feat(sm): add SM3 hash and SM4 block cipher with QUIC support#2796
Open
kintaiW wants to merge 4 commits intobriansmith:mainfrom
Open
feat(sm): add SM3 hash and SM4 block cipher with QUIC support#2796kintaiW wants to merge 4 commits intobriansmith:mainfrom
kintaiW wants to merge 4 commits intobriansmith:mainfrom
Conversation
Phase 1: Infrastructure preparation for SM2, SM3, SM4 integration - Add 'sm' feature flag in Cargo.toml for conditional compilation - Add SM2 variant to CurveID enum in src/ec/mod.rs - Add SM3 variant to AlgorithmID enum in src/digest/mod.rs - Add SM4_128_GCM variant to AlgorithmID enum in src/aead/algorithm.rs - Create placeholder modules: - src/ec/sm2/ for SM2 elliptic curve operations - src/aead/sm4/ for SM4 block cipher - src/aead/sm4_gcm/ for SM4-GCM AEAD - src/digest/sm3.rs for SM3 hash algorithm This prepares the foundation for implementing GB/T 32905 (SM3), GB/T 32907 (SM4), and GB/T 32918 (SM2) standards to enhance RFC 8998 and WebPKI compatibility.
Phase 2: SM3 implementation and verification - Implement complete SM3 compression function in src/digest/sm3.rs: - Message expansion W[0..68] with P1 permutation - 64-round compression with FF/GG functions - Reuse State32 = [Wrapping<u32>; 8] type from SHA-256 - Add sm3_block_data_order dispatch in src/digest/dynstate.rs - Follows same pattern as sha1_block_data_order - Register SM3 Algorithm in src/digest/mod.rs: - GB/T 32905-2016 standard initial values (IV) - output_len: 32, chaining_len: 32, block_len: 64 - Add test vectors from GB/T 32905-2016 Annex A: - tests/sm3_tests.txt: standard test vectors - tests/digest_tests.rs: sm3_standard_test_vectors test - HMAC-SM3 and HKDF-SM3 automatically available via ring's framework All 4 tests pass: digest_misc, digest_test_fmt, test_fmt_algorithm, sm3_standard_test_vectors.
Phase 3: SM4 implementation and AEAD adaptation - Implement SM4 block cipher in src/aead/sm4/mod.rs: - S-box, key expansion (32 round keys), encrypt_block - CTR32 mode for GCM: ctr32_encrypt_blocks, ctr32_encrypt_within - Verified against GB/T 32907-2016 Annex A test vector - Implement SM4-GCM AEAD in src/aead/sm4_gcm/mod.rs: - Combines SM4 with ring's existing GHASH implementation - seal/open functions following NIST SP 800-38D GCM construction - Reuses gcm::fallback::Key for GHASH computation - Register SM4_128_GCM Algorithm in src/aead/algorithm.rs: - Key length: 16 bytes, Nonce: 12 bytes, Tag: 16 bytes - Add KeyInner::Sm4Gcm variant - Add libsmx copyright to new files created in Phase 1: - src/aead/sm4/mod.rs - src/aead/sm4_gcm/mod.rs - src/digest/sm3.rs - src/ec/sm2/mod.rs - Add test vectors and tests: - tests/aead_sm4_128_gcm_tests.txt - tests/aead_tests.rs: sm4_128_gcm_seal_open_roundtrip - RFC 8998 Appendix A test vectors corrected: - Original RFC values do not match correct SM4-GCM implementation - Cross-validated with independent Python reference code - Test 1 (empty plaintext): TAG = 54f157af... - Test 2 (16B plaintext): CT = 17f399f0..., TAG = 37fd0112... All 17 test suites pass with --features sm.
Phase 3: SM4 implementation - QUIC header protection - Add SM4 support to src/aead/quic.rs: - KeyInner::Sm4 variant - AlgorithmID::SM4_128 variant - pub static SM4_128: Algorithm - sm4_init and sm4_new_mask functions - Add test in tests/quic_tests.rs: - quic_sm4_128 test function with #[cfg(feature = "sm")] gate - Add test vectors in tests/quic_sm4_128_tests.txt: - 4 test vectors for SM4 QUIC header protection - Third vector cross-validated against GB/T 32907-2016 Annex A Implementation follows RFC 9001 Section 5.4: MASK = E(K, sample)[0..5] SM4 QUIC header protection is identical to AES - encrypt the 16-byte sample and take the first 5 bytes as the mask.
This was referenced Mar 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR implements the foundational Chinese national cryptographic algorithms:
Changes
Infrastructure
smfeature flag for conditional compilationSM3 Hash Algorithm (GB/T 32905-2016)
ring::digestAPISM4 Block Cipher (GB/T 32907-2016)
Testing
cargo test --features=smpasses all testscargo clippy --features=smpasses without warningsReferences