From patchwork Mon Jun 12 12:51:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Magali Lemes X-Patchwork-Id: 692362 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 116CBC7EE23 for ; Mon, 12 Jun 2023 12:51:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230039AbjFLMvZ (ORCPT ); Mon, 12 Jun 2023 08:51:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38828 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235406AbjFLMvY (ORCPT ); Mon, 12 Jun 2023 08:51:24 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E084BE6F for ; Mon, 12 Jun 2023 05:51:20 -0700 (PDT) Received: from mail-oi1-f197.google.com (mail-oi1-f197.google.com [209.85.167.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 7C89F3F372 for ; Mon, 12 Jun 2023 12:51:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686574279; bh=O8zmxTSCOaKjtgaTpZ2khZE2ysWZBc/b8cBiaSfw2F8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=OnHG5EPhtvp6AWT/42tcVXq/8NUx8aTAaG/IvrgbiFbX6gzvMHvk3EAfUgjORN0mY KSedK74mBWSIRWTlNeI020dalw19PGRGpaMouAVq8pNUqriTUtNhg8Jbb+3ZT+K5xA O07TQBFLpZFXiLk3WlTJ52BaCJkw12imM6zSOUCuckGFJieNSSOnyI0gj7glJbwPsa bv+WlXj6nZuKWaWetO0u65/Mo/2+yk+ZjZteRGUJdQOdjS+IZqMuZwITQDpazAoTs0 1Dw0p1jnaRGVo+QIfIGzVywzFLrJnsz3itc1FDE9ce9dH+I2nc0eVuehsWgZrN55tV KsNySALjExlew== Received: by mail-oi1-f197.google.com with SMTP id 5614622812f47-39c8140b31fso1912879b6e.0 for ; Mon, 12 Jun 2023 05:51:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686574278; x=1689166278; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O8zmxTSCOaKjtgaTpZ2khZE2ysWZBc/b8cBiaSfw2F8=; b=DEK1QlCqTK7XwSBDS28h1tl4UuZAi5Q+G+8GrqvlwM2V0kf10JqHkWFcQ/nC+Y5NgN 5GxQyrbmEk3AAI0KsLGaFbOsblSvXH+0CRN0bDjQQKZnaUhARfWkZmRvm2ipelnhRv/e oIMKdk9Zvyf77EOhmoUJtFrIONRUxfEsRSpnSc9ABi5dOT1gv2lXmn+BMEOaPTKbe8wP 9vdKeOyQkkM2atRhuSsLyE9ehbQKoEqc7FkiCpdMWV4NOJQ9JrXYn29ExYJ4ePgxff+R jE7oF22P02yJo52rRs4QbXNIe6r7d2Eui8d48X+1oMZrXK65p9mEn9FQ7QwrDNA+EJ/R 5z9Q== X-Gm-Message-State: AC+VfDwwHIUL/iQpPcuiJJNhwzYit6vAfrtcrANHwyN7YmdbXF1QOoab EKvqS9gA1ow7BWE79U/VUttBAmJSpolaqiR/VxR8rNbyNLuzayn9B5dFPV+S/G5glZXt8i72G5K JB5IZ6D27MkGvvZuIAXKvJc7IY0R2T3PREVZmXBWmvJs7gg== X-Received: by 2002:a05:6808:180a:b0:38d:e632:8302 with SMTP id bh10-20020a056808180a00b0038de6328302mr4438181oib.14.1686574278441; Mon, 12 Jun 2023 05:51:18 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4bXJz8c6+3Q90Xf645kavYrySdHcaMtT3/DVP52hnwOajDgXzOYVKMWIdlFPQRcNX1ME/Y3g== X-Received: by 2002:a05:6808:180a:b0:38d:e632:8302 with SMTP id bh10-20020a056808180a00b0038de6328302mr4438174oib.14.1686574278223; Mon, 12 Jun 2023 05:51:18 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:d612:b95d:6bdc:8f6d]) by smtp.gmail.com with ESMTPSA id j22-20020a4ad196000000b00529cc3986c8sm3157193oor.40.2023.06.12.05.51.