From: Paolo Bonzini <pbonzini@redhat.com>
To: "Pascal Van Leeuwen" <pvanleeuwen@insidesecure.com>,
"Hao Feng" <fenghao@hygon.cn>,
"'Tom Lendacky '" <thomas.lendacky@amd.com>,
"'Gary Hook '" <gary.hook@amd.com>,
"'Herbert Xu '" <herbert@gondor.apana.org.au>,
"' David S. Miller '" <davem@davemloft.net>,
"'Janakarajan Natarajan '" <Janakarajan.Natarajan@amd.com>,
"'Joerg Roedel '" <joro@8bytes.org>,
"' Radim Krčmář '" <rkrcmar@redhat.com>,
"'Thomas Gleixner '" <tglx@linutronix.de>,
"'Ingo Molnar '" <mingo@redhat.com>,
"'Borislav Petkov '" <bp@alien8.de>,
"' H. Peter Anvin '" <hpa@zytor.com>
Cc: 'Zhaohui Du ' <duzhaohui@hygon.cn>,
'Zhiwei Ying ' <yingzhiwei@hygon.cn>, 'Wen Pu ' <puwen@hygon.cn>,
"x86@kernel.org" <x86@kernel.org>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 0/6] Add Hygon SEV support
Date: Mon, 15 Apr 2019 18:04:46 +0200 [thread overview]
Message-ID: <fda47663-9536-0d36-5a0e-c6da77e21209@redhat.com> (raw)
In-Reply-To: <AM6PR09MB35237F925CF4C82FBBA53862D22B0@AM6PR09MB3523.eurprd09.prod.outlook.com>
On 15/04/19 17:51, Pascal Van Leeuwen wrote:
> I don't know about SM2, but both SM3 and SM4 are already implemented in
> the kernel tree as generic C code and covered by the testmgr.
I stand corrected.
> There also has been quite some analysis done on them (Google is your
> friend) and they are generally considered secure.
Good.
> Besides that, they are
> in heavy practical use in mainland China, usually as direct replacements
> for SHA2-256 and AES in whatever protocol or use case you need: IPsec,
> TLS, WPA2, XTS for disk encryption, you name it.
How should that mean anything?
>> Because as far as I know, they could be just as secure as double rot13.
>
> You could educate yourself first instead of just making assumptions?
I did educate myself a bit, but I'm not an expert in cryptography, so I
would like to be sure that these are not another Speck or DUAL-EC-DRBG.
"SM2 is based on ECC(Elliptic Curve Cryptography), and uses a special
curve" is enough for me to see warning signs, at least without further
explanations, and so does the fact that the initial SM3 values were
changed from SHA-2 and AFAICT there is no public justification for that.
Paolo
next prev parent reply other threads:[~2019-04-15 16:05 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-15 12:04 [PATCH 0/6] Add Hygon SEV support Hao Feng
2019-04-15 12:04 ` [PATCH 1/6] crypto: ccp: Add Hygon Dhyana support Hao Feng
2019-04-15 12:04 ` [PATCH 2/6] crypto: ccp: Define Hygon SEV commands Hao Feng
2019-04-15 12:04 ` [PATCH 3/6] crypto: ccp: Implement SEV_GM_PUBKEY_GEN ioctl command Hao Feng
2019-04-15 12:04 ` [PATCH 4/6] KVM: Define Hygon SEV commands Hao Feng
2019-04-15 12:04 ` [PATCH 5/6] KVM: SVM: Add support for KVM_SEV_GM_GET_DIGEST command Hao Feng
2019-04-15 15:09 ` Borislav Petkov
[not found] ` <896956377bf441c3bfd911716418ce7e@hygon.cn>
2019-04-16 8:15 ` Borislav Petkov
2019-04-16 11:47 ` Hao Feng
2019-04-15 12:04 ` [PATCH 6/6] KVM: SVM: Add support for KVM_SEV_GM_VERIFY_DIGEST command Hao Feng
2019-04-15 15:32 ` [PATCH 0/6] Add Hygon SEV support Lendacky, Thomas
2019-04-15 15:37 ` Paolo Bonzini
2019-04-15 15:51 ` Pascal Van Leeuwen
2019-04-15 16:04 ` Paolo Bonzini [this message]
2019-04-16 6:58 ` Pascal Van Leeuwen
2019-04-16 8:09 ` Paolo Bonzini
2019-04-16 9:08 ` Pascal Van Leeuwen
2019-04-16 10:28 ` Hao Feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fda47663-9536-0d36-5a0e-c6da77e21209@redhat.com \
--to=pbonzini@redhat.com \
--cc=Janakarajan.Natarajan@amd.com \
--cc=bp@alien8.de \
--cc=davem@davemloft.net \
--cc=duzhaohui@hygon.cn \
--cc=fenghao@hygon.cn \
--cc=gary.hook@amd.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=puwen@hygon.cn \
--cc=pvanleeuwen@insidesecure.com \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
--cc=yingzhiwei@hygon.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).