Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp4623139pxb; Mon, 27 Sep 2021 23:29:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwiunWdZ9Sv6XCY+3I2zZTWy9CiesfbAEdVcBuQpX+SPYc7ZtL0cpSWDjXxQVetfTSEm4vl X-Received: by 2002:a17:902:ea09:b0:13e:13a0:fa1e with SMTP id s9-20020a170902ea0900b0013e13a0fa1emr3732047plg.14.1632810594719; Mon, 27 Sep 2021 23:29:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632810594; cv=none; d=google.com; s=arc-20160816; b=cYJkAcJpaRFS4hoJAYYhs7K2jMNyrTjr22bPbq1O7Wx14wMsrGJBexEJ1nYipAqIR+ rTtJLkXIGEuz9jrVhT3SeI7mCMtVVFm58Veun3Q/nEG3jXlKkYvEilwMno3d+inqfawy advRDPX4ke9cyKrTJAQwC6ffnvRkwLQgpPZtkg7odcHv8MKHvW4RoZxl0ndBzcaCKHrR VZlvgVD3YGwr298RLP4AIEpJTkQv8QcnDUfmt62pYE62vd31yDvz7rDng0U9cxlxpeJx ImiBQ3wfS58pDAlQ837EHjRcsO1tBVn1+9o5n8KGPnz2et8w1FFsrNMQuFEOfsZEaoM9 cf9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=wnxHoUNg3Wb9cX7WKnH6SufdRk1nROuW9v5v6TJEzjc=; b=b+E3Z5rWv4am/ZyO62Kr5/wNhtTHjQldY5SJaBbMLvFi39S54j7nLnjyxySGpEevdg FEDisa1Ue6vcUlanA/IpzmYyuXvEavrYjIAaa3nmZBacoFi2fse+l98sJe9uqss47ufM hJOvCFlyIKMSLdOchOB9YugKV2fszkXrq+G2hGDq1uA07KGHZZqxcrY/ZbtItCgxM7h1 bEAA+8EEX1M+M78DGmZctKZcQ/m//7KPUbwkG84aEzQDWU0Mo6HJx9iH+AR6o8/qzygf HS3zuae/oZU+gT9TdD+s+lP9GQpaa8HqVoh9UMaFLtX441janWPb40v5//pTwGMsOJUp hfdA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gv15si2035529pjb.68.2021.09.27.23.29.40; Mon, 27 Sep 2021 23:29:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239007AbhI1Gag (ORCPT + 99 others); Tue, 28 Sep 2021 02:30:36 -0400 Received: from out4436.biz.mail.alibaba.com ([47.88.44.36]:27436 "EHLO out4436.biz.mail.alibaba.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238931AbhI1Gaf (ORCPT ); Tue, 28 Sep 2021 02:30:35 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R481e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04423;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=8;SR=0;TI=SMTPD_---0UpuTxzi_1632810523; Received: from localhost(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0UpuTxzi_1632810523) by smtp.aliyun-inc.com(127.0.0.1); Tue, 28 Sep 2021 14:28:43 +0800 From: Tianjia Zhang To: "David S. Miller" , Jakub Kicinski , Boris Pismenny , John Fastabend , Daniel Borkmann , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Tianjia Zhang Subject: [PATCH] net/tls: support SM4 CCM algorithm Date: Tue, 28 Sep 2021 14:28:43 +0800 Message-Id: <20210928062843.75283-1-tianjia.zhang@linux.alibaba.com> X-Mailer: git-send-email 2.19.1.3.ge56e4f7 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The IV of CCM mode has special requirements, this patch supports CCM mode of SM4 algorithm. Signed-off-by: Tianjia Zhang --- include/net/tls.h | 3 ++- net/tls/tls_sw.c | 20 ++++++++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index be4b3e1cac46..b6d40642afdd 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -66,7 +66,7 @@ #define MAX_IV_SIZE 16 #define TLS_MAX_REC_SEQ_SIZE 8 -/* For AES-CCM, the full 16-bytes of IV is made of '4' fields of given sizes. +/* For CCM mode, the full 16-bytes of IV is made of '4' fields of given sizes. * * IV[16] = b0[1] || implicit nonce[4] || explicit nonce[8] || length[3] * @@ -74,6 +74,7 @@ * Hence b0 contains (3 - 1) = 2. */ #define TLS_AES_CCM_IV_B0_BYTE 2 +#define TLS_SM4_CCM_IV_B0_BYTE 2 #define __TLS_INC_STATS(net, field) \ __SNMP_INC_STATS((net)->mib.tls_statistics, field) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 120a73abb95c..81bb78c812c4 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -498,9 +498,15 @@ static int tls_do_encryption(struct sock *sk, int rc, iv_offset = 0; /* For CCM based ciphers, first byte of IV is a constant */ - if (prot->cipher_type == TLS_CIPHER_AES_CCM_128) { + switch (prot->cipher_type) { + case TLS_CIPHER_AES_CCM_128: rec->iv_data[0] = TLS_AES_CCM_IV_B0_BYTE; iv_offset = 1; + break; + case TLS_CIPHER_SM4_CCM: + rec->iv_data[0] = TLS_SM4_CCM_IV_B0_BYTE; + iv_offset = 1; + break; } memcpy(&rec->iv_data[iv_offset], tls_ctx->tx.iv, @@ -1482,10 +1488,16 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, aad = (u8 *)(sgout + n_sgout); iv = aad + prot->aad_size; - /* For CCM based ciphers, first byte of nonce+iv is always '2' */ - if (prot->cipher_type == TLS_CIPHER_AES_CCM_128) { - iv[0] = 2; + /* For CCM based ciphers, first byte of nonce+iv is a constant */ + switch (prot->cipher_type) { + case TLS_CIPHER_AES_CCM_128: + iv[0] = TLS_AES_CCM_IV_B0_BYTE; iv_offset = 1; + break; + case TLS_CIPHER_SM4_CCM: + iv[0] = TLS_SM4_CCM_IV_B0_BYTE; + iv_offset = 1; + break; } /* Prepare IV */ -- 2.19.1.3.ge56e4f7