[v1, 0/3] SM2 crypto algorithm support

[v1, 0/3] SM2 crypto algorithm support

[Gowrishankar Muthukrishnan]

This patch series adds SM2 crypto algorithm support, along with tests
verified using Openssl.

Gowrishankar Muthukrishnan (3):
  cryptodev: add SM2 asymmetric crypto algorithm
  test/test_cryptodev_asym: add SM2 tests
  crypto/openssl: add SM2 asymmetric crypto support

 app/test/test_cryptodev_asym.c               | 506 +++++++++++++++++++
 app/test/test_cryptodev_sm2_test_vectors.h   | 120 +++++
 doc/guides/cryptodevs/features/default.ini   |   1 +
 doc/guides/cryptodevs/features/openssl.ini   |   1 +
 doc/guides/cryptodevs/openssl.rst            |   1 +
 doc/guides/rel_notes/release_23_07.rst       |   7 +
 drivers/crypto/openssl/openssl_pmd_private.h |   7 +
 drivers/crypto/openssl/rte_openssl_pmd.c     | 245 +++++++++
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 101 ++++
 lib/cryptodev/rte_crypto_asym.h              |  76 +++
 lib/cryptodev/rte_cryptodev.c                |   1 +
 11 files changed, 1066 insertions(+)
 create mode 100644 app/test/test_cryptodev_sm2_test_vectors.h

-- 
2.25.1

[v1, 1/3] cryptodev: add SM2 asymmetric crypto algorithm

[Gowrishankar Muthukrishnan]

ShangMi 2 (SM2) is a encryption and digital signatture algorithm
used in the Chinese National Standard.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/cryptodevs/features/default.ini |  1 +
 doc/guides/rel_notes/release_23_07.rst     |  3 +
 lib/cryptodev/rte_crypto_asym.h            | 76 ++++++++++++++++++++++
 lib/cryptodev/rte_cryptodev.c              |  1 +
 4 files changed, 81 insertions(+)

diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini
index 523da0cfa8..a69967bb9e 100644
--- a/doc/guides/cryptodevs/features/default.ini
+++ b/doc/guides/cryptodevs/features/default.ini
@@ -125,6 +125,7 @@ Diffie-hellman          =
 ECDSA                   =
 ECPM                    =
 ECDH                    =
+SM2                     =
 
 ;
 ; Supported Operating systems of a default crypto driver.
diff --git a/doc/guides/rel_notes/release_23_07.rst b/doc/guides/rel_notes/release_23_07.rst
index a9b1293689..b920840038 100644
--- a/doc/guides/rel_notes/release_23_07.rst
+++ b/doc/guides/rel_notes/release_23_07.rst
@@ -55,6 +55,9 @@ New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+* **Added SM2 algorithm in cryptodev library.**
+
+  Added SM2 algorithm with prime field curve support.
 
 Removed Items
 -------------
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 989f38323f..c91a8dee4d 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -119,6 +119,8 @@ enum rte_crypto_asym_xform_type {
 	/**< Elliptic Curve Point Multiplication */
 	RTE_CRYPTO_ASYM_XFORM_ECFPM,
 	/**< Elliptic Curve Fixed Point Multiplication */
+	RTE_CRYPTO_ASYM_XFORM_SM2,
+	/**< ShangMi 2. Performs Encrypt, Decrypt, Sign and Verify. */
 	RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
 	/**< End of list */
 };
@@ -382,6 +384,20 @@ struct rte_crypto_ec_xform {
 	/**< Pre-defined ec groups */
 };
 
+/**
+ * Asymmetric SM2 transform data
+ *
+ * Structure describing SM2 xform params
+ *
+ */
+struct rte_crypto_sm2_xform {
+	rte_crypto_uint pkey;
+	/**< Private key of the signer for signature generation */
+
+	struct rte_crypto_ec_point q;
+	/**< Public key of the signer for verification */
+};
+
 /**
  * Operations params for modular operations:
  * exponentiation and multiplicative inverse
@@ -637,9 +653,68 @@ struct rte_crypto_asym_xform {
 		/**< EC xform parameters, used by elliptic curve based
 		 * operations.
 		 */
+
+		struct rte_crypto_sm2_xform sm2;
+		/**< SM2 xform parameters */
 	};
 };
 
+/**
+ * SM2 operation params
+ */
+struct rte_crypto_sm2_op_param {
+	enum rte_crypto_asym_op_type op_type;
+	/**< Signature generation or verification */
+
+	rte_crypto_param message;
+	/**<
+	 * Pointer to input data
+	 * - to be encrypted for SM2 public encrypt.
+	 * - to be signed for SM2 sign generation.
+	 * - to be authenticated for SM2 sign verification.
+	 *
+	 * Pointer to output data
+	 * - for SM2 private decrypt.
+	 * In this case the underlying array should have been
+	 * allocated with enough memory to hold plaintext output
+	 * (atleast encrypted text length). The message.length field
+	 * will be overwritten by the PMD with the decrypted length.
+	 */
+
+	rte_crypto_param cipher;
+	/**<
+	 * Pointer to input data
+	 * - to be decrypted for SM2 private decrypt.
+	 *
+	 * Pointer to output data
+	 * - for SM2 public encrypt.
+	 * In this case the underlying array should have been allocated
+	 * with enough memory to hold ciphertext output (atleast X bytes
+	 * for prime field curve of N bytes and for message M bytes,
+	 * where X = (C1 + C2 + C3) and computed based on SM2 RFC as
+	 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
+	 * be overwritten by the PMD with the encrypted length.
+	 */
+
+	rte_crypto_uint id;
+	/**< The SM2 id used by signer and verifier and is in interval
+	 * (1, n-1).
+	 */
+
+	rte_crypto_uint r;
+	/**< r component of elliptic curve signature
+	 *     output : for signature generation (of atleast N bytes
+	 *              where prime field length is N bytes)
+	 *     input  : for signature verification
+	 */
+	rte_crypto_uint s;
+	/**< s component of elliptic curve signature
+	 *     output : for signature generation (of atleast N bytes
+	 *              where prime field length is N bytes)
+	 *     input  : for signature verification
+	 */
+};
+
 /**
  * Asymmetric Cryptographic Operation.
  *
@@ -665,6 +740,7 @@ struct rte_crypto_asym_op {
 		struct rte_crypto_dsa_op_param dsa;
 		struct rte_crypto_ecdsa_op_param ecdsa;
 		struct rte_crypto_ecpm_op_param ecpm;
+		struct rte_crypto_sm2_op_param sm2;
 	};
 	uint16_t flags;
 	/**<
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index a96114b2da..fd7b6b92b5 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -282,6 +282,7 @@ const char *rte_crypto_asym_xform_strings[] = {
 	[RTE_CRYPTO_ASYM_XFORM_DSA]	= "dsa",
 	[RTE_CRYPTO_ASYM_XFORM_ECDSA]	= "ecdsa",
 	[RTE_CRYPTO_ASYM_XFORM_ECPM]	= "ecpm",
+	[RTE_CRYPTO_ASYM_XFORM_SM2]	= "sm2",
 };
 
 /**
-- 
2.25.1

[v1, 2/3] test/test_cryptodev_asym: add SM2 tests

[Gowrishankar Muthukrishnan]

Add SM2 tests.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 app/test/test_cryptodev_asym.c             | 506 +++++++++++++++++++++
 app/test/test_cryptodev_sm2_test_vectors.h | 120 +++++
 2 files changed, 626 insertions(+)
 create mode 100644 app/test/test_cryptodev_sm2_test_vectors.h

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 9236817650..bfaeedee27 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -21,6 +21,7 @@
 #include "test_cryptodev_ecpm_test_vectors.h"
 #include "test_cryptodev_mod_test_vectors.h"
 #include "test_cryptodev_rsa_test_vectors.h"
+#include "test_cryptodev_sm2_test_vectors.h"
 #include "test_cryptodev_asym_util.h"
 #include "test.h"
 
