An implementation of the Chinese SM3 hash algorithm #4616
Conversation
ronaldtse
changed the title
|
For the first question, I suspect the consensus will be that the low level calls SM3_Init, SM3_Update, SM3_Final and SM3 shouldn't be exposed. This means no need for the SM3.pod file, the sm3.h should be internal and the functions renamed sm3_init, sm3_update and sm3_final and the SM3 function removed. For the second question, there isn't a need for a standalone test for SM3. The tests in |
crypto/evp/m_sm3.c
Outdated
| @@ -0,0 +1,55 @@ | |||
| /* | |||
There was a problem hiding this comment.
This file could be placed in crypto/sm3 just as well. As a matter of fact, I'd like to encourage that. Have a look at crypto/blake2/ for inspiration.
|
I agree with @paulidale, making an EVP only interface has been the move for some time now. |
|
Regarding lowercasing the function names, I'm not sure that's an absolute necessity. We haven't been picky about that before (see SM4... or Blake2, for that matter)... |
|
I'm for lower casing them moving forwards. Upper case lead ins to names are generally exported. We possibly should rework the non-exported upper case lead in names to be lowercase. I might get some time for this later in the week. I've also a scheme to move to an EVP only interface -- this means replacing the historic direct calls with wrappers that use the EVP interface. It also renaming internal uses of these functions and (perhaps) the structures that are used. I.e. somewhat invasive :( |
|
Out of interest, are there going to be submissions for SM2 and SM9 as well? The rest of the SM family are unpublished/untranslated as far as I'm aware. |
I argued the exact same thing years ago, and personally encourage it. You need to know, though, that some are concerned with speed and how that will be affected by this move (that's the reason I never went ahead with this) |
|
@paulidale @levitte restructured to internal EVP now, using lowercase function names. Yes @paulidale we will be contributing SM2 as well, as @richsalz , @levitte and @InfoHunter already know. We haven't done SM9 but will see what happens! |
crypto/sm3/sm3_locl.h
Outdated
| D = TT1; \ | ||
| F = ROTATE(F, 19); \ | ||
| H = P0(TT2); \ | ||
| } while(0); |
There was a problem hiding this comment.
Whole point behind do { } while(0) in macro is to not end it with ;.
There was a problem hiding this comment.
Oops, introduced while converting this from an inline to a macro
| const SM3_WORD A12_SM = A12 + E + TJ; \ | ||
| const SM3_WORD SS1 = ROTATE(A12_SM, 7); \ | ||
| const SM3_WORD TT1 = FF(A, B, C) + D + (SS1 ^ A12) + (Wj); \ | ||
| const SM3_WORD TT2 = GG(E, F, G) + H + SS1 + Wi; \ |
There was a problem hiding this comment.
What's with const qualifiers? With variables one would customarily use it with assignment that can be evaluated at compile time, but here it makes no sense and asks for [unnecessary] question "why" ;-)
There was a problem hiding this comment.
This is the idiom used in the originating C++ code in Botan (any variable that is not mutated is marked const so it is clear to the reader no later modifications occur, without having to scan all later uses to verify this.)
There was a problem hiding this comment.
In the spirit of moving ahead, @dot-asm would you want us to remove the const?
There was a problem hiding this comment.
I use const in contexts like these as an aid to prevent programmer error -- the compiler catches attempts to assign to const variables by mistake. Not so much for when I first write the code but for the developer who gets to maintain it ten years later.
It has lesser to do export-ability, but rather with how algorithm is referred to in general. With all capitals customarily denoting abbreviations. |
I'd say that this effectively encourages application developers to not rewrite their code, and I'd view it as negative thing. Or in other words direct calls should be simply privatized in next major release without any "convenience" patches. I for one would even take it step further and discourage application developers from using even things like EVP_sm3() (and by extension EVP_sha1()). Instead application should look it up by nid or symbolic name at run time and act accordingly. [Well, one might find it appropriate to compromise and say that those EVP_algo() that can't be disabled could be exported, but those which can be disabled shouldn't really.] This has everything to do with idea of "universal" headers. And just in case it wasn't clear, this is something that could be done only in next major release. |
Do we have a wiki page or something where we are keeping track of major changes we want to make in the next major release? |
The closest thing we have AFAIK is the "1.2.0" label. There aren't any issues using that label, but there are a number of PRs that have that against them. We should probably create issues when we identifying this like this and assign the "1.2.0" label. |
doc/man3/EVP_sm3.pod
Outdated
|
|
||
| #include <openssl/evp.h> | ||
|
|
||
| const EVP_MD *EVP_digestname(void) |
There was a problem hiding this comment.
doc-nits complains about this missing in the NAME section. In this case, it's just one name, so I think it would be better to simply have EVP_sm3 instead of EVP_digestname here...
doc/man3/SM3.pod
Outdated
| @@ -0,0 +1,76 @@ | |||
| =pod | |||
There was a problem hiding this comment.
Weren't you going to remove this file?
There was a problem hiding this comment.
Indeed, it's removed now. Just a reminder that with this change, now each EVP hash algorithm is going to need its own man file 😉
|
Were folks aware of http://gmssl.org/ ? |
|
Yeah, I took a look at it. Based on some advice I got during our recent China trip, it didn't get more than a cursory look. |
ronaldtse
force-pushed
the
add-sm3-hash
branch
from
7ba3bc9 to
cb26fba
Compare
|
@levitte I've removed all references of SM3 from |
INSTALL
Outdated
| synonymous with rmd160. | ||
| rc2, rc4, rmd160, scrypt, seed, siphash, sm3, sm4 or | ||
| whirlpool. The "ripemd" algorithm is deprecated and if used | ||
| is synonymous with rmd160. |
There was a problem hiding this comment.
