* [PATCH 0/2] relax crypto Kconfig dependencies for fsverity/fscrypt @ 2021-04-16 16:06 Ard Biesheuvel 2021-04-16 16:06 ` [PATCH 1/2] fscrypt: relax Kconfig dependencies for crypto API algorithms Ard Biesheuvel 2021-04-16 16:06 ` [PATCH 2/2] fsverity: relax build time dependency on CRYPTO_SHA256 Ard Biesheuvel 0 siblings, 2 replies; 5+ messages in thread From: Ard Biesheuvel @ 2021-04-16 16:06 UTC (permalink / raw) To: linux-crypto Cc: linux-fscrypt, Ard Biesheuvel, Theodore Y. Ts'o, Jaegeuk Kim, Eric Biggers Relax 'select' dependencies to 'imply' for crypto algorithms that are fulfilled only at runtime, and which may be implemented by other drivers than the generic ones implemented in C. This permits, e.g., arm64 builds to omit the generic CRYPTO_SHA256 and CRYPTO_AES drivers, both of which are superseded by optimized scalar versions at the very least, Cc: "Theodore Y. Ts'o" <tytso@mit.edu> Cc: Jaegeuk Kim <jaegeuk@kernel.org> Cc: Eric Biggers <ebiggers@kernel.org> Ard Biesheuvel (2): fscrypt: relax Kconfig dependencies for crypto API algorithms fsverity: relax build time dependency on CRYPTO_SHA256 fs/crypto/Kconfig | 23 ++++++++++++++------ fs/verity/Kconfig | 8 +++++-- 2 files changed, 22 insertions(+), 9 deletions(-) -- 2.30.2 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] fscrypt: relax Kconfig dependencies for crypto API algorithms 2021-04-16 16:06 [PATCH 0/2] relax crypto Kconfig dependencies for fsverity/fscrypt Ard Biesheuvel @ 2021-04-16 16:06 ` Ard Biesheuvel 2021-04-19 22:03 ` Eric Biggers 2021-04-16 16:06 ` [PATCH 2/2] fsverity: relax build time dependency on CRYPTO_SHA256 Ard Biesheuvel 1 sibling, 1 reply; 5+ messages in thread From: Ard Biesheuvel @ 2021-04-16 16:06 UTC (permalink / raw) To: linux-crypto Cc: linux-fscrypt, Ard Biesheuvel, Theodore Y. Ts'o, Jaegeuk Kim, Eric Biggers Even if FS encryption has strict functional dependencies on various crypto algorithms and chaining modes. those dependencies could potentially be satisified by other implementations than the generic ones, and no link time dependency exists on the 'depends on' claused defined by CONFIG_FS_ENCRYPTION_ALGS. So let's relax these clauses to 'imply', so that the default behavior is still to pull in those generic algorithms, but in a way that permits them to be disabled again in Kconfig. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> --- fs/crypto/Kconfig | 23 ++++++++++++++------ 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig index a5f5c30368a2..1e6c11de95c8 100644 --- a/fs/crypto/Kconfig +++ b/fs/crypto/Kconfig @@ -17,13 +17,22 @@ config FS_ENCRYPTION # allows the algorithms to be built as modules when all the filesystems are. config FS_ENCRYPTION_ALGS tristate - select CRYPTO_AES - select CRYPTO_CBC - select CRYPTO_CTS - select CRYPTO_ECB - select CRYPTO_HMAC - select CRYPTO_SHA512 - select CRYPTO_XTS + imply CRYPTO_AES + imply CRYPTO_CBC + imply CRYPTO_CTS + imply CRYPTO_ECB + imply CRYPTO_HMAC + imply CRYPTO_SHA512 + imply CRYPTO_XTS + help + This pulls in the generic implementations of the various + cryptographic algorithms and chaining modes that filesystem + encryption relies on. These are 'soft' dependencies only, as + architectures may supersede these generic implementations with + special, optimized ones. + + If unsure, keep the generic algorithms enabled, as they can + happily co-exist with per-architecture implementations. config FS_ENCRYPTION_INLINE_CRYPT bool "Enable fscrypt to use inline crypto" -- 2.30.2 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] fscrypt: relax Kconfig dependencies for crypto API algorithms 2021-04-16 16:06 ` [PATCH 1/2] fscrypt: relax Kconfig dependencies for crypto API algorithms Ard Biesheuvel @ 2021-04-19 22:03 ` Eric Biggers 0 siblings, 0 replies; 5+ messages in thread From: Eric Biggers @ 2021-04-19 22:03 UTC (permalink / raw) To: Ard Biesheuvel Cc: linux-crypto, linux-fscrypt, Theodore Y. Ts'o, Jaegeuk Kim On Fri, Apr 16, 2021 at 06:06:41PM +0200, Ard Biesheuvel wrote: > Even if FS encryption has strict functional dependencies on various > crypto algorithms and chaining modes. those dependencies could potentially > be satisified by other implementations than the generic ones, and no