diff mbox series

fscrypt: add additional documentation for SM4 support

Message ID 20221201191452.6557-1-ebiggers@kernel.org (mailing list archive)
State Accepted
Headers show
Series fscrypt: add additional documentation for SM4 support | expand

Commit Message

Eric Biggers Dec. 1, 2022, 7:14 p.m. UTC 
From: Eric Biggers <ebiggers@google.com>

Add a paragraph about SM4, like there is for the other modes.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 Documentation/filesystems/fscrypt.rst | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

tianjia.zhang Dec. 2, 2022, 12:08 p.m. UTC | #1 
Hi Eric,

On 12/2/22 3:14 AM, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> Add a paragraph about SM4, like there is for the other modes.
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
>   Documentation/filesystems/fscrypt.rst | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst
> index c0784ec055530..ef183387da208 100644
> --- a/Documentation/filesystems/fscrypt.rst
> +++ b/Documentation/filesystems/fscrypt.rst
> @@ -370,6 +370,12 @@ CONFIG_CRYPTO_HCTR2 must be enabled.  Also, fast implementations of XCTR and
>   POLYVAL should be enabled, e.g. CRYPTO_POLYVAL_ARM64_CE and
>   CRYPTO_AES_ARM64_CE_BLK for ARM64.
>   
> +SM4 is a Chinese block cipher that is an alternative to AES.  It has
> +not seen as much security review as AES, and it only has a 128-bit key
> +size.  It may be useful in cases where its use is mandated.
> +Otherwise, it should not be used.  For SM4 support to be available, it
> +also needs to be enabled in the kernel crypto API.
> +

Looks good to me, this description is appropriate.

Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Thanks,
Tianjia

>   New encryption modes can be added relatively easily, without changes
>   to individual filesystems.  However, authenticated encryption (AE)
>   modes are not currently supported because of the difficulty of dealing
diff mbox series

Patch

diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst
index c0784ec055530..ef183387da208 100644
--- a/Documentation/filesystems/fscrypt.rst
+++ b/Documentation/filesystems/fscrypt.rst
@@ -370,6 +370,12 @@  CONFIG_CRYPTO_HCTR2 must be enabled.  Also, fast implementations of XCTR and
 POLYVAL should be enabled, e.g. CRYPTO_POLYVAL_ARM64_CE and
 CRYPTO_AES_ARM64_CE_BLK for ARM64.
 
+SM4 is a Chinese block cipher that is an alternative to AES.  It has
+not seen as much security review as AES, and it only has a 128-bit key
+size.  It may be useful in cases where its use is mandated.
+Otherwise, it should not be used.  For SM4 support to be available, it
+also needs to be enabled in the kernel crypto API.
+
 New encryption modes can be added relatively easily, without changes
 to individual filesystems.  However, authenticated encryption (AE)
 modes are not currently supported because of the difficulty of dealing