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Jun 2023 05:51:17 -0700 (PDT) From: Magali Lemes To: keescook@chromium.org, shuah@kernel.org Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, Jakub Kicinski , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 1/4] selftests/harness: allow tests to be skipped during setup Date: Mon, 12 Jun 2023 09:51:04 -0300 Message-Id: <20230612125107.73795-2-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230612125107.73795-1-magali.lemes@canonical.com> References: <20230612125107.73795-1-magali.lemes@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Before executing each test from a fixture, FIXTURE_SETUP is run once. When SKIP is used in FIXTURE_SETUP, the setup function returns early but the test still proceeds to run, unless another SKIP macro is used within the test definition, leading to some code repetition. Therefore, allow tests to be skipped directly from the setup function. Suggested-by: Jakub Kicinski Signed-off-by: Magali Lemes --- Changes in v3: - Add this patch. tools/testing/selftests/kselftest_harness.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/selftests/kselftest_harness.h index d8bff2005dfc..5fd49ad0c696 100644 --- a/tools/testing/selftests/kselftest_harness.h +++ b/tools/testing/selftests/kselftest_harness.h @@ -249,7 +249,7 @@ /** * FIXTURE_SETUP() - Prepares the setup function for the fixture. - * *_metadata* is included so that EXPECT_* and ASSERT_* work correctly. + * *_metadata* is included so that EXPECT_*, ASSERT_* etc. work correctly. * * @fixture_name: fixture name * @@ -275,7 +275,7 @@ /** * FIXTURE_TEARDOWN() - * *_metadata* is included so that EXPECT_* and ASSERT_* work correctly. + * *_metadata* is included so that EXPECT_*, ASSERT_* etc. work correctly. * * @fixture_name: fixture name * @@ -388,7 +388,7 @@ if (setjmp(_metadata->env) == 0) { \ fixture_name##_setup(_metadata, &self, variant->data); \ /* Let setup failure terminate early. */ \ - if (!_metadata->passed) \ + if (!_metadata->passed || _metadata->skip) \ return; \ _metadata->setup_completed = true; \ fixture_name##_##test_name(_metadata, &self, variant->data); \ From patchwork Mon Jun 12 12:51:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Magali Lemes X-Patchwork-Id: 691827 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6333C7EE25 for ; Mon, 12 Jun 2023 12:51:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235659AbjFLMvk (ORCPT ); Mon, 12 Jun 2023 08:51:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38864 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235651AbjFLMva (ORCPT ); Mon, 12 Jun 2023 08:51:30 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 430F010D3 for ; Mon, 12 Jun 2023 05:51:25 -0700 (PDT) Received: from mail-oa1-f72.google.com (mail-oa1-f72.google.com [209.85.160.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 036F13F377 for ; Mon, 12 Jun 2023 12:51:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686574284; bh=53EQLqkSYcnfUW7tWTa0tl0p5nwMGKAhLFezoflGDnw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=em66Y0x0xK6FWG+1lf/NjIPCTgDURMm49rSxe4/PG7NCnSqjVK5+2NqC5TE3zpuOf bq0VMge0MjifR68KwWTOd35JAmnQEi1T0pULT/FnXmH7IS0vR03VQVHNWLoOvtWNU5 2GIhl5AH0Apj6h/Q6ar0UGTwPJGRhMxMWwhHOmVt70eu3rE3DMSR8+N4+CnFOuDXlY yrUZDVNTc3erNVfs1jsHYkrg4zbvSswRJrOwFtZxR+kBRMpmufbzoc1JOLF7GKPXGK hm+oykrUMQkPXE9jfGowjSrXCsq90lRmWJYBcj9wzweQzPApw1Bu5GCQfbPDiqfSnT h+YiSStHtN4bg== Received: by mail-oa1-f72.google.com with SMTP id 586e51a60fabf-1a689be8e85so800558fac.3 for ; Mon, 12 Jun 2023 05:51:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686574283; x=1689166283; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=53EQLqkSYcnfUW7tWTa0tl0p5nwMGKAhLFezoflGDnw=; b=guyaoTjPOs6ceNXdtxAO7YZexQIYJ/YcpYupx8HfnqLFv2qtEWnPC8T/dVsb/qEn/e XHuwLIpZocTMVowgpe0bluI1L0KJlekh0hKPiYOyFo738kDl0d8BgqHJy08PAGrKA4UF X8QQ+jup61DghpIlCjtoqq5uXvkj6C3m4IxmFuInJiEcnA2yUGdBIHPOu2EXfOA9yx6f opjPlZ0iOxBALC7xg6+2nZLXey1s00KfJYHm9bvzy7aeYfR0Mn0JJJ+mMEKrsRqV3GyF 5mYTAbNOU7Z3q+BFAx9yEIVdD0d/ui6MpBCSKDKnxS50HAPq8TDESMjdciPpdFmjOwK1 zd/A== X-Gm-Message-State: AC+VfDzxjMscXT4sEQTZ9W6CmAxgoMeQLIVVGBtM1g/5ih28WIkStxXS Sx4dh78rDf800wbd1qPtTOJ8gRC7Y1H4vMyASZI3vtooJqchaXgkRFzSfPywNrOgaYOIBUUjJKU HMYuulc+jRTufwDCUfIybKeHPQdqc1DuKW6IgfF5Qb0O39g== X-Received: by 2002:a05:6870:8785:b0:1a6:88c4:5815 with SMTP id r5-20020a056870878500b001a688c45815mr2399848oam.57.1686574282897; Mon, 12 Jun 2023 05:51:22 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7d6CuEdbi4X+dikuOxYc7owlwRtCAJacFJFzXKOQlEcvp7Jz/z6S00gZUboMLR6TJ52c8YVQ== X-Received: by 2002:a05:6870:8785:b0:1a6:88c4:5815 with SMTP id r5-20020a056870878500b001a688c45815mr2399831oam.57.1686574282715; Mon, 12 Jun 2023 05:51:22 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:d612:b95d:6bdc:8f6d]) by smtp.gmail.com with ESMTPSA id j22-20020a4ad196000000b00529cc3986c8sm3157193oor.40.2023.06.12.05.51.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Jun 2023 05:51:22 -0700 (PDT) From: Magali Lemes To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, shuah@kernel.org, vfedorenko@novek.ru, tianjia.zhang@linux.alibaba.com Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 2/4] selftests: net: tls: check if FIPS mode is enabled Date: Mon, 12 Jun 2023 09:51:05 -0300 Message-Id: <20230612125107.73795-3-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230612125107.73795-1-magali.lemes@canonical.com> References: <20230612125107.73795-1-magali.lemes@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org TLS selftests use the ChaCha20-Poly1305 and SM4 algorithms, which are not FIPS compliant. When fips=1, this set of tests fails. Add a check and only run these tests if not in FIPS mode. Fixes: 4f336e88a870 ("selftests/tls: add CHACHA20-POLY1305 to tls selftests") Fixes: e506342a03c7 ("selftests/tls: add SM4 GCM/CCM to tls selftests") Signed-off-by: Magali Lemes Reviewed-by: Jakub Kicinski --- Changes in v3: - No need to initialize static variable to zero. - Skip tests during test setup only. - Use the constructor attribute to set fips_enabled before entering main(). Changes in v2: - Put fips_non_compliant into the variants. - Turn fips_enabled into a static global variable. - Read /proc/sys/crypto/fips_enabled only once at main(). tools/testing/selftests/net/tls.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index e699548d4247..e4efe80d55e9 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -25,6 +25,8 @@ #define TLS_PAYLOAD_MAX_LEN 16384 #define SOL_TLS 282 +static int fips_enabled; + struct tls_crypto_info_keys { union { struct tls12_crypto_info_aes_gcm_128 aes128; @@ -235,7 +237,7 @@ FIXTURE_VARIANT(tls) { uint16_t tls_version; uint16_t cipher_type; - bool nopad; + bool nopad, fips_non_compliant; }; FIXTURE_VARIANT_ADD(tls, 12_aes_gcm) @@ -254,24 +256,28 @@ FIXTURE_VARIANT_ADD(tls, 12_chacha) { .tls_version = TLS_1_2_VERSION, .