lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3094055.QNPB7aoccF@tauon.chronox.de>
Date:   Mon, 06 Nov 2023 16:25:51 +0100
From:   Stephan Mueller <smueller@...onox.de>
To:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Herbert Xu <herbert@...dor.apana.org.au>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
        Steffen Klassert <steffen.klassert@...unet.com>
Subject: Re: [PATCH] crypto: jitterentropy - Hide esoteric Kconfig options under FIPS
 and EXPERT

Am Montag, 6. November 2023, 11:00:08 CET schrieb Herbert Xu:

Hi Herbert,

> On Thu, Nov 02, 2023 at 08:32:36PM -1000, Linus Torvalds wrote:
> > I think that would help the situation, but I assume the sizing for the
> > jitter buffer is at least partly due to trying to account for cache
> > sizing or similar issues?
> > 
> > Which really means that I assume any static compile-time answer to
> > that question is always wrong - whether you are an expert or not.
> > Unless you are just building the thing for one particular machine.
> > 
> > So I do think the problem is deeper than "this is a question only for
> > experts". I definitely don't think you should ask a regular user (or
> > even a distro kernel package manager). I suspect it's likely that the
> > question is just wrong in general - because any particular one buffer
> > size for any number of machines simply cannot be the right answer.
> > 
> > I realize that the commit says "*allow* for configuration of memory
> > size", but I really question the whole approach.
> 
> Yes I think these are all valid points.  I just noticed that I
> forgot to cc the author so let's see if Stephan has anything to
> add.

I concur that these questions are more for experts. 
> 
> > But yes - hiding these questions from any reasonable normal user is at
> > least a good first step.
> 
> OK here's the patch:
> 
> ---8<---
> As JITTERENTROPY is selected by default if you enable the CRYPTO
> API, any Kconfig options added there will show up for every single
> user.  Hide the esoteric options under EXPERT as well as FIPS so
> that only distro makers will see them.
> 
> Reported-by: Linus Torvalds <torvalds@...ux-foundation.org>
> Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
> 
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index bbf51d55724e..70661f58ee41 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -1297,10 +1297,12 @@ config CRYPTO_JITTERENTROPY
> 
>  	  See https://www.chronox.de/jent.html
> 
> +if CRYPTO_JITTERENTROPY
> +if CRYPTO_FIPS && EXPERT
> +
>  choice
>  	prompt "CPU Jitter RNG Memory Size"
>  	default CRYPTO_JITTERENTROPY_MEMSIZE_2
> -	depends on CRYPTO_JITTERENTROPY
>  	help
>  	  The Jitter RNG measures the execution time of memory accesses.
>  	  Multiple consecutive memory accesses are performed. If the memory
> @@ -1344,7 +1346,6 @@ config CRYPTO_JITTERENTROPY_OSR
>  	int "CPU Jitter RNG Oversampling Rate"
>  	range 1 15
>  	default 1
> -	depends on CRYPTO_JITTERENTROPY
>  	help
>  	  The Jitter RNG allows the specification of an oversampling rate (OSR).
>  	  The Jitter RNG operation requires a fixed amount of timing
> @@ -1359,7 +1360,6 @@ config CRYPTO_JITTERENTROPY_OSR
> 
>  config CRYPTO_JITTERENTROPY_TESTINTERFACE
>  	bool "CPU Jitter RNG Test Interface"
> -	depends on CRYPTO_JITTERENTROPY
>  	help
>  	  The test interface allows a privileged process to capture
>  	  the raw unconditioned high resolution time stamp noise that
> @@ -1377,6 +1377,28 @@ config CRYPTO_JITTERENTROPY_TESTINTERFACE
> 
>  	  If unsure, select N.
> 
> +endif	# if CRYPTO_FIPS && EXPERT
> +
> +if !(CRYPTO_FIPS && EXPERT)
> +
> +config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
> +	int
> +	default 64
> +
> +config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
> +	int
> +	default 32
> +
> +config CRYPTO_JITTERENTROPY_OSR
> +	int
> +	default 1
> +
> +config CRYPTO_JITTERENTROPY_TESTINTERFACE
> +	bool
> +
> +endif	# if !(CRYPTO_FIPS && EXPERT)
> +endif	# if CRYPTO_JITTERENTROPY
> +
>  config CRYPTO_KDF800108_CTR
>  	tristate
>  	select CRYPTO_HMAC

Reviewed-by: Stephan Mueller <smueller@...onox.de>


Ciao
Stephan


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