On Tue, Nov 28, 2023 at 12:11 AM Daniel P. Berrangé <berra...@redhat.com>
wrote:
> On Mon, Nov 27, 2023 at 11:55:34PM +0800, Hyman Huang wrote:
> > Introduce the SM4 cipher algorithms (OSCCA GB/T 32907-2016).
> >
> > SM4 (GBT.32907-2016) is a cryptographic standard issued by the
> > Organization of State Commercial Administration of China (OSCCA)
> > as an authorized cryptographic algorithms for the use within China.
>
> Just out of interest, what part of QEMU are you needing to use
> SM4 with ? Is it for a LUKS block driver cipher ?
>
Indeed, the LUKS block driver is the cause. Since SM4 can be accelerated by
encryption cards or hardware modules, we wish to evaluate the performance
overhead of the CPU and the proprietary hardware as in our production,
And the SM4 Algo CPU implementation could be introduced beforehand.
>
> >
> > Signed-off-by: Hyman Huang <yong.hu...@smartx.com>
> > ---
> > crypto/block-luks.c | 7 ++++++
> > crypto/cipher-gcrypt.c.inc | 4 ++++
>
> Looking at the gcrypt code, SM4 is only supported in >= 1.9.0
>
> QEMU min version is 1.8.0, so you'll need to modify meson.build
> to check whether SM4 is supported and put conditionals in this
> file
> > crypto/cipher-nettle.c.inc | 42 +++++++++++++++++++++++++++++++++
>
> Looking at the nettle code, SM4 is only supported in unreleased
> versions thus far.
> So again will need a meson.build check and conditionals.
>
OK, I'll check the library versions in the next versoin.
>
> > crypto/cipher.c | 2 ++
> > qapi/crypto.json | 5 +++-
> > tests/unit/test-crypto-cipher.c | 11 +++++++++
> > 6 files changed, 70 insertions(+), 1 deletion(-)
>
>
> > diff --git a/qapi/crypto.json b/qapi/crypto.json
> > index fd3d46ebd1..95fa10bb6d 100644
> > --- a/qapi/crypto.json
> > +++ b/qapi/crypto.json
> > @@ -94,6 +94,8 @@
> > #
> > # @twofish-256: Twofish with 256 bit / 32 byte keys
> > #
> > +# @sm4: SM4 with 128 bit / 16 byte keys (since 8.2)
>
> We're in feature freeze for 8.2, so mark this 9.0 as that'll be the
> next available release this could be merged for.
>
Get it.
>
> > +#
> > # Since: 2.6
> > ##
> > { 'enum': 'QCryptoCipherAlgorithm',
> > @@ -102,7 +104,8 @@
> > 'des', '3des',
> > 'cast5-128',
> > 'serpent-128', 'serpent-192', 'serpent-256',
> > - 'twofish-128', 'twofish-192', 'twofish-256']}
> > + 'twofish-128', 'twofish-192', 'twofish-256',
> > + 'sm4']}
> >
> > ##
> > # @QCryptoCipherMode:
> > diff --git a/tests/unit/test-crypto-cipher.c
> b/tests/unit/test-crypto-cipher.c
> > index d9d9d078ff..80a4984e43 100644
> > --- a/tests/unit/test-crypto-cipher.c
> > +++ b/tests/unit/test-crypto-cipher.c
> > @@ -382,6 +382,17 @@ static QCryptoCipherTestData test_data[] = {
> > .plaintext = "90afe91bb288544f2c32dc239b2635e6",
> > .ciphertext = "6cb4561c40bf0a9705931cb6d408e7fa",
> > },
> > + {
> > + /* SM4, GB/T 32907-2016, Appendix A.1 */
> > + .path = "/crypto/cipher/sm4",
> > + .alg = QCRYPTO_CIPHER_ALG_SM4,
> > + .mode = QCRYPTO_CIPHER_MODE_ECB,
> > + .key = "0123456789abcdeffedcba9876543210",
> > + .plaintext =
> > + "0123456789abcdeffedcba9876543210",
> > + .ciphertext =
> > + "681edf34d206965e86b3e94f536e4246",
> > + },
> > {
> > /* #1 32 byte key, 32 byte PTX */
> > .path = "/crypto/cipher/aes-xts-128-1",
> > --
> > 2.39.1
> >
>
> With regards,
> Daniel
> --
> |: https://berrange.com -o-
> https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org -o-
> https://www.instagram.com/dberrange :|
>
>
Thanks for the comment,
Yong
--
Best regards
