fscrypt: add additional documentation for SM4 support

Add a paragraph about SM4, like there is for the other modes. Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Link: https://lore.kernel.org/r/20221201191452.6557-1-ebiggers@kernel.org
author: Eric Biggers <ebiggers@google.com> 2022-12-01 11:14:52 -0800
committer: Eric Biggers <ebiggers@google.com> 2022-12-02 10:43:00 -0800
commit: 41952551acb405080726aa38a8a7ce317d9de4bb (patch)
tree: 669ae17c6bdb13438008e2c8efad5fe00a73c8db
parent: f8b435f93b7630afea2df958e0331c566496214b (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst
index c0784ec05553..ef183387da20 100644
--- a/Documentation/filesystems/fscrypt.rst
+++ b/Documentation/filesystems/fscrypt.rst
@@ -370,6 +370,12 @@ CONFIG_CRYPTO_HCTR2 must be enabled.  Also, fast implementations of XCTR and
 POLYVAL should be enabled, e.g. CRYPTO_POLYVAL_ARM64_CE and
 CRYPTO_AES_ARM64_CE_BLK for ARM64.
 
+SM4 is a Chinese block cipher that is an alternative to AES.  It has
+not seen as much security review as AES, and it only has a 128-bit key
+size.  It may be useful in cases where its use is mandated.
+Otherwise, it should not be used.  For SM4 support to be available, it
+also needs to be enabled in the kernel crypto API.
+
 New encryption modes can be added relatively easily, without changes
 to individual filesystems.  However, authenticated encryption (AE)
 modes are not currently supported because of the difficulty of dealing
author	Eric Biggers <ebiggers@google.com>	2022-12-01 11:14:52 -0800
committer	Eric Biggers <ebiggers@google.com>	2022-12-02 10:43:00 -0800
commit	41952551acb405080726aa38a8a7ce317d9de4bb (patch)
tree	669ae17c6bdb13438008e2c8efad5fe00a73c8db
parent	f8b435f93b7630afea2df958e0331c566496214b (diff)