From nobody Fri Dec 19 16:15:00 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3046C7EE25 for ; Mon, 12 Jun 2023 12:51:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235628AbjFLMv3 (ORCPT ); Mon, 12 Jun 2023 08:51:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38830 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235386AbjFLMvY (ORCPT ); Mon, 12 Jun 2023 08:51:24 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E0CEC10D9 for ; Mon, 12 Jun 2023 05:51:20 -0700 (PDT) Received: from mail-oi1-f199.google.com (mail-oi1-f199.google.com [209.85.167.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 8143E3F376 for ; Mon, 12 Jun 2023 12:51:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686574279; bh=O8zmxTSCOaKjtgaTpZ2khZE2ysWZBc/b8cBiaSfw2F8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=OnHG5EPhtvp6AWT/42tcVXq/8NUx8aTAaG/IvrgbiFbX6gzvMHvk3EAfUgjORN0mY KSedK74mBWSIRWTlNeI020dalw19PGRGpaMouAVq8pNUqriTUtNhg8Jbb+3ZT+K5xA O07TQBFLpZFXiLk3WlTJ52BaCJkw12imM6zSOUCuckGFJieNSSOnyI0gj7glJbwPsa bv+WlXj6nZuKWaWetO0u65/Mo/2+yk+ZjZteRGUJdQOdjS+IZqMuZwITQDpazAoTs0 1Dw0p1jnaRGVo+QIfIGzVywzFLrJnsz3itc1FDE9ce9dH+I2nc0eVuehsWgZrN55tV KsNySALjExlew== Received: by mail-oi1-f199.google.com with SMTP id 5614622812f47-39ceb9a76b1so156411b6e.3 for ; Mon, 12 Jun 2023 05:51:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686574278; x=1689166278; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O8zmxTSCOaKjtgaTpZ2khZE2ysWZBc/b8cBiaSfw2F8=; b=kIdimz5cS8iqgRsW4wxQLz5yyd9dyl5gdVN/htFFkbs4Hj57bfSWoRKWE/TVudAsrc bVSZ1B23WdW5mZACm/x7206uf1vKLeNvuXohDdLkm/ssTKqUWcMkD8feIngmFi6bYuy9 3MphCUlwHCPvU7tFS8rHaMP518/+dQN8s45QC98XF/siUzPHGvEguh3Cmp/H7OutM0JJ MA6UbyQG+yEJMBqSs/TyrFVVKjpf9PdUfPzABOoXTLdH9E+yxlPejXMc6sGPcKvYb3pY 5fsiMze3+5GzAp2jsHwFFBjowoNoq+PN73JpIshdWlA/7w9y9NuotRHqFEcaSO4sopCD GiiQ== X-Gm-Message-State: AC+VfDxSRhMMDgPTTVrrfX6Wcvi/PIdKR1uSudylV+dlkUHzr/YY+vxG GprR3+Lwp9ZXHBAqiT30fIyUmTpPDJIYmkP2OCaBIzkmntouH6qcpu9h9iFENkmE4Lxc0Wxx35w 66lj8IE5kBXbZSYwGk4+q4zpDwh/uj6ybdzIRe7kpHw== X-Received: by 2002:a05:6808:180a:b0:38d:e632:8302 with SMTP id bh10-20020a056808180a00b0038de6328302mr4438187oib.14.1686574278444; Mon, 12 Jun 2023 05:51:18 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4bXJz8c6+3Q90Xf645kavYrySdHcaMtT3/DVP52hnwOajDgXzOYVKMWIdlFPQRcNX1ME/Y3g== X-Received: by 2002:a05:6808:180a:b0:38d:e632:8302 with SMTP id bh10-20020a056808180a00b0038de6328302mr4438174oib.14.1686574278223; Mon, 12 Jun 2023 05:51:18 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:d612:b95d:6bdc:8f6d]) by smtp.gmail.com with ESMTPSA id j22-20020a4ad196000000b00529cc3986c8sm3157193oor.40.2023.06.12.05.51.