Linux-Crypto Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 0/7] crypto: inside-secure - Add support for SM4 ciphers
@ 2019-09-11 10:38 Pascal van Leeuwen
  2019-09-11 10:38 ` [PATCH 1/7] crypto: inside-secure - Add support for the ecb(sm4) skcipher Pascal van Leeuwen
                   ` (6 more replies)
  0 siblings, 7 replies; 12+ messages in thread
From: Pascal van Leeuwen @ 2019-09-11 10:38 UTC (permalink / raw)
  To: linux-crypto; +Cc: antoine.tenart, herbert, davem, Pascal van Leeuwen

Extend driver support with ecb(sm4), cbc(sm4), ofb(sm4), cfb(sm4) and
rfc3686(ctr(sm4)) skcipher algorithms.
Also add ofb(sm4), cfb(sm4) and rfc3686(ctr(sm4)) testvectors to testmgr.
The patchset has been tested with the eip197c_iewxkbc configuration
on the Xilinx VCU118 development board, including the crypto extra tests.

Note that this patchset applies on top of the earlier submitted
"Add support for (HMAC) SM3" series.
 
Pascal van Leeuwen (7):
  crypto: inside-secure - Add support for the ecb(sm4) skcipher
  crypto: inside-secure - Add support for the cbc(sm4) skcipher
  crypto: inside-secure - Add support for the ofb(sm4) skcipher
  crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4)
    skciphers
  crypto: inside-secure - Add support for the cfb(sm4) skcipher
  crypto: inside-secure - Add support for the rfc3685(ctr(sm4)) skcipher
  crypto: testmgr - Added testvectors for the rfc3686(ctr(sm4)) skcipher

 crypto/testmgr.c                               |  18 ++
 crypto/testmgr.h                               | 127 +++++++++++++
 drivers/crypto/inside-secure/safexcel.c        |   5 +
 drivers/crypto/inside-secure/safexcel.h        |   6 +
 drivers/crypto/inside-secure/safexcel_cipher.c | 249 +++++++++++++++++++++++++
 5 files changed, 405 insertions(+)

-- 
1.8.3.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH 1/7] crypto: inside-secure - Add support for the ecb(sm4) skcipher
  2019-09-11 10:38 [PATCH 0/7] crypto: inside-secure - Add support for SM4 ciphers Pascal van Leeuwen
@ 2019-09-11 10:38 ` Pascal van Leeuwen
  2019-09-11 10:38 ` [PATCH 2/7] crypto: inside-secure - Add support for the cbc(sm4) skcipher Pascal van Leeuwen
                   ` (5 subsequent siblings)
  6 siblings, 0 replies; 12+ messages in thread
From: Pascal van Leeuwen @ 2019-09-11 10:38 UTC (permalink / raw)
  To: linux-crypto; +Cc: antoine.tenart, herbert, davem, Pascal van Leeuwen

This patch adds support for SM4 in ECB mode, i.e. skcipher ecb(sm4).

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
---
 drivers/crypto/inside-secure/safexcel.c        |  1 +
 drivers/crypto/inside-secure/safexcel.h        |  2 +
 drivers/crypto/inside-secure/safexcel_cipher.c | 90 ++++++++++++++++++++++++++
 3 files changed, 93 insertions(+)

diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c
index 7d907d5..fe785e8 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1178,6 +1178,7 @@ static int safexcel_request_ring_irq(void *pdev, int irqid,
 	&safexcel_alg_chachapoly_esp,
 	&safexcel_alg_sm3,
 	&safexcel_alg_hmac_sm3,
+	&safexcel_alg_ecb_sm4,
 };
 
 static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h
index 7ee09fe..970b5cd 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -359,6 +359,7 @@ struct safexcel_context_record {
 #define CONTEXT_CONTROL_CRYPTO_ALG_AES192	(0x6 << 17)
 #define CONTEXT_CONTROL_CRYPTO_ALG_AES256	(0x7 << 17)
 #define CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20	(0x8 << 17)
+#define CONTEXT_CONTROL_CRYPTO_ALG_SM4		(0xd << 17)
 #define CONTEXT_CONTROL_DIGEST_PRECOMPUTED	(0x1 << 21)
 #define CONTEXT_CONTROL_DIGEST_XCM		(0x2 << 21)
 #define CONTEXT_CONTROL_DIGEST_HMAC		(0x3 << 21)
@@ -872,5 +873,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key, unsigned int keylen,
 extern struct safexcel_alg_template safexcel_alg_chachapoly_esp;
 extern struct safexcel_alg_template safexcel_alg_sm3;
 extern struct safexcel_alg_template safexcel_alg_hmac_sm3;
+extern struct safexcel_alg_template safexcel_alg_ecb_sm4;
 
 #endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c
index 00bf220..fc75f2f 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -19,6 +19,7 @@
 #include <crypto/ghash.h>
 #include <crypto/poly1305.h>
 #include <crypto/sha.h>
+#include <crypto/sm4.h>
 #include <crypto/xts.h>
 #include <crypto/skcipher.h>
 #include <crypto/internal/aead.h>
@@ -36,6 +37,7 @@ enum safexcel_cipher_alg {
 	SAFEXCEL_3DES,
 	SAFEXCEL_AES,
 	SAFEXCEL_CHACHA20,
+	SAFEXCEL_SM4,
 };
 
 struct safexcel_cipher_ctx {
@@ -530,6 +532,9 @@ static int safexcel_context_control(struct safexcel_cipher_ctx *ctx,
 	} else if (ctx->alg == SAFEXCEL_CHACHA20) {
 		cdesc->control_data.control0 |=
 			CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20;
+	} else if (ctx->alg == SAFEXCEL_SM4) {
+		cdesc->control_data.control0 |=
+			CONTEXT_CONTROL_CRYPTO_ALG_SM4;
 	}
 
