[v1 0/6] cryptodev: support digest message in SM2

[v1 0/6] cryptodev: support digest message in SM2

[Gowrishankar Muthukrishnan]

This patch series fixes SM2 algorithm implementation to
support digest message as input along with plain message
as today.

Gowrishankar Muthukrishnan (6):
  crypto/openssl: include SM2 in asymmetric capabilities
  cryptodev: add RNG capability in EC based xform
  cryptodev: add hash support in asymmetric capability
  cryptodev: use generic EC xform params for SM2
  app/test: check asymmetric capabilities in SM2 test
  crypto/cnxk: add SM2 support

 app/test/test_cryptodev_asym.c                | 131 ++++++----
 app/test/test_cryptodev_sm2_test_vectors.h    |  32 ++-
 doc/guides/cryptodevs/features/cn10k.ini      |   1 +
 doc/guides/rel_notes/release_23_11.rst        |   6 +
 drivers/common/cnxk/hw/cpt.h                  |   3 +-
 drivers/common/cnxk/roc_ae.c                  |  32 ++-
 drivers/common/cnxk/roc_ae.h                  |   3 +-
 drivers/common/cnxk/roc_ae_fpm_tables.c       | 190 ++++++++++++++
 drivers/crypto/cnxk/cnxk_ae.h                 | 232 +++++++++++++++++-
 drivers/crypto/cnxk/cnxk_cryptodev.h          |   2 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c |  17 ++
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  19 +-
 lib/cryptodev/cryptodev_trace.h               |   9 +
 lib/cryptodev/cryptodev_trace_points.c        |   3 +
 lib/cryptodev/rte_crypto_asym.h               |  15 +-
 lib/cryptodev/rte_cryptodev.c                 |  16 ++
 lib/cryptodev/rte_cryptodev.h                 |  25 ++
 lib/cryptodev/version.map                     |   1 +
 18 files changed, 666 insertions(+), 71 deletions(-)

-- 
2.25.1

[v1 1/6] crypto/openssl: include SM2 in asymmetric capabilities

[Gowrishankar Muthukrishnan]

Include SM2 algorithm in the asymmetric capabilities supported
by OpenSSL PMD.

Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 85a4fa3e55..2eb450fcfd 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -593,6 +593,20 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		},
 		}
 	},
+	{	/* SM2 */
+		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+		{.asym = {
+			.xform_capa = {
+				.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+				.op_types =
+				((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
+				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
+				 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
+				 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+			}
+		}
+		}
+	},
 
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
-- 
2.25.1

[v1 2/6] cryptodev: add RNG capability in EC based xform

[Gowrishankar Muthukrishnan]

Elliptic curve based asymmetric operations use cryptographically
secure random number in its computation. If PMD supports RNG
for such ops, the application could skip computing on its own.
This patch adds new field in asymmetric capability to declare
this capability.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 2 ++
 lib/cryptodev/rte_cryptodev.h                | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 2eb450fcfd..0f88669f41 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -603,6 +603,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
 				 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
 				 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+				{.internal_rng = 1
+				}
 			}
 		}
 		}
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index ba730373fb..64810c9ec4 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -182,6 +182,12 @@ struct rte_cryptodev_asymmetric_xform_capability {
 		/**< Range of modulus length supported by modulus based xform.
 		 * Value 0 mean implementation default
 		 */
+
+		uint8_t internal_rng;
+		/**< Availability of random number generator for Elliptic curve based xform.
+		 * Value 0 means unavailable, and application should pass the required
+		 * random value. Otherwise, PMD would internally compute the random number.
+		 */
 	};
 };
 
-- 
2.25.1

[v1 3/6] cryptodev: add hash support in asymmetric capability

[Gowrishankar Muthukrishnan]

Most of the asymmetric operations start with hash of the input.
Add a new field in asymmetric capability to declare support
for hash operations that PMD can support for the asymmetric
operations. Application can skip computing hash if PMD already
supports it.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  1 +
 lib/cryptodev/cryptodev_trace.h              |  9 +++++++++
 lib/cryptodev/cryptodev_trace_points.c       |  3 +++
 lib/cryptodev/rte_crypto_asym.h              |  3 +++
 lib/cryptodev/rte_cryptodev.c                | 16 ++++++++++++++++
 lib/cryptodev/rte_cryptodev.h                | 19 +++++++++++++++++++
 lib/cryptodev/version.map                    |  1 +
 7 files changed, 52 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 0f88669f41..0b3601db40 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -598,6 +598,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		{.asym = {
 			.xform_capa = {
 				.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+				.hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
 				.op_types =
 				((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
 				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
diff --git a/lib/cryptodev/cryptodev_trace.h b/lib/cryptodev/cryptodev_trace.h
index aab44af96b..935f0d564b 100644
--- a/lib/cryptodev/cryptodev_trace.h
+++ b/lib/cryptodev/cryptodev_trace.h
@@ -520,6 +520,15 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_int(ret);
 )
 
+RTE_TRACE_POINT(
+	rte_cryptodev_trace_asym_xform_capability_check_hash,
+	RTE_TRACE_POINT_ARGS(uint64_t hash_algos,
+		enum rte_crypto_auth_algorithm hash, int ret),
+	rte_trace_point_emit_u64(hash_algos);
+	rte_trace_point_emit_int(hash);
+	rte_trace_point_emit_int(ret);
+)
+
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_count,
 	RTE_TRACE_POINT_ARGS(uint8_t nb_devs),
diff --git a/lib/cryptodev/cryptodev_trace_points.c b/lib/cryptodev/cryptodev_trace_points.c
index e2303fdb52..8c47ab1e78 100644
--- a/lib/cryptodev/cryptodev_trace_points.c
+++ b/lib/cryptodev/cryptodev_trace_points.c
@@ -144,6 +144,9 @@ RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_modlen,
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_optype,
 	lib.cryptodev.asym.xform.capability.check.optype)
 
+RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_hash,
+	lib.cryptodev.asym.xform.capability.check.hash)
+
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_cpu_crypto_process,
 	lib.cryptodev.sym.cpu.crypto.process)
 
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 8b5794fb7c..51f5476c6e 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -377,6 +377,9 @@ struct rte_crypto_dsa_xform {
 struct rte_crypto_ec_xform {
 	enum rte_crypto_curve_id curve_id;
 	/**< Pre-defined ec groups */
+
+	enum rte_crypto_auth_algorithm hash;
+	/**< Hash algorithm used in EC op. */
 };
 
 /**
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index c49d342b17..041d3074db 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -718,6 +718,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
 	return ret;
 }
 
+bool
+rte_cryptodev_asym_xform_capability_check_hash(
+	const struct rte_cryptodev_asymmetric_xform_capability *capability,
+	enum rte_crypto_auth_algorithm hash)
+{
+	bool ret = false;
+
+	if (capability->hash_algos & (1 << hash))
+		ret = true;
+
+	rte_cryptodev_trace_asym_xform_capability_check_hash(
+		capability->hash_algos, hash, ret);
+
+	return ret;
+}
+
 /* spinlock for crypto device enq callbacks */
 static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
 
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 64810c9ec4..536e082244 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -189,6 +189,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
 		 * random value. Otherwise, PMD would internally compute the random number.
 		 */
 	};
+
+	uint64_t hash_algos;
+	/**< Bitmask of hash algorithms supported for op_type. */
 };
 
 /**
@@ -348,6 +351,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
 	const struct rte_cryptodev_asymmetric_xform_capability *capability,
 		uint16_t modlen);
 
+/**
+ * Check if hash algorithm is supported.
+ *
+ * @param	capability	Asymmetric crypto capability.
+ * @param	hash		Hash algorithm.
+ *
+ * @return
+ *   - Return true if the hash algorithm is supported.
+ *   - Return false if the hash algorithm is not supported.
+ */
+__rte_experimental
+bool
+rte_cryptodev_asym_xform_capability_check_hash(
+	const struct rte_cryptodev_asymmetric_xform_capability *capability,
+	enum rte_crypto_auth_algorithm hash);
+
 /**
  * Provide the cipher algorithm enum, given an algorithm string
  *
diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
index ae8d9327b4..3c2d1780e0 100644
--- a/lib/cryptodev/version.map
+++ b/lib/cryptodev/version.map
@@ -54,6 +54,7 @@ EXPERIMENTAL {
 	rte_cryptodev_asym_get_xform_enum;
 	rte_cryptodev_asym_session_create;
 	rte_cryptodev_asym_session_free;
+	rte_cryptodev_asym_xform_capability_check_hash;
 	rte_cryptodev_asym_xform_capability_check_modlen;
 	rte_cryptodev_asym_xform_capability_check_optype;
 	rte_cryptodev_sym_cpu_crypto_process;
-- 
2.25.1

[v1 4/6] cryptodev: use generic EC xform params for SM2

[Gowrishankar Muthukrishnan]

Now, generic EC xform parameters include hash algorithm field.
Hence, SM2 curve can use this generic struct for setting hash
algorithm, which would also require SM2 curve ID enumerated
along with other curves, as listed in:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 app/test/test_cryptodev_asym.c               | 12 ++++++++----
 app/test/test_cryptodev_sm2_test_vectors.h   |  4 +++-
 doc/guides/rel_notes/release_23_11.rst       |  2 ++
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  2 +-
 lib/cryptodev/rte_crypto_asym.h              | 16 ++--------------
 5 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 0ef2642fdd..b08772a9bf 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1838,7 +1838,8 @@ _test_sm2_sign(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	xform.ec.curve_id = input_params.curve;
+	xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2019,7 +2020,8 @@ test_sm2_verify(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	xform.ec.curve_id = input_params.curve;
+	xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2120,7 +2122,8 @@ _test_sm2_enc(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	xform.ec.curve_id = input_params.curve;
+	xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2299,7 +2302,8 @@ test_sm2_dec(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	xform.ec.curve_id = input_params.curve;
+	xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
diff --git a/app/test/test_cryptodev_sm2_test_vectors.h b/app/test/test_cryptodev_sm2_test_vectors.h
index 7a4ce70c10..3d2dba1359 100644
--- a/app/test/test_cryptodev_sm2_test_vectors.h
+++ b/app/test/test_cryptodev_sm2_test_vectors.h
@@ -17,6 +17,7 @@ struct crypto_testsuite_sm2_params {
 	rte_crypto_param id;
 	rte_crypto_param cipher;
 	rte_crypto_param message;
+	int curve;
 };
 
 static uint8_t fp256_pkey[] = {
@@ -123,7 +124,8 @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = {
 	.cipher = {
 		.data = fp256_cipher,
 		.length = sizeof(fp256_cipher),
-	}
+	},
+	.curve = RTE_CRYPTO_EC_GROUP_SM2
 };
 
 #endif /* __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__ */
diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst
index 4411bb32c1..23c89e8ea9 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -91,6 +91,8 @@ Removed Items
 
 * kni: Removed the Kernel Network Interface (KNI) library and driver.
 
+* crypto: Removed SM2 xform parameter in asymmetric xform.
+
 
 API Changes
 -----------
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 0b3601db40..e521c0c830 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -1307,7 +1307,7 @@ static int openssl_set_asym_session_parameters(
 		OSSL_PARAM *params = NULL;
 		int ret = -1;
 
-		if (xform->sm2.hash != RTE_CRYPTO_AUTH_SM3)
+		if (xform->ec.hash != RTE_CRYPTO_AUTH_SM3)
 			return -1;
 
 		param_bld = OSSL_PARAM_BLD_new();
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 51f5476c6e..9b68c3f5e2 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -69,7 +69,8 @@ enum rte_crypto_curve_id {
 	RTE_CRYPTO_EC_GROUP_SECP224R1 = 21,
 	RTE_CRYPTO_EC_GROUP_SECP256R1 = 23,
 	RTE_CRYPTO_EC_GROUP_SECP384R1 = 24,
-	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25
+	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25,
+	RTE_CRYPTO_EC_GROUP_SM2       = 41,
 };
 
 /**
@@ -382,16 +383,6 @@ struct rte_crypto_ec_xform {
 	/**< Hash algorithm used in EC op. */
 };
 
-/**
- * Asymmetric SM2 transform data.
- *
- * Structure describing SM2 xform params.
- */
-struct rte_crypto_sm2_xform {
-	enum rte_crypto_auth_algorithm hash;
-	/**< Hash algorithm used in SM2 op. */
-};
-
 /**
  * Operations params for modular operations:
  * exponentiation and multiplicative inverse
@@ -649,9 +640,6 @@ struct rte_crypto_asym_xform {
 		/**< EC xform parameters, used by elliptic curve based
 		 * operations.
 		 */
-
-		struct rte_crypto_sm2_xform sm2;
-		/**< SM2 xform parameters */
 	};
 };
 
-- 
2.25.1

[v1 5/6] app/test: check asymmetric capabilities in SM2 test

[Gowrishankar Muthukrishnan]

Check asymmetric capabilities such as SM3 hash support and
internal RNG and accordingly choose op params for SM2 test.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 app/test/test_cryptodev_asym.c             | 127 ++++++++++++++-------
 app/test/test_cryptodev_sm2_test_vectors.h |  28 +++--
 2 files changed, 103 insertions(+), 52 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index b08772a9bf..1f39b1f017 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -608,6 +608,7 @@ static inline void print_asym_capa(
 	break;
 	case RTE_CRYPTO_ASYM_XFORM_ECDSA:
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
 	default:
 		break;
 	}
@@ -1806,12 +1807,14 @@ test_ecpm_all_curve(void)
 }
 
 static int
-_test_sm2_sign(bool rnd_secret)
+test_sm2_sign(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	uint8_t output_buf_r[TEST_DATA_SIZE];
@@ -1822,6 +1825,12 @@ _test_sm2_sign(bool rnd_secret)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -1839,7 +1848,10 @@ _test_sm2_sign(bool rnd_secret)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
 	xform.ec.curve_id = input_params.curve;
-	xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		xform.ec.hash = RTE_CRYPTO_AUTH_NULL;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -1857,17 +1869,25 @@ _test_sm2_sign(bool rnd_secret)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
-	asym_op->sm2.message.data = input_params.message.data;
-	asym_op->sm2.message.length = input_params.message.length;
+	if (xform.ec.hash == RTE_CRYPTO_AUTH_SM3) {
+		asym_op->sm2.message.data = input_params.message.data;
+		asym_op->sm2.message.length = input_params.message.length;
+		asym_op->sm2.id.data = input_params.id.data;
+		asym_op->sm2.id.length = input_params.id.length;
+	} else {
+		asym_op->sm2.message.data = input_params.digest.data;
+		asym_op->sm2.message.length = input_params.digest.length;
+		asym_op->sm2.id.data = NULL;
+		asym_op->sm2.id.length = 0;
+	}
+
 	asym_op->sm2.pkey.data = input_params.pkey.data;
 	asym_op->sm2.pkey.length = input_params.pkey.length;
 	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
 	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
 	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
 	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
-	asym_op->sm2.id.data = input_params.id.data;
-	asym_op->sm2.id.length = input_params.id.length;
-	if (rnd_secret) {
+	if (capa->internal_rng != 0) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
 	} else {
@@ -1916,7 +1936,7 @@ _test_sm2_sign(bool rnd_secret)
 	debug_hexdump(stdout, "s:",
 			asym_op->sm2.s.data, asym_op->sm2.s.length);
 
-	if (!rnd_secret) {
+	if (capa->internal_rng == 0) {
 		/* Verify sign (by comparison). */
 		if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data,
 				   asym_op->sm2.r.length) != 0) {
@@ -1977,25 +1997,15 @@ _test_sm2_sign(bool rnd_secret)
 	return status;
 };
 
-static int
-test_sm2_sign_rnd_secret(void)
-{
-	return _test_sm2_sign(true);
-}
-
-__rte_used static int
-test_sm2_sign_plain_secret(void)
-{
-	return _test_sm2_sign(false);
-}
-
 static int
 test_sm2_verify(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	struct rte_crypto_asym_xform xform;
@@ -2004,6 +2014,12 @@ test_sm2_verify(void)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -2021,7 +2037,10 @@ test_sm2_verify(void)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
 	xform.ec.curve_id = input_params.curve;
-	xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		xform.ec.hash = RTE_CRYPTO_AUTH_NULL;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2039,8 +2058,18 @@ test_sm2_verify(void)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
-	asym_op->sm2.message.data = input_params.message.data;
-	asym_op->sm2.message.length = input_params.message.length;
+	if (xform.ec.hash == RTE_CRYPTO_AUTH_SM3) {
+		asym_op->sm2.message.data = input_params.message.data;
+		asym_op->sm2.message.length = input_params.message.length;
+		asym_op->sm2.id.data = input_params.id.data;
+		asym_op->sm2.id.length = input_params.id.length;
+	} else {
+		asym_op->sm2.message.data = input_params.digest.data;
+		asym_op->sm2.message.length = input_params.digest.length;
+		asym_op->sm2.id.data = NULL;
+		asym_op->sm2.id.length = 0;
+	}
+
 	asym_op->sm2.pkey.data = input_params.pkey.data;
 	asym_op->sm2.pkey.length = input_params.pkey.length;
 	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
@@ -2051,8 +2080,6 @@ test_sm2_verify(void)
 	asym_op->sm2.r.length = input_params.sign_r.length;
 	asym_op->sm2.s.data = input_params.sign_s.data;
 	asym_op->sm2.s.length = input_params.sign_s.length;
-	asym_op->sm2.id.data = input_params.id.data;
-	asym_op->sm2.id.length = input_params.id.length;
 
 	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
 
@@ -2092,13 +2119,15 @@ test_sm2_verify(void)
 };
 
 static int
-_test_sm2_enc(bool rnd_secret)
+test_sm2_enc(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
 	uint8_t output_buf[TEST_DATA_SIZE], *pbuf = NULL;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	struct rte_crypto_asym_xform xform;
@@ -2107,6 +2136,12 @@ _test_sm2_enc(bool rnd_secret)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -2123,7 +2158,10 @@ _test_sm2_enc(bool rnd_secret)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
 	xform.ec.curve_id = input_params.curve;
-	xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		xform.ec.hash = RTE_CRYPTO_AUTH_NULL;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2149,7 +2187,7 @@ _test_sm2_enc(bool rnd_secret)
 	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
 	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
 	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
-	if (rnd_secret) {
+	if (capa->internal_rng != 0) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
 	} else {
@@ -2195,7 +2233,7 @@ _test_sm2_enc(bool rnd_secret)
 	debug_hexdump(stdout, "cipher:",
 			asym_op->sm2.cipher.data, asym_op->sm2.cipher.length);
 
-	if (!rnd_secret) {
+	if (capa->internal_rng == 0) {
 		if (memcmp(input_params.cipher.data, asym_op->sm2.cipher.data,
 				   asym_op->sm2.cipher.length) != 0) {
 			status = TEST_FAILED;
@@ -2259,25 +2297,15 @@ _test_sm2_enc(bool rnd_secret)
 	return status;
 };
 
-static int
-test_sm2_enc_rnd_secret(void)
-{
-	return _test_sm2_enc(true);
-}
-
-__rte_used static int
-test_sm2_enc_plain_secret(void)
-{
-	return _test_sm2_enc(false);
-}
-
 static int
 test_sm2_dec(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	uint8_t output_buf_m[TEST_DATA_SIZE];
@@ -2287,6 +2315,12 @@ test_sm2_dec(void)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -2303,7 +2337,10 @@ test_sm2_dec(void)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
 	xform.ec.curve_id = input_params.curve;
-	xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		xform.ec.hash = RTE_CRYPTO_AUTH_NULL;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2689,9 +2726,9 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 				test_dh_keygenration),
-		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign_rnd_secret),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify),
-		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_enc_rnd_secret),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_enc),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_dec),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
@@ -2755,6 +2792,8 @@ static struct unit_test_suite cryptodev_octeontx_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 			     test_ecdsa_sign_verify_all_curve),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 				test_ecpm_all_curve),
 		TEST_CASES_END() /**< NULL terminate unit test array */
diff --git a/app/test/test_cryptodev_sm2_test_vectors.h b/app/test/test_cryptodev_sm2_test_vectors.h
index 3d2dba1359..41f5f7074a 100644
--- a/app/test/test_cryptodev_sm2_test_vectors.h
+++ b/app/test/test_cryptodev_sm2_test_vectors.h
@@ -17,6 +17,7 @@ struct crypto_testsuite_sm2_params {
 	rte_crypto_param id;
 	rte_crypto_param cipher;
 	rte_crypto_param message;
+	rte_crypto_param digest;
 	int curve;
 };
 
@@ -46,17 +47,17 @@ static uint8_t fp256_k[] = {
 };
 
 static uint8_t fp256_sign_r[] = {
-	0xf3, 0x26, 0x10, 0xde, 0xfb, 0xbf, 0x13, 0xd4,
-	0x73, 0xb1, 0xc2, 0x80, 0x51, 0x06, 0x29, 0xf9,
-	0xfb, 0xc8, 0x11, 0xa7, 0x8d, 0x2c, 0xcb, 0x09,
-	0x7c, 0xb2, 0xcf, 0x58, 0x0b, 0x5e, 0x25, 0xff
+	0x75, 0x2B, 0x8C, 0x15, 0x38, 0x10, 0xF6, 0xC0,
+	0x28, 0xC9, 0x8A, 0x51, 0xD0, 0x62, 0x69, 0x4B,
+	0xF6, 0x58, 0x06, 0xEB, 0xF1, 0x91, 0x1F, 0x15,
+	0x8B, 0x08, 0x09, 0xF9, 0x88, 0x0A, 0x44, 0x24
 };
 
 static uint8_t fp256_sign_s[] = {
-	0x8d, 0x8d, 0xb5, 0x40, 0xe3, 0xfb, 0x98, 0xf9,
-	0x8c, 0xe4, 0x58, 0x60, 0xf2, 0x78, 0x8f, 0xd9,
-	0xbf, 0xb8, 0x47, 0x73, 0x88, 0xc1, 0xd1, 0xcd,
-	0x2d, 0xdb, 0xe3, 0xc1, 0x44, 0x30, 0x25, 0x86
+	0x5A, 0x3C, 0x96, 0x3E, 0x1C, 0xB4, 0x19, 0xF9,
+	0xD7, 0x78, 0xB8, 0xCE, 0xFF, 0x9D, 0xB1, 0x31,
+	0x77, 0xDB, 0xA0, 0xFE, 0x84, 0x61, 0x1A, 0xD9,
+	0x4E, 0xFF, 0x82, 0x13, 0x1C, 0xCA, 0x04, 0x75,
 };
 
 static uint8_t fp256_id[] = {
@@ -68,6 +69,13 @@ static uint8_t fp256_message[] = {
 	0x64, 0x69, 0x67, 0x65, 0x73, 0x74
 };
 
+static uint8_t fp256_digest[] = {
+	0x0F, 0xB5, 0xCE, 0xF3, 0x3C, 0xB7, 0xD1, 0x35,
+	0xA9, 0x3A, 0xC7, 0xA7, 0x89, 0x2A, 0x6D, 0x9A,
+	0xF3, 0x1E, 0xC5, 0x38, 0xD3, 0x65, 0x1B, 0xB9,
+	0xDF, 0x5F, 0x7F, 0x4A, 0xD8, 0x89, 0x57, 0xF1
+};
+
 static uint8_t fp256_cipher[] = {
 	0x30, 0x78, 0x02, 0x21, 0x00, 0xAB, 0xBD, 0xE8,
 	0xE8, 0x80, 0x93, 0x36, 0x77, 0xB6, 0x44, 0x47,
@@ -121,6 +129,10 @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = {
 		.data = fp256_message,
 		.length = sizeof(fp256_message),
 	},
+	.digest = {
+		.data = fp256_digest,
+		.length = sizeof(fp256_digest),
+	},
 	.cipher = {
 		.data = fp256_cipher,
 		.length = sizeof(fp256_cipher),
-- 
2.25.1

[v1 6/6] crypto/cnxk: add SM2 support

[Gowrishankar Muthukrishnan]

Add SM2 asymmetric algorithm support in cnxk PMD.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/cryptodevs/features/cn10k.ini      |   1 +
 doc/guides/rel_notes/release_23_11.rst        |   4 +
 drivers/common/cnxk/hw/cpt.h                  |   3 +-
 drivers/common/cnxk/roc_ae.c                  |  32 ++-
 drivers/common/cnxk/roc_ae.h                  |   3 +-
 drivers/common/cnxk/roc_ae_fpm_tables.c       | 190 ++++++++++++++
 drivers/crypto/cnxk/cnxk_ae.h                 | 232 +++++++++++++++++-
 drivers/crypto/cnxk/cnxk_cryptodev.h          |   2 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c |  17 ++
 9 files changed, 479 insertions(+), 5 deletions(-)

diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini
index 55a1226965..15e2dd48a8 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -103,6 +103,7 @@ Modular Inversion       =
 Diffie-hellman          =
 ECDSA                   = Y
 ECPM                    = Y
+SM2                     = Y
 
 ;
 ; Supported Operating systems of the 'cn10k' crypto driver.
diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst
index 23c89e8ea9..234fa2e6ee 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -72,6 +72,10 @@ New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+* **Updated CNXK crypto driver.**
+
+  * Added SM2 algorithm support in asymmetric crypto operations.
+
 
 Removed Items
 -------------
diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index 5e1519e202..ce57de8788 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -79,7 +79,8 @@ union cpt_eng_caps {
 		uint64_t __io reserved_23_33 : 11;
 		uint64_t __io pdcp_chain : 1;
 		uint64_t __io sg_ver2 : 1;
-		uint64_t __io reserved_36_63 : 28;
+		uint64_t __io sm2 : 1;
+		uint64_t __io reserved_37_63 : 27;
 	};
 };
 
diff --git a/drivers/common/cnxk/roc_ae.c b/drivers/common/cnxk/roc_ae.c
index 336b927641..e6a013d7c4 100644
--- a/drivers/common/cnxk/roc_ae.c
+++ b/drivers/common/cnxk/roc_ae.c
@@ -149,7 +149,37 @@ const struct roc_ae_ec_group ae_ec_grp[ROC_AE_EC_ID_PMAX] = {
 			     0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C,
 			     0x34, 0xF1, 0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50,
 			     0x3F, 0x00},
-		    .length = 66}}};
+		    .length = 66},
+	},
+	{},
+	{},
+	{},
+	{
+		.prime = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+				   0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF},
+			  .length = 32},
+		.order = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0x72, 0x03, 0xDF, 0x6B, 0x21,
+				   0xC6, 0x05, 0x2B, 0x53, 0xBB, 0xF4, 0x09,
+				   0x39, 0xD5, 0x41, 0x23},
+			  .length = 32},
+		.consta = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+				    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+				    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+				    0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+				    0xFF, 0xFF, 0xFF, 0xFC},
+			   .length = 32},
+		.constb = {.data = {0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E,
+				    0x34, 0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65,
+				    0x09, 0xA7, 0xF3, 0x97, 0x89, 0xF5, 0x15,
+				    0xAB, 0x8F, 0x92, 0xDD, 0xBC, 0xBD, 0x41,
+				    0x4D, 0x94, 0x0E, 0x93},
+			   .length = 32},
+	}};
 
 int
 roc_ae_ec_grp_get(struct roc_ae_ec_group **tbl)
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index c972878eff..6ea4df2334 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -34,7 +34,8 @@ typedef enum {
 	ROC_AE_EC_ID_P160 = 5,
 	ROC_AE_EC_ID_P320 = 6,
 	ROC_AE_EC_ID_P512 = 7,
-	ROC_AE_EC_ID_PMAX = 8
+	ROC_AE_EC_ID_SM2  = 8,
+	ROC_AE_EC_ID_PMAX
 } roc_ae_ec_id;
 
 /* Prime and order fields of built-in elliptic curves */
diff --git a/drivers/common/cnxk/roc_ae_fpm_tables.c b/drivers/common/cnxk/roc_ae_fpm_tables.c
index f91570299b..ead3128e7f 100644
--- a/drivers/common/cnxk/roc_ae_fpm_tables.c
+++ b/drivers/common/cnxk/roc_ae_fpm_tables.c
@@ -1057,6 +1057,189 @@ const uint8_t ae_fpm_tbl_p521[AE_FPM_P521_LEN] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
 };
 