@@ -2196,6 +2197,507 @@ test_ecpm_all_curve(void)
 	return overall_status;
 }
 
+static int
+test_sm2_sign(void)
+{
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_op *result_op = NULL;
+	uint8_t output_buf_r[TEST_DATA_SIZE];
+	uint8_t output_buf_s[TEST_DATA_SIZE];
+	struct rte_crypto_asym_xform xform;
+	struct rte_crypto_asym_op *asym_op;
+	struct rte_cryptodev_info dev_info;
+	struct rte_crypto_op *op = NULL;
+	int ret, status = TEST_SUCCESS;
+	void *sess = NULL;
+
+	rte_cryptodev_info_get(dev_id, &dev_info);
+
+	/* Setup crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto "
+				"operation struct\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+	asym_op = op->asym;
+
+	/* Setup asym xform */
+	xform.next = NULL;
+	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	xform.sm2.pkey.data = input_params.pkey.data;
+	xform.sm2.pkey.length = input_params.pkey.length;
+	xform.sm2.q.x.data = input_params.pubkey_qx.data;
+	xform.sm2.q.x.length = input_params.pubkey_qx.length;
+	xform.sm2.q.y.data = input_params.pubkey_qy.data;
+	xform.sm2.q.y.length = input_params.pubkey_qy.length;
+
+	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
+	if (ret < 0) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Session creation failed\n");
+		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
+		goto exit;
+	}
+
+	/* Attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	/* Compute sign */
+
+	/* Populate op with operational details */
+	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+	op->asym->sm2.message.data = input_params.message.data;
+	op->asym->sm2.message.length = input_params.message.length;
+	op->asym->sm2.id.data = input_params.id.data;
+	op->asym->sm2.id.length = input_params.id.length;
+
+	/* Init out buf */
+	op->asym->sm2.r.data = output_buf_r;
+	op->asym->sm2.s.data = output_buf_s;
+
+	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	asym_op = result_op->asym;
+
+	debug_hexdump(stdout, "r:",
+			asym_op->sm2.r.data, asym_op->sm2.r.length);
+	debug_hexdump(stdout, "s:",
+			asym_op->sm2.s.data, asym_op->sm2.s.length);
+
+	/* Verify sign (in roundtrip) */
+
+	/* Populate op with operational details */
+	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+
+	/* Enqueue sign result for verify */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		status = TEST_FAILED;
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		goto exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		status = TEST_FAILED;
+		goto exit;
+	}
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		status = TEST_FAILED;
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"SM2 verify failed.\n");
+		goto exit;
+	}
+
+exit:
+	if (sess != NULL)
+		rte_cryptodev_asym_session_free(dev_id, sess);
+	rte_crypto_op_free(op);
+	return status;
+};
+
+static int
+test_sm2_verify(void)
+{
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_op *result_op = NULL;
+	struct rte_crypto_asym_xform xform;
+	struct rte_cryptodev_info dev_info;
+	struct rte_crypto_op *op = NULL;
+	int ret, status = TEST_SUCCESS;
+	void *sess = NULL;
+
+	rte_cryptodev_info_get(dev_id, &dev_info);
+
+	/* Setup crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto "
+				"operation struct\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	/* Setup asym xform */
+	xform.next = NULL;
+	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	xform.sm2.q.x.data = input_params.pubkey_qx.data;
+	xform.sm2.q.x.length = input_params.pubkey_qx.length;
+	xform.sm2.q.y.data = input_params.pubkey_qy.data;
+	xform.sm2.q.y.length = input_params.pubkey_qy.length;
+
+	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
+	if (ret < 0) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Session creation failed\n");
+		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
+		goto exit;
+	}
+
+	/* Attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	/* Verify given sign */
+
+	/* Populate op with operational details */
+	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+	op->asym->sm2.message.data = input_params.message.data;
+	op->asym->sm2.message.length = input_params.message.length;
+	op->asym->sm2.r.data = input_params.sign_r.data;
+	op->asym->sm2.r.length = input_params.sign_r.length;
+	op->asym->sm2.s.data = input_params.sign_s.data;
+	op->asym->sm2.s.length = input_params.sign_s.length;
+	op->asym->sm2.id.data = input_params.id.data;
+	op->asym->sm2.id.length = input_params.id.length;
+
+	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+exit:
+	if (sess != NULL)
+		rte_cryptodev_asym_session_free(dev_id, sess);
+	rte_crypto_op_free(op);
+	return status;
+};
+
+static int
+test_sm2_encrypt(void)
+{
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	uint8_t output_buf[TEST_DATA_SIZE], *pbuf = NULL;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_op *result_op = NULL;
+	struct rte_crypto_asym_xform xform;
+	struct rte_crypto_asym_op *asym_op;
+	struct rte_cryptodev_info dev_info;
+	struct rte_crypto_op *op = NULL;
+	int ret, status = TEST_SUCCESS;
+	void *sess = NULL;
+
+	rte_cryptodev_info_get(dev_id, &dev_info);
+
+	/* Setup crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto "
+				"operation struct\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+	asym_op = op->asym;
+
+	/* Setup asym xform */
+	xform.next = NULL;
+	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	xform.sm2.pkey.data = input_params.pkey.data;
+	xform.sm2.pkey.length = input_params.pkey.length;
+	xform.sm2.q.x.data = input_params.pubkey_qx.data;
+	xform.sm2.q.x.length = input_params.pubkey_qx.length;
+	xform.sm2.q.y.data = input_params.pubkey_qy.data;
+	xform.sm2.q.y.length = input_params.pubkey_qy.length;
+
+	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
+	if (ret < 0) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Session creation failed\n");
+		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
+		goto exit;
+	}
+
+	/* Attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	/* Compute encrypt */
+
+	/* Populate op with operational details */
+	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
+	op->asym->sm2.message.data = input_params.message.data;
+	op->asym->sm2.message.length = input_params.message.length;
+
+	/* Init out buf */
+	op->asym->sm2.cipher.data = output_buf;
+
+	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	asym_op = result_op->asym;
+
+	debug_hexdump(stdout, "cipher:",
+			asym_op->sm2.cipher.data, asym_op->sm2.cipher.length);
+
+	/* Verify cipher (in roundtrip) */
+
+	/* Populate op with operational details */
+	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+	pbuf = rte_malloc(NULL, TEST_DATA_SIZE, 0);
+	op->asym->sm2.message.data = pbuf;
+	op->asym->sm2.message.length = TEST_DATA_SIZE;
+
+	/* Enqueue cipher result for decrypt */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		status = TEST_FAILED;
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		goto exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		status = TEST_FAILED;
+		goto exit;
+	}
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		status = TEST_FAILED;
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"SM2 encrypt failed.\n");
+		goto exit;
+	}
+
+	asym_op = result_op->asym;
+	if (memcmp(input_params.message.data, asym_op->sm2.message.data,
+			   asym_op->sm2.message.length) != 0) {
+		status = TEST_FAILED;
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"SM2 encrypt failed.\n");
+		goto exit;
+	}
+exit:
+	if (pbuf != NULL)
+		rte_free(pbuf);
+
+	if (sess != NULL)
+		rte_cryptodev_asym_session_free(dev_id, sess);
+	rte_crypto_op_free(op);
+	return status;
+};
+
+static int
+test_sm2_decrypt(void)
+{
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_op *result_op = NULL;
+	uint8_t output_buf_m[TEST_DATA_SIZE];
+	struct rte_crypto_asym_xform xform;
+	struct rte_crypto_asym_op *asym_op;
+	struct rte_cryptodev_info dev_info;
+	struct rte_crypto_op *op = NULL;
+	int ret, status = TEST_SUCCESS;
+	void *sess = NULL;
+
+	rte_cryptodev_info_get(dev_id, &dev_info);
+
+	/* Setup crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto "
+				"operation struct\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+	asym_op = op->asym;
+
+	/* Setup asym xform */
+	xform.next = NULL;
+	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	xform.sm2.pkey.data = input_params.pkey.data;
+	xform.sm2.pkey.length = input_params.pkey.length;
+	xform.sm2.q.x.data = input_params.pubkey_qx.data;
+	xform.sm2.q.x.length = input_params.pubkey_qx.length;
+	xform.sm2.q.y.data = input_params.pubkey_qy.data;
+	xform.sm2.q.y.length = input_params.pubkey_qy.length;
+
+	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
+	if (ret < 0) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Session creation failed\n");
+		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
+		goto exit;
+	}
+
+	/* Attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	/* Compute decrypt */
+
+	/* Populate op with operational details */
+	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+	op->asym->sm2.cipher.data = input_params.cipher.data;
+	op->asym->sm2.cipher.length = input_params.cipher.length;
+
+	/* Init out buf */
+	op->asym->sm2.message.data = output_buf_m;
+	op->asym->sm2.message.length = RTE_DIM(output_buf_m);
+
+	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	asym_op = result_op->asym;
+
+	debug_hexdump(stdout, "message:",
+			asym_op->sm2.message.data, asym_op->sm2.message.length);
+
+	if (memcmp(input_params.message.data, asym_op->sm2.message.data,
+			op->asym->sm2.message.length)) {
+		status = TEST_FAILED;
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"SM2 decrypt failed.\n");
+		goto exit;
+	}
+exit:
+	if (sess != NULL)
+		rte_cryptodev_asym_session_free(dev_id, sess);
+	rte_crypto_op_free(op);
+	return status;
+};
+
 static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 	.suite_name = "Crypto Device OPENSSL ASYM Unit Test Suite",
 	.setup = testsuite_setup,
@@ -2205,6 +2707,10 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 				test_dh_keygenration),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_encrypt),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_decrypt),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 				test_rsa_sign_verify),
diff --git a/app/test/test_cryptodev_sm2_test_vectors.h b/app/test/test_cryptodev_sm2_test_vectors.h
new file mode 100644
index 0000000000..d70d3ccaa0
--- /dev/null
+++ b/app/test/test_cryptodev_sm2_test_vectors.h
@@ -0,0 +1,120 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#ifndef __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__
+#define __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__
+
+#include "rte_crypto_asym.h"
+
+struct crypto_testsuite_sm2_params {
+	rte_crypto_param pubkey_qx;
+	rte_crypto_param pubkey_qy;
+	rte_crypto_param pkey;
+	rte_crypto_param sign_r;
+	rte_crypto_param sign_s;
+	rte_crypto_param id;
+	rte_crypto_param cipher;
+	rte_crypto_param message;
+};
+
+static uint8_t fp256_pkey[] = {
+	0x77, 0x84, 0x35, 0x65, 0x4c, 0x7a, 0x6d, 0xb1,
+	0x1e, 0x63, 0x0b, 0x41, 0x97, 0x36, 0x04, 0xf4,
+	0xec, 0x35, 0xee, 0x3b, 0x76, 0xc2, 0x34, 0x08,
+	0xd9, 0x4a, 0x22, 0x0d, 0x7f, 0xf6, 0xc6, 0x90
+};
+
+static uint8_t fp256_qx[] = {
+	0x7b, 0x24, 0xa3, 0x03, 0xcf, 0xb2, 0x22, 0xfa,
+	0x4c, 0xb3, 0x88, 0x54, 0xf9, 0x30, 0xd1, 0x4d,
+	0xe3, 0x50, 0xda, 0xba, 0xe6, 0xa7, 0x0b, 0x91,
+	0x4c, 0x04, 0x0d, 0x5c, 0xe0, 0x8e, 0x86, 0xc5
+};
+
+static uint8_t fp256_qy[] = {
+	0xbc, 0x39, 0xe3, 0x19, 0x4e, 0xd2, 0x29, 0x22,
+	0x5b, 0x37, 0x2d, 0xeb, 0xcc, 0x05, 0x52, 0x8d,
+	0xb9, 0x40, 0xa3, 0xab, 0x3c, 0xbe, 0x16, 0x30,
+	0x1c, 0xe4, 0xe8, 0x7f, 0xba, 0x6e, 0x0b, 0xae
+};
+
+static uint8_t fp256_sign_r[] = {
+	0xf3, 0x26, 0x10, 0xde, 0xfb, 0xbf, 0x13, 0xd4,
+	0x73, 0xb1, 0xc2, 0x80, 0x51, 0x06, 0x29, 0xf9,
+	0xfb, 0xc8, 0x11, 0xa7, 0x8d, 0x2c, 0xcb, 0x09,
+	0x7c, 0xb2, 0xcf, 0x58, 0x0b, 0x5e, 0x25, 0xff
+};
+
+static uint8_t fp256_sign_s[] = {
+	0x8d, 0x8d, 0xb5, 0x40, 0xe3, 0xfb, 0x98, 0xf9,
+	0x8c, 0xe4, 0x58, 0x60, 0xf2, 0x78, 0x8f, 0xd9,
+	0xbf, 0xb8, 0x47, 0x73, 0x88, 0xc1, 0xd1, 0xcd,
+	0x2d, 0xdb, 0xe3, 0xc1, 0x44, 0x30, 0x25, 0x86
+};
+
+static uint8_t fp256_id[] = {
+	0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8
+};
+
+static uint8_t fp256_message[] = {
+	0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20,
+	0x64, 0x69, 0x67, 0x65, 0x73, 0x74
+};
+
+static uint8_t fp256_cipher[] = {
+	0x30, 0x78, 0x02, 0x21, 0x00, 0xAB, 0xBD, 0xE8,
+	0xE8, 0x80, 0x93, 0x36, 0x77, 0xB6, 0x44, 0x47,
+	0x6D, 0x00, 0xF6, 0x51, 0xC8, 0x80, 0x9C, 0x9E,
+	0xD9, 0xEC, 0x36, 0x8A, 0x60, 0x8E, 0x26, 0x2D,
+	0x71, 0x31, 0xB7, 0xC1, 0x38, 0x02, 0x21, 0x00,
+	0xE1, 0xBF, 0x4C, 0x13, 0x7A, 0x87, 0x40, 0x32,
+	0xF5, 0xA1, 0xE2, 0xA1, 0x3B, 0x83, 0xBF, 0x6B,
+	0x3F, 0xFB, 0xC8, 0x13, 0x01, 0xDE, 0xCF, 0xC0,
+	0xF4, 0x24, 0x66, 0x52, 0x89, 0xDA, 0x6D, 0x7A,
+	0x04, 0x20, 0x8E, 0xFD, 0x52, 0x77, 0xC9, 0xE7,
+	0x90, 0xD1, 0x17, 0x75, 0xDE, 0xEE, 0xF3, 0xE5,
+	0x11, 0x0C, 0x5D, 0xE1, 0x3A, 0xB6, 0x2B, 0x72,
+	0x60, 0xE5, 0xD5, 0xF3, 0x0F, 0xE2, 0x44, 0xDB,
+	0xBC, 0x66, 0x04, 0x0E, 0x78, 0x2D, 0xC0, 0x3D,
+	0x38, 0xA2, 0x42, 0xA4, 0x8E, 0x8B, 0xF5, 0x06,
+	0x32, 0xFA
+};
+
+/** SM2 Fp256 elliptic curve test params */
+struct crypto_testsuite_sm2_params sm2_param_fp256 = {
+	.pubkey_qx = {
+		.data = fp256_qx,
+		.length = sizeof(fp256_qx),
+	},
+	.pubkey_qy = {
+		.data = fp256_qy,
+		.length = sizeof(fp256_qy),
+	},
+	.sign_r = {
+		.data = fp256_sign_r,
+		.length = sizeof(fp256_sign_r),
+	},
+	.sign_s = {
+		.data = fp256_sign_s,
+		.length = sizeof(fp256_sign_s),
+	},
+	.id = {
+		.data = fp256_id,
+		.length = sizeof(fp256_id),
+	},
+	.pkey = {
+		.data = fp256_pkey,
+		.length = sizeof(fp256_pkey),
+	},
+	.message = {
+		.data = fp256_message,
+		.length = sizeof(fp256_message),
+	},
+	.cipher = {
+		.data = fp256_cipher,
+		.length = sizeof(fp256_cipher),
+	}
+};
+
+#endif /* __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__ */
-- 
2.25.1