 	return 0;
@@ -2620,3 +2625,88 @@ struct safexcel_alg_template safexcel_alg_chachapoly_esp = {
 		},
 	},
 };
+
+static int safexcel_skcipher_sm4_setkey(struct crypto_skcipher *ctfm,
+					const u8 *key, unsigned int len)
+{
+	struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm);
+	struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+	struct safexcel_crypto_priv *priv = ctx->priv;
+	int i;
+
+	if (len != SM4_KEY_SIZE) {
+		crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+		return -EINVAL;
+	}
+
+	if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
+		for (i = 0; i < SM4_KEY_SIZE / sizeof(u32); i++) {
+			if (ctx->key[i] !=
+			    get_unaligned_le32(key + i * sizeof(u32))) {
+				ctx->base.needs_inv = true;
+				break;
+			}
+		}
+	}
+
+	for (i = 0; i < SM4_KEY_SIZE / sizeof(u32); i++)
+		ctx->key[i] = get_unaligned_le32(key + i * sizeof(u32));
+	ctx->key_len = SM4_KEY_SIZE;
+
+	return 0;
+}
+
+static int safexcel_sm4_blk_encrypt(struct skcipher_request *req)
+{
+	/* Workaround for HW bug: EIP96 4.3 does not report blocksize error */
+	if (req->cryptlen & (SM4_BLOCK_SIZE - 1))
+		return -EINVAL;
+	else
+		return safexcel_queue_req(&req->base, skcipher_request_ctx(req),
+					  SAFEXCEL_ENCRYPT);
+}
+
+static int safexcel_sm4_blk_decrypt(struct skcipher_request *req)
+{
+	/* Workaround for HW bug: EIP96 4.3 does not report blocksize error */
+	if (req->cryptlen & (SM4_BLOCK_SIZE - 1))
+		return -EINVAL;
+	else
+		return safexcel_queue_req(&req->base, skcipher_request_ctx(req),
+					  SAFEXCEL_DECRYPT);
+}
+
+static int safexcel_skcipher_sm4_ecb_cra_init(struct crypto_tfm *tfm)
+{
+	struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+	safexcel_skcipher_cra_init(tfm);
+	ctx->alg  = SAFEXCEL_SM4;
+	ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_ECB;
+	return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_ecb_sm4 = {
+	.type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+	.algo_mask = SAFEXCEL_ALG_SM4,
+	.alg.skcipher = {
+		.setkey = safexcel_skcipher_sm4_setkey,
+		.encrypt = safexcel_sm4_blk_encrypt,
+		.decrypt = safexcel_sm4_blk_decrypt,
+		.min_keysize = SM4_KEY_SIZE,
+		.max_keysize = SM4_KEY_SIZE,
+		.base = {
+			.cra_name = "ecb(sm4)",
+			.cra_driver_name = "safexcel-ecb-sm4",
+			.cra_priority = SAFEXCEL_CRA_PRIORITY,
+			.cra_flags = CRYPTO_ALG_ASYNC |
+				     CRYPTO_ALG_KERN_DRIVER_ONLY,
+			.cra_blocksize = SM4_BLOCK_SIZE,
+			.cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+			.cra_alignmask = 0,
+			.cra_init = safexcel_skcipher_sm4_ecb_cra_init,
+			.cra_exit = safexcel_skcipher_cra_exit,
+			.cra_module = THIS_MODULE,
+		},
+	},
+};
-- 
1.8.3.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH 2/7] crypto: inside-secure - Add support for the cbc(sm4) skcipher
  2019-09-11 10:38 [PATCH 0/7] crypto: inside-secure - Add support for SM4 ciphers Pascal van Leeuwen
  2019-09-11 10:38 ` [PATCH 1/7] crypto: inside-secure - Add support for the ecb(sm4) skcipher Pascal van Leeuwen
@ 2019-09-11 10:38 ` Pascal van Leeuwen
  2019-09-11 10:38 ` [PATCH 3/7] crypto: inside-secure - Add support for the ofb(sm4) skcipher Pascal van Leeuwen
                   ` (4 subsequent siblings)
  6 siblings, 0 replies; 12+ messages in thread
From: Pascal van Leeuwen @ 2019-09-11 10:38 UTC (permalink / raw)
  To: linux-crypto; +Cc: antoine.tenart, herbert, davem, Pascal van Leeuwen

This patch adds support for SM4 in CBC mode, i.e. skcipher cbc(sm4).

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
---
 drivers/crypto/inside-secure/safexcel.c        |  1 +
 drivers/crypto/inside-secure/safexcel.h        |  1 +
 drivers/crypto/inside-secure/safexcel_cipher.c | 36 ++++++++++++++++++++++++++
 3 files changed, 38 insertions(+)

diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c
index fe785e8..4320992 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1179,6 +1179,7 @@ static int safexcel_request_ring_irq(void *pdev, int irqid,
 	&safexcel_alg_sm3,
 	&safexcel_alg_hmac_sm3,
 	&safexcel_alg_ecb_sm4,
+	&safexcel_alg_cbc_sm4,
 };
 
 static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h
index 970b5cd..1339f0e 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -874,5 +874,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key, unsigned int keylen,
 extern struct safexcel_alg_template safexcel_alg_sm3;
 extern struct safexcel_alg_template safexcel_alg_hmac_sm3;
 extern struct safexcel_alg_template safexcel_alg_ecb_sm4;
+extern struct safexcel_alg_template safexcel_alg_cbc_sm4;
 
