Add SM2 Algorithm Support

[xicilion]

Overview

Add SM2 (ShangMi 2) cryptographic algorithm support to the controller document specification. SM2 is a public key cryptographic algorithm based on elliptic curves, which has been standardized as GM/T 0003-2012 by the State Cryptography Administration of China.

Changes

• Added SM2 algorithm specification and parameters
• Included SM2 in the supported cryptographic algorithms list
• Added relevant documentation and examples

Motivation

SM2 is widely used in China's commercial cryptographic applications and has been proven to provide strong security. Adding SM2 support enhances the specification's compatibility with Chinese cryptographic standards and provides more options for implementers requiring compliance with Chinese regulations.

Impact

This addition expands the cryptographic algorithm options available to implementers while maintaining backward compatibility with existing implementations.

Related Issues

N/A

---

Preview | Diff

[iherman]

I am not familiar with the details of SM2 to judge whether the definition is mathematically correct. But I approve the principle to include this.

[TallTed]

LGTM after these a become an

[TallTed]

Sorry, missed two other locations of "a SM2" that should be "an SM2"

[selfissued]

I believe there is not a registered algorithm identifier for SM2 in https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms so there is no defined JOSE representation for this algorithm.

[xicilion]

It is true that SM2 is not currently supported by JOSE and there is already a community proposal to suggest this feature:

https://www.ietf.org/archive/id/draft-dang-webauthn-sm2-00.html

But it doesn't seem to have been accepted.

But I believe this should not be a barrier, the BLS12381G2 algorithm is also not on the JOSE list, which does not prevent did from using BLS12-381 as one of the optional signature algorithms.

As one of the technical barriers is the definition of MultiCodoc, I have previously initiated proposals to define multibase prefixes for public and private keys for SM2.

https://github.com/multiformats/multicodec/pulls?q=is%3Apr+is%3Aclosed+sm2

[xicilion]

Sorry, missed two other locations of "a SM2" that should be "an SM2"

No, that was my mistake, I misunderstood you and thought you only wished to modify the two previous ones.

[selfissued]

I suggest submitting a new draft either called draft-dang-jose-sm2 or draft-dang-cose-sm2, depending upon which working group you want to consider it. (There isn't an IETF WebAuthn working group.) And then request presentation time at IETF 122 in Bangkok to ask for the draft to be considered by the working group.

[xicilion]

Thank you very much for your suggestions, I will take the time to figure out how to submit this draft.

[TallTed]

My tweaks were made. English looks good. fwiw

[iherman]

The issue was discussed in a meeting on 2024-12-18

• no resolutions were taken

View the transcript

2.3. Add SM2 Algorithm Support (pr cid#131)

See github pull request cid#131.

Brent Zundel: add SM2 algorithm support. Has a couple requests for changes.

Manu Sporny: I put a change suggestion in there to see if the original person that raised the issue would have any objections. If they don't, we can merge it after. I'll remove the JSON web key expression and merge it after a day or two of waiting.

Brent Zundel: I believe the changes requested by TallTed have gone in. Path forward is the SM2 algorithm that's being added will be added for Data Integrity, on the JWK side it would be handled at IETF.
… with that all concerns will have been addressed and the PR can be merged. If folks disagree with this plan please speak up, otherwise we will move to our final PR.