Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] IMA hash algorithm supports sm3
@ 2020-02-10 12:44 Tianjia Zhang
  2020-02-10 12:44 ` [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name Tianjia Zhang
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Tianjia Zhang @ 2020-02-10 12:44 UTC (permalink / raw)
  To: herbert, davem, zohar, dmitry.kasatkin, jmorris, serge, ebiggers
  Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel

Fixed an issue where the sm3 algorithm name mismatch in the crypto subsystem hash_algo_name.
Make IMA support sm3 hash algorithm, added support for sm3 in IMA algorithm Kconfig configuration.



^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name
  2020-02-10 12:44 [PATCH] IMA hash algorithm supports sm3 Tianjia Zhang
@ 2020-02-10 12:44 ` Tianjia Zhang
  2020-02-10 17:42   ` Mimi Zohar
  2020-02-11 21:49   ` Mimi Zohar
  2020-02-10 12:44 ` [PATCH 2/2] ima: add sm3 algorithm to hash algorithm configuration list Tianjia Zhang
       [not found] ` <42b6db00b1864da9ad76a8d5964fdb74@MN2PR20MB2973.namprd20.prod.outlook.com>
  2 siblings, 2 replies; 7+ messages in thread
From: Tianjia Zhang @ 2020-02-10 12:44 UTC (permalink / raw)
  To: herbert, davem, zohar, dmitry.kasatkin, jmorris, serge, ebiggers
  Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel

The name sm3-256 is defined in hash_algo_name in hash_info, but the
algorithm name implemented in sm3_generic.c is sm3, which will cause
the sm3-256 algorithm to be not found in some application scenarios of
the hash algorithm, and an ENOENT error will occur. For example,
IMA, keys, and other subsystems that reference hash_algo_name all use
the hash algorithm of sm3.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
---
 crypto/hash_info.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/hash_info.c b/crypto/hash_info.c
index c754cb75dd1a..a49ff96bde77 100644
--- a/crypto/hash_info.c
+++ b/crypto/hash_info.c
@@ -26,7 +26,7 @@ const char *const hash_algo_name[HASH_ALGO__LAST] = {
 	[HASH_ALGO_TGR_128]	= "tgr128",
 	[HASH_ALGO_TGR_160]	= "tgr160",
 	[HASH_ALGO_TGR_192]	= "tgr192",
-	[HASH_ALGO_SM3_256]	= "sm3-256",
+	[HASH_ALGO_SM3_256]	= "sm3",
 	[HASH_ALGO_STREEBOG_256] = "streebog256",
 	[HASH_ALGO_STREEBOG_512] = "streebog512",
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 2/2] ima: add sm3 algorithm to hash algorithm configuration list
  2020-02-10 12:44 [PATCH] IMA hash algorithm supports sm3 Tianjia Zhang
  2020-02-10 12:44 ` [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name Tianjia Zhang
@ 2020-02-10 12:44 ` Tianjia Zhang
       [not found] ` <42b6db00b1864da9ad76a8d5964fdb74@MN2PR20MB2973.namprd20.prod.outlook.com>
  2 siblings, 0 replies; 7+ messages in thread
From: Tianjia Zhang @ 2020-02-10 12:44 UTC (permalink / raw)
  To: herbert, davem, zohar, dmitry.kasatkin, jmorris, serge, ebiggers
  Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel

sm3 has been supported by the ima hash algorithm, but it is not
yet in the Kconfig configuration list. After adding, both ima and tpm2
can support sm3 well.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
---
 security/integrity/ima/Kconfig | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 838476d780e5..ace6762c1cf1 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -112,6 +112,10 @@ choice
 	config IMA_DEFAULT_HASH_WP512
 		bool "WP512"
 		depends on CRYPTO_WP512=y && !IMA_TEMPLATE
+
+	config IMA_DEFAULT_HASH_SM3
+		bool "SM3"
+		depends on CRYPTO_SM3=y && !IMA_TEMPLATE
 endchoice
 
 config IMA_DEFAULT_HASH
@@ -121,6 +125,7 @@ config IMA_DEFAULT_HASH
 	default "sha256" if IMA_DEFAULT_HASH_SHA256
 	default "sha512" if IMA_DEFAULT_HASH_SHA512
 	default "wp512" if IMA_DEFAULT_HASH_WP512
+	default "sm3" if IMA_DEFAULT_HASH_SM3
 
 config IMA_WRITE_POLICY
 	bool "Enable multiple writes to the IMA policy"
-- 
2.17.1


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name
  2020-02-10 12:44 ` [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name Tianjia Zhang
@ 2020-02-10 17:42   ` Mimi Zohar
  2020-02-11 21:49   ` Mimi Zohar
  1 sibling, 0 replies; 7+ messages in thread
From: Mimi Zohar @ 2020-02-10 17:42 UTC (permalink / raw)
  To: Tianjia Zhang, herbert, davem, dmitry.kasatkin, jmorris, serge,
	ebiggers, Jarkko Sakkinen
  Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel

[Cc'ing Jarkko]

On Mon, 2020-02-10 at 20:44 +0800, Tianjia Zhang wrote:
> The name sm3-256 is defined in hash_algo_name in hash_info, but the
> algorithm name implemented in sm3_generic.c is sm3, which will cause
> the sm3-256 algorithm to be not found in some application scenarios of
> the hash algorithm, and an ENOENT error will occur. For example,
> IMA, keys, and other subsystems that reference hash_algo_name all use
> the hash algorithm of sm3.
> 
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Missing is the "Fixes" tag and Cc'ing the person who upstreamed "sm3-
256" in the first place.

