errno 80 when loading drbg_nopr_hmac_sha384 in fips mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

$ uname -a
Linux jeffbarnes-vm-az3-x86-fips-dev1 6.6.43.1-7.azl3 #1 SMP PREEMPT_DYNAMIC Tue Aug 13 20:13:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

In the following code for an ACVP test harness, the error path is executed with the following dmesg entry when the kernel boots in fips mode. It is not reproduced when not in fips mode.

[434135.500571] acvp_fips_ioctl cmd c0086606 arg 7ffd61eec768 err -80 at 2559

The code executed was 
drbg = crypto_alloc_rng(type, 0, 0); //fails

The error code was -80 (-ELIBBAD). The type parameter was "drbg_nopr_hmac_sha384".

The following self tests were run (but none for drbg_nopr_hmac_sha384).

[434077.198022] drbg_nopr_hmac_sha256                Test # 1  Passed
[434077.198085] drbg_nopr_hmac_sha256                Test # 2  Passed
[434077.198110] drbg_nopr_hmac_sha256                Test # 3  Passed
[434077.198154] drbg_nopr_hmac_sha256                Test # 4  Passed
[434077.198192] drbg_pr_hmac_sha256                  Test # 1  Passed
[434077.198230] drbg_pr_hmac_sha256                  Test # 2  Passed
[434077.198268] drbg_pr_hmac_sha256                  Test # 3  Passed
[434077.198306] drbg_pr_hmac_sha256                  Test # 4  Passed

The crypto/testmgr.c has the following for the drbg_nopr_hmac_sha384 algorithm.
        {
                /* covered by drbg_nopr_hmac_sha256 test */
                .alg = "drbg_nopr_hmac_sha384",
                .fips_allowed = 1,
                .test = alg_test_null, //no self test? How can it be fips_allowed without a self test?
        }

Is the ELIBBAD because there is no self test for that template? 

This is the output of /proc/crypto for the driver.

name         : stdrng
driver       : drbg_nopr_hmac_sha384
module       : kernel
priority     : 419
refcnt       : 1
selftest     : unknown
internal     : no
fips         : yes
type         : rng
seedsize     : 0

This issue interferes with producing a service indicator for FIPS 140-3 certification since we rely on the output of /proc/crypto. Is that not recommended?

If the service indicator ends up relying on /proc/crypto, then we need either drbg_nopr_hmac_sha384 (and possibly others) the self test to pass (I think) or for the algorithm to not be fips_allowed so that we can rely on /proc/crypto as the basis for the service indicator.

Can you help with this issue?

Much appreciated,
Jeff Barnes
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux