Hi Eric,
On 11/26/22 2:24 AM, Eric Biggers wrote:
On Fri, Nov 25, 2022 at 08:16:30PM +0800, Tianjia Zhang wrote:
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index 46757c3052ef..8e69bc0c35cd 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -71,6 +71,10 @@ static bool fscrypt_valid_enc_modes_v1(u32 contents_mode, u32 filenames_mode)
filenames_mode == FSCRYPT_MODE_AES_128_CTS)
return true;
+ if (contents_mode == FSCRYPT_MODE_SM4_XTS &&
+ filenames_mode == FSCRYPT_MODE_SM4_CTS)
+ return true;
+
if (contents_mode == FSCRYPT_MODE_ADIANTUM &&
filenames_mode == FSCRYPT_MODE_ADIANTUM)
return true;
Sorry, one more thing I didn't notice before. Since this is a new feature,
please only allow it in fscrypt_valid_enc_modes_v2(), not in
fscrypt_valid_enc_modes_v1(). That's what we did for AES-256-XTS +
AES-256-HCTR2 recently. There should be no need to add new features to
v1 encryption policies, which have been deprecated for several years.
- Eric
Thanks for reminder, it makes sense to only support the new algorithm in
v2 policy, which I will do this.
BR,
Tianjia