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant = true, }; FIXTURE_VARIANT_ADD(tls, 13_chacha) { .tls_version = TLS_1_3_VERSION, .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant = true, }; FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm) { .tls_version = TLS_1_3_VERSION, .cipher_type = TLS_CIPHER_SM4_GCM, + .fips_non_compliant = true, }; FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm) { .tls_version = TLS_1_3_VERSION, .cipher_type = TLS_CIPHER_SM4_CCM, + .fips_non_compliant = true, }; FIXTURE_VARIANT_ADD(tls, 12_aes_ccm) @@ -311,6 +317,9 @@ FIXTURE_SETUP(tls) int one = 1; int ret; + if (fips_enabled && variant->fips_non_compliant) + SKIP(return, "Unsupported cipher in FIPS mode"); + tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12); @@ -406,6 +415,7 @@ static void chunked_sendfile(struct __test_metadata *_metadata, TEST_F(tls, multi_chunk_sendfile) { + chunked_sendfile(_metadata, self, 4096, 4096); chunked_sendfile(_metadata, self, 4096, 0); chunked_sendfile(_metadata, self, 4096, 1); @@ -1865,4 +1875,17 @@ TEST(prequeue) { close(cfd); } +static void __attribute__((constructor)) fips_check(void) { + int res; + FILE *f; + + f = fopen("/proc/sys/crypto/fips_enabled", "r"); + if (f) { + res = fscanf(f, "%d", &fips_enabled); + if (res != 1) + ksft_print_msg("ERROR: Couldn't read /proc/sys/crypto/fips_enabled\n"); + fclose(f); + } +} + TEST_HARNESS_MAIN From patchwork Mon Jun 12 12:51:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Magali Lemes X-Patchwork-Id: 692361 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A37FDC7EE25 for ; Mon, 12 Jun 2023 12:51:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235719AbjFLMvt (ORCPT ); Mon, 12 Jun 2023 08:51:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38818 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235662AbjFLMvl (ORCPT ); Mon, 12 Jun 2023 08:51:41 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4D51A1709 for ; Mon, 12 Jun 2023 05:51:32 -0700 (PDT) Received: from mail-oa1-f69.google.com (mail-oa1-f69.google.com [209.85.160.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 49E113F4B3 for ; Mon, 12 Jun 2023 12:51:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686574290; bh=9WA1GnTKde4fTKucBDNJJp1kdZH51ghqRlq/wPSryAw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=pxZ3WHoGBgraAbMu4KSPBKHD6VDxmJHOm33spjJLz+ZQbaQnWHQ/Ja818bv+3zKdu pkAYBOEeXjEx49fk9jVw5FYtJ7sVyVNlN48fAuiqTKJGd5fLWSkPW0NPLX6M9PPcyd fc2jfUO7hbqn4L7X83j5Cfb71RebOeFMN4bEs4KT+pw2B9kzR+/RJYMrQVbEpH+4fb RyhSi1JDe56/jrNMlr8QQqNQtOQnVTChSJhTMHkWVE/gl1vssmuzOwbFeFYmjgywlN 0dHvfR/VRrGIPLHB8Q82Fh3YDPscysWCLbQktB8ml7xWftrYDFxSjdtoSg1aldqNpg O3jHIEFk+hnHw== Received: by mail-oa1-f69.google.com with SMTP id 586e51a60fabf-19f97a46598so2139230fac.2 for ; Mon, 12 Jun 2023 