Hi Niels,
SM2/3/4 is a series of algorithms, which are all standards formulated by the China Cryptography Administration. They are widely used in China. At present, they are all ISO international standards. We will also consider supporting SM2 and SM4 algorithms in the future.
On 11/26/21 12:04 AM, Niels Möller wrote:
Tianjia Zhang tianjia.zhang@linux.alibaba.com writes:
Add OSCCA SM3 secure hash generic hash algorithm, described in OSCCA GM/T 0004-2012 SM3.
Thanks, I've had a first quick look, and it looks nice. I don't know much about this hash function, though. A few questions >
- Is there some reasonably authoritative English reference for the algorithm? I checked wikipedia, and it only links to an old internet draft, https://tools.ietf.org/id/draft-oscca-cfrg-sm3-02.html
You can refer to the ISO specification here: https://www.iso.org/standard/67116.html Or PDF version: https://github.com/alipay/tls13-sm-spec/blob/master/sm-en-pdfs/sm3/GBT.32905...
- The name "sm3" is a bit short, would it make sense to add some family-prefix, maybe "oscca_sm3"?
I do not recommend adding algorithm family prefixes. The algorithm names are already standardized, and the current mainstream implementations also use SM3 names, such as libgcrypt, openssl, linux kernel, coreutils, etc.
- Do you have some examples of protocols or applications that specify the use of sm3?
The SM2/3/4 algorithm can now be used in TLS 1.3 and other scenarios. It is also mandatory to use this type of algorithm in some areas in China. You can refer to: https://datatracker.ietf.org/doc/html/rfc8998 https://datatracker.ietf.org/doc/draft-chen-sm2-sm3-algorithms/
- The implementation, it's written from scratch, or is it based on some reference implementation?
The specification does not define the reference implementation of the algorithm. This series of patches mainly refers to the SM3 implementation in libgcrypt and gnulib.
Regards, /Niels
I hope your question has been answered, thanks again.
Best regards, Tianjia