Re: [TLS] Draft for SM cipher suites used in TLS1.3

"Paul Yang" <kaishen.yy@alipay.com> Thu, 15 August 2019 17:38 UTC

Return-Path: <kaishen.yy@alipay.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C50B81200C3 for <tls@ietfa.amsl.com>; Thu, 15 Aug 2019 10:38:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alipay.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id apPJY4AlHiEs for <tls@ietfa.amsl.com>; Thu, 15 Aug 2019 10:38:21 -0700 (PDT)
Received: from out0-137.mail.aliyun.com (out0-137.mail.aliyun.com [140.205.0.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD4121200BA for <tls@ietf.org>; Thu, 15 Aug 2019 10:38:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alipay.com; s=default; t=1565890697; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; bh=aXM0VvOmXj+Qyeaz4YNCAdGa5WZhF2wPISNeUqOOzGY=; b=VTiw2bd0gIYxhlvX5/oQp8yLfmt9vHCFcL3Q9ICKsZf51IOhPsMDjVC9enUssMqcne5uVThNbNiWE8pap2/b3YseJa7EMIi6PY9fSTfN/YHAoz20Ba049nl1J1EkcSFqFre5cLynp7Yf6WmbO6orRvlr1HDGhJZFIQYFOgMx7r8=
X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R181e4; CH=green; DM=||false|; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e01l07423; MF=kaishen.yy@alipay.com; NM=1; PH=DS; RN=3; SR=0; TI=SMTPD_---.FChyfC6_1565890692;
Received: from 30.39.171.225(mailfrom:kaishen.yy@alipay.com fp:SMTPD_---.FChyfC6_1565890692) by smtp.aliyun-inc.com(127.0.0.1); Fri, 16 Aug 2019 01:38:15 +0800
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Paul Yang <kaishen.yy@alipay.com>
In-Reply-To: <d63962d0-ab4f-65b1-70a2-66c268eee021@gmail.com>
Date: Fri, 16 Aug 2019 01:38:15 +0800
Cc: Paul Yang <kaishen.yy@antfin.com>, TLS List <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D7141A01-68CE-4FC5-804A-3D9763184B9E@alipay.com>
References: <2145119c-0942-4b38-bc58-eb8d6e018a1f.kaishen.yy@antfin.com> <d63962d0-ab4f-65b1-70a2-66c268eee021@gmail.com>
To: Rene Struik <rstruik.ext@gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/GE4V9xsENmDQ0UVvjuoI87cfiM4>
Subject: Re: [TLS] Draft for SM cipher suites used in TLS1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Aug 2019 03:40:41 -0000

Hi Rene:

Thanks a lot for the comment.

> On Aug 15, 2019, at 11:34 PM, Rene Struik <rstruik.ext@gmail.com> wrote:
> 
> Hi Paul:
> 
> I tried and look up the documents GMT.0009-2012 and GBT.32918.5-2016 on the (non-secured) websites you referenced, but only found Chinese versions (and Chinese website navigation panels [pardon my poor language skills here]). Since the ISO documents are not available to the general public without payment, it would be helpful to have a freely available document (in English) from an authoritative source. Having such a reference available would be helpful to the IETF community (and researchers). Please note that BSI provides its specifications in German and English, so as to foster use/study by the community. If the Chinese national algorithms would be available in similar form, this would serve a similar purpose.

We also struggled with what references to use when this draft was being written. As far as I know, there are not many official English translations for the SM algorithms freely available online. But there are some not that ‘official’ expired I-Ds posted to CFRG, they are all well organized and accurate documents on SM algorithms. Here is a list of them:

SM2: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
SM3: https://tools.ietf.org/html/draft-sca-cfrg-sm3-02
SM4: https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10 (No AEAD mode)

When OpenSSL (and maybe BouncyCastle) started to accept these algorithms, the above drafts were mainly referenced. Unfotuantely I can’t find translation for GMT.0009-2012 online at current stage.

So if you want to take a quick glance on how the algorithms are designed, the above links could be used. Meanwhile, we are now seeking official translations as well, will update the draft if we find any.

> 
> FYI - I am interested in full details and some time last year I tried to download specs, but only Parts 2, 4, and 5 were available [1], [2], [3], not Parts 1 and 3.

Part 1 is the generic information mainly on elliptic curve and Part 3 describes a key exchange scheme by using SM2 (including shared key derivation scheme). Actually Part 2 (the [2]) describes SM2 in ISO/IEC 14888-3:2018 and Part 5 (the [1]) is exactly GBT.32918.5-2016, as you mentioned above. Both of Part 2 and Part 5 could be used as references to this proposed new draft.

Let me figure out the availability of Parts 1 & 3...

> 
> Best regards, Rene
> 
> [1] China ECC - Public Key Cryptographic Algorithm SM2 Based on ECC - Part 5 - Parameter Definition (SEMB, July 24, 2018)
> [2] China ECC - Public Key Cryptographic Algorithm SM2 Based on ECC - Part 2 - Digital Signature Algorithm (SEMB, July 24, 2018)
> [3] China ECC - Public Key Cryptographic Algorithm SM2 Based on ECC - Part 4 - Public Key Encryption Algorithm (SEMB, July 24, 2018)
> 
> On 8/15/2019 10:16 AM, Paul Yang wrote:
>> Hi all,
>> 
>> I have submitted a new internet draft to introduce the SM cipher suites into TLS 1.3 protocol.
>> 
>> https://tools.ietf.org/html/draft-yang-tls-tls13-sm-suites-00
>> 
>> SM cryptographic algorithms are originally a set of Chinese national algorithms and now have been (or being) accepted by ISO as international standards, including SM2 signature algorithm, SM3 hash function and SM4 block cipher. These algorithms have already been supported some time ago by several widely used open source cryptographic libraries including               OpenSSL, BouncyCastle, Botan, etc.
>> 
>> Considering TLS1.3 is being gradually adopted in China's internet industry, it's important to have a normative definition on how to use the SM algorithms with TLS1.3, especially for the mobile internet scenario. Ant Financial is the company who develops the market leading mobile app 'Alipay' and supports payment services for Alibaba e-commerce business. We highly are depending on the new TLS1.3 protocol for both performance and security purposes. We expect to have more deployment of TLS1.3 capable applications in China's internet industry by this standardization attempts.
>> 
>> It's very appreciated to have comments from the IETF TLS list :-)
>> 
>> Many thanks!
>> 
>> 
>> _______________________________________________
>> TLS mailing list
>> 
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
> 
> 
> -- 
> email: 
> rstruik.ext@gmail.com
> | Skype: rstruik
> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
>