On 7/5/26 8:44 PM, Eric Biggers wrote:
Add "xts(camellia)", "xts(serpent)", and "xts(twofish)" to the allowlist
for af_alg_restrict=1. These niche AES alternatives have continued to
see rare but persistent use via cryptsetup, which has historically
relied on the AF_ALG support for these ciphers in XTS mode for
performing the keyslot encryption. (cryptsetup v2.8.7 and later fall
back to a temporary dm-crypt mapping, but that requires root.)
Signed-off-by: Eric Biggers <[email protected]>
---
crypto/algif_skcipher.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 2b8069667974..49ae779b3b6b 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -45,6 +45,9 @@ static const struct af_alg_allowlist_entry
skcipher_allowlist[] = {
{ "ecb(des)", true }, /* iwd */
{ "hctr2(aes)", false }, /* cryptsetup */
{ "xts(aes)", false }, /* cryptsetup benchmark */
+ { "xts(camellia)", false }, /* cryptsetup */
+ { "xts(serpent)", false }, /* cryptsetup */
+ { "xts(twofish)", false }, /* cryptsetup */
{},
Well, if we are going this way, I would also add Aria and SM4 (currently usable
only in cryptsetup main branch).
Milan
p.s.
There is another user of AF_ALG hash, hardlink in util-linux, see
https://github.com/util-linux/util-linux/blob/master/lib/fileeq.c