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Jun 2023 05:51:17 -0700 (PDT) From: Magali Lemes To: keescook@chromium.org, shuah@kernel.org Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, Jakub Kicinski , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 1/4] selftests/harness: allow tests to be skipped during setup Date: Mon, 12 Jun 2023 09:51:04 -0300 Message-Id: <20230612125107.73795-2-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230612125107.73795-1-magali.lemes@canonical.com> References: <20230612125107.73795-1-magali.lemes@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Before executing each test from a fixture, FIXTURE_SETUP is run once. When SKIP is used in FIXTURE_SETUP, the setup function returns early but the test still proceeds to run, unless another SKIP macro is used within the test definition, leading to some code repetition. Therefore, allow tests to be skipped directly from the setup function. Suggested-by: Jakub Kicinski Signed-off-by: Magali Lemes --- Changes in v3: - Add this patch. tools/testing/selftests/kselftest_harness.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/se= lftests/kselftest_harness.h index d8bff2005dfc..5fd49ad0c696 100644 --- a/tools/testing/selftests/kselftest_harness.h +++ b/tools/testing/selftests/kselftest_harness.h @@ -249,7 +249,7 @@ =20 /** * FIXTURE_SETUP() - Prepares the setup function for the fixture. - * *_metadata* is included so that EXPECT_* and ASSERT_* work correctly. + * *_metadata* is included so that EXPECT_*, ASSERT_* etc. work correctly. * * @fixture_name: fixture name * @@ -275,7 +275,7 @@ =20 /** * FIXTURE_TEARDOWN() - * *_metadata* is included so that EXPECT_* and ASSERT_* work correctly. + * *_metadata* is included so that EXPECT_*, ASSERT_* etc. work correctly. * * @fixture_name: fixture name * @@ -388,7 +388,7 @@ if (setjmp(_metadata->env) =3D=3D 0) { \ fixture_name##_setup(_metadata, &self, variant->data); \ /* Let setup failure terminate early. */ \ - if (!_metadata->passed) \ + if (!_metadata->passed || _metadata->skip) \ return; \ _metadata->setup_completed =3D true; \ fixture_name##_##test_name(_metadata, &self, variant->data); \ --=20 2.34.1 From nobody Fri Dec 19 16:15:00 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89DD9C7EE23 for ; Mon, 12 Jun 2023 12:51:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233952AbjFLMvm (ORCPT ); Mon, 12 Jun 2023 08:51:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38976 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235641AbjFLMva (ORCPT ); Mon, 12 Jun 2023 08:51:30 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 422CFE52 for ; Mon, 12 Jun 2023 05:51:25 -0700 (PDT) Received: from mail-ot1-f70.google.com (mail-ot1-f70.google.com [209.85.210.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id EEF113F11D for ; Mon, 12 Jun 2023 12:51:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686574283; bh=53EQLqkSYcnfUW7tWTa0tl0p5nwMGKAhLFezoflGDnw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=EOHfr2fmYdIdE3jYWn1PTwt6Po9QbvFpY435RNRK5eeHyxd4LaKMl1q+KVsq59IGH gaqSqO9uILCb47gK4YY7b8EBl8eTm9WUs8BtLNbsAgQcXdOrpcykHQGLLHJPtd3t+G EkRFMvSKHUhGLNbZwdBkoqTiQQLS6U6cfGgqx9Plw8blI6P8NoQbvzRfJ8CAaJyPpS e3glmZmS7484FyejDbDYDAKvExNwZR3KWGVBk9cqECkMu3QnlRfznpfPnGesoukpRT xxhyizkRrDRidT/xSUlNKx9cL0jTxzj6XobIziWle84PCmhf4WBrGZL1DNdfdt8dI3 XxNPN7JncYx/Q== Received: by mail-ot1-f70.google.com with SMTP id 46e09a7af769-6b2bf00f660so2803891a34.3 for ; Mon, 12 Jun 2023 