+const uint8_t ae_fpm_tbl_p256_sm2[AE_FPM_P256_LEN] = {
+	0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7, 0x8F, 0xE3, 0x0B, 0xBF,
+	0xF2, 0x66, 0x0B, 0xE1, 0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94,
+	0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0, 0xD0, 0xA9, 0x87, 0x7C,
+	0xC6, 0x2A, 0x47, 0x40, 0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53,
+	0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xE1, 0x8B, 0xD5, 0x46, 0xB5, 0x82, 0x45, 0x17, 0x67, 0x38, 0x91, 0xD7,
+	0x91, 0xCA, 0xA4, 0x86, 0xBA, 0x22, 0x0B, 0x99, 0xDF, 0x9F, 0x9A, 0x14,
+	0x95, 0xAF, 0xBD, 0x11, 0x55, 0xC1, 0xDA, 0x54, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x8E, 0x44, 0x50, 0xEB, 0x33, 0x4A, 0xCD, 0xCB, 0xC3, 0xC7, 0xD1, 0x89,
+	0x8A, 0x53, 0xF2, 0x0D, 0x2E, 0xEE, 0x75, 0x0F, 0x40, 0x53, 0x01, 0x7C,
+	0xE8, 0xA6, 0xD8, 0x2C, 0x51, 0x73, 0x88, 0xC2, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xF8, 0x1C, 0x8D, 0xA9, 0xB9, 0x9F, 0xBA, 0x55, 0x13, 0x7F, 0x6C, 0x61,
+	0x49, 0xFE, 0xEF, 0x6E, 0xCB, 0x12, 0x9A, 0xA4, 0x94, 0xDA, 0x9A, 0xD4,
+	0x82, 0xA0, 0xF5, 0x40, 0x7D, 0x12, 0x3D, 0xB6, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xFD, 0xEC, 0xA0, 0x07, 0x72, 0xC4, 0xDB, 0xC9, 0xA9, 0x61, 0xB5, 0x8F,
+	0x0C, 0xF5, 0x83, 0x73, 0xEC, 0xAC, 0xAB, 0x94, 0xE9, 0x73, 0xF9, 0xC3,
+	0xF1, 0x2F, 0xA4, 0x69, 0x6A, 0x22, 0xCA, 0x3F, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xEA, 0xE3, 0xD9, 0xA9, 0xD1, 0x3A, 0x42, 0xED, 0x2B, 0x23, 0x08, 0xF6,
+	0x48, 0x4E, 0x1B, 0x38, 0x3D, 0xB7, 0xB2, 0x48, 0x88, 0xC2, 0x1F, 0x3A,
+	0xB6, 0x92, 0xE5, 0xB5, 0x74, 0xD5, 0x5D, 0xA9, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xD1, 0x86, 0x46, 0x9D, 0xE2, 0x95, 0xE5, 0xAB, 0xDB, 0x61, 0xAC, 0x17,
+	0x73, 0x43, 0x8E, 0x6D, 0x5A, 0x92, 0x4F, 0x85, 0x54, 0x49, 0x26, 0xF9,
+	0xA1, 0x75, 0x05, 0x1B, 0x0F, 0x3F, 0xB6, 0x13, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xA7, 0x2D, 0x08, 0x4F, 0x62, 0xC8, 0xD5, 0x8B, 0xE3, 0xD6, 0x46, 0x7D,
+	0xEA, 0xF4, 0x8F, 0xD7, 0x8F, 0xE7, 0x5E, 0x5A, 0x12, 0x8A, 0x56, 0xA7,
+	0xC0, 0x02, 0x3F, 0xE7, 0xFF, 0x2B, 0x68, 0xBD, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x64, 0xF6, 0x77, 0x82, 0x31, 0x68, 0x15, 0xF9, 0xB5, 0x2B, 0x6D, 0x9B,
+	0x19, 0xA6, 0x9C, 0xD2, 0x5D, 0x1E, 0xD6, 0xFA, 0x89, 0xCB, 0xBA, 0xDE,
+	0x79, 0x6C, 0x91, 0x0E, 0xE7, 0xF4, 0xCC, 0xDB, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x1B, 0x21, 0x50, 0xC1, 0xC5, 0xF1, 0x30, 0x15, 0xDA, 0xAB, 0xA9, 0x1B,
+	0x5D, 0x95, 0x2C, 0x9B, 0x0E, 0x8C, 0xC2, 0x4C, 0x3F, 0x54, 0x61, 0x42,
+	0x75, 0xA3, 0x4B, 0x24, 0x37, 0x05, 0xF2, 0x60, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x77, 0xD1, 0x95, 0x42, 0x1C, 0xEF, 0x13, 0x39, 0x63, 0x66, 0x44, 0xAA,
+	0x0C, 0x3A, 0x06, 0x23, 0x46, 0x83, 0xDF, 0x17, 0x6E, 0xEB, 0x24, 0x44,
+	0x64, 0x2C, 0xE3, 0xBD, 0x35, 0x35, 0xE7, 0x4D, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x4A, 0x59, 0xAC, 0x2C, 0x6E, 0x7E, 0xCC, 0x08, 0xAF, 0x2B, 0x71, 0x16,
+	0x4F, 0x19, 0x1D, 0x63, 0x36, 0x22, 0xA8, 0x7F, 0xB2, 0x84, 0x55, 0x4F,
+	0xD9, 0xEB, 0x39, 0x7B, 0x44, 0x1E, 0x9C, 0xD0, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xA6, 0x6B, 0x8A, 0x48, 0x93, 0xB6, 0xA5, 0x4D, 0x26, 0xFB, 0x89, 0xA4,
+	0x0B, 0x4A, 0x66, 0x3A, 0xAF, 0xA8, 0x75, 0x01, 0xEE, 0xDF, 0xC9, 0xF4,
+	0xF3, 0xF0, 0x00, 0xBC, 0x66, 0xF9, 0x81, 0x08, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xAD, 0x8B, 0xC6, 0x8C, 0xE0, 0x31, 0xD6, 0x16, 0x16, 0x88, 0x8D, 0x8E,
+	0xE4, 0x00, 0x31, 0x87, 0x44, 0xC0, 0x75, 0x7F, 0x3B, 0xB8, 0xB6, 0x00,
+	0x79, 0x3F, 0xAE, 0x7A, 0xF0, 0x16, 0x42, 0x45, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x21, 0x0C, 0xD0, 0x42, 0x97, 0x3F, 0x33, 0x3B, 0x08, 0x66, 0x6F, 0xF5,
+	0x2D, 0xBD, 0x25, 0xF9, 0x65, 0xC5, 0xB1, 0x29, 0xF5, 0xF7, 0xAD, 0x5D,
+	0xE0, 0x3D, 0x7A, 0x8D, 0x19, 0xB3, 0x21, 0x9A, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xD6, 0x8B, 0xFB, 0xAC, 0xE0, 0xE0, 0x03, 0x92, 0x26, 0x10, 0x14, 0xF7,
+	0xD3, 0x44, 0x5D, 0xC7, 0xD9, 0xF4, 0x6B, 0x27, 0x14, 0xA0, 0x71, 0xEE,
+	0x1B, 0x20, 0x0A, 0xF3, 0x08, 0x10, 0xB6, 0x82, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0D, 0x91, 0xD8, 0xB1, 0x2A, 0xE6, 0x9B, 0xCD, 0x74, 0xA0, 0x8F, 0x17,
+	0xBF, 0x8C, 0xD9, 0x81, 0xD8, 0x22, 0x91, 0x3C, 0xF0, 0xD2, 0xB8, 0x2D,
+	0x24, 0x8B, 0x7A, 0xF0, 0xB0, 0x5B, 0xFA, 0xD2, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xBA, 0x11, 0x9A, 0x04, 0x9E, 0x62, 0xF2, 0xE2, 0xF2, 0x78, 0xE8, 0xA3,
+	0x4D, 0xF0, 0x5A, 0xE5, 0xD2, 0x69, 0xF3, 0x56, 0x4E, 0xB5, 0xD1, 0x80,
+	0x8E, 0x74, 0xAD, 0x0F, 0x4F, 0x95, 0x7C, 0xB1, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x11, 0x2F, 0xF4, 0xDA, 0xBD, 0x76, 0xE2, 0xDD, 0x91, 0x37, 0x3F, 0x20,
+	0x63, 0x0F, 0xDB, 0x7F, 0xF4, 0x3E, 0xAB, 0x47, 0x49, 0x92, 0x90, 0x4C,
+	0x55, 0xA5, 0xCC, 0xC7, 0xAF, 0x3B, 0x6D, 0xB4, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x5A, 0xD1, 0x04, 0xA8, 0xBD, 0xD2, 0x3D, 0xE9, 0xF5, 0xA9, 0xE5, 0x15,
+	0xEB, 0x71, 0xC2, 0xC1, 0x39, 0x05, 0x42, 0xA0, 0xBA, 0x95, 0xC1, 0x74,
+	0x4C, 0x55, 0xFB, 0x20, 0x42, 0x64, 0x91, 0xBF, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x91, 0x52, 0x57, 0x35, 0xEF, 0x62, 0x62, 0x89, 0xD2, 0xED, 0x97, 0x7F,
+	0x88, 0xF0, 0x96, 0x35, 0xFD, 0x48, 0x73, 0x1B, 0x7A, 0x8A, 0x85, 0x21,
+	0x08, 0xF8, 0x9A, 0x03, 0xB8, 0xFD, 0xEB, 0xEA, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x7E, 0x8E, 0x61, 0xEA, 0x35, 0xEB, 0x8E, 0x2E, 0x1B, 0xB2, 0x70, 0x0D,
+	0xB9, 0x8A, 0x76, 0x2C, 0xD8, 0x1E, 0xA2, 0x3B, 0x77, 0x38, 0xC1, 0x7C,
+	0xF9, 0xDE, 0xF2, 0xA4, 0x6D, 0xBA, 0x26, 0xA3, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x18, 0x3A, 0x79, 0x12, 0xD0, 0x5E, 0x32, 0x9F, 0x34, 0x66, 0x4A, 0x08,
+	0x96, 0xCC, 0xDE, 0x0E, 0x56, 0xC2, 0x26, 0x52, 0x61, 0x42, 0x83, 0xBB,
+	0x91, 0x69, 0x28, 0x99, 0xD5, 0xFF, 0x05, 0x13, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x44, 0x9D, 0x48, 0xD8, 0xF3, 0xBD, 0xBE, 0x19, 0xAB, 0x95, 0xDE, 0x03,
+	0xCC, 0x85, 0x10, 0xCB, 0xAE, 0xF1, 0x59, 0x46, 0x3F, 0x8B, 0xFB, 0x25,
+	0xDA, 0x72, 0xC3, 0x79, 0xDA, 0xE3, 0xCA, 0x8B, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xCB, 0xA9, 0x31, 0x5C, 0xE8, 0x2C, 0xC3, 0xEA, 0x4E, 0x52, 0x4B, 0xAC,
+	0x38, 0xA5, 0x80, 0x20, 0x36, 0xBA, 0x27, 0x52, 0x53, 0x8E, 0x34, 0x8C,
+	0xB1, 0x70, 0xD0, 0xDA, 0x75, 0xED, 0x45, 0x0F, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x94, 0x7A, 0xF0, 0xF5, 0x2B, 0x4F, 0x8D, 0xA6, 0x7E, 0xDA, 0x17, 0xD9,
+	0x17, 0x82, 0x79, 0x76, 0x5B, 0xA7, 0x9A, 0x0C, 0x70, 0x58, 0x53, 0xA0,
+	0xA5, 0xD9, 0x87, 0x3B, 0x3F, 0xB2, 0xDD, 0xC7, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xC2, 0xA4, 0x81, 0x62, 0xA5, 0xFD, 0x9C, 0xE9, 0x80, 0xEE, 0x8A, 0xE5,
+	0x26, 0xF2, 0x5F, 0x02, 0xF6, 0x0C, 0x8E, 0xF6, 0x63, 0x3B, 0xE6, 0xA9,
+	0xE2, 0xE2, 0x3F, 0x02, 0x29, 0xA8, 0x4A, 0x35, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xBC, 0x49, 0x45, 0xBD, 0x86, 0xBB, 0x6A, 0xFB, 0x23, 0x7E, 0xB7, 0x11,
+	0xEB, 0xA4, 0x6F, 0xEE, 0x7C, 0x1D, 0xB5, 0x8B, 0x7B, 0x86, 0xEB, 0x33,
+	0xD9, 0x4E, 0xB7, 0x28, 0x27, 0x3B, 0x3A, 0xC7, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xBE, 0x17, 0x17, 0xE5, 0x95, 0x68, 0xD0, 0xA4, 0x4A, 0x60, 0x67, 0xCC,
+	0x45, 0xF7, 0x02, 0x12, 0x19, 0xB3, 0x2E, 0xB5, 0xAF, 0xC2, 0xFB, 0x17,
+	0xBE, 0x3C, 0x1E, 0x7A, 0xC3, 0xAC, 0x9D, 0x3C, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
 const struct ae_fpm_entry ae_fpm_tbl_scalar[ROC_AE_EC_ID_PMAX] = {
 	{
 		.data = ae_fpm_tbl_p192,
@@ -1077,6 +1260,13 @@ const struct ae_fpm_entry ae_fpm_tbl_scalar[ROC_AE_EC_ID_PMAX] = {
 	{
 		.data = ae_fpm_tbl_p521,
 		.len = sizeof(ae_fpm_tbl_p521)
+	},
+	{},
+	{},
+	{},
+	{
+		.data = ae_fpm_tbl_p256_sm2,
+		.len = sizeof(ae_fpm_tbl_p256_sm2)
 	}
 };
 
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 7ad259b7f4..444f34c8d9 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -193,8 +193,11 @@ cnxk_ae_fill_ec_params(struct cnxk_ae_sess *sess,
 	case RTE_CRYPTO_EC_GROUP_SECP521R1:
 		ec->curveid = ROC_AE_EC_ID_P521;
 		break;
+	case RTE_CRYPTO_EC_GROUP_SM2:
+		ec->curveid = ROC_AE_EC_ID_SM2;
+		break;
 	default:
-		/* Only NIST curves (FIPS 186-4) are supported */
+		/* Only NIST curves (FIPS 186-4) and SM2 are supported */
 		return -EINVAL;
 	}
 
@@ -220,6 +223,7 @@ cnxk_ae_fill_session_parameters(struct cnxk_ae_sess *sess,
 		/* Fall through */
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 	case RTE_CRYPTO_ASYM_XFORM_ECFPM:
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
 		ret = cnxk_ae_fill_ec_params(sess, xform);
 		break;
 	default:
@@ -579,6 +583,87 @@ cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	inst->rptr = (uintptr_t)dptr;
 }
 
+static __rte_always_inline void
+cnxk_ae_sm2_sign_prep(struct rte_crypto_sm2_op_param *sm2,
+			struct roc_ae_buf_ptr *meta_buf,
+			uint64_t fpm_table_iova, struct roc_ae_ec_group *ec_grp,
+			uint8_t curveid __rte_unused, struct cpt_inst_s *inst)
+{
+	uint16_t message_len = sm2->message.length;
+	uint16_t pkey_len = sm2->pkey.length;
+	uint16_t p_align, k_align, m_align;
+	uint16_t k_len = sm2->k.length;
+	uint16_t order_len, prime_len;
+	uint16_t o_offset, pk_offset;
+	union cpt_inst_w4 w4;
+	uint16_t dlen;
+	uint8_t *dptr;
+
+	prime_len = ec_grp->prime.length;
+	order_len = ec_grp->order.length;
+
+	/* Truncate input length to curve prime length */
+	if (message_len > prime_len)
+		message_len = prime_len;
+	m_align = RTE_ALIGN_CEIL(message_len, 8);
+
+	p_align = RTE_ALIGN_CEIL(prime_len, 8);
+	k_align = RTE_ALIGN_CEIL(k_len, 8);
+
+	/* Set write offset for order and private key */
+	o_offset = prime_len - order_len;
+	pk_offset = p_align - pkey_len;
+
+	/* Input buffer */
+	dptr = meta_buf->vaddr;
+	inst->dptr = (uintptr_t)dptr;
+
+	/*
+	 * Set dlen = sum(sizeof(fpm address), ROUNDUP8(scalar len, input len),
+	 * ROUNDUP8(priv key len, prime len, order len)).
+	 * Please note, private key, order cannot exceed prime
+	 * length i.e 3 * p_align.
+	 */
+	dlen = sizeof(fpm_table_iova) + k_align + m_align + p_align * 5;
+
+	memset(dptr, 0, dlen);
+
+	*(uint64_t *)dptr = fpm_table_iova;
+	dptr += sizeof(fpm_table_iova);
+
+	rte_memcpy(dptr, sm2->k.data, k_len);
+	dptr += k_align;
+
+	rte_memcpy(dptr, ec_grp->prime.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + o_offset, ec_grp->order.data, order_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + pk_offset, sm2->pkey.data, pkey_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, sm2->message.data, message_len);
+	dptr += m_align;
+
+	rte_memcpy(dptr, ec_grp->consta.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->constb.data, prime_len);
+	dptr += p_align;
+
+	/* Setup opcodes */
+	w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA;
+	w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_SIGN;
+
+	w4.s.param1 = 2 | 1 << 7 | 1 << 6 | (message_len << 8);
+	w4.s.param2 = (p_align << 8) | k_len;
+	w4.s.dlen = dlen;
+
+	inst->w4.u64 = w4.u64;
+	inst->rptr = (uintptr_t)dptr;
+}
+
 static __rte_always_inline void
 cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 			  struct roc_ae_buf_ptr *meta_buf,
@@ -673,6 +758,100 @@ cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	inst->rptr = (uintptr_t)dptr;
 }
 
+static __rte_always_inline void
+cnxk_ae_sm2_verify_prep(struct rte_crypto_sm2_op_param *sm2,
+			  struct roc_ae_buf_ptr *meta_buf,
+			  uint64_t fpm_table_iova,
+			  struct roc_ae_ec_group *ec_grp, uint8_t curveid __rte_unused,
+			  struct cpt_inst_s *inst)
+{
+	uint32_t message_len = sm2->message.length;
+	uint16_t o_offset, r_offset, s_offset;
+	uint16_t qx_len = sm2->q.x.length;
+	uint16_t qy_len = sm2->q.y.length;
+	uint16_t r_len = sm2->r.length;
+	uint16_t s_len = sm2->s.length;
+	uint16_t order_len, prime_len;
+	uint16_t qx_offset, qy_offset;
+	uint16_t p_align, m_align;
+	union cpt_inst_w4 w4;
+	uint16_t dlen;
+	uint8_t *dptr;
+
+	prime_len = ec_grp->prime.length;
+	order_len = ec_grp->order.length;
+
+	/* Truncate input length to curve prime length */
+	if (message_len > prime_len)
+		message_len = prime_len;
+
+	m_align = RTE_ALIGN_CEIL(message_len, 8);
+	p_align = RTE_ALIGN_CEIL(prime_len, 8);
+
+	/* Set write offset for sign, order and public key coordinates */
+	o_offset = prime_len - order_len;
+	qx_offset = prime_len - qx_len;
+	qy_offset = prime_len - qy_len;
+	r_offset = prime_len - r_len;
+	s_offset = prime_len - s_len;
+
+	/* Input buffer */
+	dptr = meta_buf->vaddr;
+	inst->dptr = (uintptr_t)dptr;
+
+	/*
+	 * Set dlen = sum(sizeof(fpm address), ROUNDUP8(message len),
+	 * ROUNDUP8(sign len(r and s), public key len(x and y coordinates),
+	 * prime len, order len)).
+	 * Please note sign, public key and order can not exceed prime length
+	 * i.e. 6 * p_align
+	 */
+	dlen = sizeof(fpm_table_iova) + m_align + (8 * p_align);
+
+	memset(dptr, 0, dlen);
+
+	*(uint64_t *)dptr = fpm_table_iova;
+	dptr += sizeof(fpm_table_iova);
+
+	rte_memcpy(dptr + r_offset, sm2->r.data, r_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + s_offset, sm2->s.data, s_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, sm2->message.data, message_len);
+	dptr += m_align;
+
+	rte_memcpy(dptr + o_offset, ec_grp->order.data, order_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->prime.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + qx_offset, sm2->q.x.data, qx_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + qy_offset, sm2->q.y.data, qy_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->consta.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->constb.data, prime_len);
+	dptr += p_align;
+
+	/* Setup opcodes */
+	w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA;
+	w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_VERIFY;
+
+	w4.s.param1 = 2 | 1 << 7 | 1 << 6 | (message_len << 8);
+	w4.s.param2 = 0;
+	w4.s.dlen = dlen;
+
+	inst->w4.u64 = w4.u64;
+	inst->rptr = (uintptr_t)dptr;
+}
+
 static __rte_always_inline int __rte_hot
 cnxk_ae_enqueue_ecdsa_op(struct rte_crypto_op *op,
 			 struct roc_ae_buf_ptr *meta_buf,
@@ -696,6 +875,29 @@ cnxk_ae_enqueue_ecdsa_op(struct rte_crypto_op *op,
 	return 0;
 }
 
+static __rte_always_inline int __rte_hot
+cnxk_ae_enqueue_sm2_op(struct rte_crypto_op *op,
+			 struct roc_ae_buf_ptr *meta_buf,
+			 struct cnxk_ae_sess *sess, uint64_t *fpm_iova,
+			 struct roc_ae_ec_group **ec_grp,
+			 struct cpt_inst_s *inst)
+{
+	struct rte_crypto_sm2_op_param *sm2 = &op->asym->sm2;
+	uint8_t curveid = sess->ec_ctx.curveid;
+
+	if (sm2->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
+		cnxk_ae_sm2_sign_prep(sm2, meta_buf, fpm_iova[curveid],
+					ec_grp[curveid], curveid, inst);
+	else if (sm2->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+		cnxk_ae_sm2_verify_prep(sm2, meta_buf, fpm_iova[curveid],
+					  ec_grp[curveid], curveid, inst);
+	else {
+		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		return -EINVAL;
+	}
+	return 0;
+}
+
 static __rte_always_inline int
 cnxk_ae_ecfpm_prep(struct rte_crypto_ecpm_op_param *ecpm,
 		   struct roc_ae_buf_ptr *meta_buf, uint64_t *fpm_iova,
@@ -898,6 +1100,23 @@ cnxk_ae_dequeue_ecdsa_op(struct rte_crypto_ecdsa_op_param *ecdsa, uint8_t *rptr,
 	ecdsa->s.length = prime_len;
 }
 
+static __rte_always_inline void
+cnxk_ae_dequeue_sm2_op(struct rte_crypto_sm2_op_param *sm2, uint8_t *rptr,
+			 struct roc_ae_ec_ctx *ec,
+			 struct roc_ae_ec_group **ec_grp)
+{
+	int prime_len = ec_grp[ec->curveid]->prime.length;
+
+	if (sm2->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+		return;
+
+	/* Separate out sign r and s components */
+	rte_memcpy(sm2->r.data, rptr, prime_len);
+	rte_memcpy(sm2->s.data, rptr + RTE_ALIGN_CEIL(prime_len, 8), prime_len);
+	sm2->r.length = prime_len;
+	sm2->s.length = prime_len;
+}
+
 static __rte_always_inline void
 cnxk_ae_dequeue_ecpm_op(struct rte_crypto_ecpm_op_param *ecpm, uint8_t *rptr,
 			struct roc_ae_ec_ctx *ec,
@@ -966,6 +1185,13 @@ cnxk_ae_enqueue(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 		if (unlikely(ret))
 			goto req_fail;
 		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		ret = cnxk_ae_enqueue_sm2_op(op, &meta_buf, sess,
+					       sess->cnxk_fpm_iova,
+					       sess->ec_grp, inst);
+		if (unlikely(ret))
+			goto req_fail;
+		break;
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 		ret = cnxk_ae_ecpm_prep(&asym_op->ecpm, &meta_buf,
 					sess->ec_grp[sess->ec_ctx.curveid],
@@ -1015,6 +1241,10 @@ cnxk_ae_post_process(struct rte_crypto_op *cop, struct cnxk_ae_sess *sess,
 		cnxk_ae_dequeue_ecdsa_op(&op->ecdsa, rptr, &sess->ec_ctx,
 					 sess->ec_grp);
 		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		cnxk_ae_dequeue_sm2_op(&op->sm2, rptr, &sess->ec_ctx,
+					 sess->ec_grp);
+		break;
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 	case RTE_CRYPTO_ASYM_XFORM_ECFPM:
 		cnxk_ae_dequeue_ecpm_op(&op->ecpm, rptr, &sess->ec_ctx,
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h
index 09f5ba0650..9a321aa8c9 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -13,7 +13,7 @@
 #define CNXK_CPT_MAX_CAPS	 54
 #define CNXK_SEC_CRYPTO_MAX_CAPS 16
 #define CNXK_SEC_MAX_CAPS	 9
-#define CNXK_AE_EC_ID_MAX	 8
+#define CNXK_AE_EC_ID_MAX	 9
 /**
  * Device private data
  */
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 4c6357353e..013d5789f6 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1152,6 +1152,20 @@ static const struct rte_cryptodev_capabilities caps_sm4[] = {
 	},
 };
 
+static const struct rte_cryptodev_capabilities caps_sm2[] = {
+	{	/* SM2 */
+		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+		{.asym = {
+			.xform_capa = {
+				.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+				.op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
+					     (1 << RTE_CRYPTO_ASYM_OP_VERIFY))
+			}
+		}
+		}
+	}
+};
+
 static const struct rte_cryptodev_capabilities caps_end[] = {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
@@ -1623,6 +1637,9 @@ cn10k_crypto_caps_add(struct rte_cryptodev_capabilities cnxk_caps[],
 		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm3);
 		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm4);
 	}
+
+	if (hw_caps[CPT_ENG_TYPE_AE].sm2)
+		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm2);
 }
 
 static void
-- 
2.25.1

RE: [v1 0/6] cryptodev: support digest message in SM2

[Gowrishankar Muthukrishnan]

Hi,
Could these patches get some review ?

Thanks,
Gowrishankar

> This patch series fixes SM2 algorithm implementation to support digest
> message as input along with plain message as today.
> 
> Gowrishankar Muthukrishnan (6):
>   crypto/openssl: include SM2 in asymmetric capabilities
>   cryptodev: add RNG capability in EC based xform
>   cryptodev: add hash support in asymmetric capability
>   cryptodev: use generic EC xform params for SM2
>   app/test: check asymmetric capabilities in SM2 test
>   crypto/cnxk: add SM2 support
> 
>  app/test/test_cryptodev_asym.c                | 131 ++++++----
>  app/test/test_cryptodev_sm2_test_vectors.h    |  32 ++-
>  doc/guides/cryptodevs/features/cn10k.ini      |   1 +
>  doc/guides/rel_notes/release_23_11.rst        |   6 +
>  drivers/common/cnxk/hw/cpt.h                  |   3 +-
>  drivers/common/cnxk/roc_ae.c                  |  32 ++-
>  drivers/common/cnxk/roc_ae.h                  |   3 +-
>  drivers/common/cnxk/roc_ae_fpm_tables.c       | 190 ++++++++++++++
>  drivers/crypto/cnxk/cnxk_ae.h                 | 232 +++++++++++++++++-
>  drivers/crypto/cnxk/cnxk_cryptodev.h          |   2 +-
>  .../crypto/cnxk/cnxk_cryptodev_capabilities.c |  17 ++
> drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  19 +-
>  lib/cryptodev/cryptodev_trace.h               |   9 +
>  lib/cryptodev/cryptodev_trace_points.c        |   3 +
>  lib/cryptodev/rte_crypto_asym.h               |  15 +-
>  lib/cryptodev/rte_cryptodev.c                 |  16 ++
>  lib/cryptodev/rte_cryptodev.h                 |  25 ++
>  lib/cryptodev/version.map                     |   1 +
>  18 files changed, 666 insertions(+), 71 deletions(-)
> 
> --
> 2.25.1

RE: [v1 1/6] crypto/openssl: include SM2 in asymmetric capabilities

[Kusztal, ArkadiuszX]

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Thursday, August 10, 2023 11:35 AM
> To: dev@dpdk.org
> Cc: anoobj@marvell.com; Akhil Goyal <gakhil@marvell.com>; Fan Zhang
> <fanzhang.oss@gmail.com>; Ji, Kai <kai.ji@intel.com>; Gowrishankar
> Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1 1/6] crypto/openssl: include SM2 in asymmetric capabilities
> 
> Include SM2 algorithm in the asymmetric capabilities supported by OpenSSL
> PMD.
> 
> Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c | 14 ++++++++++++++
>  1 file changed, 14 insertions(+)
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 85a4fa3e55..2eb450fcfd 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +				 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
> +			}
> +		}
> +		}
> +	},
> 
>  	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
>  };
> --
> 2.25.1

Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

RE: [v1 2/6] cryptodev: add RNG capability in EC based xform

[Kusztal, ArkadiuszX]

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Thursday, August 10, 2023 11:35 AM
> To: dev@dpdk.org
> Cc: anoobj@marvell.com; Akhil Goyal <gakhil@marvell.com>; Fan Zhang
> <fanzhang.oss@gmail.com>; Ji, Kai <kai.ji@intel.com>; Gowrishankar
> Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1 2/6] cryptodev: add RNG capability in EC based xform
> 
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 2eb450fcfd..0f88669f41 100644
>  		 * Value 0 mean implementation default
>  		 */
> +
> +		uint8_t internal_rng;
> +		/**< Availability of random number generator for Elliptic curve
> based xform.
> +		 * Value 0 means unavailable, and application should pass the
> required
> +		 * random value. Otherwise, PMD would internally compute the
> random number.
> +		 */
>  	};
>  };
> 
> --
> 2.25.1

Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

RE: [v1 3/6] cryptodev: add hash support in asymmetric capability

[Kusztal, ArkadiuszX]

