Re: About Chinese crypto-algorithms

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: About Chinese crypto-algorithms

Steve Marquess-4
On 09/27/2016 02:36 AM, robin wrote:

>
> Hi there,
> Is there possible to support Chinese cryptographic algorithms in OpenSSL project main branch in the future ?
>
> China authorities have been published their own cryptographic algorithms standard  years ago,like Ecc based SM2, hash SM3, symmetric algorithm SM4 etc.
>
> Many companies, both Chinese and foreign, could not get a well-designed crypto lib like OpenSSL did for aes and other FIPS 140-2 complied products.
>
> We still believe a unified cryptographic algorithms implemented by open source especially be in OpenSSL was the best choice for both community's and marketing's, and Chinese companies would be happy to participate in this.
>
> If there is still worth time to discuss this issue  I would be ready to contribute source code and other advices.
>
> Sincerely.
>
> Arcueid
>

Are technical specifications for these algorithms available in English?
That would be at least one essential prerequisite.

In the past we have declined the opportunity to implement some
nation-specific algorithms because of the lack of English documentation.
Even though most of us are not native English speakers, English is our
lingua franca.

-Steve M.

--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
[hidden email]
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: About Chinese crypto-algorithms

Steve Marquess-4
On 09/27/2016 11:24 AM, robin wrote:

> Thanks for your reply Marquess. I understand English documents are
> essential factor to start, and I certainly sure it is not A problem
> to translate these kinds of published standard to English version if
> there's no other unclear reasons.
>
> In the past, we have several cryptographic algorithms implement in
> different platforms and obviously can contribute to community as a
> reference including test samples.
>
> If possible, an English copy of standard would be a good start for
> this work?
>
> It will be great to hear your further information.
>

Is there currently any documentation at all on these Chinese algorithms?
I'm certainly curious, and I'm sure others in the OpenSSL community will be.

I've had some limited experiences with translations of technical
standards, and from that I know those are the hardest translations of
all. It may well take a lot more manpower to generate quality
translations than to code implementations.

Please keep in mind that the technical documentation is a necessary
prerequisite but not necessarily sufficient. The nature of the
algorithms may be uninteresting (we've declined to accept/implement some
algorithms we judged to be of insufficient virtue or utility, even for
pay). We can be very picky about code contributions too, as any code
added to OpenSSL has to work across a huge spectrum of platforms and be
maintainable for the long haul. We may also not have the resources to
tackle something that would otherwise be of interest (we have a back
catalog of nice-to-have cryptography waiting for a rainy day).

-Steve M.

--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
[hidden email]
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: About Chinese crypto-algorithms

Salz, Rich
> Is there currently any documentation at all on these Chinese algorithms?
> I'm certainly curious, and I'm sure others in the OpenSSL community will be.

Also, please know that we are already looking at several large projects (TLS 1.3, FIPS, etc).  In my personal opinion, I would be surprised if anyone on the team had a lot of time to spend on this.  We have already turned down Camellia-GCM, for example.

An English specification, test vectors, and a complete implementation as a Pull Request are the most likely ways for it to happen.  Even better would be to implement it as a separate ENGINE, like Gost is.  Then we only need to reserve a few #define's for you.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: About Chinese crypto-algorithms

Dr Paul Dale
There are a couple of draft standards available:

SM2 DSA: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
SM3 Hash: https://tools.ietf.org/html/draft-shen-sm3-hash-01

Neither of these two looks like it would be difficult to implement.

I've not located English versions of the other algorithms but I haven't looked too deeply.


Pauli

--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia


-----Original Message-----
From: Salz, Rich [mailto:[hidden email]]
Sent: Wednesday, 28 September 2016 2:26 AM
To: [hidden email]; robin <[hidden email]>
Subject: Re: [openssl-dev] About Chinese crypto-algorithms

> Is there currently any documentation at all on these Chinese algorithms?
> I'm certainly curious, and I'm sure others in the OpenSSL community will be.

Also, please know that we are already looking at several large projects (TLS 1.3, FIPS, etc).  In my personal opinion, I would be surprised if anyone on the team had a lot of time to spend on this.  We have already turned down Camellia-GCM, for example.

An English specification, test vectors, and a complete implementation as a Pull Request are the most likely ways for it to happen.  Even better would be to implement it as a separate ENGINE, like Gost is.  Then we only need to reserve a few #define's for you.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: About Chinese crypto-algorithms

Joey Yandle-2

This looks like an interesting project.  I'd be willing to take a stab at it.

