The IV of CCM mode has special requirements, this patch supports CCM
mode of SM4 algorithm.
Signed-off-by: Tianjia Zhang <[email protected]>
---
include/net/tls.h | 3 ++-
net/tls/tls_sw.c | 20 ++++++++++++++++----
2 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/include/net/tls.h b/include/net/tls.h
index be4b3e1cac46..b6d40642afdd 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -66,7 +66,7 @@
#define MAX_IV_SIZE 16
#define TLS_MAX_REC_SEQ_SIZE 8
-/* For AES-CCM, the full 16-bytes of IV is made of '4' fields of given sizes.
+/* For CCM mode, the full 16-bytes of IV is made of '4' fields of given sizes.
*
* IV[16] = b0[1] || implicit nonce[4] || explicit nonce[8] || length[3]
*
@@ -74,6 +74,7 @@
* Hence b0 contains (3 - 1) = 2.
*/
#define TLS_AES_CCM_IV_B0_BYTE 2
+#define TLS_SM4_CCM_IV_B0_BYTE 2
#define __TLS_INC_STATS(net, field) \
__SNMP_INC_STATS((net)->mib.tls_statistics, field)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 120a73abb95c..81bb78c812c4 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -498,9 +498,15 @@ static int tls_do_encryption(struct sock *sk,
int rc, iv_offset = 0;
/* For CCM based ciphers, first byte of IV is a constant */
- if (prot->cipher_type == TLS_CIPHER_AES_CCM_128) {
+ switch (prot->cipher_type) {
+ case TLS_CIPHER_AES_CCM_128:
rec->iv_data[0] = TLS_AES_CCM_IV_B0_BYTE;
iv_offset = 1;
+ break;
+ case TLS_CIPHER_SM4_CCM:
+ rec->iv_data[0] = TLS_SM4_CCM_IV_B0_BYTE;
+ iv_offset = 1;
+ break;
}
memcpy(&rec->iv_data[iv_offset], tls_ctx->tx.iv,
@@ -1482,10 +1488,16 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
aad = (u8 *)(sgout + n_sgout);
iv = aad + prot->aad_size;
- /* For CCM based ciphers, first byte of nonce+iv is always '2' */
- if (prot->cipher_type == TLS_CIPHER_AES_CCM_128) {
- iv[0] = 2;
+ /* For CCM based ciphers, first byte of nonce+iv is a constant */
+ switch (prot->cipher_type) {
+ case TLS_CIPHER_AES_CCM_128:
+ iv[0] = TLS_AES_CCM_IV_B0_BYTE;
iv_offset = 1;
+ break;
+ case TLS_CIPHER_SM4_CCM:
+ iv[0] = TLS_SM4_CCM_IV_B0_BYTE;
+ iv_offset = 1;
+ break;
}
/* Prepare IV */
--
2.19.1.3.ge56e4f7
Hello:
This patch was applied to netdev/net-next.git (refs/heads/master):
On Tue, 28 Sep 2021 14:28:43 +0800 you wrote:
> The IV of CCM mode has special requirements, this patch supports CCM
> mode of SM4 algorithm.
>
> Signed-off-by: Tianjia Zhang <[email protected]>
> ---
> include/net/tls.h | 3 ++-
> net/tls/tls_sw.c | 20 ++++++++++++++++----
> 2 files changed, 18 insertions(+), 5 deletions(-)
Here is the summary with links:
- net/tls: support SM4 CCM algorithm
https://git.kernel.org/netdev/net-next/c/128cfb882e23
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
On 28.09.2021 07:28, Tianjia Zhang wrote:
> The IV of CCM mode has special requirements, this patch supports CCM
> mode of SM4 algorithm.
>
Have you tried to connect this implementation to application with
user-space implementation of CCM mode? I wonder just because I have an
issue with AES-CCM Kernel TLS implementation when it's connected to
OpenSSL-driven server, but still have no time to fix it correctly.
