Internet DRAFT - draft-liu-sm-for-openpgp
draft-liu-sm-for-openpgp
Internet Engineering Task Force Y. Liu
Internet Draft Z. Li
Intended status: Experimental J. Chen
Expires: August 24 2023 X. Fan
China Academy of Information and Communications Technology
February 24, 2023
ShangMi(SM) Cipher for OpenPGP
draft-liu-sm-for-openpgp-00
Abstract
This document introduces the Shang Mi(SM) cryptographic algorithm
for openpgp protocol.
Status of this Memo
Internet-Drafts are working documents of the Internet Engineering
Task
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 24, 2023.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Liu, et al. Expires August 24, 2023 [Page 1]
�
Internet-Draft ShangMi(SM) Cipher for OpenPGP February 2023
Table of Contents
1. Introduction...................................................2
1.1. The SM Algorithms.........................................2
1.2. Terminology...............................................3
2. Supported Public Key Algorithm: SM2............................3
2.1. Point Format..............................................3
2.2. Curve OID.................................................3
2.3. Key Algorithms id.........................................3
3. Supported Symmetric-Key Algorithm: SM4.........................4
4. Supported Hash Algorithm: SM3..................................4
4.1. Algorithm ID..............................................4
4.2. Hash OID..................................................5
5. IANA Considerations............................................5
6. Security Considerations........................................5
7. References.....................................................5
7.1. Normative References......................................5
7.2. Informative References....................................6
8. Acknowledgments................................................7
1. Introduction
The OpenPGP specification in [RFC4880] defines the RSA, Elgamal, and
DSA public key algorithms. [RFC6637] adds support for Elliptic
Curve Cryptography and specifies the ECDSA and ECDH algorithms.
This document specifies how to use the SM cryptographic algorithms
with the OpenPGP standard. The IETF has not recommended the use of
the cryptographic algorithms defined in this daft. The SM algorithms
are becoming mandatory in China, so this document provides a
description of how to use them in OpenPGP.
1.1. The SM Algorithms
This document describes several different SMs cryptographic
algorithms, including SM2 for authentication, SM4 for encryption,
and SM3 as the hash function.
SM2 is a suite of cryptographic algorithms based on elliptic curve
cryptography, including a digital signature, public key encryption
and key exchange scheme. This document only deals with the SM2
digital signature algorithm and public key encryption algorithm
that have been added to ISO/IEC 14888-3:2018 [ISO-
SM2] add [GBT.32918.2-2016]). SM4 is a block cipher algorithm
defined in [GBT.32907-2016] and now is being standardized by ISO to
ISO/IEC 18033-3:2010 [ISO-SM4]. SM3 is a hash function that outputs
Liu, et al. Expires August 24, 2023 [Page 2]
�
Internet-Draft ShangMi(SM) Cipher for OpenPGP February 2023
256 bits. SM3 has already listed in ISO/IEC 10118-3:2018 [ISO-
SM3] and has also been described by [GBT.32905-2016].
1.2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. Supported Public Key Algorithm: SM2
2.1. Point Format
This document only defines the uncompressed point format. The point
is encoded in the Multiprecision Integer (MPI) format [RFC4880].
The content of the MPI is the following:
B = 04 || x || y
where x and y are coordinates of the point P = (x, y), each encoded
in the big-endian format and zero-padded to the adjusted underlying
field size. The adjusted underlying field size is the underlying
field size that is rounded up to the nearest 8-bit boundary.
Therefore, the exact size of the MPI payload is 515 bits for
"P256V1Curve" used in sm2.
2.2. Curve OID
The SM2 key parameter curve OID is an array of octets that defines a
named curve. The table below specifies the exact sequence of bytes
for each named curve referenced in this document:
+---------------------+------+------------------------+----------+
| OID | Len | Encoding in hex format | Name |
+----------------------+------+------------------------+----------+
| 1.2.156.10197.1.301 | 8 | 2a 81 1c cf 55 01 82 2d| Sm2p256v1|
| | | | |
+----------------------+------+------------------------+----------+
2.3. Key Algorithms id
The following public key algorithm IDs are added to expand Section
9.1 of [RFC4880], "Public-Key Algorithms":
Liu, et al. Expires August 24, 2023 [Page 2]
�
Internet-Draft ShangMi(SM) Cipher for OpenPGP February 2023
ID Description of Algorithm
-- --------------------------
TID1 SM2 public key algorithm
3. Supported Symmetric-Key Algorithm: SM4
SM4 is a 128-bit symmetric block cipher (the same as AES and Twofish
in OpenPGP) that supports 128-bit. This document defines the use of
SM4 in OpenPGP.
+---------------------+----------------------------------------+
| SM4 Key Length | OpenPGP Symmetric-Key Algorithm Number |
+---------------------+----------------------------------------+
| 128 | TID2 |
+---------------------+----------------------------------------+
OpenPGP applications MAY implement SM4. If implemented, SM4 may be
used in any place in OpenPGP where a symmetric cipher is usable, and
it is subject to the same usage requirements (such as its presence
in the Preferred Symmetric Algorithms signature subpacket) as the
other symmetric ciphers in OpenPGP.
While the OpenPGP algorithm preferences system prevents
interoperability problems with public key encrypted messages, if SM4
(or any other optional cipher) is used for encrypting private keys,
there could be interoperability problems when migrating a private
key from one system to another. A similar issue can arise when
using an optional cipher for symmetrically encrypted messages, as
this OpenPGP message type does not use the algorithm preferences
system. Those using optional ciphers in this manner should take
care they are using a cipher that their intended recipient can
decrypt.