I did notice the following while reading the doc:

The sm2 digital signature algorithm requires random number generators approved by by Chinese Commercial Cryptography Administration Office.

Preliminary googling was not helpful, I may have to email the author for clarification.

Cheers,

Joey


On Sep 27, 2016 3:32 PM, "Paul Dale" <[hidden email]> wrote:
There are a couple of draft standards available:

SM2 DSA: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
SM3 Hash: https://tools.ietf.org/html/draft-shen-sm3-hash-01

Neither of these two looks like it would be difficult to implement.

I've not located English versions of the other algorithms but I haven't looked too deeply.


Pauli

--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone <a href="tel:%2B61%207%203031%207217" value="+61730317217">+61 7 3031 7217
Oracle Australia


-----Original Message-----
From: Salz, Rich [mailto:[hidden email]]
Sent: Wednesday, 28 September 2016 2:26 AM
To: [hidden email]; robin <[hidden email]>
Subject: Re: [openssl-dev] About Chinese crypto-algorithms

> Is there currently any documentation at all on these Chinese algorithms?
> I'm certainly curious, and I'm sure others in the OpenSSL community will be.

Also, please know that we are already looking at several large projects (TLS 1.3, FIPS, etc).  In my personal opinion, I would be surprised if anyone on the team had a lot of time to spend on this.  We have already turned down Camellia-GCM, for example.

An English specification, test vectors, and a complete implementation as a Pull Request are the most likely ways for it to happen.  Even better would be to implement it as a separate ENGINE, like Gost is.  Then we only need to reserve a few #define's for you.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: About Chinese crypto-algorithms

Salz, Rich
In reply to this post by Dr Paul Dale

> Neither of these two looks like it would be difficult to implement.

Again, I strongly recommend that if anyone works on this, they do it as an externally-provided ENGINE, like GOST.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: About Chinese crypto-algorithms

Salz, Rich
In reply to this post by Salz, Rich
(I subscribed you to openssl-dev; I hope it works.)

ISO standards are “pay to play.”  That is, any member organization can get something as an ISO standard with not much effort. :)

>> "I strongly recommend that if anyone works on this, they do it as an externally-provided ENGINE, like GOST. "
>    Again, I'm sorry I have not a clear notion about the difference between build-in approach, and certainly we will take this if necessary.

>> "We may also not have the resources to tackle something that would otherwise be of interest (we have a back catalog of nice-to-have cryptography waiting for a rainy day)"
>    We certainly respect policy within community and be willing to participate in this if possible in all aspects.

You will have to learn how to write an ENGINE.  It is possible; Dmitry did it for GOST (look in the mailing list archives, https://mta.openssl.org, for some details; also maybe the Git log.  Also maybe he'll reply to this post :)  Richard Levitte has started a blog series on writing an ENGINE, see https://www.openssl.org/blog/blog/categories/engine-corner/ 

We want to make it easier to add new crypto via ENGINES.  Each time someone does it, we learn more about what's needed, the documentation gets (a little) better, and so on.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: About Chinese crypto-algorithms

Dmitry Belyavsky-3
Hello Robin,

On Wed, Sep 28, 2016 at 3:44 PM, Salz, Rich <[hidden email]> wrote:
(I subscribed you to openssl-dev; I hope it works.)

ISO standards are “pay to play.”  That is, any member organization can get something as an ISO standard with not much effort. :)

>> "I strongly recommend that if anyone works on this, they do it as an externally-provided ENGINE, like GOST. "
>    Again, I'm sorry I have not a clear notion about the difference between build-in approach, and certainly we will take this if necessary.

>> "We may also not have the resources to tackle something that would otherwise be of interest (we have a back catalog of nice-to-have cryptography waiting for a rainy day)"
>    We certainly respect policy within community and be willing to participate in this if possible in all aspects.

You will have to learn how to write an ENGINE.  It is possible; Dmitry did it for GOST (look in the mailing list archives, https://mta.openssl.org, for some details; also maybe the Git log.  Also maybe he'll reply to this post :)  Richard Levitte has started a blog series on writing an ENGINE, see https://www.openssl.org/blog/blog/categories/engine-corner/

Sure. I'll be glad to assist. 
 

We want to make it easier to add new crypto via ENGINES.  Each time someone does it, we learn more about what's needed, the documentation gets (a little) better, and so on.


The best solution will be providing a skeleton engine (with a skeleton Makefile example).


--
SY, Dmitry Belyavsky

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev