lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 15 Apr 2019 17:37:49 +0200
From:   Paolo Bonzini <>
To:     Hao Feng <>,
        'Tom Lendacky ' <>,
        'Gary Hook ' <>,
        'Herbert Xu ' <>,
        "' David S. Miller '" <>,
        'Janakarajan Natarajan ' <>,
        'Joerg Roedel ' <>,
        ' Radim Krčmář ' <>,
        'Thomas Gleixner ' <>,
        'Ingo Molnar ' <>,
        'Borislav Petkov ' <>,
        "' H. Peter Anvin '" <>
Cc:     'Zhaohui Du ' <>,
        'Zhiwei Ying ' <>,
        'Wen Pu ' <>,,,,
Subject: Re: [PATCH 0/6] Add Hygon SEV support

On 15/04/19 14:04, Hao Feng wrote:
> Hygon SEV follows AMD SEV work flow, but uses China national standard
> cryptographic algorithms SM2/SM3/SM4 instead of (RSA, ECDSA,
> ECDH)/SHA/AES. Reuse most AMD SEV code path to support Hygon SEV,
> also adds 3 new commands(GM_PUBKEY_GEN, GM_GET_DIGEST,
> GM_VERIFY_DIGEST) to support SM2 key exchange protocol.
> SM2 is based on ECC(Elliptic Curve Cryptography), and uses a special
> curve. It can be used in digital signature, key exchange and
> asymmetric cryptography. For key exchange, SM2 is similar to ECDH, but
> involves new random key, meaning the two sides need to exchange extra
> random public key besides their public key, that's why additional APIs
> are needed to support Hygon SEV.
> SM3 is a hash algorithm, similar to SHA-256.
> SM4 is a block cipher algorithm, similar to AES-128.

I don't see SM2 and SM3 implemented elsewhere in Linux.  SM4 is only
supported by a few wireless drivers.

Apart from the concerns that Thomas mentioned, you have to convince the
rest of the community that these primitives are secure (for example by
contributing support for them to drivers/crypto), and then KVM will
start using them.

Because as far as I know, they could be just as secure as double rot13.


Powered by blists - more mailing lists