Re: [PATCH] crypto: jitterentropy - Hide esoteric Kconfig options under FIPS and EXPERT

From: Geert Uytterhoeven <geert@linux-m68k.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "Linus Torvalds" <torvalds@linux-foundation.org>,
	"David S. Miller" <davem@davemloft.net>,
	"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
	"Linux Crypto Mailing List" <linux-crypto@vger.kernel.org>,
	"Steffen Klassert" <steffen.klassert@secunet.com>,
	"Stephan Müller" <smueller@chronox.de>,
	"Masahiro Yamada" <masahiroy@kernel.org>,
	linux-kbuild <linux-kbuild@vger.kernel.org>
Subject: Re: [PATCH] crypto: jitterentropy - Hide esoteric Kconfig options under FIPS and EXPERT
Date: Fri, 10 Nov 2023 10:04:38 +0100	[thread overview]
Message-ID: <CAMuHMdWWMABFmejXPEuKyvDC7CgUZSeWU6cR8qpBdVa9KiBdUQ@mail.gmail.com> (raw)
In-Reply-To: <ZUi5KMUaNkp0c1Ds@gondor.apana.org.au>

Hi Herbert, Yamada-san,

On Mon, Nov 6, 2023 at 11:00 AM Herbert Xu <herbert@gondor.apana.org.au> wrote:
> On Thu, Nov 02, 2023 at 08:32:36PM -1000, Linus Torvalds wrote:
> > I think that would help the situation, but I assume the sizing for the
> > jitter buffer is at least partly due to trying to account for cache
> > sizing or similar issues?
> >
> > Which really means that I assume any static compile-time answer to
> > that question is always wrong - whether you are an expert or not.
> > Unless you are just building the thing for one particular machine.
> >
> > So I do think the problem is deeper than "this is a question only for
> > experts". I definitely don't think you should ask a regular user (or
> > even a distro kernel package manager). I suspect it's likely that the
> > question is just wrong in general - because any particular one buffer
> > size for any number of machines simply cannot be the right answer.
> >
> > I realize that the commit says "*allow* for configuration of memory
> > size", but I really question the whole approach.
>
> Yes I think these are all valid points.  I just noticed that I
> forgot to cc the author so let's see if Stephan has anything to
> add.
>
> > But yes - hiding these questions from any reasonable normal user is at
> > least a good first step.
>
> OK here's the patch:
>
> ---8<---
> As JITTERENTROPY is selected by default if you enable the CRYPTO
> API, any Kconfig options added there will show up for every single
> user.  Hide the esoteric options under EXPERT as well as FIPS so
> that only distro makers will see them.
>
> Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Thanks for your patch, which is now commit e7ed6473c2c8c4e4 ("crypto:
jitterentropy - Hide esoteric Kconfig options under FIPS and EXPERT").

> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -1297,10 +1297,12 @@ config CRYPTO_JITTERENTROPY
>
>           See https://www.chronox.de/jent.html
>
> +if CRYPTO_JITTERENTROPY
> +if CRYPTO_FIPS && EXPERT
> +
>  choice
>         prompt "CPU Jitter RNG Memory Size"
>         default CRYPTO_JITTERENTROPY_MEMSIZE_2
> -       depends on CRYPTO_JITTERENTROPY
>         help
>           The Jitter RNG measures the execution time of memory accesses.
>           Multiple consecutive memory accesses are performed. If the memory
> @@ -1344,7 +1346,6 @@ config CRYPTO_JITTERENTROPY_OSR
>         int "CPU Jitter RNG Oversampling Rate"
>         range 1 15
>         default 1
> -       depends on CRYPTO_JITTERENTROPY
>         help
>           The Jitter RNG allows the specification of an oversampling rate (OSR).
>           The Jitter RNG operation requires a fixed amount of timing
> @@ -1359,7 +1360,6 @@ config CRYPTO_JITTERENTROPY_OSR
>
>  config CRYPTO_JITTERENTROPY_TESTINTERFACE
>         bool "CPU Jitter RNG Test Interface"
> -       depends on CRYPTO_JITTERENTROPY
>         help
>           The test interface allows a privileged process to capture
>           the raw unconditioned high resolution time stamp noise that
> @@ -1377,6 +1377,28 @@ config CRYPTO_JITTERENTROPY_TESTINTERFACE
>
>           If unsure, select N.
>
> +endif  # if CRYPTO_FIPS && EXPERT
> +
> +if !(CRYPTO_FIPS && EXPERT)
> +
> +config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
> +       int
> +       default 64
> +
> +config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
> +       int
> +       default 32
> +
> +config CRYPTO_JITTERENTROPY_OSR
> +       int
> +       default 1
> +
> +config CRYPTO_JITTERENTROPY_TESTINTERFACE
> +       bool

This duplicates the symbols in the CRYPTO_FIPS && EXPERT section above,
which is fragile.

For the int and bool symbols, this can be handled without duplication
using:

     config CRYPTO_JITTERENTROPY_OSR
    -       int "CPU Jitter RNG Oversampling Rate"
    +       int "CPU Jitter RNG Oversampling Rate" if CRYPTO_FIPS && EXPERT

     config CRYPTO_JITTERENTROPY_TESTINTERFACE
    -       bool "CPU Jitter RNG Test Interface"
    +       bool "CPU Jitter RNG Test Interface" if CRYPTO_FIPS && EXPERT

Unfortunately the following does not work for the choice statement,
although kconfig does not report an error:

     choice
    -       prompt "CPU Jitter RNG Memory Size"
    +       prompt "CPU Jitter RNG Memory Size" if CRYPTO_FIPS && EXPERT
             default CRYPTO_JITTERENTROPY_MEMSIZE_2

Unlike for other symbol types, which just become silent if
!(CRYPTO_FIPS && EXPERT), the choice is skipped completely if
!(CRYPTO_FIPS && EXPERT), and CRYPTO_JITTERENTROPY_MEMSIZE_2 is not set.

Yamada-san: Do you know why choice behaves differently?
Is this easy to fix?

Thanks!

> +
> +endif  # if !(CRYPTO_FIPS && EXPERT)
> +endif  # if CRYPTO_JITTERENTROPY
> +
>  config CRYPTO_KDF800108_CTR
>         tristate
>         select CRYPTO_HMAC

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds