From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from qq.com (smtpbg466.qq.com [59.36.132.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Mon, 30 Dec 2019 10:27:26 +0100 (CET) Date: Mon, 30 Dec 2019 10:26:54 +0100 From: "huxiaoyu@horebdata.cn" References: <201912280908402097647@horebdata.cn>, <6fde00aa-6fca-115d-a696-7190eb7e0950@gmail.com> Mime-Version: 1.0 Message-ID: <201912301026524657678@horebdata.cn>+040374E1DDE8A44D Content-Type: multipart/alternative; boundary="----=_001_NextPart050600828600_=----" Subject: Re: [dm-crypt] Request on support of SM3 and SM4 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Milan Broz , dm-crypt This is a multi-part message in MIME format. ------=_001_NextPart050600828600_=---- Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 RGVhciBNaWxhbu+8jA0KDQpUaGFua3MgZm9yIHRoZSBpbmZvcm1hdGlvbi4gSXQgaXMgaW50ZXJl c3RpbmcgdG8ga25vdyB0aGF0IHJlY2VudCBrZXJuZWwgaGFzIGluY2x1ZGVkIHRoZSBzdXBwb3J0 IG9mIFNNMy9TTTQuIA0KDQpCVFcsIHdoYXQgaXMgdGhlIGtlcm5lbCB2ZXJzaW9uIG9mIHRoZSBE ZWJpYW4gc3lzdGVtIChEZWJpYW4gOT8pIHRoYXQgeW91IGFyZSB1c2luZz8gIEkgd291bGQgbGlr ZSB0byB0cnkgaXQuDQoNCmJlc3QgcmVnYXJkcywNCg0Kc2FtdWVsDQoNCg0KDQpodXhpYW95dUBo b3JlYmRhdGEuY24NCiANCkZyb206IE1pbGFuIEJyb3oNCkRhdGU6IDIwMTktMTItMzAgMTA6MTYN ClRvOiBodXhpYW95dUBob3JlYmRhdGEuY247IGRtLWNyeXB0DQpTdWJqZWN0OiBSZTogW2RtLWNy eXB0XSBSZXF1ZXN0IG9uIHN1cHBvcnQgb2YgU00zIGFuZCBTTTQNCk9uIDI4LzEyLzIwMTkgMDk6 MDgsIGh1eGlhb3l1QGhvcmViZGF0YS5jbiB3cm90ZToNCj4gU00zLzQgaXMgYSBibG9jayBjaXBo ZXIgc2ltaWxhciB0byBERVMgYW5kIEFFUywgYW5kIGhhcyBiZWVuIHN1cHBvcnRlZCBieSBvcGVu U1NMIHJlbmNlbnRseS4gRG9lcyBkbS1jcnlwdCAoTFVLUykgc3VwcG9ydCB0aGUgdXNlIG9mIFNN My9TTTQ/IGFuZCBpZiB5ZXMsIGhvdyB0bw0KIA0KSGksDQogDQpTTTMgaXMgYSBoYXNoIGZ1bmN0 aW9uLCBpZiB1c2Vyc3BhY2UgYmFja2VuZCAodXN1YWxseSBPcGVuU1NMKSBzdXBwb3J0cyBpdCwg eW91IGNhbiB1c2UgaXQNCmZvciBoZWFkZXIgaGFzaCBhbnMgYW50aS1mb3JlbnNpYyBmdW5jaXRv biwgeW91IGNhbiB0cnkgaXQgd2l0aCBiZW5jaG1hcmssIGZvciBleGFtcGxlOg0KIA0KICAgY3J5 cHRzZXR1cCBiZW5jaG1hcmsgLS1wYmtkZiBwYmtkZjIgLS1oYXNoIHNtMyAtLWtleS1zaXplIDEy OA0KICAgIyBUZXN0cyBhcmUgYXBwcm94aW1hdGUgdXNpbmcgbWVtb3J5IG9ubHkgKG5vIHN0b3Jh Z2UgSU8pLg0KICAgUEJLREYyLXNtMyAgICAgICAxMDc2NTY2IGl0ZXJhdGlvbnMgcGVyIHNlY29u ZCBmb3IgMTI4LWJpdCBrZXkNCiANClNNNCBpcyBhIGJsb2NrIGNpcGhlciwgaWYga2VybmVsIGNy eXB0byBzdXBwb3J0cyBpdCAoZm9yIGRtLWNyeXB0LCByZWNlbnQga2VybmVsIGNvbnRhaW5zIHRo ZSBtb2R1bGUpLA0KeW91IGNhbiB1c2UgaXQgZm9yIGRhdGEgZW5jcnlwdGlvbiwgYWdhaW4sIHlv dSBjYW4gY2hlY2sgc3VwcG9ydCB1c2luZyBiZW5jaG1hcmssIGZvciBleGFtcGxlOg0KIA0KICAg Y3J5cHRzZXR1cCBiZW5jaG1hcmsgLS1jaXBoZXIgc200LXh0cy1wbGFpbjY0IC0ta2V5LXNpemUg MjU2DQogICAjIFRlc3RzIGFyZSBhcHByb3hpbWF0ZSB1c2luZyBtZW1vcnkgb25seSAobm8gc3Rv cmFnZSBJTykuDQogICAjIEFsZ29yaXRobSB8ICAgICAgIEtleSB8ICAgICAgRW5jcnlwdGlvbiB8 ICAgICAgRGVjcnlwdGlvbg0KICAgICAgIHNtNC14dHMgICAgICAgIDI1NmIgICAgICAgIDQwLjMg TWlCL3MgICAgICAgIDQwLjEgTWlCL3MNCiANCiANClNvLCBib3RoIGFyZSBlYXNpbHkgdXNlZCBp biBMVUtTIGZvcm1hdDoNCiANCiAgIGNyeXB0c2V0dXAgbHVrc0Zvcm1hdCAtLWNpcGhlciBzbTQt eHRzLXBsYWluNjQgLS1rZXktc2l6ZSAyNTYgLS1oYXNoIHNtMyA8ZGV2aWNlPg0KIA0KTm90ZSwg dGhhdCBub3QgYWxsIGNyeXB0byBiYWNrZW5kcyBhbmQga2VybmVsIHN1cHBvcnQgaXQsIGFsc28g SSBoYXZlIG5vIGlkZWENCmhvdyBpdCBpcyBzZWN1cmUgYW5kIGlmIHRoZXJlIGlzIGFueSBhbmFs eXNpcyBvZiB0aGVzZSBDaGluZXNlIGFsZ29yaXRobXMgaW4gdGhlIEZERSBjb250ZXh0Lg0KIA0K QW55d2F5LCBpdCB3b3JrcyBvdXQgb2YgdGhlIGJveCwgYXQgbGVhc3Qgb24gbXkgRGViaWFuIHN5 c3RlbS4NCiANCk1pbGFuDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fXw0KZG0tY3J5cHQgbWFpbGluZyBsaXN0DQpkbS1jcnlwdEBzYW91dC5kZQ0KaHR0cHM6 Ly93d3cuc2FvdXQuZGUvbWFpbG1hbi9saXN0aW5mby9kbS1jcnlwdA0KIA0K ------=_001_NextPart050600828600_=---- Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable <= body>=0A
Dear Milan=EF=BC=8C

