Message ID | 20190812175635.34186-4-ebiggers@kernel.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | xfsprogs: support fscrypt API additions in xfs_io | expand |
On Mon, Aug 12, 2019 at 10:56:29AM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@google.com> > > Add new encryption modes: AES-128-CBC and AES-128-CTS (supported since > Linux v4.11), and Adiantum (supported since Linux v5.0). > > Signed-off-by: Eric Biggers <ebiggers@google.com> > --- > io/encrypt.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/io/encrypt.c b/io/encrypt.c > index ac473ed7..11eb4a3e 100644 > --- a/io/encrypt.c > +++ b/io/encrypt.c > @@ -156,7 +156,7 @@ set_encpolicy_help(void) > " -v VERSION -- version of policy structure\n" > "\n" > " MODE can be numeric or one of the following predefined values:\n" > -" AES-256-XTS, AES-256-CTS\n" > +" AES-256-XTS, AES-256-CTS, AES-128-CBC, AES-128-CTS, Adiantum\n" What do you think of generating the list of predefined values from the available_modes[] array? Then you wouldn't have to keep the help text in sync with the C definitions, since it's not like there's a meaningful translation for them anyway. --D > " FLAGS and VERSION must be numeric.\n" > "\n" > " Note that it's only possible to set an encryption policy on an empty\n" > @@ -170,6 +170,9 @@ static const struct { > } available_modes[] = { > {FSCRYPT_MODE_AES_256_XTS, "AES-256-XTS"}, > {FSCRYPT_MODE_AES_256_CTS, "AES-256-CTS"}, > + {FSCRYPT_MODE_AES_128_CBC, "AES-128-CBC"}, > + {FSCRYPT_MODE_AES_128_CTS, "AES-128-CTS"}, > + {FSCRYPT_MODE_ADIANTUM, "Adiantum"}, > }; > > static bool > -- > 2.23.0.rc1.153.gdeed80330f-goog >
On Tue, Sep 24, 2019 at 03:47:44PM -0700, Darrick J. Wong wrote: > On Mon, Aug 12, 2019 at 10:56:29AM -0700, Eric Biggers wrote: > > From: Eric Biggers <ebiggers@google.com> > > > > Add new encryption modes: AES-128-CBC and AES-128-CTS (supported since > > Linux v4.11), and Adiantum (supported since Linux v5.0). > > > > Signed-off-by: Eric Biggers <ebiggers@google.com> > > --- > > io/encrypt.c | 5 ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git a/io/encrypt.c b/io/encrypt.c > > index ac473ed7..11eb4a3e 100644 > > --- a/io/encrypt.c > > +++ b/io/encrypt.c > > @@ -156,7 +156,7 @@ set_encpolicy_help(void) > > " -v VERSION -- version of policy structure\n" > > "\n" > > " MODE can be numeric or one of the following predefined values:\n" > > -" AES-256-XTS, AES-256-CTS\n" > > +" AES-256-XTS, AES-256-CTS, AES-128-CBC, AES-128-CTS, Adiantum\n" > > What do you think of generating the list of predefined values from > the available_modes[] array? Then you wouldn't have to keep the help > text in sync with the C definitions, since it's not like there's a > meaningful translation for them anyway. > Yes, good idea. I'll do that. - Eric
diff --git a/io/encrypt.c b/io/encrypt.c index ac473ed7..11eb4a3e 100644 --- a/io/encrypt.c +++ b/io/encrypt.c @@ -156,7 +156,7 @@ set_encpolicy_help(void) " -v VERSION -- version of policy structure\n" "\n" " MODE can be numeric or one of the following predefined values:\n" -" AES-256-XTS, AES-256-CTS\n" +" AES-256-XTS, AES-256-CTS, AES-128-CBC, AES-128-CTS, Adiantum\n" " FLAGS and VERSION must be numeric.\n" "\n" " Note that it's only possible to set an encryption policy on an empty\n" @@ -170,6 +170,9 @@ static const struct { } available_modes[] = { {FSCRYPT_MODE_AES_256_XTS, "AES-256-XTS"}, {FSCRYPT_MODE_AES_256_CTS, "AES-256-CTS"}, + {FSCRYPT_MODE_AES_128_CBC, "AES-128-CBC"}, + {FSCRYPT_MODE_AES_128_CTS, "AES-128-CTS"}, + {FSCRYPT_MODE_ADIANTUM, "Adiantum"}, }; static bool