RE: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers

[Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>]

> -----Original Message-----
> From: Eric Biggers <ebiggers@kernel.org>
> Sent: Wednesday, September 11, 2019 6:06 PM
> To: Pascal van Leeuwen <pascalvanl@gmail.com>
> Cc: linux-crypto@vger.kernel.org; antoine.tenart@bootlin.com; herbert@gondor.apana.org.au;
> davem@davemloft.net; Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
> Subject: Re: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4)
> skciphers
> 
> On Wed, Sep 11, 2019 at 12:38:21PM +0200, Pascal van Leeuwen wrote:
> > Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms
> >
> 
> What is the use case for these algorithms?  Who/what is going to use them?
> 
> - Eric
>
SM4 is a Chinese replacement for 128 bit AES, which is mandatory to be used for many
Chinese use cases. So they would use these whereever you would normally use ofb(aes)
or cfb(aes). Frankly, I'm not aware of any practicle use cases for these feedback
modes, but we've been supporting them for decades and apparently the Crypto API
supports them for AES as well. So they must be useful for something ...

The obvious advantage over CBC mode was that they only require the encrypt part of
the cipher, but that holds for the (newer) CTR mode as well. So, my guess would be
some legacy uses cases from before the time CTR mode and AEAD's became popular.

Maybe someone remembers why these were added for AES in the first place?

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com