05:51:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686574288; x=1689166288; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9WA1GnTKde4fTKucBDNJJp1kdZH51ghqRlq/wPSryAw=; b=ljnYoVOUBYGBI6QPwDhRygJCWFq3HVcSSkalgoWM70xV2qPXLKVNC4AjtbmdU1dKcC K32kOfpxvPs+EfVKW+wMfETF/KXJxlB/Ox63u88A3dgZHv6ywT6vCXn2emlVbJunYpZ3 KnEIed+Emuukj0QFIx4a7o78diZviCNz1OGvMjmJhqnl7qbPuc5dwpWeNDPLGsGSv0Ua XS9aOFVc29UvyxpmZanHnJx0WaLkzkD/p9HcAx5Fh7udtlgUhZsicrCwblzEopLWrAAH Iogs4tAiyYGGYbXU3nUomUgNBfdDqoRHhq5xXbSCRAeqBxDUS/4usOUXIOjbmugteCqO +KZw== X-Gm-Message-State: AC+VfDywtAqEY+lfYHiQkuP9E5fGaPKCTGxa2OecRK1fhQePoLsNRryq mbt3uuCEGYKS/crgDKttRm7VflHnuQvI/DPeQsD6IbNnIj99cKMgOi3n4FzBNha0S4oHH8erTMe OEQIu+0ph1vFdeQL5E3Spl7bJlAExyqW9+ZpFQ5n+r64B1g== X-Received: by 2002:a05:6870:6256:b0:196:8dc3:4e16 with SMTP id r22-20020a056870625600b001968dc34e16mr6011824oak.39.1686574287735; Mon, 12 Jun 2023 05:51:27 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4zWRS7ZviV1sYFayuCJ8VhSxwjQK/79tiCchsPFEkiZDfJBlJWhoUWPx7Bd1s+FgghYjeJMw== X-Received: by 2002:a05:6870:6256:b0:196:8dc3:4e16 with SMTP id r22-20020a056870625600b001968dc34e16mr6011809oak.39.1686574287496; Mon, 12 Jun 2023 05:51:27 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:d612:b95d:6bdc:8f6d]) by smtp.gmail.com with ESMTPSA id j22-20020a4ad196000000b00529cc3986c8sm3157193oor.40.2023.06.12.05.51.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Jun 2023 05:51:27 -0700 (PDT) From: Magali Lemes To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, shuah@kernel.org, dsahern@gmail.com Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, David Ahern , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 3/4] selftests: net: vrf-xfrm-tests: change authentication and encryption algos Date: Mon, 12 Jun 2023 09:51:06 -0300 Message-Id: <20230612125107.73795-4-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230612125107.73795-1-magali.lemes@canonical.com> References: <20230612125107.73795-1-magali.lemes@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org The vrf-xfrm-tests tests use the hmac(md5) and cbc(des3_ede) algorithms for performing authentication and encryption, respectively. This causes the tests to fail when fips=1 is set, since these algorithms are not allowed in FIPS mode. Therefore, switch from hmac(md5) and cbc(des3_ede) to hmac(sha1) and cbc(aes), which are FIPS compliant. Fixes: 3f251d741150 ("selftests: Add tests for vrf and xfrms") Reviewed-by: David Ahern Signed-off-by: Magali Lemes --- No change in v3. Changes in v2: - Add R-b tag. tools/testing/selftests/net/vrf-xfrm-tests.sh | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tools/testing/selftests/net/vrf-xfrm-tests.sh b/tools/testing/selftests/net/vrf-xfrm-tests.sh index 184da81f554f..452638ae8aed 100755 --- a/tools/testing/selftests/net/vrf-xfrm-tests.sh +++ b/tools/testing/selftests/net/vrf-xfrm-tests.sh @@ -264,60 +264,60 @@ setup_xfrm() ip -netns host1 xfrm state add src ${HOST1_4} dst ${HOST2_4} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_4} dst ${h2_4} ${devarg} ip -netns host2 xfrm state add src ${HOST1_4} dst ${HOST2_4} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_4} dst ${h2_4} ip -netns host1 xfrm state add src ${HOST2_4} dst ${HOST1_4} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_4} dst ${h1_4} ${devarg} ip -netns host2 xfrm state add src ${HOST2_4} dst ${HOST1_4} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_4} dst ${h1_4} ip -6 -netns host1 xfrm state add src ${HOST1_6} dst ${HOST2_6} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_6} dst ${h2_6} ${devarg} ip -6 -netns host2 xfrm state add src ${HOST1_6} dst ${HOST2_6} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_6} dst ${h2_6} ip -6 -netns host1 xfrm state add src ${HOST2_6} dst ${HOST1_6} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_6} dst ${h1_6} ${devarg} ip -6 -netns host2 xfrm state add src ${HOST2_6} dst ${HOST1_6} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_6} dst ${h1_6} } From patchwork Mon Jun 12 12:51:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Magali Lemes X-Patchwork-Id: 691826 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D017C7EE25 for ; Mon, 12 Jun 2023 12:51:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235771AbjFLMvz (ORCPT ); Mon, 12 Jun 2023 08:51:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39164 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235677AbjFLMvn (ORCPT ); Mon, 12 Jun 2023 08:51:43 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 564C3171D for ; Mon, 12 Jun 2023 05:51:34 -0700 (PDT) Received: from mail-oo1-f70.google.com (mail-oo1-f70.google.com [209.85.161.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 2F04E3F377 for ; Mon, 12 Jun 2023 12:51:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686574293; bh=omMsUqmf+wDARTSBLeWKvRxM4zligfqqpbMttBMt0pg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=UA/fdTTAIioDD+O770I8naogOwvF/EA0aLYblU1j+xnd6Z1Tj5UqYXMsJ/eShk1/X D13BJQ4A8RMETmWj0NJYefoaCrhikX5Ygov0W1zmEidfrS9q8BjabQEe/6LR6WZNza Ob36v2TOKP8ov88b1BxBbcCodNuGGOT07eIyBByBtpkX+DwaIKJCGmiEUkqUMft1r/ u+ylTox6X7SrBCyZOqgL3hwvIaMFRZ7MLkZD8mjfzSRBLSpKgi67HEpf67QFK9+WXW u7hreeTeFeHdqGHLR/3ZBb76RYD+jQ1QLX9LPcfu5bHqkmBnTIgHgs9iRpSUe5qgEe R84EcMbX9VLVw== Received: by mail-oo1-f70.google.com with SMTP id 006d021491bc7-55b3fe7a7f4so2850449eaf.1 for ; Mon, 12 Jun 2023 05:51:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686574292; x=1689166292; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=omMsUqmf+wDARTSBLeWKvRxM4zligfqqpbMttBMt0pg=; b=A9GsOQMhOyEO8wQ5Q0TF5y0ooUeA/jrtCUwJ0rkm8mbw1Fg4stwGYw8XmKDS1Ucya3 emX1aNL2hP2CDGRj3nWDn30YL1spVxyCKRYNrnTnh+p8yNdxO1GUapNIN72PjRm35Md+ saA7H8a5igg3TGCUJazK8Xqp64hKAXyv1EeRckOknsD+g0YophrbsJfJ0PSX5ELnJUOB UsE7OSV40uPvSpqceRSaBx4CyJ6ZkOYgNIEbqYilse+fYdp3xcBI7olSNadRAOOQTI5N KkAY6dREH2z6nht7UAXThVz3eF9CO0Gz92Dfm0DAgEaSHQ6dv4IpkWg7FTDFv0jFgKvg O33A== X-Gm-Message-State: AC+VfDxBQ4lNc0gD8SIxjcqZ4MQ/zwSZtzrGYwnQjOWgDkVVziayMoKF ViFFJhumBLplIeEsCO8vCkHTL80qA2crCrJ+BGy3IExV4pBUyniMRAzb87LqP+iBkiR2j+P3xVB zswr2TOT9e9ugpDKhe9EREhi9IpNdC9b/qDXNeiylSjHqtw== X-Received: by 2002:a4a:dccc:0:b0:54b:ce85:490a with SMTP id h12-20020a4adccc000000b0054bce85490amr4906215oou.0.1686574292103; Mon, 