lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 15 Apr 2019 15:51:55 +0000
From:   Pascal Van Leeuwen <pvanleeuwen@...idesecure.com>
To:     Paolo Bonzini <pbonzini@...hat.com>, Hao Feng <fenghao@...on.cn>,
        'Tom Lendacky ' <thomas.lendacky@....com>,
        'Gary Hook ' <gary.hook@....com>,
        'Herbert Xu ' <herbert@...dor.apana.org.au>,
        "' David S. Miller '" <davem@...emloft.net>,
        'Janakarajan Natarajan ' <Janakarajan.Natarajan@....com>,
        'Joerg Roedel ' <joro@...tes.org>,
        ' Radim Krčmář ' <rkrcmar@...hat.com>,
        'Thomas Gleixner ' <tglx@...utronix.de>,
        'Ingo Molnar ' <mingo@...hat.com>,
        'Borislav Petkov ' <bp@...en8.de>,
        "' H. Peter Anvin '" <hpa@...or.com>
CC:     'Zhaohui Du ' <duzhaohui@...on.cn>,
        'Zhiwei Ying ' <yingzhiwei@...on.cn>,
        'Wen Pu ' <puwen@...on.cn>,
        "x86@...nel.org" <x86@...nel.org>,
        "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH 0/6] Add Hygon SEV support

> -----Original Message-----
> From: linux-crypto-owner@...r.kernel.org [mailto:linux-crypto-
> owner@...r.kernel.org] On Behalf Of Paolo Bonzini
> Sent: Monday, April 15, 2019 5:38 PM
> To: Hao Feng <fenghao@...on.cn>; 'Tom Lendacky '
> <thomas.lendacky@....com>; 'Gary Hook ' <gary.hook@....com>; 'Herbert
> Xu ' <herbert@...dor.apana.org.au>; ' David S. Miller '
> <davem@...emloft.net>; 'Janakarajan Natarajan '
> <Janakarajan.Natarajan@....com>; 'Joerg Roedel ' <joro@...tes.org>; '
> Radim Krčmář ' <rkrcmar@...hat.com>; 'Thomas Gleixner '
> <tglx@...utronix.de>; 'Ingo Molnar ' <mingo@...hat.com>; 'Borislav
> Petkov ' <bp@...en8.de>; ' H. Peter Anvin ' <hpa@...or.com>
> Cc: 'Zhaohui Du ' <duzhaohui@...on.cn>; 'Zhiwei Ying '
> <yingzhiwei@...on.cn>; 'Wen Pu ' <puwen@...on.cn>; x86@...nel.org;
> linux-crypto@...r.kernel.org; kvm@...r.kernel.org; linux-
> kernel@...r.kernel.org
> Subject: Re: [PATCH 0/6] Add Hygon SEV support
>
> On 15/04/19 14:04, Hao Feng wrote:
> > Hygon SEV follows AMD SEV work flow, but uses China national standard
> > cryptographic algorithms SM2/SM3/SM4 instead of (RSA, ECDSA,
> > ECDH)/SHA/AES. Reuse most AMD SEV code path to support Hygon SEV,
> > also adds 3 new commands(GM_PUBKEY_GEN, GM_GET_DIGEST,
> > GM_VERIFY_DIGEST) to support SM2 key exchange protocol.
> >
> > SM2 is based on ECC(Elliptic Curve Cryptography), and uses a special
> > curve. It can be used in digital signature, key exchange and
> > asymmetric cryptography. For key exchange, SM2 is similar to ECDH,
> but
> > involves new random key, meaning the two sides need to exchange extra
> > random public key besides their public key, that's why additional
> APIs
> > are needed to support Hygon SEV.
> > SM3 is a hash algorithm, similar to SHA-256.
> > SM4 is a block cipher algorithm, similar to AES-128.
>
> I don't see SM2 and SM3 implemented elsewhere in Linux.  SM4 is only
> supported by a few wireless drivers.
>
> Apart from the concerns that Thomas mentioned, you have to convince the
> rest of the community that these primitives are secure (for example by
> contributing support for them to drivers/crypto), and then KVM will
> start using them.
>

I don't know about SM2, but both SM3 and SM4 are already implemented in
the kernel tree as generic C code and covered by the testmgr.

There also has been quite some analysis done on them (Google is your
friend) and they are generally considered secure. Besides that, they are
in heavy practical use in mainland China, usually as direct replacements
for SHA2-256 and AES in whatever protocol or use case you need: IPsec,
TLS, WPA2, XTS for disk encryption, you name it.

>
> Because as far as I know, they could be just as secure as double rot13.
>

You could educate yourself first instead of just making assumptions?

Regards,

Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines

Tel. : +31 (0)73 65 81 900

www.insidesecure.com

Powered by blists - more mailing lists