Mimi

> ---
>  crypto/hash_info.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/crypto/hash_info.c b/crypto/hash_info.c
> index c754cb75dd1a..a49ff96bde77 100644
> --- a/crypto/hash_info.c
> +++ b/crypto/hash_info.c
> @@ -26,7 +26,7 @@ const char *const hash_algo_name[HASH_ALGO__LAST] = {
>  	[HASH_ALGO_TGR_128]	= "tgr128",
>  	[HASH_ALGO_TGR_160]	= "tgr160",
>  	[HASH_ALGO_TGR_192]	= "tgr192",
> -	[HASH_ALGO_SM3_256]	= "sm3-256",
> +	[HASH_ALGO_SM3_256]	= "sm3",
>  	[HASH_ALGO_STREEBOG_256] = "streebog256",
>  	[HASH_ALGO_STREEBOG_512] = "streebog512",
>  };


^ permalink raw reply	[flat|nested] 7+ messages in thread

* RE: [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name
       [not found] ` <42b6db00b1864da9ad76a8d5964fdb74@MN2PR20MB2973.namprd20.prod.outlook.com>
@ 2020-02-11  7:47   ` Van Leeuwen, Pascal
  0 siblings, 0 replies; 7+ messages in thread
From: Van Leeuwen, Pascal @ 2020-02-11  7:47 UTC (permalink / raw)
  To: Tianjia Zhang, herbert, davem, zohar, dmitry.kasatkin, jmorris,
	serge, ebiggers
  Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel

> -----Original Message-----
> From: linux-crypto-owner@vger.kernel.org <linux-crypto-owner@vger.kernel.org> On Behalf Of Tianjia Zhang
> Sent: Monday, February 10, 2020 1:45 PM
> To: herbert@gondor.apana.org.au; davem@davemloft.net; zohar@linux.ibm.com; dmitry.kasatkin@gmail.com; jmorris@namei.org;
> serge@hallyn.com; ebiggers@kernel.org
> Cc: linux-crypto@vger.kernel.org; linux-integrity@vger.kernel.org; linux-security-module@vger.kernel.org; linux-
> kernel@vger.kernel.org
> Subject: [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name
>
> <<< External Email >>>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the
> sender/sender address and know the content is safe.
>
>
> The name sm3-256 is defined in hash_algo_name in hash_info, but the
> algorithm name implemented in sm3_generic.c is sm3, which will cause
> the sm3-256 algorithm to be not found in some application scenarios of
> the hash algorithm, and an ENOENT error will occur. For example,
> IMA, keys, and other subsystems that reference hash_algo_name all use
> the hash algorithm of sm3.
>
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Pascal van Leeuwen <pvanleeuwen@rambus.com>

> ---
>  crypto/hash_info.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/crypto/hash_info.c b/crypto/hash_info.c
> index c754cb75dd1a..a49ff96bde77 100644
> --- a/crypto/hash_info.c
> +++ b/crypto/hash_info.c
> @@ -26,7 +26,7 @@ const char *const hash_algo_name[HASH_ALGO__LAST] = {
>         [HASH_ALGO_TGR_128]     = "tgr128",
>         [HASH_ALGO_TGR_160]     = "tgr160",
>         [HASH_ALGO_TGR_192]     = "tgr192",
> -       [HASH_ALGO_SM3_256]     = "sm3-256",
> +       [HASH_ALGO_SM3_256]     = "sm3",
>         [HASH_ALGO_STREEBOG_256] = "streebog256",
>         [HASH_ALGO_STREEBOG_512] = "streebog512",
>  };
> --
> 2.17.1

Regards,
Pascal van Leeuwen
Silicon IP Architect Multi-Protocol Engines, Rambus Security
Rambus ROTW Holding BV
+31-73 6581953

Note: The Inside Secure/Verimatrix Silicon IP team was recently acquired by Rambus.
Please be so kind to update your e-mail address book with my new e-mail address.


