* [PATCH net-next 0/2] xfrm: Add support for SM3 and SM4
@ 2021-12-22 9:06 Xu Jia
2021-12-22 9:06 ` [PATCH net-next 1/2] xfrm: Add support for SM3 secure hash Xu Jia
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Xu Jia @ 2021-12-22 9:06 UTC (permalink / raw)
To: steffen.klassert, herbert, davem, kuba; +Cc: linux-kernel, netdev
These patches add xfrm support for SM3 and SM4 algorithms which are
cryptographic standards published by China State Cryptography
Administration.
SM3 secure hash (OSCCA GM/T 0004-2012 SM3) is based on Merkle-Damgard
with a thuncation of 256 bits. It could be used for authentication
and random number generation.
SM4 symmetric ciper algorithm (OSCCA GB/T 32097-2016) has at least 128
bits packet length which is similar to AES ciper algorithm. It is
suitable for the use of block ciphers in cryptographic applications.
As SM3 and SM4 have already been supported by Linux kernel,
after these patches, we can use them with "ip xfrm" tools easily.
Xu Jia (2):
xfrm: Add support for SM3 secure hash
xfrm: Add support for SM4 symmetric cipher algorithm
include/uapi/linux/pfkeyv2.h | 2 ++
net/xfrm/xfrm_algo.c | 41 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 43 insertions(+)
--
1.8.3.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH net-next 1/2] xfrm: Add support for SM3 secure hash
2021-12-22 9:06 [PATCH net-next 0/2] xfrm: Add support for SM3 and SM4 Xu Jia
@ 2021-12-22 9:06 ` Xu Jia
2021-12-22 9:06 ` [PATCH net-next 2/2] xfrm: Add support for SM4 symmetric cipher algorithm Xu Jia
2021-12-29 10:18 ` [PATCH net-next 0/2] xfrm: Add support for SM3 and SM4 Steffen Klassert
2 siblings, 0 replies; 4+ messages in thread
From: Xu Jia @ 2021-12-22 9:06 UTC (permalink / raw)
To: steffen.klassert, herbert, davem, kuba; +Cc: linux-kernel, netdev
This patch allows IPsec to use SM3 HMAC authentication algorithm.
Signed-off-by: Xu Jia <xujia39@huawei.com>
---
include/uapi/linux/pfkeyv2.h | 1 +
net/xfrm/xfrm_algo.c | 20 ++++++++++++++++++++
2 files changed, 21 insertions(+)
diff --git a/include/uapi/linux/pfkeyv2.h b/include/uapi/linux/pfkeyv2.h
index d65b117..798ba9f 100644
--- a/include/uapi/linux/pfkeyv2.h
+++ b/include/uapi/linux/pfkeyv2.h
@@ -309,6 +309,7 @@ struct sadb_x_filter {
#define SADB_X_AALG_SHA2_512HMAC 7
#define SADB_X_AALG_RIPEMD160HMAC 8
#define SADB_X_AALG_AES_XCBC_MAC 9
+#define SADB_X_AALG_SM3_256HMAC 10
#define SADB_X_AALG_NULL 251 /* kame */
#define SADB_AALG_MAX 251
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 4dae3ab..00b5444 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -341,6 +341,26 @@
.pfkey_supported = 0,
},
+{
+ .name = "hmac(sm3)",
+ .compat = "sm3",
+
+ .uinfo = {
+ .auth = {
+ .icv_truncbits = 256,
+ .icv_fullbits = 256,
+ }
+ },
+
+ .pfkey_supported = 1,
+
+ .desc = {
+ .sadb_alg_id = SADB_X_AALG_SM3_256HMAC,
+ .sadb_alg_ivlen = 0,
+ .sadb_alg_minbits = 256,
+ .sadb_alg_maxbits = 256
+ }
+},
};
static struct xfrm_algo_desc ealg_list[] = {
--
1.8.3.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH net-next 2/2] xfrm: Add support for SM4 symmetric cipher algorithm
2021-12-22 9:06 [PATCH net-next 0/2] xfrm: Add support for SM3 and SM4 Xu Jia
2021-12-22 9:06 ` [PATCH net-next 1/2] xfrm: Add support for SM3 secure hash Xu Jia
@ 2021-12-22 9:06 ` Xu Jia
2021-12-29 10:18 ` [PATCH net-next 0/2] xfrm: Add support for SM3 and SM4 Steffen Klassert
2 siblings, 0 replies; 4+ messages in thread
From: Xu Jia @ 2021-12-22 9:06 UTC (permalink / raw)
To: steffen.klassert, herbert, davem, kuba; +Cc: linux-kernel, netdev
This patch adds SM4 encryption algorithm entry to ealg_list.
