All of lore.kernel.org
 help / color / mirror / Atom feed
From: Paolo Bonzini <pbonzini@redhat.com>
To: "Pascal Van Leeuwen" <pvanleeuwen@insidesecure.com>,
	"Hao Feng" <fenghao@hygon.cn>,
	"'Tom Lendacky '" <thomas.lendacky@amd.com>,
	"'Gary Hook '" <gary.hook@amd.com>,
	"'Herbert Xu '" <herbert@gondor.apana.org.au>,
	"' David S. Miller '" <davem@davemloft.net>,
	"'Janakarajan Natarajan '" <Janakarajan.Natarajan@amd.com>,
	"'Joerg Roedel '" <joro@8bytes.org>,
	"' Radim Krčmář '" <rkrcmar@redhat.com>,
	"'Thomas Gleixner '" <tglx@linutronix.de>,
	"'Ingo Molnar '" <mingo@redhat.com>,
	"'Borislav Petkov '" <bp@alien8.de>,
	"' H. Peter Anvin '" <hpa@zytor.com>
Cc: 'Zhaohui Du ' <duzhaohui@hygon.cn>,
	'Zhiwei Ying ' <yingzhiwei@hygon.cn>, 'Wen Pu ' <puwen@hygon.cn>,
	"x86@kernel.org" <x86@kernel.org>,
	"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
	"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 0/6] Add Hygon SEV support
Date: Mon, 15 Apr 2019 18:04:46 +0200	[thread overview]
Message-ID: <fda47663-9536-0d36-5a0e-c6da77e21209@redhat.com> (raw)
In-Reply-To: <AM6PR09MB35237F925CF4C82FBBA53862D22B0@AM6PR09MB3523.eurprd09.prod.outlook.com>

On 15/04/19 17:51, Pascal Van Leeuwen wrote:
> I don't know about SM2, but both SM3 and SM4 are already implemented in
> the kernel tree as generic C code and covered by the testmgr.

I stand corrected.

> There also has been quite some analysis done on them (Google is your
> friend) and they are generally considered secure.

Good.

> Besides that, they are
> in heavy practical use in mainland China, usually as direct replacements
> for SHA2-256 and AES in whatever protocol or use case you need: IPsec,
> TLS, WPA2, XTS for disk encryption, you name it.

How should that mean anything?

>> Because as far as I know, they could be just as secure as double rot13.
> 
> You could educate yourself first instead of just making assumptions?
I did educate myself a bit, but I'm not an expert in cryptography, so I
would like to be sure that these are not another Speck or DUAL-EC-DRBG.
 "SM2 is based on ECC(Elliptic Curve Cryptography), and uses a special
curve" is enough for me to see warning signs, at least without further
explanations, and so does the fact that the initial SM3 values were
changed from SHA-2 and AFAICT there is no public justification for that.

Paolo

  reply	other threads:[~2019-04-15 16:05 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-15 12:04 [PATCH 0/6] Add Hygon SEV support Hao Feng
2019-04-15 12:04 ` [PATCH 1/6] crypto: ccp: Add Hygon Dhyana support Hao Feng
2019-04-15 12:04 ` [PATCH 2/6] crypto: ccp: Define Hygon SEV commands Hao Feng
2019-04-15 12:04 ` [PATCH 3/6] crypto: ccp: Implement SEV_GM_PUBKEY_GEN ioctl command Hao Feng
2019-04-15 12:04 ` [PATCH 4/6] KVM: Define Hygon SEV commands Hao Feng
2019-04-15 12:04 ` [PATCH 5/6] KVM: SVM: Add support for KVM_SEV_GM_GET_DIGEST command Hao Feng
2019-04-15 15:09   ` Borislav Petkov
     [not found]     ` <896956377bf441c3bfd911716418ce7e@hygon.cn>
2019-04-16  8:15       ` Borislav Petkov
2019-04-16 11:47         ` Hao Feng
2019-04-15 12:04 ` [PATCH 6/6] KVM: SVM: Add support for KVM_SEV_GM_VERIFY_DIGEST command Hao Feng
2019-04-15 15:32 ` [PATCH 0/6] Add Hygon SEV support Lendacky, Thomas
2019-04-15 15:37 ` Paolo Bonzini
2019-04-15 15:51   ` Pascal Van Leeuwen
2019-04-15 16:04     ` Paolo Bonzini [this message]
2019-04-16  6:58       ` Pascal Van Leeuwen
2019-04-16  8:09         ` Paolo Bonzini
2019-04-16  9:08           ` Pascal Van Leeuwen
2019-04-16 10:28           ` Hao Feng

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fda47663-9536-0d36-5a0e-c6da77e21209@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=Janakarajan.Natarajan@amd.com \
    --cc=bp@alien8.de \
    --cc=davem@davemloft.net \
    --cc=duzhaohui@hygon.cn \
    --cc=fenghao@hygon.cn \
    --cc=gary.hook@amd.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=hpa@zytor.com \
    --cc=joro@8bytes.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=puwen@hygon.cn \
    --cc=pvanleeuwen@insidesecure.com \
    --cc=rkrcmar@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    --cc=yingzhiwei@hygon.cn \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.