Tha= nks for the information. It is interesting to know that recent kernel has = included the support of SM3/SM4. 

BTW, what = is the kernel version of the Debian system (Debian 9?) that you are using?=  I would like to try it.

best regards,

samuel
=0A

=0A
= huxiaoyu@horebdata.cn
=0A
 
From: Milan Broz
Date: 2019-12-30 10:16<= /div>
To: huxiaoy= u@horebdata.cn; dm-crypt
Subject: Re: [dm-crypt] Request on support of SM3 and SM= 4
On 28/12/2019 09:08, huxiaoyu@horebdata.cn wr= ote:
=0A
> SM3/4 is a block cipher similar to DES and AES, and= has been supported by openSSL rencently. Does dm-crypt (LUKS) support the= use of SM3/SM4? and if yes, how to
=0A
 
=0A
Hi,=0A
 
=0A
SM3 is a hash function, if userspace backe= nd (usually OpenSSL) supports it, you can use it
=0A
for header h= ash ans anti-forensic funciton, you can try it with benchmark, for example= :
=0A
 
=0A
   cryptsetup benchmark --pbk= df pbkdf2 --hash sm3 --key-size 128
=0A
   # Tests are = approximate using memory only (no storage IO).
=0A
   P= BKDF2-sm3       1076566 iterations per secon= d for 128-bit key
=0A
 
=0A
SM4 is a block cipher, = if kernel crypto supports it (for dm-crypt, recent kernel contains the mod= ule),
=0A
you can use it for data encryption, again, you can chec= k support using benchmark, for example:
=0A
 
=0A
&= nbsp;  cryptsetup benchmark --cipher sm4-xts-plain64 --key-size 256=0A
   # Tests are approximate using memory only (no sto= rage IO).
=0A
   # Algorithm |    &= nbsp;  Key |      Encryption |  &n= bsp;   Decryption
=0A
     &nb= sp; sm4-xts        256b  &nbs= p;     40.3 MiB/s      &= nbsp; 40.1 MiB/s
=0A
 
=0A
 
=0A
So, = both are easily used in LUKS format:
=0A
 
=0A
&nbs= p;  cryptsetup luksFormat --cipher sm4-xts-plain64 --key-size 256 --h= ash sm3 <device>
=0A
 
=0A
Note, that not all= crypto backends and kernel support it, also I have no idea
=0A
h= ow it is secure and if there is any analysis of these Chinese algorithms i= n the FDE context.
=0A
 
=0A
Anyway, it works out o= f the box, at least on my Debian system.
=0A
 
=0A
= Milan
=0A
_______________________________________________
= =0A
dm-crypt mailing list
=0A
dm-crypt@saout.de
=0A
= https://www.saout.de/mailman/listinfo/dm-crypt
=0A
 
= =0A
=0A ------=_001_NextPart050600828600_=------