From nobody Sun Dec 14 06:18:11 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E20B3C77B7A for ; Tue, 13 Jun 2023 12:32:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241115AbjFMMcp (ORCPT ); Tue, 13 Jun 2023 08:32:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239539AbjFMMcj (ORCPT ); Tue, 13 Jun 2023 08:32:39 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43FD01996 for ; Tue, 13 Jun 2023 05:32:37 -0700 (PDT) Received: from mail-oi1-f200.google.com (mail-oi1-f200.google.com [209.85.167.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 6B13E3F26E for ; Tue, 13 Jun 2023 12:32:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686659555; bh=dOdvEfMQ7tMAD4TKPEtU/Y162rlS8uUUjrZkK5fcMV4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AlGxmm3NPeRCL5xhakNWS82xNmSaR14dUKKQPuBkVuWCid7HqvkVrKEYdO7q5FlON O99Ke98ApBgpYzKu1fAb4PHmrE0jEDnYTWVrIBwT8+Swk+HQp9Gaa4a8j7r/h9rT6l wyhrPpi+QXUHE/Zea1oo2bEyrQHN0/40ajcjGT0NLXz/83T+9ToeAP7qQBVJ8YsQIO bfCUtLfBEkeP7pKeMW0zZJFiPFBtOvZEAYjapKPVCemzb92UsqGVTPNya3vscmvaHd D27emKBX868QMqKmzKVFpkNVR8XsIihvJ1DcfK2Vl9LzaxINv0CXCO8UXpcoR//Kfi uBVGWVHzqx8Uw== Received: by mail-oi1-f200.google.com with SMTP id 5614622812f47-39cd38e0831so1892692b6e.0 for ; Tue, 13 Jun 2023 05:32:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686659554; x=1689251554; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dOdvEfMQ7tMAD4TKPEtU/Y162rlS8uUUjrZkK5fcMV4=; b=AXdYXDPJeAl7qt8nwtIKxeGwyTVaT6dolAl1A32aiPFmycGUcxzeaNJY8krQRKflnn uD36oOcuKZYj8zKVyydnDyhjYlePMIKJpCAlZh3EhvVAyPHlBVVx3NFjN4wopMREpDd1 hTatW4JGzb7o1Q3VNlbBydsMiCk8ehanU/rpanZUxh5IuLhGZ1ukw2dxbvVeYWCn1W4V M3rVoBYY0gknKMva+zD0NE4lZrNCwzseqiv2Mw45RUZA/TRHfru2ijykvcYOwSWxQoPs /9UCHEZo12YrfWhglYVe3MvNMtsqn+n7CmCMZnlUAdULVZvAdrjVUzd5G57uKrR9qLOX /Lzg== X-Gm-Message-State: AC+VfDyhgFbaaLfINYxMLROOyjWbXoOeOVoQj9Es/6SUVWK6NuZKvUtU 7cQXvE8bQXkVRsxFeW8rIRFw/O/Qz3K2ALc/66FKJbGXlMZrLzSR7ALXjX1oRhgjt+4j4jsIydl 2z/nPMt74Q7Nlc2+HT8zJ4mHWliKFfJvNrfMUaoZauw== X-Received: by 2002:a05:6808:2221:b0:39a:7830:f250 with SMTP id bd33-20020a056808222100b0039a7830f250mr9033208oib.1.1686659553988; Tue, 13 Jun 2023 05:32:33 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7RoHcGYWIZgUHJeY1UXV78LS1K1+OSDeyiYBqiHZ01bS5tDwNvQAEjex3yls8V+mcmzqTp4w== X-Received: by 2002:a05:6808:2221:b0:39a:7830:f250 with SMTP id bd33-20020a056808222100b0039a7830f250mr9033195oib.1.1686659553771; Tue, 13 Jun 2023 05:32:33 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:ac1a:e505:990c:70e9]) by smtp.gmail.com with ESMTPSA id z26-20020a056808049a00b0039c532c9ae1sm4838116oid.55.2023.06.13.05.32.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 05:32:33 -0700 (PDT) From: Magali Lemes To: keescook@chromium.org, shuah@kernel.org Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, Jakub Kicinski , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 1/4] selftests/harness: allow tests to be skipped during setup Date: Tue, 13 Jun 2023 09:32:19 -0300 Message-Id: <20230613123222.631897-2-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613123222.631897-1-magali.lemes@canonical.com> References: <20230613123222.631897-1-magali.lemes@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Before executing each test from a fixture, FIXTURE_SETUP is run once. When SKIP is used in FIXTURE_SETUP, the setup function returns early but the test still proceeds to run, unless another SKIP macro is used within the test definition, leading to some code repetition. Therefore, allow tests to be skipped directly from the setup function. Suggested-by: Jakub Kicinski Signed-off-by: Magali Lemes --- No change in v4. Changes in v3: - Add this patch. tools/testing/selftests/kselftest_harness.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/se= lftests/kselftest_harness.h index d8bff2005dfc..5fd49ad0c696 100644 --- a/tools/testing/selftests/kselftest_harness.h +++ b/tools/testing/selftests/kselftest_harness.h @@ -249,7 +249,7 @@ =20 /** * FIXTURE_SETUP() - Prepares the setup function for the fixture. - * *_metadata* is included so that EXPECT_* and ASSERT_* work correctly. + * *_metadata* is included so that EXPECT_*, ASSERT_* etc. work correctly. * * @fixture_name: fixture name * @@ -275,7 +275,7 @@ =20 /** * FIXTURE_TEARDOWN() - * *_metadata* is included so that EXPECT_* and ASSERT_* work correctly. + * *_metadata* is included so that EXPECT_*, ASSERT_* etc. work correctly. * * @fixture_name: fixture name * @@ -388,7 +388,7 @@ if (setjmp(_metadata->env) =3D=3D 0) { \ fixture_name##_setup(_metadata, &self, variant->data); \ /* Let setup failure terminate early. */ \ - if (!_metadata->passed) \ + if (!_metadata->passed || _metadata->skip) \ return; \ _metadata->setup_completed =3D true; \ fixture_name##_##test_name(_metadata, &self, variant->data); \ --=20 2.34.1 From nobody Sun Dec 14 06:18:11 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE0CDC7EE2E for ; Tue, 13 Jun 2023 12:32:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242360AbjFMMc4 (ORCPT ); Tue, 13 Jun 2023 08:32:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39664 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241892AbjFMMcq (ORCPT ); Tue, 13 Jun 2023 08:32:46 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 90E7C173C for ; Tue, 13 Jun 2023 05:32:43 -0700 (PDT) Received: from mail-oi1-f199.google.com (mail-oi1-f199.google.com [209.85.167.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id DD0E63F26B for ; Tue, 13 Jun 2023 12:32:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686659561; bh=hHaMBfP8cTjp0xc0R7xoilj8XNV0BDQ4DKwZIDqU/Oo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=GBAb3pFAeuXCZAyNX2befsU6lgbifD7P55UGxeV1ailuebAahd6knjUOp2OiMklZH RW26yCFSea3jGV+ng+xULuXRqxOQoHDrGxZ9cgbHOEG2fex8RGweeALGTeG4XZSWci 6jqzE/yFNqoPhfbgMx0Vs0m9cUUXsEKfSJ8SKy0R6j+OWjN4hEHrYa6KdEJAkgoDfe pHmukk92w3DvTA0qD2zYl3m+mcKvL1ffR6etWa/1KeuyNCQr3UvaGNXEIQssD41JO4 fGVFJAeeXkfyO+wPWy2bjOqDRlF8323C8kXRWJfmrOAPAQgiTii4V/R7Hkgmdr3U9h ItlO7nWAazxBQ== Received: by mail-oi1-f199.google.com with SMTP id 5614622812f47-39aa9617c6bso3379953b6e.1 for ; Tue, 13 Jun 2023 05:32:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686659558; x=1689251558; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hHaMBfP8cTjp0xc0R7xoilj8XNV0BDQ4DKwZIDqU/Oo=; b=IPbmuiXEnPx4igko8m2t+2VmK1U8UL4kZlKkkxTmZ3z3NZ6TXzURxkb5ny3QvpCeGa