* [PATCH] IMA hash algorithm supports sm3
@ 2020-02-10 12:44 Tianjia Zhang
2020-02-10 12:44 ` [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name Tianjia Zhang
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Tianjia Zhang @ 2020-02-10 12:44 UTC (permalink / raw)
To: herbert, davem, zohar, dmitry.kasatkin, jmorris, serge, ebiggers
Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel
Fixed an issue where the sm3 algorithm name mismatch in the crypto subsystem hash_algo_name.
Make IMA support sm3 hash algorithm, added support for sm3 in IMA algorithm Kconfig configuration.
^ permalink raw reply [flat|nested] 7+ messages in thread* [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name 2020-02-10 12:44 [PATCH] IMA hash algorithm supports sm3 Tianjia Zhang @ 2020-02-10 12:44 ` Tianjia Zhang 2020-02-10 17:42 ` Mimi Zohar 2020-02-11 21:49 ` Mimi Zohar 2020-02-10 12:44 ` [PATCH 2/2] ima: add sm3 algorithm to hash algorithm configuration list Tianjia Zhang [not found] ` <42b6db00b1864da9ad76a8d5964fdb74@MN2PR20MB2973.namprd20.prod.outlook.com> 2 siblings, 2 replies; 7+ messages in thread From: Tianjia Zhang @ 2020-02-10 12:44 UTC (permalink / raw) To: herbert, davem, zohar, dmitry.kasatkin, jmorris, serge, ebiggers Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel The name sm3-256 is defined in hash_algo_name in hash_info, but the algorithm name implemented in sm3_generic.c is sm3, which will cause the sm3-256 algorithm to be not found in some application scenarios of the hash algorithm, and an ENOENT error will occur. For example, IMA, keys, and other subsystems that reference hash_algo_name all use the hash algorithm of sm3. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> --- crypto/hash_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/hash_info.c b/crypto/hash_info.c index c754cb75dd1a..a49ff96bde77 100644 --- a/crypto/hash_info.c +++ b/crypto/hash_info.c @@ -26,7 +26,7 @@ const char *const hash_algo_name[HASH_ALGO__LAST] = { [HASH_ALGO_TGR_128] = "tgr128", [HASH_ALGO_TGR_160] = "tgr160", [HASH_ALGO_TGR_192] = "tgr192", - [HASH_ALGO_SM3_256] = "sm3-256", + [HASH_ALGO_SM3_256] = "sm3", [HASH_ALGO_STREEBOG_256] = "streebog256", [HASH_ALGO_STREEBOG_512] = "streebog512", }; -- 2.17.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name 2020-02-10 12:44 ` [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name Tianjia Zhang @ 2020-02-10 17:42 ` Mimi Zohar 2020-02-11 21:49 ` Mimi Zohar 1 sibling, 0 replies; 7+ messages in thread From: Mimi Zohar @ 2020-02-10 17:42 UTC (permalink / raw) To: Tianjia Zhang, herbert, davem, dmitry.kasatkin, jmorris, serge, ebiggers, Jarkko Sakkinen Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel [Cc'ing Jarkko] On Mon, 2020-02-10 at 20:44 +0800, Tianjia Zhang wrote: > The name sm3-256 is defined in hash_algo_name in hash_info, but the > algorithm name implemented in sm3_generic.c is sm3, which will cause > the sm3-256 algorithm to be not found in some application scenarios of > the hash algorithm, and an ENOENT error will occur. For example, > IMA, keys, and other subsystems that reference hash_algo_name all use > the hash algorithm of sm3. > > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Missing is the "Fixes" tag and Cc'ing the person who upstreamed "sm3- 256" in the first place. Mimi > --- > crypto/hash_info.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/crypto/hash_info.c b/crypto/hash_info.c > index c754cb75dd1a..a49ff96bde77 100644 > --- a/crypto/hash_info.c > +++ b/crypto/hash_info.c > @@ -26,7 +26,7 @@ const char *const hash_algo_name[HASH_ALGO__LAST] = { > [HASH_ALGO_TGR_128] = "tgr128", > [HASH_ALGO_TGR_160] = "tgr160", > [HASH_ALGO_TGR_192] = "tgr192", > - [HASH_ALGO_SM3_256] = "sm3-256", > + [HASH_ALGO_SM3_256] = "sm3", > [HASH_ALGO_STREEBOG_256] = "streebog256", > [HASH_ALGO_STREEBOG_512] = "streebog512", > }; ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name 2020-02-10 12:44 ` [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name Tianjia Zhang 2020-02-10 17:42 ` Mimi Zohar @ 2020-02-11 21:49 ` Mimi Zohar 