p7zip-project / p7zip

A new p7zip fork with additional codecs and improvements (forked from https://sourceforge.net/projects/sevenzip/ AND https://sourceforge.net/projects/p7zip/).
808 stars 111 forks source link

could you add sm4 crypto method #91

Open l1t1 opened 4 years ago

l1t1 commented 4 years ago

https://github.com/NEWPLAN/SMx/tree/master/SM4/Linux https://github.com/guanzhi/GmSSL/tree/master/crypto/sms4 https://github.com/openssl/openssl/tree/master/crypto/sm4

jinfeihan57 commented 4 years ago

I've been a little busy lately, but any PR is welcome.

ghost commented 3 years ago

SMx is provided by the Chinese government, so by the 2019 cybersecurity law it has mandatory backdoors. So it should never ever be implemented.

jinfeihan57 commented 3 years ago

SMx is provided by the Chinese government, so by the 2019 cybersecurity law it has mandatory backdoors. So it should never ever be implemented.

Can you put a link of this(mandatory backdoors) report?

ghost commented 3 years ago

The "encrypt method law" that passes in 2019:

第二十七条 法律、行政法规和国家有关规定要求使用商用密码进行保护的关键信息基础设施,其运营者应当使用商用密码进行保护,自行或者委托商用密码检测机构开展商用密码应用安全性评估。商用密码应用安全性评估应当与关键信息基础设施安全检测评估、网络安全等级测评制度相衔接,避免重复评估、测评。 关键信息基础设施的运营者采购涉及商用密码的网络产品和服务,可能影响国家安全的,应当按照《中华人民共和国网络安全法》的规定,通过国家网信部门会同国家密码管理部门等有关部门组织的国家安全审查。

jinfeihan57 commented 3 years ago

This encryption algorithm is subject to government control. Am I right?

ghost commented 3 years ago

Yes.

jinfeihan57 commented 3 years ago

ok

l1t1 commented 3 years ago

sm4 is open source like aes.

jinfeihan57 commented 3 years ago

I'm a little confused. I'm not familiar with encryption algorithms, which involve law, security. I'll reopen this issue and wait for more people to comment.

l1t1 commented 3 years ago

openssl impled the smx algo as i post in the top

ghost commented 3 years ago

I have submitted an issue there to remove it.

jinfeihan57 commented 3 years ago

Open source code means that more professional people can check and fix it, so I don't think security is a problem. and No backdoor report was found. So I think it makes sense to have sm4 encryption.

multiSnow commented 3 years ago

Does the original 7z support SM4? If not, it means that archives encrypted in SM4 could not be decrypted by the original 7z, thus it would be incompatible, so SM4 should not be added.

l1t1 commented 3 years ago

rar 4.0 cannot unrar rar 5.0 files

jinfeihan57 commented 3 years ago

rar 4.0 cannot unrar rar 5.0 files

Please open a new issue?

l1t1 commented 3 years ago

rar 4.0 cannot unrar rar 5.0 files

Please open a new issue?

i did not test rar, i only say that p7zip need not compatible with 7z.

jinfeihan57 commented 3 years ago

@l1t1 Sorry, I misread. About the compatible I agree with you. A higher version needs to be compatible with a lower version, and a lower version does not need to be compatible with a lower version.

multiSnow commented 3 years ago

DOC/Methods.txt in the 7z1900-src:

06.. - Crypto 

   F0 - Ciphers without hashing algo

      01 - [AES]
         0x - AES-128
         4x - AES-192
         8x - AES-256
         Cx - AES

         x0 - ECB
         x1 - CBC
         x2 - CFB
         x3 - OFB
         x4 - CTR

   F1 - Combine Ciphers

      01 - [Zip]
         01 - ZipCrypto (Main Zip crypto algo)

      03 - [RAR]
         02 - 
         03 - Rar29AES (AES-128 + modified SHA-1)

      07 - [7z]
         01 - 7zAES (AES-256 + SHA-256)

No SM4 ID defined. It means that archives encrypted with SM4 is not a 'standard 7z archive'. So, you will create something that is NOT a port of 7-zip, or, as said in DOC/Methods.txt:

If you want to add some new ID, you have two ways:
  1) Write request for allocating IDs to 7-Zip developers.
  2) Generate 8-bytes ID:

    3F ZZ ZZ ZZ ZZ ZZ MM MM 

    3F              - Prefix for random IDs (1 byte)
    ZZ ZZ ZZ ZZ ZZ  - Developer ID (5 bytes). Use real random bytes. 

    MM MM           - Method ID (2 bytes)

    You can notify 7-Zip developers about your Developer ID / Method ID.

    Note: Use new ID, if old codec can not decode data encoded with new version.
multiSnow commented 3 years ago

rar4.0 could not read rar5.0 format, but rar5.0 could read rar4.0 format. the 7-zip is 19.00, and p7zip here is still... 17.03

So 7-zip should correctly read any archive that is created by p7zip, even if encrypted in SM4, right?

jinfeihan57 commented 3 years ago

@multiSnow Don't worry about that. Before Add the sm4,I will talk to the author of 7zip and the author of 7zip-zs.Make sure it works fine.