05:51:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686574283; x=1689166283; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=53EQLqkSYcnfUW7tWTa0tl0p5nwMGKAhLFezoflGDnw=; b=Z1IOFjs23MQ6mZi6lWGxMykg9ngW+P4+nrgXcDc+3TIeknUH/FCCxBSWcDGN2sUjSS Sr46BnJqJh5JnxVfLmDASt2SfXfDpZRjGdfz7O5V5ZtbALRfmeYVilce7K+myym3PzIO vHor688PHAdyQSVTr2nVBPThsrcA1xWxKv6sS1j3rJwQ7hA1VlaxCnprouBcOMMuxwbw PSPDX15WPCWf5niyWjSxrgIhkvToWhegym1jFjaqjJN9wrOpqfp8itkrnr0KbTP61LqW +s0ExUhodcwDp1CaFE3vJvpi4D+A4v2PgdraxYegLh9JnA4BqHxXtMMWYiFKHNJCGgym 3LRg== X-Gm-Message-State: AC+VfDwszTJ2FnGYCzva/Q6FJGF8ns1hqXjEdBOih9BWasLtRcyJyXbY Zwc/0Y/fzev3FLPNgvJhe+uKGspej7ghxo1rSSseF40I8fRATLu3J/QSlUoWOA/koMQwBh1Pi6P x6paLVz+KLkWhd0ep0iYgMBjDyUysT2vN40fJ6ldtiw== X-Received: by 2002:a05:6870:8785:b0:1a6:88c4:5815 with SMTP id r5-20020a056870878500b001a688c45815mr2399842oam.57.1686574282896; Mon, 12 Jun 2023 05:51:22 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7d6CuEdbi4X+dikuOxYc7owlwRtCAJacFJFzXKOQlEcvp7Jz/z6S00gZUboMLR6TJ52c8YVQ== X-Received: by 2002:a05:6870:8785:b0:1a6:88c4:5815 with SMTP id r5-20020a056870878500b001a688c45815mr2399831oam.57.1686574282715; Mon, 12 Jun 2023 05:51:22 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:d612:b95d:6bdc:8f6d]) by smtp.gmail.com with ESMTPSA id j22-20020a4ad196000000b00529cc3986c8sm3157193oor.40.2023.06.12.05.51.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Jun 2023 05:51:22 -0700 (PDT) From: Magali Lemes To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, shuah@kernel.org, vfedorenko@novek.ru, tianjia.zhang@linux.alibaba.com Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 2/4] selftests: net: tls: check if FIPS mode is enabled Date: Mon, 12 Jun 2023 09:51:05 -0300 Message-Id: <20230612125107.73795-3-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230612125107.73795-1-magali.lemes@canonical.com> References: <20230612125107.73795-1-magali.lemes@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" TLS selftests use the ChaCha20-Poly1305 and SM4 algorithms, which are not FIPS compliant. When fips=3D1, this set of tests fails. Add a check and only run these tests if not in FIPS mode. Fixes: 4f336e88a870 ("selftests/tls: add CHACHA20-POLY1305 to tls selftests= ") Fixes: e506342a03c7 ("selftests/tls: add SM4 GCM/CCM to tls selftests") Signed-off-by: Magali Lemes Reviewed-by: Jakub Kicinski --- Changes in v3: - No need to initialize static variable to zero. - Skip tests during test setup only. - Use the constructor attribute to set fips_enabled before entering main(). =20 Changes in v2: - Put fips_non_compliant into the variants. - Turn fips_enabled into a static global variable. - Read /proc/sys/crypto/fips_enabled only once at main(). tools/testing/selftests/net/tls.