<div dir="ltr"><div dir="auto">I think now the two questions are:</div><div dir="auto"><br></div><div dir="auto">(1) following the common practice of gcrypt, what requirement should be met to add a new hash function? <br></div><div dir="auto"><br></div><div dir="auto">(2) there are very few resources available for SM3 -- even the Chinese resource. This makes it really hard to double check and make code review. The problem is, there is no English official release? This is a very crucial step because open-source community is very international.<br><div dir="auto"><div dir="auto"><br></div>Weikeng<br><div class="gmail_extra" dir="auto"><br><div class="gmail_quote">On Oct 15, 2017 8:31 AM, "张佳(乾越)" <<a href="mailto:qianyue.zj@alibaba-inc.com" target="_blank">qianyue.zj@alibaba-inc.com</a>> wrote:<br type="attribution"><blockquote class="m_-7039191114796124707m_841827728590537141quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="m_-7039191114796124707m_841827728590537141m_8608357539809379802__aliyun_email_body_block"><div style="clear:both"><span style="font-family:Tahoma,Arial,STHeiti,SimSun;font-size:14.0px;color:#000000">Plz search "Trusted Platform Module Library" spec rev 1.38 for the references to SM3. Also, I have a working TPM 2.0 hardware showing the capability of support on sm3.</span></div><div style="clear:both"><span style="font-family:Tahoma,Arial,STHeiti,SimSun;font-size:14.0px;color:#000000"><br></span></div><div style="clear:both"><span style="font-family:Tahoma,Arial,STHeiti,SimSun;font-size:14.0px;color:#000000">$tpm2_dump_capability -c algor<wbr>ithms | grep 'hash:\s*set' -B <wbr>3<br>TPMA_ALGORITHM for ALG_ID: 0x4<wbr> - sha1<br> asymmetric: clear<br> symmetric: clear<br> hash: set<br>--<br>TPMA_ALGORITHM for ALG_ID: 0x5<wbr> - hmac<br> asymmetric: clear<br> symmetric: clear<br> hash: set<br>--<br>TPMA_ALGORITHM for ALG_ID: 0x7<wbr> - mgf1<br> asymmetric: clear<br> symmetric: clear<br> hash: set<br>--<br>TPMA_ALGORITHM for ALG_ID: 0x8<wbr> - keyedhash<br> asymmetric: clear<br> symmetric: clear<br> hash: set<br>--<br>TPMA_ALGORITHM for ALG_ID: 0xa<wbr> - xor<br> asymmetric: clear<br> symmetric: set<br> hash: set<br>--<br>TPMA_ALGORITHM for ALG_ID: 0xb<wbr> - sha256<br> asymmetric: clear<br> symmetric: clear<br> hash: set<br>--<br>TPMA_ALGORITHM for ALG_ID: 0x1<wbr>2 - sm3_256<br> asymmetric: clear<br> symmetric: clear<br> hash: set<br>--<br>TPMA_ALGORITHM for ALG_ID: 0x2<wbr>0 - kdf1_sp800_56a<br> asymmetric: clear<br> symmetric: clear<br> hash: set<br>--<br>TPMA_ALGORITHM for ALG_ID: 0x2<wbr>2 - kdf1_sp800_108<br> asymmetric: clear<br> symmetric: clear<br> hash: set<br></span></div><div style="clear:both"><br></div><div style="clear:both"><span style="font-family:Tahoma,Arial,STHeiti,SimSun;font-size:14.0px;color:#000000">Jia</span><div>
</div></div><blockquote style="margin-right:0;margin-top:0;margin-bottom:0"><div class="m_-7039191114796124707m_841827728590537141quoted-text"><div style="clear:both"><span style="font-family:Tahoma,Arial,STHeiti,SimSun;font-size:14.0px;color:#000000">------------------------------<wbr>------------------------------<wbr>------</span></div><div style="clear:both"><span style="font-family:Tahoma,Arial,STHeiti,SimSun;font-size:14.0px;color:#000000">发件人:Weikeng Chen <<a href="mailto:w.k@berkeley.edu" target="_blank">w.k@berkeley.edu</a>></span></div></div><div style="clear:both"><span style="font-family:Tahoma,Arial,STHeiti,SimSun;font-size:14.0px;color:#000000">发送时间:2017年10月15日(星期日) 16:47</span></div><div class="m_-7039191114796124707m_841827728590537141quoted-text"><div style="clear:both"><span style="font-family:Tahoma,Arial,STHeiti,SimSun;font-size:14.0px;color:#000000">收件人:R0b0t1 <<a href="mailto:r030t1@gmail.com" target="_blank">r030t1@gmail.com</a>></span></div><div style="clear:both"><span style="font-family:Tahoma,Arial,STHeiti,SimSun;font-size:14.0px;color:#000000">抄 送:张佳(乾越) <<a href="mailto:qianyue.zj@alibaba-inc.com" target="_blank">qianyue.zj@alibaba-inc.com</a>>; wk <<a href="mailto:wk@gnupg.org" target="_blank">wk@gnupg.org</a>>; gcrypt-devel <<a href="mailto:gcrypt-devel@gnupg.org" target="_blank">gcrypt-devel@gnupg.org</a>></span></div><div style="clear:both"><span style="font-family:Tahoma,Arial,STHeiti,SimSun;font-size:14.0px;color:#000000">主 题:Re: [PATCH] sm3: implement SM3 hash algorithm</span></div><div style="clear:both"><span style="font-family:Tahoma,Arial,STHeiti,SimSun;font-size:14.0px;color:#000000"><br></span></div></div><div class="m_-7039191114796124707m_841827728590537141quoted-text">I think it is unlikely that SM<wbr>3 contains a backdoor.