From patchwork Wed Apr 21 07:55:10 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ardb@kernel.org>
X-Patchwork-Id: 425928
Return-Path: <linux-crypto-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_CR_TRAILER,
 INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS,
 USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id 72D05C43461
 for <linux-crypto@archiver.kernel.org>;
 Wed, 21 Apr 2021 07:55:27 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by mail.kernel.org (Postfix) with ESMTP id 3EB6761430
 for <linux-crypto@archiver.kernel.org>;
 Wed, 21 Apr 2021 07:55:27 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S236911AbhDUHz5 (ORCPT <rfc822; linux-crypto@archiver.kernel.org>);
 Wed, 21 Apr 2021 03:55:57 -0400
Received: from mail.kernel.org ([198.145.29.99]:54764 "EHLO mail.kernel.org"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S235107AbhDUHzy (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
 Wed, 21 Apr 2021 03:55:54 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 3F6E761438;
 Wed, 21 Apr 2021 07:55:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=k20201202; t=1618991720;
 bh=9wo1DQLdtI3MuzZYxymV2WhK5mxjl2O3K1NxVhptqfg=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
 b=GL+4S18dnKDLGfuGPTaV/mn/Ndh1H0XCUa13oQ74/pkRdtNzZFJHrpdyUFEQt4gWJ
 yrH5n1k8Wo5YZkq5TYEmkagDFk10qcqf3Lsv9drNTEsTzUKvHjlIGaWBq9dQ9Cj22O
 LpXwG906Hc4ARA9eUBquK9E4mAI3KgnhVVGRMf3T4XuAcPcwimY57JwtSkKqQJoc48
 0jTL8NoW1uiBR0KIv792vUDHeABSk3N3+yLrV6im5GlaR+KKcQMrrXpDiYQS9zUh8/
 aGrVNy07viqtuJZHgg2z7jrHMLV0N0cOYQdmftOcm3QODn0xJ+71FeK8NYKkaORdb9
 cE9aM/6k+PdeQ==
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: linux-fscrypt@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
 "Theodore Y. Ts'o" <tytso@mit.edu>, Jaegeuk Kim <jaegeuk@kernel.org>,
 Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH v2 1/2] fscrypt: relax Kconfig dependencies for crypto API
 algorithms
Date: Wed, 21 Apr 2021 09:55:10 +0200
Message-Id: <20210421075511.45321-2-ardb@kernel.org>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210421075511.45321-1-ardb@kernel.org>
References: <20210421075511.45321-1-ardb@kernel.org>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Even if FS encryption has strict functional dependencies on various
crypto algorithms and chaining modes. those dependencies could potentially
be satisified by other implementations than the generic ones, and no link
time dependency exists on the 'depends on' claused defined by
CONFIG_FS_ENCRYPTION_ALGS.

So let's relax these clauses to 'imply', so that the default behavior
is still to pull in those generic algorithms, but in a way that permits
them to be disabled again in Kconfig.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 fs/crypto/Kconfig | 30 ++++++++++++++------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig
index a5f5c30368a2..2d0c8922f635 100644
--- a/fs/crypto/Kconfig
+++ b/fs/crypto/Kconfig
@@ -14,16 +14,30 @@ config FS_ENCRYPTION
 	  F2FS and UBIFS make use of this feature.
 
 # Filesystems supporting encryption must select this if FS_ENCRYPTION.  This
-# allows the algorithms to be built as modules when all the filesystems are.
+# allows the algorithms to be built as modules when all the filesystems are,
+# whereas selecting them from FS_ENCRYPTION would force them to be built-in.
+#
+# Note: this option only pulls in the algorithms that filesystem encryption
+# needs "by default".  If userspace will use "non-default" encryption modes such
+# as Adiantum encryption, then those other modes need to be explicitly enabled
+# in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
+#
+# Also note that this option only pulls in the generic implementations of the
+# algorithms, not any per-architecture optimized implementations.  It is
+# strongly recommended to enable optimized implementations too.  It is safe to
+# disable these generic implementations if corresponding optimized
+# implementations will always be available too; for this reason, these are soft
+# dependencies ('imply' rather than 'select').  Only disable these generic
+# implementations if you're sure they will never be needed, though.
 config FS_ENCRYPTION_ALGS
 	tristate
-	select CRYPTO_AES
-	select CRYPTO_CBC
-	select CRYPTO_CTS
-	select CRYPTO_ECB
-	select CRYPTO_HMAC
-	select CRYPTO_SHA512
-	select CRYPTO_XTS
+	imply CRYPTO_AES
+	imply CRYPTO_CBC
+	imply CRYPTO_CTS
+	imply CRYPTO_ECB
+	imply CRYPTO_HMAC
+	imply CRYPTO_SHA512
+	imply CRYPTO_XTS
 
 config FS_ENCRYPTION_INLINE_CRYPT
 	bool "Enable fscrypt to use inline crypto"

From patchwork Wed Apr 21 07:55:11 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ardb@kernel.org>
X-Patchwork-Id: 425358
Return-Path: <linux-crypto-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_CR_TRAILER,
 INCLUDES_PATCH, 
 MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT
 autolearn=unavailable autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id 8EF81C43470
 for <linux-crypto@archiver.kernel.org>;
 Wed, 21 Apr 2021 07:55:27 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by mail.kernel.org (Postfix) with ESMTP id 577A661434
 for <linux-crypto@archiver.kernel.org>;
 Wed, 21 Apr 2021 07:55:27 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S235107AbhDUHz6 (ORCPT <rfc822; linux-crypto@archiver.kernel.org>);
 Wed, 21 Apr 2021 03:55:58 -0400
Received: from mail.kernel.org ([198.145.29.99]:54784 "EHLO mail.kernel.org"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S237503AbhDUHzz (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
 Wed, 21 Apr 2021 03:55:55 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 168806143A;
 Wed, 21 Apr 2021 07:55:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=k20201202; t=1618991722;
 bh=Ckt8C8nl3QhgUfJhMmpZtLEs1VTyK1g47DgJO1qo5CI=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
 b=qSvQ8qH+6Ef1OeqB7SaG0W6Kko1Utphhkn1DHCars7TQ/PmoCSauQYtb+bbu61gEd
 VpHHSm0oLfzcEv9Wjgv/ThfpmX2J0vpyTrNA2CGNEvXAtIiXXuJw2N2ZjkcHN+6/Ai
 X/1SedqFtDtfVxTCqNtIVUvaf1wJ3hgbRqSvpI1K3dMAM7W/MqsmBYoOinm6hXVTqS
 xuIOP/eM3aAcg2HyBNy9+/3Vy8NYmQb80IqrusSONYWxeNjkLiG5FjTxgLatjDghtu
 0Haf5ESq202HOGnmpQeuDreg22L3cQngHeF+m8sfWmCiRzOQyRXV+/KAl4DiXqHGKE
 /VYqDBpsrJt5g==
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: linux-fscrypt@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
 "Theodore Y. Ts'o" <tytso@mit.edu>, Jaegeuk Kim <jaegeuk@kernel.org>,
 Eric Biggers <ebiggers@kernel.org>, Eric Biggers <ebiggers@google.com>
Subject: [PATCH v2 2/2] fsverity: relax build time dependency on CRYPTO_SHA256
Date: Wed, 21 Apr 2021 09:55:11 +0200
Message-Id: <20210421075511.45321-3-ardb@kernel.org>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210421075511.45321-1-ardb@kernel.org>
References: <20210421075511.45321-1-ardb@kernel.org>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

CONFIG_CRYPTO_SHA256 denotes the generic C implementation of the SHA-256
shash algorithm, which is selected as the default crypto shash provider
for fsverity. However, fsverity has no strict link time dependency, and
the same shash could be exposed by an optimized implementation, and arm64
has a number of those (scalar, NEON-based and one based on special crypto
instructions). In such cases, it makes little sense to require that the
generic C implementation is incorporated as well, given that it will never
be called.

To address this, relax the 'select' clause to 'imply' so that the generic
driver can be omitted from the build if desired.

Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 fs/verity/Kconfig | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig
index 88fb25119899..24d1b54de807 100644
--- a/fs/verity/Kconfig
+++ b/fs/verity/Kconfig
@@ -3,9 +3,13 @@
 config FS_VERITY
 	bool "FS Verity (read-only file-based authenticity protection)"
 	select CRYPTO
-	# SHA-256 is selected as it's intended to be the default hash algorithm.
+	# SHA-256 is implied as it's intended to be the default hash algorithm.
 	# To avoid bloat, other wanted algorithms must be selected explicitly.
-	select CRYPTO_SHA256
+	# Note that CRYPTO_SHA256 denotes the generic C implementation, but
+	# some architectures provided optimized implementations of the same
+	# algorithm that may be used instead. In this case, CRYPTO_SHA256 may
+	# be omitted even if SHA-256 is being used.
+	imply CRYPTO_SHA256
 	help
 	  This option enables fs-verity.  fs-verity is the dm-verity
 	  mechanism implemented at the file level.  On supported