[v1, 3/3] crypto/openssl: add SM2 asymmetric crypto support

[Gowrishankar Muthukrishnan]

Add SM2 asymmetric algorithm support in openssl PMD.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/cryptodevs/features/openssl.ini   |   1 +
 doc/guides/cryptodevs/openssl.rst            |   1 +
 doc/guides/rel_notes/release_23_07.rst       |   4 +
 drivers/crypto/openssl/openssl_pmd_private.h |   7 +
 drivers/crypto/openssl/rte_openssl_pmd.c     | 245 +++++++++++++++++++
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 101 ++++++++
 6 files changed, 359 insertions(+)

diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini
index 4b0f9b162e..b64c8ec4a5 100644
--- a/doc/guides/cryptodevs/features/openssl.ini
+++ b/doc/guides/cryptodevs/features/openssl.ini
@@ -65,6 +65,7 @@ DSA = Y
 Modular Exponentiation = Y
 Modular Inversion = Y
 Diffie-hellman = Y
+SM2 = Y
 
 ;
 ; Supported Operating systems of the 'openssl' crypto driver.
diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst
index 03041ceda1..ff21d21b23 100644
--- a/doc/guides/cryptodevs/openssl.rst
+++ b/doc/guides/cryptodevs/openssl.rst
@@ -53,6 +53,7 @@ Supported Asymmetric Crypto algorithms:
 * ``RTE_CRYPTO_ASYM_XFORM_DH``
 * ``RTE_CRYPTO_ASYM_XFORM_MODINV``
 * ``RTE_CRYPTO_ASYM_XFORM_MODEX``
+* ``RTE_CRYPTO_ASYM_XFORM_SM2``
 
 
 Installation
diff --git a/doc/guides/rel_notes/release_23_07.rst b/doc/guides/rel_notes/release_23_07.rst
index b920840038..8868b0bb32 100644
--- a/doc/guides/rel_notes/release_23_07.rst
+++ b/doc/guides/rel_notes/release_23_07.rst
@@ -59,6 +59,10 @@ New Features
 
   Added SM2 algorithm with prime field curve support.
 
+* **Updated OpenSSL crypto driver for SM2 support.**
+
+  Added SM2 algorithm support in asymmetric crypto operations.
+
 Removed Items
 -------------
 
diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index ed6841e460..d7990c8333 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -12,6 +12,7 @@
 #include <openssl/rsa.h>
 #include <openssl/dh.h>
 #include <openssl/dsa.h>
+#include <openssl/ec.h>
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 #include <openssl/provider.h>
 #include <openssl/core_names.h>
@@ -200,6 +201,12 @@ struct openssl_asym_session {
 			OSSL_PARAM_BLD * param_bld;
 #endif
 		} s;
+		struct {
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+			OSSL_PARAM *key_params;
+			OSSL_PARAM *enc_params;
+#endif
+		} sm2;
 	} u;
 } __rte_cache_aligned;
 /** Set and validate OPENSSL crypto session parameters */
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 384d262621..25feb88ac3 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -13,6 +13,7 @@
 #include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
+#include <openssl/ec.h>
 
 #include "openssl_pmd_private.h"
 #include "compat.h"
@@ -2662,6 +2663,234 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
 	return ret;
 
 }
+
+static int
+process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
+		struct openssl_asym_session *sess)
+{
+	EVP_PKEY_CTX *kctx = NULL, *sctx = NULL, *cctx = NULL;
+	OSSL_PARAM *kparams = sess->u.sm2.key_params;
+	struct rte_crypto_asym_op *op = cop->asym;
+	EVP_PKEY *pkey = NULL;
+	int ret = -1;
+
+	cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+
+	if (!kparams)
+		return ret;
+
+	switch (op->sm2.op_type) {
+	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
+		{
+			OSSL_PARAM *eparams = sess->u.sm2.enc_params;
+			size_t output_len;
+
+			kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
+			if (kctx == NULL || EVP_PKEY_fromdata_init(kctx) <= 0 ||
+				EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, kparams) <= 0)
+				goto err_sm2;
+
+			cctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
+			if (!cctx)
+				goto err_sm2;
+
+			if (!EVP_PKEY_encrypt_init(cctx))
+				goto err_sm2;
+
+			if (!EVP_PKEY_CTX_set_params(cctx, eparams))
+				goto err_sm2;
+
+			if (!EVP_PKEY_encrypt(cctx, op->sm2.cipher.data, &output_len,
+								 op->sm2.message.data,
+								 op->sm2.message.length))
+				goto err_sm2;
+			op->sm2.cipher.length = output_len;
+		}
+		break;
+	case RTE_CRYPTO_ASYM_OP_DECRYPT:
+		{
+			OSSL_PARAM *eparams = sess->u.sm2.enc_params;
+
+			kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
+			if (kctx == NULL
+				|| EVP_PKEY_fromdata_init(kctx) <= 0
+				|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, kparams) <= 0)
+				goto err_sm2;
+
+			cctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
+			if (!cctx)
+				goto err_sm2;
+
+			if (!EVP_PKEY_decrypt_init(cctx))
+				goto err_sm2;
+
+			if (!EVP_PKEY_CTX_set_params(cctx, eparams))
+				goto err_sm2;
+
+			if (!EVP_PKEY_decrypt(cctx, op->sm2.message.data, &op->sm2.message.length,
+					op->sm2.cipher.data, op->sm2.cipher.length))
+				goto err_sm2;
+		}
+		break;
+	case RTE_CRYPTO_ASYM_OP_SIGN:
+		{
+			unsigned char signbuf[128] = {0};
+			const unsigned char *signptr = signbuf;
+			EVP_MD_CTX *md_ctx = NULL;
+			const BIGNUM *r, *s;
+			ECDSA_SIG *ec_sign;
+			EVP_MD *check_md;
+			size_t signlen;
+
+			kctx = EVP_PKEY_CTX_new_from_name(NULL, "SM2", NULL);
+			if (kctx == NULL || EVP_PKEY_fromdata_init(kctx) <= 0 ||
+				EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, kparams) <= 0)
+				goto err_sm2;
+
+			md_ctx = EVP_MD_CTX_new();
+			if (!md_ctx)
+				goto err_sm2;
+
+			sctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
+			if (!sctx)
+				goto err_sm2;
+
+			EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
+
+			check_md = EVP_MD_fetch(NULL, "sm3", NULL);
+			if (!check_md)
+				goto err_sm2;
+
+			if (!EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey))
+				goto err_sm2;
+
+			if (EVP_PKEY_CTX_set1_id(sctx, op->sm2.id.data, op->sm2.id.length) <= 0)
+				goto err_sm2;
+
+			if (!EVP_DigestSignUpdate(md_ctx, op->sm2.message.data,
+					op->sm2.message.length))
+				goto err_sm2;
+
+			if (!EVP_DigestSignFinal(md_ctx, NULL, &signlen))
+				goto err_sm2;
+
+			if (!EVP_DigestSignFinal(md_ctx, signbuf, &signlen))
+				goto err_sm2;
+
+			ec_sign = d2i_ECDSA_SIG(NULL, &signptr, signlen);
+			if (!ec_sign)
+				goto err_sm2;
+
+			r = ECDSA_SIG_get0_r(ec_sign);
+			s = ECDSA_SIG_get0_s(ec_sign);
+			if (!r || !s)
+				goto err_sm2;
+
+			op->sm2.r.length = BN_num_bytes(r);
+			op->sm2.s.length = BN_num_bytes(s);
+			BN_bn2bin(r, op->sm2.r.data);
+			BN_bn2bin(s, op->sm2.s.data);
+
+			ECDSA_SIG_free(ec_sign);
+		}
+		break;
+	case RTE_CRYPTO_ASYM_OP_VERIFY:
+		{
+			unsigned char signbuf[128] = {0};
+			EVP_MD_CTX *md_ctx = NULL;
+			BIGNUM *r = NULL, *s = NULL;
+			ECDSA_SIG *ec_sign;
+			EVP_MD *check_md;
+			size_t signlen;
+
+			kctx = EVP_PKEY_CTX_new_from_name(NULL, "SM2", NULL);
+			if (kctx == NULL || EVP_PKEY_fromdata_init(kctx) <= 0 ||
+				EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_PUBLIC_KEY, kparams) <= 0)
+				goto err_sm2;
+
+			if (!EVP_PKEY_is_a(pkey, "SM2"))
+				goto err_sm2;
+
+			md_ctx = EVP_MD_CTX_new();
+			if (!md_ctx)
+				goto err_sm2;
+
+			sctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
+			if (!sctx)
+				goto err_sm2;
+
+			EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
+
+			check_md = EVP_MD_fetch(NULL, "sm3", NULL);
+			if (!check_md)
+				goto err_sm2;
+
+			if (!EVP_DigestVerifyInit(md_ctx, NULL, check_md, NULL, pkey))
+				goto err_sm2;
+
+			if (EVP_PKEY_CTX_set1_id(sctx, op->sm2.id.data, op->sm2.id.length) <= 0)
+				goto err_sm2;
+
+			if (!EVP_DigestVerifyUpdate(md_ctx, op->sm2.message.data,
+					op->sm2.message.length))
+				goto err_sm2;
+
+			ec_sign = ECDSA_SIG_new();
+			if (!ec_sign)
+				goto err_sm2;
+
+			r = BN_bin2bn(op->sm2.r.data, op->sm2.r.length, r);
+			s = BN_bin2bn(op->sm2.s.data, op->sm2.s.length, s);
+			if (!r || !s)
+				goto err_sm2;
+
+			if (!ECDSA_SIG_set0(ec_sign, r, s)) {
+				BN_free(r);
+				BN_free(s);
+				goto err_sm2;
+			}
+
+			r = NULL;
+			s = NULL;
+
+			signlen = i2d_ECDSA_SIG(ec_sign, (unsigned char **)&signbuf);
+			if (signlen <= 0)
+				goto err_sm2;
+
+			if (!EVP_DigestVerifyFinal(md_ctx, signbuf, signlen))
+				goto err_sm2;
+
+			BN_free(r);
+			BN_free(s);
+			ECDSA_SIG_free(ec_sign);
+	}
+		break;
+	default:
+		/* allow ops with invalid args to be pushed to
+		 * completion queue
+		 */
+		cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		goto err_sm2;
+	}
+
+	ret = 0;
+	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+err_sm2:
+	if (kctx)
+		EVP_PKEY_CTX_free(kctx);
+
+	if (sctx)
+		EVP_PKEY_CTX_free(sctx);
+
+	if (cctx)
+		EVP_PKEY_CTX_free(cctx);
+
+	if (pkey)
+		EVP_PKEY_free(pkey);
+
+	return ret;
+}
+
 #else
 static int
 process_openssl_rsa_op(struct rte_crypto_op *cop,
@@ -2761,6 +2990,15 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 
 	return 0;
 }
+
+static int
+process_openssl_sm2_op(struct rte_crypto_op *cop,
+		struct openssl_asym_session *sess)
+{
+	RTE_SET_USED(cop);
+	RTE_SET_USED(sess);
+	return -ENOTSUP;
+}
 #endif
 
