Re: [PATCH] net/tls: support SM4 CCM algorithm

From: Vadim Fedorenko
Date: Thu Sep 30 2021 - 18:56:22 EST

Next message: SOUTHWESTLOANCO: "Dear owner,"
Previous message: Kees Cook: "Re: [PATCH v2] docs: Explain the desired position of function attributes"
In reply to: Tianjia Zhang: "Re: [PATCH] net/tls: support SM4 CCM algorithm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 30.09.2021 04:34, Tianjia Zhang wrote:

Hi Vadim,

On 9/29/21 5:24 AM, Vadim Fedorenko wrote:

On 28.09.2021 07:28, Tianjia Zhang wrote:

The IV of CCM mode has special requirements, this patch supports CCM
mode of SM4 algorithm.

Have you tried to connect this implementation to application with
user-space implementation of CCM mode? I wonder just because I have an
issue with AES-CCM Kernel TLS implementation when it's connected to
OpenSSL-driven server, but still have no time to fix it correctly.

I did not encounter any issue when using KTLS with AES-CCM algorithm, but the KTLS RX mode on the OpenSSL side does not seem to be supported.

I encountered some problems when using the SM4-CCM algorithm of KTLS. Follow the RFC8998 specification, the handshake has been successful, and the first data transmission can be successful. After that, I will encounter the problem of MAC verification failure, but this is issue on the OpenSSL side. because the problem is still being investigated, I have not opened the code for the time being.

Are you sure that this is an issue on the OpenSSL side? Because absolutely the same problem is reported for AES-CCM algo and only when it's offloaded to kernel. Looks like encryption of CCM could be broken somehow.

I will try to investigate it a bit later from the AES-CCM side.

Next message: SOUTHWESTLOANCO: "Dear owner,"
Previous message: Kees Cook: "Re: [PATCH v2] docs: Explain the desired position of function attributes"
In reply to: Tianjia Zhang: "Re: [PATCH] net/tls: support SM4 CCM algorithm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]