 #endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c
index fc75f2f..a2e65fd 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2710,3 +2710,39 @@ struct safexcel_alg_template safexcel_alg_ecb_sm4 = {
 		},
 	},
 };
+
+static int safexcel_skcipher_sm4_cbc_cra_init(struct crypto_tfm *tfm)
+{
+	struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+	safexcel_skcipher_cra_init(tfm);
+	ctx->alg  = SAFEXCEL_SM4;
+	ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CBC;
+	return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_cbc_sm4 = {
+	.type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+	.algo_mask = SAFEXCEL_ALG_SM4,
+	.alg.skcipher = {
+		.setkey = safexcel_skcipher_sm4_setkey,
+		.encrypt = safexcel_sm4_blk_encrypt,
+		.decrypt = safexcel_sm4_blk_decrypt,
+		.min_keysize = SM4_KEY_SIZE,
+		.max_keysize = SM4_KEY_SIZE,
+		.ivsize = SM4_BLOCK_SIZE,
+		.base = {
+			.cra_name = "cbc(sm4)",
+			.cra_driver_name = "safexcel-cbc-sm4",
+			.cra_priority = SAFEXCEL_CRA_PRIORITY,
+			.cra_flags = CRYPTO_ALG_ASYNC |
+				     CRYPTO_ALG_KERN_DRIVER_ONLY,
+			.cra_blocksize = SM4_BLOCK_SIZE,
+			.cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+			.cra_alignmask = 0,
+			.cra_init = safexcel_skcipher_sm4_cbc_cra_init,
+			.cra_exit = safexcel_skcipher_cra_exit,
+			.cra_module = THIS_MODULE,
+		},
+	},
+};
-- 
1.8.3.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH 3/7] crypto: inside-secure - Add support for the ofb(sm4) skcipher
  2019-09-11 10:38 [PATCH 0/7] crypto: inside-secure - Add support for SM4 ciphers Pascal van Leeuwen
  2019-09-11 10:38 ` [PATCH 1/7] crypto: inside-secure - Add support for the ecb(sm4) skcipher Pascal van Leeuwen
  2019-09-11 10:38 ` [PATCH 2/7] crypto: inside-secure - Add support for the cbc(sm4) skcipher Pascal van Leeuwen
@ 2019-09-11 10:38 ` Pascal van Leeuwen
  2019-09-11 10:38 ` [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers Pascal van Leeuwen
                   ` (3 subsequent siblings)
  6 siblings, 0 replies; 12+ messages in thread
From: Pascal van Leeuwen @ 2019-09-11 10:38 UTC (permalink / raw)
  To: linux-crypto; +Cc: antoine.tenart, herbert, davem, Pascal van Leeuwen

This patch adds support for SM4 in OFB mode, i.e. skcipher ofb(sm4).

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
---
 drivers/crypto/inside-secure/safexcel.c        |  1 +
 drivers/crypto/inside-secure/safexcel.h        |  1 +
 drivers/crypto/inside-secure/safexcel_cipher.c | 36 ++++++++++++++++++++++++++
 3 files changed, 38 insertions(+)

diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c
index 4320992..fbfda68 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1180,6 +1180,7 @@ static int safexcel_request_ring_irq(void *pdev, int irqid,
 	&safexcel_alg_hmac_sm3,
 	&safexcel_alg_ecb_sm4,
 	&safexcel_alg_cbc_sm4,
+	&safexcel_alg_ofb_sm4,
 };
 
 static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h
index 1339f0e..448db38 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -875,5 +875,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key, unsigned int keylen,
 extern struct safexcel_alg_template safexcel_alg_hmac_sm3;
 extern struct safexcel_alg_template safexcel_alg_ecb_sm4;
 extern struct safexcel_alg_template safexcel_alg_cbc_sm4;
+extern struct safexcel_alg_template safexcel_alg_ofb_sm4;
 
 #endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c
index a2e65fd..0a30e7a 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2746,3 +2746,39 @@ struct safexcel_alg_template safexcel_alg_cbc_sm4 = {
 		},
 	},
 };
+
+static int safexcel_skcipher_sm4_ofb_cra_init(struct crypto_tfm *tfm)
+{
+	struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+	safexcel_skcipher_cra_init(tfm);
+	ctx->alg  = SAFEXCEL_SM4;
+	ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_OFB;
+	return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_ofb_sm4 = {
+	.type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+	.algo_mask = SAFEXCEL_ALG_SM4 | SAFEXCEL_ALG_AES_XFB,
+	.alg.skcipher = {
+		.setkey = safexcel_skcipher_sm4_setkey,
+		.encrypt = safexcel_encrypt,
+		.decrypt = safexcel_decrypt,
+		.min_keysize = SM4_KEY_SIZE,
+		.max_keysize = SM4_KEY_SIZE,
+		.ivsize = SM4_BLOCK_SIZE,
+		.base = {
+			.cra_name = "ofb(sm4)",
+			.cra_driver_name = "safexcel-ofb-sm4",
+			.cra_priority = SAFEXCEL_CRA_PRIORITY,
+			.cra_flags = CRYPTO_ALG_ASYNC |
+				     CRYPTO_ALG_KERN_DRIVER_ONLY,
+			.cra_blocksize = 1,
+			.cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+			.cra_alignmask = 0,
+			.cra_init = safexcel_skcipher_sm4_ofb_cra_init,
+			.cra_exit = safexcel_skcipher_cra_exit,
+			.cra_module = THIS_MODULE,
+		},
+	},
+};
-- 
1.8.3.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers
  2019-09-11 10:38 [PATCH 0/7] crypto: inside-secure - Add support for SM4 ciphers Pascal van Leeuwen
                   ` (2 preceding siblings ...)
  2019-09-11 10:38 ` [PATCH 3/7] crypto: inside-secure - Add support for the ofb(sm4) skcipher Pascal van Leeuwen
@ 2019-09-11 10:38 ` Pascal van Leeuwen
  2019-09-11 16:05   ` Eric Biggers
  2019-09-11 10:38 ` [PATCH 5/7] crypto: inside-secure - Add support for the cfb(sm4) skcipher Pascal van Leeuwen
                   ` (2 subsequent siblings)
  6 siblings, 1 reply; 12+ messages in thread
From: Pascal van Leeuwen @ 2019-09-11 10:38 UTC (permalink / raw)
  To: linux-crypto; +Cc: antoine.tenart, herbert, davem, Pascal van Leeuwen

Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
---
 crypto/testmgr.c | 12 +++++++
 crypto/testmgr.h | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 110 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 3604c9d..fbc19bc 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4406,6 +4406,12 @@ static int alg_test_null(const struct alg_test_desc *desc,
 			.cipher = __VECS(aes_cfb_tv_template)
 		},
 	}, {
+		.alg = "cfb(sm4)",
+		.test = alg_test_skcipher,
+		.suite = {
+			.cipher = __VECS(sm4_cfb_tv_template)
+		}
+	}, {
 		.alg = "chacha20",
 		.test = alg_test_skcipher,
 		.suite = {
@@ -5063,6 +5069,12 @@ static int alg_test_null(const struct alg_test_desc *desc,
 		.test = alg_test_null,
 		.fips_allowed = 1,
 	}, {
+		.alg = "ofb(sm4)",
+		.test = alg_test_skcipher,
+		.suite = {
+			.cipher = __VECS(sm4_ofb_tv_template)
+		}
+	}, {
 		.alg = "pcbc(fcrypt)",
 		.test = alg_test_skcipher,
 		.suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 1f56293..4e74f65 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -12209,6 +12209,104 @@ struct len_range_sel {
 	}
 };
 
+static const struct cipher_testvec sm4_ofb_tv_template[] = {
+	{ /* From: draft-ribose-cfrg-sm4-02, paragraph 12.2.3 */
+		.key	= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+			  "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+		.klen	= 16,
+		.iv	= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+			  "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+		.ptext	= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+			  "\xfe\xdc\xba\x98\x76\x54\x32\x10"
+			  "\x01\x23\x45\x67\x89\xab\xcd\xef"
+			  "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+		.ctext	= "\x69\x3d\x9a\x53\x5b\xad\x5b\xb1"
+			  "\x78\x6f\x53\xd7\x25\x3a\x70\x56"
+			  "\xf2\x07\x5d\x28\xb5\x23\x5f\x58"
+			  "\xd5\x00\x27\xe4\x17\x7d\x2b\xce",
+		.len	= 32,
+	}, { /* From: draft-ribose-cfrg-sm4-09, appendix A.2.3, Example 1 */
+		.key	= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+			  "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+		.klen	= 16,
+		.iv	= "\x00\x01\x02\x03\x04\x05\x06\x07"
+			  "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+		.ptext	= "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb"
+			  "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"
+			  "\xee\xee\xee\xee\xff\xff\xff\xff"
+			  "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb",
+		.ctext	= "\xac\x32\x36\xcb\x86\x1d\xd3\x16"
+			  "\xe6\x41\x3b\x4e\x3c\x75\x24\xb7"
+			  "\x1d\x01\xac\xa2\x48\x7c\xa5\x82"
+			  "\xcb\xf5\x46\x3e\x66\x98\x53\x9b",
+		.len	= 32,
+	}, { /* From: draft-ribose-cfrg-sm4-09, appendix A.2.3, Example 2 */
+		.key	= "\xfe\xdc\xba\x98\x76\x54\x32\x10"
+			  "\x01\x23\x45\x67\x89\xab\xcd\xef",
+		.klen	= 16,
+		.iv	= "\x00\x01\x02\x03\x04\x05\x06\x07"
+			  "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+		.ptext	= "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb"
+			  "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"
+			  "\xee\xee\xee\xee\xff\xff\xff\xff"
+			  "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb",
+		.ctext	= "\x5d\xcc\xcd\x25\xa8\x4b\xa1\x65"
+			  "\x60\xd7\xf2\x65\x88\x70\x68\x49"
+			  "\x33\xfa\x16\xbd\x5c\xd9\xc8\x56"
+			  "\xca\xca\xa1\xe1\x01\x89\x7a\x97",
+		.len	= 32,
+	}
+};
+
+static const struct cipher_testvec sm4_cfb_tv_template[] = {
+	{ /* From: draft-ribose-cfrg-sm4-02, paragraph 12.2.4 */
+		.key	= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+			  "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+		.klen	= 16,
+		.iv	= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+			  "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+		.ptext	= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+			  "\xfe\xdc\xba\x98\x76\x54\x32\x10"
+			  "\x01\x23\x45\x67\x89\xab\xcd\xef"
+			  "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+		.ctext	= "\x69\x3d\x9a\x53\x5b\xad\x5b\xb1"
+			  "\x78\x6f\x53\xd7\x25\x3a\x70\x56"
+			  "\x9e\xd2\x58\xa8\x5a\x04\x67\xcc"
+			  "\x92\xaa\xb3\x93\xdd\x97\x89\x95",
+		.len	= 32,
+	}, { /* From: draft-ribose-cfrg-sm4-09, appendix A.2.4, Example 1 */
+		.key	= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+			  "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+		.klen	= 16,
+		.iv	= "\x00\x01\x02\x03\x04\x05\x06\x07"
+			  "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+		.ptext	= "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb"
+			  "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"
+			  "\xee\xee\xee\xee\xff\xff\xff\xff"
+			  "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb",
+		.ctext	= "\xac\x32\x36\xcb\x86\x1d\xd3\x16"
+			  "\xe6\x41\x3b\x4e\x3c\x75\x24\xb7"
+			  "\x69\xd4\xc5\x4e\xd4\x33\xb9\xa0"
+			  "\x34\x60\x09\xbe\xb3\x7b\x2b\x3f",
+		.len	= 32,
+	}, { /* From: draft-ribose-cfrg-sm4-09, appendix A.2.4, Example 2 */
+		.key	= "\xfe\xdc\xba\x98\x76\x54\x32\x10"
+			  "\x01\x23\x45\x67\x89\xab\xcd\xef",
+		.klen	= 16,
+		.iv	= "\x00\x01\x02\x03\x04\x05\x06\x07"
+			  "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+		.ptext	= "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb"
+			  "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"
+			  "\xee\xee\xee\xee\xff\xff\xff\xff"
+			  "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb",
+		.ctext	= "\x5d\xcc\xcd\x25\xa8\x4b\xa1\x65"
+			  "\x60\xd7\xf2\x65\x88\x70\x68\x49"
+			  "\x0d\x9b\x86\xff\x20\xc3\xbf\xe1"
+			  "\x15\xff\xa0\x2c\xa6\x19\x2c\xc5",
+		.len	= 32,
+	}
+};
+
 /* Cast6 test vectors from RFC 2612 */
 static const struct cipher_testvec cast6_tv_template[] = {
 	{
-- 
1.8.3.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH 5/7] crypto: inside-secure - Add support for the cfb(sm4) skcipher
  2019-09-11 10:38 [PATCH 0/7] crypto: inside-secure - Add support for SM4 ciphers Pascal van Leeuwen
                   ` (3 preceding siblings ...)
  2019-09-11 10:38 ` [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers Pascal van Leeuwen
@ 2019-09-11 10:38 ` Pascal van Leeuwen
  2019-09-11 10:38 ` [PATCH 6/7] crypto: inside-secure - Add support for the rfc3685(ctr(sm4)) skcipher Pascal van Leeuwen
  2019-09-11 10:38 ` [PATCH 7/7] crypto: testmgr - Added testvectors for the rfc3686(ctr(sm4)) skcipher Pascal van Leeuwen
  6 siblings, 0 replies; 12+ messages in thread
From: Pascal van Leeuwen @ 2019-09-11 10:38 UTC (permalink / raw)
  To: linux-crypto; +Cc: antoine.tenart, herbert, davem, Pascal van Leeuwen