 static int
@@ -2809,6 +3047,13 @@ process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 				process_openssl_dsa_verify_op(op, sess);
 		else
 			op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+#endif
+		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		retval = process_openssl_sm2_op_evp(op, sess);
+#else
+		retval = process_openssl_sm2_op(op, sess);
 #endif
 		break;
 	default:
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 29ad1b9505..7a1e1e8e8c 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -1282,6 +1282,102 @@ static int openssl_set_asym_session_parameters(
 		BN_free(pub_key);
 		return -1;
 	}
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+	{
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		OSSL_PARAM_BLD *param_bld = NULL;
+		OSSL_PARAM *params = NULL;
+		BIGNUM *pkey = NULL;
+		uint8_t pubkey[64];
+		size_t len = 0;
+		int ret = -1;
+
+		pkey = BN_bin2bn((const unsigned char *)xform->sm2.pkey.data,
+				 xform->sm2.pkey.length, pkey);
+
+		memset(pubkey, 0, RTE_DIM(pubkey));
+		pubkey[0] = 0x04;
+		len += 1;
+		memcpy(&pubkey[len], xform->sm2.q.x.data, xform->sm2.q.x.length);
+		len += xform->sm2.q.x.length;
+		memcpy(&pubkey[len], xform->sm2.q.y.data, xform->sm2.q.y.length);
+		len += xform->sm2.q.y.length;
+
+		param_bld = OSSL_PARAM_BLD_new();
+		if (!param_bld) {
+			OPENSSL_LOG(ERR, "failed to allocate params\n");
+			goto err_sm2;
+		}
+
+		ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
+				OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, pkey);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		ret = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_PKEY_PARAM_PUB_KEY,
+									 pubkey, len);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		params = OSSL_PARAM_BLD_to_param(param_bld);
+		if (!params) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		asym_session->u.sm2.key_params = params;
+		OSSL_PARAM_BLD_free(param_bld);
+
+		param_bld = OSSL_PARAM_BLD_new();
+		if (!param_bld) {
+			OPENSSL_LOG(ERR, "failed to allocate params\n");
+			goto err_sm2;
+		}
+
+		ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
+				OSSL_ASYM_CIPHER_PARAM_DIGEST, "SM3", 0);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		params = OSSL_PARAM_BLD_to_param(param_bld);
+		if (!params) {
+			OPENSSL_LOG(ERR, "failed to h params\n");
+			goto err_sm2;
+		}
+
+		asym_session->u.sm2.enc_params = params;
+		OSSL_PARAM_BLD_free(param_bld);
+
+		asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_SM2;
+		break;
+err_sm2:
+		if (pkey)
+			BN_free(pkey);
+
+		if (param_bld)
+			OSSL_PARAM_BLD_free(param_bld);
+
+		if (asym_session->u.sm2.key_params)
+			OSSL_PARAM_free(asym_session->u.sm2.key_params);
+
+		if (asym_session->u.sm2.enc_params)
+			OSSL_PARAM_free(asym_session->u.sm2.enc_params);
+
+		return -1;
+#endif
+	}
 	default:
 		return ret;
 	}
@@ -1366,6 +1462,11 @@ static void openssl_reset_asym_session(struct openssl_asym_session *sess)
 			DSA_free(sess->u.s.dsa);
 #endif
 		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		OSSL_PARAM_free(sess->u.sm2.key_params);
+		OSSL_PARAM_free(sess->u.sm2.enc_params);
+#endif
 	default:
 		break;
 	}
-- 
2.25.1

RE: [v1, 3/3] crypto/openssl: add SM2 asymmetric crypto support

[Gowrishankar Muthukrishnan]

++ Kai Ji <kai.ji@intel.com>

Thanks,
Gowrishankar

RE: [v1, 1/3] cryptodev: add SM2 asymmetric crypto algorithm

[Akhil Goyal]

> Subject: [v1, 1/3] cryptodev: add SM2 asymmetric crypto algorithm
> 
> ShangMi 2 (SM2) is a encryption and digital signatture algorithm
> used in the Chinese National Standard.

ShangMi 2 (SM2) is an encryption and digital signature algorithm
used in the Chinese National Standard.
Added support for asymmetric SM2 in cryptodev along with prime field curve.

Can you also add link for RFC in patch description here as it is mentioned in the
comments of the structure.

> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  doc/guides/cryptodevs/features/default.ini |  1 +
>  doc/guides/rel_notes/release_23_07.rst     |  3 +
>  lib/cryptodev/rte_crypto_asym.h            | 76 ++++++++++++++++++++++
>  lib/cryptodev/rte_cryptodev.c              |  1 +
>  4 files changed, 81 insertions(+)
> 
> diff --git a/doc/guides/cryptodevs/features/default.ini
> b/doc/guides/cryptodevs/features/default.ini
> index 523da0cfa8..a69967bb9e 100644
> --- a/doc/guides/cryptodevs/features/default.ini
> +++ b/doc/guides/cryptodevs/features/default.ini
> @@ -125,6 +125,7 @@ Diffie-hellman          =
>  ECDSA                   =
>  ECPM                    =
>  ECDH                    =
> +SM2                     =
> 
>  ;
>  ; Supported Operating systems of a default crypto driver.
> diff --git a/doc/guides/rel_notes/release_23_07.rst
> b/doc/guides/rel_notes/release_23_07.rst
> index a9b1293689..b920840038 100644
> --- a/doc/guides/rel_notes/release_23_07.rst
> +++ b/doc/guides/rel_notes/release_23_07.rst
> @@ -55,6 +55,9 @@ New Features
>       Also, make sure to start the actual text at the margin.
>       =======================================================
> 
> +* **Added SM2 algorithm in cryptodev library.**
> +
> +  Added SM2 algorithm with prime field curve support.

* **Added SM2 asymmetric algorithm in cryptodev.**

Added support for ShamMi 2 (SM2) asymmetric crypto algorithm
along with prime field curve support.

> 
>  Removed Items
>  -------------
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 989f38323f..c91a8dee4d 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -119,6 +119,8 @@ enum rte_crypto_asym_xform_type {
>  	/**< Elliptic Curve Point Multiplication */
>  	RTE_CRYPTO_ASYM_XFORM_ECFPM,
>  	/**< Elliptic Curve Fixed Point Multiplication */
> +	RTE_CRYPTO_ASYM_XFORM_SM2,
> +	/**< ShangMi 2. Performs Encrypt, Decrypt, Sign and Verify. */

/**< ShangMi 2. 
  * Performs Encrypt, Decrypt, Sign and Verify.
  * Refer to rte_crypto_asym_op_type.
  */

>  	RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
>  	/**< End of list */
>  };
> @@ -382,6 +384,20 @@ struct rte_crypto_ec_xform {
>  	/**< Pre-defined ec groups */
>  };
> 
> +/**
> + * Asymmetric SM2 transform data
> + *
> + * Structure describing SM2 xform params
> + *
> + */
> +struct rte_crypto_sm2_xform {
> +	rte_crypto_uint pkey;
> +	/**< Private key of the signer for signature generation */
> +
> +	struct rte_crypto_ec_point q;
> +	/**< Public key of the signer for verification */

Please add dots at end of sentences.

> +};
> +
>  /**
>   * Operations params for modular operations:
>   * exponentiation and multiplicative inverse
> @@ -637,9 +653,68 @@ struct rte_crypto_asym_xform {
>  		/**< EC xform parameters, used by elliptic curve based
>  		 * operations.
>  		 */
> +
> +		struct rte_crypto_sm2_xform sm2;
> +		/**< SM2 xform parameters */
>  	};
>  };
> 
> +/**
> + * SM2 operation params
> + */
> +struct rte_crypto_sm2_op_param {
> +	enum rte_crypto_asym_op_type op_type;
> +	/**< Signature generation or verification */
> +
> +	rte_crypto_param message;
> +	/**<
> +	 * Pointer to input data
> +	 * - to be encrypted for SM2 public encrypt.
> +	 * - to be signed for SM2 sign generation.
> +	 * - to be authenticated for SM2 sign verification.
> +	 *
> +	 * Pointer to output data
> +	 * - for SM2 private decrypt.
> +	 * In this case the underlying array should have been
> +	 * allocated with enough memory to hold plaintext output
> +	 * (atleast encrypted text length). The message.length field
> +	 * will be overwritten by the PMD with the decrypted length.
> +	 */
> +
> +	rte_crypto_param cipher;
> +	/**<
> +	 * Pointer to input data
> +	 * - to be decrypted for SM2 private decrypt.
> +	 *
> +	 * Pointer to output data
> +	 * - for SM2 public encrypt.
> +	 * In this case the underlying array should have been allocated
> +	 * with enough memory to hold ciphertext output (atleast X bytes
> +	 * for prime field curve of N bytes and for message M bytes,
> +	 * where X = (C1 + C2 + C3) and computed based on SM2 RFC as
> +	 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> +	 * be overwritten by the PMD with the encrypted length.
> +	 */
> +
> +	rte_crypto_uint id;
> +	/**< The SM2 id used by signer and verifier and is in interval
> +	 * (1, n-1).
> +	 */

This can be a single line comment.

