Page MenuHome GnuPG

Calculate Z hash for sm2
Closed, ResolvedPublic

Description

According to GMT 0003.5-2012, Z hash calculation is added in the SM2 signature algorithm step to solve the problem of mutual signature verification with other libraries such as openssl

Details

Version
1.9.2

Event Timeline

werner added a project: Info Needed.
werner added a subscriber: werner.

We need more information on the why and when of this change. We don't want to maintain different versions of the same algorithm. The I-D expired more than 6 years ago and thus it should not be used as a reference.

We need more information on the why and when of this change. We don't want to maintain different versions of the same algorithm. The I-D expired more than 6 years ago and thus it should not be used as a reference.

Some information:

SM2 (GM/T 0003-2012): elliptic curve cryptographic schemes including digital signature scheme, public key.
According to the newest original formal standard "GM/T 0003.2 Public key cryptographic algorithm SM2 based on elliptic curves -- Part 2: Digital signature algorithm" by China National cryptography Bureau, it does have a calculate about Z_a.

Z_A=H_256(ENTL_A || ID_A || a || b || x_G || y_G || x_A || y_A)

The standard do not have any update since 2012. So the I-D seems not expired at all.

And I found a blog seems written by the SM2 implementation author of libgcrybt -- Tianjia Zhang. He/She drew a red circle on a standard picture of the Z_A.
Maybe we could contact with him.
rC6b55246c7708: Add elliptic curve SM2 implementation.

@bobwxc wrote:
And I found a blog seems written by the SM2 implementation author of libgcrybt -- Tianjia Zhang. He/She drew a red circle on a standard picture of the Z_A.

Excuse me, where is the link to this blog you mentioned?

Excuse me, where is the link to this blog you mentioned?

https://blog.csdn.net/openanolis/article/details/109745157 (only Chinese)
Author marked as "OpenAnolis" which is a blog of Alibaba Cloud. Zhang also from Ali.
This article mentioned the experience and commit of adding SM2 to libgcrypt and thanks NIIBE Yutaka's help.

gniibe claimed this task.
gniibe added a project: Not A Bug.
gniibe added a subscriber: gniibe.

Reading through the report, the spec., and current implementation, I concluded that this is not a bug, thus, I'm closing this.

This was basically from confusion, assuming it's not implemented.

In fact, it is implemented. See libgcrypt/tests/basic.c by the function check_pubkey_sign_ecdsa. There are two test cases with sm2 with sm3 hash.