[1/2] lib: Add function to detect FIPS mode

Message ID	20210202130441.17861-1-pvorel@suse.cz
State	Accepted
Headers	show Return-Path: <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it> From: Petr Vorel <pvorel@suse.cz> To: ltp@lists.linux.it Date: Tue, 2 Feb 2021 14:04:40 +0100 Message-Id: <20210202130441.17861-1-pvorel@suse.cz> MIME-Version: 1.0 Subject: [LTP] [PATCH 1/2] lib: Add function to detect FIPS mode Precedence: list Cc: Eric Biggers <ebiggers@google.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>
Series	[1/2] lib: Add function to detect FIPS mode \| expand [1/2] lib: Add function to detect FIPS mode [2/2] keyctl05: TCONF on FIPS mode

Message ID

20210202130441.17861-1-pvorel@suse.cz

State

Accepted

Headers

From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Date: Tue,  2 Feb 2021 14:04:40 +0100
Message-Id: <20210202130441.17861-1-pvorel@suse.cz>
MIME-Version: 1.0
Subject: [LTP] [PATCH 1/2] lib: Add function to detect FIPS mode
Precedence: list
Cc: Eric Biggers <ebiggers@google.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it
Sender: "ltp" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>

Series

[1/2] lib: Add function to detect FIPS mode | expand

Commit Message

Petr Vorel Feb. 2, 2021, 1:04 p.m. UTC

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 include/tst_fips.h | 17 +++++++++++++++++
 include/tst_test.h |  1 +
 lib/tst_fips.c     | 22 ++++++++++++++++++++++
 3 files changed, 40 insertions(+)
 create mode 100644 include/tst_fips.h
 create mode 100644 lib/tst_fips.c

Comments

Cyril Hrubis Feb. 12, 2021, 4 p.m. UTC | #1

Hi!
> +#ifndef TST_FIPS_H__
> +#define TST_FIPS_H__
> +
> +#define PATH_FIPS	"/proc/sys/crypto/fips_enabled"

I'm not sure that this belongs to the header, at least it's not prefixed
with TST_.

Other than that Reviewed-by: Cyril Hrubis <chrubis@suse.cz>

Petr Vorel Feb. 12, 2021, 6:59 p.m. UTC | #2

Hi,

> Hi!
> > +#ifndef TST_FIPS_H__
> > +#define TST_FIPS_H__
> > +
> > +#define PATH_FIPS	"/proc/sys/crypto/fips_enabled"

> I'm not sure that this belongs to the header, at least it's not prefixed
> with TST_.
Good catch. As it's not needed I'll move it to C source, because it's not needed
for other tests so far.

BTW the same problem is with PATH_LOCKDOWN from tst_lockdown.[ch].
It'd be better to move them to tst_lockdown.c as well.

> Other than that Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
Thanks!

Kind regards,
Petr

diff --git a/include/tst_fips.h b/include/tst_fips.h
new file mode 100644
index 000000000..2bc90e8e8
--- /dev/null
+++ b/include/tst_fips.h
@@ -0,0 +1,17 @@ 
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) 2021 Petr Vorel <pvorel@suse.cz>
+ */
+
+#ifndef TST_FIPS_H__
+#define TST_FIPS_H__
+
+#define PATH_FIPS	"/proc/sys/crypto/fips_enabled"
+
+/*
+ * Detect whether FIPS enabled
+ * @return 0: FIPS not enabled, 1: FIPS enabled
+ */
+int tst_fips_enabled(void);
+
+#endif /* TST_FIPS_H__ */
diff --git a/include/tst_test.h b/include/tst_test.h
index c87251870..84cbcbb0c 100644
--- a/include/tst_test.h
+++ b/include/tst_test.h
@@ -42,6 +42,7 @@ 
 #include "tst_assert.h"
 #include "tst_cgroup.h"
 #include "tst_lockdown.h"
+#include "tst_fips.h"
 #include "tst_taint.h"
 
 /*
diff --git a/lib/tst_fips.c b/lib/tst_fips.c
new file mode 100644
index 000000000..c1d3e284c
--- /dev/null
+++ b/lib/tst_fips.c
@@ -0,0 +1,22 @@ 
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) 2021 Petr Vorel <pvorel@suse.cz>
+ */
+
+#define TST_NO_DEFAULT_MAIN
+
+#include "tst_test.h"
+#include "tst_safe_macros.h"
+#include "tst_fips.h"
+
+int tst_fips_enabled(void)
+{
+	int fips = 0;
+
+	if (access(PATH_FIPS, R_OK) == 0) {
+		SAFE_FILE_SCANF(PATH_FIPS, "%d", &fips);
+	}
+
+	tst_res(TINFO, "FIPS: %s", fips ? "on" : "off");
+	return fips;
+}

[1/2] lib: Add function to detect FIPS mode

Commit Message

Comments

Patch