> +
> +	rte_crypto_uint r;
> +	/**< r component of elliptic curve signature
> +	 *     output : for signature generation (of atleast N bytes
> +	 *              where prime field length is N bytes)
> +	 *     input  : for signature verification
> +	 */
> +	rte_crypto_uint s;
> +	/**< s component of elliptic curve signature
> +	 *     output : for signature generation (of atleast N bytes
> +	 *              where prime field length is N bytes)
> +	 *     input  : for signature verification
> +	 */
> +};
> +
>  /**
>   * Asymmetric Cryptographic Operation.
>   *
> @@ -665,6 +740,7 @@ struct rte_crypto_asym_op {
>  		struct rte_crypto_dsa_op_param dsa;
>  		struct rte_crypto_ecdsa_op_param ecdsa;
>  		struct rte_crypto_ecpm_op_param ecpm;
> +		struct rte_crypto_sm2_op_param sm2;
>  	};
>  	uint16_t flags;
>  	/**<
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
> index a96114b2da..fd7b6b92b5 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -282,6 +282,7 @@ const char *rte_crypto_asym_xform_strings[] = {
>  	[RTE_CRYPTO_ASYM_XFORM_DSA]	= "dsa",
>  	[RTE_CRYPTO_ASYM_XFORM_ECDSA]	= "ecdsa",
>  	[RTE_CRYPTO_ASYM_XFORM_ECPM]	= "ecpm",
> +	[RTE_CRYPTO_ASYM_XFORM_SM2]	= "sm2",
>  };
> 
>  /**
> --
> 2.25.1

RE: [v1, 2/3] test/test_cryptodev_asym: add SM2 tests

[Akhil Goyal]

Hi Gowri,

> Subject: [v1, 2/3] test/test_cryptodev_asym: add SM2 tests
> 

Title should be
test/crypto: add asymmetric SM2 cases

> Add SM2 tests.

Added test cases and test vectors for asymmetric SM2 crypto verification.
Cases are added for sign/verify/encrypt/decrypt.

If you have the reference from where the vectors are taken it can also be mentioned.

> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  app/test/test_cryptodev_asym.c             | 506 +++++++++++++++++++++
>  app/test/test_cryptodev_sm2_test_vectors.h | 120 +++++
>  2 files changed, 626 insertions(+)
>  create mode 100644 app/test/test_cryptodev_sm2_test_vectors.h
> 
> diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
> index 9236817650..bfaeedee27 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -21,6 +21,7 @@
>  #include "test_cryptodev_ecpm_test_vectors.h"
>  #include "test_cryptodev_mod_test_vectors.h"
>  #include "test_cryptodev_rsa_test_vectors.h"
> +#include "test_cryptodev_sm2_test_vectors.h"
>  #include "test_cryptodev_asym_util.h"
>  #include "test.h"
> 
> @@ -2196,6 +2197,507 @@ test_ecpm_all_curve(void)
>  	return overall_status;
>  }
> 
> +static int
> +test_sm2_sign(void)
> +{
> +	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
> +	struct crypto_testsuite_sm2_params input_params =
> sm2_param_fp256;
> +	struct rte_mempool *sess_mpool = ts_params->session_mpool;
> +	struct rte_mempool *op_mpool = ts_params->op_mpool;
> +	uint8_t dev_id = ts_params->valid_devs[0];
> +	struct rte_crypto_op *result_op = NULL;
> +	uint8_t output_buf_r[TEST_DATA_SIZE];
> +	uint8_t output_buf_s[TEST_DATA_SIZE];
> +	struct rte_crypto_asym_xform xform;
> +	struct rte_crypto_asym_op *asym_op;
> +	struct rte_cryptodev_info dev_info;
> +	struct rte_crypto_op *op = NULL;
> +	int ret, status = TEST_SUCCESS;
> +	void *sess = NULL;
> +
> +	rte_cryptodev_info_get(dev_id, &dev_info);

dev_info is being unused. Not checking for capabilities?
> +
> +	/* Setup crypto op data structure */
> +	op = rte_crypto_op_alloc(op_mpool,
> RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> +	if (op == NULL) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Failed to allocate asymmetric crypto "
> +				"operation struct\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +	asym_op = op->asym;
> +
> +	/* Setup asym xform */
> +	xform.next = NULL;
> +	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
> +	xform.sm2.pkey.data = input_params.pkey.data;
> +	xform.sm2.pkey.length = input_params.pkey.length;
> +	xform.sm2.q.x.data = input_params.pubkey_qx.data;
> +	xform.sm2.q.x.length = input_params.pubkey_qx.length;
> +	xform.sm2.q.y.data = input_params.pubkey_qy.data;
> +	xform.sm2.q.y.length = input_params.pubkey_qy.length;
> +
> +	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
> &sess);
> +	if (ret < 0) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Session creation failed\n");
> +		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	/* Attach asymmetric crypto session to crypto operations */
> +	rte_crypto_op_attach_asym_session(op, sess);
> +
> +	/* Compute sign */
> +
> +	/* Populate op with operational details */
> +	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
> +	op->asym->sm2.message.data = input_params.message.data;
> +	op->asym->sm2.message.length = input_params.message.length;
> +	op->asym->sm2.id.data = input_params.id.data;
> +	op->asym->sm2.id.length = input_params.id.length;
> +
> +	/* Init out buf */
> +	op->asym->sm2.r.data = output_buf_r;
> +	op->asym->sm2.s.data = output_buf_s;
> +
> +	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
> +
> +	/* Process crypto operation */
> +	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Error sending packet for operation\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
> +		rte_pause();

Shouldn't this be a finite loop and mark test as failed after some retries?

> +
> +	if (result_op == NULL) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Failed to process asym crypto op\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Failed to process asym crypto op\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	asym_op = result_op->asym;
> +
> +	debug_hexdump(stdout, "r:",
> +			asym_op->sm2.r.data, asym_op->sm2.r.length);
> +	debug_hexdump(stdout, "s:",
> +			asym_op->sm2.s.data, asym_op->sm2.s.length);
> +
> +	/* Verify sign (in roundtrip) */
> +
> +	/* Populate op with operational details */
> +	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
> +
> +	/* Enqueue sign result for verify */
> +	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> +		status = TEST_FAILED;
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Error sending packet for operation\n");
> +		goto exit;
> +	}
> +
> +	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
> +		rte_pause();
> +
> +	if (result_op == NULL) {
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
> +		status = TEST_FAILED;
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"SM2 verify failed.\n");
> +		goto exit;
> +	}
> +
> +exit:
> +	if (sess != NULL)
> +		rte_cryptodev_asym_session_free(dev_id, sess);
> +	rte_crypto_op_free(op);
> +	return status;
> +};
> +
> +static int
> +test_sm2_verify(void)
> +{
> +	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
> +	struct crypto_testsuite_sm2_params input_params =
> sm2_param_fp256;
> +	struct rte_mempool *sess_mpool = ts_params->session_mpool;
> +	struct rte_mempool *op_mpool = ts_params->op_mpool;
> +	uint8_t dev_id = ts_params->valid_devs[0];
> +	struct rte_crypto_op *result_op = NULL;
> +	struct rte_crypto_asym_xform xform;
> +	struct rte_cryptodev_info dev_info;
> +	struct rte_crypto_op *op = NULL;
> +	int ret, status = TEST_SUCCESS;
> +	void *sess = NULL;
> +
> +	rte_cryptodev_info_get(dev_id, &dev_info);
> +
> +	/* Setup crypto op data structure */
> +	op = rte_crypto_op_alloc(op_mpool,
> RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> +	if (op == NULL) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Failed to allocate asymmetric crypto "
> +				"operation struct\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	/* Setup asym xform */
> +	xform.next = NULL;
> +	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
> +	xform.sm2.q.x.data = input_params.pubkey_qx.data;
> +	xform.sm2.q.x.length = input_params.pubkey_qx.length;
> +	xform.sm2.q.y.data = input_params.pubkey_qy.data;
> +	xform.sm2.q.y.length = input_params.pubkey_qy.length;
> +
> +	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
> &sess);
> +	if (ret < 0) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Session creation failed\n");
> +		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	/* Attach asymmetric crypto session to crypto operations */
> +	rte_crypto_op_attach_asym_session(op, sess);
> +
> +	/* Verify given sign */
> +
> +	/* Populate op with operational details */
> +	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
> +	op->asym->sm2.message.data = input_params.message.data;
> +	op->asym->sm2.message.length = input_params.message.length;
> +	op->asym->sm2.r.data = input_params.sign_r.data;
> +	op->asym->sm2.r.length = input_params.sign_r.length;
> +	op->asym->sm2.s.data = input_params.sign_s.data;
> +	op->asym->sm2.s.length = input_params.sign_s.length;
> +	op->asym->sm2.id.data = input_params.id.data;
> +	op->asym->sm2.id.length = input_params.id.length;
> +
> +	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
> +
> +	/* Process crypto operation */
> +	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Error sending packet for operation\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
> +		rte_pause();
> +
> +	if (result_op == NULL) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Failed to process asym crypto op\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Failed to process asym crypto op\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +
> +exit:
> +	if (sess != NULL)
> +		rte_cryptodev_asym_session_free(dev_id, sess);
> +	rte_crypto_op_free(op);
> +	return status;
> +};
> +
> +static int
> +test_sm2_encrypt(void)
> +{
> +	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
> +	struct crypto_testsuite_sm2_params input_params =
> sm2_param_fp256;
> +	struct rte_mempool *sess_mpool = ts_params->session_mpool;
> +	struct rte_mempool *op_mpool = ts_params->op_mpool;
> +	uint8_t output_buf[TEST_DATA_SIZE], *pbuf = NULL;
> +	uint8_t dev_id = ts_params->valid_devs[0];
> +	struct rte_crypto_op *result_op = NULL;
> +	struct rte_crypto_asym_xform xform;
> +	struct rte_crypto_asym_op *asym_op;
> +	struct rte_cryptodev_info dev_info;
> +	struct rte_crypto_op *op = NULL;
> +	int ret, status = TEST_SUCCESS;
> +	void *sess = NULL;
> +
> +	rte_cryptodev_info_get(dev_id, &dev_info);
> +
> +	/* Setup crypto op data structure */
> +	op = rte_crypto_op_alloc(op_mpool,
> RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> +	if (op == NULL) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Failed to allocate asymmetric crypto "
> +				"operation struct\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +	asym_op = op->asym;
> +
> +	/* Setup asym xform */
> +	xform.next = NULL;
> +	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
> +	xform.sm2.pkey.data = input_params.pkey.data;
> +	xform.sm2.pkey.length = input_params.pkey.length;
> +	xform.sm2.q.x.data = input_params.pubkey_qx.data;
> +	xform.sm2.q.x.length = input_params.pubkey_qx.length;
> +	xform.sm2.q.y.data = input_params.pubkey_qy.data;
> +	xform.sm2.q.y.length = input_params.pubkey_qy.length;
> +
> +	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
> &sess);
> +	if (ret < 0) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Session creation failed\n");
> +		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	/* Attach asymmetric crypto session to crypto operations */
> +	rte_crypto_op_attach_asym_session(op, sess);
> +
> +	/* Compute encrypt */
> +
> +	/* Populate op with operational details */
> +	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
> +	op->asym->sm2.message.data = input_params.message.data;
> +	op->asym->sm2.message.length = input_params.message.length;
> +
> +	/* Init out buf */
> +	op->asym->sm2.cipher.data = output_buf;
> +
> +	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
> +
> +	/* Process crypto operation */
> +	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Error sending packet for operation\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
> +		rte_pause();
> +
> +	if (result_op == NULL) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Failed to process asym crypto op\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Failed to process asym crypto op\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}

Shouldn't we do content comparison of the cipher text with vectors here as well?
Content is matched only after round trip which will not catch the hardware bug during encryption.

