Re: [PATCH] crypto: aead: add service indicator flag for RFC4106 AES-GCM

Next message: Sen Wang: "[PATCH 4/4] ASoC: ti: davinci-mcasp: Add asynchronous mode support"
Previous message: Sen Wang: "[PATCH 1/4] dt-bindings: sound: davinci-mcasp: Add optional properties for asynchronous mode"
In reply to: jeffbarnes: "[PATCH] crypto: aead: add service indicator flag for RFC4106 AES-GCM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Herbert Xu

Date: Fri Jan 30 2026 - 00:11:30 EST

On Thu, Jan 29, 2026 at 04:04:36PM -0500, jeffbarnes@xxxxxxxxxxxxxxxxxxx wrote:
> From: Jeff Barnes <jeffbarnes@xxxxxxxxxxxxx>
>
> FIPS 140 validations require a “service indicator” to positively
> identify when an approved cryptographic service is provided. For
> RFC4106 AES‑GCM (used by IPsec), this commit exposes a per‑request
> indicator bit when the IV/nonce construction meets the FIPS uniqueness
> requirement.
>
> Specifically, the indicator is set when the caller uses the RFC4106
> construction with seqiv (per RFC 4106 §3), where the 32‑bit salt and
> 64‑bit seqiv together guarantee a unique 96‑bit IV per key. This
> meets the SP 800‑38D §8.2 uniqueness requirement for GCM.
>
> No ABI or uAPI changes. The flag is internal to the crypto API request
> path and may be consumed by in‑tree callers that need to record service
> use in a FIPS context.
>
> Tests:
> - Verified that gcm(aes) requests never set the service‑indicator bit.
> - Verified that rfc4106(gcm(aes)) requests consistently set the bit.
> - Existing crypto self‑tests continue to pass.
> - checkpatch.pl: no issues.
>
> Signed-off-by: Jeff Barnes <jeffbarnes@xxxxxxxxxxxxx>

Rather than exporting this indicator, I would prefer that we just
forbid non-compliant combinations when FIPS mode is enabled.

Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt