From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.6 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA33DC48BDA for ; Thu, 27 Jun 2019 17:36:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C747F2133F for ; Thu, 27 Jun 2019 17:36:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1561657017; bh=VMwebPDCTF99U5fpGbQC2WDHoUqQ6b9IFPo7dXr2M+U=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=yDcssagDL2FA/trxdnnJXWlgHrwNQSzhBAF2Ic2HqUGz5pDjWQZqj1uHru7ufxc8c hirieM5Krq723KMIIix2Zj1z9EdpqNXi1lAD7T+rBaWPtWAYgvQwv36T5GWEua+mlE omyXGYZ0AKvRWNeVxDihr37bA6tAyi5/KSee7TYY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726620AbfF0Rg4 (ORCPT ); Thu, 27 Jun 2019 13:36:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:46106 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726903AbfF0Rgu (ORCPT ); Thu, 27 Jun 2019 13:36:50 -0400 Received: from sol.localdomain (c-24-5-143-220.hsd1.ca.comcast.net [24.5.143.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 69EAB2064A; Thu, 27 Jun 2019 17:36:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1561657009; bh=VMwebPDCTF99U5fpGbQC2WDHoUqQ6b9IFPo7dXr2M+U=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=dUwdbtzopMKEiParbcR3YQtRhya0WULc3ze+ETK5HWxBsfzsU8LoVolAMfT8A9r9o QPYEQbLZtBTPwMZfkAe0zojCd9pcM/CoMfdOeeUwFaA6nmDomC/P5iBMVl+E5QXbzu YXIVZaLgHIZSOPSHmlsNlV63FdU7kKDewfZIcpC0= Date: Thu, 27 Jun 2019 10:36:47 -0700 From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-crypto@vger.kernel.org, Ard Biesheuvel , Richard Weinberger Subject: Re: [PATCH] fscrypt: remove selection of CONFIG_CRYPTO_SHA256 Message-ID: <20190627173647.GG686@sol.localdomain> References: <20190620181505.225232-1-ebiggers@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190620181505.225232-1-ebiggers@kernel.org> User-Agent: Mutt/1.12.1 (2019-06-15) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Jun 20, 2019 at 11:15:05AM -0700, Eric Biggers wrote: > From: Eric Biggers > > fscrypt only uses SHA-256 for AES-128-CBC-ESSIV, which isn't the default > and is only recommended on platforms that have hardware accelerated > AES-CBC but not AES-XTS. There's no link-time dependency, since SHA-256 > is requested via the crypto API on first use. > > To reduce bloat, we should limit FS_ENCRYPTION to selecting the default > algorithms only. SHA-256 by itself isn't that much bloat, but it's > being discussed to move ESSIV into a crypto API template, which would > incidentally bring in other things like "authenc" support, which would > all end up being built-in since FS_ENCRYPTION is now a bool. > > For Adiantum encryption we already just document that users who want to > use it have to enable CONFIG_CRYPTO_ADIANTUM themselves. So, let's do > the same for AES-128-CBC-ESSIV and CONFIG_CRYPTO_SHA256. > > Signed-off-by: Eric Biggers > --- > Documentation/filesystems/fscrypt.rst | 4 +++- > fs/crypto/Kconfig | 1 - > 2 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst > index 08c23b60e01647..87d4e266ffc86d 100644 > --- a/Documentation/filesystems/fscrypt.rst > +++ b/Documentation/filesystems/fscrypt.rst > @@ -191,7 +191,9 @@ Currently, the following pairs of encryption modes are supported: > If unsure, you should use the (AES-256-XTS, AES-256-CTS-CBC) pair. > > AES-128-CBC was added only for low-powered embedded devices with > -crypto accelerators such as CAAM or CESA that do not support XTS. > +crypto accelerators such as CAAM or CESA that do not support XTS. To > +use AES-128-CBC, CONFIG_CRYPTO_SHA256 (or another SHA-256 > +implementation) must be enabled so that ESSIV can be used. > > Adiantum is a (primarily) stream cipher-based mode that is fast even > on CPUs without dedicated crypto instructions. It's also a true > diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig > index 24ed99e2eca0b2..5fdf24877c1785 100644 > --- a/fs/crypto/Kconfig > +++ b/fs/crypto/Kconfig > @@ -7,7 +7,6 @@ config FS_ENCRYPTION > select CRYPTO_ECB > select CRYPTO_XTS > select CRYPTO_CTS > - select CRYPTO_SHA256 > select KEYS > help > Enable encryption of files and directories. This > -- > 2.22.0.410.gd8fdbe21b5-goog > Applied to fscrypt.git for v5.3. - Eric