[EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl

Akhil Goyal gakhil at marvell.com
Wed Mar 1 13:22:01 CET 2023
Previous message (by thread): [PATCH v2 00/11] fixes and improvements to cnxk crypto PMD
Next message (by thread): [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Subject: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl

You should update the title with version number to identify each
Version and remove confusion.

Also, I see that there are compilation issues reported by CI
http://mails.dpdk.org/archives/test-report/2023-February/360051.html

Please fix and ensure compilation is not broken with different versions of OpenSSL.

> 
> Added SM3 support in openssl, and added SM4-EBC/
> SM4-CBC/SM4-CTR support in openssl.
> 
> Signed-off-by: Sunyang Wu <sunyang.wu at jaguarmicro.com>
> ---
>  doc/guides/cryptodevs/features/openssl.ini   |  4 +
>  doc/guides/cryptodevs/openssl.rst            |  4 +
>  drivers/crypto/openssl/rte_openssl_pmd.c     | 20 +++++
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c | 82 ++++++++++++++++++++
>  4 files changed, 110 insertions(+)
> 
> diff --git a/doc/guides/cryptodevs/features/openssl.ini
> b/doc/guides/cryptodevs/features/openssl.ini
> index 4b0f9b162e..efa339da55 100644
> --- a/doc/guides/cryptodevs/features/openssl.ini
> +++ b/doc/guides/cryptodevs/features/openssl.ini
> @@ -27,6 +27,9 @@ AES CTR (256)  = Y
>  3DES CBC       = Y
>  3DES CTR       = Y
>  DES DOCSIS BPI = Y
> +SM4 ECB        = Y
> +SM4 CBC        = Y
> +SM4 CTR        = Y
>  ;
>  ; Supported authentication algorithms of the 'openssl' crypto driver.
>  ;
> @@ -44,6 +47,7 @@ SHA384 HMAC  = Y
>  SHA512       = Y
>  SHA512 HMAC  = Y
>  AES GMAC     = Y
> +SM3          = Y
> 
>  ;
>  ; Supported AEAD algorithms of the 'openssl' crypto driver.
> diff --git a/doc/guides/cryptodevs/openssl.rst
> b/doc/guides/cryptodevs/openssl.rst
> index 03041ceda1..07dbd2763b 100644
> --- a/doc/guides/cryptodevs/openssl.rst
> +++ b/doc/guides/cryptodevs/openssl.rst
> @@ -19,10 +19,13 @@ OpenSSL PMD has support for:
> 
>  Supported cipher algorithms:
> 
> +* ``RTE_CRYPTO_CIPHER_SM4_ECB``
>  * ``RTE_CRYPTO_CIPHER_3DES_CBC``
>  * ``RTE_CRYPTO_CIPHER_AES_CBC``
> +* ``RTE_CRYPTO_CIPHER_SM4_CBC``
>  * ``RTE_CRYPTO_CIPHER_AES_CTR``
>  * ``RTE_CRYPTO_CIPHER_3DES_CTR``
> +* ``RTE_CRYPTO_CIPHER_SM4_CTR``
>  * ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI``
> 
>  Supported authentication algorithms:
> @@ -34,6 +37,7 @@ Supported authentication algorithms:
>  * ``RTE_CRYPTO_AUTH_SHA256``
>  * ``RTE_CRYPTO_AUTH_SHA384``
>  * ``RTE_CRYPTO_AUTH_SHA512``
> +* ``RTE_CRYPTO_AUTH_SM3``
>  * ``RTE_CRYPTO_AUTH_MD5_HMAC``
>  * ``RTE_CRYPTO_AUTH_SHA1_HMAC``
>  * ``RTE_CRYPTO_AUTH_SHA224_HMAC``
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index abcb641a44..4c9f12355f 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -240,6 +240,17 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm
> sess_algo, size_t keylen,
>  				res = -EINVAL;
>  			}
>  			break;
> +#ifndef OPENSSL_NO_SM4

Where is OPENSSL_NO_SM4 defined?
We cannot just add a piece of DEAD code in the driver.

> +		case RTE_CRYPTO_CIPHER_SM4_ECB:
> +			*algo = EVP_sm4_ecb();
> +			break;
> +		case RTE_CRYPTO_CIPHER_SM4_CBC:
> +			*algo = EVP_sm4_cbc();
> +			break;
> +		case RTE_CRYPTO_CIPHER_SM4_CTR:
> +			*algo = EVP_sm4_ctr();
> +			break;
> +#endif
>  		default:
>  			res = -EINVAL;
>  			break;
> @@ -284,6 +295,11 @@ get_auth_algo(enum rte_crypto_auth_algorithm
> sessalgo,
>  		case RTE_CRYPTO_AUTH_SHA512_HMAC:
>  			*algo = EVP_sha512();
>  			break;
> +#ifndef OPENSSL_NO_SM3
> +		case RTE_CRYPTO_AUTH_SM3:
> +			*algo = EVP_sm3();
> +			break;
> +#endif
>  		default:
>  			res = -EINVAL;
>  			break;
> @@ -483,6 +499,9 @@ openssl_set_session_cipher_parameters(struct
> openssl_session *sess,
>  	case RTE_CRYPTO_CIPHER_3DES_CBC:
>  	case RTE_CRYPTO_CIPHER_AES_CBC:
>  	case RTE_CRYPTO_CIPHER_AES_CTR:
> +	case RTE_CRYPTO_CIPHER_SM4_ECB:
> +	case RTE_CRYPTO_CIPHER_SM4_CBC:
> +	case RTE_CRYPTO_CIPHER_SM4_CTR:
>  		sess->cipher.mode = OPENSSL_CIPHER_LIB;
>  		sess->cipher.algo = xform->cipher.algo;
>  		sess->cipher.ctx = EVP_CIPHER_CTX_new();
> @@ -636,6 +655,7 @@ openssl_set_session_auth_parameters(struct
> openssl_session *sess,
>  	case RTE_CRYPTO_AUTH_SHA256:
>  	case RTE_CRYPTO_AUTH_SHA384:
>  	case RTE_CRYPTO_AUTH_SHA512:
> +	case RTE_CRYPTO_AUTH_SM3:
>  		sess->auth.mode = OPENSSL_AUTH_AS_AUTH;
>  		if (get_auth_algo(xform->auth.algo,
>  				&sess->auth.auth.evp_algo) != 0)
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 29ad1b9505..bd908b40fa 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -269,6 +269,28 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
>  			}, }
>  		}, }
>  	},
> +	{
> +		/* SM3 */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> +			{.auth = {
> +				.algo = RTE_CRYPTO_AUTH_SM3,
> +				.block_size = 64,
> +				.key_size = {
> +					.min = 0,
> +					.max = 0,
> +					.increment = 0
> +				},
> +				.digest_size = {
> +					.min = 32,
> +					.max = 32,
> +					.increment = 0
> +				},
> +				.aad_size = { 0 }
> +			}, }
> +		}, }
> +	},
>  	{	/* AES CBC */
>  		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
>  		{.sym = {
> @@ -494,6 +516,66 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
>  			}, }
>  		}, }
>  	},
> +	{	/* SM4 ECB */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_ECB,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 0,
> +					.max = 0,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 CBC */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_CBC,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 CTR */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_CTR,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
>  	{	/* RSA */
>  		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
>  		{.asym = {
> --
> 2.19.0.rc0.windows.1
Previous message (by thread): [PATCH v2 00/11] fixes and improvements to cnxk crypto PMD
Next message (by thread): [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the dev mailing list