Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for SM3 #316

Open
zzl360 opened this issue Jul 19, 2022 · 6 comments
Open

Add support for SM3 #316

zzl360 opened this issue Jul 19, 2022 · 6 comments

Comments

@zzl360
Copy link

zzl360 commented Jul 19, 2022

Description

SM3 is a fast software friendly hash function.

I would like to add it to as an optional part of the webcrypto API.

Spec

it can be found here:

Tests

There is an extensive test vector list available here http://c.gb688.cn/bzgk/gb/showGb?type=online&hcno=45B1A67F20F3BF339211C391E9278F5E

Support

It is already supported into many cryptographic libraries like openssl、linux kernel, and implementing it is really easy, so it shouldn't be lots of work to implement for vendors.

Reasons SM3 is a usefull hash function

  • In China, some important system which used in important industries like financial、power and govnetment must use Chinese National Standard like SM3.

  • There is also a Chinese Crypto Standard GM/T 0087-2020 Browser cryptography API specification, add Chinese National Standard like SM2、SM3、SM4 to webcrypto API.

JS API

Using it would be similar to the current SHA extension.
Consumers would call crypto.subtle.digest with the name, data and optionally the key and get returned a promise, that when resolved would return the digest body.

Name and variants

SM3
• there only one size 256 defined in ISO/IEC 10118-3:2018,so it don’t need to named as SM3-256.

Return value

An ArrayBuffer containing the resulting digest, and sized matching the size parameter.

Usage example

function buf2hex(b) { return [...new Uint8Array(b)].map(x => x.toString(16).padStart(2, '0')).join('') }

const body = new TextEncoder("utf-8").encode("abc")
const h1 = crypto.subtle.digest("SM3", body)

console.log(buf2hex(await h1)) // 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0

Implementation interest

I am a employee of 360 Technology Co., Ltd. which is member of W3C. as a Chinese company, 360 secure browser which is a popular browser in China had implemented GM/T 0087 as above described. we want to add Chinese National Standard to webcrypto API. I can draft a spec PR and make a W3C's testsuite friendly version if reception seems positive.
I'm also interested into implementing this into the major engines.
@twiss
Copy link
Member

twiss commented Jul 19, 2022

Hello 👋 Thanks for the detailed proposal. To be perfectly honest, I personally don't expect much interest from the other vendors in implementing this, as there's no RFC for SM3, it's not part of TLS, and I don't think there's much developer interest (but feel free to prove me wrong on that point). Nevertheless, the process for attempting to standardize this would be the same as I've written elsewhere, it is outlined in #280 (comment).

@zzl360
Copy link
Author

zzl360 commented Jul 19, 2022

thanks for replying.
I will add more information below.

  • there is a Informational RFC8998 called ShangMi (SM) Cipher Suites for TLS 1.3 defined TLS 1.3 ciphersuites(TLS_SM4_GCM_SM3 and TLS_SM4_CCM_SM3) which use SM3 as hash function. and there is also a Chinese National Standard GB/T 38636-2020 Information security technology-Transport layer cryptography protocol(TLCP) which defined some ciphersuites like ECDHE_SM4_CBC_SM3 and ECDHE_SM4_GCM_SM3 which used SM3 as hash funciton.
  • as described in RFC8998 1,1, SM3 has already been accepted by ISO in ISO/IEC 10118-3:2018 [[ISO-SM3]] and has also been described by [GBT.32905-2016].
  • In China ,360 and Beijing Haitai Fangyuan Technologies Co,.Ltd.(both are W3C members) and some other browser vendors have implentmented ciphersuites defined in GB/T 38636-2020.360 has implentment RFC8998. as they all have implentmented ciphersuites which used SM3 as hash function,so they implement SM3 in webcrypto API will so easy.

@twiss
Copy link
Member

twiss commented Jul 19, 2022

Ah, I see. Alright, thanks for the additional details 👍

@zzl360
Copy link
Author

zzl360 commented Aug 4, 2022

what shold I do next step?
should I join WebAppSec Working Group right now?

@twiss
Copy link
Member

twiss commented Aug 8, 2022

Not necessarily, the first step is to discuss it in the Web Incubator Community Group, as explained in #280 (comment).

@zzl360
Copy link
Author

zzl360 commented Dec 21, 2022

@twiss
hi, any process right now?
or how can I have any update news? Could I join some mailing lists to get any news?

@xfq xfq mentioned this issue Feb 1, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@twiss @zzl360