[PATCH 1/2] crypto: sm3 - add a new alias name sm3-256

Van Leeuwen, Pascal pvanleeuwen at rambus.com
Mon Feb 10 17:01:01 UTC 2020


> -----Original Message-----
> From: linux-crypto-owner at vger.kernel.org <linux-crypto-owner at vger.kernel.org> On Behalf Of James Bottomley
> Sent: Monday, February 10, 2020 5:40 PM
> To: Ken Goldman <kgold at linux.ibm.com>; Eric Biggers <ebiggers at kernel.org>; Tianjia Zhang <tianjia.zhang at linux.alibaba.com>
> Cc: herbert at gondor.apana.org.au; davem at davemloft.net; zohar at linux.ibm.com; dmitry.kasatkin at gmail.com; jmorris at namei.org;
> serge at hallyn.com; linux-crypto at vger.kernel.org; linux-integrity at vger.kernel.org; linux-security-module at vger.kernel.org; linux-
> kernel at vger.kernel.org
> Subject: Re: [PATCH 1/2] crypto: sm3 - add a new alias name sm3-256
>
> <<< External Email >>>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the
> sender/sender address and know the content is safe.
>
>
> On Mon, 2020-02-10 at 11:30 -0500, Ken Goldman wrote:
> > On 2/9/2020 10:17 PM, Eric Biggers wrote:
> > > According to https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fid%2Fdraft-oscca-cfrg-sm3-
> 01.html&amp;data=01%7C01%7Cpvanleeuwen%40verimatrix.com%7C3a51d0c133dd4b00fd9a08d7ae47d6d6%7Cdcb260f9022d449586
> 02eae51035a0d0%7C0&amp;sdata=0nQ6tWMdVR5uB0MTCgdMXiOmkvTvGEKDTLcMXdzyZpg%3D&amp;reserved=0
> > > ,
> > > SM3 always produces a 256-bit hash value.  E.g., it says:
> > >
> > >     "SM3 produces an output hash value of 256 bits long"
> > >
> > > and
> > >
> > >     "SM3 is a hash function that generates a 256-bit hash value."
> > >
> > > I don't see any mention of "SM3-256".
> > >
> > > So why not just keep it as "sm3" and change hash_info.c instead?
> > > Since the name there is currently wrong, no one can be using it
> > > yet.
> >
> > Question:  Is 256 bits fundamental to SM3?
>
> No.
>
Well, the current specification surely doesn't define anything else and is
already over a decade old. So what would be the odds that they add a
different blocksize variant _now_ AND still call that SM3-something?

> >   Could there ever be a
> > variant in the future that's e.g., 512 bits?
>
> Yes, SM3 like SHA-3 is based on a 512  bit input blocks.  However,
> what's left of the standard:
>
SM3 is based on 512 bit input blocks, like _SHA-2_.
The SHA-3 variants use block sizes between 576 and 1152 bits,
depending on the output (digest) size.

The -xxx is referring to output (digest) size, not block size by the way.
And SHA-3 is indeed defined for 512 bit output size, amongst others.

> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-sca-cfrg-sm3-
> 02.txt&amp;data=01%7C01%7Cpvanleeuwen%40verimatrix.com%7C3a51d0c133dd4b00fd9a08d7ae47d6d6%7Cdcb260f9022d44958602
> eae51035a0d0%7C0&amp;sdata=9pfgM0bG%2Bp0zUavsknwn9vquWqPsqzPENV2okmgCOqE%3D&amp;reserved=0
>
> Currently only defines a 256 output (via compression from the final 512
> bit output).
>
Yes. Although that is not the original (Chinese) specification.

> In theory, like SHA-3, SM3 could support 384 and 512
> output variants.  However, there's no evidence anyone is working on
> adding this.
>
Hmm ... not without changing the word width (as for SHA-512) and/or
increasing the number of rounds plus other tweaking, I would say.
It's not as straightforward as you are suggesting (crypto rarely is).
I would even go as far as saying that is highly unlikely to happen.

Regards,
Pascal van Leeuwen
Silicon IP Architect Multi-Protocol Engines, Rambus Security
Rambus ROTW Holding BV
+31-73 6581953

Note: The Inside Secure/Verimatrix Silicon IP team was recently acquired by Rambus.
Please be so kind to update your e-mail address book with my new e-mail address.


** This message and any attachments are for the sole use of the intended recipient(s). It may contain information that is confidential and privileged. If you are not the intended recipient of this message, you are prohibited from printing, copying, forwarding or saving it. Please delete the message and attachments and notify the sender immediately. **

Rambus Inc.<http://www.rambus.com>



More information about the Linux-security-module-archive mailing list