This patch adds support for SM4 in CFB mode, i.e. skcipher cfb(sm4).

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
---
 drivers/crypto/inside-secure/safexcel.c        |  1 +
 drivers/crypto/inside-secure/safexcel.h        |  1 +
 drivers/crypto/inside-secure/safexcel_cipher.c | 36 ++++++++++++++++++++++++++
 3 files changed, 38 insertions(+)

diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c
index fbfda68..1679b41 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1181,6 +1181,7 @@ static int safexcel_request_ring_irq(void *pdev, int irqid,
 	&safexcel_alg_ecb_sm4,
 	&safexcel_alg_cbc_sm4,
 	&safexcel_alg_ofb_sm4,
+	&safexcel_alg_cfb_sm4,
 };
 
 static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h
index 448db38..07aa46b 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -876,5 +876,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key, unsigned int keylen,
 extern struct safexcel_alg_template safexcel_alg_ecb_sm4;
 extern struct safexcel_alg_template safexcel_alg_cbc_sm4;
 extern struct safexcel_alg_template safexcel_alg_ofb_sm4;
+extern struct safexcel_alg_template safexcel_alg_cfb_sm4;
 
 #endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c
index 0a30e7a..89cef28 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2782,3 +2782,39 @@ struct safexcel_alg_template safexcel_alg_ofb_sm4 = {
 		},
 	},
 };
+
+static int safexcel_skcipher_sm4_cfb_cra_init(struct crypto_tfm *tfm)
+{
+	struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+	safexcel_skcipher_cra_init(tfm);
+	ctx->alg  = SAFEXCEL_SM4;
+	ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CFB;
+	return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_cfb_sm4 = {
+	.type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+	.algo_mask = SAFEXCEL_ALG_SM4 | SAFEXCEL_ALG_AES_XFB,
+	.alg.skcipher = {
+		.setkey = safexcel_skcipher_sm4_setkey,
+		.encrypt = safexcel_encrypt,
+		.decrypt = safexcel_decrypt,
+		.min_keysize = SM4_KEY_SIZE,
+		.max_keysize = SM4_KEY_SIZE,
+		.ivsize = SM4_BLOCK_SIZE,
+		.base = {
+			.cra_name = "cfb(sm4)",
+			.cra_driver_name = "safexcel-cfb-sm4",
+			.cra_priority = SAFEXCEL_CRA_PRIORITY,
+			.cra_flags = CRYPTO_ALG_ASYNC |
+				     CRYPTO_ALG_KERN_DRIVER_ONLY,
+			.cra_blocksize = 1,
+			.cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+			.cra_alignmask = 0,
+			.cra_init = safexcel_skcipher_sm4_cfb_cra_init,
+			.cra_exit = safexcel_skcipher_cra_exit,
+			.cra_module = THIS_MODULE,
+		},
+	},
+};
-- 
1.8.3.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH 6/7] crypto: inside-secure - Add support for the rfc3685(ctr(sm4)) skcipher
  2019-09-11 10:38 [PATCH 0/7] crypto: inside-secure - Add support for SM4 ciphers Pascal van Leeuwen
                   ` (4 preceding siblings ...)
  2019-09-11 10:38 ` [PATCH 5/7] crypto: inside-secure - Add support for the cfb(sm4) skcipher Pascal van Leeuwen
@ 2019-09-11 10:38 ` Pascal van Leeuwen
  2019-09-11 10:38 ` [PATCH 7/7] crypto: testmgr - Added testvectors for the rfc3686(ctr(sm4)) skcipher Pascal van Leeuwen
  6 siblings, 0 replies; 12+ messages in thread
From: Pascal van Leeuwen @ 2019-09-11 10:38 UTC (permalink / raw)
  To: linux-crypto; +Cc: antoine.tenart, herbert, davem, Pascal van Leeuwen

This patch adds support for SM4 in (32 bit) CTR mode, i.e. skcipher
rfc3686(ctr(sm4)).

