From 41952551acb405080726aa38a8a7ce317d9de4bb Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 1 Dec 2022 11:14:52 -0800 Subject: fscrypt: add additional documentation for SM4 support Add a paragraph about SM4, like there is for the other modes. Signed-off-by: Eric Biggers Reviewed-by: Tianjia Zhang Link: https://lore.kernel.org/r/20221201191452.6557-1-ebiggers@kernel.org --- Documentation/filesystems/fscrypt.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'Documentation/filesystems') diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index c0784ec05553..ef183387da20 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -370,6 +370,12 @@ CONFIG_CRYPTO_HCTR2 must be enabled. Also, fast implementations of XCTR and POLYVAL should be enabled, e.g. CRYPTO_POLYVAL_ARM64_CE and CRYPTO_AES_ARM64_CE_BLK for ARM64. +SM4 is a Chinese block cipher that is an alternative to AES. It has +not seen as much security review as AES, and it only has a 128-bit key +size. It may be useful in cases where its use is mandated. +Otherwise, it should not be used. For SM4 support to be available, it +also needs to be enabled in the kernel crypto API. + New encryption modes can be added relatively easily, without changes to individual filesystems. However, authenticated encryption (AE) modes are not currently supported because of the difficulty of dealing -- cgit v1.2.3