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index e699548d4247..e4efe80d55e9 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -25,6 +25,8 @@ #define TLS_PAYLOAD_MAX_LEN 16384 #define SOL_TLS 282 =20 +static int fips_enabled; + struct tls_crypto_info_keys { union { struct tls12_crypto_info_aes_gcm_128 aes128; @@ -235,7 +237,7 @@ FIXTURE_VARIANT(tls) { uint16_t tls_version; uint16_t cipher_type; - bool nopad; + bool nopad, fips_non_compliant; }; =20 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm) @@ -254,24 +256,28 @@ FIXTURE_VARIANT_ADD(tls, 12_chacha) { .tls_version =3D TLS_1_2_VERSION, .cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant =3D true, }; =20 FIXTURE_VARIANT_ADD(tls, 13_chacha) { .tls_version =3D TLS_1_3_VERSION, .cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant =3D true, }; =20 FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm) { .tls_version =3D TLS_1_3_VERSION, .cipher_type =3D TLS_CIPHER_SM4_GCM, + .fips_non_compliant =3D true, }; =20 FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm) { .tls_version =3D TLS_1_3_VERSION, .cipher_type =3D TLS_CIPHER_SM4_CCM, + .fips_non_compliant =3D true, }; =20 FIXTURE_VARIANT_ADD(tls, 12_aes_ccm) @@ -311,6 +317,9 @@ FIXTURE_SETUP(tls) int one =3D 1; int ret; =20 + if (fips_enabled && variant->fips_non_compliant) + SKIP(return, "Unsupported cipher in FIPS mode"); + tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12); =20 @@ -406,6 +415,7 @@ static void chunked_sendfile(struct __test_metadata *_m= etadata, =20 TEST_F(tls, multi_chunk_sendfile) { + chunked_sendfile(_metadata, self, 4096, 4096); chunked_sendfile(_metadata, self, 4096, 0); chunked_sendfile(_metadata, self, 4096, 1); @@ -1865,4 +1875,17 @@ TEST(prequeue) { close(cfd); } =20 +static void __attribute__((constructor)) fips_check(void) { + int res; + FILE *f; + + f =3D fopen("/proc/sys/crypto/fips_enabled", "r"); + if (f) { + res =3D fscanf(f, "%d", &fips_enabled); + if (res !=3D 1) + ksft_print_msg("ERROR: Couldn't read /proc/sys/crypto/fips_enabled\n"); + fclose(f); + } +} + TEST_HARNESS_MAIN --=20 2.34.1 From nobody Fri Dec 19 16:15:00 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49538C7EE23 for ; Mon, 12 Jun 2023 12:51:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235655AbjFLMvt (ORCPT ); Mon, 12 Jun 2023 08:51:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235596AbjFLMvj (ORCPT ); Mon, 12 Jun 2023 08:51:39 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 49A9310FA for ; Mon, 12 Jun 2023 05:51:31 -0700 (PDT) Received: from mail-oa1-f70.google.com (mail-oa1-f70.google.com [209.85.160.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id F0D193F378 for ; Mon, 12 Jun 2023 12:51:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686574289; bh=9WA1GnTKde4fTKucBDNJJp1kdZH51ghqRlq/wPSryAw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=JRhn3b0i3r0tYbzIrbNqe+WJf80cSxs0y6XxIetGg+MUiepxgyee+A7EshCvhTpIR Cf8m5D1JXdzzPFkW7gg7udzaHwek9IsLiIN/3mbM2jCee4+AmMUkOxpWUiwS64tajL yinKJ/47RHWfIWgoYu60Qo7cBtwHHo8X31qIyBV7XsUrK5zgbKVQ9XN0GNe0j8zxY6 moNs2+BQleTR5BoB4TAPL4VeN6K/RpsfYLHMPAZ95n08/t1MBpPs0m+z2lKGtIS/Wc THm+zuaNsnPZw9uZng9Ru3R7YD8R/GEi8FUHRjfh6IgJSeaNGiRJdq7Pm0aOJw8Oa/ tDWWsMUGfnYXA== Received: by mail-oa1-f70.google.com with SMTP id 586e51a60fabf-1a31a9ddd87so2138226fac.3 for ; Mon, 12 Jun 2023 05:51:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686574288; x=1689166288; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9WA1GnTKde4fTKucBDNJJp1kdZH51ghqRlq/wPSryAw=; b=bjtipLAWkO+eCuVock1ExcwJ62+1Dr3Sux2DA2Vo255w+YjIGdvae2Y/rjR09ICELM