diff mbox series

[v3,2/2] fscrypt: Add SM4 XTS/CTS symmetric algorithm support

Message ID 20221125121630.87793-3-tianjia.zhang@linux.alibaba.com (mailing list archive)
State Superseded
Headers show
Series Add SM4 XTS symmetric algorithm for blk-crypto and fscrypt | expand

Commit Message

tianjia.zhang Nov. 25, 2022, 12:16 p.m. UTC 
SM4 is a symmetric algorithm widely used in China, and is even mandatory
in many scenarios. We need to provide these users with the ability to
encrypt files or disks using SM4-XTS, and many other algorithms that use
SM2/3/4 algorithms or their combined algorithm scenarios, these features
are demanded by many users, this patch enables to use SM4-XTS mode to
encrypt file content, and use SM4-CBC-CTS to encrypt filename.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
---
 Documentation/filesystems/fscrypt.rst |  1 +
 fs/crypto/keysetup.c                  | 15 +++++++++++++++
 fs/crypto/policy.c                    |  4 ++++
 include/uapi/linux/fscrypt.h          |  2 ++
 4 files changed, 22 insertions(+)

Comments

Eric Biggers Nov. 25, 2022, 6:24 p.m. UTC | #1 
On Fri, Nov 25, 2022 at 08:16:30PM +0800, Tianjia Zhang wrote:
> diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
> index 46757c3052ef..8e69bc0c35cd 100644
> --- a/fs/crypto/policy.c
> +++ b/fs/crypto/policy.c
> @@ -71,6 +71,10 @@ static bool fscrypt_valid_enc_modes_v1(u32 contents_mode, u32 filenames_mode)
>  	    filenames_mode == FSCRYPT_MODE_AES_128_CTS)
>  		return true;
>  
> +	if (contents_mode == FSCRYPT_MODE_SM4_XTS &&
> +	    filenames_mode == FSCRYPT_MODE_SM4_CTS)
> +		return true;
> +
>  	if (contents_mode == FSCRYPT_MODE_ADIANTUM &&
>  	    filenames_mode == FSCRYPT_MODE_ADIANTUM)
>  		return true;

Sorry, one more thing I didn't notice before.  Since this is a new feature,
please only allow it in fscrypt_valid_enc_modes_v2(), not in
fscrypt_valid_enc_modes_v1().  That's what we did for AES-256-XTS +
AES-256-HCTR2 recently.  There should be no need to add new features to
v1 encryption policies, which have been deprecated for several years.

- Eric
tianjia.zhang Nov. 28, 2022, 7:35 a.m. UTC | #2 
Hi Eric,

On 11/26/22 2:24 AM, Eric Biggers wrote:
> On Fri, Nov 25, 2022 at 08:16:30PM +0800, Tianjia Zhang wrote:
>> diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
>> index 46757c3052ef..8e69bc0c35cd 100644
>> --- a/fs/crypto/policy.c
>> +++ b/fs/crypto/policy.c
>> @@ -71,6 +71,10 @@ static bool fscrypt_valid_enc_modes_v1(u32 contents_mode, u32 filenames_mode)
>>   	    filenames_mode == FSCRYPT_MODE_AES_128_CTS)
>>   		return true;
>>   
>> +	if (contents_mode == FSCRYPT_MODE_SM4_XTS &&
>> +	    filenames_mode == FSCRYPT_MODE_SM4_CTS)
>> +		return true;
>> +
>>   	if (contents_mode == FSCRYPT_MODE_ADIANTUM &&
>>   	    filenames_mode == FSCRYPT_MODE_ADIANTUM)
>>   		return true;
> 
> Sorry, one more thing I didn't notice before.  Since this is a new feature,
> please only allow it in fscrypt_valid_enc_modes_v2(), not in
> fscrypt_valid_enc_modes_v1().  That's what we did for AES-256-XTS +
> AES-256-HCTR2 recently.  There should be no need to add new features to
> v1 encryption policies, which have been deprecated for several years.
> 
> - Eric

Thanks for reminder, it makes sense to only support the new algorithm in
v2 policy, which I will do this.

BR,
Tianjia
Bagas Sanjaya Nov. 28, 2022, 1:33 p.m. UTC | #3 
On 11/25/22 19:16, Tianjia Zhang wrote:
> SM4 is a symmetric algorithm widely used in China, and is even mandatory
> in many scenarios. We need to provide these users with the ability to
> encrypt files or disks using SM4-XTS, and many other algorithms that use
> SM2/3/4 algorithms or their combined algorithm scenarios, these features
> are demanded by many users, this patch enables to use SM4-XTS mode to
> encrypt file content, and use SM4-CBC-CTS to encrypt filename.
> 

Similar reply as [1]. That is, better say:

```
Add support for XTS and CTS mode variant of SM4 algorithm, in similar
fashion to SM2 and SM3. The former is used to encrypt file contents, while
the latter (SM4-CBC-CTS) is used to encrypt filenames. 
```

Thanks.

