The Linux Kernel Mailing List
 help / color / mirror / Atom feed
From: Eric Biggers <ebiggers@kernel.org>
To: Milan Broz <gmazyland@gmail.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-hardening@vger.kernel.org
Subject: Re: [PATCH] crypto: af_alg - Allow additional ciphers for cryptsetup
Date: Tue, 7 Jul 2026 18:43:13 -0700	[thread overview]
Message-ID: <20260708014313.GA1949@quark> (raw)
In-Reply-To: <20260706202445.GA283366@quark>

On Mon, Jul 06, 2026 at 01:24:45PM -0700, Eric Biggers wrote:
> On Mon, Jul 06, 2026 at 08:20:10PM +0200, Milan Broz wrote:
> > On 7/5/26 8:44 PM, Eric Biggers wrote:
> > > Add "xts(camellia)", "xts(serpent)", and "xts(twofish)" to the allowlist
> > > for af_alg_restrict=1.  These niche AES alternatives have continued to
> > > see rare but persistent use via cryptsetup, which has historically
> > > relied on the AF_ALG support for these ciphers in XTS mode for
> > > performing the keyslot encryption.  (cryptsetup v2.8.7 and later fall
> > > back to a temporary dm-crypt mapping, but that requires root.)
> > > 
> > > Signed-off-by: Eric Biggers <ebiggers@kernel.org>
> > > ---
> > >   crypto/algif_skcipher.c | 3 +++
> > >   1 file changed, 3 insertions(+)
> > > 
> > > diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
> > > index 2b8069667974..49ae779b3b6b 100644
> > > --- a/crypto/algif_skcipher.c
> > > +++ b/crypto/algif_skcipher.c
> > > @@ -45,6 +45,9 @@ static const struct af_alg_allowlist_entry skcipher_allowlist[] = {
> > >   	{ "ecb(des)", true }, /* iwd */
> > >   	{ "hctr2(aes)", false }, /* cryptsetup */
> > >   	{ "xts(aes)", false }, /* cryptsetup benchmark */
> > > +	{ "xts(camellia)", false }, /* cryptsetup */
> > > +	{ "xts(serpent)", false }, /* cryptsetup */
> > > +	{ "xts(twofish)", false }, /* cryptsetup */
> > >   	{},
> > 
> > Well, if we are going this way, I would also add Aria and SM4
> > (currently usable only in cryptsetup main branch).
> 
> I'm adding these three because they seem to have a history of occasional
> use, as can be seen by web search results including their mentions in
> various forums, documentation, etc.  So I worry about breaking users of
> them who upgrade their kernel and still have cryptsetup < 2.8.7.
> 
> It doesn't seem like the same as true of aria-xts or sm4-xts.  And as
> you said they are usable only on the cryptsetup main branch -- which I
> understand now consistently uses the fallback to a temporary dm-crypt
> mapping (at least when run as root).  So perhaps we don't actually need
> to allow "xts(aria)" and "xts(sm4)" as well?
> 
> The point isn't to add things that could theoretically be used, but
> rather add the minimum set that's needed to keep actual existing users
> working.

Do we need to add cbc(...) for these algorithms as well?

- Eric

      reply	other threads:[~2026-07-08  1:43 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-05 18:44 [PATCH] crypto: af_alg - Allow additional ciphers for cryptsetup Eric Biggers
2026-07-06 18:20 ` Milan Broz
2026-07-06 20:24   ` Eric Biggers
2026-07-08  1:43     ` Eric Biggers [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260708014313.GA1949@quark \
    --to=ebiggers@kernel.org \
    --cc=gmazyland@gmail.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox