| Message ID | 1568198304-8101-5-git-send-email-pvanleeuwen@verimatrix.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: inside-secure - Add support for SM4 ciphers | expand |
On Wed, Sep 11, 2019 at 12:38:21PM +0200, Pascal van Leeuwen wrote: > Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms > What is the use case for these algorithms? Who/what is going to use them? - Eric
> -----Original Message----- > From: Eric Biggers <ebiggers@kernel.org> > Sent: Wednesday, September 11, 2019 6:06 PM > To: Pascal van Leeuwen <pascalvanl@gmail.com> > Cc: linux-crypto@vger.kernel.org; antoine.tenart@bootlin.com; herbert@gondor.apana.org.au; > davem@davemloft.net; Pascal Van Leeuwen <pvanleeuwen@verimatrix.com> > Subject: Re: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) > skciphers > > On Wed, Sep 11, 2019 at 12:38:21PM +0200, Pascal van Leeuwen wrote: > > Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms > > > > What is the use case for these algorithms? Who/what is going to use them? > > - Eric > SM4 is a Chinese replacement for 128 bit AES, which is mandatory to be used for many Chinese use cases. So they would use these whereever you would normally use ofb(aes) or cfb(aes). Frankly, I'm not aware of any practicle use cases for these feedback modes, but we've been supporting them for decades and apparently the Crypto API supports them for AES as well. So they must be useful for something ... The obvious advantage over CBC mode was that they only require the encrypt part of the cipher, but that holds for the (newer) CTR mode as well. So, my guess would be some legacy uses cases from before the time CTR mode and AEAD's became popular. Maybe someone remembers why these were added for AES in the first place? Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
On Wed, Sep 11, 2019 at 07:34:31PM +0000, Pascal Van Leeuwen wrote: > > -----Original Message----- > > From: Eric Biggers <ebiggers@kernel.org> > > Sent: Wednesday, September 11, 2019 6:06 PM > > To: Pascal van Leeuwen <pascalvanl@gmail.com> > > Cc: linux-crypto@vger.kernel.org; antoine.tenart@bootlin.com; herbert@gondor.apana.org.au; > > davem@davemloft.net; Pascal Van Leeuwen <pvanleeuwen@verimatrix.com> > > Subject: Re: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) > > skciphers > > > > On Wed, Sep 11, 2019 at 12:38:21PM +0200, Pascal van Leeuwen wrote: > > > Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms > > > > > > > What is the use case for these algorithms? Who/what is going to use them? > > > > - Eric > > > SM4 is a Chinese replacement for 128 bit AES, which is mandatory to be used for many > Chinese use cases. So they would use these whereever you would normally use ofb(aes) > or cfb(aes). Frankly, I'm not aware of any practicle use cases for these feedback > modes, but we've been supporting them for decades and apparently the Crypto API > supports them for AES as well. So they must be useful for something ... > > The obvious advantage over CBC mode was that they only require the encrypt part of > the cipher, but that holds for the (newer) CTR mode as well. So, my guess would be > some legacy uses cases from before the time CTR mode and AEAD's became popular. > > Maybe someone remembers why these were added for AES in the first place? > So if you have no idea why they should be added, why are you adding them? - Eric
> -----Original Message----- > From: Eric Biggers <ebiggers@kernel.org> > Sent: Sunday, September 15, 2019 10:21 PM > To: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com> > Cc: Pascal van Leeuwen <pascalvanl@gmail.com>; linux-crypto@vger.kernel.org; > antoine.tenart@bootlin.com; herbert@gondor.apana.org.au; davem@davemloft.net > Subject: Re: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) > skciphers > > On Wed, Sep 11, 2019 at 07:34:31PM +0000, Pascal Van Leeuwen wrote: > > > -----Original Message----- > > > From: Eric Biggers <ebiggers@kernel.org> > > > Sent: Wednesday, September 11, 2019 6:06 PM > > > To: Pascal van Leeuwen <pascalvanl@gmail.com> > > > Cc: linux-crypto@vger.kernel.org; antoine.tenart@bootlin.com; herbert@gondor.apana.org.au; > > > davem@davemloft.net; Pascal Van Leeuwen <pvanleeuwen@verimatrix.com> > > > Subject: Re: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) > > > skciphers > > > > > > On Wed, Sep 11, 2019 at 12:38:21PM +0200, Pascal van Leeuwen wrote: > > > > Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms > > > > > > > > > > What is the use case for these algorithms? Who/what is going to use them? > > > > > > - Eric > > > > > SM4 is a Chinese replacement for 128 bit AES, which is mandatory to be used for many > > Chinese use cases. So they would use these whereever you would normally use ofb(aes) > > or cfb(aes). Frankly, I'm not aware of any practicle use cases for these feedback > > modes, but we've been supporting them for decades and apparently the Crypto API > > supports them for AES as well. So they must be useful for something ... > > > > The obvious advantage over CBC mode was that they only require the encrypt part of > > the cipher, but that holds for the (newer) CTR mode as well. So, my guess would be > > some legacy uses cases from before the time CTR mode and AEAD's became popular. > > > > Maybe someone remembers why these were added for AES in the