* [PATCH v4 0/2] Add SM4 XTS symmetric algorithm for blk-crypto and fscrypt
@ 2022-12-01 12:58 Tianjia Zhang
2022-12-01 12:58 ` [PATCH v4 1/2] blk-crypto: Add support for SM4-XTS blk crypto mode Tianjia Zhang
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Tianjia Zhang @ 2022-12-01 12:58 UTC (permalink / raw)
To: Eric Biggers, Theodore Y. Ts o, Jaegeuk Kim, Jonathan Corbet,
Jens Axboe, Ard Biesheuvel, Bagas Sanjaya, linux-fscrypt,
linux-doc, linux-kernel, linux-block
Cc: Tianjia Zhang
SM4 is widely used in China's data encryption software and hardware.
these algoritms are mandatory in many scenarios. This serial of
patches enables the SM4-XTS algorithm in blk-crypto and enables the
SM4-XTS/CTS algorithm in fscrypt to encrypt file content and filename.
v4 changes:
- only allow the SM4 XTS/CTS algorithm in policy v2 for fscrypt
- update git commit message
v3 change:
- update git commit message
v2 change:
- As Eric said, the new FSCRYPT_MODE is defined for the unused numbers 7 and 8
Tianjia Zhang (2):
blk-crypto: Add support for SM4-XTS blk crypto mode
fscrypt: Add SM4 XTS/CTS symmetric algorithm support
Documentation/filesystems/fscrypt.rst | 1 +
block/blk-crypto.c | 6 ++++++
fs/crypto/keysetup.c | 15 +++++++++++++++
fs/crypto/policy.c | 5 +++++
include/linux/blk-crypto.h | 1 +
include/uapi/linux/fscrypt.h | 2 ++
6 files changed, 30 insertions(+)
--
2.24.3 (Apple Git-128)
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v4 1/2] blk-crypto: Add support for SM4-XTS blk crypto mode
2022-12-01 12:58 [PATCH v4 0/2] Add SM4 XTS symmetric algorithm for blk-crypto and fscrypt Tianjia Zhang
@ 2022-12-01 12:58 ` Tianjia Zhang
2022-12-01 12:58 ` [PATCH v4 2/2] fscrypt: Add SM4 XTS/CTS symmetric algorithm support Tianjia Zhang
2022-12-01 19:29 ` [PATCH v4 0/2] Add SM4 XTS symmetric algorithm for blk-crypto and fscrypt Eric Biggers
2 siblings, 0 replies; 5+ messages in thread
From: Tianjia Zhang @ 2022-12-01 12:58 UTC (permalink / raw)
To: Eric Biggers, Theodore Y. Ts o, Jaegeuk Kim, Jonathan Corbet,
Jens Axboe, Ard Biesheuvel, Bagas Sanjaya, linux-fscrypt,
linux-doc, linux-kernel, linux-block
Cc: Tianjia Zhang
SM4 is a symmetric cipher algorithm widely used in China. The SM4-XTS
variant is used to encrypt length-preserving data. This is the
mandatory algorithm in some special scenarios.
Enable the algorithm in block inline encryption, this is needed for the
inlinecrypt mount option to be supported via blk-crypto-fallback, as it
is for the other fscrypt modes.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
---
block/blk-crypto.c | 6 ++++++
include/linux/blk-crypto.h | 1 +
2 files changed, 7 insertions(+)
diff --git a/block/blk-crypto.c b/block/blk-crypto.c
index a496aaef85ba..e44709fc6a08 100644
--- a/block/blk-crypto.c
+++ b/block/blk-crypto.c
@@ -36,6 +36,12 @@ const struct blk_crypto_mode blk_crypto_modes[] = {
.keysize = 32,
.ivsize = 32,
},
+ [BLK_ENCRYPTION_MODE_SM4_XTS] = {
+ .name = "SM4-XTS",
+ .cipher_str = "xts(sm4)",
+ .keysize = 32,
+ .ivsize = 16,
+ },
};
/*
diff --git a/include/linux/blk-crypto.h b/include/linux/blk-crypto.h
index 69b24fe92cbf..26b1b71c3091 100644
--- a/include/linux/blk-crypto.h
+++ b/include/linux/blk-crypto.h
@@ -13,6 +13,7 @@ enum blk_crypto_mode_num {
BLK_ENCRYPTION_MODE_AES_256_XTS,
BLK_ENCRYPTION_MODE_AES_128_CBC_ESSIV,
BLK_ENCRYPTION_MODE_ADIANTUM,
+ BLK_ENCRYPTION_MODE_SM4_XTS,
BLK_ENCRYPTION_MODE_MAX,
};
--
2.24.3 (Apple Git-128)
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v4 2/2] fscrypt: Add SM4 XTS/CTS symmetric algorithm support
2022-12-01 12:58 [PATCH v4 0/2] Add SM4 XTS symmetric algorithm for blk-crypto and fscrypt Tianjia Zhang
2022-12-01 12:58 ` [PATCH v4 1/2] blk-crypto: Add support for SM4-XTS blk crypto mode Tianjia Zhang
@ 2022-12-01 12:58 ` Tianjia Zhang
2022-12-01 19:29 ` [PATCH v4 0/2] Add SM4 XTS symmetric algorithm for blk-crypto and fscrypt Eric Biggers
2 siblings, 0 replies; 5+ messages in thread
From: Tianjia Zhang @ 2022-12-01 12:58 UTC (permalink / raw)
To: Eric Biggers, Theodore Y. Ts o, Jaegeuk Kim, Jonathan Corbet,
Jens Axboe, Ard Biesheuvel, Bagas Sanjaya, linux-fscrypt,
linux-doc, linux-kernel, linux-block
Cc: Tianjia Zhang
Add support for XTS and CTS mode variant of SM4 algorithm, in similar
fashion to SM2 and SM3. The former is used to encrypt file contents,
while the latter (SM4-CBC-CTS) is used to encrypt filenames.
