Web lists-archives.com

RE: [PATCH 0/6] Add Hygon SEV support

> -----Original Message-----
> From: linux-crypto-owner@xxxxxxxxxxxxxxx [mailto:linux-crypto-
> owner@xxxxxxxxxxxxxxx] On Behalf Of Paolo Bonzini
> Sent: Monday, April 15, 2019 5:38 PM
> To: Hao Feng <fenghao@xxxxxxxx>; 'Tom Lendacky '
> <thomas.lendacky@xxxxxxx>; 'Gary Hook ' <gary.hook@xxxxxxx>; 'Herbert
> Xu ' <herbert@xxxxxxxxxxxxxxxxxxx>; ' David S. Miller '
> <davem@xxxxxxxxxxxxx>; 'Janakarajan Natarajan '
> <Janakarajan.Natarajan@xxxxxxx>; 'Joerg Roedel ' <joro@xxxxxxxxxx>; '
> Radim Krčmář ' <rkrcmar@xxxxxxxxxx>; 'Thomas Gleixner '
> <tglx@xxxxxxxxxxxxx>; 'Ingo Molnar ' <mingo@xxxxxxxxxx>; 'Borislav
> Petkov ' <bp@xxxxxxxxx>; ' H. Peter Anvin ' <hpa@xxxxxxxxx>
> Cc: 'Zhaohui Du ' <duzhaohui@xxxxxxxx>; 'Zhiwei Ying '
> <yingzhiwei@xxxxxxxx>; 'Wen Pu ' <puwen@xxxxxxxx>; x86@xxxxxxxxxx;
> linux-crypto@xxxxxxxxxxxxxxx; kvm@xxxxxxxxxxxxxxx; linux-
> kernel@xxxxxxxxxxxxxxx
> Subject: Re: [PATCH 0/6] Add Hygon SEV support
> On 15/04/19 14:04, Hao Feng wrote:
> > Hygon SEV follows AMD SEV work flow, but uses China national standard
> > cryptographic algorithms SM2/SM3/SM4 instead of (RSA, ECDSA,
> > ECDH)/SHA/AES. Reuse most AMD SEV code path to support Hygon SEV,
> > also adds 3 new commands(GM_PUBKEY_GEN, GM_GET_DIGEST,
> > GM_VERIFY_DIGEST) to support SM2 key exchange protocol.
> >
> > SM2 is based on ECC(Elliptic Curve Cryptography), and uses a special
> > curve. It can be used in digital signature, key exchange and
> > asymmetric cryptography. For key exchange, SM2 is similar to ECDH,
> but
> > involves new random key, meaning the two sides need to exchange extra
> > random public key besides their public key, that's why additional
> APIs
> > are needed to support Hygon SEV.
> > SM3 is a hash algorithm, similar to SHA-256.
> > SM4 is a block cipher algorithm, similar to AES-128.
> I don't see SM2 and SM3 implemented elsewhere in Linux.  SM4 is only
> supported by a few wireless drivers.
> Apart from the concerns that Thomas mentioned, you have to convince the
> rest of the community that these primitives are secure (for example by
> contributing support for them to drivers/crypto), and then KVM will
> start using them.

I don't know about SM2, but both SM3 and SM4 are already implemented in
the kernel tree as generic C code and covered by the testmgr.

There also has been quite some analysis done on them (Google is your
friend) and they are generally considered secure. Besides that, they are
in heavy practical use in mainland China, usually as direct replacements
for SHA2-256 and AES in whatever protocol or use case you need: IPsec,
TLS, WPA2, XTS for disk encryption, you name it.

> Because as far as I know, they could be just as secure as double rot13.

You could educate yourself first instead of just making assumptions?


Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines

Tel. : +31 (0)73 65 81 900