12 Jun 2023 05:51:32 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7zLTOWJnv96ffTmwdgO+vzkEG8P4Mwm7wW1mYTKkUTXLGwXHNy9GMezl/BTJdLH++Nny4/Vg== X-Received: by 2002:a4a:dccc:0:b0:54b:ce85:490a with SMTP id h12-20020a4adccc000000b0054bce85490amr4906211oou.0.1686574291870; Mon, 12 Jun 2023 05:51:31 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:d612:b95d:6bdc:8f6d]) by smtp.gmail.com with ESMTPSA id j22-20020a4ad196000000b00529cc3986c8sm3157193oor.40.2023.06.12.05.51.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Jun 2023 05:51:31 -0700 (PDT) From: Magali Lemes To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, shuah@kernel.org, dsahern@gmail.com Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, David Ahern , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 4/4] selftests: net: fcnal-test: check if FIPS mode is enabled Date: Mon, 12 Jun 2023 09:51:07 -0300 Message-Id: <20230612125107.73795-5-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230612125107.73795-1-magali.lemes@canonical.com> References: <20230612125107.73795-1-magali.lemes@canonical.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org There are some MD5 tests which fail when the kernel is in FIPS mode, since MD5 is not FIPS compliant. Add a check and only run those tests if FIPS mode is not enabled. Fixes: f0bee1ebb5594 ("fcnal-test: Add TCP MD5 tests") Fixes: 5cad8bce26e01 ("fcnal-test: Add TCP MD5 tests for VRF") Reviewed-by: David Ahern Signed-off-by: Magali Lemes --- No change in v3. Changes in v2: - Add R-b tag. tools/testing/selftests/net/fcnal-test.sh | 27 ++++++++++++++++------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 21ca91473c09..ee6880ac3e5e 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -92,6 +92,13 @@ NSC_CMD="ip netns exec ${NSC}" which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping) +# Check if FIPS mode is enabled +if [ -f /proc/sys/crypto/fips_enabled ]; then + fips_enabled=`cat /proc/sys/crypto/fips_enabled` +else + fips_enabled=0 +fi + ################################################################################ # utilities @@ -1216,7 +1223,7 @@ ipv4_tcp_novrf() run_cmd nettest -d ${NSA_DEV} -r ${a} log_test_addr ${a} $? 1 "No server, device client, local conn" - ipv4_tcp_md5_novrf + [ "$fips_enabled" = "1" ] || ipv4_tcp_md5_novrf } ipv4_tcp_vrf() @@ -1270,9 +1277,11 @@ ipv4_tcp_vrf() log_test_addr ${a} $? 1 "Global server, local connection" # run MD5 tests - setup_vrf_dup - ipv4_tcp_md5 - cleanup_vrf_dup + if [ "$fips_enabled" = "0" ]; then + setup_vrf_dup + ipv4_tcp_md5 + cleanup_vrf_dup + fi # # enable VRF global server @@ -2772,7 +2781,7 @@ ipv6_tcp_novrf() log_test_addr ${a} $? 1 "No server, device client, local conn" done - ipv6_tcp_md5_novrf + [ "$fips_enabled" = "1" ] || ipv6_tcp_md5_novrf } ipv6_tcp_vrf() @@ -2842,9 +2851,11 @@ ipv6_tcp_vrf() log_test_addr ${a} $? 1 "Global server, local connection" # run MD5 tests - setup_vrf_dup - ipv6_tcp_md5 - cleanup_vrf_dup + if [ "$fips_enabled" = "0" ]; then + setup_vrf_dup + ipv6_tcp_md5 + cleanup_vrf_dup + fi # # enable VRF global server