> +
> +	asym_op = result_op->asym;
> +
> +	debug_hexdump(stdout, "cipher:",
> +			asym_op->sm2.cipher.data, asym_op-
> >sm2.cipher.length);
> +
> +	/* Verify cipher (in roundtrip) */
> +
> +	/* Populate op with operational details */
> +	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
> +	pbuf = rte_malloc(NULL, TEST_DATA_SIZE, 0);
> +	op->asym->sm2.message.data = pbuf;
> +	op->asym->sm2.message.length = TEST_DATA_SIZE;
> +
> +	/* Enqueue cipher result for decrypt */
> +	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> +		status = TEST_FAILED;
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Error sending packet for operation\n");
> +		goto exit;
> +	}
> +
> +	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
> +		rte_pause();
> +
> +	if (result_op == NULL) {
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
> +		status = TEST_FAILED;
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"SM2 encrypt failed.\n");
> +		goto exit;
> +	}
> +
> +	asym_op = result_op->asym;
> +	if (memcmp(input_params.message.data, asym_op-
> >sm2.message.data,
> +			   asym_op->sm2.message.length) != 0) {
> +		status = TEST_FAILED;
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"SM2 encrypt failed.\n");
> +		goto exit;
> +	}
> +exit:
> +	if (pbuf != NULL)
> +		rte_free(pbuf);
> +
> +	if (sess != NULL)
> +		rte_cryptodev_asym_session_free(dev_id, sess);
> +	rte_crypto_op_free(op);
> +	return status;
> +};
> +
> +static int
> +test_sm2_decrypt(void)
> +{
> +	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
> +	struct crypto_testsuite_sm2_params input_params =
> sm2_param_fp256;
> +	struct rte_mempool *sess_mpool = ts_params->session_mpool;
> +	struct rte_mempool *op_mpool = ts_params->op_mpool;
> +	uint8_t dev_id = ts_params->valid_devs[0];
> +	struct rte_crypto_op *result_op = NULL;
> +	uint8_t output_buf_m[TEST_DATA_SIZE];
> +	struct rte_crypto_asym_xform xform;
> +	struct rte_crypto_asym_op *asym_op;
> +	struct rte_cryptodev_info dev_info;
> +	struct rte_crypto_op *op = NULL;
> +	int ret, status = TEST_SUCCESS;
> +	void *sess = NULL;
> +
> +	rte_cryptodev_info_get(dev_id, &dev_info);
> +
> +	/* Setup crypto op data structure */
> +	op = rte_crypto_op_alloc(op_mpool,
> RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> +	if (op == NULL) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Failed to allocate asymmetric crypto "
> +				"operation struct\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +	asym_op = op->asym;
> +
> +	/* Setup asym xform */
> +	xform.next = NULL;
> +	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
> +	xform.sm2.pkey.data = input_params.pkey.data;
> +	xform.sm2.pkey.length = input_params.pkey.length;
> +	xform.sm2.q.x.data = input_params.pubkey_qx.data;
> +	xform.sm2.q.x.length = input_params.pubkey_qx.length;
> +	xform.sm2.q.y.data = input_params.pubkey_qy.data;
> +	xform.sm2.q.y.length = input_params.pubkey_qy.length;
> +
> +	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
> &sess);
> +	if (ret < 0) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Session creation failed\n");
> +		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	/* Attach asymmetric crypto session to crypto operations */
> +	rte_crypto_op_attach_asym_session(op, sess);
> +
> +	/* Compute decrypt */
> +
> +	/* Populate op with operational details */
> +	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
> +	op->asym->sm2.cipher.data = input_params.cipher.data;
> +	op->asym->sm2.cipher.length = input_params.cipher.length;
> +
> +	/* Init out buf */
> +	op->asym->sm2.message.data = output_buf_m;
> +	op->asym->sm2.message.length = RTE_DIM(output_buf_m);
> +
> +	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
> +
> +	/* Process crypto operation */
> +	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Error sending packet for operation\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
> +		rte_pause();
> +
> +	if (result_op == NULL) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Failed to process asym crypto op\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"Failed to process asym crypto op\n");
> +		status = TEST_FAILED;
> +		goto exit;
> +	}
> +
> +	asym_op = result_op->asym;
> +
> +	debug_hexdump(stdout, "message:",
> +			asym_op->sm2.message.data, asym_op-
> >sm2.message.length);
> +
> +	if (memcmp(input_params.message.data, asym_op-
> >sm2.message.data,
> +			op->asym->sm2.message.length)) {
> +		status = TEST_FAILED;
> +		RTE_LOG(ERR, USER1,
> +				"line %u FAILED: %s", __LINE__,
> +				"SM2 decrypt failed.\n");
> +		goto exit;
> +	}
> +exit:
> +	if (sess != NULL)
> +		rte_cryptodev_asym_session_free(dev_id, sess);
> +	rte_crypto_op_free(op);
> +	return status;
> +};
> +
>  static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
>  	.suite_name = "Crypto Device OPENSSL ASYM Unit Test Suite",
>  	.setup = testsuite_setup,
> @@ -2205,6 +2707,10 @@ static struct unit_test_suite
> cryptodev_openssl_asym_testsuite  = {
>  		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
>  		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
>  				test_dh_keygenration),
> +		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> test_sm2_encrypt),
> +		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> test_sm2_sign),
> +		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> test_sm2_verify),
> +		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> test_sm2_decrypt),
>  		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> test_rsa_enc_dec),
>  		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
>  				test_rsa_sign_verify),
> diff --git a/app/test/test_cryptodev_sm2_test_vectors.h
> b/app/test/test_cryptodev_sm2_test_vectors.h
> new file mode 100644
> index 0000000000..d70d3ccaa0
> --- /dev/null
> +++ b/app/test/test_cryptodev_sm2_test_vectors.h
> @@ -0,0 +1,120 @@
> +/* SPDX-License-Identifier: BSD-3-Clause
> + * Copyright(C) 2023 Marvell.
> + */
> +
> +#ifndef __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__
> +#define __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__
> +
> +#include "rte_crypto_asym.h"
> +
> +struct crypto_testsuite_sm2_params {
> +	rte_crypto_param pubkey_qx;
> +	rte_crypto_param pubkey_qy;
> +	rte_crypto_param pkey;
> +	rte_crypto_param sign_r;
> +	rte_crypto_param sign_s;
> +	rte_crypto_param id;
> +	rte_crypto_param cipher;
> +	rte_crypto_param message;
> +};
> +
> +static uint8_t fp256_pkey[] = {
> +	0x77, 0x84, 0x35, 0x65, 0x4c, 0x7a, 0x6d, 0xb1,
> +	0x1e, 0x63, 0x0b, 0x41, 0x97, 0x36, 0x04, 0xf4,
> +	0xec, 0x35, 0xee, 0x3b, 0x76, 0xc2, 0x34, 0x08,
> +	0xd9, 0x4a, 0x22, 0x0d, 0x7f, 0xf6, 0xc6, 0x90
> +};
> +
> +static uint8_t fp256_qx[] = {
> +	0x7b, 0x24, 0xa3, 0x03, 0xcf, 0xb2, 0x22, 0xfa,
> +	0x4c, 0xb3, 0x88, 0x54, 0xf9, 0x30, 0xd1, 0x4d,
> +	0xe3, 0x50, 0xda, 0xba, 0xe6, 0xa7, 0x0b, 0x91,
> +	0x4c, 0x04, 0x0d, 0x5c, 0xe0, 0x8e, 0x86, 0xc5
> +};
> +
> +static uint8_t fp256_qy[] = {
> +	0xbc, 0x39, 0xe3, 0x19, 0x4e, 0xd2, 0x29, 0x22,
> +	0x5b, 0x37, 0x2d, 0xeb, 0xcc, 0x05, 0x52, 0x8d,
> +	0xb9, 0x40, 0xa3, 0xab, 0x3c, 0xbe, 0x16, 0x30,
> +	0x1c, 0xe4, 0xe8, 0x7f, 0xba, 0x6e, 0x0b, 0xae
> +};
> +
> +static uint8_t fp256_sign_r[] = {
> +	0xf3, 0x26, 0x10, 0xde, 0xfb, 0xbf, 0x13, 0xd4,
> +	0x73, 0xb1, 0xc2, 0x80, 0x51, 0x06, 0x29, 0xf9,
> +	0xfb, 0xc8, 0x11, 0xa7, 0x8d, 0x2c, 0xcb, 0x09,
> +	0x7c, 0xb2, 0xcf, 0x58, 0x0b, 0x5e, 0x25, 0xff
> +};
> +
> +static uint8_t fp256_sign_s[] = {
> +	0x8d, 0x8d, 0xb5, 0x40, 0xe3, 0xfb, 0x98, 0xf9,
> +	0x8c, 0xe4, 0x58, 0x60, 0xf2, 0x78, 0x8f, 0xd9,
> +	0xbf, 0xb8, 0x47, 0x73, 0x88, 0xc1, 0xd1, 0xcd,
> +	0x2d, 0xdb, 0xe3, 0xc1, 0x44, 0x30, 0x25, 0x86
> +};
> +
> +static uint8_t fp256_id[] = {
> +	0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8
> +};
> +
> +static uint8_t fp256_message[] = {
> +	0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20,
> +	0x64, 0x69, 0x67, 0x65, 0x73, 0x74
> +};
> +
> +static uint8_t fp256_cipher[] = {
> +	0x30, 0x78, 0x02, 0x21, 0x00, 0xAB, 0xBD, 0xE8,
> +	0xE8, 0x80, 0x93, 0x36, 0x77, 0xB6, 0x44, 0x47,
> +	0x6D, 0x00, 0xF6, 0x51, 0xC8, 0x80, 0x9C, 0x9E,
> +	0xD9, 0xEC, 0x36, 0x8A, 0x60, 0x8E, 0x26, 0x2D,
> +	0x71, 0x31, 0xB7, 0xC1, 0x38, 0x02, 0x21, 0x00,
> +	0xE1, 0xBF, 0x4C, 0x13, 0x7A, 0x87, 0x40, 0x32,
> +	0xF5, 0xA1, 0xE2, 0xA1, 0x3B, 0x83, 0xBF, 0x6B,
> +	0x3F, 0xFB, 0xC8, 0x13, 0x01, 0xDE, 0xCF, 0xC0,
> +	0xF4, 0x24, 0x66, 0x52, 0x89, 0xDA, 0x6D, 0x7A,
> +	0x04, 0x20, 0x8E, 0xFD, 0x52, 0x77, 0xC9, 0xE7,
> +	0x90, 0xD1, 0x17, 0x75, 0xDE, 0xEE, 0xF3, 0xE5,
> +	0x11, 0x0C, 0x5D, 0xE1, 0x3A, 0xB6, 0x2B, 0x72,
> +	0x60, 0xE5, 0xD5, 0xF3, 0x0F, 0xE2, 0x44, 0xDB,
> +	0xBC, 0x66, 0x04, 0x0E, 0x78, 0x2D, 0xC0, 0x3D,
> +	0x38, 0xA2, 0x42, 0xA4, 0x8E, 0x8B, 0xF5, 0x06,
> +	0x32, 0xFA
> +};
> +
> +/** SM2 Fp256 elliptic curve test params */
> +struct crypto_testsuite_sm2_params sm2_param_fp256 = {
> +	.pubkey_qx = {
> +		.data = fp256_qx,
> +		.length = sizeof(fp256_qx),
> +	},
> +	.pubkey_qy = {
> +		.data = fp256_qy,
> +		.length = sizeof(fp256_qy),
> +	},
> +	.sign_r = {
> +		.data = fp256_sign_r,
> +		.length = sizeof(fp256_sign_r),
> +	},
> +	.sign_s = {
> +		.data = fp256_sign_s,
> +		.length = sizeof(fp256_sign_s),
> +	},
> +	.id = {
> +		.data = fp256_id,
> +		.length = sizeof(fp256_id),
> +	},
> +	.pkey = {
> +		.data = fp256_pkey,
> +		.length = sizeof(fp256_pkey),
> +	},
> +	.message = {
> +		.data = fp256_message,
> +		.length = sizeof(fp256_message),
> +	},
> +	.cipher = {
> +		.data = fp256_cipher,
> +		.length = sizeof(fp256_cipher),
> +	}
> +};
> +
> +#endif /* __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__ */
> --
> 2.25.1

