[PATCH] sm3: implement SM3 hash algorithm
AbandonedPublic

Authored by gniibe on Oct 17 2017, 4:12 AM.

Details

Reviewers
jiazhang
Summary

This new module can be used to compute SM3 message digest of files or
memory blocks according to the specification GM/T 004-2012
Cryptographic Hash Algorithm SM3, published by State Encryption
Management Bureau, China.

  • cipher/Makefile.am: Define sm3 module
  • cipher/md.c: Add sm3 spec to the digest list
  • cipher/pubkey-util.c: Add sm3 to the list of known hash name
  • cipher/sm3.c: Implement SM3 hash function
  • configure.ac: Add sm3 to the available digest list
  • src/cipher.h: Declare sm3 function
  • src/gcrypt.h.in: Define GCRY_MD_SM3
  • tests/basic.c: Add sm3 basic test
  • tests/hashtest-256g.in: Enable 256g test with sm3
  • tests/hashtest.c: Define 256g check values for sm3
Test Plan

Pass the basic test:
make check

Pass the 256G test:
cd test
./hashtest --gigs 256 SM3
ashtest: 16 GiB so far hashed with SM3
hashtest: 32 GiB so far hashed with SM3
hashtest: 48 GiB so far hashed with SM3
hashtest: 64 GiB so far hashed with SM3
hashtest: 80 GiB so far hashed with SM3
hashtest: 96 GiB so far hashed with SM3
hashtest: 112 GiB so far hashed with SM3
hashtest: 128 GiB so far hashed with SM3
hashtest: 144 GiB so far hashed with SM3
hashtest: 160 GiB so far hashed with SM3
hashtest: 176 GiB so far hashed with SM3
hashtest: 192 GiB so far hashed with SM3
hashtest: 208 GiB so far hashed with SM3
hashtest: 224 GiB so far hashed with SM3
hashtest: 240 GiB so far hashed with SM3
hashtest: 256 GiB hashed with SM3

Diff Detail

Repository
rC libgcrypt
Lint
Lint Skipped
Unit
Unit Tests Skipped
jiazhang created this revision.Oct 17 2017, 4:12 AM
jiazhang updated this revision to Diff 1316.Oct 17 2017, 11:35 AM

This is the updated patch with sm3.c. The others are not touched.

For the implementation, it looks good for me.
I have suggestions and some requests.

Suggestions:

Requests:
Do we have any reference than: https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash ?
From here, I cannot access the document:
http://www.oscca.gov.cn/UpFile/20101222141857786.pdf

It's OK (for me) to read it in Chinese. I need to read through, if possible.

Do you know any other activity (Chines local things are also OK for me) for SM3? The internet draft has been expired already. If there is any activity for the standardization, please let us know.

In D449#3603, @gniibe wrote:

For the implementation, it looks good for me.
I have suggestions and some requests.

Suggestions:

  • I think that the all test vectors in draft-shen-sm3-hash should be in sm3.c.

    If I read your code correctly, the "abc" in Example 1 is there. I think that the vector in Example 2 in the document should be also provided.

No problem. Shall I create a new review or just update current review?

I googled and found out OID for SM3 hash function: 1.2.156.10197.1.401

References:
http://www.cesi.cn/uploads/soft/150720/1-150H00S100.pdf
http://gmssl.org/docs/oid.html
https://github.com/randombit/botan/blob/master/src/lib/asn1/oids.cpp

But I don't find they are recorded in any other formal locations. So this is why I initially said the OID for SM3 hash function is not available. For this case, should I add OID field in the code?

Requests:
Do we have any reference than: https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash ?
From here, I cannot access the document:
http://www.oscca.gov.cn/UpFile/20101222141857786.pdf

It's OK (for me) to read it in Chinese. I need to read through, if possible.

Do you know any other activity (Chines local things are also OK for me) for SM3? The internet draft has been expired already. If there is any activity for the standardization, please let us know.

Actually, the spec is available at its original official site: available http://www.sca.gov.cn/sca/xwdt/2010-12/17/1002389/files/302a3ada057c4a73830536d03e683110.pdf
I should use this link from the beginning. I will update the link location in new patch.

Thanks for your quick response.

It's good that we have the OID already.
I read the Chinese document briefly, I realized that its basically equivalent to the IETF draft.

Please update your sm.c so that it includes Example 2 in the document.
Then, I will merge the code into the master of libgcrypt git repo.

After that, I will add the code for OID, examining its status. Does it work for you?