wCJs8jbZUmVjK1Mi1ucj8PV2gb/612ajpMCnqZ0rcjE3CUOgy1MF+/UsChY5w3VG/C0q kjhcry29zIDiPvXp2N4hJ7/yTOcqV4h4jWI5q9Cd8ODfvDntKqiLPQptAsI3NPLm8ZcG 40BwSXhU1QiaflOPpkRtjdYjHzPPVkEV/wz4aSJqfR5X5sEo3XzuZi41qJ5kgZxV1xxS vO9vocLSfeZQKYLisDYyTLIgcHJLHG2rcbV3NOioYA17vjZl09Qrz0HiFgkixsn1/8Fe Jz9g== X-Gm-Message-State: AC+VfDz5WnD+al/CWbewLx6XDJVzYnRYdkXWAqukdV8QJVWTBQxiXxRX 5EDF9p+gYGHjeeZRUkxkbfvrpQPc9FXL9ob8MsuTWXd0ApatCjdoHE/+Ys1jnMA/D/naWr3vaJF pn8jo4yN1KvVb8+rpJPlzzSmOqEkcEHwJDbgSqPZMFxVJb4lSZQ== X-Received: by 2002:a05:6808:9a6:b0:39a:be43:6f13 with SMTP id e6-20020a05680809a600b0039abe436f13mr7138069oig.43.1686659558524; Tue, 13 Jun 2023 05:32:38 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4RfknMhI+ej6W4l7lYiCx6ttQnGKf4kPAEtDH1QaZaaEH5xHKVB655Rt8z4qsy4Iy99d7DmA== X-Received: by 2002:a05:6808:9a6:b0:39a:be43:6f13 with SMTP id e6-20020a05680809a600b0039abe436f13mr7138046oig.43.1686659558292; Tue, 13 Jun 2023 05:32:38 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:ac1a:e505:990c:70e9]) by smtp.gmail.com with ESMTPSA id z26-20020a056808049a00b0039c532c9ae1sm4838116oid.55.2023.06.13.05.32.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 05:32:37 -0700 (PDT) From: Magali Lemes To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, shuah@kernel.org, vfedorenko@novek.ru, tianjia.zhang@linux.alibaba.com Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 2/4] selftests: net: tls: check if FIPS mode is enabled Date: Tue, 13 Jun 2023 09:32:20 -0300 Message-Id: <20230613123222.631897-3-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613123222.631897-1-magali.lemes@canonical.com> References: <20230613123222.631897-1-magali.lemes@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" TLS selftests use the ChaCha20-Poly1305 and SM4 algorithms, which are not FIPS compliant. When fips=3D1, this set of tests fails. Add a check and only run these tests if not in FIPS mode. Fixes: 4f336e88a870 ("selftests/tls: add CHACHA20-POLY1305 to tls selftests= ") Fixes: e506342a03c7 ("selftests/tls: add SM4 GCM/CCM to tls selftests") Reviewed-by: Jakub Kicinski Signed-off-by: Magali Lemes --- Changes in v4: - Add R-b tag. - Remove extra newline. =20 Changes in v3: - No need to initialize static variable to zero. - Skip tests during test setup only. - Use the constructor attribute to set fips_enabled before entering main(). =20 Changes in v2: - Put fips_non_compliant into the variants. - Turn fips_enabled into a static global variable. - Read /proc/sys/crypto/fips_enabled only once at main(). tools/testing/selftests/net/tls.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index e699548d4247..ff36844d14b4 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -25,6 +25,8 @@ #define TLS_PAYLOAD_MAX_LEN 16384 #define SOL_TLS 282 =20 +static int fips_enabled; + struct tls_crypto_info_keys { union { struct tls12_crypto_info_aes_gcm_128 aes128; @@ -235,7 +237,7 @@ FIXTURE_VARIANT(tls) { uint16_t tls_version; uint16_t cipher_type; - bool nopad; + bool nopad, fips_non_compliant; }; =20 