Hi Gowrishankar,

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Thursday, August 10, 2023 11:35 AM
> To: dev@dpdk.org
> Cc: anoobj@marvell.com; Akhil Goyal <gakhil@marvell.com>; Fan Zhang
> <fanzhang.oss@gmail.com>; Ji, Kai <kai.ji@intel.com>; Gowrishankar
> Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1 3/6] cryptodev: add hash support in asymmetric capability
> 
> Most of the asymmetric operations start with hash of the input.
> Add a new field in asymmetric capability to declare support for hash operations
> that PMD can support for the asymmetric operations. Application can skip
> computing hash if PMD already supports it.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c |  1 +
>  lib/cryptodev/cryptodev_trace.h              |  9 +++++++++
>  lib/cryptodev/cryptodev_trace_points.c       |  3 +++
>  lib/cryptodev/rte_crypto_asym.h              |  3 +++
>  lib/cryptodev/rte_cryptodev.c                | 16 ++++++++++++++++
>  lib/cryptodev/rte_cryptodev.h                | 19 +++++++++++++++++++
>  lib/cryptodev/version.map                    |  1 +
>  7 files changed, 52 insertions(+)
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 0f88669f41..0b3601db40 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -598,6 +598,7 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
>  		{.asym = {
>  			.xform_capa = {
>  				.xform_type =
> RTE_CRYPTO_ASYM_XFORM_SM2,
> +				.hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
>  				.op_types =
>  				((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
>  				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | diff --
> git a/lib/cryptodev/cryptodev_trace.h b/lib/cryptodev/cryptodev_trace.h index
> aab44af96b..935f0d564b 100644
> --- a/lib/cryptodev/cryptodev_trace.h
> +++ b/lib/cryptodev/cryptodev_trace.h
> @@ -520,6 +520,15 @@ RTE_TRACE_POINT(
>  	rte_trace_point_emit_int(ret);
>  )
> 
> +RTE_TRACE_POINT(
> +	rte_cryptodev_trace_asym_xform_capability_check_hash,
> +	RTE_TRACE_POINT_ARGS(uint64_t hash_algos,
> +		enum rte_crypto_auth_algorithm hash, int ret),
> +	rte_trace_point_emit_u64(hash_algos);
> +	rte_trace_point_emit_int(hash);
> +	rte_trace_point_emit_int(ret);
> +)
> +
>  RTE_TRACE_POINT(
>  	rte_cryptodev_trace_count,
>  	RTE_TRACE_POINT_ARGS(uint8_t nb_devs), diff --git
> a/lib/cryptodev/cryptodev_trace_points.c
> b/lib/cryptodev/cryptodev_trace_points.c
> index e2303fdb52..8c47ab1e78 100644
> --- a/lib/cryptodev/cryptodev_trace_points.c
> +++ b/lib/cryptodev/cryptodev_trace_points.c
> @@ -144,6 +144,9 @@
> RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_ch
> eck_modlen,
> 
> RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_ch
> eck_optype,
>  	lib.cryptodev.asym.xform.capability.check.optype)
> 
> +RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_c
> heck_hash,
> +	lib.cryptodev.asym.xform.capability.check.hash)
> +
>  RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_cpu_crypto_process,
>  	lib.cryptodev.sym.cpu.crypto.process)
> 
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 8b5794fb7c..51f5476c6e 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -377,6 +377,9 @@ struct rte_crypto_dsa_xform {  struct
> rte_crypto_ec_xform {
>  	enum rte_crypto_curve_id curve_id;
>  	/**< Pre-defined ec groups */
> +
> +	enum rte_crypto_auth_algorithm hash;
[Arek] I think that session should only contain information that are constant across its lifetime. Here we decided to have a curve id, but this could be curve + key. But hash may be different for any op, additionally this xform is used for key exchange; multiplication or potentially encryption/decryption., which usually does not need any hash. I would have it in the op.
> +	/**< Hash algorithm used in EC op. */
>  };
> 
>  /**
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index
> c49d342b17..041d3074db 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -718,6 +718,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
>  	return ret;
>  }
> 
> +bool
> +rte_cryptodev_asym_xform_capability_check_hash(
> +	const struct rte_cryptodev_asymmetric_xform_capability *capability,
> +	enum rte_crypto_auth_algorithm hash)
> +{
> +	bool ret = false;
> +
> +	if (capability->hash_algos & (1 << hash))
> +		ret = true;
> +
> +	rte_cryptodev_trace_asym_xform_capability_check_hash(
> +		capability->hash_algos, hash, ret);
> +
> +	return ret;
> +}
> +
>  /* spinlock for crypto device enq callbacks */  static rte_spinlock_t
> rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
> 
> diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h index
> 64810c9ec4..536e082244 100644
> --- a/lib/cryptodev/rte_cryptodev.h
> +++ b/lib/cryptodev/rte_cryptodev.h
> @@ -189,6 +189,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
>  		 * random value. Otherwise, PMD would internally compute the
> random number.
>  		 */
>  	};
> +
> +	uint64_t hash_algos;
> +	/**< Bitmask of hash algorithms supported for op_type. */
>  };
> 
>  /**
> @@ -348,6 +351,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
>  	const struct rte_cryptodev_asymmetric_xform_capability *capability,
>  		uint16_t modlen);
> 
> +/**
> + * Check if hash algorithm is supported.
> + *
> + * @param	capability	Asymmetric crypto capability.
> + * @param	hash		Hash algorithm.
> + *
> + * @return
> + *   - Return true if the hash algorithm is supported.
> + *   - Return false if the hash algorithm is not supported.
> + */
> +__rte_experimental
> +bool
> +rte_cryptodev_asym_xform_capability_check_hash(
> +	const struct rte_cryptodev_asymmetric_xform_capability *capability,
> +	enum rte_crypto_auth_algorithm hash);
> +
>  /**
>   * Provide the cipher algorithm enum, given an algorithm string
>   *
> diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map index
> ae8d9327b4..3c2d1780e0 100644
> --- a/lib/cryptodev/version.map
> +++ b/lib/cryptodev/version.map
> @@ -54,6 +54,7 @@ EXPERIMENTAL {
>  	rte_cryptodev_asym_get_xform_enum;
>  	rte_cryptodev_asym_session_create;
>  	rte_cryptodev_asym_session_free;
> +	rte_cryptodev_asym_xform_capability_check_hash;
>  	rte_cryptodev_asym_xform_capability_check_modlen;
>  	rte_cryptodev_asym_xform_capability_check_optype;
>  	rte_cryptodev_sym_cpu_crypto_process;
> --
> 2.25.1

RE: [v1 4/6] cryptodev: use generic EC xform params for SM2

[Kusztal, ArkadiuszX]

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Thursday, August 10, 2023 11:35 AM
> To: dev@dpdk.org
> Cc: anoobj@marvell.com; Akhil Goyal <gakhil@marvell.com>; Fan Zhang
> <fanzhang.oss@gmail.com>; Ji, Kai <kai.ji@intel.com>; Gowrishankar
> Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1 4/6] cryptodev: use generic EC xform params for SM2
> 
> Now, generic EC xform parameters include hash algorithm field.
> Hence, SM2 curve can use this generic struct for setting hash algorithm, which
> would also require SM2 curve ID enumerated along with other curves, as listed
> in:
> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  app/test/test_cryptodev_asym.c               | 12 ++++++++----
>  app/test/test_cryptodev_sm2_test_vectors.h   |  4 +++-
>  doc/guides/rel_notes/release_23_11.rst       |  2 ++
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c |  2 +-
>  lib/cryptodev/rte_crypto_asym.h              | 16 ++--------------
>  5 files changed, 16 insertions(+), 20 deletions(-)
> 
> diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
> index 0ef2642fdd..b08772a9bf 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -1838,7 +1838,8 @@ _test_sm2_sign(bool rnd_secret)
>  	/* Setup asym xform */
>  	xform.next = NULL;
>  	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
> -	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
> +	xform.ec.curve_id = input_params.curve;
> +	xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
> 
>  	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
> &sess);
>  	if (ret < 0) {
> @@ -2019,7 +2020,8 @@ test_sm2_verify(void)
>  	/* Setup asym xform */
>  	xform.next = NULL;
>  	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
> -	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
> +	xform.ec.curve_id = input_params.curve;
> +	xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
> 
>  	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
> &sess);
>  	if (ret < 0) {
> @@ -2120,7 +2122,8 @@ _test_sm2_enc(bool rnd_secret)
>  	/* Setup asym xform */
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -69,7 +69,8 @@ enum rte_crypto_curve_id {
>  	RTE_CRYPTO_EC_GROUP_SECP224R1 = 21,
>  	RTE_CRYPTO_EC_GROUP_SECP256R1 = 23,
>  	RTE_CRYPTO_EC_GROUP_SECP384R1 = 24,
> -	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25
> +	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25,
> +	RTE_CRYPTO_EC_GROUP_SM2       = 41,
>  };
> 
>  /**
> @@ -382,16 +383,6 @@ struct rte_crypto_ec_xform {
>  	/**< Hash algorithm used in EC op. */
>  };
> 
> -/**
> - * Asymmetric SM2 transform data.
> - *
> - * Structure describing SM2 xform params.
> - */
> -struct rte_crypto_sm2_xform {
> -	enum rte_crypto_auth_algorithm hash;
> -	/**< Hash algorithm used in SM2 op. */
> -};
> -
>  /**
>   * Operations params for modular operations:
>   * exponentiation and multiplicative inverse @@ -649,9 +640,6 @@ struct
> rte_crypto_asym_xform {
>  		/**< EC xform parameters, used by elliptic curve based
>  		 * operations.
>  		 */
> -
> -		struct rte_crypto_sm2_xform sm2;
> -		/**< SM2 xform parameters */
>  	};
>  };
> 
> --
> 2.25.1
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

RE: [v1 5/6] app/test: check asymmetric capabilities in SM2 test

[Kusztal, ArkadiuszX]

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Thursday, August 10, 2023 11:35 AM
> To: dev@dpdk.org
> Cc: anoobj@marvell.com; Akhil Goyal <gakhil@marvell.com>; Fan Zhang
> <fanzhang.oss@gmail.com>; Ji, Kai <kai.ji@intel.com>; Gowrishankar
> Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1 5/6] app/test: check asymmetric capabilities in SM2 test
> 
> Check asymmetric capabilities such as SM3 hash support and internal RNG and
> accordingly choose op params for SM2 test.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  app/test/test_cryptodev_asym.c             | 127 ++++++++++++++-------
>  app/test/test_cryptodev_sm2_test_vectors.h |  28 +++--
>  2 files changed, 103 insertions(+), 52 deletions(-)
> 
> diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
> index b08772a9bf..1f39b1f017 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -608,6 +608,7 @@ static inline void print_asym_capa(
>  	break;
>  	case RTE_CRYPTO_ASYM_XFORM_ECDSA:
>  	case RTE_CRYPTO_ASYM_XFORM_ECPM:
> +	case RTE_CRYPTO_ASYM_XFORM_SM2:
>  	default:
>  		break;
>  	}
> @@ -1806,12 +1807,14 @@ test_ecpm_all_curve(void)  }
> 
>  static int
> -_test_sm2_sign(bool rnd_secret)
> +test_sm2_sign(void)
>  {
>  	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
>  	struct crypto_testsuite_sm2_params input_params =
> sm2_param_fp256;
> +	const struct rte_cryptodev_asymmetric_xform_capability *capa;
>  	struct rte_mempool *sess_mpool = ts_params->session_mpool;
>  	struct rte_mempool *op_mpool = ts_params->op_mpool;
> +	struct rte_cryptodev_asym_capability_idx idx;
>  	uint8_t dev_id = ts_params->valid_devs[0];
>  	struct rte_crypto_op *result_op = NULL;
>  	uint8_t output_buf_r[TEST_DATA_SIZE];
> @@ -1822,6 +1825,12 @@ _test_sm2_sign(bool rnd_secret)
>  	int ret, status = TEST_SUCCESS;
>  	void *sess = NULL;
> 
> +	/* Check SM2 capability */
> +	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
> +	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
> +	if (capa == NULL)
> +		return -ENOTSUP;
> +
>  	/* Setup crypto op data structure */
>  	op = rte_crypto_op_alloc(op_mpool,
> RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> -	0x8d, 0x8d, 0xb5, 0x40, 0xe3, 0xfb, 0x98, 0xf9,
> -	0x8c, 0xe4, 0x58, 0x60, 0xf2, 0x78, 0x8f, 0xd9,
> -	0xbf, 0xb8, 0x47, 0x73, 0x88, 0xc1, 0xd1, 0xcd,
> -	0x2d, 0xdb, 0xe3, 0xc1, 0x44, 0x30, 0x25, 0x86
> +	0x5A, 0x3C, 0x96, 0x3E, 0x1C, 0xB4, 0x19, 0xF9,
> +	0xD7, 0x78, 0xB8, 0xCE, 0xFF, 0x9D, 0xB1, 0x31,
> +	0x77, 0xDB, 0xA0, 0xFE, 0x84, 0x61, 0x1A, 0xD9,
> +	0x4E, 0xFF, 0x82, 0x13, 0x1C, 0xCA, 0x04, 0x75,
>  };
> 
>  static uint8_t fp256_id[] = {
> @@ -68,6 +69,13 @@ static uint8_t fp256_message[] = {
>  	0x64, 0x69, 0x67, 0x65, 0x73, 0x74
>  };
> 
> +static uint8_t fp256_digest[] = {
> +	0x0F, 0xB5, 0xCE, 0xF3, 0x3C, 0xB7, 0xD1, 0x35,
> +	0xA9, 0x3A, 0xC7, 0xA7, 0x89, 0x2A, 0x6D, 0x9A,
> +	0xF3, 0x1E, 0xC5, 0x38, 0xD3, 0x65, 0x1B, 0xB9,
> +	0xDF, 0x5F, 0x7F, 0x4A, 0xD8, 0x89, 0x57, 0xF1 };
> +
>  static uint8_t fp256_cipher[] = {
>  	0x30, 0x78, 0x02, 0x21, 0x00, 0xAB, 0xBD, 0xE8,
>  	0xE8, 0x80, 0x93, 0x36, 0x77, 0xB6, 0x44, 0x47, @@ -121,6 +129,10
> @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = {
>  		.data = fp256_message,
>  		.length = sizeof(fp256_message),
>  	},
> +	.digest = {
> +		.data = fp256_digest,
> +		.length = sizeof(fp256_digest),
> +	},
>  	.cipher = {
>  		.data = fp256_cipher,
>  		.length = sizeof(fp256_cipher),
> --
> 2.25.1

Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

RE: [v1 3/6] cryptodev: add hash support in asymmetric capability

[Gowrishankar Muthukrishnan]

Hi Arek,
> > rte_crypto_ec_xform {
> >  	enum rte_crypto_curve_id curve_id;
> >  	/**< Pre-defined ec groups */
> > +
> > +	enum rte_crypto_auth_algorithm hash;
> [Arek] I think that session should only contain information that are constant
> across its lifetime. Here we decided to have a curve id, but this could be
> curve + key. But hash may be different for any op, additionally this xform is
> used for key exchange; multiplication or potentially encryption/decryption.,
> which usually does not need any hash. I would have it in the op.

Ack. I will send next version of this series with this modification.
Reason we had in xform is to stop app not to process enq if session creation itself
would fail (without required capability).

In the next version of patch, you would see (2/7), you keys moved into session.

Thanks,
Gowrishankar
> > +	/**< Hash algorithm used in EC op. */
> >  };
> >
> >  /**
> > diff --git a/lib/cryptodev/rte_cryptodev.c
> > b/lib/cryptodev/rte_cryptodev.c index c49d342b17..041d3074db 100644
> > --- a/lib/cryptodev/rte_cryptodev.c
> > +++ b/lib/cryptodev/rte_cryptodev.c
> > @@ -718,6 +718,22 @@
> rte_cryptodev_asym_xform_capability_check_modlen(
> >  	return ret;
> >  }
> >
> > +bool
> > +rte_cryptodev_asym_xform_capability_check_hash(
> > +	const struct rte_cryptodev_asymmetric_xform_capability
> *capability,
> > +	enum rte_crypto_auth_algorithm hash) {
> > +	bool ret = false;
> > +
> > +	if (capability->hash_algos & (1 << hash))
> > +		ret = true;
> > +
> > +	rte_cryptodev_trace_asym_xform_capability_check_hash(
> > +		capability->hash_algos, hash, ret);
> > +
> > +	return ret;
> > +}
> > +
> >  /* spinlock for crypto device enq callbacks */  static rte_spinlock_t
> > rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
> >
> > diff --git a/lib/cryptodev/rte_cryptodev.h
> > b/lib/cryptodev/rte_cryptodev.h index
> > 64810c9ec4..536e082244 100644
> > --- a/lib/cryptodev/rte_cryptodev.h
> > +++ b/lib/cryptodev/rte_cryptodev.h
> > @@ -189,6 +189,9 @@ struct rte_cryptodev_asymmetric_xform_capability
> {
> >  		 * random value. Otherwise, PMD would internally compute
> the random
> > number.
> >  		 */
> >  	};
> > +
> > +	uint64_t hash_algos;
> > +	/**< Bitmask of hash algorithms supported for op_type. */
> >  };
> >
> >  /**
> > @@ -348,6 +351,22 @@
> rte_cryptodev_asym_xform_capability_check_modlen(
> >  	const struct rte_cryptodev_asymmetric_xform_capability
> *capability,
> >  		uint16_t modlen);
> >
> > +/**
> > + * Check if hash algorithm is supported.
> > + *
> > + * @param	capability	Asymmetric crypto capability.
> > + * @param	hash		Hash algorithm.
> > + *
> > + * @return
> > + *   - Return true if the hash algorithm is supported.
> > + *   - Return false if the hash algorithm is not supported.
> > + */
> > +__rte_experimental
> > +bool
> > +rte_cryptodev_asym_xform_capability_check_hash(
> > +	const struct rte_cryptodev_asymmetric_xform_capability
> *capability,
> > +	enum rte_crypto_auth_algorithm hash);
> > +
> >  /**
> >   * Provide the cipher algorithm enum, given an algorithm string
> >   *
> > diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
> > index
> > ae8d9327b4..3c2d1780e0 100644
> > --- a/lib/cryptodev/version.map
> > +++ b/lib/cryptodev/version.map
> > @@ -54,6 +54,7 @@ EXPERIMENTAL {
> >  	rte_cryptodev_asym_get_xform_enum;
> >  	rte_cryptodev_asym_session_create;
> >  	rte_cryptodev_asym_session_free;
> > +	rte_cryptodev_asym_xform_capability_check_hash;
> >  	rte_cryptodev_asym_xform_capability_check_modlen;
> >  	rte_cryptodev_asym_xform_capability_check_optype;
> >  	rte_cryptodev_sym_cpu_crypto_process;
> > --
> > 2.25.1

[PATCH v2 0/7] cryptodev: support digest message in SM2

[Gowrishankar Muthukrishnan]

This patch series fixes SM2 algorithm implementation to
support digest message as input along with plain message
as today.

v2:
 - private and pubic keys stored per session.

Gowrishankar Muthukrishnan (7):
  crypto/openssl: include SM2 in asymmetric capabilities
  cryptodev: set private and public keys in EC session
  cryptodev: add RNG capability in EC based xform
  cryptodev: add hash algorithms in asymmetric capability
  cryptodev: use generic EC xform params for SM2
  app/test: check asymmetric capabilities in SM2 test
  crypto/cnxk: add SM2 support

 app/test/test_cryptodev_asym.c                | 199 ++++++++-----
 app/test/test_cryptodev_sm2_test_vectors.h    |  32 ++-
 doc/guides/cryptodevs/features/cn10k.ini      |   1 +
 doc/guides/rel_notes/release_23_11.rst        |   8 +
 drivers/common/cnxk/hw/cpt.h                  |   3 +-
 drivers/common/cnxk/roc_ae.c                  |  32 ++-
 drivers/common/cnxk/roc_ae.h                  |  21 +-
 drivers/common/cnxk/roc_ae_fpm_tables.c       | 190 +++++++++++++
 drivers/common/cpt/cpt_mcode_defines.h        |  18 ++
 drivers/common/cpt/cpt_ucode_asym.h           |  22 +-
 drivers/crypto/cnxk/cnxk_ae.h                 | 269 +++++++++++++++++-
 drivers/crypto/cnxk/cnxk_cryptodev.h          |   2 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c |  17 ++
 drivers/crypto/openssl/rte_openssl_pmd.c      |  53 +---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  55 +++-
 drivers/crypto/qat/qat_asym.c                 |   6 +-
 examples/fips_validation/main.c               |  14 +-
 lib/cryptodev/cryptodev_trace.h               |   9 +
 lib/cryptodev/cryptodev_trace_points.c        |   3 +
 lib/cryptodev/rte_crypto_asym.h               |  34 +--
 lib/cryptodev/rte_cryptodev.c                 |  16 ++
 lib/cryptodev/rte_cryptodev.h                 |  25 ++
 lib/cryptodev/version.map                     |   1 +
 23 files changed, 834 insertions(+), 196 deletions(-)

-- 
2.25.1

[PATCH v2 1/7] crypto/openssl: include SM2 in asymmetric capabilities

[Gowrishankar Muthukrishnan]

Include SM2 algorithm in the asymmetric capabilities supported
by OpenSSL PMD.

Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 85a4fa3e55..2eb450fcfd 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -593,6 +593,20 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		},
 		}
 	},
+	{	/* SM2 */
+		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+		{.asym = {
+			.xform_capa = {
+				.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+				.op_types =
+				((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
+				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
+				 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
+				 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+			}
+		}
+		}
+	},
 
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
-- 
2.25.1

[PATCH v2 2/7] cryptodev: set private and public keys in EC session

[Gowrishankar Muthukrishnan]

Set EC private and public keys into xform so that, it can be
maintained per session.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 app/test/test_cryptodev_asym.c               | 121 ++++++----
 drivers/common/cnxk/roc_ae.h                 |  18 ++
 drivers/common/cpt/cpt_mcode_defines.h       |  18 ++
 drivers/common/cpt/cpt_ucode_asym.h          |  22 +-
 drivers/crypto/cnxk/cnxk_ae.h                | 235 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd.c     |  53 +----
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  38 ++-
 drivers/crypto/qat/qat_asym.c                |   6 +-
 examples/fips_validation/main.c              |  14 +-
 lib/cryptodev/rte_crypto_asym.h              |  28 +--
 10 files changed, 409 insertions(+), 144 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 9820b80f7e..0e7a9b5460 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1503,6 +1503,12 @@ test_ecdsa_sign_verify(enum curve curve_id)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
 	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -1524,8 +1530,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
 	op->asym->ecdsa.message.length = input_params.digest.length;
 	op->asym->ecdsa.k.data = input_params.scalar.data;
 	op->asym->ecdsa.k.length = input_params.scalar.length;
-	op->asym->ecdsa.pkey.data = input_params.pkey.data;
-	op->asym->ecdsa.pkey.length = input_params.pkey.length;
 
 	/* Init out buf */
 	op->asym->ecdsa.r.data = output_buf_r;
@@ -1582,10 +1586,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
 
 	/* Populate op with operational details */
 	op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
-	op->asym->ecdsa.q.x.data = input_params.pubkey_qx.data;
-	op->asym->ecdsa.q.x.length = input_params.pubkey_qx.length;
-	op->asym->ecdsa.q.y.data = input_params.pubkey_qy.data;
-	op->asym->ecdsa.q.y.length = input_params.pubkey_qx.length;
 	op->asym->ecdsa.r.data = asym_op->ecdsa.r.data;
 	op->asym->ecdsa.r.length = asym_op->ecdsa.r.length;
 	op->asym->ecdsa.s.data = asym_op->ecdsa.s.data;
@@ -1653,10 +1653,10 @@ test_ecpm(enum curve curve_id)
 	struct crypto_testsuite_ecpm_params input_params;
 	void *sess = NULL;
 	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_asym_xform xform = {0};
 	struct rte_crypto_op *result_op = NULL;
 	uint8_t output_buf_x[TEST_DATA_SIZE];
 	uint8_t output_buf_y[TEST_DATA_SIZE];
-	struct rte_crypto_asym_xform xform;
 	struct rte_crypto_asym_op *asym_op;
 	struct rte_cryptodev_info dev_info;
 	struct rte_crypto_op *op = NULL;
@@ -1838,7 +1838,13 @@ _test_sm2_sign(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -1856,16 +1862,23 @@ _test_sm2_sign(bool rnd_secret)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
-	asym_op->sm2.message.data = input_params.message.data;
-	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
-	asym_op->sm2.id.data = input_params.id.data;
-	asym_op->sm2.id.length = input_params.id.length;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
+	if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) {
+		asym_op->sm2.message.data = input_params.message.data;
+		asym_op->sm2.message.length = input_params.message.length;
+		asym_op->sm2.id.data = input_params.id.data;
+		asym_op->sm2.id.length = input_params.id.length;
+	} else {
+		asym_op->sm2.message.data = input_params.digest.data;
+		asym_op->sm2.message.length = input_params.digest.length;
+		asym_op->sm2.id.data = NULL;
+		asym_op->sm2.id.length = 0;
+	}
+
 	if (rnd_secret) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
@@ -2019,7 +2032,13 @@ test_sm2_verify(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2037,14 +2056,23 @@ test_sm2_verify(void)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
-	asym_op->sm2.message.data = input_params.message.data;
-	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
+	if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) {
+		asym_op->sm2.message.data = input_params.message.data;
+		asym_op->sm2.message.length = input_params.message.length;
+		asym_op->sm2.id.data = input_params.id.data;
+		asym_op->sm2.id.length = input_params.id.length;
+	} else {
+		asym_op->sm2.message.data = input_params.digest.data;
+		asym_op->sm2.message.length = input_params.digest.length;
+		asym_op->sm2.id.data = NULL;
+		asym_op->sm2.id.length = 0;
+	}
+
 	asym_op->sm2.r.data = input_params.sign_r.data;
 	asym_op->sm2.r.length = input_params.sign_r.length;
 	asym_op->sm2.s.data = input_params.sign_s.data;
@@ -2120,7 +2148,13 @@ _test_sm2_enc(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2138,14 +2172,14 @@ _test_sm2_enc(bool rnd_secret)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
+
 	if (rnd_secret) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
@@ -2299,7 +2333,13 @@ test_sm2_dec(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2317,14 +2357,13 @@ test_sm2_dec(void)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
 	asym_op->sm2.cipher.data = input_params.cipher.data;
 	asym_op->sm2.cipher.length = input_params.cipher.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
 
 	/* Init out buf */
 	asym_op->sm2.message.data = output_buf_m;
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index c972878eff..d8ad0129b1 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -67,6 +67,24 @@ struct roc_ae_ec_group {
 struct roc_ae_ec_ctx {
 	/* Prime length defined by microcode for EC operations */
 	uint8_t curveid;
+
+	/* Private key */
+	struct {
+		uint8_t data[66];
+		unsigned int length;
+	} pkey;
+
+	/* Public key */
+	struct {
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} x;
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} y;
+	} q;
 };
 
 /* Buffer pointer */
diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h
index e6dcb7674c..b337dbc68d 100644
--- a/drivers/common/cpt/cpt_mcode_defines.h
+++ b/drivers/common/cpt/cpt_mcode_defines.h
@@ -364,6 +364,24 @@ struct cpt_ec_group {
 struct cpt_asym_ec_ctx {
 	/* Prime length defined by microcode for EC operations */
 	uint8_t curveid;
+
+	/* Private key */
+	struct {
+		uint8_t data[66];
+		unsigned int length;
+	} pkey;
+
+	/* Public key */
+	struct {
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} x;
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} y;
+	} q;
 };
 
 struct cpt_asym_sess_misc {
diff --git a/drivers/common/cpt/cpt_ucode_asym.h b/drivers/common/cpt/cpt_ucode_asym.h
index 1105a0c125..e1034bbeb4 100644
--- a/drivers/common/cpt/cpt_ucode_asym.h
+++ b/drivers/common/cpt/cpt_ucode_asym.h
@@ -633,12 +633,13 @@ static __rte_always_inline void
 cpt_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 		    struct asym_op_params *ecdsa_params,
 		    uint64_t fpm_table_iova,
-		    uint8_t curveid)
+		    struct cpt_asym_sess_misc *sess)
 {
 	struct cpt_request_info *req = ecdsa_params->req;
 	uint16_t message_len = ecdsa->message.length;
 	phys_addr_t mphys = ecdsa_params->meta_buf;
-	uint16_t pkey_len = ecdsa->pkey.length;
+	uint16_t pkey_len = sess->ec_ctx.pkey.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t p_align, k_align, m_align;
 	uint16_t k_len = ecdsa->k.length;
 	uint16_t order_len, prime_len;
@@ -688,7 +689,7 @@ cpt_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr + o_offset, ec_grp[curveid].order.data, order_len);
 	dptr += p_align;
 
-	memcpy(dptr + pk_offset, ecdsa->pkey.data, pkey_len);
+	memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
 	dptr += p_align;
 
 	memcpy(dptr, ecdsa->message.data, message_len);
@@ -735,14 +736,15 @@ static __rte_always_inline void
 cpt_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 		      struct asym_op_params *ecdsa_params,
 		      uint64_t fpm_table_iova,
-		      uint8_t curveid)
+		      struct cpt_asym_sess_misc *sess)
 {
 	struct cpt_request_info *req = ecdsa_params->req;
 	uint32_t message_len = ecdsa->message.length;
 	phys_addr_t mphys = ecdsa_params->meta_buf;
+	uint16_t qx_len = sess->ec_ctx.q.x.length;
+	uint16_t qy_len = sess->ec_ctx.q.y.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t o_offset, r_offset, s_offset;
-	uint16_t qx_len = ecdsa->q.x.length;
-	uint16_t qy_len = ecdsa->q.y.length;
 	uint16_t r_len = ecdsa->r.length;
 	uint16_t s_len = ecdsa->s.length;
 	uint16_t order_len, prime_len;
@@ -802,10 +804,10 @@ cpt_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr, ec_grp[curveid].prime.data, prime_len);
 	dptr += p_align;
 
-	memcpy(dptr + qx_offset, ecdsa->q.x.data, qx_len);
+	memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
 	dptr += p_align;
 
-	memcpy(dptr + qy_offset, ecdsa->q.y.data, qy_len);
+	memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
 	dptr += p_align;
 
 	memcpy(dptr, ec_grp[curveid].consta.data, prime_len);
@@ -852,10 +854,10 @@ cpt_enqueue_ecdsa_op(struct rte_crypto_op *op,
 	uint8_t curveid = sess->ec_ctx.curveid;
 
 	if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
-		cpt_ecdsa_sign_prep(ecdsa, params, fpm_iova[curveid], curveid);
+		cpt_ecdsa_sign_prep(ecdsa, params, fpm_iova[curveid], sess);
 	else if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
 		cpt_ecdsa_verify_prep(ecdsa, params, fpm_iova[curveid],
-				      curveid);
+				      sess);
 	else {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 		return -EINVAL;
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 7ad259b7f4..8fdb45177b 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -198,6 +198,21 @@ cnxk_ae_fill_ec_params(struct cnxk_ae_sess *sess,
 		return -EINVAL;
 	}
 