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
---
 drivers/crypto/inside-secure/safexcel.c        |  1 +
 drivers/crypto/inside-secure/safexcel.h        |  1 +
 drivers/crypto/inside-secure/safexcel_cipher.c | 51 ++++++++++++++++++++++++++
 3 files changed, 53 insertions(+)

diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c
index 1679b41..7da4801 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1182,6 +1182,7 @@ static int safexcel_request_ring_irq(void *pdev, int irqid,
 	&safexcel_alg_cbc_sm4,
 	&safexcel_alg_ofb_sm4,
 	&safexcel_alg_cfb_sm4,
+	&safexcel_alg_ctr_sm4,
 };
 
 static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h
index 07aa46b..d45ecf3 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -877,5 +877,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key, unsigned int keylen,
 extern struct safexcel_alg_template safexcel_alg_cbc_sm4;
 extern struct safexcel_alg_template safexcel_alg_ofb_sm4;
 extern struct safexcel_alg_template safexcel_alg_cfb_sm4;
+extern struct safexcel_alg_template safexcel_alg_ctr_sm4;
 
 #endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c
index 89cef28..5f65748 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2818,3 +2818,54 @@ struct safexcel_alg_template safexcel_alg_cfb_sm4 = {
 		},
 	},
 };
+
+static int safexcel_skcipher_sm4ctr_setkey(struct crypto_skcipher *ctfm,
+					   const u8 *key, unsigned int len)
+{
+	struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm);
+	struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+	/* last 4 bytes of key are the nonce! */
+	ctx->nonce = *(u32 *)(key + len - CTR_RFC3686_NONCE_SIZE);
+	/* exclude the nonce here */
+	len -= CTR_RFC3686_NONCE_SIZE;
+
+	return safexcel_skcipher_sm4_setkey(ctfm, key, len);
+}
+
+static int safexcel_skcipher_sm4_ctr_cra_init(struct crypto_tfm *tfm)
+{
+	struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+	safexcel_skcipher_cra_init(tfm);
+	ctx->alg  = SAFEXCEL_SM4;
+	ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD;
+	return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_ctr_sm4 = {
+	.type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+	.algo_mask = SAFEXCEL_ALG_SM4,
+	.alg.skcipher = {
+		.setkey = safexcel_skcipher_sm4ctr_setkey,
+		.encrypt = safexcel_encrypt,
+		.decrypt = safexcel_decrypt,
+		/* Add nonce size */
+		.min_keysize = SM4_KEY_SIZE + CTR_RFC3686_NONCE_SIZE,
+		.max_keysize = SM4_KEY_SIZE + CTR_RFC3686_NONCE_SIZE,
+		.ivsize = CTR_RFC3686_IV_SIZE,
+		.base = {
+			.cra_name = "rfc3686(ctr(sm4))",
+			.cra_driver_name = "safexcel-ctr-sm4",
+			.cra_priority = SAFEXCEL_CRA_PRIORITY,
+			.cra_flags = CRYPTO_ALG_ASYNC |
+				     CRYPTO_ALG_KERN_DRIVER_ONLY,
+			.cra_blocksize = 1,
+			.cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+			.cra_alignmask = 0,
+			.cra_init = safexcel_skcipher_sm4_ctr_cra_init,
+			.cra_exit = safexcel_skcipher_cra_exit,
+			.cra_module = THIS_MODULE,
+		},
+	},
+};
-- 
1.8.3.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH 7/7] crypto: testmgr - Added testvectors for the rfc3686(ctr(sm4)) skcipher
  2019-09-11 10:38 [PATCH 0/7] crypto: inside-secure - Add support for SM4 ciphers Pascal van Leeuwen
                   ` (5 preceding siblings ...)
  2019-09-11 10:38 ` [PATCH 6/7] crypto: inside-secure - Add support for the rfc3685(ctr(sm4)) skcipher Pascal van Leeuwen
@ 2019-09-11 10:38 ` Pascal van Leeuwen
  6 siblings, 0 replies; 12+ messages in thread
From: Pascal van Leeuwen @ 2019-09-11 10:38 UTC (permalink / raw)
  To: linux-crypto; +Cc: antoine.tenart, herbert, davem, Pascal van Leeuwen

Added testvectors for the rfc3686(ctr(sm4)) skcipher algorithm

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
---
 crypto/testmgr.c |  6 ++++++
 crypto/testmgr.h | 29 +++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index fbc19bc..90a9f08 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5113,6 +5113,12 @@ static int alg_test_null(const struct alg_test_desc *desc,
 			.cipher = __VECS(aes_ctr_rfc3686_tv_template)
 		}
 	}, {
+		.alg = "rfc3686(ctr(sm4))",
+		.test = alg_test_skcipher,
+		.suite = {
+			.cipher = __VECS(sm4_ctr_rfc3686_tv_template)
+		}
+	}, {
 		.alg = "rfc4106(gcm(aes))",
 		.generic_driver = "rfc4106(gcm_base(ctr(aes-generic),ghash-generic))",
 		.test = alg_test_aead,
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 4e74f65..871d9db 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -12209,6 +12209,35 @@ struct len_range_sel {
 	}
 };
 