** This message and any attachments are for the sole use of the intended recipient(s). It may contain information that is confidential and privileged. If you are not the intended recipient of this message, you are prohibited from printing, copying, forwarding or saving it. Please delete the message and attachments and notify the sender immediately. **

Rambus Inc.<http://www.rambus.com>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name
  2020-02-10 12:44 ` [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name Tianjia Zhang
  2020-02-10 17:42   ` Mimi Zohar
@ 2020-02-11 21:49   ` Mimi Zohar
  2020-02-11 23:23     ` Mimi Zohar
  1 sibling, 1 reply; 7+ messages in thread
From: Mimi Zohar @ 2020-02-11 21:49 UTC (permalink / raw)
  To: Tianjia Zhang, herbert, davem, dmitry.kasatkin, jmorris, serge, ebiggers
  Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel

On Mon, 2020-02-10 at 20:44 +0800, Tianjia Zhang wrote:
> The name sm3-256 is defined in hash_algo_name in hash_info, but the
> algorithm name implemented in sm3_generic.c is sm3, which will cause
> the sm3-256 algorithm to be not found in some application scenarios of
> the hash algorithm, and an ENOENT error will occur. For example,
> IMA, keys, and other subsystems that reference hash_algo_name all use
> the hash algorithm of sm3.
> 
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

The "hash_map" needs to be updated to reflect this change.

static struct tpm2_hash tpm2_hash_map[] = {
        {HASH_ALGO_SHA1, TPM_ALG_SHA1},
        {HASH_ALGO_SHA256, TPM_ALG_SHA256},
        {HASH_ALGO_SHA384, TPM_ALG_SHA384},
        {HASH_ALGO_SHA512, TPM_ALG_SHA512},
        {HASH_ALGO_SM3_256, TPM_ALG_SM3_256},
};

Mimi

> ---
>  crypto/hash_info.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/crypto/hash_info.c b/crypto/hash_info.c
> index c754cb75dd1a..a49ff96bde77 100644
> --- a/crypto/hash_info.c
> +++ b/crypto/hash_info.c
> @@ -26,7 +26,7 @@ const char *const hash_algo_name[HASH_ALGO__LAST] = {
>  	[HASH_ALGO_TGR_128]	= "tgr128",
>  	[HASH_ALGO_TGR_160]	= "tgr160",
>  	[HASH_ALGO_TGR_192]	= "tgr192",
> -	[HASH_ALGO_SM3_256]	= "sm3-256",
> +	[HASH_ALGO_SM3_256]	= "sm3",
>  	[HASH_ALGO_STREEBOG_256] = "streebog256",
>  	[HASH_ALGO_STREEBOG_512] = "streebog512",
>  };


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name
  2020-02-11 21:49   ` Mimi Zohar
@ 2020-02-11 23:23     ` Mimi Zohar
  0 siblings, 0 replies; 7+ messages in thread
From: Mimi Zohar @ 2020-02-11 23:23 UTC (permalink / raw)
  To: Tianjia Zhang, herbert, davem, dmitry.kasatkin, jmorris, serge, ebiggers
  Cc: linux-crypto, linux-integrity, linux-security-module, linux-kernel

On Tue, 2020-02-11 at 16:49 -0500, Mimi Zohar wrote:
> On Mon, 2020-02-10 at 20:44 +0800, Tianjia Zhang wrote:
> > The name sm3-256 is defined in hash_algo_name in hash_info, but the
> > algorithm name implemented in sm3_generic.c is sm3, which will cause
> > the sm3-256 algorithm to be not found in some application scenarios of
> > the hash algorithm, and an ENOENT error will occur. For example,
> > IMA, keys, and other subsystems that reference hash_algo_name all use
> > the hash algorithm of sm3.
> > 
> > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> 
> The "hash_map" needs to be updated to reflect this change.
> 
> static struct tpm2_hash tpm2_hash_map[] = {
>         {HASH_ALGO_SHA1, TPM_ALG_SHA1},
>         {HASH_ALGO_SHA256, TPM_ALG_SHA256},
>         {HASH_ALGO_SHA384, TPM_ALG_SHA384},
>         {HASH_ALGO_SHA512, TPM_ALG_SHA512},
>         {HASH_ALGO_SM3_256, TPM_ALG_SM3_256},
> };

Never mind, the enum name "HASH_ALGO_SM3_256" didn't change.  Just the
string changed.

Mimi


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, back to index

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-10 12:44 [PATCH] IMA hash algorithm supports sm3 Tianjia Zhang
2020-02-10 12:44 ` [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name Tianjia Zhang
2020-02-10 17:42   ` Mimi Zohar
2020-02-11 21:49   ` Mimi Zohar
2020-02-11 23:23     ` Mimi Zohar
2020-02-10 12:44 ` [PATCH 2/2] ima: add sm3 algorithm to hash algorithm configuration list Tianjia Zhang
     [not found] ` <42b6db00b1864da9ad76a8d5964fdb74@MN2PR20MB2973.namprd20.prod.outlook.com>
2020-02-11  7:47   ` [PATCH 1/2] crypto: rename sm3-256 to sm3 in hash_algo_name Van Leeuwen, Pascal

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org
	public-inbox-index linux-integrity

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git