+	if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_ECPM)
+		return 0;
+
+	ec->pkey.length = xform->ec.pkey.length;
+	if (xform->ec.pkey.length)
+		rte_memcpy(ec->pkey.data, xform->ec.pkey.data, xform->ec.pkey.length);
+
+	ec->q.x.length = xform->ec.q.x.length;
+	if (xform->ec.q.x.length)
+		rte_memcpy(ec->q.x.data, xform->ec.q.x.data, xform->ec.q.x.length);
+
+	ec->q.y.length = xform->ec.q.y.length;
+	if (xform->ec.q.y.length)
+		rte_memcpy(ec->q.y.data, xform->ec.q.y.data, xform->ec.q.y.length);
+
 	return 0;
 }
 
@@ -502,10 +517,11 @@ static __rte_always_inline void
 cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 			struct roc_ae_buf_ptr *meta_buf,
 			uint64_t fpm_table_iova, struct roc_ae_ec_group *ec_grp,
-			uint8_t curveid, struct cpt_inst_s *inst)
+			struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
 {
 	uint16_t message_len = ecdsa->message.length;
-	uint16_t pkey_len = ecdsa->pkey.length;
+	uint16_t pkey_len = sess->ec_ctx.pkey.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t p_align, k_align, m_align;
 	uint16_t k_len = ecdsa->k.length;
 	uint16_t order_len, prime_len;
@@ -555,7 +571,7 @@ cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr + o_offset, ec_grp->order.data, order_len);
 	dptr += p_align;
 
-	memcpy(dptr + pk_offset, ecdsa->pkey.data, pkey_len);
+	memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
 	dptr += p_align;
 
 	memcpy(dptr, ecdsa->message.data, message_len);
@@ -579,17 +595,99 @@ cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	inst->rptr = (uintptr_t)dptr;
 }
 
+static __rte_always_inline void
+cnxk_ae_sm2_sign_prep(struct rte_crypto_sm2_op_param *sm2,
+			struct roc_ae_buf_ptr *meta_buf,
+			uint64_t fpm_table_iova, struct roc_ae_ec_group *ec_grp,
+			struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
+{
+	uint16_t message_len = sm2->message.length;
+	uint16_t pkey_len = sess->ec_ctx.pkey.length;
+	uint16_t p_align, k_align, m_align;
+	uint16_t k_len = sm2->k.length;
+	uint16_t order_len, prime_len;
+	uint16_t o_offset, pk_offset;
+	union cpt_inst_w4 w4;
+	uint16_t dlen;
+	uint8_t *dptr;
+
+	prime_len = ec_grp->prime.length;
+	order_len = ec_grp->order.length;
+
+	/* Truncate input length to curve prime length */
+	if (message_len > prime_len)
+		message_len = prime_len;
+	m_align = RTE_ALIGN_CEIL(message_len, 8);
+
+	p_align = RTE_ALIGN_CEIL(prime_len, 8);
+	k_align = RTE_ALIGN_CEIL(k_len, 8);
+
+	/* Set write offset for order and private key */
+	o_offset = prime_len - order_len;
+	pk_offset = p_align - pkey_len;
+
+	/* Input buffer */
+	dptr = meta_buf->vaddr;
+	inst->dptr = (uintptr_t)dptr;
+
+	/*
+	 * Set dlen = sum(sizeof(fpm address), ROUNDUP8(scalar len, input len),
+	 * ROUNDUP8(priv key len, prime len, order len)).
+	 * Please note, private key, order cannot exceed prime
+	 * length i.e 3 * p_align.
+	 */
+	dlen = sizeof(fpm_table_iova) + k_align + m_align + p_align * 5;
+
+	memset(dptr, 0, dlen);
+
+	*(uint64_t *)dptr = fpm_table_iova;
+	dptr += sizeof(fpm_table_iova);
+
+	rte_memcpy(dptr, sm2->k.data, k_len);
+	dptr += k_align;
+
+	rte_memcpy(dptr, ec_grp->prime.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + o_offset, ec_grp->order.data, order_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, sm2->message.data, message_len);
+	dptr += m_align;
+
+	rte_memcpy(dptr, ec_grp->consta.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->constb.data, prime_len);
+	dptr += p_align;
+
+	/* Setup opcodes */
+	w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA;
+	w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_SIGN;
+
+	w4.s.param1 = 2 | 1 << 7 | 1 << 6 | (message_len << 8);
+	w4.s.param2 = (p_align << 8) | k_len;
+	w4.s.dlen = dlen;
+
+	inst->w4.u64 = w4.u64;
+	inst->rptr = (uintptr_t)dptr;
+}
+
 static __rte_always_inline void
 cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 			  struct roc_ae_buf_ptr *meta_buf,
 			  uint64_t fpm_table_iova,
-			  struct roc_ae_ec_group *ec_grp, uint8_t curveid,
+			  struct roc_ae_ec_group *ec_grp, struct cnxk_ae_sess *sess,
 			  struct cpt_inst_s *inst)
 {
 	uint32_t message_len = ecdsa->message.length;
+	uint16_t qx_len = sess->ec_ctx.q.x.length;
+	uint16_t qy_len = sess->ec_ctx.q.y.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t o_offset, r_offset, s_offset;
-	uint16_t qx_len = ecdsa->q.x.length;
-	uint16_t qy_len = ecdsa->q.y.length;
 	uint16_t r_len = ecdsa->r.length;
 	uint16_t s_len = ecdsa->s.length;
 	uint16_t order_len, prime_len;
@@ -649,10 +747,10 @@ cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr, ec_grp->prime.data, prime_len);
 	dptr += p_align;
 
-	memcpy(dptr + qx_offset, ecdsa->q.x.data, qx_len);
+	memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
 	dptr += p_align;
 
-	memcpy(dptr + qy_offset, ecdsa->q.y.data, qy_len);
+	memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
 	dptr += p_align;
 
 	memcpy(dptr, ec_grp->consta.data, prime_len);
@@ -673,6 +771,100 @@ cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	inst->rptr = (uintptr_t)dptr;
 }
 
+static __rte_always_inline void
+cnxk_ae_sm2_verify_prep(struct rte_crypto_sm2_op_param *sm2,
+			  struct roc_ae_buf_ptr *meta_buf,
+			  uint64_t fpm_table_iova,
+			  struct roc_ae_ec_group *ec_grp, struct cnxk_ae_sess *sess,
+			  struct cpt_inst_s *inst)
+{
+	uint32_t message_len = sm2->message.length;
+	uint16_t o_offset, r_offset, s_offset;
+	uint16_t qx_len = sess->ec_ctx.q.x.length;
+	uint16_t qy_len = sess->ec_ctx.q.y.length;
+	uint16_t r_len = sm2->r.length;
+	uint16_t s_len = sm2->s.length;
+	uint16_t order_len, prime_len;
+	uint16_t qx_offset, qy_offset;
+	uint16_t p_align, m_align;
+	union cpt_inst_w4 w4;
+	uint16_t dlen;
+	uint8_t *dptr;
+
+	prime_len = ec_grp->prime.length;
+	order_len = ec_grp->order.length;
+
+	/* Truncate input length to curve prime length */
+	if (message_len > prime_len)
+		message_len = prime_len;
+
+	m_align = RTE_ALIGN_CEIL(message_len, 8);
+	p_align = RTE_ALIGN_CEIL(prime_len, 8);
+
+	/* Set write offset for sign, order and public key coordinates */
+	o_offset = prime_len - order_len;
+	qx_offset = prime_len - qx_len;
+	qy_offset = prime_len - qy_len;
+	r_offset = prime_len - r_len;
+	s_offset = prime_len - s_len;
+
+	/* Input buffer */
+	dptr = meta_buf->vaddr;
+	inst->dptr = (uintptr_t)dptr;
+
+	/*
+	 * Set dlen = sum(sizeof(fpm address), ROUNDUP8(message len),
+	 * ROUNDUP8(sign len(r and s), public key len(x and y coordinates),
+	 * prime len, order len)).
+	 * Please note sign, public key and order can not exceed prime length
+	 * i.e. 6 * p_align
+	 */
+	dlen = sizeof(fpm_table_iova) + m_align + (8 * p_align);
+
+	memset(dptr, 0, dlen);
+
+	*(uint64_t *)dptr = fpm_table_iova;
+	dptr += sizeof(fpm_table_iova);
+
+	rte_memcpy(dptr + r_offset, sm2->r.data, r_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + s_offset, sm2->s.data, s_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, sm2->message.data, message_len);
+	dptr += m_align;
+
+	rte_memcpy(dptr + o_offset, ec_grp->order.data, order_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->prime.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->consta.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->constb.data, prime_len);
+	dptr += p_align;
+
+	/* Setup opcodes */
+	w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA;
+	w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_VERIFY;
+
+	w4.s.param1 = 2 | 1 << 7 | 1 << 6 | (message_len << 8);
+	w4.s.param2 = 0;
+	w4.s.dlen = dlen;
+
+	inst->w4.u64 = w4.u64;
+	inst->rptr = (uintptr_t)dptr;
+}
+
 static __rte_always_inline int __rte_hot
 cnxk_ae_enqueue_ecdsa_op(struct rte_crypto_op *op,
 			 struct roc_ae_buf_ptr *meta_buf,
@@ -685,10 +877,33 @@ cnxk_ae_enqueue_ecdsa_op(struct rte_crypto_op *op,
 
 	if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
 		cnxk_ae_ecdsa_sign_prep(ecdsa, meta_buf, fpm_iova[curveid],
-					ec_grp[curveid], curveid, inst);
+					ec_grp[curveid], sess, inst);
 	else if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
 		cnxk_ae_ecdsa_verify_prep(ecdsa, meta_buf, fpm_iova[curveid],
-					  ec_grp[curveid], curveid, inst);
+					  ec_grp[curveid], sess, inst);
+	else {
+		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		return -EINVAL;
+	}
+	return 0;
+}
+
+static __rte_always_inline int __rte_hot
+cnxk_ae_enqueue_sm2_op(struct rte_crypto_op *op,
+			 struct roc_ae_buf_ptr *meta_buf,
+			 struct cnxk_ae_sess *sess, uint64_t *fpm_iova,
+			 struct roc_ae_ec_group **ec_grp,
+			 struct cpt_inst_s *inst)
+{
+	struct rte_crypto_sm2_op_param *sm2 = &op->asym->sm2;
+	uint8_t curveid = sess->ec_ctx.curveid;
+
+	if (sm2->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
+		cnxk_ae_sm2_sign_prep(sm2, meta_buf, fpm_iova[curveid],
+					ec_grp[curveid], sess, inst);
+	else if (sm2->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+		cnxk_ae_sm2_verify_prep(sm2, meta_buf, fpm_iova[curveid],
+					  ec_grp[curveid], sess, inst);
 	else {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 		return -EINVAL;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5e8624cebe..c234882417 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2673,12 +2673,8 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
 {
 	EVP_PKEY_CTX *kctx = NULL, *sctx = NULL, *cctx = NULL;
 	struct rte_crypto_asym_op *op = cop->asym;
-	OSSL_PARAM_BLD *param_bld = NULL;
-	OSSL_PARAM *params = NULL;
+	OSSL_PARAM *params = sess->u.sm2.params;
 	EVP_PKEY *pkey = NULL;
-	BIGNUM *pkey_bn = NULL;
-	uint8_t pubkey[64];
-	size_t len = 0;
 	int ret = -1;
 
 	cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
@@ -2686,50 +2682,6 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
 	if (cop->asym->sm2.k.data != NULL)
 		goto err_sm2;
 
-	param_bld = OSSL_PARAM_BLD_new();
-	if (!param_bld) {
-		OPENSSL_LOG(ERR, "failed to allocate params\n");
-		goto err_sm2;
-	}
-
-	ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
-		OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0);
-	if (!ret) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
-	pkey_bn = BN_bin2bn((const unsigned char *)op->sm2.pkey.data,
-						op->sm2.pkey.length, pkey_bn);
-
-	memset(pubkey, 0, RTE_DIM(pubkey));
-	pubkey[0] = 0x04;
-	len += 1;
-	memcpy(&pubkey[len], op->sm2.q.x.data, op->sm2.q.x.length);
-	len += op->sm2.q.x.length;
-	memcpy(&pubkey[len], op->sm2.q.y.data, op->sm2.q.y.length);
-	len += op->sm2.q.y.length;
-
-	ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY,
-								 pkey_bn);
-	if (!ret) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
-	ret = OSSL_PARAM_BLD_push_octet_string(param_bld,
-			OSSL_PKEY_PARAM_PUB_KEY, pubkey, len);
-	if (!ret) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
-	params = OSSL_PARAM_BLD_to_param(param_bld);
-	if (!params) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
 	switch (op->sm2.op_type) {
 	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
 		{
@@ -2940,9 +2892,6 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
 	if (pkey)
 		EVP_PKEY_free(pkey);
 
-	if (param_bld)
-		OSSL_PARAM_BLD_free(param_bld);
-
 	return ret;
 }
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 2eb450fcfd..2a307aa839 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -1302,11 +1302,11 @@ static int openssl_set_asym_session_parameters(
 #ifndef OPENSSL_NO_SM2
 		OSSL_PARAM_BLD *param_bld = NULL;
 		OSSL_PARAM *params = NULL;
+		BIGNUM *pkey_bn = NULL;
+		uint8_t pubkey[64];
+		size_t len = 0;
 		int ret = -1;
 
-		if (xform->sm2.hash != RTE_CRYPTO_AUTH_SM3)
-			return -1;
-
 		param_bld = OSSL_PARAM_BLD_new();
 		if (!param_bld) {
 			OPENSSL_LOG(ERR, "failed to allocate params\n");
@@ -1320,6 +1320,38 @@ static int openssl_set_asym_session_parameters(
 			goto err_sm2;
 		}
 
+		ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
+				OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		pkey_bn = BN_bin2bn((const unsigned char *)xform->ec.pkey.data,
+							xform->ec.pkey.length, pkey_bn);
+
+		ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY,
+									 pkey_bn);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		memset(pubkey, 0, sizeof(pubkey));
+		pubkey[0] = 0x04;
+		len += 1;
+		memcpy(&pubkey[len], xform->ec.q.x.data, xform->ec.q.x.length);
+		len += xform->ec.q.x.length;
+		memcpy(&pubkey[len], xform->ec.q.y.data, xform->ec.q.y.length);
+		len += xform->ec.q.y.length;
+
+		ret = OSSL_PARAM_BLD_push_octet_string(param_bld,
+				OSSL_PKEY_PARAM_PUB_KEY, pubkey, len);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
 		params = OSSL_PARAM_BLD_to_param(param_bld);
 		if (!params) {
 			OPENSSL_LOG(ERR, "failed to push params\n");
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 7abd513423..0f196ace30 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -593,7 +593,7 @@ ecdsa_set_input(struct icp_qat_fw_pke_request *qat_req,
 		qat_func_alignsize =
 			RTE_ALIGN_CEIL(qat_function.bytesize, 8);
 
-		SET_PKE_9A_IN(asym_op->ecdsa.pkey, 0);
+		SET_PKE_9A_IN(xform->ec.pkey, 0);
 		SET_PKE_9A_IN(asym_op->ecdsa.message, 1);
 		SET_PKE_9A_IN(asym_op->ecdsa.k, 2);
 		SET_PKE_9A_EC(curve[curve_id], b, 3);
@@ -635,8 +635,8 @@ ecdsa_set_input(struct icp_qat_fw_pke_request *qat_req,
 		SET_PKE_9A_EC(curve[curve_id], n, 7);
 		SET_PKE_9A_EC(curve[curve_id], x, 6);
 		SET_PKE_9A_EC(curve[curve_id], y, 5);
-		SET_PKE_9A_IN(asym_op->ecdsa.q.x, 4);
-		SET_PKE_9A_IN(asym_op->ecdsa.q.y, 3);
+		SET_PKE_9A_IN(xform->ec.q.x, 4);
+		SET_PKE_9A_IN(xform->ec.q.y, 3);
 		SET_PKE_9A_EC(curve[curve_id], a, 2);
 		SET_PKE_9A_EC(curve[curve_id], b, 1);
 		SET_PKE_9A_EC(curve[curve_id], p, 0);
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index fed5596f36..7ae2c6c007 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1006,8 +1006,6 @@ prepare_ecdsa_op(void)
 		asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
 		asym->ecdsa.message.data = msg.val;
 		asym->ecdsa.message.length = msg.len;
-		asym->ecdsa.pkey.data = vec.ecdsa.pkey.val;
-		asym->ecdsa.pkey.length = vec.ecdsa.pkey.len;
 		asym->ecdsa.k.data = vec.ecdsa.k.val;
 		asym->ecdsa.k.length = vec.ecdsa.k.len;
 
@@ -1029,10 +1027,6 @@ prepare_ecdsa_op(void)
 		asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
 		asym->ecdsa.message.data = msg.val;
 		asym->ecdsa.message.length = msg.len;
-		asym->ecdsa.q.x.data = vec.ecdsa.qx.val;
-		asym->ecdsa.q.x.length = vec.ecdsa.qx.len;
-		asym->ecdsa.q.y.data = vec.ecdsa.qy.val;
-		asym->ecdsa.q.y.length = vec.ecdsa.qy.len;
 		asym->ecdsa.r.data = vec.ecdsa.r.val;
 		asym->ecdsa.r.length = vec.ecdsa.r.len;
 		asym->ecdsa.s.data = vec.ecdsa.s.val;
@@ -1570,6 +1564,9 @@ prepare_ecdsa_xform(struct rte_crypto_asym_xform *xform)
 				info.device_name, RTE_CRYPTO_ASYM_OP_SIGN);
 			return -EPERM;
 		}
+
+		xform->ec.pkey.data = vec.ecdsa.pkey.val;
+		xform->ec.pkey.length = vec.ecdsa.pkey.len;
 		break;
 	case FIPS_TEST_ASYM_SIGVER:
 		if (!rte_cryptodev_asym_xform_capability_check_optype(cap,
@@ -1578,6 +1575,11 @@ prepare_ecdsa_xform(struct rte_crypto_asym_xform *xform)
 				info.device_name, RTE_CRYPTO_ASYM_OP_VERIFY);
 			return -EPERM;
 		}
+
+		xform->ec.q.x.data = vec.ecdsa.qx.val;
+		xform->ec.q.x.length = vec.ecdsa.qx.len;
+		xform->ec.q.y.data = vec.ecdsa.qy.val;
+		xform->ec.q.y.length = vec.ecdsa.qy.len;
 		break;
 	default:
 		break;
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index cbcfe1dc26..b72876240c 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -376,16 +376,12 @@ struct rte_crypto_dsa_xform {
 struct rte_crypto_ec_xform {
 	enum rte_crypto_curve_id curve_id;
 	/**< Pre-defined ec groups */
-};
 
-/**
- * Asymmetric SM2 transform data.
- *
- * Structure describing SM2 xform params.
- */
-struct rte_crypto_sm2_xform {
-	enum rte_crypto_auth_algorithm hash;
-	/**< Hash algorithm used in SM2 op. */
+	rte_crypto_uint pkey;
+	/**< Private key */
+
+	struct rte_crypto_ec_point q;
+	/**< Public key */
 };
 
 /**
@@ -571,11 +567,8 @@ struct rte_crypto_ecdsa_op_param {
 	enum rte_crypto_asym_op_type op_type;
 	/**< Signature generation or verification */
 
-	rte_crypto_uint pkey;
-	/**< Private key of the signer for signature generation */
-
-	struct rte_crypto_ec_point q;
-	/**< Public key of the signer for verification */
+	enum rte_crypto_auth_algorithm hash;
+	/**< Hash algorithm used in EC op. */
 
 	rte_crypto_param message;
 	/**< Input message digest to be signed or verified */
@@ -657,11 +650,8 @@ struct rte_crypto_sm2_op_param {
 	enum rte_crypto_asym_op_type op_type;
 	/**< Signature generation or verification. */
 
-	rte_crypto_uint pkey;
-	/**< Private key for encryption or sign generation. */
-
-	struct rte_crypto_ec_point q;
-	/**< Public key for decryption or verification. */
+	enum rte_crypto_auth_algorithm hash;
+	/**< Hash algorithm used in EC op. */
 
 	rte_crypto_param message;
 	/**<
-- 
2.25.1

[PATCH v2 3/7] cryptodev: add RNG capability in EC based xform

[Gowrishankar Muthukrishnan]

Elliptic curve based asymmetric operations use cryptographically
secure random number in its computation. If PMD supports RNG
for such ops, the application could skip computing on its own.
This patch adds new field in asymmetric capability to declare
this capability.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 2 ++
 lib/cryptodev/rte_cryptodev.h                | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 2a307aa839..e361b4ae14 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -603,6 +603,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
 				 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
 				 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+				{.internal_rng = 1
+				}
 			}
 		}
 		}
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 9246df90ef..0d2d9ef8c3 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -181,6 +181,12 @@ struct rte_cryptodev_asymmetric_xform_capability {
 		/**< Range of modulus length supported by modulus based xform.
 		 * Value 0 mean implementation default
 		 */
+
+		uint8_t internal_rng;
+		/**< Availability of random number generator for Elliptic curve based xform.
+		 * Value 0 means unavailable, and application should pass the required
+		 * random value. Otherwise, PMD would internally compute the random number.
+		 */
 	};
 };
 
-- 
2.25.1

[PATCH v2 4/7] cryptodev: add hash algorithms in asymmetric capability

[Gowrishankar Muthukrishnan]

Most of the asymmetric operations start with hash of the input.
But a PMD might also support only plain input (eg openssl).
Add a new field in asymmetric capability to declare support
for hash operations that PMD can support for the asymmetric
operations. Application can skip computing hash if PMD already
supports it.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  1 +
 lib/cryptodev/cryptodev_trace.h              |  9 +++++++++
 lib/cryptodev/cryptodev_trace_points.c       |  3 +++
 lib/cryptodev/rte_cryptodev.c                | 16 ++++++++++++++++
 lib/cryptodev/rte_cryptodev.h                | 19 +++++++++++++++++++
 lib/cryptodev/version.map                    |  1 +
 6 files changed, 49 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index e361b4ae14..2862c294a9 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -598,6 +598,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		{.asym = {
 			.xform_capa = {
 				.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+				.hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
 				.op_types =
 				((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
 				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
diff --git a/lib/cryptodev/cryptodev_trace.h b/lib/cryptodev/cryptodev_trace.h
index aab44af96b..935f0d564b 100644
--- a/lib/cryptodev/cryptodev_trace.h
+++ b/lib/cryptodev/cryptodev_trace.h
@@ -520,6 +520,15 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_int(ret);
 )
 
+RTE_TRACE_POINT(
+	rte_cryptodev_trace_asym_xform_capability_check_hash,
+	RTE_TRACE_POINT_ARGS(uint64_t hash_algos,
+		enum rte_crypto_auth_algorithm hash, int ret),
+	rte_trace_point_emit_u64(hash_algos);
+	rte_trace_point_emit_int(hash);
+	rte_trace_point_emit_int(ret);
+)
+
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_count,
 	RTE_TRACE_POINT_ARGS(uint8_t nb_devs),
diff --git a/lib/cryptodev/cryptodev_trace_points.c b/lib/cryptodev/cryptodev_trace_points.c
index e2303fdb52..8c47ab1e78 100644
--- a/lib/cryptodev/cryptodev_trace_points.c
+++ b/lib/cryptodev/cryptodev_trace_points.c
@@ -144,6 +144,9 @@ RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_modlen,
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_optype,
 	lib.cryptodev.asym.xform.capability.check.optype)
 
+RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_hash,
+	lib.cryptodev.asym.xform.capability.check.hash)
+
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_cpu_crypto_process,
 	lib.cryptodev.sym.cpu.crypto.process)
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index c49d342b17..041d3074db 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -718,6 +718,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
 	return ret;
 }
 
+bool
+rte_cryptodev_asym_xform_capability_check_hash(
+	const struct rte_cryptodev_asymmetric_xform_capability *capability,
+	enum rte_crypto_auth_algorithm hash)
+{
+	bool ret = false;
+
+	if (capability->hash_algos & (1 << hash))
+		ret = true;
+
+	rte_cryptodev_trace_asym_xform_capability_check_hash(
+		capability->hash_algos, hash, ret);
+
+	return ret;
+}
+
 /* spinlock for crypto device enq callbacks */
 static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
 
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 0d2d9ef8c3..9f36e0323d 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -188,6 +188,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
 		 * random value. Otherwise, PMD would internally compute the random number.
 		 */
 	};
+
+	uint64_t hash_algos;
+	/**< Bitmask of hash algorithms supported for op_type. */
 };
 
 /**
@@ -346,6 +349,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
 	const struct rte_cryptodev_asymmetric_xform_capability *capability,
 		uint16_t modlen);
 
+/**
+ * Check if hash algorithm is supported.
+ *
+ * @param	capability	Asymmetric crypto capability.
+ * @param	hash		Hash algorithm.
+ *
+ * @return
+ *   - Return true if the hash algorithm is supported.
+ *   - Return false if the hash algorithm is not supported.
+ */
+__rte_experimental
+bool
+rte_cryptodev_asym_xform_capability_check_hash(
+	const struct rte_cryptodev_asymmetric_xform_capability *capability,
+	enum rte_crypto_auth_algorithm hash);
+
 /**
  * Provide the cipher algorithm enum, given an algorithm string
  *
diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
index ae8d9327b4..3c2d1780e0 100644
--- a/lib/cryptodev/version.map
+++ b/lib/cryptodev/version.map
@@ -54,6 +54,7 @@ EXPERIMENTAL {
 	rte_cryptodev_asym_get_xform_enum;
 	rte_cryptodev_asym_session_create;
 	rte_cryptodev_asym_session_free;
+	rte_cryptodev_asym_xform_capability_check_hash;
 	rte_cryptodev_asym_xform_capability_check_modlen;
 	rte_cryptodev_asym_xform_capability_check_optype;
 	rte_cryptodev_sym_cpu_crypto_process;
-- 
2.25.1

[PATCH v2 5/7] cryptodev: use generic EC xform params for SM2

[Gowrishankar Muthukrishnan]

SM2 curve could use generic EC xform as it is yet another EC.
This would also require SM2 curve ID enumerated
along with other curves, as listed in:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_sm2_test_vectors.h | 4 +++-
 doc/guides/rel_notes/release_23_11.rst     | 2 ++
 lib/cryptodev/rte_crypto_asym.h            | 6 ++----
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/app/test/test_cryptodev_sm2_test_vectors.h b/app/test/test_cryptodev_sm2_test_vectors.h
index 7a4ce70c10..3d2dba1359 100644
--- a/app/test/test_cryptodev_sm2_test_vectors.h
+++ b/app/test/test_cryptodev_sm2_test_vectors.h
@@ -17,6 +17,7 @@ struct crypto_testsuite_sm2_params {
 	rte_crypto_param id;
 	rte_crypto_param cipher;
 	rte_crypto_param message;
+	int curve;
 };
 
 static uint8_t fp256_pkey[] = {
@@ -123,7 +124,8 @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = {
 	.cipher = {
 		.data = fp256_cipher,
 		.length = sizeof(fp256_cipher),
-	}
+	},
+	.curve = RTE_CRYPTO_EC_GROUP_SM2
 };
 
 #endif /* __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__ */
diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst
index 9746809a66..e9afae8030 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -97,6 +97,8 @@ Removed Items
 
 * kni: Removed the Kernel Network Interface (KNI) library and driver.
 