[1]: https://lore.kernel.org/linux-doc/42624542-6ccb-26a5-db98-d7944972246e@gmail.com/
tianjia.zhang Dec. 1, 2022, 12:45 p.m. UTC | #4 
Hi Bagas,

On 11/28/22 9:33 PM, Bagas Sanjaya wrote:
> On 11/25/22 19:16, Tianjia Zhang wrote:
>> SM4 is a symmetric algorithm widely used in China, and is even mandatory
>> in many scenarios. We need to provide these users with the ability to
>> encrypt files or disks using SM4-XTS, and many other algorithms that use
>> SM2/3/4 algorithms or their combined algorithm scenarios, these features
>> are demanded by many users, this patch enables to use SM4-XTS mode to
>> encrypt file content, and use SM4-CBC-CTS to encrypt filename.
>>
> 
> Similar reply as [1]. That is, better say:
> 
> ```
> Add support for XTS and CTS mode variant of SM4 algorithm, in similar
> fashion to SM2 and SM3. The former is used to encrypt file contents, while
> the latter (SM4-CBC-CTS) is used to encrypt filenames.
> ```
> 
> Thanks.
> 
> [1]: https://lore.kernel.org/linux-doc/42624542-6ccb-26a5-db98-d7944972246e@gmail.com/
> 

Thanks for your reply, it is very valuable for me, I will update it in
the next patch.

Cheers,
Tianjia
diff mbox series

Patch

diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst
index 5ba5817c17c2..af27e7b2c74f 100644
--- a/Documentation/filesystems/fscrypt.rst
+++ b/Documentation/filesystems/fscrypt.rst
@@ -336,6 +336,7 @@  Currently, the following pairs of encryption modes are supported:
 
 - AES-256-XTS for contents and AES-256-CTS-CBC for filenames
 - AES-128-CBC for contents and AES-128-CTS-CBC for filenames
+- SM4-XTS for contents and SM4-CTS-CBC for filenames
 - Adiantum for both contents and filenames
 - AES-256-XTS for contents and AES-256-HCTR2 for filenames (v2 policies only)
 
diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c
index f7407071a952..24e55c95abc3 100644
--- a/fs/crypto/keysetup.c
+++ b/fs/crypto/keysetup.c
@@ -44,6 +44,21 @@  struct fscrypt_mode fscrypt_modes[] = {
 		.security_strength = 16,
 		.ivsize = 16,
 	},
+	[FSCRYPT_MODE_SM4_XTS] = {
+		.friendly_name = "SM4-XTS",
+		.cipher_str = "xts(sm4)",
+		.keysize = 32,
+		.security_strength = 16,
+		.ivsize = 16,
+		.blk_crypto_mode = BLK_ENCRYPTION_MODE_SM4_XTS,
+	},
+	[FSCRYPT_MODE_SM4_CTS] = {
+		.friendly_name = "SM4-CTS",
+		.cipher_str = "cts(cbc(sm4))",
+		.keysize = 16,
+		.security_strength = 16,
+		.ivsize = 16,
+	},
 	[FSCRYPT_MODE_ADIANTUM] = {
 		.friendly_name = "Adiantum",
 		.cipher_str = "adiantum(xchacha12,aes)",
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index 46757c3052ef..8e69bc0c35cd 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -71,6 +71,10 @@  static bool fscrypt_valid_enc_modes_v1(u32 contents_mode, u32 filenames_mode)
 	    filenames_mode == FSCRYPT_MODE_AES_128_CTS)
 		return true;
 
+	if (contents_mode == FSCRYPT_MODE_SM4_XTS &&
+	    filenames_mode == FSCRYPT_MODE_SM4_CTS)
+		return true;
+
 	if (contents_mode == FSCRYPT_MODE_ADIANTUM &&
 	    filenames_mode == FSCRYPT_MODE_ADIANTUM)
 		return true;
diff --git a/include/uapi/linux/fscrypt.h b/include/uapi/linux/fscrypt.h
index a756b29afcc2..47dbd1994bfe 100644
--- a/include/uapi/linux/fscrypt.h
+++ b/include/uapi/linux/fscrypt.h
@@ -26,6 +26,8 @@ 
 #define FSCRYPT_MODE_AES_256_CTS		4
 #define FSCRYPT_MODE_AES_128_CBC		5
 #define FSCRYPT_MODE_AES_128_CTS		6
+#define FSCRYPT_MODE_SM4_XTS			7
+#define FSCRYPT_MODE_SM4_CTS			8
 #define FSCRYPT_MODE_ADIANTUM			9
 #define FSCRYPT_MODE_AES_256_HCTR2		10
 /* If adding a mode number > 10, update FSCRYPT_MODE_MAX in fscrypt_private.h */