[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <16a76d3e-910f-4fdf-5b2d-9f3355cce4ca@novek.ru>
Date: Thu, 30 Sep 2021 23:56:13 +0100
From: Vadim Fedorenko <vfedorenko@...ek.ru>
To: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Boris Pismenny <borisp@...dia.com>,
John Fastabend <john.fastabend@...il.com>,
Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net/tls: support SM4 CCM algorithm
On 30.09.2021 04:34, Tianjia Zhang wrote:
> Hi Vadim,
>
> On 9/29/21 5:24 AM, Vadim Fedorenko wrote:
>> On 28.09.2021 07:28, Tianjia Zhang wrote:
>>> The IV of CCM mode has special requirements, this patch supports CCM
>>> mode of SM4 algorithm.
>>>
>> Have you tried to connect this implementation to application with
>> user-space implementation of CCM mode? I wonder just because I have an
>> issue with AES-CCM Kernel TLS implementation when it's connected to
>> OpenSSL-driven server, but still have no time to fix it correctly.
>
> I did not encounter any issue when using KTLS with AES-CCM algorithm, but the
> KTLS RX mode on the OpenSSL side does not seem to be supported.
>
> I encountered some problems when using the SM4-CCM algorithm of KTLS. Follow the
> RFC8998 specification, the handshake has been successful, and the first data
> transmission can be successful. After that, I will encounter the problem of MAC
> verification failure, but this is issue on the OpenSSL side. because the problem
> is still being investigated, I have not opened the code for the time being.
>
Are you sure that this is an issue on the OpenSSL side? Because absolutely the
same problem is reported for AES-CCM algo and only when it's offloaded to
kernel. Looks like encryption of CCM could be broken somehow.
I will try to investigate it a bit later from the AES-CCM side.
Powered by blists - more mailing lists