+* crypto: Removed SM2 xform parameter in asymmetric xform.
+
 
 API Changes
 -----------
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index b72876240c..d75ef90b86 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -69,7 +69,8 @@ enum rte_crypto_curve_id {
 	RTE_CRYPTO_EC_GROUP_SECP224R1 = 21,
 	RTE_CRYPTO_EC_GROUP_SECP256R1 = 23,
 	RTE_CRYPTO_EC_GROUP_SECP384R1 = 24,
-	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25
+	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25,
+	RTE_CRYPTO_EC_GROUP_SM2       = 41,
 };
 
 /**
@@ -637,9 +638,6 @@ struct rte_crypto_asym_xform {
 		/**< EC xform parameters, used by elliptic curve based
 		 * operations.
 		 */
-
-		struct rte_crypto_sm2_xform sm2;
-		/**< SM2 xform parameters */
 	};
 };
 
-- 
2.25.1

[PATCH v2 6/7] app/test: check asymmetric capabilities in SM2 test

[Gowrishankar Muthukrishnan]

Check asymmetric capabilities such as SM3 hash support and
internal RNG and accordingly choose op params for SM2 test.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c             | 78 ++++++++++++----------
 app/test/test_cryptodev_sm2_test_vectors.h | 28 +++++---
 2 files changed, 64 insertions(+), 42 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 0e7a9b5460..bce6b0a9dd 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -608,6 +608,7 @@ static inline void print_asym_capa(
 	break;
 	case RTE_CRYPTO_ASYM_XFORM_ECDSA:
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
 	default:
 		break;
 	}
@@ -1806,12 +1807,14 @@ test_ecpm_all_curve(void)
 }
 
 static int
-_test_sm2_sign(bool rnd_secret)
+test_sm2_sign(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	uint8_t output_buf_r[TEST_DATA_SIZE];
@@ -1822,6 +1825,12 @@ _test_sm2_sign(bool rnd_secret)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -1879,7 +1888,7 @@ _test_sm2_sign(bool rnd_secret)
 		asym_op->sm2.id.length = 0;
 	}
 
-	if (rnd_secret) {
+	if (capa->internal_rng != 0) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
 	} else {
@@ -1928,7 +1937,7 @@ _test_sm2_sign(bool rnd_secret)
 	debug_hexdump(stdout, "s:",
 			asym_op->sm2.s.data, asym_op->sm2.s.length);
 
-	if (!rnd_secret) {
+	if (capa->internal_rng == 0) {
 		/* Verify sign (by comparison). */
 		if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data,
 				   asym_op->sm2.r.length) != 0) {
@@ -1989,25 +1998,15 @@ _test_sm2_sign(bool rnd_secret)
 	return status;
 };
 
-static int
-test_sm2_sign_rnd_secret(void)
-{
-	return _test_sm2_sign(true);
-}
-
-__rte_used static int
-test_sm2_sign_plain_secret(void)
-{
-	return _test_sm2_sign(false);
-}
-
 static int
 test_sm2_verify(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	struct rte_crypto_asym_xform xform;
@@ -2016,6 +2015,12 @@ test_sm2_verify(void)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -2056,6 +2061,7 @@ test_sm2_verify(void)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+
 	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
 		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
 	else
@@ -2077,8 +2083,6 @@ test_sm2_verify(void)
 	asym_op->sm2.r.length = input_params.sign_r.length;
 	asym_op->sm2.s.data = input_params.sign_s.data;
 	asym_op->sm2.s.length = input_params.sign_s.length;
-	asym_op->sm2.id.data = input_params.id.data;
-	asym_op->sm2.id.length = input_params.id.length;
 
 	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
 
@@ -2118,13 +2122,15 @@ test_sm2_verify(void)
 };
 
 static int
-_test_sm2_enc(bool rnd_secret)
+test_sm2_enc(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
 	uint8_t output_buf[TEST_DATA_SIZE], *pbuf = NULL;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	struct rte_crypto_asym_xform xform;
@@ -2133,6 +2139,12 @@ _test_sm2_enc(bool rnd_secret)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -2180,7 +2192,7 @@ _test_sm2_enc(bool rnd_secret)
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
 
-	if (rnd_secret) {
+	if (capa->internal_rng != 0) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
 	} else {
@@ -2226,7 +2238,7 @@ _test_sm2_enc(bool rnd_secret)
 	debug_hexdump(stdout, "cipher:",
 			asym_op->sm2.cipher.data, asym_op->sm2.cipher.length);
 
-	if (!rnd_secret) {
+	if (capa->internal_rng == 0) {
 		if (memcmp(input_params.cipher.data, asym_op->sm2.cipher.data,
 				   asym_op->sm2.cipher.length) != 0) {
 			status = TEST_FAILED;
@@ -2290,25 +2302,15 @@ _test_sm2_enc(bool rnd_secret)
 	return status;
 };
 
-static int
-test_sm2_enc_rnd_secret(void)
-{
-	return _test_sm2_enc(true);
-}
-
-__rte_used static int
-test_sm2_enc_plain_secret(void)
-{
-	return _test_sm2_enc(false);
-}
-
 static int
 test_sm2_dec(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	uint8_t output_buf_m[TEST_DATA_SIZE];
@@ -2318,6 +2320,12 @@ test_sm2_dec(void)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -2724,9 +2732,9 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 				test_dh_keygenration),
-		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign_rnd_secret),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify),
-		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_enc_rnd_secret),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_enc),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_dec),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
@@ -2790,6 +2798,8 @@ static struct unit_test_suite cryptodev_octeontx_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 			     test_ecdsa_sign_verify_all_curve),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 				test_ecpm_all_curve),
 		TEST_CASES_END() /**< NULL terminate unit test array */
diff --git a/app/test/test_cryptodev_sm2_test_vectors.h b/app/test/test_cryptodev_sm2_test_vectors.h
index 3d2dba1359..41f5f7074a 100644
--- a/app/test/test_cryptodev_sm2_test_vectors.h
+++ b/app/test/test_cryptodev_sm2_test_vectors.h
@@ -17,6 +17,7 @@ struct crypto_testsuite_sm2_params {
 	rte_crypto_param id;
 	rte_crypto_param cipher;
 	rte_crypto_param message;
+	rte_crypto_param digest;
 	int curve;
 };
 
@@ -46,17 +47,17 @@ static uint8_t fp256_k[] = {
 };
 
 static uint8_t fp256_sign_r[] = {
-	0xf3, 0x26, 0x10, 0xde, 0xfb, 0xbf, 0x13, 0xd4,
-	0x73, 0xb1, 0xc2, 0x80, 0x51, 0x06, 0x29, 0xf9,
-	0xfb, 0xc8, 0x11, 0xa7, 0x8d, 0x2c, 0xcb, 0x09,
-	0x7c, 0xb2, 0xcf, 0x58, 0x0b, 0x5e, 0x25, 0xff
+	0x75, 0x2B, 0x8C, 0x15, 0x38, 0x10, 0xF6, 0xC0,
+	0x28, 0xC9, 0x8A, 0x51, 0xD0, 0x62, 0x69, 0x4B,
+	0xF6, 0x58, 0x06, 0xEB, 0xF1, 0x91, 0x1F, 0x15,
+	0x8B, 0x08, 0x09, 0xF9, 0x88, 0x0A, 0x44, 0x24
 };
 
 static uint8_t fp256_sign_s[] = {
-	0x8d, 0x8d, 0xb5, 0x40, 0xe3, 0xfb, 0x98, 0xf9,
-	0x8c, 0xe4, 0x58, 0x60, 0xf2, 0x78, 0x8f, 0xd9,
-	0xbf, 0xb8, 0x47, 0x73, 0x88, 0xc1, 0xd1, 0xcd,
-	0x2d, 0xdb, 0xe3, 0xc1, 0x44, 0x30, 0x25, 0x86
+	0x5A, 0x3C, 0x96, 0x3E, 0x1C, 0xB4, 0x19, 0xF9,
+	0xD7, 0x78, 0xB8, 0xCE, 0xFF, 0x9D, 0xB1, 0x31,
+	0x77, 0xDB, 0xA0, 0xFE, 0x84, 0x61, 0x1A, 0xD9,
+	0x4E, 0xFF, 0x82, 0x13, 0x1C, 0xCA, 0x04, 0x75,
 };
 
 static uint8_t fp256_id[] = {
@@ -68,6 +69,13 @@ static uint8_t fp256_message[] = {
 	0x64, 0x69, 0x67, 0x65, 0x73, 0x74
 };
 
+static uint8_t fp256_digest[] = {
+	0x0F, 0xB5, 0xCE, 0xF3, 0x3C, 0xB7, 0xD1, 0x35,
+	0xA9, 0x3A, 0xC7, 0xA7, 0x89, 0x2A, 0x6D, 0x9A,
+	0xF3, 0x1E, 0xC5, 0x38, 0xD3, 0x65, 0x1B, 0xB9,
+	0xDF, 0x5F, 0x7F, 0x4A, 0xD8, 0x89, 0x57, 0xF1
+};
+
 static uint8_t fp256_cipher[] = {
 	0x30, 0x78, 0x02, 0x21, 0x00, 0xAB, 0xBD, 0xE8,
 	0xE8, 0x80, 0x93, 0x36, 0x77, 0xB6, 0x44, 0x47,
@@ -121,6 +129,10 @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = {
 		.data = fp256_message,
 		.length = sizeof(fp256_message),
 	},
+	.digest = {
+		.data = fp256_digest,
+		.length = sizeof(fp256_digest),
+	},
 	.cipher = {
 		.data = fp256_cipher,
 		.length = sizeof(fp256_cipher),
-- 
2.25.1

[PATCH v2 7/7] crypto/cnxk: add SM2 support

[Gowrishankar Muthukrishnan]

Add SM2 asymmetric algorithm support in cnxk PMD.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/cryptodevs/features/cn10k.ini      |   1 +
 doc/guides/rel_notes/release_23_11.rst        |   6 +
 drivers/common/cnxk/hw/cpt.h                  |   3 +-
 drivers/common/cnxk/roc_ae.c                  |  32 ++-
 drivers/common/cnxk/roc_ae.h                  |   3 +-
 drivers/common/cnxk/roc_ae_fpm_tables.c       | 190 ++++++++++++++++++
 drivers/crypto/cnxk/cnxk_ae.h                 |  34 +++-
 drivers/crypto/cnxk/cnxk_cryptodev.h          |   2 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c |  17 ++
 9 files changed, 283 insertions(+), 5 deletions(-)

diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini
index 55a1226965..15e2dd48a8 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -103,6 +103,7 @@ Modular Inversion       =
 Diffie-hellman          =
 ECDSA                   = Y
 ECPM                    = Y
+SM2                     = Y
 
 ;
 ; Supported Operating systems of the 'cn10k' crypto driver.
diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst
index e9afae8030..b21e78c7a0 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -72,12 +72,18 @@ New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+
 * build: Enabling deprecated libraries is now done using the new
   ``enable_deprecated_libraries`` build option.
 
 * build: Optional libraries can now be selected with the new ``enable_libs``
   build option similarly to the existing ``enable_drivers`` build option.
 
+* **Updated CNXK crypto driver.**
+
+  * Added SM2 algorithm support in asymmetric crypto operations.
+
+
 
 Removed Items
 -------------
diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index 5e1519e202..ce57de8788 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -79,7 +79,8 @@ union cpt_eng_caps {
 		uint64_t __io reserved_23_33 : 11;
 		uint64_t __io pdcp_chain : 1;
 		uint64_t __io sg_ver2 : 1;
-		uint64_t __io reserved_36_63 : 28;
+		uint64_t __io sm2 : 1;
+		uint64_t __io reserved_37_63 : 27;
 	};
 };
 
diff --git a/drivers/common/cnxk/roc_ae.c b/drivers/common/cnxk/roc_ae.c
index 336b927641..e6a013d7c4 100644
--- a/drivers/common/cnxk/roc_ae.c
+++ b/drivers/common/cnxk/roc_ae.c
@@ -149,7 +149,37 @@ const struct roc_ae_ec_group ae_ec_grp[ROC_AE_EC_ID_PMAX] = {
 			     0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C,
 			     0x34, 0xF1, 0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50,
 			     0x3F, 0x00},
-		    .length = 66}}};
+		    .length = 66},
+	},
+	{},
+	{},
+	{},
+	{
+		.prime = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+				   0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF},
+			  .length = 32},
+		.order = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0x72, 0x03, 0xDF, 0x6B, 0x21,
+				   0xC6, 0x05, 0x2B, 0x53, 0xBB, 0xF4, 0x09,
+				   0x39, 0xD5, 0x41, 0x23},
+			  .length = 32},
+		.consta = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+				    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+				    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+				    0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+				    0xFF, 0xFF, 0xFF, 0xFC},
+			   .length = 32},
+		.constb = {.data = {0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E,
+				    0x34, 0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65,
+				    0x09, 0xA7, 0xF3, 0x97, 0x89, 0xF5, 0x15,
+				    0xAB, 0x8F, 0x92, 0xDD, 0xBC, 0xBD, 0x41,
+				    0x4D, 0x94, 0x0E, 0x93},
+			   .length = 32},
+	}};
 
 int
 roc_ae_ec_grp_get(struct roc_ae_ec_group **tbl)
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index d8ad0129b1..d459c5e680 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -34,7 +34,8 @@ typedef enum {
 	ROC_AE_EC_ID_P160 = 5,
 	ROC_AE_EC_ID_P320 = 6,
 	ROC_AE_EC_ID_P512 = 7,
-	ROC_AE_EC_ID_PMAX = 8
+	ROC_AE_EC_ID_SM2  = 8,
+	ROC_AE_EC_ID_PMAX
 } roc_ae_ec_id;
 
 /* Prime and order fields of built-in elliptic curves */
diff --git a/drivers/common/cnxk/roc_ae_fpm_tables.c b/drivers/common/cnxk/roc_ae_fpm_tables.c
index f91570299b..ead3128e7f 100644
--- a/drivers/common/cnxk/roc_ae_fpm_tables.c
+++ b/drivers/common/cnxk/roc_ae_fpm_tables.c
@@ -1057,6 +1057,189 @@ const uint8_t ae_fpm_tbl_p521[AE_FPM_P521_LEN] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
 };
 
+const uint8_t ae_fpm_tbl_p256_sm2[AE_FPM_P256_LEN] = {
+	0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7, 0x8F, 0xE3, 0x0B, 0xBF,
+	0xF2, 0x66, 0x0B, 0xE1, 0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94,
+	0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0, 0xD0, 0xA9, 0x87, 0x7C,
+	0xC6, 0x2A, 0x47, 0x40, 0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53,
+	0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xE1, 0x8B, 0xD5, 0x46, 0xB5, 0x82, 0x45, 0x17, 0x67, 0x38, 0x91, 0xD7,
+	0x91, 0xCA, 0xA4, 0x86, 0xBA, 0x22, 0x0B, 0x99, 0xDF, 0x9F, 0x9A, 0x14,
+	0x95, 0xAF, 0xBD, 0x11, 0x55, 0xC1, 0xDA, 0x54, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x8E, 0x44, 0x50, 0xEB, 0x33, 0x4A, 0xCD, 0xCB, 0xC3, 0xC7, 0xD1, 0x89,
+	0x8A, 0x53, 0xF2, 0x0D, 0x2E, 0xEE, 0x75, 0x0F, 0x40, 0x53, 0x01, 0x7C,
+	0xE8, 0xA6, 0xD8, 0x2C, 0x51, 0x73, 0x88, 0xC2, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xF8, 0x1C, 0x8D, 0xA9, 0xB9, 0x9F, 0xBA, 0x55, 0x13, 0x7F, 0x6C, 0x61,
+	0x49, 0xFE, 0xEF, 0x6E, 0xCB, 0x12, 0x9A, 0xA4, 0x94, 0xDA, 0x9A, 0xD4,
+	0x82, 0xA0, 0xF5, 0x40, 0x7D, 0x12, 0x3D, 0xB6, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xFD, 0xEC, 0xA0, 0x07, 0x72, 0xC4, 0xDB, 0xC9, 0xA9, 0x61, 0xB5, 0x8F,
+	0x0C, 0xF5, 0x83, 0x73, 0xEC, 0xAC, 0xAB, 0x94, 0xE9, 0x73, 0xF9, 0xC3,
+	0xF1, 0x2F, 0xA4, 0x69, 0x6A, 0x22, 0xCA, 0x3F, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xEA, 0xE3, 0xD9, 0xA9, 0xD1, 0x3A, 0x42, 0xED, 0x2B, 0x23, 0x08, 0xF6,
+	0x48, 0x4E, 0x1B, 0x38, 0x3D, 0xB7, 0xB2, 0x48, 0x88, 0xC2, 0x1F, 0x3A,
+	0xB6, 0x92, 0xE5, 0xB5, 0x74, 0xD5, 0x5D, 0xA9, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xD1, 0x86, 0x46, 0x9D, 0xE2, 0x95, 0xE5, 0xAB, 0xDB, 0x61, 0xAC, 0x17,
+	0x73, 0x43, 0x8E, 0x6D, 0x5A, 0x92, 0x4F, 0x85, 0x54, 0x49, 0x26, 0xF9,
+	0xA1, 0x75, 0x05, 0x1B, 0x0F, 0x3F, 0xB6, 0x13, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xA7, 0x2D, 0x08, 0x4F, 0x62, 0xC8, 0xD5, 0x8B, 0xE3, 0xD6, 0x46, 0x7D,
+	0xEA, 0xF4, 0x8F, 0xD7, 0x8F, 0xE7, 0x5E, 0x5A, 0x12, 0x8A, 0x56, 0xA7,
+	0xC0, 0x02, 0x3F, 0xE7, 0xFF, 0x2B, 0x68, 0xBD, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x64, 0xF6, 0x77, 0x82, 0x31, 0x68, 0x15, 0xF9, 0xB5, 0x2B, 0x6D, 0x9B,
+	0x19, 0xA6, 0x9C, 0xD2, 0x5D, 0x1E, 0xD6, 0xFA, 0x89, 0xCB, 0xBA, 0xDE,
+	0x79, 0x6C, 0x91, 0x0E, 0xE7, 0xF4, 0xCC, 0xDB, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x1B, 0x21, 0x50, 0xC1, 0xC5, 0xF1, 0x30, 0x15, 0xDA, 0xAB, 0xA9, 0x1B,
+	0x5D, 0x95, 0x2C, 0x9B, 0x0E, 0x8C, 0xC2, 0x4C, 0x3F, 0x54, 0x61, 0x42,
+	0x75, 0xA3, 0x4B, 0x24, 0x37, 0x05, 0xF2, 0x60, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x77, 0xD1, 0x95, 0x42, 0x1C, 0xEF, 0x13, 0x39, 0x63, 0x66, 0x44, 0xAA,
+	0x0C, 0x3A, 0x06, 0x23, 0x46, 0x83, 0xDF, 0x17, 0x6E, 0xEB, 0x24, 0x44,
+	0x64, 0x2C, 0xE3, 0xBD, 0x35, 0x35, 0xE7, 0x4D, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x4A, 0x59, 0xAC, 0x2C, 0x6E, 0x7E, 0xCC, 0x08, 0xAF, 0x2B, 0x71, 0x16,
+	0x4F, 0x19, 0x1D, 0x63, 0x36, 0x22, 0xA8, 0x7F, 0xB2, 0x84, 0x55, 0x4F,
+	0xD9, 0xEB, 0x39, 0x7B, 0x44, 0x1E, 0x9C, 0xD0, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xA6, 0x6B, 0x8A, 0x48, 0x93, 0xB6, 0xA5, 0x4D, 0x26, 0xFB, 0x89, 0xA4,
+	0x0B, 0x4A, 0x66, 0x3A, 0xAF, 0xA8, 0x75, 0x01, 0xEE, 0xDF, 0xC9, 0xF4,
+	0xF3, 0xF0, 0x00, 0xBC, 0x66, 0xF9, 0x81, 0x08, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xAD, 0x8B, 0xC6, 0x8C, 0xE0, 0x31, 0xD6, 0x16, 0x16, 0x88, 0x8D, 0x8E,
+	0xE4, 0x00, 0x31, 0x87, 0x44, 0xC0, 0x75, 0x7F, 0x3B, 0xB8, 0xB6, 0x00,
+	0x79, 0x3F, 0xAE, 0x7A, 0xF0, 0x16, 0x42, 0x45, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x21, 0x0C, 0xD0, 0x42, 0x97, 0x3F, 0x33, 0x3B, 0x08, 0x66, 0x6F, 0xF5,
+	0x2D, 0xBD, 0x25, 0xF9, 0x65, 0xC5, 0xB1, 0x29, 0xF5, 0xF7, 0xAD, 0x5D,
+	0xE0, 0x3D, 0x7A, 0x8D, 0x19, 0xB3, 0x21, 0x9A, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xD6, 0x8B, 0xFB, 0xAC, 0xE0, 0xE0, 0x03, 0x92, 0x26, 0x10, 0x14, 0xF7,
+	0xD3, 0x44, 0x5D, 0xC7, 0xD9, 0xF4, 0x6B, 0x27, 0x14, 0xA0, 0x71, 0xEE,
+	0x1B, 0x20, 0x0A, 0xF3, 0x08, 0x10, 0xB6, 0x82, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0D, 0x91, 0xD8, 0xB1, 0x2A, 0xE6, 0x9B, 0xCD, 0x74, 0xA0, 0x8F, 0x17,
+	0xBF, 0x8C, 0xD9, 0x81, 0xD8, 0x22, 0x91, 0x3C, 0xF0, 0xD2, 0xB8, 0x2D,
+	0x24, 0x8B, 0x7A, 0xF0, 0xB0, 0x5B, 0xFA, 0xD2, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xBA, 0x11, 0x9A, 0x04, 0x9E, 0x62, 0xF2, 0xE2, 0xF2, 0x78, 0xE8, 0xA3,
+	0x4D, 0xF0, 0x5A, 0xE5, 0xD2, 0x69, 0xF3, 0x56, 0x4E, 0xB5, 0xD1, 0x80,
+	0x8E, 0x74, 0xAD, 0x0F, 0x4F, 0x95, 0x7C, 0xB1, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x11, 0x2F, 0xF4, 0xDA, 0xBD, 0x76, 0xE2, 0xDD, 0x91, 0x37, 0x3F, 0x20,
+	0x63, 0x0F, 0xDB, 0x7F, 0xF4, 0x3E, 0xAB, 0x47, 0x49, 0x92, 0x90, 0x4C,
+	0x55, 0xA5, 0xCC, 0xC7, 0xAF, 0x3B, 0x6D, 0xB4, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x5A, 0xD1, 0x04, 0xA8, 0xBD, 0xD2, 0x3D, 0xE9, 0xF5, 0xA9, 0xE5, 0x15,
+	0xEB, 0x71, 0xC2, 0xC1, 0x39, 0x05, 0x42, 0xA0, 0xBA, 0x95, 0xC1, 0x74,
+	0x4C, 0x55, 0xFB, 0x20, 0x42, 0x64, 0x91, 0xBF, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x91, 0x52, 0x57, 0x35, 0xEF, 0x62, 0x62, 0x89, 0xD2, 0xED, 0x97, 0x7F,
+	0x88, 0xF0, 0x96, 0x35, 0xFD, 0x48, 0x73, 0x1B, 0x7A, 0x8A, 0x85, 0x21,
+	0x08, 0xF8, 0x9A, 0x03, 0xB8, 0xFD, 0xEB, 0xEA, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x7E, 0x8E, 0x61, 0xEA, 0x35, 0xEB, 0x8E, 0x2E, 0x1B, 0xB2, 0x70, 0x0D,
+	0xB9, 0x8A, 0x76, 0x2C, 0xD8, 0x1E, 0xA2, 0x3B, 0x77, 0x38, 0xC1, 0x7C,
+	0xF9, 0xDE, 0xF2, 0xA4, 0x6D, 0xBA, 0x26, 0xA3, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x18, 0x3A, 0x79, 0x12, 0xD0, 0x5E, 0x32, 0x9F, 0x34, 0x66, 0x4A, 0x08,
+	0x96, 0xCC, 0xDE, 0x0E, 0x56, 0xC2, 0x26, 0x52, 0x61, 0x42, 0x83, 0xBB,
+	0x91, 0x69, 0x28, 0x99, 0xD5, 0xFF, 0x05, 0x13, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x44, 0x9D, 0x48, 0xD8, 0xF3, 0xBD, 0xBE, 0x19, 0xAB, 0x95, 0xDE, 0x03,
+	0xCC, 0x85, 0x10, 0xCB, 0xAE, 0xF1, 0x59, 0x46, 0x3F, 0x8B, 0xFB, 0x25,
+	0xDA, 0x72, 0xC3, 0x79, 0xDA, 0xE3, 0xCA, 0x8B, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xCB, 0xA9, 0x31, 0x5C, 0xE8, 0x2C, 0xC3, 0xEA, 0x4E, 0x52, 0x4B, 0xAC,
+	0x38, 0xA5, 0x80, 0x20, 0x36, 0xBA, 0x27, 0x52, 0x53, 0x8E, 0x34, 0x8C,
+	0xB1, 0x70, 0xD0, 0xDA, 0x75, 0xED, 0x45, 0x0F, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x94, 0x7A, 0xF0, 0xF5, 0x2B, 0x4F, 0x8D, 0xA6, 0x7E, 0xDA, 0x17, 0xD9,
+	0x17, 0x82, 0x79, 0x76, 0x5B, 0xA7, 0x9A, 0x0C, 0x70, 0x58, 0x53, 0xA0,
+	0xA5, 0xD9, 0x87, 0x3B, 0x3F, 0xB2, 0xDD, 0xC7, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xC2, 0xA4, 0x81, 0x62, 0xA5, 0xFD, 0x9C, 0xE9, 0x80, 0xEE, 0x8A, 0xE5,
+	0x26, 0xF2, 0x5F, 0x02, 0xF6, 0x0C, 0x8E, 0xF6, 0x63, 0x3B, 0xE6, 0xA9,
+	0xE2, 0xE2, 0x3F, 0x02, 0x29, 0xA8, 0x4A, 0x35, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xBC, 0x49, 0x45, 0xBD, 0x86, 0xBB, 0x6A, 0xFB, 0x23, 0x7E, 0xB7, 0x11,
+	0xEB, 0xA4, 0x6F, 0xEE, 0x7C, 0x1D, 0xB5, 0x8B, 0x7B, 0x86, 0xEB, 0x33,
+	0xD9, 0x4E, 0xB7, 0x28, 0x27, 0x3B, 0x3A, 0xC7, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xBE, 0x17, 0x17, 0xE5, 0x95, 0x68, 0xD0, 0xA4, 0x4A, 0x60, 0x67, 0xCC,
+	0x45, 0xF7, 0x02, 0x12, 0x19, 0xB3, 0x2E, 0xB5, 0xAF, 0xC2, 0xFB, 0x17,
+	0xBE, 0x3C, 0x1E, 0x7A, 0xC3, 0xAC, 0x9D, 0x3C, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
 const struct ae_fpm_entry ae_fpm_tbl_scalar[ROC_AE_EC_ID_PMAX] = {
 	{
 		.data = ae_fpm_tbl_p192,
@@ -1077,6 +1260,13 @@ const struct ae_fpm_entry ae_fpm_tbl_scalar[ROC_AE_EC_ID_PMAX] = {
 	{
 		.data = ae_fpm_tbl_p521,
 		.len = sizeof(ae_fpm_tbl_p521)
+	},
+	{},
+	{},
+	{},
+	{
+		.data = ae_fpm_tbl_p256_sm2,
+		.len = sizeof(ae_fpm_tbl_p256_sm2)
 	}
 };
 
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 8fdb45177b..3cb01b60d3 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -193,8 +193,11 @@ cnxk_ae_fill_ec_params(struct cnxk_ae_sess *sess,
 	case RTE_CRYPTO_EC_GROUP_SECP521R1:
 		ec->curveid = ROC_AE_EC_ID_P521;
 		break;
+	case RTE_CRYPTO_EC_GROUP_SM2:
+		ec->curveid = ROC_AE_EC_ID_SM2;
+		break;
 	default:
-		/* Only NIST curves (FIPS 186-4) are supported */
+		/* Only NIST curves (FIPS 186-4) and SM2 are supported */
 		return -EINVAL;
 	}
 
@@ -235,6 +238,7 @@ cnxk_ae_fill_session_parameters(struct cnxk_ae_sess *sess,
 		/* Fall through */
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 	case RTE_CRYPTO_ASYM_XFORM_ECFPM:
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
 		ret = cnxk_ae_fill_ec_params(sess, xform);
 		break;
 	default:
@@ -1113,6 +1117,23 @@ cnxk_ae_dequeue_ecdsa_op(struct rte_crypto_ecdsa_op_param *ecdsa, uint8_t *rptr,
 	ecdsa->s.length = prime_len;
 }
 
+static __rte_always_inline void
+cnxk_ae_dequeue_sm2_op(struct rte_crypto_sm2_op_param *sm2, uint8_t *rptr,
+			 struct roc_ae_ec_ctx *ec,
+			 struct roc_ae_ec_group **ec_grp)
+{
+	int prime_len = ec_grp[ec->curveid]->prime.length;
+
+	if (sm2->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+		return;
+
+	/* Separate out sign r and s components */
+	rte_memcpy(sm2->r.data, rptr, prime_len);
+	rte_memcpy(sm2->s.data, rptr + RTE_ALIGN_CEIL(prime_len, 8), prime_len);
+	sm2->r.length = prime_len;
+	sm2->s.length = prime_len;
+}
+
 static __rte_always_inline void
 cnxk_ae_dequeue_ecpm_op(struct rte_crypto_ecpm_op_param *ecpm, uint8_t *rptr,
 			struct roc_ae_ec_ctx *ec,
@@ -1181,6 +1202,13 @@ cnxk_ae_enqueue(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 		if (unlikely(ret))
 			goto req_fail;
 		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		ret = cnxk_ae_enqueue_sm2_op(op, &meta_buf, sess,
+					       sess->cnxk_fpm_iova,
+					       sess->ec_grp, inst);
+		if (unlikely(ret))
+			goto req_fail;
+		break;
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 		ret = cnxk_ae_ecpm_prep(&asym_op->ecpm, &meta_buf,
 					sess->ec_grp[sess->ec_ctx.curveid],
@@ -1230,6 +1258,10 @@ cnxk_ae_post_process(struct rte_crypto_op *cop, struct cnxk_ae_sess *sess,
 		cnxk_ae_dequeue_ecdsa_op(&op->ecdsa, rptr, &sess->ec_ctx,
 					 sess->ec_grp);
 		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		cnxk_ae_dequeue_sm2_op(&op->sm2, rptr, &sess->ec_ctx,
+					 sess->ec_grp);
+		break;
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 	case RTE_CRYPTO_ASYM_XFORM_ECFPM:
 		cnxk_ae_dequeue_ecpm_op(&op->ecpm, rptr, &sess->ec_ctx,
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h
index 09f5ba0650..9a321aa8c9 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -13,7 +13,7 @@
 #define CNXK_CPT_MAX_CAPS	 54
 #define CNXK_SEC_CRYPTO_MAX_CAPS 16
 #define CNXK_SEC_MAX_CAPS	 9
-#define CNXK_AE_EC_ID_MAX	 8
+#define CNXK_AE_EC_ID_MAX	 9
 /**
  * Device private data
  */
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 4c6357353e..013d5789f6 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1152,6 +1152,20 @@ static const struct rte_cryptodev_capabilities caps_sm4[] = {
 	},
 };
 
+static const struct rte_cryptodev_capabilities caps_sm2[] = {
+	{	/* SM2 */
+		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+		{.asym = {
+			.xform_capa = {
+				.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+				.op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
+					     (1 << RTE_CRYPTO_ASYM_OP_VERIFY))
+			}
+		}
+		}
+	}
+};
+
 static const struct rte_cryptodev_capabilities caps_end[] = {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
@@ -1623,6 +1637,9 @@ cn10k_crypto_caps_add(struct rte_cryptodev_capabilities cnxk_caps[],
 		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm3);
 		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm4);
 	}
+
+	if (hw_caps[CPT_ENG_TYPE_AE].sm2)
+		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm2);
 }
 
 static void
-- 
2.25.1

RE: [PATCH v2 2/7] cryptodev: set private and public keys in EC session

[Power, Ciara]

Hi Gowrishankar,

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Wednesday, September 27, 2023 12:37 PM
> To: dev@dpdk.org
> Cc: anoobj@marvell.com; Akhil Goyal <gakhil@marvell.com>; Fan Zhang
> <fanzhang.oss@gmail.com>; Ji, Kai <kai.ji@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>; Gowrishankar Muthukrishnan
> <gmuthukrishn@marvell.com>
> Subject: [PATCH v2 2/7] cryptodev: set private and public keys in EC session
> 
> Set EC private and public keys into xform so that, it can be maintained per
> session.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  app/test/test_cryptodev_asym.c               | 121 ++++++----
>  drivers/common/cnxk/roc_ae.h                 |  18 ++
>  drivers/common/cpt/cpt_mcode_defines.h       |  18 ++
>  drivers/common/cpt/cpt_ucode_asym.h          |  22 +-
>  drivers/crypto/cnxk/cnxk_ae.h                | 235 ++++++++++++++++++-

The cnxk changes should be in patch [v2,7/7] crypto/cnxk: add SM2 support.