+static const struct cipher_testvec sm4_ctr_rfc3686_tv_template[] = {
+	{
+		.key	= "\xae\x68\x52\xf8\x12\x10\x67\xcc"
+			  "\x4b\xf7\xa5\x76\x55\x77\xf3\x9e"
+			  "\x00\x00\x00\x30",
+		.klen	= 20,
+		.iv	= "\x00\x00\x00\x00\x00\x00\x00\x00",
+		.ptext	= "Single block msg",
+		.ctext	= "\x20\x9b\x77\x31\xd3\x65\xdb\xab"
+			  "\x9e\x48\x74\x7e\xbd\x13\x83\xeb",
+		.len	= 16,
+	}, {
+		.key	= "\x7e\x24\x06\x78\x17\xfa\xe0\xd7"
+			  "\x43\xd6\xce\x1f\x32\x53\x91\x63"
+			  "\x00\x6c\xb6\xdb",
+		.klen	= 20,
+		.iv	= "\xc0\x54\x3b\x59\xda\x48\xd9\x0b",
+		.ptext	= "\x00\x01\x02\x03\x04\x05\x06\x07"
+			  "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+			  "\x10\x11\x12\x13\x14\x15\x16\x17"
+			  "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+		.ctext	= "\x33\xe0\x28\x01\x92\xed\xc9\x1e"
+			  "\x97\x35\xd9\x4a\xec\xd4\xbc\x23"
+			  "\x4f\x35\x9f\x1c\x55\x1f\xe0\x27"
+			  "\xe0\xdf\xc5\x43\xbc\xb0\x23\x94",
+		.len	= 32,
+	}
+};
+
 static const struct cipher_testvec sm4_ofb_tv_template[] = {
 	{ /* From: draft-ribose-cfrg-sm4-02, paragraph 12.2.3 */
 		.key	= "\x01\x23\x45\x67\x89\xab\xcd\xef"
-- 
1.8.3.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers
  2019-09-11 10:38 ` [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers Pascal van Leeuwen
@ 2019-09-11 16:05   ` Eric Biggers
  2019-09-11 19:34     ` Pascal Van Leeuwen
  0 siblings, 1 reply; 12+ messages in thread
From: Eric Biggers @ 2019-09-11 16:05 UTC (permalink / raw)
  To: Pascal van Leeuwen
  Cc: linux-crypto, antoine.tenart, herbert, davem, Pascal van Leeuwen

On Wed, Sep 11, 2019 at 12:38:21PM +0200, Pascal van Leeuwen wrote:
> Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms
> 

What is the use case for these algorithms?  Who/what is going to use them?

- Eric

^ permalink raw reply	[flat|nested] 12+ messages in thread

* RE: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers
  2019-09-11 16:05   ` Eric Biggers
@ 2019-09-11 19:34     ` Pascal Van Leeuwen
  2019-09-15 20:20       ` Eric Biggers
  0 siblings, 1 reply; 12+ messages in thread
From: Pascal Van Leeuwen @ 2019-09-11 19:34 UTC (permalink / raw)
  To: Eric Biggers, Pascal van Leeuwen
  Cc: linux-crypto, antoine.tenart, herbert, davem

> -----Original Message-----
> From: Eric Biggers <ebiggers@kernel.org>
> Sent: Wednesday, September 11, 2019 6:06 PM
> To: Pascal van Leeuwen <pascalvanl@gmail.com>
> Cc: linux-crypto@vger.kernel.org; antoine.tenart@bootlin.com; herbert@gondor.apana.org.au;
> davem@davemloft.net; Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
> Subject: Re: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4)
> skciphers
> 
> On Wed, Sep 11, 2019 at 12:38:21PM +0200, Pascal van Leeuwen wrote:
> > Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms
> >
> 
> What is the use case for these algorithms?  Who/what is going to use them?
> 
> - Eric
>
SM4 is a Chinese replacement for 128 bit AES, which is mandatory to be used for many
Chinese use cases. So they would use these whereever you would normally use ofb(aes)
or cfb(aes). Frankly, I'm not aware of any practicle use cases for these feedback
modes, but we've been supporting them for decades and apparently the Crypto API
supports them for AES as well. So they must be useful for something ...

The obvious advantage over CBC mode was that they only require the encrypt part of
the cipher, but that holds for the (newer) CTR mode as well. So, my guess would be
some legacy uses cases from before the time CTR mode and AEAD's became popular.

Maybe someone remembers why these were added for AES in the first place?

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers
  2019-09-11 19:34     ` Pascal Van Leeuwen
@ 2019-09-15 20:20       ` Eric Biggers
  2019-09-15 22:02         ` Pascal Van Leeuwen
  0 siblings, 1 reply; 12+ messages in thread
From: Eric Biggers @ 2019-09-15 20:20 UTC (permalink / raw)
  To: Pascal Van Leeuwen
  Cc: Pascal van Leeuwen, linux-crypto, antoine.tenart, herbert, davem