IIUC, it's defined by the agency in 2010, and then it was published as the national standard: GM/T 0004-2012 SM3密码杂凑算法

In D449#3606, @gniibe wrote:

IIUC, it's defined by the agency in 2010, and then it was published as the national standard: GM/T 0004-2012 SM3密码杂凑算法

Actually this spec is evolved in this order:

  • Initially published by State Cryptography Administration, China, Dec 2012 (国家密码管理局) as a spec

http://www.sca.gov.cn/sca/xwdt/2010-12/17/content_1002389.shtml
and
http://www.sca.gov.cn/sca/xwdt/2010-12/17/1002389/files/302a3ada057c4a73830536d03e683110.pdf

  • Then became GM/T 0004-2012, published by Office of Security Commercial Code Administration (国家商用密码管理办公室), as GM/T 0004-2012 (where GM means "State Cryptography Administration", and T means the recommended)

http://www.oscca.gov.cn/UpFile/20101222141857786.pdf (dead link)

  • Eventually, it becomes GB/T 32905-2016 (where GB means standards press of China)

Note:
The original publishment "State Encryption Management Bureau, China" is not accuracy. It is copy from TPM 2.0 spec. The accuracy publishment should be "Office of Security Commercial Code Administration". I will change it.

In D449#3605, @gniibe wrote:

Thanks for your quick response.

It's good that we have the OID already.
I read the Chinese document briefly, I realized that its basically equivalent to the IETF draft.

Please update your sm.c so that it includes Example 2 in the document.
Then, I will merge the code into the master of libgcrypt git repo.

After that, I will add the code for OID, examining its status. Does it work for you?

It is pretty good for me!

This comment was removed by jiazhang.
jiazhang updated this revision to Diff 1317.EditedOct 24 2017, 8:19 AM

V2 Changelog:

  • Provide the test for the the long string "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd" (64-byte) documented in spec as example 2.
  • Correct the publishment from "State Encryption Management Bureau, China" to "Office of Security Commercial Code Administration" in commit header. The former is copy from TPM 2.0 spec and the name of agent is not accuracy.

Here is a quick diff for your review:

diff --git a/cipher/sm3.c b/cipher/sm3.c
index 9929c033..f0c574a5 100644

  * a/cipher/sm3.c

+++ b/cipher/sm3.c
@@ -23,6 +23,9 @@

"abc"
SM3: 66c7f0f4 62eeedd9 d1f2d46b dc10e4e2 4167c487 5cf2f7a2 297da02b 8f4ba8e0

+ "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"
+ SM3: debe9ff9 2275b8a1 38604889 c18e5a4d 6fdb70e5 387e5765 293dcba3 9c0c5732
+

"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
SM3: 639b6cc5 e64d9e37 a390b192 df4fa1ea 0720ab74 7ff692b9 f38c4e66 ad7b8c05

@@ -371,7 +374,7 @@ selftests_sm3 (int extended, selftest_report_func_t report)

const char *what;
const char *errtxt;

  * what = "short string";

+ what = "short string (spec example 1)";

errtxt = _gcry_hash_selftest_check_one
   (GCRY_MD_SM3, 0,
    "abc", 3,

@@ -382,6 +385,16 @@ selftests_sm3 (int extended, selftest_report_func_t report)

if (extended)
   {

+ what = "long string (spec example 2)";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SM3, 0,
+ "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd", 64,
+ "\xde\xbe\x9f\xf9\x22\x75\xb8\xa1\x38\x60\x48\x89\xc1\x8e\x5a\x4d"
+ "\x6f\xdb\x70\xe5\x38\x7e\x57\x65\x29\x3d\xcb\xa3\x9c\x0c\x57\x32",
+ 32);
+ if (errtxt)
+ goto failed;
+

what = "long string";
errtxt = _gcry_hash_selftest_check_one
   (GCRY_MD_SM3, 0,

I'm going to add your change except src/gcrypt.h.in.

Talking to Werner, I learned that new OpenPGP [0] standard will use 12 and 14, and it is not needed to be added in the range for OpenPGP standard.

[0] https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-02#section-9

So, I am now adding GCRY_MD_SM3 as the last entry, just like we did for SHA3.

Thanks for your great help! Once merged, I will continue the contributions to coreutils and gnulib in order to make sm3sum program eventually available.

gniibe accepted this revision.Oct 24 2017, 9:11 AM

For this proposed change, it is merged.
I'll add OID thing.

This revision is now accepted and ready to land.Oct 24 2017, 9:11 AM
gniibe removed a reviewer: wk.Nov 21 2017, 4:47 AM

Applied to master already.

gniibe commandeered this revision.Nov 21 2017, 4:49 AM
gniibe edited reviewers, added: jiazhang; removed: gniibe.
This revision now requires review to proceed.Nov 21 2017, 4:49 AM
gniibe abandoned this revision.Nov 21 2017, 4:49 AM