linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Paolo Bonzini <pbonzini@redhat.com>
To: "Pascal Van Leeuwen" <pvanleeuwen@insidesecure.com>,
	"Hao Feng" <fenghao@hygon.cn>,
	"'Tom Lendacky '" <thomas.lendacky@amd.com>,
	"'Gary Hook '" <gary.hook@amd.com>,
	"'Herbert Xu '" <herbert@gondor.apana.org.au>,
	"' David S. Miller '" <davem@davemloft.net>,
	"'Janakarajan Natarajan '" <Janakarajan.Natarajan@amd.com>,
	"'Joerg Roedel '" <joro@8bytes.org>,
	"' Radim Krčmář '" <rkrcmar@redhat.com>,
	"'Thomas Gleixner '" <tglx@linutronix.de>,
	"'Ingo Molnar '" <mingo@redhat.com>,
	"'Borislav Petkov '" <bp@alien8.de>,
	"' H. Peter Anvin '" <hpa@zytor.com>
Cc: 'Zhaohui Du ' <duzhaohui@hygon.cn>,
	'Zhiwei Ying ' <yingzhiwei@hygon.cn>, 'Wen Pu ' <puwen@hygon.cn>,
	"x86@kernel.org" <x86@kernel.org>,
	"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
	"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 0/6] Add Hygon SEV support
Date: Mon, 15 Apr 2019 18:04:46 +0200	[thread overview]
Message-ID: <fda47663-9536-0d36-5a0e-c6da77e21209@redhat.com> (raw)
In-Reply-To: <AM6PR09MB35237F925CF4C82FBBA53862D22B0@AM6PR09MB3523.eurprd09.prod.outlook.com>

On 15/04/19 17:51, Pascal Van Leeuwen wrote:
> I don't know about SM2, but both SM3 and SM4 are already implemented in
> the kernel tree as generic C code and covered by the testmgr.

I stand corrected.

> There also has been quite some analysis done on them (Google is your
> friend) and they are generally considered secure.

Good.

> Besides that, they are
> in heavy practical use in mainland China, usually as direct replacements
> for SHA2-256 and AES in whatever protocol or use case you need: IPsec,
> TLS, WPA2, XTS for disk encryption, you name it.

How should that mean anything?

>> Because as far as I know, they could be just as secure as double rot13.
> 
> You could educate yourself first instead of just making assumptions?
I did educate myself a bit, but I'm not an expert in cryptography, so I
would like to be sure that these are not another Speck or DUAL-EC-DRBG.
 "SM2 is based on ECC(Elliptic Curve Cryptography), and uses a special
curve" is enough for me to see warning signs, at least without further
explanations, and so does the fact that the initial SM3 values were
changed from SHA-2 and AFAICT there is no public justification for that.

Paolo

  reply	other threads:[~2019-04-15 16:05 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-15 12:04 [PATCH 0/6] Add Hygon SEV support Hao Feng
2019-04-15 12:04 ` [PATCH 1/6] crypto: ccp: Add Hygon Dhyana support Hao Feng
2019-04-15 12:04 ` [PATCH 2/6] crypto: ccp: Define Hygon SEV commands Hao Feng
2019-04-15 12:04 ` [PATCH 3/6] crypto: ccp: Implement SEV_GM_PUBKEY_GEN ioctl command Hao Feng
2019-04-15 12:04 ` [PATCH 4/6] KVM: Define Hygon SEV commands Hao Feng
2019-04-15 12:04 ` [PATCH 5/6] KVM: SVM: Add support for KVM_SEV_GM_GET_DIGEST command Hao Feng
2019-04-15 15:09   ` Borislav Petkov
     [not found]     ` <896956377bf441c3bfd911716418ce7e@hygon.cn>
2019-04-16  8:15       ` Borislav Petkov
2019-04-16 11:47         ` Hao Feng
2019-04-15 12:04 ` [PATCH 6/6] KVM: SVM: Add support for KVM_SEV_GM_VERIFY_DIGEST command Hao Feng
2019-04-15 15:32 ` [PATCH 0/6] Add Hygon SEV support Lendacky, Thomas
2019-04-15 15:37 ` Paolo Bonzini
2019-04-15 15:51   ` Pascal Van Leeuwen
2019-04-15 16:04     ` Paolo Bonzini [this message]
2019-04-16  6:58       ` Pascal Van Leeuwen
2019-04-16  8:09         ` Paolo Bonzini
2019-04-16  9:08           ` Pascal Van Leeuwen
2019-04-16 10:28           ` Hao Feng

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fda47663-9536-0d36-5a0e-c6da77e21209@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=Janakarajan.Natarajan@amd.com \
    --cc=bp@alien8.de \
    --cc=davem@davemloft.net \
    --cc=duzhaohui@hygon.cn \
    --cc=fenghao@hygon.cn \
    --cc=gary.hook@amd.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=hpa@zytor.com \
    --cc=joro@8bytes.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=puwen@hygon.cn \
    --cc=pvanleeuwen@insidesecure.com \
    --cc=rkrcmar@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    --cc=yingzhiwei@hygon.cn \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).