search

w3c / webcrypto

The W3C Web Cryptography API
https://w3c.github.io/webcrypto/
Other
266 stars 53 forks source link

Add support for SM3 #316

Open zzl360 opened 2 years ago

zzl360 commented 2 years ago

Description

SM3 is a fast software friendly hash function.

I would like to add it to as an optional part of the webcrypto API.

Spec

it can be found here:

Tests

There is an extensive test vector list available here http://c.gb688.cn/bzgk/gb/showGb?type=online&hcno=45B1A67F20F3BF339211C391E9278F5E

Support

It is already supported into many cryptographic libraries like openssl、linux kernel, and implementing it is really easy, so it shouldn't be lots of work to implement for vendors.

Reasons SM3 is a usefull hash function

JS API

Using it would be similar to the current SHA extension. Consumers would call crypto.subtle.digest with the name, data and optionally the key and get returned a promise, that when resolved would return the digest body.

Name and variants

SM3 • there only one size 256 defined in ISO/IEC 10118-3:2018,so it don’t need to named as SM3-256.

Return value

An ArrayBuffer containing the resulting digest, and sized matching the size parameter.

Usage example

function buf2hex(b) { return [...new Uint8Array(b)].map(x => x.toString(16).padStart(2, '0')).join('') }

const body = new TextEncoder("utf-8").encode("abc")
const h1 = crypto.subtle.digest("SM3", body)

console.log(buf2hex(await h1)) // 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0

Implementation interest

I am a employee of 360 Technology Co., Ltd. which is member of W3C. as a Chinese company, 360 secure browser which is a popular browser in China had implemented GM/T 0087 as above described. we want to add Chinese National Standard to webcrypto API. I can draft a spec PR and make a W3C's testsuite friendly version if reception seems positive. I'm also interested into implementing this into the major engines.

twiss commented 2 years ago

Hello :wave: Thanks for the detailed proposal. To be perfectly honest, I personally don't expect much interest from the other vendors in implementing this, as there's no RFC for SM3, it's not part of TLS, and I don't think there's much developer interest (but feel free to prove me wrong on that point). Nevertheless, the process for attempting to standardize this would be the same as I've written elsewhere, it is outlined in https://github.com/w3c/webcrypto/issues/280#issuecomment-1151509624.

zzl360 commented 2 years ago

thanks for replying. I will add more information below.

twiss commented 2 years ago

Ah, I see. Alright, thanks for the additional details :+1:

zzl360 commented 2 years ago

what shold I do next step? should I join WebAppSec Working Group right now?

twiss commented 2 years ago

Not necessarily, the first step is to discuss it in the Web Incubator Community Group, as explained in https://github.com/w3c/webcrypto/issues/280#issuecomment-1151509624.

zzl360 commented 1 year ago

@twiss hi, any process right now? or how can I have any update news? Could I join some mailing lists to get any news?