Why was the indentation changed? We prefer all spaces indentation as tabs can be set different. You obviously use 4-column tabs ;-)
There was a problem hiding this comment.
Argh it was from a merge conflict between sm3 and sm4 😉 Thank you for this.
|
Also, I'm curious, how is GM/T 0004-2012 related to this? |
|
The SM3 hash algorithm has been specified in multiple documents of differing importance. The first public document of SM3 was published by OSCCA (State Cryptography Office) as a "Cryptographic Standard" GM/T 0004-2012. It was "upgraded" to a "China National Standard" by the SAC and TC 260 (China Standards Body) in GB/T 32905-2016 with some minor changes (to documentation, not to the algorithm). |
|
Ok. It's curious in my view, but then I'm used to only refering to the last RFC we conform to, and that RFC having back references to older RFCs on the same matter. Either way, I'm not asking you to change your references, only to satisfy my curiousity... which you have now done, thank you :-) |
|
It would be sad if no one was curious on something I found interesting, so thank you 😉 |
|
If there is an english version of GB/T 32905-2016, I'd love to read it. All I've been able to find is old IETF drafts, and I'd like to understand a bit better what corresponds to what |
|
@levitte Is there anything further we can do to move this ahead? Thanks! |
crypto/include/internal/sm3.h
Outdated
| # error SM3 is disabled. | ||
| # endif | ||
|
|
||
| # ifdef __cplusplus |
There was a problem hiding this comment.
I do wonder if this is needed for an internal header file.
crypto/sm3/m_sm3.c
Outdated
|
|
||
| #include <openssl/evp.h> | ||
| #include "internal/evp_int.h" | ||
| #include "internal/sm3.h" |
There was a problem hiding this comment.
A space between the # and include for these.
crypto/sm3/sm3.c
Outdated
|
|
||
| #ifndef OPENSSL_NO_SM3 | ||
|
|
||
| #include <openssl/e_os2.h> |
There was a problem hiding this comment.
Add spaces to these two too.
crypto/include/internal/sm3.h
Outdated
| # endif | ||
|
|
||
| #define SM3_DIGEST_LENGTH 32 | ||
| #define SM3_WORD unsigned int |
There was a problem hiding this comment.
While we're picking nits, there two need a space between # and defined
|
Will get the nits ironed out soon! |
ronaldtse
force-pushed
the
add-sm3-hash
branch
from
7e75b19 to
7159bde
Compare
|
@levitte @paulidale the nits have been addressed. Please feel free to let me know if there’s anything further to be done. Thanks! |
.travis.yml
Outdated
| @@ -168,7 +168,7 @@ script: | |||
| else | |||
| echo -e '+\057 MAKE UPDATE FAILED'; false; | |||
| fi; | |||
| git diff --quiet | |||
| git diff --name-only | |||
There was a problem hiding this comment.
Thanks for the tip! Done.
ronaldtse
force-pushed
the
add-sm3-hash
branch
from
e30dc79 to
00c6b38
Compare
ronaldtse
force-pushed
the
add-sm3-hash
branch
from
00c6b38 to
b44957c
Compare
|
@levitte do you want to squash into one commit? I'm happy do so. |
ronaldtse
force-pushed
the
add-sm3-hash
branch
from
b44957c to
3b3d3d0
Compare
|
@levitte squashed to 2 commits now and rebased to latest master. Good to merge? |
|
Looks good enough for me. |
|
Need a rebase to master before merging. |
SM3 is a secure hash function which is part of the Chinese "Commercial Cryptography" suite of algorithms which use is required for certain commercial applications in China.
ronaldtse
force-pushed
the
add-sm3-hash
branch
from
3b3d3d0 to
0ca2733
Compare
|
@paulidale all done! |
SM3 is a secure hash function which is part of the Chinese "Commercial Cryptography" suite of algorithms which use is required for certain commercial applications in China. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #4616)
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #4616)
|
Merged, thanks. |
|
Thank you @paulidale @levitte @mattcaswell @dot-asm and @richsalz ! |
|
Something the reviewers missed which I've added for SM3 and SM4 in #4678 but should go in for SM2 when you make that PR. Things that can be disabled should be added to the openssl list -disabled command. |
|
Indeed we will keep this in mind. Thanks! |
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl/openssl#4616)
This PR introduces the Chinese SM3 hash algorithm, which produces a 256-bit digest.
This was ported from Ribose's contribution to Botan, and contains some minor changes to make its performance on par with Botan's SM3 implementation.
Currently openssl speed -evp sm3 reports:
~270 MB/s on @randombit 's machine
~250 MB/s on @ronaldtse 's macOS Macbook Pro 3.1 GHz
This is a contribution by Ribose Inc. and was done with knowledge of @richsalz, @levitte, @InfoHunter.
Questions:
doc/man3/SM3.pod, but the non-EVP interface is discouraged. Should it be moved todoc/man3/EVP_sm3.pod(and hence the breakup of the digests pod files)?test/recipe/except HMAC. Do we need one?cc: @randombit @dewyatt @erikbor
This is a contribution from Ribose Inc..
Checklist