zWN9d7CfAVrDqVXvQPfETP55t5j/SjcM/gkbktVxncF5pu684Qycp/QKas7jOTcUDafS i32FB5ESCSAr4ObkUluSC7WRnkLibK6kSsSvpQnoh7HhzUWFAknv5pLIWkMpiuCG9AUK TPRzpaC06e9OOqFjXNVtv4GIEtrtBR+CFOU6LmSRsBSMQ+xySHKke22RJqNqZVYHi8S8 eb1NAk25VwtrK8rsW7OR8SfGQ+B+tFYRRmDmR7+p2Ywdm8VVTtoF0z17cBNQHZU2Vf98 DkgQ== X-Gm-Message-State: AC+VfDytv3hEn3E7z2MTjcGogwIvXIxw5mhHA/5b/6b4qYQM0ET8vuLU oHY7Mi8zhV8lcuLEJKlEXCqhKX2cTqc7KPXh2FVDEiizE1h5vmTt9+MkFgrhwEuHuYAEtcfis+Y 2vapFjf44cd/ap75upr+C77uX8KZ07hYCmjUz47Z2SQ== X-Received: by 2002:a05:6870:6256:b0:196:8dc3:4e16 with SMTP id r22-20020a056870625600b001968dc34e16mr6011819oak.39.1686574287734; Mon, 12 Jun 2023 05:51:27 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4zWRS7ZviV1sYFayuCJ8VhSxwjQK/79tiCchsPFEkiZDfJBlJWhoUWPx7Bd1s+FgghYjeJMw== X-Received: by 2002:a05:6870:6256:b0:196:8dc3:4e16 with SMTP id r22-20020a056870625600b001968dc34e16mr6011809oak.39.1686574287496; Mon, 12 Jun 2023 05:51:27 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:d612:b95d:6bdc:8f6d]) by smtp.gmail.com with ESMTPSA id j22-20020a4ad196000000b00529cc3986c8sm3157193oor.40.2023.06.12.05.51.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Jun 2023 05:51:27 -0700 (PDT) From: Magali Lemes To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, shuah@kernel.org, dsahern@gmail.com Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, David Ahern , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 3/4] selftests: net: vrf-xfrm-tests: change authentication and encryption algos Date: Mon, 12 Jun 2023 09:51:06 -0300 Message-Id: <20230612125107.73795-4-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230612125107.73795-1-magali.lemes@canonical.com> References: <20230612125107.73795-1-magali.lemes@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" The vrf-xfrm-tests tests use the hmac(md5) and cbc(des3_ede) algorithms for performing authentication and encryption, respectively. This causes the tests to fail when fips=3D1 is set, since these algorithms are not allowed in FIPS mode. Therefore, switch from hmac(md5) and cbc(des3_ede) to hmac(sha1) and cbc(aes), which are FIPS compliant. Fixes: 3f251d741150 ("selftests: Add tests for vrf and xfrms") Reviewed-by: David Ahern Signed-off-by: Magali Lemes --- No change in v3. =20 Changes in v2: - Add R-b tag. tools/testing/selftests/net/vrf-xfrm-tests.sh | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tools/testing/selftests/net/vrf-xfrm-tests.sh b/tools/testing/= selftests/net/vrf-xfrm-tests.sh index 184da81f554f..452638ae8aed 100755 --- a/tools/testing/selftests/net/vrf-xfrm-tests.sh +++ b/tools/testing/selftests/net/vrf-xfrm-tests.sh @@ -264,60 +264,60 @@ setup_xfrm() ip -netns host1 xfrm state add src ${HOST1_4} dst ${HOST2_4} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_4} dst ${h2_4} ${devarg} =20 ip -netns host2 xfrm state add src ${HOST1_4} dst ${HOST2_4} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_4} dst ${h2_4} =20 =20 ip -netns host1 xfrm state add src ${HOST2_4} dst ${HOST1_4} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_4} dst ${h1_4} ${devarg} =20 ip -netns host2 xfrm state add src ${HOST2_4} dst ${HOST1_4} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_4} dst ${h1_4} =20 =20 ip -6 -netns host1 xfrm state add src ${HOST1_6} dst ${HOST2_6} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_6} dst ${h2_6} ${devarg} =20 ip -6 -netns host2 xfrm state add src ${HOST1_6} dst ${HOST2_6} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_6} dst ${h2_6} =20 =20 ip -6 -netns host1 xfrm state add src ${HOST2_6} dst ${HOST1_6} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_6} dst ${h1_6} ${devarg} =20 ip -6 -netns host2 xfrm state add src ${HOST2_6} dst ${HOST1_6} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_6} dst ${h1_6} } =20 --=20 2.34.1 From nobody Fri Dec 19 16:15:00 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 08BA4C7EE23 for ; Mon, 12 Jun 2023 12:52:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235596AbjFLMv7 (ORCPT ); Mon, 12 Jun 2023 08:51:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39174 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235691AbjFLMvp (ORCPT ); Mon, 12 Jun 2023 08:51:45 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BF32172B for ; Mon, 12 Jun 2023 05:51:35 -0700 (PDT) Received: from mail-oo1-f72.google.com (mail-oo1-f72.google.com [209.85.161.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 5FBE23F235 for ; Mon, 12 Jun 2023 12:51:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686574293; bh=omMsUqmf+wDARTSBLeWKvRxM4zligfqqpbMttBMt0pg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=UA/fdTTAIioDD+O770I8naogOwvF/EA0aLYblU1j+xnd6Z1Tj5UqYXMsJ/eShk1/X D13BJQ4A8RMETmWj0NJYefoaCrhikX5Ygov0W1zmEidfrS9q8BjabQEe/6LR6WZNza Ob36v2TOKP8ov88b1BxBbcCodNuGGOT07eIyBByBtpkX+DwaIKJCGmiEUkqUMft1r/ u+ylTox6X7SrBCyZOqgL3hwvIaMFRZ7MLkZD8mjfzSRBLSpKgi67HEpf67QFK9+WXW u7hreeTeFeHdqGHLR/3ZBb76RYD+jQ1QLX9LPcfu5bHqkmBnTIgHgs9iRpSUe5qgEe R84EcMbX9VLVw== Received: by mail-oo1-f72.google.com with SMTP id 006d021491bc7-55b15c956e2so2949698eaf.0 for ; Mon, 12 Jun 2023 05:51:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686574292; x=1689166292; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=omMsUqmf+wDARTSBLeWKvRxM4zligfqqpbMttBMt0pg=; b=kpKa9gELfVDwEnThawug7l/Tw5912/NqbpE4EDKWdCziGnm9Yo6m/rh5ZAZh6eWLSV OxjceGbtGbnwsE8n2oGBqLyx88DvEteaIG2Usr3Jwwkrk3pXz3fZkRgDV0AkZrAd2Kb3 y6J9+C3NayWBQENE0YCm4LdjBLAr0r/ZFJCVJBvb9qhyXiEc7a2WLW0cD3AlUB0Kw9H0 RowuIw6mFrrP1icWwDDRujjiApJvfpDd4B6SGehSE0V2F2jzOgaCx5kQpD+ch0ELLr2M 5s8s21S24/kR5wa6nXTwoBbhtvmr3bMxlV220CSGJqHcB5uHMbBSxzpTaP3Ia2ipT1Kw v1PQ== X-Gm-Message-State: AC+VfDyTDW7OMgpRyZNauivzpZtYcvINmZ3YyuccwHiu+rfZSUHIFLUy ufDX2+epzx7Xo0swNbdBSYqa4vda1R45wTaDktDve6gqt9hlseAo01L1GFYlTLBicapBkJ0wZ/y VvzSwrFEBBiA93QwhwpHmYPoysoZZWdT7Z1rKE1dSFA== X-Received: by 2002:a4a:dccc:0:b0:54b:ce85:490a with SMTP id h12-20020a4adccc000000b0054bce85490amr4906217oou.0.1686574292103; Mon, 12 Jun 2023 05:51:32 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7zLTOWJnv96ffTmwdgO+vzkEG8P4Mwm7wW1mYTKkUTXLGwXHNy9GMezl/BTJdLH++Nny4/Vg== X-Received: by 2002:a4a:dccc:0:b0:54b:ce85:490a with SMTP id h12-20020a4adccc000000b0054bce85490amr4906211oou.0.1686574291870; Mon, 12 Jun 2023 05:51:31 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:d612:b95d:6bdc:8f6d]) by smtp.gmail.com with ESMTPSA id j22-20020a4ad196000000b00529cc3986c8sm3157193oor.40.2023.06.12.05.51.