| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1195374a-a9d4-0431-015b-60d986e29881@linux.alibaba.com>
Date: Thu, 30 Sep 2021 11:34:33 +0800
From: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
To: Vadim Fedorenko <vfedorenko@...ek.ru>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Boris Pismenny <borisp@...dia.com>,
John Fastabend <john.fastabend@...il.com>,
Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net/tls: support SM4 CCM algorithm
Hi Vadim,
On 9/29/21 5:24 AM, Vadim Fedorenko wrote:
> On 28.09.2021 07:28, Tianjia Zhang wrote:
>> The IV of CCM mode has special requirements, this patch supports CCM
>> mode of SM4 algorithm.
>>
> Have you tried to connect this implementation to application with
> user-space implementation of CCM mode? I wonder just because I have an
> issue with AES-CCM Kernel TLS implementation when it's connected to
> OpenSSL-driven server, but still have no time to fix it correctly.
I did not encounter any issue when using KTLS with AES-CCM algorithm,
but the KTLS RX mode on the OpenSSL side does not seem to be supported.
I encountered some problems when using the SM4-CCM algorithm of KTLS.
Follow the RFC8998 specification, the handshake has been successful, and
the first data transmission can be successful. After that, I will
encounter the problem of MAC verification failure, but this is issue on
the OpenSSL side. because the problem is still being investigated, I
have not opened the code for the time being.
Cheers,
Tianjia
Powered by blists - more mailing lists