[dm-crypt] Request on support of SM3 and SM4

[dm-crypt] Request on support of SM3 and SM4

[huxiaoyu]

[-- Attachment #1: Type: text/plain, Size: 230 bytes --]

Dear folks,

SM3/4 is a block cipher similar to DES and AES, and has been supported by openSSL rencently. Does dm-crypt (LUKS) support the use of SM3/SM4? and if yes, how to

regards,

Samuel




huxiaoyu@horebdata.cn

[-- Attachment #2: Type: text/html, Size: 770 bytes --]

Re: [dm-crypt] **** SPAM **** Request on support of SM3 and SM4

[Milan Broz]

On 28/12/2019 09:08, huxiaoyu@horebdata.cn wrote:
> SM3/4 is a block cipher similar to DES and AES, and has been supported by openSSL rencently. Does dm-crypt (LUKS) support the use of SM3/SM4? and if yes, how to

Hi,

SM3 is a hash function, if userspace backend (usually OpenSSL) supports it, you can use it
for header hash ans anti-forensic funciton, you can try it with benchmark, for example:

   cryptsetup benchmark --pbkdf pbkdf2 --hash sm3 --key-size 128
   # Tests are approximate using memory only (no storage IO).
   PBKDF2-sm3       1076566 iterations per second for 128-bit key

SM4 is a block cipher, if kernel crypto supports it (for dm-crypt, recent kernel contains the module),
you can use it for data encryption, again, you can check support using benchmark, for example:

   cryptsetup benchmark --cipher sm4-xts-plain64 --key-size 256
   # Tests are approximate using memory only (no storage IO).
   # Algorithm |       Key |      Encryption |      Decryption
       sm4-xts        256b        40.3 MiB/s        40.1 MiB/s


So, both are easily used in LUKS format:

   cryptsetup luksFormat --cipher sm4-xts-plain64 --key-size 256 --hash sm3 <device>

Note, that not all crypto backends and kernel support it, also I have no idea
how it is secure and if there is any analysis of these Chinese algorithms in the FDE context.

Anyway, it works out of the box, at least on my Debian system.

Milan

Re: [dm-crypt] Request on support of SM3 and SM4

[huxiaoyu]

[-- Attachment #1: Type: text/plain, Size: 2040 bytes --]

Dear Milan，

Thanks for the information. It is interesting to know that recent kernel has included the support of SM3/SM4. 

BTW, what is the kernel version of the Debian system (Debian 9?) that you are using?  I would like to try it.

best regards,

samuel



huxiaoyu@horebdata.cn
 
From: Milan Broz
Date: 2019-12-30 10:16
To: huxiaoyu@horebdata.cn; dm-crypt
Subject: Re: [dm-crypt] Request on support of SM3 and SM4
On 28/12/2019 09:08, huxiaoyu@horebdata.cn wrote:
> SM3/4 is a block cipher similar to DES and AES, and has been supported by openSSL rencently. Does dm-crypt (LUKS) support the use of SM3/SM4? and if yes, how to
 
Hi,
 
SM3 is a hash function, if userspace backend (usually OpenSSL) supports it, you can use it
for header hash ans anti-forensic funciton, you can try it with benchmark, for example:
 
   cryptsetup benchmark --pbkdf pbkdf2 --hash sm3 --key-size 128
   # Tests are approximate using memory only (no storage IO).
   PBKDF2-sm3       1076566 iterations per second for 128-bit key
 
SM4 is a block cipher, if kernel crypto supports it (for dm-crypt, recent kernel contains the module),
you can use it for data encryption, again, you can check support using benchmark, for example:
 
   cryptsetup benchmark --cipher sm4-xts-plain64 --key-size 256
   # Tests are approximate using memory only (no storage IO).
   # Algorithm |       Key |      Encryption |      Decryption
       sm4-xts        256b        40.3 MiB/s        40.1 MiB/s
 
 
So, both are easily used in LUKS format:
 
   cryptsetup luksFormat --cipher sm4-xts-plain64 --key-size 256 --hash sm3 <device>
 
Note, that not all crypto backends and kernel support it, also I have no idea
how it is secure and if there is any analysis of these Chinese algorithms in the FDE context.
 
Anyway, it works out of the box, at least on my Debian system.
 
Milan
_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
https://www.saout.de/mailman/listinfo/dm-crypt
 

[-- Attachment #2: Type: text/html, Size: 4030 bytes --]

Re: [dm-crypt] Request on support of SM3 and SM4

[Milan Broz]

On 30/12/2019 10:26, huxiaoyu@horebdata.cn wrote:
> Thanks for the information. It is interesting to know that recent kernel has included the support of SM3/SM4.
> 
> BTW, what is the kernel version of the Debian system (Debian 9?) that you are using?  I would like to try it.

SM4 cipher should be available in Linux kernel since version 4.17 (I am running 5.4.x).

Milan

p.s.
Please do not send HTML mails to this list (better use plain text messages), it is marked as spam and post could be lost...