<br><br>It is intended to be used in g<wbr>overnments and mission-critica<wbr>l devices.<br>There is no reason to use some<wbr>thing dangerous (then U.S. can<wbr> break?).<br>And it is generally not that e<wbr>asy to add a backdoor in a sym<wbr>metric<br>algorithm if we obtain randomn<wbr>ess from a physical source.<br><br><br>gcrypt cannot have all new fun<wbr>ctions -- otherwise, why not b<wbr>alloon<br>hashing and scrypt (the latter<wbr> is used in many kinds of<br>cryptocurrency)?<br><br><br><br></div><div class="m_-7039191114796124707m_841827728590537141quoted-text">On Sat, Oct 14, 2017 at 1:16 P<wbr>M, R0b0t1 <<a href="mailto:r030t1@gmail.com" target="_blank">r030t1@gmail.com</a>> w<wbr>rote:<br></div><div class="m_-7039191114796124707m_841827728590537141elided-text">> On Sat, Oct 14, 2017 at 12:0<wbr>5 PM, 张佳(乾越) <<a href="mailto:qianyue.zj@alibaba-inc.com" target="_blank">qianyue.zj@aliba<wbr>ba-inc.com</a>> wrote:<br>>> Hi Werner,<br>>><br>>> This is the review request <wbr>for SM3 hash algorithm. Plz se<wbr>e the commit<br>>> header and patch for more d<wbr>etails.<br>>><br>>> SM3 hash algorithm is alrea<wbr>dy accepted and supported by T<wbr>PM 2.0 spec.<br>>> So it is necessary to imple<wbr>ment this algorithm in a famou<wbr>s open source<br>>> software for checking the d<wbr>igest value computed by TPM.<br>>><br>>> Plz refer to this PR (<a href="https://github.com/gpg/libgcrypt/pull/2" target="_blank">https<wbr>://github.com/gpg/libgcrypt/pu<wbr>ll/2</a>) for code<br>>> review.<br>>><br>>> Thanks,<br>>> Jia<br>>><br>><br>> Jia,<br>><br>> It is my understanding that <wbr>SM3 was not accepted into any <wbr>global TPM<br>> specification and is merely <wbr>mandated for use within China.<br>><br>> My research on SM3 has turne<wbr>d up only one detailed cryptan<wbr>alysis of<br>> the function.[1] That crypta<wbr>nalysis implies that the techn<wbr>iques used<br>> to "strengthen" SM3 do not a<wbr>ccomplish what the creators cl<wbr>aim, and may<br>> even weaken the hash functio<wbr>n when compared to its inspira<wbr>tion, SHA-2.<br>><br>> Less detailed analysis[3] of<wbr> the claims presented by the c<wbr>reators<br>> reflect poorly on their work<wbr>. For starters, none of the te<wbr>chniques<br>> meant to increase the securi<wbr>ty of SM3 are explained. Their<wbr> utility is<br>> unknown, and a cursory glanc<wbr>e shows that in at least one c<wbr>ase a round<br>> operation is simplified. Per<wbr>haps more distressing is the s<wbr>election of<br>> constants with no justificat<wbr>ion.<br>><br>> It seems very likely that th<wbr>e algorithm has undisclosed ba<wbr>ckdoors.<br>><br>> Also pertinent is the existe<wbr>nce of GmSSL,[3] a fork of Ope<wbr>nSSL which<br>> contains various cryptograph<wbr>ic standards developed by the <wbr>Chinese<br>> government that were, presum<wbr>ably, not deemed fit for inclu<wbr>sion in<br>> OpenSSL.<br>><br>> Inclusion of weak cryptograp<wbr>hy in gcrypt would be a disser<wbr>vice to<br>> those users which trust gcry<wbr>pt with their life. I understa<wbr>nd I am not<br>> the person to whom you addre<wbr>ssed your message, nor am I a <wbr>gcrypt<br>> developer, but I felt it nec<wbr>essary to reply to this conver<wbr>sation.<br>><br>> Respectfully,<br>> R0b0t1<br>><br>><br>> [1]: <a href="https://eprint.iacr.org/2012/274.pdf" target="_blank">https://eprint.iacr.org<wbr>/2012/274.pdf</a>, also attached.<br>> [2]: <a href="https://tinycrypt.wordpress.com/2017/02/22/asmcodes-sm3/" target="_blank">https://tinycrypt.wordp<wbr>ress.com/2017/02/22/asmcodes-s<wbr>m3/</a><br>> [3]: <a href="http://gmssl.org/" target="_blank">http://gmssl.org/</a><br>><br></div><div class="m_-7039191114796124707m_841827728590537141quoted-text">> ____________________________<wbr>___________________<br>> Gcrypt-devel mailing list<br>> <a href="mailto:Gcrypt-devel@gnupg.org" target="_blank">Gcrypt-devel@gnupg.org</a><br>> <a href="http://lists.gnupg.org/mailman/listinfo/gcrypt-devel" target="_blank">http://lists.gnupg.org/mailm<wbr>an/listinfo/gcrypt-devel</a><br>><br><br><br><br></div><div class="m_-7039191114796124707m_841827728590537141quoted-text">-- <br><br>Weikeng Chen @ 795 Soda Hall</div></blockquote></div></blockquote></div><br></div></div></div>
</div>