>  drivers/crypto/openssl/rte_openssl_pmd.c     |  53 +----
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c |  38 ++-
>  drivers/crypto/qat/qat_asym.c                |   6 +-
>  examples/fips_validation/main.c              |  14 +-
>  lib/cryptodev/rte_crypto_asym.h              |  28 +--
>  10 files changed, 409 insertions(+), 144 deletions(-)
<snip>

Thanks,
Ciara

RE: [PATCH v2 2/7] cryptodev: set private and public keys in EC session

[Gowrishankar Muthukrishnan]

> 
> The cnxk changes should be in patch [v2,7/7] crypto/cnxk: add SM2 support.
> 

Thanks Ciara. Minor issue in patches rebase. I'll send next version fixing it.

Regards,
Gowrishankar

[PATCH v3 0/7] cryptodev: support digest message in SM2

[Gowrishankar Muthukrishnan]

This patch series fixes SM2 algorithm implementation to
support digest message as input along with plain message
as today.

v3:
 - fixed minor issues in code rebase

Gowrishankar Muthukrishnan (7):
  crypto/openssl: include SM2 in asymmetric capabilities
  cryptodev: add hash algorithms in asymmetric capability
  cryptodev: use generic EC xform params for SM2
  cryptodev: set private and public keys in EC session
  cryptodev: add RNG capability in EC based xform
  crypto/cnxk: add SM2 support
  app/test: check asymmetric capabilities in SM2 test

 app/test/test_cryptodev_asym.c                | 197 ++++++++-----
 app/test/test_cryptodev_sm2_test_vectors.h    |  32 ++-
 doc/guides/cryptodevs/features/cn10k.ini      |   1 +
 doc/guides/rel_notes/release_23_11.rst        |   8 +
 drivers/common/cnxk/hw/cpt.h                  |   3 +-
 drivers/common/cnxk/roc_ae.c                  |  32 ++-
 drivers/common/cnxk/roc_ae.h                  |  21 +-
 drivers/common/cnxk/roc_ae_fpm_tables.c       | 190 +++++++++++++
 drivers/common/cpt/cpt_mcode_defines.h        |  18 ++
 drivers/common/cpt/cpt_ucode_asym.h           |  22 +-
 drivers/crypto/cnxk/cnxk_ae.h                 | 269 +++++++++++++++++-
 drivers/crypto/cnxk/cnxk_cryptodev.h          |   2 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c |  17 ++
 drivers/crypto/openssl/rte_openssl_pmd.c      |  53 +---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  55 +++-
 drivers/crypto/qat/qat_asym.c                 |   6 +-
 examples/fips_validation/main.c               |  14 +-
 lib/cryptodev/cryptodev_trace.h               |   9 +
 lib/cryptodev/cryptodev_trace_points.c        |   3 +
 lib/cryptodev/rte_crypto_asym.h               |  33 +--
 lib/cryptodev/rte_cryptodev.c                 |  16 ++
 lib/cryptodev/rte_cryptodev.h                 |  25 ++
 lib/cryptodev/version.map                     |   1 +
 23 files changed, 831 insertions(+), 196 deletions(-)

-- 
2.25.1

[PATCH v3 1/7] crypto/openssl: include SM2 in asymmetric capabilities

[Gowrishankar Muthukrishnan]

Include SM2 algorithm in the asymmetric capabilities supported
by OpenSSL PMD.

Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 85a4fa3e55..2eb450fcfd 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -593,6 +593,20 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		},
 		}
 	},
+	{	/* SM2 */
+		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+		{.asym = {
+			.xform_capa = {
+				.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+				.op_types =
+				((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
+				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
+				 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
+				 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+			}
+		}
+		}
+	},
 
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
-- 
2.25.1

[PATCH v3 2/7] cryptodev: add hash algorithms in asymmetric capability

[Gowrishankar Muthukrishnan]

Most of the asymmetric operations start with hash of the input.
But a PMD might also support only plain input (eg openssl).
Add a new field in asymmetric capability to declare support
for hash operations that PMD can support for the asymmetric
operations. Application can skip computing hash if PMD already
supports it.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 app/test/test_cryptodev_asym.c               | 52 ++++++++++++++++++--
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  1 +
 lib/cryptodev/cryptodev_trace.h              |  9 ++++
 lib/cryptodev/cryptodev_trace_points.c       |  3 ++
 lib/cryptodev/rte_cryptodev.c                | 16 ++++++
 lib/cryptodev/rte_cryptodev.h                | 19 +++++++
 lib/cryptodev/version.map                    |  1 +
 7 files changed, 97 insertions(+), 4 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 9820b80f7e..61f65823df 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1810,8 +1810,10 @@ _test_sm2_sign(bool rnd_secret)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	uint8_t output_buf_r[TEST_DATA_SIZE];
@@ -1822,6 +1824,12 @@ _test_sm2_sign(bool rnd_secret)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -1838,7 +1846,10 @@ _test_sm2_sign(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -1993,8 +2004,10 @@ test_sm2_verify(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	struct rte_crypto_asym_xform xform;
@@ -2003,6 +2016,12 @@ test_sm2_verify(void)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -2019,7 +2038,10 @@ test_sm2_verify(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2094,9 +2116,11 @@ _test_sm2_enc(bool rnd_secret)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
 	uint8_t output_buf[TEST_DATA_SIZE], *pbuf = NULL;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	struct rte_crypto_asym_xform xform;
@@ -2105,6 +2129,12 @@ _test_sm2_enc(bool rnd_secret)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -2120,7 +2150,10 @@ _test_sm2_enc(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2273,8 +2306,10 @@ test_sm2_dec(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	uint8_t output_buf_m[TEST_DATA_SIZE];
@@ -2284,6 +2319,12 @@ test_sm2_dec(void)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -2299,7 +2340,10 @@ test_sm2_dec(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 2eb450fcfd..d5dc365064 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -598,6 +598,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		{.asym = {
 			.xform_capa = {
 				.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+				.hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
 				.op_types =
 				((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
 				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
diff --git a/lib/cryptodev/cryptodev_trace.h b/lib/cryptodev/cryptodev_trace.h
index aab44af96b..935f0d564b 100644
--- a/lib/cryptodev/cryptodev_trace.h
+++ b/lib/cryptodev/cryptodev_trace.h
@@ -520,6 +520,15 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_int(ret);
 )
 
+RTE_TRACE_POINT(
+	rte_cryptodev_trace_asym_xform_capability_check_hash,
+	RTE_TRACE_POINT_ARGS(uint64_t hash_algos,
+		enum rte_crypto_auth_algorithm hash, int ret),
+	rte_trace_point_emit_u64(hash_algos);
+	rte_trace_point_emit_int(hash);
+	rte_trace_point_emit_int(ret);
+)
+
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_count,
 	RTE_TRACE_POINT_ARGS(uint8_t nb_devs),
diff --git a/lib/cryptodev/cryptodev_trace_points.c b/lib/cryptodev/cryptodev_trace_points.c
index e2303fdb52..8c47ab1e78 100644
--- a/lib/cryptodev/cryptodev_trace_points.c
+++ b/lib/cryptodev/cryptodev_trace_points.c
@@ -144,6 +144,9 @@ RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_modlen,
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_optype,
 	lib.cryptodev.asym.xform.capability.check.optype)
 
+RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_hash,
+	lib.cryptodev.asym.xform.capability.check.hash)
+
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_cpu_crypto_process,
 	lib.cryptodev.sym.cpu.crypto.process)
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index c49d342b17..041d3074db 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -718,6 +718,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
 	return ret;
 }
 
+bool
+rte_cryptodev_asym_xform_capability_check_hash(
+	const struct rte_cryptodev_asymmetric_xform_capability *capability,
+	enum rte_crypto_auth_algorithm hash)
+{
+	bool ret = false;
+
+	if (capability->hash_algos & (1 << hash))
+		ret = true;
+
+	rte_cryptodev_trace_asym_xform_capability_check_hash(
+		capability->hash_algos, hash, ret);
+
+	return ret;
+}
+
 /* spinlock for crypto device enq callbacks */
 static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
 
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 9246df90ef..47c6fda25b 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -182,6 +182,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
 		 * Value 0 mean implementation default
 		 */
 	};
+
+	uint64_t hash_algos;
+	/**< Bitmask of hash algorithms supported for op_type. */
 };
 
 /**
@@ -340,6 +343,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
 	const struct rte_cryptodev_asymmetric_xform_capability *capability,
 		uint16_t modlen);
 
+/**
+ * Check if hash algorithm is supported.
+ *
+ * @param	capability	Asymmetric crypto capability.
+ * @param	hash		Hash algorithm.
+ *
+ * @return
+ *   - Return true if the hash algorithm is supported.
+ *   - Return false if the hash algorithm is not supported.
+ */
+__rte_experimental
+bool
+rte_cryptodev_asym_xform_capability_check_hash(
+	const struct rte_cryptodev_asymmetric_xform_capability *capability,
+	enum rte_crypto_auth_algorithm hash);
+
 /**
  * Provide the cipher algorithm enum, given an algorithm string
  *
diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
index ae8d9327b4..3c2d1780e0 100644
--- a/lib/cryptodev/version.map
+++ b/lib/cryptodev/version.map
@@ -54,6 +54,7 @@ EXPERIMENTAL {
 	rte_cryptodev_asym_get_xform_enum;
 	rte_cryptodev_asym_session_create;
 	rte_cryptodev_asym_session_free;
+	rte_cryptodev_asym_xform_capability_check_hash;
 	rte_cryptodev_asym_xform_capability_check_modlen;
 	rte_cryptodev_asym_xform_capability_check_optype;
 	rte_cryptodev_sym_cpu_crypto_process;
-- 
2.25.1

[PATCH v3 3/7] cryptodev: use generic EC xform params for SM2

[Gowrishankar Muthukrishnan]

SM2 curve could use generic EC xform as it is yet another EC.
This would also require SM2 curve ID enumerated
along with other curves, as listed in:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c               | 40 ++++++++++++--------
 app/test/test_cryptodev_sm2_test_vectors.h   |  4 +-
 doc/guides/rel_notes/release_23_11.rst       |  2 +
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  3 --
 lib/cryptodev/rte_crypto_asym.h              | 19 +++-------
 5 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 61f65823df..95fef9b42a 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1846,10 +1846,7 @@ _test_sm2_sign(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
-		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
-	else
-		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+	xform.ec.curve_id = input_params.curve;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -1867,6 +1864,11 @@ _test_sm2_sign(bool rnd_secret)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
 	asym_op->sm2.pkey.data = input_params.pkey.data;
@@ -2038,10 +2040,7 @@ test_sm2_verify(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
-		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
-	else
-		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+	xform.ec.curve_id = input_params.curve;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2059,6 +2058,11 @@ test_sm2_verify(void)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
 	asym_op->sm2.pkey.data = input_params.pkey.data;
@@ -2150,10 +2154,7 @@ _test_sm2_enc(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
-		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
-	else
-		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+	xform.ec.curve_id = input_params.curve;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2171,6 +2172,11 @@ _test_sm2_enc(bool rnd_secret)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
 	asym_op->sm2.pkey.data = input_params.pkey.data;
@@ -2340,10 +2346,7 @@ test_sm2_dec(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
-		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
-	else
-		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+	xform.ec.curve_id = input_params.curve;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2361,6 +2364,11 @@ test_sm2_dec(void)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
 	asym_op->sm2.cipher.data = input_params.cipher.data;
 	asym_op->sm2.cipher.length = input_params.cipher.length;
 	asym_op->sm2.pkey.data = input_params.pkey.data;
diff --git a/app/test/test_cryptodev_sm2_test_vectors.h b/app/test/test_cryptodev_sm2_test_vectors.h
index 7a4ce70c10..3d2dba1359 100644
--- a/app/test/test_cryptodev_sm2_test_vectors.h
+++ b/app/test/test_cryptodev_sm2_test_vectors.h
@@ -17,6 +17,7 @@ struct crypto_testsuite_sm2_params {
 	rte_crypto_param id;
 	rte_crypto_param cipher;
 	rte_crypto_param message;
+	int curve;
 };
 
 static uint8_t fp256_pkey[] = {
@@ -123,7 +124,8 @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = {
 	.cipher = {
 		.data = fp256_cipher,
 		.length = sizeof(fp256_cipher),
-	}
+	},
+	.curve = RTE_CRYPTO_EC_GROUP_SM2
 };
 
 #endif /* __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__ */
diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst
index 9746809a66..e9afae8030 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -97,6 +97,8 @@ Removed Items
 
 * kni: Removed the Kernel Network Interface (KNI) library and driver.
 
+* crypto: Removed SM2 xform parameter in asymmetric xform.
+
 
 API Changes
 -----------
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index d5dc365064..6252a36f94 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -1305,9 +1305,6 @@ static int openssl_set_asym_session_parameters(
 		OSSL_PARAM *params = NULL;
 		int ret = -1;
 
-		if (xform->sm2.hash != RTE_CRYPTO_AUTH_SM3)
-			return -1;
-
 		param_bld = OSSL_PARAM_BLD_new();
 		if (!param_bld) {
 			OPENSSL_LOG(ERR, "failed to allocate params\n");
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index cbcfe1dc26..4b9d6a9d9f 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -69,7 +69,8 @@ enum rte_crypto_curve_id {
 	RTE_CRYPTO_EC_GROUP_SECP224R1 = 21,
 	RTE_CRYPTO_EC_GROUP_SECP256R1 = 23,
 	RTE_CRYPTO_EC_GROUP_SECP384R1 = 24,
-	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25
+	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25,
+	RTE_CRYPTO_EC_GROUP_SM2       = 41,
 };
 
 /**
@@ -378,16 +379,6 @@ struct rte_crypto_ec_xform {
 	/**< Pre-defined ec groups */
 };
 
-/**
- * Asymmetric SM2 transform data.
- *
- * Structure describing SM2 xform params.
- */
-struct rte_crypto_sm2_xform {
-	enum rte_crypto_auth_algorithm hash;
-	/**< Hash algorithm used in SM2 op. */
-};
-
 /**
  * Operations params for modular operations:
  * exponentiation and multiplicative inverse
@@ -644,9 +635,6 @@ struct rte_crypto_asym_xform {
 		/**< EC xform parameters, used by elliptic curve based
 		 * operations.
 		 */
-
-		struct rte_crypto_sm2_xform sm2;
-		/**< SM2 xform parameters */
 	};
 };
 
@@ -657,6 +645,9 @@ struct rte_crypto_sm2_op_param {
 	enum rte_crypto_asym_op_type op_type;
 	/**< Signature generation or verification. */
 
+	enum rte_crypto_auth_algorithm hash;
+	/**< Hash algorithm used in EC op. */
+
 	rte_crypto_uint pkey;
 	/**< Private key for encryption or sign generation. */
 
-- 
2.25.1

[PATCH v3 4/7] cryptodev: set private and public keys in EC session

[Gowrishankar Muthukrishnan]

Set EC private and public keys into xform so that, it can be
maintained per session.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Change-Id: Ib8251987c805bc304f819bf13f94f310f225a0e3
---
 app/test/test_cryptodev_asym.c               | 60 ++++++++++----------
 drivers/common/cnxk/roc_ae.h                 | 18 ++++++
 drivers/common/cpt/cpt_mcode_defines.h       | 18 ++++++
 drivers/common/cpt/cpt_ucode_asym.h          | 22 +++----
 drivers/crypto/cnxk/cnxk_ae.h                | 37 ++++++++----
 drivers/crypto/openssl/rte_openssl_pmd.c     | 53 +----------------
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 35 ++++++++++++
 drivers/crypto/qat/qat_asym.c                |  6 +-
 examples/fips_validation/main.c              | 14 +++--
 lib/cryptodev/rte_crypto_asym.h              | 18 ++----
 10 files changed, 158 insertions(+), 123 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 95fef9b42a..4c4bdb9861 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1503,6 +1503,12 @@ test_ecdsa_sign_verify(enum curve curve_id)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
 	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -1524,8 +1530,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
 	op->asym->ecdsa.message.length = input_params.digest.length;
 	op->asym->ecdsa.k.data = input_params.scalar.data;
 	op->asym->ecdsa.k.length = input_params.scalar.length;
-	op->asym->ecdsa.pkey.data = input_params.pkey.data;
-	op->asym->ecdsa.pkey.length = input_params.pkey.length;
 
 	/* Init out buf */
 	op->asym->ecdsa.r.data = output_buf_r;
@@ -1582,10 +1586,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
 
 	/* Populate op with operational details */
 	op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
-	op->asym->ecdsa.q.x.data = input_params.pubkey_qx.data;
-	op->asym->ecdsa.q.x.length = input_params.pubkey_qx.length;
-	op->asym->ecdsa.q.y.data = input_params.pubkey_qy.data;
-	op->asym->ecdsa.q.y.length = input_params.pubkey_qx.length;
 	op->asym->ecdsa.r.data = asym_op->ecdsa.r.data;
 	op->asym->ecdsa.r.length = asym_op->ecdsa.r.length;
 	op->asym->ecdsa.s.data = asym_op->ecdsa.s.data;
@@ -1847,6 +1847,12 @@ _test_sm2_sign(bool rnd_secret)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
 	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -1871,12 +1877,6 @@ _test_sm2_sign(bool rnd_secret)
 
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
 	asym_op->sm2.id.data = input_params.id.data;
 	asym_op->sm2.id.length = input_params.id.length;
 	if (rnd_secret) {
@@ -2041,6 +2041,12 @@ test_sm2_verify(void)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
 	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2065,12 +2071,6 @@ test_sm2_verify(void)
 
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
 	asym_op->sm2.r.data = input_params.sign_r.data;
 	asym_op->sm2.r.length = input_params.sign_r.length;
 	asym_op->sm2.s.data = input_params.sign_s.data;
@@ -2155,6 +2155,12 @@ _test_sm2_enc(bool rnd_secret)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
 	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2179,12 +2185,6 @@ _test_sm2_enc(bool rnd_secret)
 
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
 	if (rnd_secret) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
@@ -2347,6 +2347,12 @@ test_sm2_dec(void)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
 	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2371,12 +2377,6 @@ test_sm2_dec(void)
 
 	asym_op->sm2.cipher.data = input_params.cipher.data;
 	asym_op->sm2.cipher.length = input_params.cipher.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
 
 	/* Init out buf */
 	asym_op->sm2.message.data = output_buf_m;
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index c972878eff..d8ad0129b1 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -67,6 +67,24 @@ struct roc_ae_ec_group {
 struct roc_ae_ec_ctx {
 	/* Prime length defined by microcode for EC operations */
 	uint8_t curveid;
+
+	/* Private key */
+	struct {
+		uint8_t data[66];
+		unsigned int length;
+	} pkey;
+
+	/* Public key */
+	struct {
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} x;
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} y;
+	} q;
 };
 
 /* Buffer pointer */
diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h
index e6dcb7674c..b337dbc68d 100644
--- a/drivers/common/cpt/cpt_mcode_defines.h
+++ b/drivers/common/cpt/cpt_mcode_defines.h
@@ -364,6 +364,24 @@ struct cpt_ec_group {
 struct cpt_asym_ec_ctx {
 	/* Prime length defined by microcode for EC operations */
 	uint8_t curveid;
+
+	/* Private key */
+	struct {
+		uint8_t data[66];
+		unsigned int length;
+	} pkey;
+
+	/* Public key */
+	struct {
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} x;
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} y;
+	} q;
 };
 
 struct cpt_asym_sess_misc {
diff --git a/drivers/common/cpt/cpt_ucode_asym.h b/drivers/common/cpt/cpt_ucode_asym.h
index 1105a0c125..e1034bbeb4 100644
--- a/drivers/common/cpt/cpt_ucode_asym.h
+++ b/drivers/common/cpt/cpt_ucode_asym.h
@@ -633,12 +633,13 @@ static __rte_always_inline void
 cpt_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 		    struct asym_op_params *ecdsa_params,
 		    uint64_t fpm_table_iova,
-		    uint8_t curveid)
+		    struct cpt_asym_sess_misc *sess)
 {
 	struct cpt_request_info *req = ecdsa_params->req;
 	uint16_t message_len = ecdsa->message.length;
 	phys_addr_t mphys = ecdsa_params->meta_buf;
-	uint16_t pkey_len = ecdsa->pkey.length;
+	uint16_t pkey_len = sess->ec_ctx.pkey.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t p_align, k_align, m_align;
 	uint16_t k_len = ecdsa->k.length;
 	uint16_t order_len, prime_len;
@@ -688,7 +689,7 @@ cpt_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr + o_offset, ec_grp[curveid].order.data, order_len);
 	dptr += p_align;
 
-	memcpy(dptr + pk_offset, ecdsa->pkey.data, pkey_len);
+	memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
 	dptr += p_align;
 
 	memcpy(dptr, ecdsa->message.data, message_len);
@@ -735,14 +736,15 @@ static __rte_always_inline void
 cpt_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 		      struct asym_op_params *ecdsa_params,
 		      uint64_t fpm_table_iova,
-		      uint8_t curveid)
+		      struct cpt_asym_sess_misc *sess)
 {
 	struct cpt_request_info *req = ecdsa_params->req;
 	uint32_t message_len = ecdsa->message.length;
 	phys_addr_t mphys = ecdsa_params->meta_buf;
+	uint16_t qx_len = sess->ec_ctx.q.x.length;
+	uint16_t qy_len = sess->ec_ctx.q.y.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t o_offset, r_offset, s_offset;
-	uint16_t qx_len = ecdsa->q.x.length;
-	uint16_t qy_len = ecdsa->q.y.length;
 	uint16_t r_len = ecdsa->r.length;
 	uint16_t s_len = ecdsa->s.length;
 	uint16_t order_len, prime_len;
@@ -802,10 +804,10 @@ cpt_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr, ec_grp[curveid].prime.data, prime_len);
 	dptr += p_align;
 
-	memcpy(dptr + qx_offset, ecdsa->q.x.data, qx_len);
+	memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
 	dptr += p_align;
 
-	memcpy(dptr + qy_offset, ecdsa->q.y.data, qy_len);
+	memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
 	dptr += p_align;
 
 	memcpy(dptr, ec_grp[curveid].consta.data, prime_len);
@@ -852,10 +854,10 @@ cpt_enqueue_ecdsa_op(struct rte_crypto_op *op,
 	uint8_t curveid = sess->ec_ctx.curveid;
 
 	if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
-		cpt_ecdsa_sign_prep(ecdsa, params, fpm_iova[curveid], curveid);
+		cpt_ecdsa_sign_prep(ecdsa, params, fpm_iova[curveid], sess);
 	else if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
 		cpt_ecdsa_verify_prep(ecdsa, params, fpm_iova[curveid],
-				      curveid);
+				      sess);
 	else {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 		return -EINVAL;
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 7ad259b7f4..b9f5a591fe 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -198,6 +198,21 @@ cnxk_ae_fill_ec_params(struct cnxk_ae_sess *sess,
 		return -EINVAL;
 	}
 
+	if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_ECPM)
+		return 0;
+
+	ec->pkey.length = xform->ec.pkey.length;
+	if (xform->ec.pkey.length)
+		rte_memcpy(ec->pkey.data, xform->ec.pkey.data, xform->ec.pkey.length);
+
+	ec->q.x.length = xform->ec.q.x.length;
+	if (xform->ec.q.x.length)
+		rte_memcpy(ec->q.x.data, xform->ec.q.x.data, xform->ec.q.x.length);
+
+	ec->q.y.length = xform->ec.q.y.length;
+	if (xform->ec.q.y.length)
+		rte_memcpy(ec->q.y.data, xform->ec.q.y.data, xform->ec.q.y.length);
+
 	return 0;
 }
 
@@ -502,10 +517,11 @@ static __rte_always_inline void
 cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 			struct roc_ae_buf_ptr *meta_buf,
 			uint64_t fpm_table_iova, struct roc_ae_ec_group *ec_grp,
-			uint8_t curveid, struct cpt_inst_s *inst)
+			struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
 {
 	uint16_t message_len = ecdsa->message.length;
-	uint16_t pkey_len = ecdsa->pkey.length;
+	uint16_t pkey_len = sess->ec_ctx.pkey.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t p_align, k_align, m_align;
 	uint16_t k_len = ecdsa->k.length;
 	uint16_t order_len, prime_len;
@@ -555,7 +571,7 @@ cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr + o_offset, ec_grp->order.data, order_len);
 	dptr += p_align;
 
-	memcpy(dptr + pk_offset, ecdsa->pkey.data, pkey_len);
+	memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
 	dptr += p_align;
 
 	memcpy(dptr, ecdsa->message.data, message_len);
@@ -583,13 +599,14 @@ static __rte_always_inline void
 cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 			  struct roc_ae_buf_ptr *meta_buf,
 			  uint64_t fpm_table_iova,
-			  struct roc_ae_ec_group *ec_grp, uint8_t curveid,
+			  struct roc_ae_ec_group *ec_grp, struct cnxk_ae_sess *sess,
 			  struct cpt_inst_s *inst)
 {
 	uint32_t message_len = ecdsa->message.length;
+	uint16_t qx_len = sess->ec_ctx.q.x.length;
+	uint16_t qy_len = sess->ec_ctx.q.y.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t o_offset, r_offset, s_offset;
-	uint16_t qx_len = ecdsa->q.x.length;
-	uint16_t qy_len = ecdsa->q.y.length;
 	uint16_t r_len = ecdsa->r.length;
 	uint16_t s_len = ecdsa->s.length;
 	uint16_t order_len, prime_len;
@@ -649,10 +666,10 @@ cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr, ec_grp->prime.data, prime_len);
 	dptr += p_align;
 
-	memcpy(dptr + qx_offset, ecdsa->q.x.data, qx_len);
+	memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
 	dptr += p_align;
 
-	memcpy(dptr + qy_offset, ecdsa->q.y.data, qy_len);
+	memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
 	dptr += p_align;
 
 	memcpy(dptr, ec_grp->consta.data, prime_len);
@@ -685,10 +702,10 @@ cnxk_ae_enqueue_ecdsa_op(struct rte_crypto_op *op,
 
 	if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
 		cnxk_ae_ecdsa_sign_prep(ecdsa, meta_buf, fpm_iova[curveid],
-					ec_grp[curveid], curveid, inst);
+					ec_grp[curveid], sess, inst);
 	else if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
 		cnxk_ae_ecdsa_verify_prep(ecdsa, meta_buf, fpm_iova[curveid],
-					  ec_grp[curveid], curveid, inst);
+					  ec_grp[curveid], sess, inst);
 	else {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 		return -EINVAL;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5e8624cebe..c234882417 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2673,12 +2673,8 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
 {
 	EVP_PKEY_CTX *kctx = NULL, *sctx = NULL, *cctx = NULL;
 	struct rte_crypto_asym_op *op = cop->asym;
-	OSSL_PARAM_BLD *param_bld = NULL;
-	OSSL_PARAM *params = NULL;
+	OSSL_PARAM *params = sess->u.sm2.params;
 	EVP_PKEY *pkey = NULL;
-	BIGNUM *pkey_bn = NULL;
-	uint8_t pubkey[64];
-	size_t len = 0;
 	int ret = -1;
 
 	cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
@@ -2686,50 +2682,6 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
 	if (cop->asym->sm2.k.data != NULL)
 		goto err_sm2;
 