Hi Vadim,
On 9/29/21 5:24 AM, Vadim Fedorenko wrote:
> On 28.09.2021 07:28, Tianjia Zhang wrote:
>> The IV of CCM mode has special requirements, this patch supports CCM
>> mode of SM4 algorithm.
>>
> Have you tried to connect this implementation to application with
> user-space implementation of CCM mode? I wonder just because I have an
> issue with AES-CCM Kernel TLS implementation when it's connected to
> OpenSSL-driven server, but still have no time to fix it correctly.
I did not encounter any issue when using KTLS with AES-CCM algorithm,
but the KTLS RX mode on the OpenSSL side does not seem to be supported.
I encountered some problems when using the SM4-CCM algorithm of KTLS.
Follow the RFC8998 specification, the handshake has been successful, and
the first data transmission can be successful. After that, I will
encounter the problem of MAC verification failure, but this is issue on
the OpenSSL side. because the problem is still being investigated, I
have not opened the code for the time being.
Cheers,
Tianjia
On 30.09.2021 04:34, Tianjia Zhang wrote:
> Hi Vadim,
>
> On 9/29/21 5:24 AM, Vadim Fedorenko wrote:
>> On 28.09.2021 07:28, Tianjia Zhang wrote:
>>> The IV of CCM mode has special requirements, this patch supports CCM
>>> mode of SM4 algorithm.
>>>
>> Have you tried to connect this implementation to application with
>> user-space implementation of CCM mode? I wonder just because I have an
>> issue with AES-CCM Kernel TLS implementation when it's connected to
>> OpenSSL-driven server, but still have no time to fix it correctly.
>
> I did not encounter any issue when using KTLS with AES-CCM algorithm, but the
> KTLS RX mode on the OpenSSL side does not seem to be supported.
>
> I encountered some problems when using the SM4-CCM algorithm of KTLS. Follow the
> RFC8998 specification, the handshake has been successful, and the first data
> transmission can be successful. After that, I will encounter the problem of MAC
> verification failure, but this is issue on the OpenSSL side. because the problem
> is still being investigated, I have not opened the code for the time being.
>
Are you sure that this is an issue on the OpenSSL side? Because absolutely the
same problem is reported for AES-CCM algo and only when it's offloaded to
kernel. Looks like encryption of CCM could be broken somehow.
I will try to investigate it a bit later from the AES-CCM side.
On 10/1/21 6:56 AM, Vadim Fedorenko wrote:
> On 30.09.2021 04:34, Tianjia Zhang wrote:
>> Hi Vadim,
>>
>> On 9/29/21 5:24 AM, Vadim Fedorenko wrote:
>>> On 28.09.2021 07:28, Tianjia Zhang wrote:
>>>> The IV of CCM mode has special requirements, this patch supports CCM
>>>> mode of SM4 algorithm.
>>>>
>>> Have you tried to connect this implementation to application with
>>> user-space implementation of CCM mode? I wonder just because I have an
>>> issue with AES-CCM Kernel TLS implementation when it's connected to
>>> OpenSSL-driven server, but still have no time to fix it correctly.
>>
>> I did not encounter any issue when using KTLS with AES-CCM algorithm,
>> but the KTLS RX mode on the OpenSSL side does not seem to be supported.
>>
>> I encountered some problems when using the SM4-CCM algorithm of KTLS.
>> Follow the RFC8998 specification, the handshake has been successful,
>> and the first data transmission can be successful. After that, I will
>> encounter the problem of MAC verification failure, but this is issue
>> on the OpenSSL side. because the problem is still being investigated,
>> I have not opened the code for the time being.
>>
> Are you sure that this is an issue on the OpenSSL side? Because
> absolutely the same problem is reported for AES-CCM algo and only when
> it's offloaded to kernel. Looks like encryption of CCM could be broken
> somehow.
>
> I will try to investigate it a bit later from the AES-CCM side.
Yes, but I only used openssl s_server/s_client to do the test. In
theory, this is not guaranteed to be fully covered. Can you tell us
about the scenario where your issue occurred? I will try to see if it
can replay.
Best regards,
Tianjia