ${a} $? 1 "No server, device client, local conn" - ipv4_tcp_md5_novrf + [ "$fips_enabled" = "1" ] || ipv4_tcp_md5_novrf } ipv4_tcp_vrf() @@ -1270,9 +1277,11 @@ ipv4_tcp_vrf() log_test_addr ${a} $? 1 "Global server, local connection" # run MD5 tests - setup_vrf_dup - ipv4_tcp_md5 - cleanup_vrf_dup + if [ "$fips_enabled" = "0" ]; then + setup_vrf_dup + ipv4_tcp_md5 + cleanup_vrf_dup + fi # # enable VRF global server @@ -2772,7 +2781,7 @@ ipv6_tcp_novrf() log_test_addr ${a} $? 1 "No server, device client, local conn" done - ipv6_tcp_md5_novrf + [ "$fips_enabled" = "1" ] || ipv6_tcp_md5_novrf } ipv6_tcp_vrf() @@ -2842,9 +2851,11 @@ ipv6_tcp_vrf() log_test_addr ${a} $? 1 "Global server, local connection" # run MD5 tests - setup_vrf_dup - ipv6_tcp_md5 - cleanup_vrf_dup + if [ "$fips_enabled" = "0" ]; then + setup_vrf_dup + ipv6_tcp_md5 + cleanup_vrf_dup + fi # # enable VRF global server