Overview
The openEuler operating system (OS) now supports ShangMi (SM) cryptographic algorithms (SM2, SM3, and SM4) in key security features, and provides cryptographic services such as the SM cryptographic algorithm library, certificates, and secure transmission protocols for upper-layer applications.
Currently, the following SM features are supported:
- User-mode algorithm libraries, such as OpenSSL and Libgcrypt, support SM2, SM3, and SM4.
- OpenSSH supports SM2, SM3, and SM4.
- OpenSSL supports the Transport Layer Cryptography Protocol (TLCP) stack of the SM standards.
- SM3 and SM4 are supported for drive encryption (dm-crypt/cryptsetup).
- SM3 is supported for password encryption in user identity authentication.
- SM3 is supported for data digest in Advanced Intrusion Detection Environment (AIDE).
- SM2, SM3, and SM4 are supported in the kernel cryptographic framework (crypto), allowing algorithm performance optimization using instruction sets such as AVX, CE, and NEON.
- The SM3 data digest algorithm and SM2 certificate are supported in Integrity Measurement Architecture and Extended Verification Module (IMA/EVM) of the kernel.
- The SM2 certificate is supported in kernel module signing and module signature verification.
- SM4-CBC and SM4-GCM algorithms are supported in Kernel Transport Layer Security (KTLS).
- SM3 and SM4 are supported in the Kunpeng Accelerator Engine (KAE).
- UEFI Secure Boot supports SM2 for digital signing and SM3 for data digest.
Bug Catching