RE: [v1, 3/3] crypto/openssl: add SM2 asymmetric crypto support

[Akhil Goyal]

Hi Kai,

Can you review this?

> Subject: [v1, 3/3] crypto/openssl: add SM2 asymmetric crypto support
> 
> Add SM2 asymmetric algorithm support in openssl PMD.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>

RE: [v1, 2/3] test/test_cryptodev_asym: add SM2 tests

[Gowrishankar Muthukrishnan]

Hi Akhil,
> 
> If you have the reference from where the vectors are taken it can also be
> mentioned.
> 
I generated these test vectors in online. There are no reference test vectors quoted
In RFC except for recommended curve parameters, at the end.
https://datatracker.ietf.org/doc/html/draft-shen-sm2-ecdsa-02

> >
> > Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> > ---
> >  app/test/test_cryptodev_asym.c             | 506 +++++++++++++++++++++
> >  app/test/test_cryptodev_sm2_test_vectors.h | 120 +++++
> >  2 files changed, 626 insertions(+)
> >  create mode 100644 app/test/test_cryptodev_sm2_test_vectors.h
> >
> > diff --git a/app/test/test_cryptodev_asym.c
> > b/app/test/test_cryptodev_asym.c index 9236817650..bfaeedee27 100644
> > --- a/app/test/test_cryptodev_asym.c
> > +++ b/app/test/test_cryptodev_asym.c
> > @@ -21,6 +21,7 @@
> >  #include "test_cryptodev_ecpm_test_vectors.h"
> >  #include "test_cryptodev_mod_test_vectors.h"
> >  #include "test_cryptodev_rsa_test_vectors.h"
> > +#include "test_cryptodev_sm2_test_vectors.h"
> >  #include "test_cryptodev_asym_util.h"
> >  #include "test.h"
> >
> > @@ -2196,6 +2197,507 @@ test_ecpm_all_curve(void)
> >  	return overall_status;
> >  }
> >
> > +static int
> > +test_sm2_sign(void)
> > +{
> > +	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
> > +	struct crypto_testsuite_sm2_params input_params =
> > sm2_param_fp256;
> > +	struct rte_mempool *sess_mpool = ts_params->session_mpool;
> > +	struct rte_mempool *op_mpool = ts_params->op_mpool;
> > +	uint8_t dev_id = ts_params->valid_devs[0];
> > +	struct rte_crypto_op *result_op = NULL;
> > +	uint8_t output_buf_r[TEST_DATA_SIZE];
> > +	uint8_t output_buf_s[TEST_DATA_SIZE];
> > +	struct rte_crypto_asym_xform xform;
> > +	struct rte_crypto_asym_op *asym_op;
> > +	struct rte_cryptodev_info dev_info;
> > +	struct rte_crypto_op *op = NULL;
> > +	int ret, status = TEST_SUCCESS;
> > +	void *sess = NULL;
> > +
> > +	rte_cryptodev_info_get(dev_id, &dev_info);
> 
> dev_info is being unused. Not checking for capabilities?

It is the same case in other algorithms as well. Shall I collectively address this ?
> > +
> > +	/* Setup crypto op data structure */
> > +	op = rte_crypto_op_alloc(op_mpool,
> > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > +	if (op == NULL) {
> > +		RTE_LOG(ERR, USER1,
> > +				"line %u FAILED: %s", __LINE__,
> > +				"Failed to allocate asymmetric crypto "
> > +				"operation struct\n");
> > +		status = TEST_FAILED;
> > +		goto exit;
> > +	}
> > +	asym_op = op->asym;
> > +
> > +	/* Setup asym xform */
> > +	xform.next = NULL;
> > +	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
> > +	xform.sm2.pkey.data = input_params.pkey.data;
> > +	xform.sm2.pkey.length = input_params.pkey.length;
> > +	xform.sm2.q.x.data = input_params.pubkey_qx.data;
> > +	xform.sm2.q.x.length = input_params.pubkey_qx.length;
> > +	xform.sm2.q.y.data = input_params.pubkey_qy.data;
> > +	xform.sm2.q.y.length = input_params.pubkey_qy.length;
> > +
> > +	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
> > &sess);
> > +	if (ret < 0) {
> > +		RTE_LOG(ERR, USER1,
> > +				"line %u FAILED: %s", __LINE__,
> > +				"Session creation failed\n");
> > +		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
> > +		goto exit;
> > +	}
> > +
> > +	/* Attach asymmetric crypto session to crypto operations */
> > +	rte_crypto_op_attach_asym_session(op, sess);
> > +
> > +	/* Compute sign */
> > +
> > +	/* Populate op with operational details */
> > +	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
> > +	op->asym->sm2.message.data = input_params.message.data;
> > +	op->asym->sm2.message.length = input_params.message.length;
> > +	op->asym->sm2.id.data = input_params.id.data;
> > +	op->asym->sm2.id.length = input_params.id.length;
> > +
> > +	/* Init out buf */
> > +	op->asym->sm2.r.data = output_buf_r;
> > +	op->asym->sm2.s.data = output_buf_s;
> > +
> > +	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
> > +
> > +	/* Process crypto operation */
> > +	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> > +		RTE_LOG(ERR, USER1,
> > +				"line %u FAILED: %s", __LINE__,
> > +				"Error sending packet for operation\n");
> > +		status = TEST_FAILED;
> > +		goto exit;
> > +	}
> > +
> > +	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
> > +		rte_pause();
> 
> Shouldn't this be a finite loop and mark test as failed after some retries?

It is the same case in other algorithms as well. Shall I collectively address this ?
> 
> > +
> > +	if (result_op == NULL) {
> > +		RTE_LOG(ERR, USER1,
> > +				"line %u FAILED: %s", __LINE__,
> > +				"Failed to process asym crypto op\n");
> > +		status = TEST_FAILED;
> > +		goto exit;
> > +	}
> > +
...
<cut>
...
> > +static int
> > +test_sm2_encrypt(void)
> > +{
> > +	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
> > +	struct crypto_testsuite_sm2_params input_params =
> > sm2_param_fp256;
> > +	struct rte_mempool *sess_mpool = ts_params->session_mpool;
> > +	struct rte_mempool *op_mpool = ts_params->op_mpool;
> > +	uint8_t output_buf[TEST_DATA_SIZE], *pbuf = NULL;
> > +	uint8_t dev_id = ts_params->valid_devs[0];
> > +	struct rte_crypto_op *result_op = NULL;
> > +	struct rte_crypto_asym_xform xform;
> > +	struct rte_crypto_asym_op *asym_op;
> > +	struct rte_cryptodev_info dev_info;
> > +	struct rte_crypto_op *op = NULL;
> > +	int ret, status = TEST_SUCCESS;
> > +	void *sess = NULL;
> > +
> > +	rte_cryptodev_info_get(dev_id, &dev_info);
> > +
> > +	/* Setup crypto op data structure */
> > +	op = rte_crypto_op_alloc(op_mpool,
> > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > +	if (op == NULL) {
> > +		RTE_LOG(ERR, USER1,
> > +				"line %u FAILED: %s", __LINE__,
> > +				"Failed to allocate asymmetric crypto "
> > +				"operation struct\n");
> > +		status = TEST_FAILED;
> > +		goto exit;
> > +	}
> > +	asym_op = op->asym;
> > +
> > +	/* Setup asym xform */
> > +	xform.next = NULL;
> > +	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
> > +	xform.sm2.pkey.data = input_params.pkey.data;
> > +	xform.sm2.pkey.length = input_params.pkey.length;
> > +	xform.sm2.q.x.data = input_params.pubkey_qx.data;
> > +	xform.sm2.q.x.length = input_params.pubkey_qx.length;
> > +	xform.sm2.q.y.data = input_params.pubkey_qy.data;
> > +	xform.sm2.q.y.length = input_params.pubkey_qy.length;
> > +
> > +	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
> > &sess);
> > +	if (ret < 0) {
> > +		RTE_LOG(ERR, USER1,
> > +				"line %u FAILED: %s", __LINE__,
> > +				"Session creation failed\n");
> > +		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
> > +		goto exit;
> > +	}
> > +
> > +	/* Attach asymmetric crypto session to crypto operations */
> > +	rte_crypto_op_attach_asym_session(op, sess);
> > +
> > +	/* Compute encrypt */
> > +
> > +	/* Populate op with operational details */
> > +	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
> > +	op->asym->sm2.message.data = input_params.message.data;
> > +	op->asym->sm2.message.length = input_params.message.length;
> > +
> > +	/* Init out buf */
> > +	op->asym->sm2.cipher.data = output_buf;
> > +
> > +	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
> > +
> > +	/* Process crypto operation */
> > +	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> > +		RTE_LOG(ERR, USER1,
> > +				"line %u FAILED: %s", __LINE__,
> > +				"Error sending packet for operation\n");
> > +		status = TEST_FAILED;
> > +		goto exit;
> > +	}
> > +
> > +	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
> > +		rte_pause();
> > +
> > +	if (result_op == NULL) {
> > +		RTE_LOG(ERR, USER1,
> > +				"line %u FAILED: %s", __LINE__,
> > +				"Failed to process asym crypto op\n");
> > +		status = TEST_FAILED;
> > +		goto exit;
> > +	}
> > +
> > +	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
> > +		RTE_LOG(ERR, USER1,
> > +				"line %u FAILED: %s", __LINE__,
> > +				"Failed to process asym crypto op\n");
> > +		status = TEST_FAILED;
> > +		goto exit;
> > +	}
> 
> Shouldn't we do content comparison of the cipher text with vectors here as
> well?
> Content is matched only after round trip which will not catch the hardware bug
> during encryption.

