From: Yong Huang <yong.huang@smartx.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: qemu-devel <qemu-devel@nongnu.org>,
Eric Blake <eblake@redhat.com>,
Markus Armbruster <armbru@redhat.com>
Subject: Re: [PATCH] crypto: Introduce SM4 symmetric cipher algorithm
Date: Tue, 28 Nov 2023 00:38:04 +0800 [thread overview]
Message-ID: <CAK9dgmZudtuE280J3Hw4jVq95PvEYMmOE-dGJO-atviQLJAsYQ@mail.gmail.com> (raw)
In-Reply-To: <ZWS_lTYeKTLNfDrn@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 3951 bytes --]
On Tue, Nov 28, 2023 at 12:11 AM Daniel P. Berrangé <berrange@redhat.com>
wrote:
> On Mon, Nov 27, 2023 at 11:55:34PM +0800, Hyman Huang wrote:
> > Introduce the SM4 cipher algorithms (OSCCA GB/T 32907-2016).
> >
> > SM4 (GBT.32907-2016) is a cryptographic standard issued by the
> > Organization of State Commercial Administration of China (OSCCA)
> > as an authorized cryptographic algorithms for the use within China.
>
> Just out of interest, what part of QEMU are you needing to use
> SM4 with ? Is it for a LUKS block driver cipher ?
>
Indeed, the LUKS block driver is the cause. Since SM4 can be accelerated by
encryption cards or hardware modules, we wish to evaluate the performance
overhead of the CPU and the proprietary hardware as in our production,
And the SM4 Algo CPU implementation could be introduced beforehand.
>
> >
> > Signed-off-by: Hyman Huang <yong.huang@smartx.com>
> > ---
> > crypto/block-luks.c | 7 ++++++
> > crypto/cipher-gcrypt.c.inc | 4 ++++
>
> Looking at the gcrypt code, SM4 is only supported in >= 1.9.0
>
> QEMU min version is 1.8.0, so you'll need to modify meson.build
> to check whether SM4 is supported and put conditionals in this
> file
> > crypto/cipher-nettle.c.inc | 42 +++++++++++++++++++++++++++++++++
>
> Looking at the nettle code, SM4 is only supported in unreleased
> versions thus far.
> So again will need a meson.build check and conditionals.
>
OK, I'll check the library versions in the next versoin.
>
> > crypto/cipher.c | 2 ++
> > qapi/crypto.json | 5 +++-
> > tests/unit/test-crypto-cipher.c | 11 +++++++++
> > 6 files changed, 70 insertions(+), 1 deletion(-)
>
>
> > diff --git a/qapi/crypto.json b/qapi/crypto.json
> > index fd3d46ebd1..95fa10bb6d 100644
> > --- a/qapi/crypto.json
> > +++ b/qapi/crypto.json
> > @@ -94,6 +94,8 @@
> > #
> > # @twofish-256: Twofish with 256 bit / 32 byte keys
> > #
> > +# @sm4: SM4 with 128 bit / 16 byte keys (since 8.2)
>
> We're in feature freeze for 8.2, so mark this 9.0 as that'll be the
> next available release this could be merged for.
>
Get it.
>
> > +#
> > # Since: 2.6
> > ##
> > { 'enum': 'QCryptoCipherAlgorithm',
> > @@ -102,7 +104,8 @@
> > 'des', '3des',
> > 'cast5-128',
> > 'serpent-128', 'serpent-192', 'serpent-256',
> > - 'twofish-128', 'twofish-192', 'twofish-256']}
> > + 'twofish-128', 'twofish-192', 'twofish-256',
> > + 'sm4']}
> >
> > ##
> > # @QCryptoCipherMode:
> > diff --git a/tests/unit/test-crypto-cipher.c
> b/tests/unit/test-crypto-cipher.c
> > index d9d9d078ff..80a4984e43 100644
> > --- a/tests/unit/test-crypto-cipher.c
> > +++ b/tests/unit/test-crypto-cipher.c
> > @@ -382,6 +382,17 @@ static QCryptoCipherTestData test_data[] = {
> > .plaintext = "90afe91bb288544f2c32dc239b2635e6",
> > .ciphertext = "6cb4561c40bf0a9705931cb6d408e7fa",
> > },
> > + {
> > + /* SM4, GB/T 32907-2016, Appendix A.1 */
> > + .path = "/crypto/cipher/sm4",
> > + .alg = QCRYPTO_CIPHER_ALG_SM4,
> > + .mode = QCRYPTO_CIPHER_MODE_ECB,
> > + .key = "0123456789abcdeffedcba9876543210",
> > + .plaintext =
> > + "0123456789abcdeffedcba9876543210",
> > + .ciphertext =
> > + "681edf34d206965e86b3e94f536e4246",
> > + },
> > {
> > /* #1 32 byte key, 32 byte PTX */
> > .path = "/crypto/cipher/aes-xts-128-1",
> > --
> > 2.39.1
> >
>
> With regards,
> Daniel
> --
> |: https://berrange.com -o-
> https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org -o-
> https://www.instagram.com/dberrange :|
>
>
Thanks for the comment,
Yong
--
Best regards
[-- Attachment #2: Type: text/html, Size: 7598 bytes --]
prev parent reply other threads:[~2023-11-27 16:41 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-27 15:55 [PATCH] crypto: Introduce SM4 symmetric cipher algorithm Hyman Huang
2023-11-27 16:11 ` Daniel P. Berrangé
2023-11-27 16:38 ` Yong Huang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAK9dgmZudtuE280J3Hw4jVq95PvEYMmOE-dGJO-atviQLJAsYQ@mail.gmail.com \
--to=yong.huang@smartx.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).