On Mon, 2020-02-10 at 17:01 +0000, Van Leeuwen, Pascal wrote: > > -----Original Message----- > > From: linux-crypto-owner@xxxxxxxxxxxxxxx <linux-crypto-owner@xxxxxxxxxxxxxxx> On Behalf Of James Bottomley > > Sent: Monday, February 10, 2020 5:40 PM > > To: Ken Goldman <kgold@xxxxxxxxxxxxx>; Eric Biggers <ebiggers@xxxxxxxxxx>; Tianjia Zhang <tianjia.zhang@xxxxxxxxxxxxxxxxx> > > Cc: herbert@xxxxxxxxxxxxxxxxxxx; davem@xxxxxxxxxxxxx; zohar@xxxxxxxxxxxxx; dmitry.kasatkin@xxxxxxxxx; jmorris@xxxxxxxxx; > > serge@xxxxxxxxxx; linux-crypto@xxxxxxxxxxxxxxx; linux-integrity@xxxxxxxxxxxxxxx; linux-security-module@xxxxxxxxxxxxxxx; linux- > > kernel@xxxxxxxxxxxxxxx > > Subject: Re: [PATCH 1/2] crypto: sm3 - add a new alias name sm3-256 > > > > <<< External Email >>> > > CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the > > sender/sender address and know the content is safe. > > > > > > On Mon, 2020-02-10 at 11:30 -0500, Ken Goldman wrote: > > > On 2/9/2020 10:17 PM, Eric Biggers wrote: > > > > According to https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fid%2Fdraft-oscca-cfrg-sm3- > > 01.html&data=01%7C01%7Cpvanleeuwen%40verimatrix.com%7C3a51d0c133dd4b00fd9a08d7ae47d6d6%7Cdcb260f9022d449586 > > 02eae51035a0d0%7C0&sdata=0nQ6tWMdVR5uB0MTCgdMXiOmkvTvGEKDTLcMXdzyZpg%3D&reserved=0 > > > > , > > > > SM3 always produces a 256-bit hash value. E.g., it says: > > > > > > > > "SM3 produces an output hash value of 256 bits long" > > > > > > > > and > > > > > > > > "SM3 is a hash function that generates a 256-bit hash value." > > > > > > > > I don't see any mention of "SM3-256". > > > > > > > > So why not just keep it as "sm3" and change hash_info.c instead? > > > > Since the name there is currently wrong, no one can be using it > > > > yet. > > > > > > Question: Is 256 bits fundamental to SM3? > > > > No. > > > Well, the current specification surely doesn't define anything else and is > already over a decade old. So what would be the odds that they add a > different blocksize variant _now_ AND still call that SM3-something? > > > > Could there ever be a > > > variant in the future that's e.g., 512 bits? > > > > Yes, SM3 like SHA-3 is based on a 512 bit input blocks. However, > > what's left of the standard: > > > SM3 is based on 512 bit input blocks, like _SHA-2_. > The SHA-3 variants use block sizes between 576 and 1152 bits, > depending on the output (digest) size. > > The -xxx is referring to output (digest) size, not block size by the way. > And SHA-3 is indeed defined for 512 bit output size, amongst others. > > > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-sca-cfrg-sm3- > > 02.txt&data=01%7C01%7Cpvanleeuwen%40verimatrix.com%7C3a51d0c133dd4b00fd9a08d7ae47d6d6%7Cdcb260f9022d44958602 > > eae51035a0d0%7C0&sdata=9pfgM0bG%2Bp0zUavsknwn9vquWqPsqzPENV2okmgCOqE%3D&reserved=0 > > > > Currently only defines a 256 output (via compression from the final 512 > > bit output). > > > Yes. Although that is not the original (Chinese) specification. > > > In theory, like SHA-3, SM3 could support 384 and 512 > > output variants. However, there's no evidence anyone is working on > > adding this. > > > Hmm ... not without changing the word width (as for SHA-512) and/or > increasing the number of rounds plus other tweaking, I would say. > It's not as straightforward as you are suggesting (crypto rarely is). > I would even go as far as saying that is highly unlikely to happen. So in terms of this discussion, does this mean you don't see a problem with renaming "sm3-256" to "sm3" in crypto/hash_info.c? If that's the case, please add your Reviewed-by tag to the 1/2. thanks, Mimi
