Are the algorithms list per different 'removeDisabled' settings as expected?

[yanqzhan]

Hi @stefanberger
I did some tests on <profile source="builtin:custom" [removeDisabled="check/fips-host"] />, could you confirm whether the results are as expected please? Thank you!
Steps:
configure vtpm xml with profile setting and start vm, check algorithms in vm-swtpm log.
(swtpm-0.10.1-1.fc43.x86_64, libtpms-0.10.0-4.fc43.x86_64)

Results:

1. when no removeDisabled used(), nonFIPS host and FIPS host got same result(algorithms list A).
2. on FIPS host, removeDisabled="check" or ="fips-host" got same result(algorithms list B).
3. on nonFIPS host, removeDisabled="check" got same result as none removeDisabled used(A).
4. compare B to A:(this seems absolutely correct since matching swtpm manpage about –profile remove-disable introduction)
   (1)removed: tdes,tdes-min-size=128, camellia,camellia-min-size=128, rsaes.
   (2)changed rsa-min-size from 1024 to 2048, changed ecc-min-size from 192 to 224.

Ref:
1.algorithms list A：
"rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,ecc-sm2-p256,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb"
2.algorithms list B:
"rsa,rsa-min-size=2048,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=224,ecc-nist,ecc-bn,ecc-sm2-p256,symcipher,cmac,ctr,ofb,cbc,cfb,ecb"

[stefanberger]

Results:

1. when no removeDisabled used(), nonFIPS host and FIPS host got same result(algorithms list A).

Correct.

In this case you presumably want the TPM 2 to use the profile without modifications.
Therefore, in FIPS mode it will check certain candidates of algorithms, that are typically disabled, for whether they are in fact disabled and then disable FIPS mode in the OpenSSL library to enable these algorithms:

$ swtpm_setup --tpmstate ./ --overwrite --profile '{"Name":"custom"}' --tpm2
Starting vTPM manufacturing as stefanb:stefanb @ Wed 21 May 2025 11:03:06 AM EDT
Apply profile: {"Name":"custom"}
TPM is listening on Unix socket.
swtpm: Warning(FIPS): Profile-enabled algorithms contain disabled 'camellia-128'
swtpm: Warning: Disabled OpenSSL FIPS mode

2. on FIPS host, removeDisabled="check" or ="fips-host" got same result(algorithms list B).

Correct.

In this case you want the disabled algorithms to be removed from the profile.

• When "check" is used, each algorithm in a list of candidate algorithms (candidates for being disabled) is tested and if an algorithms fails the test, the algorithms is removed from the profile.
• When "fips-host" is used, the tests are not done but a hard-coded list of fips-disabled algorithms is removed from the profile.

From the swtpm_setup man page:
"[...] If the check parameter is given then algorithms are tested before they are removed while the fips-host parameter forces the removal of all potentially disabled algorithms without testing them."

3. on nonFIPS host, removeDisabled="check" got same result as none removeDisabled used(A).

Correct.

When "check" is used on a non-FIPS-enabled (normal) host, the algorithms are tested and each one that is passing the test is kept, others are removed. What will not pass the tests these days are sha1 signature creation and verification and therefore you should have this profile below with Attributes indicating sha1 not being supported for signatures. The sha1 in the list of algorithms is there to still enable the sha1 PCR bank:

{
  "Name":"custom",
  "StateFormatLevel":8,
  "Commands":"0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197,0x199-0x19c",
  "Algorithms":"rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,ecc-sm2-p256,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
  "Attributes":"no-sha1-signing,no-sha1-verification",     <======
  "Description":"This profile allows customization of enabled algorithms and commands. This profile requires at least libtpms v0.10."
}

4. compare B to A:(this seems absolutely correct since matching [swtpm manpage](https://github.com/stefanberger/swtpm/blob/master/man/man8/swtpm.pod) about –profile remove-disable introduction)
   (1)removed: tdes,tdes-min-size=128, camellia,camellia-min-size=128, rsaes.
   (2)changed rsa-min-size from 1024 to 2048, changed ecc-min-size from 192 to 224.

Correct.

[yanqzhan]

Thank you so much for detailed explanations!
Yes,

1. I got warnings for non removeDisabled scenarios:
   (1)on nonFIPS host:

Warning: Profile-enabled algorithms contain disabled 'RSA-1024-sign(SHA1, pkcs1-pss)'
Warning: Setting OPENSSL_ENABLE_SHA1_SIGNATURES=1

(2)on FIPS host:

Warning(FIPS): Profile-enabled algorithms contain disabled 'camellia-128'
Warning: Disabled OpenSSL FIPS mode

2. I got Attributes for specifying removeDisabled scenarios:
   (1)nonFIPS host with removeDisabled='check:
   '"Attributes":"no-sha1-signing,no-sha1-verification"
   (2)nonFIPS host with removeDisabled='check', and FIPS host with removeDisabled='check' or ='FIPS':
   "Attributes":"no-sha1-signing,no-sha1-verification,no-unpadded-encryption"

I guess they're also as expected. I'll update our test cases.