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm) @@ -254,24 +256,28 @@ FIXTURE_VARIANT_ADD(tls, 12_chacha) { .tls_version =3D TLS_1_2_VERSION, .cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant =3D true, }; =20 FIXTURE_VARIANT_ADD(tls, 13_chacha) { .tls_version =3D TLS_1_3_VERSION, .cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant =3D true, }; =20 FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm) { .tls_version =3D TLS_1_3_VERSION, .cipher_type =3D TLS_CIPHER_SM4_GCM, + .fips_non_compliant =3D true, }; =20 FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm) { .tls_version =3D TLS_1_3_VERSION, .cipher_type =3D TLS_CIPHER_SM4_CCM, + .fips_non_compliant =3D true, }; =20 FIXTURE_VARIANT_ADD(tls, 12_aes_ccm) @@ -311,6 +317,9 @@ FIXTURE_SETUP(tls) int one =3D 1; int ret; =20 + if (fips_enabled && variant->fips_non_compliant) + SKIP(return, "Unsupported cipher in FIPS mode"); + tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12); =20 @@ -1865,4 +1874,17 @@ TEST(prequeue) { close(cfd); } =20 +static void __attribute__((constructor)) fips_check(void) { + int res; + FILE *f; + + f =3D fopen("/proc/sys/crypto/fips_enabled", "r"); + if (f) { + res =3D fscanf(f, "%d", &fips_enabled); + if (res !=3D 1) + ksft_print_msg("ERROR: Couldn't read /proc/sys/crypto/fips_enabled\n"); + fclose(f); + } +} + TEST_HARNESS_MAIN --=20 2.34.1 From nobody Sun Dec 14 06:18:11 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E28FCC7EE2E for ; Tue, 13 Jun 2023 12:33:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241821AbjFMMc7 (ORCPT ); Tue, 13 Jun 2023 08:32:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39792 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242215AbjFMMcv (ORCPT ); Tue, 13 Jun 2023 08:32:51 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9DE0119AE for ; Tue, 13 Jun 2023 05:32:46 -0700 (PDT) Received: from mail-oi1-f198.google.com (mail-oi1-f198.google.com [209.85.167.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 0AB523F26D for ; Tue, 13 Jun 2023 12:32:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686659565; bh=s8oiugOPYK9Dhcf05PcUqQ0uJRqSYmL//F/FBXFcDYU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=U2PHixu8TSpS1+Ppt3pg6tdfYN24+YN26d/h+bVM8i0XAQpCao8kSGLLMNQg4h+sm La0QdKrBfSp9UgfApoyLT4k0fLkAhwySut+h6epE5Mwg3YTVXDwAi5fakuuwPaLbr4 +Sv7YcRtZZdWpQfdz0iVxCcXgau+r5HHvvOfIkQnh27B0a+G5tZQy3JGH8OkPVe4D2 AUhiPPdAg2RmHhjhLoZvYUFv2sIkYq9vykqd3ri4Qzpo/zrq44o9qj6d/ngrmnBaXx 8OCZE9OUa9UtuHw1gyrEtNEvSM9gOftVBp6ERNxg8NCVLdZ25kbS9DAN+0b5d9XrsK b8Fgr0E3Musdg== Received: by mail-oi1-f198.google.com with SMTP id 5614622812f47-39c7f771ddcso4308415b6e.0 for ; Tue, 13 Jun 2023 05:32:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686659563; x=1689251563; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=s8oiugOPYK9Dhcf05PcUqQ0uJRqSYmL//F/FBXFcDYU=; b=iJAl+XtrbAdzQx/kKBsOQmlR/H9S/knr3l644ngpsm/l4C4ZREQlJnP16u4aEBDNsw gLGX6TUGFll3lQVwgGJeZ2WV4TnayHgAaiU+MMaoi2W2RUkG+7TPUC/1sV9o6EPrxTf+ jg9jt8hJvtaBfoQ4DjSQz2ulvalhMc3m1dC895rHwBwCSfr7p8q91IrIob3J1noi8hy0 9AiWVosdNvWWEVg4ByUue/I2ZST4Yz1SviHE8PdQLj322vq06hfp9LfzvCVUNa1fJb7V