first place? > > > > So if you have no idea why they should be added, why are you adding them? > Because our hardware supports these modes and I added support for this to the inside-secure driver, so it made sense to be able to test that as well. That's the primary reason for adding them, otherwise I would not have bothered. > - Eric Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 3604c9d..fbc19bc 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4406,6 +4406,12 @@ static int alg_test_null(const struct alg_test_desc *desc, .cipher = __VECS(aes_cfb_tv_template) }, }, { + .alg = "cfb(sm4)", + .test = alg_test_skcipher, + .suite = { + .cipher = __VECS(sm4_cfb_tv_template) + } + }, { .alg = "chacha20", .test = alg_test_skcipher, .suite = { @@ -5063,6 +5069,12 @@ static int alg_test_null(const struct alg_test_desc *desc, .test = alg_test_null, .fips_allowed = 1, }, { + .alg = "ofb(sm4)", + .test = alg_test_skcipher, + .suite = { + .cipher = __VECS(sm4_ofb_tv_template) + } + }, { .alg = "pcbc(fcrypt)", .test = alg_test_skcipher, .suite = { diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 1f56293..4e74f65 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -12209,6 +12209,104 @@ struct len_range_sel { } }; +static const struct cipher_testvec sm4_ofb_tv_template[] = { + { /* From: draft-ribose-cfrg-sm4-02, paragraph 12.2.3 */ + .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" + "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .klen = 16, + .iv = "\x01\x23\x45\x67\x89\xab\xcd\xef" + "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef" + "\xfe\xdc\xba\x98\x76\x54\x32\x10" + "\x01\x23\x45\x67\x89\xab\xcd\xef" + "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .ctext = "\x69\x3d\x9a\x53\x5b\xad\x5b\xb1" + "\x78\x6f\x53\xd7\x25\x3a\x70\x56" + "\xf2\x07\x5d\x28\xb5\x23\x5f\x58" + "\xd5\x00\x27\xe4\x17\x7d\x2b\xce", + .len = 32, + }, { /* From: draft-ribose-cfrg-sm4-09, appendix A.2.3, Example 1 */ + .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" + "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .klen = 16, + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .ptext = "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb" + "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd" + "\xee\xee\xee\xee\xff\xff\xff\xff" + "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb", + .ctext = "\xac\x32\x36\xcb\x86\x1d\xd3\x16" + "\xe6\x41\x3b\x4e\x3c\x75\x24\xb7" + "\x1d\x01\xac\xa2\x48\x7c\xa5\x82" + "\xcb\xf5\x46\x3e\x66\x98\x53\x9b", + .len = 32, + }, { /* From: draft-ribose-cfrg-sm4-09, appendix A.2.3, Example 2 */ + .key = "\xfe\xdc\xba\x98\x76\x54\x32\x10" + "\x01\x23\x45\x67\x89\xab\xcd\xef", + .klen = 16, + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .ptext = "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb" + "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd" + "\xee\xee\xee\xee\xff\xff\xff\xff" + "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb", + .ctext = "\x5d\xcc\xcd\x25\xa8\x4b\xa1\x65" + "\x60\xd7\xf2\x65\x88\x70\x68\x49" + "\x33\xfa\x16\xbd\x5c\xd9\xc8\x56" + "\xca\xca\xa1\xe1\x01\x89\x7a\x97", + .len = 32, + } +}; + +static const struct cipher_testvec sm4_cfb_tv_template[] = { + { /* From: draft-ribose-cfrg-sm4-02, paragraph 12.2.4 */ + .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" + "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .klen = 16, + .iv = "\x01\x23\x45\x67\x89\xab\xcd\xef" + "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef" + "\xfe\xdc\xba\x98\x76\x54\x32\x10" + "\x01\x23\x45\x67\x89\xab\xcd\xef" + "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .ctext = "\x69\x3d\x9a\x53\x5b\xad\x5b\xb1" + "\x78\x6f\x53\xd7\x25\x3a\x70\x56" + "\x9e\xd2\x58\xa8\x5a\x04\x67\xcc" + "\x92\xaa\xb3\x93\xdd\x97\x89\x95", + .len = 32, + }, { /* From: draft-ribose-cfrg-sm4-09, appendix A.2.4, Example 1 */ + .key = "\x01\x23\x45\x67\x89\xab\xcd\xef" + "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .klen = 16, + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .ptext = "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb" + "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd" + "\xee\xee\xee\xee\xff\xff\xff\xff" + "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb", + .ctext = "\xac\x32\x36\xcb\x86\x1d\xd3\x16" + "\xe6\x41\x3b\x4e\x3c\x75\x24\xb7" + "\x69\xd4\xc5\x4e\xd4\x33\xb9\xa0" + "\x34\x60\x09\xbe\xb3\x7b\x2b\x3f", + .len = 32, + }, { /* From: draft-ribose-cfrg-sm4-09, appendix A.2.4, Example 2 */ + .key = "\xfe\xdc\xba\x98\x76\x54\x32\x10" + "\x01\x23\x45\x67\x89\xab\xcd\xef", + .klen = 16, + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .ptext = "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb" + "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd" + "\xee\xee\xee\xee\xff\xff\xff\xff" + "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb", + .ctext = "\x5d\xcc\xcd\x25\xa8\x4b\xa1\x65" + "\x60\xd7\xf2\x65\x88\x70\x68\x49" + "\x0d\x9b\x86\xff\x20\xc3\xbf\xe1" + "\x15\xff\xa0\x2c\xa6\x19\x2c\xc5", + .len = 32, + } +}; + /* Cast6 test vectors from RFC 2612 */ static const struct cipher_testvec cast6_tv_template[] = { {
Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com> --- crypto/testmgr.c | 12 +++++++ crypto/testmgr.h | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+)