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Jun 2023 05:51:31 -0700 (PDT) From: Magali Lemes To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, shuah@kernel.org, dsahern@gmail.com Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, David Ahern , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 4/4] selftests: net: fcnal-test: check if FIPS mode is enabled Date: Mon, 12 Jun 2023 09:51:07 -0300 Message-Id: <20230612125107.73795-5-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230612125107.73795-1-magali.lemes@canonical.com> References: <20230612125107.73795-1-magali.lemes@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" There are some MD5 tests which fail when the kernel is in FIPS mode, since MD5 is not FIPS compliant. Add a check and only run those tests if FIPS mode is not enabled. Fixes: f0bee1ebb5594 ("fcnal-test: Add TCP MD5 tests") Fixes: 5cad8bce26e01 ("fcnal-test: Add TCP MD5 tests for VRF") Reviewed-by: David Ahern Signed-off-by: Magali Lemes --- No change in v3. =20 Changes in v2: - Add R-b tag. tools/testing/selftests/net/fcnal-test.sh | 27 ++++++++++++++++------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/self= tests/net/fcnal-test.sh index 21ca91473c09..ee6880ac3e5e 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -92,6 +92,13 @@ NSC_CMD=3D"ip netns exec ${NSC}" =20 which ping6 > /dev/null 2>&1 && ping6=3D$(which ping6) || ping6=3D$(which = ping) =20 +# Check if FIPS mode is enabled +if [ -f /proc/sys/crypto/fips_enabled ]; then + fips_enabled=3D`cat /proc/sys/crypto/fips_enabled` +else + fips_enabled=3D0 +fi + ##########################################################################= ###### # utilities =20 @@ -1216,7 +1223,7 @@ ipv4_tcp_novrf() run_cmd nettest -d ${NSA_DEV} -r ${a} log_test_addr ${a} $? 1 "No server, device client, local conn" =20 - ipv4_tcp_md5_novrf + [ "$fips_enabled" =3D "1" ] || ipv4_tcp_md5_novrf } =20 ipv4_tcp_vrf() @@ -1270,9 +1277,11 @@ ipv4_tcp_vrf() log_test_addr ${a} $? 1 "Global server, local connection" =20 # run MD5 tests - setup_vrf_dup - ipv4_tcp_md5 - cleanup_vrf_dup + if [ "$fips_enabled" =3D "0" ]; then + setup_vrf_dup + ipv4_tcp_md5 + cleanup_vrf_dup + fi =20 # # enable VRF global server @@ -2772,7 +2781,7 @@ ipv6_tcp_novrf() log_test_addr ${a} $? 1 "No server, device client, local conn" done =20 - ipv6_tcp_md5_novrf + [ "$fips_enabled" =3D "1" ] || ipv6_tcp_md5_novrf } =20 ipv6_tcp_vrf() @@ -2842,9 +2851,11 @@ ipv6_tcp_vrf() log_test_addr ${a} $? 1 "Global server, local connection" =20 # run MD5 tests - setup_vrf_dup - ipv6_tcp_md5 - cleanup_vrf_dup + if [ "$fips_enabled" =3D "0" ]; then + setup_vrf_dup + ipv6_tcp_md5 + cleanup_vrf_dup + fi =20 # # enable VRF global server --=20 2.34.1