lrce2XpEk51dn0wpE/FCf0GJJ9fzDyyIcesUVYvOTtle+OinVUOXQvre8S/bepvxXzee Ll+Q== X-Gm-Message-State: AC+VfDwr0rfsqbr8SNjVtLPWIQDAr7R0Zgt3dOoHbrBXekCuUMTr72DF OUEOdeoxUyR+T3iHNNRiBd12Ymb2yABNvQTt/Cc9lkE+syAo7MP4mOk8KebGAzkg1CA5I7+G5Yr Cz6ms/SPICdm1VbKQG8SJGv8LbaxO9vA3r2o/BI+xNg== X-Received: by 2002:a05:6808:2029:b0:39b:8f0c:3936 with SMTP id q41-20020a056808202900b0039b8f0c3936mr8877791oiw.27.1686659563351; Tue, 13 Jun 2023 05:32:43 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ76ZZK3YPGukqTaHOoEllIrqdQ/1dfxoxjqq/bifAMPKB0UdD1asUrpytepcx6C1urVcEQYcg== X-Received: by 2002:a05:6808:2029:b0:39b:8f0c:3936 with SMTP id q41-20020a056808202900b0039b8f0c3936mr8877775oiw.27.1686659563111; Tue, 13 Jun 2023 05:32:43 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:ac1a:e505:990c:70e9]) by smtp.gmail.com with ESMTPSA id z26-20020a056808049a00b0039c532c9ae1sm4838116oid.55.2023.06.13.05.32.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 05:32:42 -0700 (PDT) From: Magali Lemes To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, shuah@kernel.org, dsahern@gmail.com Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, David Ahern , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 3/4] selftests: net: vrf-xfrm-tests: change authentication and encryption algos Date: Tue, 13 Jun 2023 09:32:21 -0300 Message-Id: <20230613123222.631897-4-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613123222.631897-1-magali.lemes@canonical.com> References: <20230613123222.631897-1-magali.lemes@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" The vrf-xfrm-tests tests use the hmac(md5) and cbc(des3_ede) algorithms for performing authentication and encryption, respectively. This causes the tests to fail when fips=3D1 is set, since these algorithms are not allowed in FIPS mode. Therefore, switch from hmac(md5) and cbc(des3_ede) to hmac(sha1) and cbc(aes), which are FIPS compliant. Fixes: 3f251d741150 ("selftests: Add tests for vrf and xfrms") Reviewed-by: David Ahern Signed-off-by: Magali Lemes --- No change in v4. No change in v3. =20 Changes in v2: - Add R-b tag. tools/testing/selftests/net/vrf-xfrm-tests.sh | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tools/testing/selftests/net/vrf-xfrm-tests.sh b/tools/testing/= selftests/net/vrf-xfrm-tests.sh index 184da81f554f..452638ae8aed 100755 --- a/tools/testing/selftests/net/vrf-xfrm-tests.sh +++ b/tools/testing/selftests/net/vrf-xfrm-tests.sh @@ -264,60 +264,60 @@ setup_xfrm() ip -netns host1 xfrm state add src ${HOST1_4} dst ${HOST2_4} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_4} dst ${h2_4} ${devarg} =20 ip -netns host2 xfrm state add src ${HOST1_4} dst ${HOST2_4} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_4} dst ${h2_4} =20 =20 ip -netns host1 xfrm state add src ${HOST2_4} dst ${HOST1_4} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_4} dst ${h1_4} ${devarg} =20 ip -netns host2 xfrm state add src ${HOST2_4} dst ${HOST1_4} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_4} dst ${h1_4} =20 =20 ip -6 -netns host1 xfrm state add src ${HOST1_6} dst ${HOST2_6} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_6} dst ${h2_6} ${devarg} =20 ip -6 -netns host2 xfrm state add src ${HOST1_6} dst ${HOST2_6} \ proto esp spi ${SPI_1} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_1} 96 \ - enc 'cbc(des3_ede)' ${ENC_1} \ + auth-trunc 'hmac(sha1)' ${AUTH_1} 96 \ + enc 'cbc(aes)' ${ENC_1} \ sel src ${h1_6} dst ${h2_6} =20 =20 ip -6 -netns host1 xfrm state add src ${HOST2_6} dst ${HOST1_6} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_6} dst ${h1_6} ${devarg} =20 ip -6 -netns host2 xfrm state add src ${HOST2_6} dst ${HOST1_6} \ proto esp spi ${SPI_2} reqid 0 mode tunnel \ replay-window 4 replay-oseq 0x4 \ - auth-trunc 'hmac(md5)' ${AUTH_2} 96 \ - enc 'cbc(des3_ede)' ${ENC_2} \ + auth-trunc 'hmac(sha1)' ${AUTH_2} 96 \ + enc 'cbc(aes)' ${ENC_2} \ sel src ${h2_6} dst ${h1_6} } =20 --=20 2.34.1 From nobody Sun Dec 14 06:18:11 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5545FC7EE2E for ; Tue, 13 Jun 2023 12:33:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242461AbjFMMdO (ORCPT ); Tue, 13 Jun 2023 08:33:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39984 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242305AbjFMMdA (ORCPT ); Tue, 13 Jun 2023 08:33:00 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7400173C for ; Tue, 13 Jun 2023 05:32:51 -0700 (PDT) Received: from mail-oi1-f197.google.com (mail-oi1-f197.google.com [209.85.167.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 457773F26D for ; Tue, 13 Jun 2023 12:32:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686659570; bh=kHrI60HGgHX5jqkZGeWx9fzAxW6E9mR4OgwfiGnOAxQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=qmLkrq+DSESZ4ieYNdgbkikBcIYbiCUCeIT5sJFeC0XRBtrVmCSooYp4UBSJpJgZ8 /CF0jcxQwZcG5LtvkugQ4bqbzK5WuBR7ny6BahVSgeHXidEAsFxp9yb6U+z5a5l8zj ccvaHMQNxHP5V7M6C8cJmWQyIbzsJyOiY0PCpvc6OuPEJmCHLK+rTdfVQUQMaz1xlq jOCGe+H+6N1gxElQdyov5ZHSHPpMy53gqbtAn4vRWFuQ6eaDi+pQ1O4z+oHfhZA0Z6 gMAtlYKLYS+w2CSNUw6cIV6Yh2aQ/fMj1n2ZFY87B7Q1npcWWySw3RwmkyqwudRrnI 7a0e8hYqEhgJg== Received: by mail-oi1-f197.google.com with SMTP id 5614622812f47-39c872bab70so3365214b6e.3 for ; Tue, 13 Jun 2023 05:32:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686659568; x=1689251568; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kHrI60HGgHX5jqkZGeWx9fzAxW6E9mR4OgwfiGnOAxQ=; b=OuqX5UEMo7bUWbrqo28oySPExbE5RwXGEnIeh4V6jwILmxRrpeS1l1rufrlmYultPn C0PC4llsRTsvIjEtuqx6/oCVWso8uljD7LXacIcRS1ZaoIgZaLGjtq35qcc8nA5M3eZo 3+yqTlHaa6Uzz6oKpc5SLg08bruKUl3qVz9rHugFpS04ueQTjLtR5XbrgiNESp/OpLSV WTP0CJCKo6LGaUk5v426mVpyNXSPUokCFq0r2uyVuJSXA/1fJRYUk+mZDMHcV1L41mAb 8ViMbu80dODdB1OckbI+3z56kC6CQzM1vcYtmH9efkJQwz/TsOrI0gTvR6KS6wd1FzPh A7AA== X-Gm-Message-State: AC+VfDzpSBewuHyhBGcqsAhYnE0gaK0Sdz/WF9UEDzi1IR8vIqXzAGAx 1n7q2uSy+bTtlbvODIegCtD9YJ2nTL+nOZkqCy/CmklCAzAhxgBM2w2vWSne67LCVKXjjAPvQb5 He+1ZXahr+C7nTpA2/Puj47TzhVoJa0J0PHAzRzYlZAPsX+9dxQ== X-Received: by 2002:a54:4808:0:b0:39b:7ba7:bd1e with SMTP id j8-20020a544808000000b0039b7ba7bd1emr6763075oij.11.1686659567823; Tue, 13 Jun 2023 05:32:47 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6OQeh1b10s7ZGLTmJ0pP4jyvk53jHubefHpSrwjFFh9fL4c+WcRZ7ueDOIk1giyyKHQPXWpQ== X-Received: by 2002:a54:4808:0:b0:39b:7ba7:bd1e with SMTP id j8-20020a544808000000b0039b7ba7bd1emr6763057oij.11.1686659567593; Tue, 13 Jun 2023 05:32:47 -0700 (PDT) Received: from magali.. ([2804:14c:bbe3:4606:ac1a:e505:990c:70e9]) by smtp.gmail.com with ESMTPSA id z26-20020a056808049a00b0039c532c9ae1sm4838116oid.55.2023.06.13.05.32.