SM4 is a symmetric algorithm widely used in China, and is even mandatory
algorithm in some special scenarios. We need to provide these users with
the ability to encrypt files or disks using SM4-XTS.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
---
Documentation/filesystems/fscrypt.rst | 1 +
fs/crypto/keysetup.c | 15 +++++++++++++++
fs/crypto/policy.c | 5 +++++
include/uapi/linux/fscrypt.h | 2 ++
4 files changed, 23 insertions(+)
diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst
index 5ba5817c17c2..c0784ec05553 100644
--- a/Documentation/filesystems/fscrypt.rst
+++ b/Documentation/filesystems/fscrypt.rst
@@ -338,6 +338,7 @@ Currently, the following pairs of encryption modes are supported:
- AES-128-CBC for contents and AES-128-CTS-CBC for filenames
- Adiantum for both contents and filenames
- AES-256-XTS for contents and AES-256-HCTR2 for filenames (v2 policies only)
+- SM4-XTS for contents and SM4-CTS-CBC for filenames (v2 policies only)
If unsure, you should use the (AES-256-XTS, AES-256-CTS-CBC) pair.
diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c
index f7407071a952..24e55c95abc3 100644
--- a/fs/crypto/keysetup.c
+++ b/fs/crypto/keysetup.c
@@ -44,6 +44,21 @@ struct fscrypt_mode fscrypt_modes[] = {
.security_strength = 16,
.ivsize = 16,
},
+ [FSCRYPT_MODE_SM4_XTS] = {
+ .friendly_name = "SM4-XTS",
+ .cipher_str = "xts(sm4)",
+ .keysize = 32,
+ .security_strength = 16,
+ .ivsize = 16,
+ .blk_crypto_mode = BLK_ENCRYPTION_MODE_SM4_XTS,
+ },
+ [FSCRYPT_MODE_SM4_CTS] = {
+ .friendly_name = "SM4-CTS",
+ .cipher_str = "cts(cbc(sm4))",
+ .keysize = 16,
+ .security_strength = 16,
+ .ivsize = 16,
+ },
[FSCRYPT_MODE_ADIANTUM] = {
.friendly_name = "Adiantum",
.cipher_str = "adiantum(xchacha12,aes)",
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index 46757c3052ef..ec19066128e5 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -83,6 +83,11 @@ static bool fscrypt_valid_enc_modes_v2(u32 contents_mode, u32 filenames_mode)
if (contents_mode == FSCRYPT_MODE_AES_256_XTS &&
filenames_mode == FSCRYPT_MODE_AES_256_HCTR2)
return true;
+
+ if (contents_mode == FSCRYPT_MODE_SM4_XTS &&
+ filenames_mode == FSCRYPT_MODE_SM4_CTS)
+ return true;
+
return fscrypt_valid_enc_modes_v1(contents_mode, filenames_mode);
}
diff --git a/include/uapi/linux/fscrypt.h b/include/uapi/linux/fscrypt.h
index a756b29afcc2..47dbd1994bfe 100644
--- a/include/uapi/linux/fscrypt.h
+++ b/include/uapi/linux/fscrypt.h
@@ -26,6 +26,8 @@
#define FSCRYPT_MODE_AES_256_CTS 4
#define FSCRYPT_MODE_AES_128_CBC 5
#define FSCRYPT_MODE_AES_128_CTS 6
+#define FSCRYPT_MODE_SM4_XTS 7
+#define FSCRYPT_MODE_SM4_CTS 8
#define FSCRYPT_MODE_ADIANTUM 9
#define FSCRYPT_MODE_AES_256_HCTR2 10
/* If adding a mode number > 10, update FSCRYPT_MODE_MAX in fscrypt_private.h */
--
2.24.3 (Apple Git-128)
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v4 0/2] Add SM4 XTS symmetric algorithm for blk-crypto and fscrypt
2022-12-01 12:58 [PATCH v4 0/2] Add SM4 XTS symmetric algorithm for blk-crypto and fscrypt Tianjia Zhang
2022-12-01 12:58 ` [PATCH v4 1/2] blk-crypto: Add support for SM4-XTS blk crypto mode Tianjia Zhang
2022-12-01 12:58 ` [PATCH v4 2/2] fscrypt: Add SM4 XTS/CTS symmetric algorithm support Tianjia Zhang
@ 2022-12-01 19:29 ` Eric Biggers
2022-12-02 12:01 ` Tianjia Zhang
2 siblings, 1 reply; 5+ messages in thread
From: Eric Biggers @ 2022-12-01 19:29 UTC (permalink / raw)
To: Tianjia Zhang
Cc: Theodore Y. Ts o, Jaegeuk Kim, Jonathan Corbet, Jens Axboe,
Ard Biesheuvel, Bagas Sanjaya, linux-fscrypt, linux-doc,
linux-kernel, linux-block
On Thu, Dec 01, 2022 at 08:58:17PM +0800, Tianjia Zhang wrote:
> SM4 is widely used in China's data encryption software and hardware.
