sm3-and-sm4 icon indicating copy to clipboard operation
sm3-and-sm4 copied to clipboard

Published 20 hours ago verified publisher icon Xiangsong-Guan

SM3 hash is incorrect for inputs of a certain size

Open dewyatt opened this issue 7 years ago • 1 comments

Example

Input: ff27186ddc9b5f29a9c928583472f113c860b4781b24ea63852f211e48829fb7f93c8540e79aa3487f9789ddb0348e1a9090838f44d77fe7 Output: F46E545D5B0D71AA45AC1790DFAD39DECE6AF7C22F966A361A35FEFAB5371E74

Info

I have tested 3 other implementations and, given the above input, they produce: D649A9CF8544E0B7FD8DB124C1E85CBD934D66D6660F8EC6F45D571B5146597A

It seems that all inputs of lengths between 56-63 bytes consistently produce a hash that does not match up with other implementations, so I suspect this implementation has a bug.

The other implementations I tested were:

  • https://github.com/guanzhi/GmSSL
  • https://github.com/siddontang/pygmcrypto
  • https://github.com/SmartXiaoMing001/Chinese-Cipher-Of-SM2-SM3-SM4

dewyatt avatar Apr 02 '17 14:04 dewyatt

sorry for the late reply.

I have already confirmed that this is an implementation mistake in padding process. Due to this implementation mistake, the output will not be correct when the input length is from (64-8) to 63 bytes.

When I have time, I will fix this mistake.

Xiangsong-Guan avatar Dec 01 '17 06:12 Xiangsong-Guan