Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp14388297rwb; Sun, 27 Nov 2022 23:40:10 -0800 (PST) X-Google-Smtp-Source: AA0mqf7Uv5xQlbD9oAS5rTH5vQFssfR8P1yJbeZdlfiuDOOfMIBEn5YM/WgOkUq+OdnrDIVcBfqK X-Received: by 2002:aa7:d2d5:0:b0:469:9951:ac3a with SMTP id k21-20020aa7d2d5000000b004699951ac3amr31543373edr.339.1669621210545; Sun, 27 Nov 2022 23:40:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669621210; cv=none; d=google.com; s=arc-20160816; b=wQ3fC2pHCFF6LewBwUdyRIZ5GK2zEe1yabhU3k35EHuw/Nih9Oi81N9S1v7CJYWDxh zLUKqarBUCNTbmK0PBNRxhMgov63Ux91dB463PwiutMEbkPwAiEpHjxY2imxs9TRXVp2 Px/+HDNwkwfxQiZTsnORqDPSSPh9AhQvveh/PEjDT9E/xPFsxyIv5B/6LXdfK4/Lrt4M yrt6dCW6JeyE+7VMQs4wciOsbwy9pzv8Ff3e5GfNd0vzmfm2kFFwPfsMEbvJLziKIPjt 4AB6c8w/YRmcXCLU/nAMGf2K6ePgmyxw12wiLe58JwTy0qmPtkyFXiElLkSQbdWZhJSG Diig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=lF3xNUp+1KXyLBI9/xEEon5ZILJgI9nPqR7KxGN+QV0=; b=KY8mDbUt3Ro1/CTF+jsp47yCeBFtaXfKjxm6bmVsnsVN1FZ9tz9P+WBYBkYbbjaozu 0IlT8XbNsEKucAvtZfmlvSXFpbaJ+tIe2r41L9tesmtRtlNGikRtjKjUV1xVujBK2G1b bUVFwwVJCvg2p/QDu/+GX9Yh7C2dI1Bge0mqJ/mpm6wbO1i+tt+dHjH5yhj/JIOoNKyu nQBGTY25tAGq4dmg7XPmdksNr0yE4eN72KuBKP6Y4vV8/YnIvlqjdF4D5mJ7uB7pWg9q p6IaKjlWLQBdN4Xe58oD17Yx+2fgfsCvOnkp3cd7mg9/WHbi0Ze7u1Xoe01VXznqdkgh 9L1Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w14-20020a056402268e00b00461a144e981si10836689edd.356.2022.11.27.23.39.50; Sun, 27 Nov 2022 23:40:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229896AbiK1Hfq (ORCPT + 83 others); Mon, 28 Nov 2022 02:35:46 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40798 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229713AbiK1Hfp (ORCPT ); Mon, 28 Nov 2022 02:35:45 -0500 Received: from out30-57.freemail.mail.aliyun.com (out30-57.freemail.mail.aliyun.com [115.124.30.57]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DEC4B12AAF; Sun, 27 Nov 2022 23:35:43 -0800 (PST) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R151e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018045176;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=10;SR=0;TI=SMTPD_---0VVpnSmS_1669620938; Received: from 30.27.90.133(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0VVpnSmS_1669620938) by smtp.aliyun-inc.com; Mon, 28 Nov 2022 15:35:39 +0800 Message-ID: Date: Mon, 28 Nov 2022 15:35:37 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.13.1 Subject: Re: [PATCH v3 2/2] fscrypt: Add SM4 XTS/CTS symmetric algorithm support Content-Language: en-US To: Eric Biggers Cc: "Theodore Y. Ts o" , Jaegeuk Kim , Jonathan Corbet , Jens Axboe , Ard Biesheuvel , linux-fscrypt@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org References: <20221125121630.87793-1-tianjia.zhang@linux.alibaba.com> <20221125121630.87793-3-tianjia.zhang@linux.alibaba.com> From: Tianjia Zhang In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-10.2 required=5.0 tests=BAYES_00, ENV_AND_HDR_SPF_MATCH,NICE_REPLY_A,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY, USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Eric, On 11/26/22 2:24 AM, Eric Biggers wrote: > On Fri, Nov 25, 2022 at 08:16:30PM +0800, Tianjia Zhang wrote: >> diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c >> index 46757c3052ef..8e69bc0c35cd 100644 >> --- a/fs/crypto/policy.c >> +++ b/fs/crypto/policy.c >> @@ -71,6 +71,10 @@ static bool fscrypt_valid_enc_modes_v1(u32 contents_mode, u32 filenames_mode) >> filenames_mode == FSCRYPT_MODE_AES_128_CTS) >> return true; >> >> + if (contents_mode == FSCRYPT_MODE_SM4_XTS && >> + filenames_mode == FSCRYPT_MODE_SM4_CTS) >> + return true; >> + >> if (contents_mode == FSCRYPT_MODE_ADIANTUM && >> filenames_mode == FSCRYPT_MODE_ADIANTUM) >> return true; > > Sorry, one more thing I didn't notice before. Since this is a new feature, > please only allow it in fscrypt_valid_enc_modes_v2(), not in > fscrypt_valid_enc_modes_v1(). That's what we did for AES-256-XTS + > AES-256-HCTR2 recently. There should be no need to add new features to > v1 encryption policies, which have been deprecated for several years. > > - Eric Thanks for reminder, it makes sense to only support the new algorithm in v2 policy, which I will do this. BR, Tianjia