> these algoritms are mandatory in many scenarios. This serial of
> patches enables the SM4-XTS algorithm in blk-crypto and enables the
> SM4-XTS/CTS algorithm in fscrypt to encrypt file content and filename.
>
> v4 changes:
> - only allow the SM4 XTS/CTS algorithm in policy v2 for fscrypt
> - update git commit message
>
> v3 change:
> - update git commit message
>
> v2 change:
> - As Eric said, the new FSCRYPT_MODE is defined for the unused numbers 7 and 8
>
> Tianjia Zhang (2):
> blk-crypto: Add support for SM4-XTS blk crypto mode
> fscrypt: Add SM4 XTS/CTS symmetric algorithm support
>
> Documentation/filesystems/fscrypt.rst | 1 +
> block/blk-crypto.c | 6 ++++++
> fs/crypto/keysetup.c | 15 +++++++++++++++
> fs/crypto/policy.c | 5 +++++
> include/linux/blk-crypto.h | 1 +
> include/uapi/linux/fscrypt.h | 2 ++
> 6 files changed, 30 insertions(+)
Applied. I don't think anyone should actually use this, but with the SM*
algorithms turning up everywhere these days, and people seemingly being totally
okay with that for some reason, I don't think it's fair for me to reject this.
- Eric
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v4 0/2] Add SM4 XTS symmetric algorithm for blk-crypto and fscrypt
2022-12-01 19:29 ` [PATCH v4 0/2] Add SM4 XTS symmetric algorithm for blk-crypto and fscrypt Eric Biggers
@ 2022-12-02 12:01 ` Tianjia Zhang
0 siblings, 0 replies; 5+ messages in thread
From: Tianjia Zhang @ 2022-12-02 12:01 UTC (permalink / raw)
To: Eric Biggers
Cc: Theodore Y. Ts o, Jaegeuk Kim, Jonathan Corbet, Jens Axboe,
Ard Biesheuvel, Bagas Sanjaya, linux-fscrypt, linux-doc,
linux-kernel, linux-block
Hi Eric,
On 12/2/22 3:29 AM, Eric Biggers wrote:
> On Thu, Dec 01, 2022 at 08:58:17PM +0800, Tianjia Zhang wrote:
>> SM4 is widely used in China's data encryption software and hardware.
>> these algoritms are mandatory in many scenarios. This serial of
>> patches enables the SM4-XTS algorithm in blk-crypto and enables the
>> SM4-XTS/CTS algorithm in fscrypt to encrypt file content and filename.
>>
>> v4 changes:
>> - only allow the SM4 XTS/CTS algorithm in policy v2 for fscrypt
>> - update git commit message
>>
>> v3 change:
>> - update git commit message
>>
>> v2 change:
>> - As Eric said, the new FSCRYPT_MODE is defined for the unused numbers 7 and 8
>>
>> Tianjia Zhang (2):
>> blk-crypto: Add support for SM4-XTS blk crypto mode
>> fscrypt: Add SM4 XTS/CTS symmetric algorithm support
>>
>> Documentation/filesystems/fscrypt.rst | 1 +
>> block/blk-crypto.c | 6 ++++++
>> fs/crypto/keysetup.c | 15 +++++++++++++++
>> fs/crypto/policy.c | 5 +++++
>> include/linux/blk-crypto.h | 1 +
>> include/uapi/linux/fscrypt.h | 2 ++
>> 6 files changed, 30 insertions(+)
>
> Applied. I don't think anyone should actually use this, but with the SM*
> algorithms turning up everywhere these days, and people seemingly being totally
> okay with that for some reason, I don't think it's fair for me to reject this.
>
> - Eric
Thanks, this is really frustrating, still very grateful for your advice
and review.
Best regards,
Tianjia
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-12-02 12:02 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-01 12:58 [PATCH v4 0/2] Add SM4 XTS symmetric algorithm for blk-crypto and fscrypt Tianjia Zhang
2022-12-01 12:58 ` [PATCH v4 1/2] blk-crypto: Add support for SM4-XTS blk crypto mode Tianjia Zhang
2022-12-01 12:58 ` [PATCH v4 2/2] fscrypt: Add SM4 XTS/CTS symmetric algorithm support Tianjia Zhang
2022-12-01 19:29 ` [PATCH v4 0/2] Add SM4 XTS symmetric algorithm for blk-crypto and fscrypt Eric Biggers
2022-12-02 12:01 ` Tianjia Zhang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.