Due to random scalar value used (and known only to driver), we can't have expected
cipher string. I ll wait for review on current openssl driver implementation whether
to introduce this scalar value in crypto op param like in EC. Based on this, we could 
address this suggestion.

Thanks.
> 

RE: [v1, 2/3] test/test_cryptodev_asym: add SM2 tests

[Akhil Goyal]

> Hi Akhil,
> >
> > If you have the reference from where the vectors are taken it can also be
> > mentioned.
> >
> I generated these test vectors in online. There are no reference test vectors
> quoted
> In RFC except for recommended curve parameters, at the end.
> https://datatracker.ietf.org/doc/html/draft-shen-sm2-ecdsa-02
>
ok
 
> > >
> > > Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> > > ---
> > >  app/test/test_cryptodev_asym.c             | 506 +++++++++++++++++++++
> > >  app/test/test_cryptodev_sm2_test_vectors.h | 120 +++++
> > >  2 files changed, 626 insertions(+)
> > >  create mode 100644 app/test/test_cryptodev_sm2_test_vectors.h
> > >
> > > diff --git a/app/test/test_cryptodev_asym.c
> > > b/app/test/test_cryptodev_asym.c index 9236817650..bfaeedee27 100644
> > > --- a/app/test/test_cryptodev_asym.c
> > > +++ b/app/test/test_cryptodev_asym.c
> > > @@ -21,6 +21,7 @@
> > >  #include "test_cryptodev_ecpm_test_vectors.h"
> > >  #include "test_cryptodev_mod_test_vectors.h"
> > >  #include "test_cryptodev_rsa_test_vectors.h"
> > > +#include "test_cryptodev_sm2_test_vectors.h"
> > >  #include "test_cryptodev_asym_util.h"
> > >  #include "test.h"
> > >
> > > @@ -2196,6 +2197,507 @@ test_ecpm_all_curve(void)
> > >  	return overall_status;
> > >  }
> > >
> > > +static int
> > > +test_sm2_sign(void)
> > > +{
> > > +	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
> > > +	struct crypto_testsuite_sm2_params input_params =
> > > sm2_param_fp256;
> > > +	struct rte_mempool *sess_mpool = ts_params->session_mpool;
> > > +	struct rte_mempool *op_mpool = ts_params->op_mpool;
> > > +	uint8_t dev_id = ts_params->valid_devs[0];
> > > +	struct rte_crypto_op *result_op = NULL;
> > > +	uint8_t output_buf_r[TEST_DATA_SIZE];
> > > +	uint8_t output_buf_s[TEST_DATA_SIZE];
> > > +	struct rte_crypto_asym_xform xform;
> > > +	struct rte_crypto_asym_op *asym_op;
> > > +	struct rte_cryptodev_info dev_info;
> > > +	struct rte_crypto_op *op = NULL;
> > > +	int ret, status = TEST_SUCCESS;
> > > +	void *sess = NULL;
> > > +
> > > +	rte_cryptodev_info_get(dev_id, &dev_info);
> >
> > dev_info is being unused. Not checking for capabilities?
> 
> It is the same case in other algorithms as well. Shall I collectively address this ?
You can remove this dev_info get from here and add capability check in a separate patch for all cases.


> > > +
> > > +	/* Setup crypto op data structure */
> > > +	op = rte_crypto_op_alloc(op_mpool,
> > > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > > +	if (op == NULL) {
> > > +		RTE_LOG(ERR, USER1,
> > > +				"line %u FAILED: %s", __LINE__,
> > > +				"Failed to allocate asymmetric crypto "
> > > +				"operation struct\n");
> > > +		status = TEST_FAILED;
> > > +		goto exit;
> > > +	}
> > > +	asym_op = op->asym;
> > > +
> > > +	/* Setup asym xform */
> > > +	xform.next = NULL;
> > > +	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
> > > +	xform.sm2.pkey.data = input_params.pkey.data;
> > > +	xform.sm2.pkey.length = input_params.pkey.length;
> > > +	xform.sm2.q.x.data = input_params.pubkey_qx.data;
> > > +	xform.sm2.q.x.length = input_params.pubkey_qx.length;
> > > +	xform.sm2.q.y.data = input_params.pubkey_qy.data;
> > > +	xform.sm2.q.y.length = input_params.pubkey_qy.length;
> > > +
> > > +	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
> > > &sess);
> > > +	if (ret < 0) {
> > > +		RTE_LOG(ERR, USER1,
> > > +				"line %u FAILED: %s", __LINE__,
> > > +				"Session creation failed\n");
> > > +		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
> > > +		goto exit;
> > > +	}
> > > +
> > > +	/* Attach asymmetric crypto session to crypto operations */
> > > +	rte_crypto_op_attach_asym_session(op, sess);
> > > +
> > > +	/* Compute sign */
> > > +
> > > +	/* Populate op with operational details */
> > > +	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
> > > +	op->asym->sm2.message.data = input_params.message.data;
> > > +	op->asym->sm2.message.length = input_params.message.length;
> > > +	op->asym->sm2.id.data = input_params.id.data;
> > > +	op->asym->sm2.id.length = input_params.id.length;
> > > +
> > > +	/* Init out buf */
> > > +	op->asym->sm2.r.data = output_buf_r;
> > > +	op->asym->sm2.s.data = output_buf_s;
> > > +
> > > +	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
> > > +
> > > +	/* Process crypto operation */
> > > +	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> > > +		RTE_LOG(ERR, USER1,
> > > +				"line %u FAILED: %s", __LINE__,
> > > +				"Error sending packet for operation\n");
> > > +		status = TEST_FAILED;
> > > +		goto exit;
> > > +	}
> > > +
> > > +	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
> > > +		rte_pause();
> >
> > Shouldn't this be a finite loop and mark test as failed after some retries?
> 
> It is the same case in other algorithms as well. Shall I collectively address this ?
Ok you can submit a separate patch for it.

> >
> > > +
> > > +	if (result_op == NULL) {
> > > +		RTE_LOG(ERR, USER1,
> > > +				"line %u FAILED: %s", __LINE__,
> > > +				"Failed to process asym crypto op\n");
> > > +		status = TEST_FAILED;
> > > +		goto exit;
> > > +	}
> > > +
> ...
> <cut>
> ...
> > > +static int
> > > +test_sm2_encrypt(void)
> > > +{
> > > +	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
> > > +	struct crypto_testsuite_sm2_params input_params =
> > > sm2_param_fp256;
> > > +	struct rte_mempool *sess_mpool = ts_params->session_mpool;
> > > +	struct rte_mempool *op_mpool = ts_params->op_mpool;
> > > +	uint8_t output_buf[TEST_DATA_SIZE], *pbuf = NULL;
> > > +	uint8_t dev_id = ts_params->valid_devs[0];
> > > +	struct rte_crypto_op *result_op = NULL;
> > > +	struct rte_crypto_asym_xform xform;
> > > +	struct rte_crypto_asym_op *asym_op;
> > > +	struct rte_cryptodev_info dev_info;
> > > +	struct rte_crypto_op *op = NULL;
> > > +	int ret, status = TEST_SUCCESS;
> > > +	void *sess = NULL;
> > > +
> > > +	rte_cryptodev_info_get(dev_id, &dev_info);
> > > +
> > > +	/* Setup crypto op data structure */
> > > +	op = rte_crypto_op_alloc(op_mpool,
> > > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > > +	if (op == NULL) {
> > > +		RTE_LOG(ERR, USER1,
> > > +				"line %u FAILED: %s", __LINE__,
> > > +				"Failed to allocate asymmetric crypto "
> > > +				"operation struct\n");
> > > +		status = TEST_FAILED;
> > > +		goto exit;
> > > +	}
> > > +	asym_op = op->asym;
> > > +
> > > +	/* Setup asym xform */
> > > +	xform.next = NULL;
> > > +	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
> > > +	xform.sm2.pkey.data = input_params.pkey.data;
> > > +	xform.sm2.pkey.length = input_params.pkey.length;
> > > +	xform.sm2.q.x.data = input_params.pubkey_qx.data;
> > > +	xform.sm2.q.x.length = input_params.pubkey_qx.length;
> > > +	xform.sm2.q.y.data = input_params.pubkey_qy.data;
> > > +	xform.sm2.q.y.length = input_params.pubkey_qy.length;
> > > +
> > > +	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
> > > &sess);
> > > +	if (ret < 0) {
> > > +		RTE_LOG(ERR, USER1,
> > > +				"line %u FAILED: %s", __LINE__,
> > > +				"Session creation failed\n");
> > > +		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
> > > +		goto exit;
> > > +	}
> > > +
> > > +	/* Attach asymmetric crypto session to crypto operations */
> > > +	rte_crypto_op_attach_asym_session(op, sess);
> > > +
> > > +	/* Compute encrypt */
> > > +
> > > +	/* Populate op with operational details */
> > > +	op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
> > > +	op->asym->sm2.message.data = input_params.message.data;
> > > +	op->asym->sm2.message.length = input_params.message.length;
> > > +
> > > +	/* Init out buf */
> > > +	op->asym->sm2.cipher.data = output_buf;
> > > +
> > > +	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
> > > +
> > > +	/* Process crypto operation */
> > > +	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> > > +		RTE_LOG(ERR, USER1,
> > > +				"line %u FAILED: %s", __LINE__,
> > > +				"Error sending packet for operation\n");
> > > +		status = TEST_FAILED;
> > > +		goto exit;
> > > +	}
> > > +
> > > +	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
> > > +		rte_pause();
> > > +
> > > +	if (result_op == NULL) {
> > > +		RTE_LOG(ERR, USER1,
> > > +				"line %u FAILED: %s", __LINE__,
> > > +				"Failed to process asym crypto op\n");
> > > +		status = TEST_FAILED;
> > > +		goto exit;
> > > +	}
> > > +
> > > +	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
> > > +		RTE_LOG(ERR, USER1,
> > > +				"line %u FAILED: %s", __LINE__,
> > > +				"Failed to process asym crypto op\n");
> > > +		status = TEST_FAILED;
> > > +		goto exit;
> > > +	}
> >
> > Shouldn't we do content comparison of the cipher text with vectors here as
> > well?
> > Content is matched only after round trip which will not catch the hardware bug
> > during encryption.
> 
> Due to random scalar value used (and known only to driver), we can't have
> expected
> cipher string. I ll wait for review on current openssl driver implementation
> whether
> to introduce this scalar value in crypto op param like in EC. Based on this, we
> could
> address this suggestion.
> 
You can add a comment here in the code to explain this thing.