| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y4EIR+n8aKutuLo0@sol.localdomain>
Date: Fri, 25 Nov 2022 10:24:07 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
Cc: "Theodore Y. Ts o" <tytso@....edu>,
Jaegeuk Kim <jaegeuk@...nel.org>,
Jonathan Corbet <corbet@....net>, Jens Axboe <axboe@...nel.dk>,
Ard Biesheuvel <ardb@...nel.org>,
linux-fscrypt@...r.kernel.org, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-block@...r.kernel.org
Subject: Re: [PATCH v3 2/2] fscrypt: Add SM4 XTS/CTS symmetric algorithm
support
On Fri, Nov 25, 2022 at 08:16:30PM +0800, Tianjia Zhang wrote:
> diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
> index 46757c3052ef..8e69bc0c35cd 100644
> --- a/fs/crypto/policy.c
> +++ b/fs/crypto/policy.c
> @@ -71,6 +71,10 @@ static bool fscrypt_valid_enc_modes_v1(u32 contents_mode, u32 filenames_mode)
> filenames_mode == FSCRYPT_MODE_AES_128_CTS)
> return true;
>
> + if (contents_mode == FSCRYPT_MODE_SM4_XTS &&
> + filenames_mode == FSCRYPT_MODE_SM4_CTS)
> + return true;
> +
> if (contents_mode == FSCRYPT_MODE_ADIANTUM &&
> filenames_mode == FSCRYPT_MODE_ADIANTUM)
> return true;
Sorry, one more thing I didn't notice before. Since this is a new feature,
please only allow it in fscrypt_valid_enc_modes_v2(), not in
fscrypt_valid_enc_modes_v1(). That's what we did for AES-256-XTS +
AES-256-HCTR2 recently. There should be no need to add new features to
v1 encryption policies, which have been deprecated for several years.
- Eric
Powered by blists - more mailing lists