Hi Eric, On 11/26/22 2:24 AM, Eric Biggers wrote:
On Fri, Nov 25, 2022 at 08:16:30PM +0800, Tianjia Zhang wrote:diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index 46757c3052ef..8e69bc0c35cd 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -71,6 +71,10 @@ static bool fscrypt_valid_enc_modes_v1(u32 contents_mode, u32 filenames_mode) filenames_mode == FSCRYPT_MODE_AES_128_CTS) return true;+ if (contents_mode == FSCRYPT_MODE_SM4_XTS &&+ filenames_mode == FSCRYPT_MODE_SM4_CTS) + return true; + if (contents_mode == FSCRYPT_MODE_ADIANTUM && filenames_mode == FSCRYPT_MODE_ADIANTUM) return true;Sorry, one more thing I didn't notice before. Since this is a new feature, please only allow it in fscrypt_valid_enc_modes_v2(), not in fscrypt_valid_enc_modes_v1(). That's what we did for AES-256-XTS + AES-256-HCTR2 recently. There should be no need to add new features to v1 encryption policies, which have been deprecated for several years. - Eric
Thanks for reminder, it makes sense to only support the new algorithm in v2 policy, which I will do this. BR, Tianjia
|