These patches add xfrm support for SM3 and SM4 algorithms which are
cryptographic standards published by China State Cryptography
Administration.
SM3 secure hash (OSCCA GM/T 0004-2012 SM3) is based on Merkle-Damgard
with a thuncation of 256 bits. It could be used for authentication
and random number generation.
SM4 symmetric ciper algorithm (OSCCA GB/T 32097-2016) has at least 128
bits packet length which is similar to AES ciper algorithm. It is
suitable for the use of block ciphers in cryptographic applications.
As SM3 and SM4 have already been supported by Linux kernel,
after these patches, we can use them with "ip xfrm" tools easily.
Xu Jia (2):
xfrm: Add support for SM3 secure hash
xfrm: Add support for SM4 symmetric cipher algorithm
include/uapi/linux/pfkeyv2.h | 2 ++
net/xfrm/xfrm_algo.c | 41 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 43 insertions(+)
--
1.8.3.1
This patch adds SM4 encryption algorithm entry to ealg_list.
Signed-off-by: Xu Jia <[email protected]>
---
include/uapi/linux/pfkeyv2.h | 1 +
net/xfrm/xfrm_algo.c | 21 +++++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/include/uapi/linux/pfkeyv2.h b/include/uapi/linux/pfkeyv2.h
index 798ba9f..8abae1f 100644
--- a/include/uapi/linux/pfkeyv2.h
+++ b/include/uapi/linux/pfkeyv2.h
@@ -330,6 +330,7 @@ struct sadb_x_filter {
#define SADB_X_EALG_AES_GCM_ICV16 20
#define SADB_X_EALG_CAMELLIACBC 22
#define SADB_X_EALG_NULL_AES_GMAC 23
+#define SADB_X_EALG_SM4CBC 24
#define SADB_EALG_MAX 253 /* last EALG */
/* private allocations should use 249-255 (RFC2407) */
#define SADB_X_EALG_SERPENTCBC 252 /* draft-ietf-ipsec-ciph-aes-cbc-00 */
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 00b5444..094734f 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -572,6 +572,27 @@
.sadb_alg_maxbits = 288
}
},
+{
+ .name = "cbc(sm4)",
+ .compat = "sm4",
+
+ .uinfo = {
+ .encr = {
+ .geniv = "echainiv",
+ .blockbits = 128,
+ .defkeybits = 128,
+ }
+ },
+
+ .pfkey_supported = 1,
+
+ .desc = {
+ .sadb_alg_id = SADB_X_EALG_SM4CBC,
+ .sadb_alg_ivlen = 16,
+ .sadb_alg_minbits = 128,
+ .sadb_alg_maxbits = 256
+ }
+},
};
static struct xfrm_algo_desc calg_list[] = {
--
1.8.3.1
On Wed, Dec 22, 2021 at 05:06:57PM +0800, Xu Jia wrote:
> These patches add xfrm support for SM3 and SM4 algorithms which are
> cryptographic standards published by China State Cryptography
> Administration.
>
> SM3 secure hash (OSCCA GM/T 0004-2012 SM3) is based on Merkle-Damgard
> with a thuncation of 256 bits. It could be used for authentication
> and random number generation.
>
> SM4 symmetric ciper algorithm (OSCCA GB/T 32097-2016) has at least 128
> bits packet length which is similar to AES ciper algorithm. It is
> suitable for the use of block ciphers in cryptographic applications.
>
> As SM3 and SM4 have already been supported by Linux kernel,
> after these patches, we can use them with "ip xfrm" tools easily.
>
>
> Xu Jia (2):
> xfrm: Add support for SM3 secure hash
> xfrm: Add support for SM4 symmetric cipher algorithm
>
> include/uapi/linux/pfkeyv2.h | 2 ++
> net/xfrm/xfrm_algo.c | 41 +++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 43 insertions(+)
Series applied to ipsec-next, thanks a lot!