Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt

- AES-128-CBC for contents and AES-128-CTS-CBC for filenames

- Adiantum for both contents and filenames

- AES-256-XTS for contents and AES-256-HCTR2 for filenames (v2 policies only)

- SM4-XTS for contents and SM4-CTS-CBC for filenames (v2 policies only)

If unsure, you should use the (AES-256-XTS, AES-256-CTS-CBC) pair.

POLYVAL should be enabled, e.g. CRYPTO_POLYVAL_ARM64_CE and

CRYPTO_AES_ARM64_CE_BLK for ARM64.

SM4 is a Chinese block cipher that is an alternative to AES.  It has

not seen as much security review as AES, and it only has a 128-bit key

size.  It may be useful in cases where its use is mandated.

Otherwise, it should not be used.  For SM4 support to be available, it

also needs to be enabled in the kernel crypto API.

New encryption modes can be added relatively easily, without changes

to individual filesystems.  However, authenticated encryption (AE)

modes are not currently supported because of the difficulty of dealing

		.keysize = 32,

		.ivsize = 32,

	},

	[BLK_ENCRYPTION_MODE_SM4_XTS] = {

		.name = "SM4-XTS",

		.cipher_str = "xts(sm4)",

		.keysize = 32,

		.ivsize = 16,

	},

};

/*

struct fscrypt_master_key {

	/*

	 * Back-pointer to the super_block of the filesystem to which this

	 * master key has been added.  Only valid if ->mk_active_refs > 0.

	 */

	struct super_block			*mk_sb;

	/*

	 * Link in ->mk_sb->s_master_keys->key_hashtable.

	 * Link in ->s_master_keys->key_hashtable.

	 * Only valid if ->mk_active_refs > 0.

	 */

	struct hlist_node			mk_node;

	/*

	 * Active and structural reference counts.  An active ref guarantees

	 * that the struct continues to exist, continues to be in the keyring

	 * ->mk_sb->s_master_keys, and that any embedded subkeys (e.g.

	 * ->s_master_keys, and that any embedded subkeys (e.g.

	 * ->mk_direct_keys) that have been prepared continue to exist.

	 * A structural ref only guarantees that the struct continues to exist.

	 *

void fscrypt_put_master_key(struct fscrypt_master_key *mk);

void fscrypt_put_master_key_activeref(struct fscrypt_master_key *mk);

void fscrypt_put_master_key_activeref(struct super_block *sb,

				      struct fscrypt_master_key *mk);

struct fscrypt_master_key *

fscrypt_find_master_key(struct super_block *sb,

	call_rcu(&mk->mk_rcu_head, fscrypt_free_master_key);

}

void fscrypt_put_master_key_activeref(struct fscrypt_master_key *mk)

void fscrypt_put_master_key_activeref(struct super_block *sb,

				      struct fscrypt_master_key *mk)

{

	struct super_block *sb = mk->mk_sb;

	struct fscrypt_keyring *keyring = sb->s_master_keys;

	size_t i;

	if (!refcount_dec_and_test(&mk->mk_active_refs))

	 * destroying any subkeys embedded in it.

	 */

	spin_lock(&keyring->lock);

	spin_lock(&sb->s_master_keys->lock);

	hlist_del_rcu(&mk->mk_node);

	spin_unlock(&keyring->lock);

	spin_unlock(&sb->s_master_keys->lock);

	/*

	 * ->mk_active_refs == 0 implies that ->mk_secret is not present and

			WARN_ON(refcount_read(&mk->mk_struct_refs) != 1);

			WARN_ON(!is_master_key_secret_present(&mk->mk_secret));

			wipe_master_key_secret(&mk->mk_secret);

			fscrypt_put_master_key_activeref(mk);

			fscrypt_put_master_key_activeref(sb, mk);

		}

	}

	kfree_sensitive(keyring);

	if (!mk)

		return -ENOMEM;

	mk->mk_sb = sb;

	init_rwsem(&mk->mk_sem);

	refcount_set(&mk->mk_struct_refs, 1);

	mk->mk_spec = *mk_spec;

	err = -ENOKEY;

	if (is_master_key_secret_present(&mk->mk_secret)) {

		wipe_master_key_secret(&mk->mk_secret);

		fscrypt_put_master_key_activeref(mk);

		fscrypt_put_master_key_activeref(sb, mk);

		err = 0;

	}

	inodes_remain = refcount_read(&mk->mk_active_refs) > 0;

		.security_strength = 16,

		.ivsize = 16,

	},

	[FSCRYPT_MODE_SM4_XTS] = {

		.friendly_name = "SM4-XTS",

		.cipher_str = "xts(sm4)",

		.keysize = 32,

		.security_strength = 16,

		.ivsize = 16,

		.blk_crypto_mode = BLK_ENCRYPTION_MODE_SM4_XTS,

	},

	[FSCRYPT_MODE_SM4_CTS] = {

		.friendly_name = "SM4-CTS-CBC",

		.cipher_str = "cts(cbc(sm4))",

		.keysize = 16,

		.security_strength = 16,

		.ivsize = 16,

	},

	[FSCRYPT_MODE_ADIANTUM] = {

		.friendly_name = "Adiantum",

		.cipher_str = "adiantum(xchacha12,aes)",

		spin_lock(&mk->mk_decrypted_inodes_lock);

		list_del(&ci->ci_master_key_link);

		spin_unlock(&mk->mk_decrypted_inodes_lock);

		fscrypt_put_master_key_activeref(mk);

		fscrypt_put_master_key_activeref(ci->ci_inode->i_sb, mk);

	}

	memzero_explicit(ci, sizeof(*ci));

	kmem_cache_free(fscrypt_info_cachep, ci);