Re: [PATCH 1/2] crypto: sm3 - add a new alias name sm3-256

From: James Bottomley
Date: Mon Feb 10 2020 - 11:39:43 EST


On Mon, 2020-02-10 at 11:30 -0500, Ken Goldman wrote:
> On 2/9/2020 10:17 PM, Eric Biggers wrote:
> > According to https://tools.ietf.org/id/draft-oscca-cfrg-sm3-01.html
> > ,
> > SM3 always produces a 256-bit hash value. E.g., it says:
> >
> > "SM3 produces an output hash value of 256 bits long"
> >
> > and
> >
> > "SM3 is a hash function that generates a 256-bit hash value."
> >
> > I don't see any mention of "SM3-256".
> >
> > So why not just keep it as "sm3" and change hash_info.c instead?
> > Since the name there is currently wrong, no one can be using it
> > yet.
>
> Question: Is 256 bits fundamental to SM3?

No.

> Could there ever be a
> variant in the future that's e.g., 512 bits?

Yes, SM3 like SHA-3 is based on a 512 bit input blocks. However,
what's left of the standard:

https://www.ietf.org/archive/id/draft-sca-cfrg-sm3-02.txt

Currently only defines a 256 output (via compression from the final 512
bit output). In theory, like SHA-3, SM3 could support 384 and 512
output variants. However, there's no evidence anyone is working on
adding this.

James