On Wed, Sep 11, 2019 at 07:34:31PM +0000, Pascal Van Leeuwen wrote:
> > -----Original Message-----
> > From: Eric Biggers <ebiggers@kernel.org>
> > Sent: Wednesday, September 11, 2019 6:06 PM
> > To: Pascal van Leeuwen <pascalvanl@gmail.com>
> > Cc: linux-crypto@vger.kernel.org; antoine.tenart@bootlin.com; herbert@gondor.apana.org.au;
> > davem@davemloft.net; Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
> > Subject: Re: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4)
> > skciphers
> > 
> > On Wed, Sep 11, 2019 at 12:38:21PM +0200, Pascal van Leeuwen wrote:
> > > Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms
> > >
> > 
> > What is the use case for these algorithms?  Who/what is going to use them?
> > 
> > - Eric
> >
> SM4 is a Chinese replacement for 128 bit AES, which is mandatory to be used for many
> Chinese use cases. So they would use these whereever you would normally use ofb(aes)
> or cfb(aes). Frankly, I'm not aware of any practicle use cases for these feedback
> modes, but we've been supporting them for decades and apparently the Crypto API
> supports them for AES as well. So they must be useful for something ...
> 
> The obvious advantage over CBC mode was that they only require the encrypt part of
> the cipher, but that holds for the (newer) CTR mode as well. So, my guess would be
> some legacy uses cases from before the time CTR mode and AEAD's became popular.
> 
> Maybe someone remembers why these were added for AES in the first place?
> 

So if you have no idea why they should be added, why are you adding them?

- Eric

^ permalink raw reply	[flat|nested] 12+ messages in thread

* RE: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers
  2019-09-15 20:20       ` Eric Biggers
@ 2019-09-15 22:02         ` Pascal Van Leeuwen
  0 siblings, 0 replies; 12+ messages in thread
From: Pascal Van Leeuwen @ 2019-09-15 22:02 UTC (permalink / raw)
  To: Eric Biggers
  Cc: Pascal van Leeuwen, linux-crypto, antoine.tenart, herbert, davem

> -----Original Message-----
> From: Eric Biggers <ebiggers@kernel.org>
> Sent: Sunday, September 15, 2019 10:21 PM
> To: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
> Cc: Pascal van Leeuwen <pascalvanl@gmail.com>; linux-crypto@vger.kernel.org;
> antoine.tenart@bootlin.com; herbert@gondor.apana.org.au; davem@davemloft.net
> Subject: Re: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4)
> skciphers
> 
> On Wed, Sep 11, 2019 at 07:34:31PM +0000, Pascal Van Leeuwen wrote:
> > > -----Original Message-----
> > > From: Eric Biggers <ebiggers@kernel.org>
> > > Sent: Wednesday, September 11, 2019 6:06 PM
> > > To: Pascal van Leeuwen <pascalvanl@gmail.com>
> > > Cc: linux-crypto@vger.kernel.org; antoine.tenart@bootlin.com; herbert@gondor.apana.org.au;
> > > davem@davemloft.net; Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
> > > Subject: Re: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4)
> > > skciphers
> > >
> > > On Wed, Sep 11, 2019 at 12:38:21PM +0200, Pascal van Leeuwen wrote:
> > > > Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms
> > > >
> > >
> > > What is the use case for these algorithms?  Who/what is going to use them?
> > >
> > > - Eric
> > >
> > SM4 is a Chinese replacement for 128 bit AES, which is mandatory to be used for many
> > Chinese use cases. So they would use these whereever you would normally use ofb(aes)
> > or cfb(aes). Frankly, I'm not aware of any practicle use cases for these feedback
> > modes, but we've been supporting them for decades and apparently the Crypto API
> > supports them for AES as well. So they must be useful for something ...
> >
> > The obvious advantage over CBC mode was that they only require the encrypt part of
> > the cipher, but that holds for the (newer) CTR mode as well. So, my guess would be
> > some legacy uses cases from before the time CTR mode and AEAD's became popular.
> >
> > Maybe someone remembers why these were added for AES in the first place?
> >
> 
> So if you have no idea why they should be added, why are you adding them?
>
Because our hardware supports these modes and I added support for this to
the inside-secure driver, so it made sense to be able to test that as well.
That's the primary reason for adding them, otherwise I would not have bothered.

> - Eric

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com


^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, back to index

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-11 10:38 [PATCH 0/7] crypto: inside-secure - Add support for SM4 ciphers Pascal van Leeuwen
2019-09-11 10:38 ` [PATCH 1/7] crypto: inside-secure - Add support for the ecb(sm4) skcipher Pascal van Leeuwen
2019-09-11 10:38 ` [PATCH 2/7] crypto: inside-secure - Add support for the cbc(sm4) skcipher Pascal van Leeuwen
2019-09-11 10:38 ` [PATCH 3/7] crypto: inside-secure - Add support for the ofb(sm4) skcipher Pascal van Leeuwen
2019-09-11 10:38 ` [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers Pascal van Leeuwen
2019-09-11 16:05   ` Eric Biggers
2019-09-11 19:34     ` Pascal Van Leeuwen
2019-09-15 20:20       ` Eric Biggers
2019-09-15 22:02         ` Pascal Van Leeuwen
2019-09-11 10:38 ` [PATCH 5/7] crypto: inside-secure - Add support for the cfb(sm4) skcipher Pascal van Leeuwen
2019-09-11 10:38 ` [PATCH 6/7] crypto: inside-secure - Add support for the rfc3685(ctr(sm4)) skcipher Pascal van Leeuwen
2019-09-11 10:38 ` [PATCH 7/7] crypto: testmgr - Added testvectors for the rfc3686(ctr(sm4)) skcipher Pascal van Leeuwen

Linux-Crypto Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-crypto/0 linux-crypto/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-crypto linux-crypto/ https://lore.kernel.org/linux-crypto \
		linux-crypto@vger.kernel.org linux-crypto@archiver.kernel.org
	public-inbox-index linux-crypto


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-crypto


AGPL code for this site: git clone https://public-inbox.org/ public-inbox