2020-02-11 23:23 ` Mimi Zohar 1 sibling, 1 reply; 7+ messages in thread From: Mimi Zohar @ 2020-02-11 21:49 UTC (permalink / raw) To: Tianjia Zhang, herbert, davem, dmitry.kasatkin, jmorris, serge, ebiggers Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel On Mon, 2020-02-10 at 20:44 +0800, Tianjia Zhang wrote: > The name sm3-256 is defined in hash_algo_name in hash_info, but the > algorithm name implemented in sm3_generic.c is sm3, which will cause > the sm3-256 algorithm to be not found in some application scenarios of > the hash algorithm, and an ENOENT error will occur. For example, > IMA, keys, and other subsystems that reference hash_algo_name all use > the hash algorithm of sm3. > > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> The "hash_map" needs to be updated to reflect this change. static struct tpm2_hash tpm2_hash_map[] = { {HASH_ALGO_SHA1, TPM_ALG_SHA1}, {HASH_ALGO_SHA256, TPM_ALG_SHA256}, {HASH_ALGO_SHA384, TPM_ALG_SHA384}, {HASH_ALGO_SHA512, TPM_ALG_SHA512}, {HASH_ALGO_SM3_256, TPM_ALG_SM3_256}, }; Mimi > --- > crypto/hash_info.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/crypto/hash_info.c b/crypto/hash_info.c > index c754cb75dd1a..a49ff96bde77 100644 > --- a/crypto/hash_info.c > +++ b/crypto/hash_info.c > @@ -26,7 +26,7 @@ const char *const hash_algo_name[HASH_ALGO__LAST] = { > [HASH_ALGO_TGR_128] = "tgr128", > [HASH_ALGO_TGR_160] = "tgr160", > [HASH_ALGO_TGR_192] = "tgr192", > - [HASH_ALGO_SM3_256] = "sm3-256", > + [HASH_ALGO_SM3_256] = "sm3", > [HASH_ALGO_STREEBOG_256] = "streebog256", > [HASH_ALGO_STREEBOG_512] = "streebog512", > }; ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name 2020-02-11 21:49 ` Mimi Zohar @ 2020-02-11 23:23 ` Mimi Zohar 0 siblings, 0 replies; 7+ messages in thread From: Mimi Zohar @ 2020-02-11 23:23 UTC (permalink / raw) To: Tianjia Zhang, herbert, davem, dmitry.kasatkin, jmorris, serge, ebiggers Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel On Tue, 2020-02-11 at 16:49 -0500, Mimi Zohar wrote: > On Mon, 2020-02-10 at 20:44 +0800, Tianjia Zhang wrote: > > The name sm3-256 is defined in hash_algo_name in hash_info, but the > > algorithm name implemented in sm3_generic.c is sm3, which will cause > > the sm3-256 algorithm to be not found in some application scenarios of > > the hash algorithm, and an ENOENT error will occur. For example, > > IMA, keys, and other subsystems that reference hash_algo_name all use > > the hash algorithm of sm3. > > > > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > > The "hash_map" needs to be updated to reflect this change. > > static struct tpm2_hash tpm2_hash_map[] = { > {HASH_ALGO_SHA1, TPM_ALG_SHA1}, > {HASH_ALGO_SHA256, TPM_ALG_SHA256}, > {HASH_ALGO_SHA384, TPM_ALG_SHA384}, > {HASH_ALGO_SHA512, TPM_ALG_SHA512}, > {HASH_ALGO_SM3_256, TPM_ALG_SM3_256}, > }; Never mind, the enum name "HASH_ALGO_SM3_256" didn't change. Just the string changed. Mimi ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 2/2] ima: add sm3 algorithm to hash algorithm configuration list 2020-02-10 12:44 [PATCH] IMA hash algorithm supports sm3 Tianjia Zhang 2020-02-10 12:44 ` [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name Tianjia Zhang @ 2020-02-10 12:44 ` Tianjia Zhang [not found] ` <42b6db00b1864da9ad76a8d5964fdb74@MN2PR20MB2973.namprd20.prod.outlook.com> 2 siblings, 0 replies; 7+ messages in thread From: Tianjia Zhang @ 2020-02-10 12:44 UTC (permalink / raw) To: herbert, davem, zohar, dmitry.kasatkin, jmorris, serge, ebiggers Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel sm3 has been supported by the ima hash algorithm, but it is not yet in the Kconfig configuration list. After adding, both ima and tpm2 can support sm3 well. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> --- security/integrity/ima/Kconfig | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 838476d780e5..ace6762c1cf1 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -112,6 +112,10 @@ choice config IMA_DEFAULT_HASH_WP512 bool "WP512" depends on CRYPTO_WP512=y && !IMA_TEMPLATE + + config IMA_DEFAULT_HASH_SM3 + bool "SM3" + depends on CRYPTO_SM3=y && !IMA_TEMPLATE endchoice config IMA_DEFAULT_HASH @@ -121,6 +125,7 @@ config IMA_DEFAULT_HASH default "sha256" if IMA_DEFAULT_HASH_SHA256 default "sha512" if IMA_DEFAULT_HASH_SHA512 default "wp512" if IMA_DEFAULT_HASH_WP512 + default "sm3" if IMA_DEFAULT_HASH_SM3 config IMA_WRITE_POLICY bool "Enable multiple writes to the IMA policy" -- 2.17.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
[parent not found: <42b6db00b1864da9ad76a8d5964fdb74@MN2PR20MB2973.namprd20.prod.outlook.com>]
* RE: [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name [not found] ` <42b6db00b1864da9ad76a8d5964fdb74@MN2PR20MB2973.namprd20.prod.outlook.com> @ 2020-02-11 7:47 ` Van Leeuwen, Pascal 0 siblings, 0 replies; 7+ messages in thread From: Van Leeuwen, Pascal @ 2020-02-11 7:47 UTC (permalink / raw) To: Tianjia Zhang, herbert, davem, zohar, dmitry.kasatkin, jmorris, serge, ebiggers Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel > -----Original Message----- > From: linux-crypto-owner@vger.kernel.org <linux-crypto-owner@vger.kernel.org> On Behalf Of Tianjia Zhang > Sent: Monday, February 10, 2020 1:45 PM > To: herbert@gondor.apana.org.au; davem@davemloft.net; zohar@linux.ibm.com; dmitry.kasatkin@gmail.com; jmorris@namei.org; > serge@hallyn.com; ebiggers@kernel.org > Cc: linux-crypto@vger.kernel.org; linux-integrity@vger.kernel.org; linux-security-module@vger.kernel.org; linux- > kernel@vger.kernel.org > Subject: [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name > > <<< External Email >>> > CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the > sender/sender address and know the content is safe. > > > The name sm3-256 is defined in hash_algo_name in hash_info, but the > algorithm name implemented in sm3_generic.c is sm3, which will cause > the sm3-256 algorithm to be not found in some application scenarios of > the hash algorithm, and an ENOENT error will occur. For example, > IMA, keys, and other subsystems that reference hash_algo_name all use > the hash algorithm of sm3. > > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Pascal van Leeuwen <pvanleeuwen@rambus.com> > --- > crypto/hash_info.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/crypto/hash_info.c b/crypto/hash_info.c > index c754cb75dd1a..a49ff96bde77 100644 > --- a/crypto/hash_info.c > +++ b/crypto/hash_info.c > @@ -26,7 +26,7 @@ const char *const hash_algo_name[HASH_ALGO__LAST] = { > [HASH_ALGO_TGR_128] = "tgr128", > [HASH_ALGO_TGR_160] = "tgr160", > [HASH_ALGO_TGR_192] = "tgr192", > - [HASH_ALGO_SM3_256] = "sm3-256", > + [HASH_ALGO_SM3_256] = "sm3", > [HASH_ALGO_STREEBOG_256] = "streebog256", > [HASH_ALGO_STREEBOG_512] = "streebog512", > }; > -- > 2.17.1 Regards, Pascal van Leeuwen Silicon IP Architect Multi-Protocol Engines, Rambus Security Rambus ROTW Holding BV +31-73 6581953 Note: The Inside Secure/Verimatrix Silicon IP team was recently acquired by Rambus. Please be so kind to update your e-mail address book with my new e-mail address. ** This message and any attachments are for the sole use of the intended recipient(s). It may contain information that is confidential and privileged. If you are not the intended recipient of this message, you are prohibited from printing, copying, forwarding or saving it. Please delete the message and attachments and notify the sender immediately. ** Rambus Inc.<http://www.rambus.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-02-11 23:24 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-10 12:44 [PATCH] IMA hash algorithm supports sm3 Tianjia Zhang
2020-02-10 12:44 ` [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name Tianjia Zhang
2020-02-10 17:42 ` Mimi Zohar
2020-02-11 21:49 ` Mimi Zohar
2020-02-11 23:23 ` Mimi Zohar
2020-02-10 12:44 ` [PATCH 2/2] ima: add sm3 algorithm to hash algorithm configuration list Tianjia Zhang
[not found] ` <42b6db00b1864da9ad76a8d5964fdb74@MN2PR20MB2973.namprd20.prod.outlook.com>
2020-02-11 7:47 ` [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name Van Leeuwen, Pascal
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).