link > time dependency exists on the 'depends on' claused defined by > CONFIG_FS_ENCRYPTION_ALGS. > > So let's relax these clauses to 'imply', so that the default behavior > is still to pull in those generic algorithms, but in a way that permits > them to be disabled again in Kconfig. > > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> > --- > fs/crypto/Kconfig | 23 ++++++++++++++------ > 1 file changed, 16 insertions(+), 7 deletions(-) > > diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig > index a5f5c30368a2..1e6c11de95c8 100644 > --- a/fs/crypto/Kconfig > +++ b/fs/crypto/Kconfig > @@ -17,13 +17,22 @@ config FS_ENCRYPTION > # allows the algorithms to be built as modules when all the filesystems are. > config FS_ENCRYPTION_ALGS > tristate > - select CRYPTO_AES > - select CRYPTO_CBC > - select CRYPTO_CTS > - select CRYPTO_ECB > - select CRYPTO_HMAC > - select CRYPTO_SHA512 > - select CRYPTO_XTS > + imply CRYPTO_AES > + imply CRYPTO_CBC > + imply CRYPTO_CTS > + imply CRYPTO_ECB > + imply CRYPTO_HMAC > + imply CRYPTO_SHA512 > + imply CRYPTO_XTS > + help > + This pulls in the generic implementations of the various > + cryptographic algorithms and chaining modes that filesystem > + encryption relies on. These are 'soft' dependencies only, as > + architectures may supersede these generic implementations with > + special, optimized ones. > + > + If unsure, keep the generic algorithms enabled, as they can > + happily co-exist with per-architecture implementations. > This seems reasonable to me. It does have the disadvantage of allowing misconfigurations where algorithms that are supposed to be available are not actually made available. But it's probably better to allow the flexibility to disable the generic implementations. I don't really like the help text, though. First, the description of FS_ENCRYPTION_ALGS should be either in a comment *or* in a 'help' block, not split between both. I think a comment would make more sense since FS_ENCRYPTION_ALGS isn't a user-selectable symbol, so the 'help' would only be seen by reading the Kconfig file anyway. Second, "algorithms that filesystem encryption relies on" is too vague. We should clarify that only the "default" algorithms get automatically selected, and the user may still need to explicitly select more. Here's a suggested comment which I think would explain things a lot better: # Filesystems supporting encryption must select this if FS_ENCRYPTION. This # allows the algorithms to be built as modules when all the filesystems are, # whereas selecting them from FS_ENCRYPTION would force them to be built-in. # # Note: this option only pulls in the algorithms that filesystem encryption # needs "by default". If userspace will use "non-default" encryption modes such # as Adiantum encryption, then those other modes need to be explicitly enabled # in the crypto API; see Documentation/filesystems/fscrypt.rst for details. # # Also note that this option only pulls in the generic implementations of the # algorithms, not any per-architecture optimized implementations. It is # strongly recommended to enable optimized implementations too. It is safe to # disable these generic implementations if corresponding optimized # implementations will always be available too; for this reason, these are soft # dependencies ('imply' rather than 'select'). Only disable these generic # implementations if you're sure they will never be needed, though. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 2/2] fsverity: relax build time dependency on CRYPTO_SHA256 2021-04-16 16:06 [PATCH 0/2] relax crypto Kconfig dependencies for fsverity/fscrypt Ard Biesheuvel 2021-04-16 16:06 ` [PATCH 1/2] fscrypt: relax Kconfig dependencies for crypto API algorithms Ard Biesheuvel @ 2021-04-16 16:06 ` Ard Biesheuvel 2021-04-19 22:05 ` Eric Biggers 1 sibling, 1 reply; 5+ messages in thread From: Ard Biesheuvel @ 2021-04-16 16:06 UTC (permalink / raw) To: linux-crypto Cc: linux-fscrypt, Ard Biesheuvel, Theodore Y. Ts'o, Jaegeuk Kim, Eric Biggers CONFIG_CRYPTO_SHA256 denotes the generic C implementation of the SHA-256 shash algorithm, which is selected as the default crypto shash provider for fsverity. However, fsverity has no strict link time dependency, and the same shash could be exposed by an optimized implementation, and arm64 has a number of those (scalar, NEON-based and one based on special crypto instructions). In such cases, it makes little sense to require that the generic C implementation is incorporated as well, given that it will never be called. To address this, relax the 'select' clause to 'imply' so that the generic driver can be omitted from the build if desired. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> --- fs/verity/Kconfig | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig index 88fb25119899..24d1b54de807 100644 --- a/fs/verity/Kconfig +++ b/fs/verity/Kconfig @@ -3,9 +3,13 @@ config FS_VERITY bool "FS Verity (read-only file-based authenticity protection)" select CRYPTO - # SHA-256 is selected as it's intended to be the default hash algorithm. + # SHA-256 is implied as it's intended to be the default hash algorithm. # To avoid bloat, other wanted algorithms must be selected explicitly. - select CRYPTO_SHA256 + # Note that CRYPTO_SHA256 denotes the generic C implementation, but + # some architectures provided optimized implementations of the same + # algorithm that may be used instead. In this case, CRYPTO_SHA256 may + # be omitted even if SHA-256 is being used. + imply CRYPTO_SHA256 help This option enables fs-verity. fs-verity is the dm-verity mechanism implemented at the file level. On supported -- 2.30.2 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] fsverity: relax build time dependency on CRYPTO_SHA256 2021-04-16 16:06 ` [PATCH 2/2] fsverity: relax build time dependency on CRYPTO_SHA256 Ard Biesheuvel @ 2021-04-19 22:05 ` Eric Biggers 0 siblings, 0 replies; 5+ messages in thread From: Eric Biggers @ 2021-04-19 22:05 UTC (permalink / raw) To: Ard Biesheuvel Cc: linux-crypto, linux-fscrypt, Theodore Y. Ts'o, Jaegeuk Kim On Fri, Apr 16, 2021 at 06:06:42PM +0200, Ard Biesheuvel wrote: > CONFIG_CRYPTO_SHA256 denotes the generic C implementation of the SHA-256 > shash algorithm, which is selected as the default crypto shash provider > for fsverity. However, fsverity has no strict link time dependency, and > the same shash could be exposed by an optimized implementation, and arm64 > has a number of those (scalar, NEON-based and one based on special crypto > instructions). In such cases, it makes little sense to require that the > generic C implementation is incorporated as well, given that it will never > be called. > > To address this, relax the 'select' clause to 'imply' so that the generic > driver can be omitted from the build if desired. > > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> > --- > fs/verity/Kconfig | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig > index 88fb25119899..24d1b54de807 100644 > --- a/fs/verity/Kconfig > +++ b/fs/verity/Kconfig > @@ -3,9 +3,13 @@ > config FS_VERITY > bool "FS Verity (read-only file-based authenticity protection)" > select CRYPTO > - # SHA-256 is selected as it's intended to be the default hash algorithm. > + # SHA-256 is implied as it's intended to be the default hash algorithm. > # To avoid bloat, other wanted algorithms must be selected explicitly. > - select CRYPTO_SHA256 > + # Note that CRYPTO_SHA256 denotes the generic C implementation, but > + # some architectures provided optimized implementations of the same > + # algorithm that may be used instead. In this case, CRYPTO_SHA256 may > + # be omitted even if SHA-256 is being used. > + imply CRYPTO_SHA256 > help > This option enables fs-verity. fs-verity is the dm-verity > mechanism implemented at the file level. On supported Looks fine, Acked-by: Eric Biggers <ebiggers@google.com> - Eric ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-04-19 22:05 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-04-16 16:06 [PATCH 0/2] relax crypto Kconfig dependencies for fsverity/fscrypt Ard Biesheuvel 2021-04-16 16:06 ` [PATCH 1/2] fscrypt: relax Kconfig dependencies for crypto API algorithms Ard Biesheuvel 2021-04-19 22:03 ` Eric Biggers 2021-04-16 16:06 ` [PATCH 2/2] fsverity: relax build time dependency on CRYPTO_SHA256 Ard Biesheuvel 2021-04-19 22:05 ` Eric Biggers
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).