Signed-off-by: Xu Jia <xujia39@huawei.com>
---
include/uapi/linux/pfkeyv2.h | 1 +
net/xfrm/xfrm_algo.c | 21 +++++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/include/uapi/linux/pfkeyv2.h b/include/uapi/linux/pfkeyv2.h
index 798ba9f..8abae1f 100644
--- a/include/uapi/linux/pfkeyv2.h
+++ b/include/uapi/linux/pfkeyv2.h
@@ -330,6 +330,7 @@ struct sadb_x_filter {
#define SADB_X_EALG_AES_GCM_ICV16 20
#define SADB_X_EALG_CAMELLIACBC 22
#define SADB_X_EALG_NULL_AES_GMAC 23
+#define SADB_X_EALG_SM4CBC 24
#define SADB_EALG_MAX 253 /* last EALG */
/* private allocations should use 249-255 (RFC2407) */
#define SADB_X_EALG_SERPENTCBC 252 /* draft-ietf-ipsec-ciph-aes-cbc-00 */
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 00b5444..094734f 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -572,6 +572,27 @@
.sadb_alg_maxbits = 288
}
},
+{
+ .name = "cbc(sm4)",
+ .compat = "sm4",
+
+ .uinfo = {
+ .encr = {
+ .geniv = "echainiv",
+ .blockbits = 128,
+ .defkeybits = 128,
+ }
+ },
+
+ .pfkey_supported = 1,
+
+ .desc = {
+ .sadb_alg_id = SADB_X_EALG_SM4CBC,
+ .sadb_alg_ivlen = 16,
+ .sadb_alg_minbits = 128,
+ .sadb_alg_maxbits = 256
+ }
+},
};
static struct xfrm_algo_desc calg_list[] = {
--
1.8.3.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net-next 0/2] xfrm: Add support for SM3 and SM4
2021-12-22 9:06 [PATCH net-next 0/2] xfrm: Add support for SM3 and SM4 Xu Jia
2021-12-22 9:06 ` [PATCH net-next 1/2] xfrm: Add support for SM3 secure hash Xu Jia
2021-12-22 9:06 ` [PATCH net-next 2/2] xfrm: Add support for SM4 symmetric cipher algorithm Xu Jia
@ 2021-12-29 10:18 ` Steffen Klassert
2 siblings, 0 replies; 4+ messages in thread
From: Steffen Klassert @ 2021-12-29 10:18 UTC (permalink / raw)
To: Xu Jia; +Cc: herbert, davem, kuba, linux-kernel, netdev
On Wed, Dec 22, 2021 at 05:06:57PM +0800, Xu Jia wrote:
> These patches add xfrm support for SM3 and SM4 algorithms which are
> cryptographic standards published by China State Cryptography
> Administration.
>
> SM3 secure hash (OSCCA GM/T 0004-2012 SM3) is based on Merkle-Damgard
> with a thuncation of 256 bits. It could be used for authentication
> and random number generation.
>
> SM4 symmetric ciper algorithm (OSCCA GB/T 32097-2016) has at least 128
> bits packet length which is similar to AES ciper algorithm. It is
> suitable for the use of block ciphers in cryptographic applications.
>
> As SM3 and SM4 have already been supported by Linux kernel,
> after these patches, we can use them with "ip xfrm" tools easily.
>
>
> Xu Jia (2):
> xfrm: Add support for SM3 secure hash
> xfrm: Add support for SM4 symmetric cipher algorithm
>
> include/uapi/linux/pfkeyv2.h | 2 ++
> net/xfrm/xfrm_algo.c | 41 +++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 43 insertions(+)
Series applied to ipsec-next, thanks a lot!
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-12-29 10:28 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-22 9:06 [PATCH net-next 0/2] xfrm: Add support for SM3 and SM4 Xu Jia
2021-12-22 9:06 ` [PATCH net-next 1/2] xfrm: Add support for SM3 secure hash Xu Jia
2021-12-22 9:06 ` [PATCH net-next 2/2] xfrm: Add support for SM4 symmetric cipher algorithm Xu Jia
2021-12-29 10:18 ` [PATCH net-next 0/2] xfrm: Add support for SM3 and SM4 Steffen Klassert
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.