4. Supported Hash Algorithm: SM3
For a message m with length l ( l<2^64 ), SM3 hash algorithm
generates a 256-bit hash value after padding and iterative
compression.
4.1. Algorithm ID
The following algorithm ID is added to expand section 9.4 of
[RFC4880], " Hash Algorithms":
ID Algorithm Text Name
-- --------- ---------
TID3 SM3[ISO-SM3] "SM3"
Liu, et al. Expires August 24, 2023 [Page 2]
�
Internet-Draft ShangMi(SM) Cipher for OpenPGP February 2023
4.2. Hash OID
The table below specifies the exact sequence of bytes for the sm3
hash OID:
+------------------------+------+------------------------+------+
| OID | Len | Encoding in hex format | Name |
+------------------------+------+------------------------+------+
| 1.2.156.10197.1.401 | 8 | 2a 81 1c cf 55 01 83 11| sm3 |
| | | | |
+------------------------+------+------------------------+------+
5. IANA Considerations
IANA is requested to assign an algorithm number from the OpenPGP
Public-Key Algorithms range(See section 2),a symmetric-key algorithm
number from openPGP Symmetric-key Algorithm range(section 3),an hash
Algorithm id from OpenPGP hash Algorithm range(section 4).
+-------+-----------------------------+------------+
| ID | Algorithm | Reference |
+-------+-----------------------------+------------+
| TID1 | SM2 public key algorithm | This doc |
+-------+-----------------------------+------------+
| TID2 | SM4 symmetric-key algorithm | This doc |
+-------+-----------------------------+------------+
| TID3 | SM3 hash algorithm | This doc |
6. Security Considerations
At the time of writing, there are no known weak keys for SM
cryptographic algorithms SM2, SM3 and SM4, and no security issues
have been found for these algorithms.
7. References
7.1. Normative References
[ISO-SM2] International Organization for
Standardization, "ITSecurity techniques -- Digital signatures with
appendix -- Part 3: Discrete logarithm based mechanisms", ISO/IEC
14888-3:2018, November 2018,
<https://www.iso.org/standard/76382.html>.
[ISO-SM3] International Organization for Standardization, "IT
Security techniques -- Hash-functions -- Part 3: Dedicated hash-
Liu, et al. Expires August 24, 2023 [Page 2]
�
Internet-Draft ShangMi(SM) Cipher for OpenPGP February 2023
functions", ISO/IEC 10118-3:2018, October
2018, <https://www.iso.org/standard/67116.html>.
[ISO-SM4] International Organization for
Standardization, "Information technology -- Security techniques --
Encryption algorithms -- Part 3: Block ciphers", ISO/IEC 18033-
3:2010, December 2010, <https://www.iso.org/standard/54531.html>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March
1997, <https://www.rfc-editor.org/info/rfc2119>.
[RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R.
Thayer, "OpenPGP Message Format", RFC 4880, November 2007.
[RFC6637] Jivsov, A., "Elliptic Curve Cryptography (ECC) in
OpenPGP", RFC 6637, June 2012.
7.2. Informative References
[GBT.32905-2016] Standardization Administration of
China, "Information security technology --- SM3 cryptographic hash
algorithm", GB/T 32905-2016, March 2017,
<http://www.gmbz.org.cn/upload/2018-07-24/1532401392982079739.pdf>.
[GBT.32907-2016] Standardization Administration of the People's
Republic of China, "Information security technology -- SM4 block
cipher algorithm", GB/T 32907-2016, March 2017,
<http://www.gmbz.org.cn/upload/2018-04-04/1522788048733065051.pdf>.
[GBT.32918.2-2016] Standardization Administration of the People's
Republic of China, "Information security technology --- Public key
cryptographic algorithm SM2 based on elliptic curves --- Part 2:
Digital signature algorithm", GB/T 32918.2-2016, March 2017,
<http://www.gmbz.org.cn/upload/2018-07-24/1532401673138056311.pdf>.
Liu, et al. Expires August 24, 2023 [Page 2]
�
Internet-Draft ShangMi(SM) Cipher for OpenPGP February 2023
8. Acknowledgments
This document reference draft [draft-ietf-regext-data-escrow-03],
thus, would like to thank the draft author G. Lozano. And would like
to thank X. Fan, J. Chen, C. Ma, M. Chen, Z. Li who provided special
important suggestions and invaluable comments. This document was
prepared using 2-Word-v2.0.template.dot.
Authors' Addresses
Yao Liu
CAICT
No.52 Huayuan North Road, Haidian District
Beijing, Beijing, 100191
China
Phone: +86 136 8310 4106
Email: liuyao1@caict.ac.cn
Zhiping Li
CAICT
No.52 Huayuan North Road, Haidian District
Beijing, Beijing, 100191
China
Phone: +86 185 1107 1386
Email: lizhiping@caict.ac.cn
Jian Chen
CAICT
No.52 Huayuan North Road, Haidian District
Beijing, Beijing, 100191
China
Phone: +86 138 1103 3332
Email: chenjian3@caict.ac.cn
Liu, et al. Expires August 24, 2023 [Page 2]
�
Internet-Draft ShangMi(SM) Cipher for OpenPGP February 2023
Xiaotian Fan
CAICT
No.52 Huayuan North Road, Haidian District
Beijing, Beijing, 100191
China
Phone: +86 134 0108 6945
Email: fanxiaotian@caict.ac.cn
Liu, et al. Expires August 24, 2023 [Page 2]
�
