[PATCH] net/tls: support SM4 CCM algorithm

[PATCH] net/tls: support SM4 CCM algorithm

[Tianjia Zhang]

The IV of CCM mode has special requirements, this patch supports CCM
mode of SM4 algorithm.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
---
 include/net/tls.h |  3 ++-
 net/tls/tls_sw.c  | 20 ++++++++++++++++----
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/include/net/tls.h b/include/net/tls.h
index be4b3e1cac46..b6d40642afdd 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -66,7 +66,7 @@
 #define MAX_IV_SIZE			16
 #define TLS_MAX_REC_SEQ_SIZE		8
 
-/* For AES-CCM, the full 16-bytes of IV is made of '4' fields of given sizes.
+/* For CCM mode, the full 16-bytes of IV is made of '4' fields of given sizes.
  *
  * IV[16] = b0[1] || implicit nonce[4] || explicit nonce[8] || length[3]
  *
@@ -74,6 +74,7 @@
  * Hence b0 contains (3 - 1) = 2.
  */
 #define TLS_AES_CCM_IV_B0_BYTE		2
+#define TLS_SM4_CCM_IV_B0_BYTE		2
 
 #define __TLS_INC_STATS(net, field)				\
 	__SNMP_INC_STATS((net)->mib.tls_statistics, field)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 120a73abb95c..81bb78c812c4 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -498,9 +498,15 @@ static int tls_do_encryption(struct sock *sk,
 	int rc, iv_offset = 0;
 
 	/* For CCM based ciphers, first byte of IV is a constant */
-	if (prot->cipher_type == TLS_CIPHER_AES_CCM_128) {
+	switch (prot->cipher_type) {
+	case TLS_CIPHER_AES_CCM_128:
 		rec->iv_data[0] = TLS_AES_CCM_IV_B0_BYTE;
 		iv_offset = 1;
+		break;
+	case TLS_CIPHER_SM4_CCM:
+		rec->iv_data[0] = TLS_SM4_CCM_IV_B0_BYTE;
+		iv_offset = 1;
+		break;
 	}
 
 	memcpy(&rec->iv_data[iv_offset], tls_ctx->tx.iv,
@@ -1482,10 +1488,16 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
 	aad = (u8 *)(sgout + n_sgout);
 	iv = aad + prot->aad_size;
 
-	/* For CCM based ciphers, first byte of nonce+iv is always '2' */
-	if (prot->cipher_type == TLS_CIPHER_AES_CCM_128) {
-		iv[0] = 2;
+	/* For CCM based ciphers, first byte of nonce+iv is a constant */
+	switch (prot->cipher_type) {
+	case TLS_CIPHER_AES_CCM_128:
+		iv[0] = TLS_AES_CCM_IV_B0_BYTE;
 		iv_offset = 1;
+		break;
+	case TLS_CIPHER_SM4_CCM:
+		iv[0] = TLS_SM4_CCM_IV_B0_BYTE;
+		iv_offset = 1;
+		break;
 	}
 
 	/* Prepare IV */
-- 
2.19.1.3.ge56e4f7

Re: [PATCH] net/tls: support SM4 CCM algorithm

[patchwork-bot+netdevbpf]

Hello:

This patch was applied to netdev/net-next.git (refs/heads/master):

On Tue, 28 Sep 2021 14:28:43 +0800 you wrote:
> The IV of CCM mode has special requirements, this patch supports CCM
> mode of SM4 algorithm.
> 
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> ---
>  include/net/tls.h |  3 ++-
>  net/tls/tls_sw.c  | 20 ++++++++++++++++----
>  2 files changed, 18 insertions(+), 5 deletions(-)

Here is the summary with links:
  - net/tls: support SM4 CCM algorithm
    https://git.kernel.org/netdev/net-next/c/128cfb882e23

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Re: [PATCH] net/tls: support SM4 CCM algorithm

[Vadim Fedorenko]

On 28.09.2021 07:28, Tianjia Zhang wrote:
> The IV of CCM mode has special requirements, this patch supports CCM
> mode of SM4 algorithm.
>
Have you tried to connect this implementation to application with
user-space implementation of CCM mode? I wonder just because I have an
issue with AES-CCM Kernel TLS implementation when it's connected to
OpenSSL-driven server, but still have no time to fix it correctly.

Re: [PATCH] net/tls: support SM4 CCM algorithm

[Tianjia Zhang]

Hi Vadim,

On 9/29/21 5:24 AM, Vadim Fedorenko wrote:
> On 28.09.2021 07:28, Tianjia Zhang wrote:
>> The IV of CCM mode has special requirements, this patch supports CCM
>> mode of SM4 algorithm.
>>
> Have you tried to connect this implementation to application with
> user-space implementation of CCM mode? I wonder just because I have an
> issue with AES-CCM Kernel TLS implementation when it's connected to
> OpenSSL-driven server, but still have no time to fix it correctly.

I did not encounter any issue when using KTLS with AES-CCM algorithm, 
but the KTLS RX mode on the OpenSSL side does not seem to be supported.

I encountered some problems when using the SM4-CCM algorithm of KTLS. 
Follow the RFC8998 specification, the handshake has been successful, and 
the first data transmission can be successful. After that, I will 
encounter the problem of MAC verification failure, but this is issue on 
the OpenSSL side. because the problem is still being investigated, I 
have not opened the code for the time being.

Cheers,
Tianjia

Re: [PATCH] net/tls: support SM4 CCM algorithm

[Vadim Fedorenko]

On 30.09.2021 04:34, Tianjia Zhang wrote:
> Hi Vadim,
> 
> On 9/29/21 5:24 AM, Vadim Fedorenko wrote:
>> On 28.09.2021 07:28, Tianjia Zhang wrote:
>>> The IV of CCM mode has special requirements, this patch supports CCM
>>> mode of SM4 algorithm.
>>>
>> Have you tried to connect this implementation to application with
>> user-space implementation of CCM mode? I wonder just because I have an
>> issue with AES-CCM Kernel TLS implementation when it's connected to
>> OpenSSL-driven server, but still have no time to fix it correctly.
> 
> I did not encounter any issue when using KTLS with AES-CCM algorithm, but the 
> KTLS RX mode on the OpenSSL side does not seem to be supported.
> 
> I encountered some problems when using the SM4-CCM algorithm of KTLS. Follow the 
> RFC8998 specification, the handshake has been successful, and the first data 
> transmission can be successful. After that, I will encounter the problem of MAC 
> verification failure, but this is issue on the OpenSSL side. because the problem 
> is still being investigated, I have not opened the code for the time being.
> 
Are you sure that this is an issue on the OpenSSL side? Because absolutely the 
same problem is reported for AES-CCM algo and only when it's offloaded to 
kernel. Looks like encryption of CCM could be broken somehow.

I will try to investigate it a bit later from the AES-CCM side.

Re: [PATCH] net/tls: support SM4 CCM algorithm

[Tianjia Zhang]

On 10/1/21 6:56 AM, Vadim Fedorenko wrote:
> On 30.09.2021 04:34, Tianjia Zhang wrote:
>> Hi Vadim,
>>
>> On 9/29/21 5:24 AM, Vadim Fedorenko wrote:
>>> On 28.09.2021 07:28, Tianjia Zhang wrote:
>>>> The IV of CCM mode has special requirements, this patch supports CCM
>>>> mode of SM4 algorithm.
>>>>
>>> Have you tried to connect this implementation to application with
>>> user-space implementation of CCM mode? I wonder just because I have an
>>> issue with AES-CCM Kernel TLS implementation when it's connected to
>>> OpenSSL-driven server, but still have no time to fix it correctly.
>>
>> I did not encounter any issue when using KTLS with AES-CCM algorithm, 
>> but the KTLS RX mode on the OpenSSL side does not seem to be supported.
>>
>> I encountered some problems when using the SM4-CCM algorithm of KTLS. 
>> Follow the RFC8998 specification, the handshake has been successful, 
>> and the first data transmission can be successful. After that, I will 
>> encounter the problem of MAC verification failure, but this is issue 
>> on the OpenSSL side. because the problem is still being investigated, 
>> I have not opened the code for the time being.
>>
> Are you sure that this is an issue on the OpenSSL side? Because 
> absolutely the same problem is reported for AES-CCM algo and only when 
> it's offloaded to kernel. Looks like encryption of CCM could be broken 
> somehow.
> 
> I will try to investigate it a bit later from the AES-CCM side.

Yes, but I only used openssl s_server/s_client to do the test. In 
theory, this is not guaranteed to be fully covered. Can you tell us 
about the scenario where your issue occurred? I will try to see if it 
can replay.

Best regards,
Tianjia