Overview
ShangMi (SM) algorithms are commercial-grade cryptographic technologies. Cryptographic algorithms form the backbone of security technologies in information systems. Globally, widely adopted algorithms include RSA, AES, and SHA256. In parallel, China has developed a suite of cryptographic algorithms that cater to mainstream application scenarios. Among these, SM2, SM3, and SM4 are particularly prominent in OSs.
| Algorithm | Publicly Available | Type | Application Scenarios |
|---|---|---|---|
| SM2 | Yes | Asymmetric encryption | Digital signatures, key exchange, encryption/decryption, PKI systems |
| SM3 | Yes | Hash algorithm | Integrity protection, one-way encryption, and other general scenarios |
| SM4 | Yes | Symmetric encryption | Encrypted storage, secure transmission |
Additionally, other publicly available algorithms like SM9 and ZUC, as well as non-public algorithms such as SM1 and SM7, are part of the ecosystem. Notably, all publicly available Chinese algorithms have been integrated into ISO/IEC standards, gaining international recognition. China has also established a series of cryptographic technical specifications and application standards, including commercial cryptographic certificate standards and the TLCP protocol stack. These collectively form China's commercial cryptographic standard system, which guides the development of the cryptographic security industry.
The SM features for the openEuler OS aims to enable SM series cryptographic algorithms for key security features of the OS and provide cryptographic services such as the SM series cryptographic algorithm library, certificates, and secure transmission protocols for upper-layer applications.
Currently, the following SM features are supported:
- SM2, SM3, and SM4 algorithms are supported in the user-mode algorithm libraries, such as OpenSSL and libgcrypt.
- SM2, SM3, and SM4 cipher suites are supported in OpenSSH.
- The SM Transport Layer Cryptography Protocol (TLCP) stack is supported in OpenSSL.
- SM3 and SM4 algorithms are supported for disk encryption (dm-crypt/cryptsetup).
- The SM3 algorithm is supported for password encryption in user identity authentication (pam/libuser/shadow).
- The SM3 algorithm is supported for data digest in intrusion detection (AIDE).
- SM2, SM3, and SM4 algorithms are supported in the kernel cryptographic framework (crypto) and algorithm performance optimization using instruction sets such as AVX/CE/NEON is allowed.
- The SM3 message digest algorithm and SM2 certificate are supported in Integrity Measurement Architecture and Extended Verification Module (IMA/EVM) of the kernel.
- The SM2 certificate is supported in kernel module signing and module signature verification.
- SM4-CBC and SM4-GCM algorithms are supported in Kernel Transport Layer Security (KTLS).
- SM3 and SM4 algorithms are supported in Kunpeng Accelerator Engine (KAE).
- UEFI secure boot supports the SM3 digest algorithm and SM2 digital signatures.
- RPM supports the SM2 encryption/decryption algorithm and SM3 digest algorithm for signing and verification.