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Jun 2023 05:32:47 -0700 (PDT) From: Magali Lemes To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, shuah@kernel.org, dsahern@gmail.com Cc: andrei.gherzan@canonical.com, netdev@vger.kernel.org, David Ahern , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 4/4] selftests: net: fcnal-test: check if FIPS mode is enabled Date: Tue, 13 Jun 2023 09:32:22 -0300 Message-Id: <20230613123222.631897-5-magali.lemes@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613123222.631897-1-magali.lemes@canonical.com> References: <20230613123222.631897-1-magali.lemes@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" There are some MD5 tests which fail when the kernel is in FIPS mode, since MD5 is not FIPS compliant. Add a check and only run those tests if FIPS mode is not enabled. Fixes: f0bee1ebb5594 ("fcnal-test: Add TCP MD5 tests") Fixes: 5cad8bce26e01 ("fcnal-test: Add TCP MD5 tests for VRF") Reviewed-by: David Ahern Signed-off-by: Magali Lemes --- No change in v4. No change in v3. =20 Changes in v2: - Add R-b tag. tools/testing/selftests/net/fcnal-test.sh | 27 ++++++++++++++++------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/self= tests/net/fcnal-test.sh index 21ca91473c09..ee6880ac3e5e 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -92,6 +92,13 @@ NSC_CMD=3D"ip netns exec ${NSC}" =20 which ping6 > /dev/null 2>&1 && ping6=3D$(which ping6) || ping6=3D$(which = ping) =20 +# Check if FIPS mode is enabled +if [ -f /proc/sys/crypto/fips_enabled ]; then + fips_enabled=3D`cat /proc/sys/crypto/fips_enabled` +else + fips_enabled=3D0 +fi + ##########################################################################= ###### # utilities =20 @@ -1216,7 +1223,7 @@ ipv4_tcp_novrf() run_cmd nettest -d ${NSA_DEV} -r ${a} log_test_addr ${a} $? 1 "No server, device client, local conn" =20 - ipv4_tcp_md5_novrf + [ "$fips_enabled" =3D "1" ] || ipv4_tcp_md5_novrf } =20 ipv4_tcp_vrf() @@ -1270,9 +1277,11 @@ ipv4_tcp_vrf() log_test_addr ${a} $? 1 "Global server, local connection" =20 # run MD5 tests - setup_vrf_dup - ipv4_tcp_md5 - cleanup_vrf_dup + if [ "$fips_enabled" =3D "0" ]; then + setup_vrf_dup + ipv4_tcp_md5 + cleanup_vrf_dup + fi =20 # # enable VRF global server @@ -2772,7 +2781,7 @@ ipv6_tcp_novrf() log_test_addr ${a} $? 1 "No server, device client, local conn" done =20 - ipv6_tcp_md5_novrf + [ "$fips_enabled" =3D "1" ] || ipv6_tcp_md5_novrf } =20 ipv6_tcp_vrf() @@ -2842,9 +2851,11 @@ ipv6_tcp_vrf() log_test_addr ${a} $? 1 "Global server, local connection" =20 # run MD5 tests - setup_vrf_dup - ipv6_tcp_md5 - cleanup_vrf_dup + if [ "$fips_enabled" =3D "0" ]; then + setup_vrf_dup + ipv6_tcp_md5 + cleanup_vrf_dup + fi =20 # # enable VRF global server --=20 2.34.1