-	param_bld = OSSL_PARAM_BLD_new();
-	if (!param_bld) {
-		OPENSSL_LOG(ERR, "failed to allocate params\n");
-		goto err_sm2;
-	}
-
-	ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
-		OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0);
-	if (!ret) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
-	pkey_bn = BN_bin2bn((const unsigned char *)op->sm2.pkey.data,
-						op->sm2.pkey.length, pkey_bn);
-
-	memset(pubkey, 0, RTE_DIM(pubkey));
-	pubkey[0] = 0x04;
-	len += 1;
-	memcpy(&pubkey[len], op->sm2.q.x.data, op->sm2.q.x.length);
-	len += op->sm2.q.x.length;
-	memcpy(&pubkey[len], op->sm2.q.y.data, op->sm2.q.y.length);
-	len += op->sm2.q.y.length;
-
-	ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY,
-								 pkey_bn);
-	if (!ret) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
-	ret = OSSL_PARAM_BLD_push_octet_string(param_bld,
-			OSSL_PKEY_PARAM_PUB_KEY, pubkey, len);
-	if (!ret) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
-	params = OSSL_PARAM_BLD_to_param(param_bld);
-	if (!params) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
 	switch (op->sm2.op_type) {
 	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
 		{
@@ -2940,9 +2892,6 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
 	if (pkey)
 		EVP_PKEY_free(pkey);
 
-	if (param_bld)
-		OSSL_PARAM_BLD_free(param_bld);
-
 	return ret;
 }
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 6252a36f94..083ad63360 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -1303,6 +1303,9 @@ static int openssl_set_asym_session_parameters(
 #ifndef OPENSSL_NO_SM2
 		OSSL_PARAM_BLD *param_bld = NULL;
 		OSSL_PARAM *params = NULL;
+		BIGNUM *pkey_bn = NULL;
+		uint8_t pubkey[64];
+		size_t len = 0;
 		int ret = -1;
 
 		param_bld = OSSL_PARAM_BLD_new();
@@ -1318,6 +1321,38 @@ static int openssl_set_asym_session_parameters(
 			goto err_sm2;
 		}
 
+		ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
+				OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		pkey_bn = BN_bin2bn((const unsigned char *)xform->ec.pkey.data,
+							xform->ec.pkey.length, pkey_bn);
+
+		ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY,
+									 pkey_bn);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		memset(pubkey, 0, sizeof(pubkey));
+		pubkey[0] = 0x04;
+		len += 1;
+		memcpy(&pubkey[len], xform->ec.q.x.data, xform->ec.q.x.length);
+		len += xform->ec.q.x.length;
+		memcpy(&pubkey[len], xform->ec.q.y.data, xform->ec.q.y.length);
+		len += xform->ec.q.y.length;
+
+		ret = OSSL_PARAM_BLD_push_octet_string(param_bld,
+				OSSL_PKEY_PARAM_PUB_KEY, pubkey, len);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
 		params = OSSL_PARAM_BLD_to_param(param_bld);
 		if (!params) {
 			OPENSSL_LOG(ERR, "failed to push params\n");
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 7abd513423..0f196ace30 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -593,7 +593,7 @@ ecdsa_set_input(struct icp_qat_fw_pke_request *qat_req,
 		qat_func_alignsize =
 			RTE_ALIGN_CEIL(qat_function.bytesize, 8);
 
-		SET_PKE_9A_IN(asym_op->ecdsa.pkey, 0);
+		SET_PKE_9A_IN(xform->ec.pkey, 0);
 		SET_PKE_9A_IN(asym_op->ecdsa.message, 1);
 		SET_PKE_9A_IN(asym_op->ecdsa.k, 2);
 		SET_PKE_9A_EC(curve[curve_id], b, 3);
@@ -635,8 +635,8 @@ ecdsa_set_input(struct icp_qat_fw_pke_request *qat_req,
 		SET_PKE_9A_EC(curve[curve_id], n, 7);
 		SET_PKE_9A_EC(curve[curve_id], x, 6);
 		SET_PKE_9A_EC(curve[curve_id], y, 5);
-		SET_PKE_9A_IN(asym_op->ecdsa.q.x, 4);
-		SET_PKE_9A_IN(asym_op->ecdsa.q.y, 3);
+		SET_PKE_9A_IN(xform->ec.q.x, 4);
+		SET_PKE_9A_IN(xform->ec.q.y, 3);
 		SET_PKE_9A_EC(curve[curve_id], a, 2);
 		SET_PKE_9A_EC(curve[curve_id], b, 1);
 		SET_PKE_9A_EC(curve[curve_id], p, 0);
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index fed5596f36..7ae2c6c007 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1006,8 +1006,6 @@ prepare_ecdsa_op(void)
 		asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
 		asym->ecdsa.message.data = msg.val;
 		asym->ecdsa.message.length = msg.len;
-		asym->ecdsa.pkey.data = vec.ecdsa.pkey.val;
-		asym->ecdsa.pkey.length = vec.ecdsa.pkey.len;
 		asym->ecdsa.k.data = vec.ecdsa.k.val;
 		asym->ecdsa.k.length = vec.ecdsa.k.len;
 
@@ -1029,10 +1027,6 @@ prepare_ecdsa_op(void)
 		asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
 		asym->ecdsa.message.data = msg.val;
 		asym->ecdsa.message.length = msg.len;
-		asym->ecdsa.q.x.data = vec.ecdsa.qx.val;
-		asym->ecdsa.q.x.length = vec.ecdsa.qx.len;
-		asym->ecdsa.q.y.data = vec.ecdsa.qy.val;
-		asym->ecdsa.q.y.length = vec.ecdsa.qy.len;
 		asym->ecdsa.r.data = vec.ecdsa.r.val;
 		asym->ecdsa.r.length = vec.ecdsa.r.len;
 		asym->ecdsa.s.data = vec.ecdsa.s.val;
@@ -1570,6 +1564,9 @@ prepare_ecdsa_xform(struct rte_crypto_asym_xform *xform)
 				info.device_name, RTE_CRYPTO_ASYM_OP_SIGN);
 			return -EPERM;
 		}
+
+		xform->ec.pkey.data = vec.ecdsa.pkey.val;
+		xform->ec.pkey.length = vec.ecdsa.pkey.len;
 		break;
 	case FIPS_TEST_ASYM_SIGVER:
 		if (!rte_cryptodev_asym_xform_capability_check_optype(cap,
@@ -1578,6 +1575,11 @@ prepare_ecdsa_xform(struct rte_crypto_asym_xform *xform)
 				info.device_name, RTE_CRYPTO_ASYM_OP_VERIFY);
 			return -EPERM;
 		}
+
+		xform->ec.q.x.data = vec.ecdsa.qx.val;
+		xform->ec.q.x.length = vec.ecdsa.qx.len;
+		xform->ec.q.y.data = vec.ecdsa.qy.val;
+		xform->ec.q.y.length = vec.ecdsa.qy.len;
 		break;
 	default:
 		break;
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 4b9d6a9d9f..268a4ee708 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -377,6 +377,12 @@ struct rte_crypto_dsa_xform {
 struct rte_crypto_ec_xform {
 	enum rte_crypto_curve_id curve_id;
 	/**< Pre-defined ec groups */
+
+	rte_crypto_uint pkey;
+	/**< Private key */
+
+	struct rte_crypto_ec_point q;
+	/**< Public key */
 };
 
 /**
@@ -562,12 +568,6 @@ struct rte_crypto_ecdsa_op_param {
 	enum rte_crypto_asym_op_type op_type;
 	/**< Signature generation or verification */
 
-	rte_crypto_uint pkey;
-	/**< Private key of the signer for signature generation */
-
-	struct rte_crypto_ec_point q;
-	/**< Public key of the signer for verification */
-
 	rte_crypto_param message;
 	/**< Input message digest to be signed or verified */
 
@@ -648,12 +648,6 @@ struct rte_crypto_sm2_op_param {
 	enum rte_crypto_auth_algorithm hash;
 	/**< Hash algorithm used in EC op. */
 
-	rte_crypto_uint pkey;
-	/**< Private key for encryption or sign generation. */
-
-	struct rte_crypto_ec_point q;
-	/**< Public key for decryption or verification. */
-
 	rte_crypto_param message;
 	/**<
 	 * Pointer to input data
-- 
2.25.1

[PATCH v3 5/7] cryptodev: add RNG capability in EC based xform

[Gowrishankar Muthukrishnan]

Elliptic curve based asymmetric operations use cryptographically
secure random number in its computation. If PMD supports RNG
for such ops, the application could skip computing on its own.
This patch adds new field in asymmetric capability to declare
this capability.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 2 ++
 lib/cryptodev/rte_cryptodev.h                | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 083ad63360..2862c294a9 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -604,6 +604,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
 				 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
 				 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+				{.internal_rng = 1
+				}
 			}
 		}
 		}
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 47c6fda25b..9f36e0323d 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -181,6 +181,12 @@ struct rte_cryptodev_asymmetric_xform_capability {
 		/**< Range of modulus length supported by modulus based xform.
 		 * Value 0 mean implementation default
 		 */
+
+		uint8_t internal_rng;
+		/**< Availability of random number generator for Elliptic curve based xform.
+		 * Value 0 means unavailable, and application should pass the required
+		 * random value. Otherwise, PMD would internally compute the random number.
+		 */
 	};
 
 	uint64_t hash_algos;
-- 
2.25.1

[PATCH v3 6/7] crypto/cnxk: add SM2 support

[Gowrishankar Muthukrishnan]

Add SM2 asymmetric algorithm support in cnxk PMD.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/cryptodevs/features/cn10k.ini      |   1 +
 doc/guides/rel_notes/release_23_11.rst        |   6 +
 drivers/common/cnxk/hw/cpt.h                  |   3 +-
 drivers/common/cnxk/roc_ae.c                  |  32 ++-
 drivers/common/cnxk/roc_ae.h                  |   3 +-
 drivers/common/cnxk/roc_ae_fpm_tables.c       | 190 ++++++++++++++
 drivers/crypto/cnxk/cnxk_ae.h                 | 232 +++++++++++++++++-
 drivers/crypto/cnxk/cnxk_cryptodev.h          |   2 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c |  17 ++
 9 files changed, 481 insertions(+), 5 deletions(-)

diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini
index 55a1226965..15e2dd48a8 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -103,6 +103,7 @@ Modular Inversion       =
 Diffie-hellman          =
 ECDSA                   = Y
 ECPM                    = Y
+SM2                     = Y
 
 ;
 ; Supported Operating systems of the 'cn10k' crypto driver.
diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst
index e9afae8030..b21e78c7a0 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -72,12 +72,18 @@ New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+
 * build: Enabling deprecated libraries is now done using the new
   ``enable_deprecated_libraries`` build option.
 
 * build: Optional libraries can now be selected with the new ``enable_libs``
   build option similarly to the existing ``enable_drivers`` build option.
 
+* **Updated CNXK crypto driver.**
+
+  * Added SM2 algorithm support in asymmetric crypto operations.
+
+
 
 Removed Items
 -------------
diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index 5e1519e202..ce57de8788 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -79,7 +79,8 @@ union cpt_eng_caps {
 		uint64_t __io reserved_23_33 : 11;
 		uint64_t __io pdcp_chain : 1;
 		uint64_t __io sg_ver2 : 1;
-		uint64_t __io reserved_36_63 : 28;
+		uint64_t __io sm2 : 1;
+		uint64_t __io reserved_37_63 : 27;
 	};
 };
 
diff --git a/drivers/common/cnxk/roc_ae.c b/drivers/common/cnxk/roc_ae.c
index 336b927641..e6a013d7c4 100644
--- a/drivers/common/cnxk/roc_ae.c
+++ b/drivers/common/cnxk/roc_ae.c
@@ -149,7 +149,37 @@ const struct roc_ae_ec_group ae_ec_grp[ROC_AE_EC_ID_PMAX] = {
 			     0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C,
 			     0x34, 0xF1, 0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50,
 			     0x3F, 0x00},
-		    .length = 66}}};
+		    .length = 66},
+	},
+	{},
+	{},
+	{},
+	{
+		.prime = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+				   0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF},
+			  .length = 32},
+		.order = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0x72, 0x03, 0xDF, 0x6B, 0x21,
+				   0xC6, 0x05, 0x2B, 0x53, 0xBB, 0xF4, 0x09,
+				   0x39, 0xD5, 0x41, 0x23},
+			  .length = 32},
+		.consta = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+				    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+				    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+				    0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+				    0xFF, 0xFF, 0xFF, 0xFC},
+			   .length = 32},
+		.constb = {.data = {0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E,
+				    0x34, 0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65,
+				    0x09, 0xA7, 0xF3, 0x97, 0x89, 0xF5, 0x15,
+				    0xAB, 0x8F, 0x92, 0xDD, 0xBC, 0xBD, 0x41,
+				    0x4D, 0x94, 0x0E, 0x93},
+			   .length = 32},
+	}};
 
 int
 roc_ae_ec_grp_get(struct roc_ae_ec_group **tbl)
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index d8ad0129b1..d459c5e680 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -34,7 +34,8 @@ typedef enum {
 	ROC_AE_EC_ID_P160 = 5,
 	ROC_AE_EC_ID_P320 = 6,
 	ROC_AE_EC_ID_P512 = 7,
-	ROC_AE_EC_ID_PMAX = 8
+	ROC_AE_EC_ID_SM2  = 8,
+	ROC_AE_EC_ID_PMAX
 } roc_ae_ec_id;
 
 /* Prime and order fields of built-in elliptic curves */
diff --git a/drivers/common/cnxk/roc_ae_fpm_tables.c b/drivers/common/cnxk/roc_ae_fpm_tables.c
index f91570299b..ead3128e7f 100644
--- a/drivers/common/cnxk/roc_ae_fpm_tables.c
+++ b/drivers/common/cnxk/roc_ae_fpm_tables.c
@@ -1057,6 +1057,189 @@ const uint8_t ae_fpm_tbl_p521[AE_FPM_P521_LEN] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
 };
 
+const uint8_t ae_fpm_tbl_p256_sm2[AE_FPM_P256_LEN] = {
+	0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7, 0x8F, 0xE3, 0x0B, 0xBF,
+	0xF2, 0x66, 0x0B, 0xE1, 0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94,
+	0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0, 0xD0, 0xA9, 0x87, 0x7C,
+	0xC6, 0x2A, 0x47, 0x40, 0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53,
+	0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xE1, 0x8B, 0xD5, 0x46, 0xB5, 0x82, 0x45, 0x17, 0x67, 0x38, 0x91, 0xD7,
+	0x91, 0xCA, 0xA4, 0x86, 0xBA, 0x22, 0x0B, 0x99, 0xDF, 0x9F, 0x9A, 0x14,
+	0x95, 0xAF, 0xBD, 0x11, 0x55, 0xC1, 0xDA, 0x54, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x8E, 0x44, 0x50, 0xEB, 0x33, 0x4A, 0xCD, 0xCB, 0xC3, 0xC7, 0xD1, 0x89,
+	0x8A, 0x53, 0xF2, 0x0D, 0x2E, 0xEE, 0x75, 0x0F, 0x40, 0x53, 0x01, 0x7C,
+	0xE8, 0xA6, 0xD8, 0x2C, 0x51, 0x73, 0x88, 0xC2, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xF8, 0x1C, 0x8D, 0xA9, 0xB9, 0x9F, 0xBA, 0x55, 0x13, 0x7F, 0x6C, 0x61,
+	0x49, 0xFE, 0xEF, 0x6E, 0xCB, 0x12, 0x9A, 0xA4, 0x94, 0xDA, 0x9A, 0xD4,
+	0x82, 0xA0, 0xF5, 0x40, 0x7D, 0x12, 0x3D, 0xB6, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xFD, 0xEC, 0xA0, 0x07, 0x72, 0xC4, 0xDB, 0xC9, 0xA9, 0x61, 0xB5, 0x8F,
+	0x0C, 0xF5, 0x83, 0x73, 0xEC, 0xAC, 0xAB, 0x94, 0xE9, 0x73, 0xF9, 0xC3,
+	0xF1, 0x2F, 0xA4, 0x69, 0x6A, 0x22, 0xCA, 0x3F, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xEA, 0xE3, 0xD9, 0xA9, 0xD1, 0x3A, 0x42, 0xED, 0x2B, 0x23, 0x08, 0xF6,
+	0x48, 0x4E, 0x1B, 0x38, 0x3D, 0xB7, 0xB2, 0x48, 0x88, 0xC2, 0x1F, 0x3A,
+	0xB6, 0x92, 0xE5, 0xB5, 0x74, 0xD5, 0x5D, 0xA9, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xD1, 0x86, 0x46, 0x9D, 0xE2, 0x95, 0xE5, 0xAB, 0xDB, 0x61, 0xAC, 0x17,
+	0x73, 0x43, 0x8E, 0x6D, 0x5A, 0x92, 0x4F, 0x85, 0x54, 0x49, 0x26, 0xF9,
+	0xA1, 0x75, 0x05, 0x1B, 0x0F, 0x3F, 0xB6, 0x13, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xA7, 0x2D, 0x08, 0x4F, 0x62, 0xC8, 0xD5, 0x8B, 0xE3, 0xD6, 0x46, 0x7D,
+	0xEA, 0xF4, 0x8F, 0xD7, 0x8F, 0xE7, 0x5E, 0x5A, 0x12, 0x8A, 0x56, 0xA7,
+	0xC0, 0x02, 0x3F, 0xE7, 0xFF, 0x2B, 0x68, 0xBD, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x64, 0xF6, 0x77, 0x82, 0x31, 0x68, 0x15, 0xF9, 0xB5, 0x2B, 0x6D, 0x9B,
+	0x19, 0xA6, 0x9C, 0xD2, 0x5D, 0x1E, 0xD6, 0xFA, 0x89, 0xCB, 0xBA, 0xDE,
+	0x79, 0x6C, 0x91, 0x0E, 0xE7, 0xF4, 0xCC, 0xDB, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x1B, 0x21, 0x50, 0xC1, 0xC5, 0xF1, 0x30, 0x15, 0xDA, 0xAB, 0xA9, 0x1B,
+	0x5D, 0x95, 0x2C, 0x9B, 0x0E, 0x8C, 0xC2, 0x4C, 0x3F, 0x54, 0x61, 0x42,
+	0x75, 0xA3, 0x4B, 0x24, 0x37, 0x05, 0xF2, 0x60, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x77, 0xD1, 0x95, 0x42, 0x1C, 0xEF, 0x13, 0x39, 0x63, 0x66, 0x44, 0xAA,
+	0x0C, 0x3A, 0x06, 0x23, 0x46, 0x83, 0xDF, 0x17, 0x6E, 0xEB, 0x24, 0x44,
+	0x64, 0x2C, 0xE3, 0xBD, 0x35, 0x35, 0xE7, 0x4D, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x4A, 0x59, 0xAC, 0x2C, 0x6E, 0x7E, 0xCC, 0x08, 0xAF, 0x2B, 0x71, 0x16,
+	0x4F, 0x19, 0x1D, 0x63, 0x36, 0x22, 0xA8, 0x7F, 0xB2, 0x84, 0x55, 0x4F,
+	0xD9, 0xEB, 0x39, 0x7B, 0x44, 0x1E, 0x9C, 0xD0, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xA6, 0x6B, 0x8A, 0x48, 0x93, 0xB6, 0xA5, 0x4D, 0x26, 0xFB, 0x89, 0xA4,
+	0x0B, 0x4A, 0x66, 0x3A, 0xAF, 0xA8, 0x75, 0x01, 0xEE, 0xDF, 0xC9, 0xF4,
+	0xF3, 0xF0, 0x00, 0xBC, 0x66, 0xF9, 0x81, 0x08, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xAD, 0x8B, 0xC6, 0x8C, 0xE0, 0x31, 0xD6, 0x16, 0x16, 0x88, 0x8D, 0x8E,
+	0xE4, 0x00, 0x31, 0x87, 0x44, 0xC0, 0x75, 0x7F, 0x3B, 0xB8, 0xB6, 0x00,
+	0x79, 0x3F, 0xAE, 0x7A, 0xF0, 0x16, 0x42, 0x45, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x21, 0x0C, 0xD0, 0x42, 0x97, 0x3F, 0x33, 0x3B, 0x08, 0x66, 0x6F, 0xF5,
+	0x2D, 0xBD, 0x25, 0xF9, 0x65, 0xC5, 0xB1, 0x29, 0xF5, 0xF7, 0xAD, 0x5D,
+	0xE0, 0x3D, 0x7A, 0x8D, 0x19, 0xB3, 0x21, 0x9A, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xD6, 0x8B, 0xFB, 0xAC, 0xE0, 0xE0, 0x03, 0x92, 0x26, 0x10, 0x14, 0xF7,
+	0xD3, 0x44, 0x5D, 0xC7, 0xD9, 0xF4, 0x6B, 0x27, 0x14, 0xA0, 0x71, 0xEE,
+	0x1B, 0x20, 0x0A, 0xF3, 0x08, 0x10, 0xB6, 0x82, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0D, 0x91, 0xD8, 0xB1, 0x2A, 0xE6, 0x9B, 0xCD, 0x74, 0xA0, 0x8F, 0x17,
+	0xBF, 0x8C, 0xD9, 0x81, 0xD8, 0x22, 0x91, 0x3C, 0xF0, 0xD2, 0xB8, 0x2D,
+	0x24, 0x8B, 0x7A, 0xF0, 0xB0, 0x5B, 0xFA, 0xD2, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xBA, 0x11, 0x9A, 0x04, 0x9E, 0x62, 0xF2, 0xE2, 0xF2, 0x78, 0xE8, 0xA3,
+	0x4D, 0xF0, 0x5A, 0xE5, 0xD2, 0x69, 0xF3, 0x56, 0x4E, 0xB5, 0xD1, 0x80,
+	0x8E, 0x74, 0xAD, 0x0F, 0x4F, 0x95, 0x7C, 0xB1, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x11, 0x2F, 0xF4, 0xDA, 0xBD, 0x76, 0xE2, 0xDD, 0x91, 0x37, 0x3F, 0x20,
+	0x63, 0x0F, 0xDB, 0x7F, 0xF4, 0x3E, 0xAB, 0x47, 0x49, 0x92, 0x90, 0x4C,
+	0x55, 0xA5, 0xCC, 0xC7, 0xAF, 0x3B, 0x6D, 0xB4, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x5A, 0xD1, 0x04, 0xA8, 0xBD, 0xD2, 0x3D, 0xE9, 0xF5, 0xA9, 0xE5, 0x15,
+	0xEB, 0x71, 0xC2, 0xC1, 0x39, 0x05, 0x42, 0xA0, 0xBA, 0x95, 0xC1, 0x74,
+	0x4C, 0x55, 0xFB, 0x20, 0x42, 0x64, 0x91, 0xBF, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x91, 0x52, 0x57, 0x35, 0xEF, 0x62, 0x62, 0x89, 0xD2, 0xED, 0x97, 0x7F,
+	0x88, 0xF0, 0x96, 0x35, 0xFD, 0x48, 0x73, 0x1B, 0x7A, 0x8A, 0x85, 0x21,
+	0x08, 0xF8, 0x9A, 0x03, 0xB8, 0xFD, 0xEB, 0xEA, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x7E, 0x8E, 0x61, 0xEA, 0x35, 0xEB, 0x8E, 0x2E, 0x1B, 0xB2, 0x70, 0x0D,
+	0xB9, 0x8A, 0x76, 0x2C, 0xD8, 0x1E, 0xA2, 0x3B, 0x77, 0x38, 0xC1, 0x7C,
+	0xF9, 0xDE, 0xF2, 0xA4, 0x6D, 0xBA, 0x26, 0xA3, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x18, 0x3A, 0x79, 0x12, 0xD0, 0x5E, 0x32, 0x9F, 0x34, 0x66, 0x4A, 0x08,
+	0x96, 0xCC, 0xDE, 0x0E, 0x56, 0xC2, 0x26, 0x52, 0x61, 0x42, 0x83, 0xBB,
+	0x91, 0x69, 0x28, 0x99, 0xD5, 0xFF, 0x05, 0x13, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x44, 0x9D, 0x48, 0xD8, 0xF3, 0xBD, 0xBE, 0x19, 0xAB, 0x95, 0xDE, 0x03,
+	0xCC, 0x85, 0x10, 0xCB, 0xAE, 0xF1, 0x59, 0x46, 0x3F, 0x8B, 0xFB, 0x25,
+	0xDA, 0x72, 0xC3, 0x79, 0xDA, 0xE3, 0xCA, 0x8B, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xCB, 0xA9, 0x31, 0x5C, 0xE8, 0x2C, 0xC3, 0xEA, 0x4E, 0x52, 0x4B, 0xAC,
+	0x38, 0xA5, 0x80, 0x20, 0x36, 0xBA, 0x27, 0x52, 0x53, 0x8E, 0x34, 0x8C,
+	0xB1, 0x70, 0xD0, 0xDA, 0x75, 0xED, 0x45, 0x0F, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x94, 0x7A, 0xF0, 0xF5, 0x2B, 0x4F, 0x8D, 0xA6, 0x7E, 0xDA, 0x17, 0xD9,
+	0x17, 0x82, 0x79, 0x76, 0x5B, 0xA7, 0x9A, 0x0C, 0x70, 0x58, 0x53, 0xA0,
+	0xA5, 0xD9, 0x87, 0x3B, 0x3F, 0xB2, 0xDD, 0xC7, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xC2, 0xA4, 0x81, 0x62, 0xA5, 0xFD, 0x9C, 0xE9, 0x80, 0xEE, 0x8A, 0xE5,
+	0x26, 0xF2, 0x5F, 0x02, 0xF6, 0x0C, 0x8E, 0xF6, 0x63, 0x3B, 0xE6, 0xA9,
+	0xE2, 0xE2, 0x3F, 0x02, 0x29, 0xA8, 0x4A, 0x35, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xBC, 0x49, 0x45, 0xBD, 0x86, 0xBB, 0x6A, 0xFB, 0x23, 0x7E, 0xB7, 0x11,
+	0xEB, 0xA4, 0x6F, 0xEE, 0x7C, 0x1D, 0xB5, 0x8B, 0x7B, 0x86, 0xEB, 0x33,
+	0xD9, 0x4E, 0xB7, 0x28, 0x27, 0x3B, 0x3A, 0xC7, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xBE, 0x17, 0x17, 0xE5, 0x95, 0x68, 0xD0, 0xA4, 0x4A, 0x60, 0x67, 0xCC,
+	0x45, 0xF7, 0x02, 0x12, 0x19, 0xB3, 0x2E, 0xB5, 0xAF, 0xC2, 0xFB, 0x17,
+	0xBE, 0x3C, 0x1E, 0x7A, 0xC3, 0xAC, 0x9D, 0x3C, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
 const struct ae_fpm_entry ae_fpm_tbl_scalar[ROC_AE_EC_ID_PMAX] = {
 	{
 		.data = ae_fpm_tbl_p192,
@@ -1077,6 +1260,13 @@ const struct ae_fpm_entry ae_fpm_tbl_scalar[ROC_AE_EC_ID_PMAX] = {
 	{
 		.data = ae_fpm_tbl_p521,
 		.len = sizeof(ae_fpm_tbl_p521)
+	},
+	{},
+	{},
+	{},
+	{
+		.data = ae_fpm_tbl_p256_sm2,
+		.len = sizeof(ae_fpm_tbl_p256_sm2)
 	}
 };
 
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index b9f5a591fe..2fec4fddad 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -193,8 +193,11 @@ cnxk_ae_fill_ec_params(struct cnxk_ae_sess *sess,
 	case RTE_CRYPTO_EC_GROUP_SECP521R1:
 		ec->curveid = ROC_AE_EC_ID_P521;
 		break;
+	case RTE_CRYPTO_EC_GROUP_SM2:
+		ec->curveid = ROC_AE_EC_ID_SM2;
+		break;
 	default:
-		/* Only NIST curves (FIPS 186-4) are supported */
+		/* Only NIST curves (FIPS 186-4) and SM2 are supported */
 		return -EINVAL;
 	}
 
@@ -235,6 +238,7 @@ cnxk_ae_fill_session_parameters(struct cnxk_ae_sess *sess,
 		/* Fall through */
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 	case RTE_CRYPTO_ASYM_XFORM_ECFPM:
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
 		ret = cnxk_ae_fill_ec_params(sess, xform);
 		break;
 	default:
@@ -713,6 +717,204 @@ cnxk_ae_enqueue_ecdsa_op(struct rte_crypto_op *op,
 	return 0;
 }
 
+static __rte_always_inline void
+cnxk_ae_sm2_sign_prep(struct rte_crypto_sm2_op_param *sm2,
+			 struct roc_ae_buf_ptr *meta_buf,
+			 uint64_t fpm_table_iova, struct roc_ae_ec_group *ec_grp,
+			 struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
+{
+	uint16_t message_len = sm2->message.length;
+	uint16_t pkey_len = sess->ec_ctx.pkey.length;
+	uint16_t p_align, k_align, m_align;
+	uint16_t k_len = sm2->k.length;
+	uint16_t order_len, prime_len;
+	uint16_t o_offset, pk_offset;
+	union cpt_inst_w4 w4;
+	uint16_t dlen;
+	uint8_t *dptr;
+
+	prime_len = ec_grp->prime.length;
+	order_len = ec_grp->order.length;
+
+	/* Truncate input length to curve prime length */
+	if (message_len > prime_len)
+		message_len = prime_len;
+	m_align = RTE_ALIGN_CEIL(message_len, 8);
+
+	p_align = RTE_ALIGN_CEIL(prime_len, 8);
+	k_align = RTE_ALIGN_CEIL(k_len, 8);
+
+	/* Set write offset for order and private key */
+	o_offset = prime_len - order_len;
+	pk_offset = p_align - pkey_len;
+
+	/* Input buffer */
+	dptr = meta_buf->vaddr;
+	inst->dptr = (uintptr_t)dptr;
+
+	/*
+	 * Set dlen = sum(sizeof(fpm address), ROUNDUP8(scalar len, input len),
+	 * ROUNDUP8(priv key len, prime len, order len)).
+	 * Please note, private key, order cannot exceed prime
+	 * length i.e 3 * p_align.
+	 */
+	dlen = sizeof(fpm_table_iova) + k_align + m_align + p_align * 5;
+
+	memset(dptr, 0, dlen);
+
+	*(uint64_t *)dptr = fpm_table_iova;
+	dptr += sizeof(fpm_table_iova);
+
+	rte_memcpy(dptr, sm2->k.data, k_len);
+	dptr += k_align;
+
+	rte_memcpy(dptr, ec_grp->prime.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + o_offset, ec_grp->order.data, order_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, sm2->message.data, message_len);
+	dptr += m_align;
+
+	rte_memcpy(dptr, ec_grp->consta.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->constb.data, prime_len);
+	dptr += p_align;
+
+	/* Setup opcodes */
+	w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA;
+	w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_SIGN;
+
+	w4.s.param1 = 2 | 1 << 7 | 1 << 6 | (message_len << 8);
+	w4.s.param2 = (p_align << 8) | k_len;
+	w4.s.dlen = dlen;
+
+	inst->w4.u64 = w4.u64;
+	inst->rptr = (uintptr_t)dptr;
+}
+
+static __rte_always_inline void
+cnxk_ae_sm2_verify_prep(struct rte_crypto_sm2_op_param *sm2,
+			 struct roc_ae_buf_ptr *meta_buf,
+			 uint64_t fpm_table_iova,
+			 struct roc_ae_ec_group *ec_grp, struct cnxk_ae_sess *sess,
+			 struct cpt_inst_s *inst)
+{
+	uint32_t message_len = sm2->message.length;
+	uint16_t o_offset, r_offset, s_offset;
+	uint16_t qx_len = sess->ec_ctx.q.x.length;
+	uint16_t qy_len = sess->ec_ctx.q.y.length;
+	uint16_t r_len = sm2->r.length;
+	uint16_t s_len = sm2->s.length;
+	uint16_t order_len, prime_len;
+	uint16_t qx_offset, qy_offset;
+	uint16_t p_align, m_align;
+	union cpt_inst_w4 w4;
+	uint16_t dlen;
+	uint8_t *dptr;
+
+	prime_len = ec_grp->prime.length;
+	order_len = ec_grp->order.length;
+
+	/* Truncate input length to curve prime length */
+	if (message_len > prime_len)
+		message_len = prime_len;
+
+	m_align = RTE_ALIGN_CEIL(message_len, 8);
+	p_align = RTE_ALIGN_CEIL(prime_len, 8);
+
+	/* Set write offset for sign, order and public key coordinates */
+	o_offset = prime_len - order_len;
+	qx_offset = prime_len - qx_len;
+	qy_offset = prime_len - qy_len;
+	r_offset = prime_len - r_len;
+	s_offset = prime_len - s_len;
+
+	/* Input buffer */
+	dptr = meta_buf->vaddr;
+	inst->dptr = (uintptr_t)dptr;
+
+	/*
+	 * Set dlen = sum(sizeof(fpm address), ROUNDUP8(message len),
+	 * ROUNDUP8(sign len(r and s), public key len(x and y coordinates),
+	 * prime len, order len)).
+	 * Please note sign, public key and order can not exceed prime length
+	 * i.e. 6 * p_align
+	 */
+	dlen = sizeof(fpm_table_iova) + m_align + (8 * p_align);
+
+	memset(dptr, 0, dlen);
+
+	*(uint64_t *)dptr = fpm_table_iova;
+	dptr += sizeof(fpm_table_iova);
+
+	rte_memcpy(dptr + r_offset, sm2->r.data, r_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + s_offset, sm2->s.data, s_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, sm2->message.data, message_len);
+	dptr += m_align;
+
+	rte_memcpy(dptr + o_offset, ec_grp->order.data, order_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->prime.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->consta.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->constb.data, prime_len);
+	dptr += p_align;
+
+	/* Setup opcodes */
+	w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA;
+	w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_VERIFY;
+
+	w4.s.param1 = 2 | 1 << 7 | 1 << 6 | (message_len << 8);
+	w4.s.param2 = 0;
+	w4.s.dlen = dlen;
+
+	inst->w4.u64 = w4.u64;
+	inst->rptr = (uintptr_t)dptr;
+}
+
+static __rte_always_inline int __rte_hot
+cnxk_ae_enqueue_sm2_op(struct rte_crypto_op *op,
+					   struct roc_ae_buf_ptr *meta_buf,
+					   struct cnxk_ae_sess *sess, uint64_t *fpm_iova,
+					   struct roc_ae_ec_group **ec_grp,
+					   struct cpt_inst_s *inst)
+{
+	struct rte_crypto_sm2_op_param *sm2 = &op->asym->sm2;
+	uint8_t curveid = sess->ec_ctx.curveid;
+
+	if (sm2->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
+		cnxk_ae_sm2_sign_prep(sm2, meta_buf, fpm_iova[curveid],
+							  ec_grp[curveid], sess, inst);
+	else if (sm2->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+		cnxk_ae_sm2_verify_prep(sm2, meta_buf, fpm_iova[curveid],
+								ec_grp[curveid], sess, inst);
+	else {
+		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		return -EINVAL;
+	}
+	return 0;
+}
+
 static __rte_always_inline int
 cnxk_ae_ecfpm_prep(struct rte_crypto_ecpm_op_param *ecpm,
 		   struct roc_ae_buf_ptr *meta_buf, uint64_t *fpm_iova,
@@ -915,6 +1117,23 @@ cnxk_ae_dequeue_ecdsa_op(struct rte_crypto_ecdsa_op_param *ecdsa, uint8_t *rptr,
 	ecdsa->s.length = prime_len;
 }
 
+static __rte_always_inline void
+cnxk_ae_dequeue_sm2_op(struct rte_crypto_sm2_op_param *sm2, uint8_t *rptr,
+			 struct roc_ae_ec_ctx *ec,
+			 struct roc_ae_ec_group **ec_grp)
+{
+	int prime_len = ec_grp[ec->curveid]->prime.length;
+
+	if (sm2->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+		return;
+
+	/* Separate out sign r and s components */
+	rte_memcpy(sm2->r.data, rptr, prime_len);
+	rte_memcpy(sm2->s.data, rptr + RTE_ALIGN_CEIL(prime_len, 8), prime_len);
+	sm2->r.length = prime_len;
+	sm2->s.length = prime_len;
+}
+
 static __rte_always_inline void
 cnxk_ae_dequeue_ecpm_op(struct rte_crypto_ecpm_op_param *ecpm, uint8_t *rptr,
 			struct roc_ae_ec_ctx *ec,
@@ -983,6 +1202,13 @@ cnxk_ae_enqueue(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 		if (unlikely(ret))
 			goto req_fail;
 		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		ret = cnxk_ae_enqueue_sm2_op(op, &meta_buf, sess,
+					       sess->cnxk_fpm_iova,
+					       sess->ec_grp, inst);
+		if (unlikely(ret))
+			goto req_fail;
+		break;
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 		ret = cnxk_ae_ecpm_prep(&asym_op->ecpm, &meta_buf,
 					sess->ec_grp[sess->ec_ctx.curveid],
@@ -1032,6 +1258,10 @@ cnxk_ae_post_process(struct rte_crypto_op *cop, struct cnxk_ae_sess *sess,
 		cnxk_ae_dequeue_ecdsa_op(&op->ecdsa, rptr, &sess->ec_ctx,
 					 sess->ec_grp);
 		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		cnxk_ae_dequeue_sm2_op(&op->sm2, rptr, &sess->ec_ctx,
+					 sess->ec_grp);
+		break;
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 	case RTE_CRYPTO_ASYM_XFORM_ECFPM:
 		cnxk_ae_dequeue_ecpm_op(&op->ecpm, rptr, &sess->ec_ctx,
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h
index 09f5ba0650..9a321aa8c9 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -13,7 +13,7 @@
 #define CNXK_CPT_MAX_CAPS	 54
 #define CNXK_SEC_CRYPTO_MAX_CAPS 16
 #define CNXK_SEC_MAX_CAPS	 9
-#define CNXK_AE_EC_ID_MAX	 8
+#define CNXK_AE_EC_ID_MAX	 9
 /**
  * Device private data
  */
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 4c6357353e..013d5789f6 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1152,6 +1152,20 @@ static const struct rte_cryptodev_capabilities caps_sm4[] = {
 	},
 };
 
+static const struct rte_cryptodev_capabilities caps_sm2[] = {
+	{	/* SM2 */
+		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+		{.asym = {
+			.xform_capa = {
+				.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+				.op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
+					     (1 << RTE_CRYPTO_ASYM_OP_VERIFY))
+			}
+		}
+		}
+	}
+};
+
 static const struct rte_cryptodev_capabilities caps_end[] = {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
@@ -1623,6 +1637,9 @@ cn10k_crypto_caps_add(struct rte_cryptodev_capabilities cnxk_caps[],
 		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm3);
 		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm4);
 	}
+
+	if (hw_caps[CPT_ENG_TYPE_AE].sm2)
+		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm2);
 }
 
 static void
-- 
2.25.1

[PATCH v3 7/7] app/test: check asymmetric capabilities in SM2 test

[Gowrishankar Muthukrishnan]

Check asymmetric capabilities such as SM3 hash support and
internal RNG and accordingly choose op params for SM2 test.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c             | 77 +++++++++++-----------
 app/test/test_cryptodev_sm2_test_vectors.h | 28 +++++---
 2 files changed, 57 insertions(+), 48 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 4c4bdb9861..f16dcc01f7 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -608,6 +608,7 @@ static inline void print_asym_capa(
 	break;
 	case RTE_CRYPTO_ASYM_XFORM_ECDSA:
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
 	default:
 		break;
 	}
@@ -1806,7 +1807,7 @@ test_ecpm_all_curve(void)
 }
 
 static int
-_test_sm2_sign(bool rnd_secret)
+test_sm2_sign(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
@@ -1875,11 +1876,19 @@ _test_sm2_sign(bool rnd_secret)
 	else
 		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
-	asym_op->sm2.message.data = input_params.message.data;
-	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.id.data = input_params.id.data;
-	asym_op->sm2.id.length = input_params.id.length;
-	if (rnd_secret) {
+	if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) {
+		asym_op->sm2.message.data = input_params.message.data;
+		asym_op->sm2.message.length = input_params.message.length;
+		asym_op->sm2.id.data = input_params.id.data;
+		asym_op->sm2.id.length = input_params.id.length;
+	} else {
+		asym_op->sm2.message.data = input_params.digest.data;
+		asym_op->sm2.message.length = input_params.digest.length;
+		asym_op->sm2.id.data = NULL;
+		asym_op->sm2.id.length = 0;
+	}
+
+	if (capa->internal_rng != 0) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
 	} else {
@@ -1928,7 +1937,7 @@ _test_sm2_sign(bool rnd_secret)
 	debug_hexdump(stdout, "s:",
 			asym_op->sm2.s.data, asym_op->sm2.s.length);
 
-	if (!rnd_secret) {
+	if (capa->internal_rng == 0) {
 		/* Verify sign (by comparison). */
 		if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data,
 				   asym_op->sm2.r.length) != 0) {
@@ -1989,18 +1998,6 @@ _test_sm2_sign(bool rnd_secret)
 	return status;
 };
 
-static int
-test_sm2_sign_rnd_secret(void)
-{
-	return _test_sm2_sign(true);
-}
-
-__rte_used static int
-test_sm2_sign_plain_secret(void)
-{
-	return _test_sm2_sign(false);
-}
-
 static int
 test_sm2_verify(void)
 {
@@ -2064,19 +2061,28 @@ test_sm2_verify(void)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+
 	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
 		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
 	else
 		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
-	asym_op->sm2.message.data = input_params.message.data;
-	asym_op->sm2.message.length = input_params.message.length;
+	if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) {
+		asym_op->sm2.message.data = input_params.message.data;
+		asym_op->sm2.message.length = input_params.message.length;
+		asym_op->sm2.id.data = input_params.id.data;
+		asym_op->sm2.id.length = input_params.id.length;
+	} else {
+		asym_op->sm2.message.data = input_params.digest.data;
+		asym_op->sm2.message.length = input_params.digest.length;
+		asym_op->sm2.id.data = NULL;
+		asym_op->sm2.id.length = 0;
+	}
+
 	asym_op->sm2.r.data = input_params.sign_r.data;
 	asym_op->sm2.r.length = input_params.sign_r.length;
 	asym_op->sm2.s.data = input_params.sign_s.data;
 	asym_op->sm2.s.length = input_params.sign_s.length;
-	asym_op->sm2.id.data = input_params.id.data;
-	asym_op->sm2.id.length = input_params.id.length;
 
 	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
 
@@ -2116,7 +2122,7 @@ test_sm2_verify(void)
 };
 
 static int
-_test_sm2_enc(bool rnd_secret)
+test_sm2_enc(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
@@ -2185,7 +2191,8 @@ _test_sm2_enc(bool rnd_secret)
 
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
-	if (rnd_secret) {
+
+	if (capa->internal_rng != 0) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
 	} else {
@@ -2231,7 +2238,7 @@ _test_sm2_enc(bool rnd_secret)
 	debug_hexdump(stdout, "cipher:",
 			asym_op->sm2.cipher.data, asym_op->sm2.cipher.length);
 
-	if (!rnd_secret) {
+	if (capa->internal_rng == 0) {
 		if (memcmp(input_params.cipher.data, asym_op->sm2.cipher.data,
 				   asym_op->sm2.cipher.length) != 0) {
 			status = TEST_FAILED;
@@ -2295,18 +2302,6 @@ _test_sm2_enc(bool rnd_secret)
 	return status;
 };
 
-static int
-test_sm2_enc_rnd_secret(void)
-{
-	return _test_sm2_enc(true);
-}
-
-__rte_used static int
-test_sm2_enc_plain_secret(void)
-{
-	return _test_sm2_enc(false);
-}
-
 static int
 test_sm2_dec(void)
 {
@@ -2737,9 +2732,9 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 				test_dh_keygenration),
-		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign_rnd_secret),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify),
-		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_enc_rnd_secret),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_enc),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_dec),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
@@ -2803,6 +2798,8 @@ static struct unit_test_suite cryptodev_octeontx_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 			     test_ecdsa_sign_verify_all_curve),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 				test_ecpm_all_curve),
 		TEST_CASES_END() /**< NULL terminate unit test array */
diff --git a/app/test/test_cryptodev_sm2_test_vectors.h b/app/test/test_cryptodev_sm2_test_vectors.h
index 3d2dba1359..41f5f7074a 100644
--- a/app/test/test_cryptodev_sm2_test_vectors.h
+++ b/app/test/test_cryptodev_sm2_test_vectors.h
@@ -17,6 +17,7 @@ struct crypto_testsuite_sm2_params {
 	rte_crypto_param id;
 	rte_crypto_param cipher;
 	rte_crypto_param message;
+	rte_crypto_param digest;
 	int curve;
 };
 
@@ -46,17 +47,17 @@ static uint8_t fp256_k[] = {
 };
 
 static uint8_t fp256_sign_r[] = {
-	0xf3, 0x26, 0x10, 0xde, 0xfb, 0xbf, 0x13, 0xd4,
-	0x73, 0xb1, 0xc2, 0x80, 0x51, 0x06, 0x29, 0xf9,
-	0xfb, 0xc8, 0x11, 0xa7, 0x8d, 0x2c, 0xcb, 0x09,
-	0x7c, 0xb2, 0xcf, 0x58, 0x0b, 0x5e, 0x25, 0xff
+	0x75, 0x2B, 0x8C, 0x15, 0x38, 0x10, 0xF6, 0xC0,
+	0x28, 0xC9, 0x8A, 0x51, 0xD0, 0x62, 0x69, 0x4B,
+	0xF6, 0x58, 0x06, 0xEB, 0xF1, 0x91, 0x1F, 0x15,
+	0x8B, 0x08, 0x09, 0xF9, 0x88, 0x0A, 0x44, 0x24
 };
 
 static uint8_t fp256_sign_s[] = {
-	0x8d, 0x8d, 0xb5, 0x40, 0xe3, 0xfb, 0x98, 0xf9,
-	0x8c, 0xe4, 0x58, 0x60, 0xf2, 0x78, 0x8f, 0xd9,
-	0xbf, 0xb8, 0x47, 0x73, 0x88, 0xc1, 0xd1, 0xcd,
-	0x2d, 0xdb, 0xe3, 0xc1, 0x44, 0x30, 0x25, 0x86
+	0x5A, 0x3C, 0x96, 0x3E, 0x1C, 0xB4, 0x19, 0xF9,
+	0xD7, 0x78, 0xB8, 0xCE, 0xFF, 0x9D, 0xB1, 0x31,
+	0x77, 0xDB, 0xA0, 0xFE, 0x84, 0x61, 0x1A, 0xD9,
+	0x4E, 0xFF, 0x82, 0x13, 0x1C, 0xCA, 0x04, 0x75,
 };
 
 static uint8_t fp256_id[] = {
@@ -68,6 +69,13 @@ static uint8_t fp256_message[] = {
 	0x64, 0x69, 0x67, 0x65, 0x73, 0x74
 };
 
+static uint8_t fp256_digest[] = {
+	0x0F, 0xB5, 0xCE, 0xF3, 0x3C, 0xB7, 0xD1, 0x35,
+	0xA9, 0x3A, 0xC7, 0xA7, 0x89, 0x2A, 0x6D, 0x9A,
+	0xF3, 0x1E, 0xC5, 0x38, 0xD3, 0x65, 0x1B, 0xB9,
+	0xDF, 0x5F, 0x7F, 0x4A, 0xD8, 0x89, 0x57, 0xF1
+};
+
 static uint8_t fp256_cipher[] = {
 	0x30, 0x78, 0x02, 0x21, 0x00, 0xAB, 0xBD, 0xE8,
 	0xE8, 0x80, 0x93, 0x36, 0x77, 0xB6, 0x44, 0x47,
@@ -121,6 +129,10 @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = {
 		.data = fp256_message,
 		.length = sizeof(fp256_message),
 	},
+	.digest = {
+		.data = fp256_digest,
+		.length = sizeof(fp256_digest),
+	},
 	.cipher = {
 		.data = fp256_cipher,
 		.length = sizeof(fp256_cipher),
-- 
2.25.1

RE: [PATCH v3 4/7] cryptodev: set private and public keys in EC session

[Power, Ciara]

Hi Gowrishankar,

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Thursday, September 28, 2023 6:09 PM
> To: dev@dpdk.org
> Cc: anoobj@marvell.com; Akhil Goyal <gakhil@marvell.com>; Fan Zhang
> <fanzhang.oss@gmail.com>; Ji, Kai <kai.ji@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>; Power, Ciara <ciara.power@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [PATCH v3 4/7] cryptodev: set private and public keys in EC session
> 
> Set EC private and public keys into xform so that, it can be maintained per
> session.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Change-Id: Ib8251987c805bc304f819bf13f94f310f225a0e3

What is this Change-Id for?

> ---
>  app/test/test_cryptodev_asym.c               | 60 ++++++++++----------
>  drivers/common/cnxk/roc_ae.h                 | 18 ++++++
>  drivers/common/cpt/cpt_mcode_defines.h       | 18 ++++++
>  drivers/common/cpt/cpt_ucode_asym.h          | 22 +++----
>  drivers/crypto/cnxk/cnxk_ae.h                | 37 ++++++++----
>  drivers/crypto/openssl/rte_openssl_pmd.c     | 53 +----------------
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c | 35 ++++++++++++
>  drivers/crypto/qat/qat_asym.c                |  6 +-
>  examples/fips_validation/main.c              | 14 +++--
>  lib/cryptodev/rte_crypto_asym.h              | 18 ++----
>  10 files changed, 158 insertions(+), 123 deletions(-)
> 
<snip>

Acked-by: Ciara Power <ciara.power@intel.com>

[PATCH v4 0/7] cryptodev: support digest message in SM2

[Gowrishankar Muthukrishnan]

This patch series fixes SM2 algorithm implementation to
support digest message as input along with plain message
as today.

v4:
 - code rebase on next-crypto

Gowrishankar Muthukrishnan (7):
  crypto/openssl: include SM2 in asymmetric capabilities
  cryptodev: add hash algorithms in asymmetric capability
  cryptodev: use generic EC xform params for SM2
  cryptodev: set private and public keys in EC session
  cryptodev: add RNG capability in EC based xform
  crypto/cnxk: add SM2 support
  app/test: check asymmetric capabilities in SM2 test

 app/test/test_cryptodev_asym.c                | 197 ++++++++-----
 app/test/test_cryptodev_sm2_test_vectors.h    |  32 ++-
 doc/guides/cryptodevs/features/cn10k.ini      |   1 +
 doc/guides/rel_notes/release_23_11.rst        |   6 +
 drivers/common/cnxk/hw/cpt.h                  |   2 +-
 drivers/common/cnxk/roc_ae.c                  |  32 ++-
 drivers/common/cnxk/roc_ae.h                  |  21 +-
 drivers/common/cnxk/roc_ae_fpm_tables.c       | 190 +++++++++++++
 drivers/common/cpt/cpt_mcode_defines.h        |  18 ++
 drivers/common/cpt/cpt_ucode_asym.h           |  22 +-
 drivers/crypto/cnxk/cnxk_ae.h                 | 269 +++++++++++++++++-
 drivers/crypto/cnxk/cnxk_cryptodev.h          |   2 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c |  17 ++
 drivers/crypto/openssl/rte_openssl_pmd.c      |  53 +---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  55 +++-
 drivers/crypto/qat/qat_asym.c                 |   6 +-
 examples/fips_validation/main.c               |  14 +-
 lib/cryptodev/cryptodev_trace.h               |   9 +
 lib/cryptodev/cryptodev_trace_points.c        |   3 +
 lib/cryptodev/rte_crypto_asym.h               |  33 +--
 lib/cryptodev/rte_cryptodev.c                 |  16 ++
 lib/cryptodev/rte_cryptodev.h                 |  25 ++
 lib/cryptodev/version.map                     |   1 +
 23 files changed, 828 insertions(+), 196 deletions(-)

-- 
2.25.1

[PATCH v4 1/7] crypto/openssl: include SM2 in asymmetric capabilities

[Gowrishankar Muthukrishnan]

Include SM2 algorithm in the asymmetric capabilities supported
by OpenSSL PMD.

Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 85a4fa3e55..2eb450fcfd 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -593,6 +593,20 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		},
 		}
 	},
+	{	/* SM2 */
+		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+		{.asym = {
+			.xform_capa = {
+				.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+				.op_types =
+				((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
+				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
+				 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
+				 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+			}
+		}
+		}
+	},
 
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
-- 
2.25.1

[PATCH v4 2/7] cryptodev: add hash algorithms in asymmetric capability

[Gowrishankar Muthukrishnan]

Most of the asymmetric operations start with hash of the input.
But a PMD might also support only plain input (eg openssl).
Add a new field in asymmetric capability to declare support
for hash operations that PMD can support for the asymmetric
operations. Application can skip computing hash if PMD already
supports it.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 app/test/test_cryptodev_asym.c               | 52 ++++++++++++++++++--
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  1 +
 lib/cryptodev/cryptodev_trace.h              |  9 ++++
 lib/cryptodev/cryptodev_trace_points.c       |  3 ++
 lib/cryptodev/rte_cryptodev.c                | 16 ++++++
 lib/cryptodev/rte_cryptodev.h                | 19 +++++++
 lib/cryptodev/version.map                    |  1 +
 7 files changed, 97 insertions(+), 4 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 39de0bdac5..af323e02d9 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1810,8 +1810,10 @@ _test_sm2_sign(bool rnd_secret)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	uint8_t output_buf_r[TEST_DATA_SIZE];
@@ -1822,6 +1824,12 @@ _test_sm2_sign(bool rnd_secret)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -1838,7 +1846,10 @@ _test_sm2_sign(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -1993,8 +2004,10 @@ test_sm2_verify(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	struct rte_crypto_asym_xform xform;
@@ -2003,6 +2016,12 @@ test_sm2_verify(void)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -2019,7 +2038,10 @@ test_sm2_verify(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2094,9 +2116,11 @@ _test_sm2_enc(bool rnd_secret)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
 	uint8_t output_buf[TEST_DATA_SIZE], *pbuf = NULL;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	struct rte_crypto_asym_xform xform;
@@ -2105,6 +2129,12 @@ _test_sm2_enc(bool rnd_secret)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -2120,7 +2150,10 @@ _test_sm2_enc(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2273,8 +2306,10 @@ test_sm2_dec(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	const struct rte_cryptodev_asymmetric_xform_capability *capa;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_cryptodev_asym_capability_idx idx;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *result_op = NULL;
 	uint8_t output_buf_m[TEST_DATA_SIZE];
@@ -2284,6 +2319,12 @@ test_sm2_dec(void)
 	int ret, status = TEST_SUCCESS;
 	void *sess = NULL;
 
+	/* Check SM2 capability */
+	idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+	if (capa == NULL)
+		return -ENOTSUP;
+
 	/* Setup crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
 	if (op == NULL) {
@@ -2299,7 +2340,10 @@ test_sm2_dec(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 2eb450fcfd..d5dc365064 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -598,6 +598,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		{.asym = {
 			.xform_capa = {
 				.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+				.hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
 				.op_types =
 				((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
 				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
diff --git a/lib/cryptodev/cryptodev_trace.h b/lib/cryptodev/cryptodev_trace.h
index aab44af96b..935f0d564b 100644
--- a/lib/cryptodev/cryptodev_trace.h
+++ b/lib/cryptodev/cryptodev_trace.h
@@ -520,6 +520,15 @@ RTE_TRACE_POINT(
 	rte_trace_point_emit_int(ret);
 )
 
+RTE_TRACE_POINT(
+	rte_cryptodev_trace_asym_xform_capability_check_hash,
+	RTE_TRACE_POINT_ARGS(uint64_t hash_algos,
+		enum rte_crypto_auth_algorithm hash, int ret),
+	rte_trace_point_emit_u64(hash_algos);
+	rte_trace_point_emit_int(hash);
+	rte_trace_point_emit_int(ret);
+)
+
 RTE_TRACE_POINT(
 	rte_cryptodev_trace_count,
 	RTE_TRACE_POINT_ARGS(uint8_t nb_devs),
diff --git a/lib/cryptodev/cryptodev_trace_points.c b/lib/cryptodev/cryptodev_trace_points.c
index e2303fdb52..8c47ab1e78 100644
--- a/lib/cryptodev/cryptodev_trace_points.c
+++ b/lib/cryptodev/cryptodev_trace_points.c
@@ -144,6 +144,9 @@ RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_modlen,
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_optype,
 	lib.cryptodev.asym.xform.capability.check.optype)
 
+RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_hash,
+	lib.cryptodev.asym.xform.capability.check.hash)
+
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_cpu_crypto_process,
 	lib.cryptodev.sym.cpu.crypto.process)
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 0f65992444..314710b5f4 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -610,6 +610,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
 	return ret;
 }
 
+bool
+rte_cryptodev_asym_xform_capability_check_hash(
+	const struct rte_cryptodev_asymmetric_xform_capability *capability,
+	enum rte_crypto_auth_algorithm hash)
+{
+	bool ret = false;
+
+	if (capability->hash_algos & (1 << hash))
+		ret = true;
+
+	rte_cryptodev_trace_asym_xform_capability_check_hash(
+		capability->hash_algos, hash, ret);
+
+	return ret;
+}
+
 /* spinlock for crypto device enq callbacks */
 static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
 
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 9f07e1ed2c..3a1b4dc501 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -182,6 +182,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
 		 * Value 0 mean implementation default
 		 */
 	};
+
+	uint64_t hash_algos;
+	/**< Bitmask of hash algorithms supported for op_type. */
 };
 
 /**
@@ -340,6 +343,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
 	const struct rte_cryptodev_asymmetric_xform_capability *capability,
 		uint16_t modlen);
 
+/**
+ * Check if hash algorithm is supported.
+ *
+ * @param	capability	Asymmetric crypto capability.
+ * @param	hash		Hash algorithm.
+ *
+ * @return
+ *   - Return true if the hash algorithm is supported.
+ *   - Return false if the hash algorithm is not supported.
+ */
+__rte_experimental
+bool
+rte_cryptodev_asym_xform_capability_check_hash(
+	const struct rte_cryptodev_asymmetric_xform_capability *capability,
+	enum rte_crypto_auth_algorithm hash);
+
 /**
  * Provide the cipher algorithm enum, given an algorithm string
  *
diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
index 20f7b24960..208919b819 100644
--- a/lib/cryptodev/version.map
+++ b/lib/cryptodev/version.map
@@ -51,6 +51,7 @@ EXPERIMENTAL {
 	rte_cryptodev_asym_get_xform_enum;
 	rte_cryptodev_asym_session_create;
 	rte_cryptodev_asym_session_free;
+	rte_cryptodev_asym_xform_capability_check_hash;
 	rte_cryptodev_asym_xform_capability_check_modlen;
 	rte_cryptodev_asym_xform_capability_check_optype;
 	rte_cryptodev_sym_cpu_crypto_process;
-- 
2.25.1

[PATCH v4 3/7] cryptodev: use generic EC xform params for SM2

[Gowrishankar Muthukrishnan]

SM2 curve could use generic EC xform as it is yet another EC.
This would also require SM2 curve ID enumerated
along with other curves, as listed in:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c               | 40 ++++++++++++--------
 app/test/test_cryptodev_sm2_test_vectors.h   |  4 +-
 doc/guides/rel_notes/release_23_11.rst       |  2 +
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  3 --
 lib/cryptodev/rte_crypto_asym.h              | 19 +++-------
 5 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index af323e02d9..514ea96b8b 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1846,10 +1846,7 @@ _test_sm2_sign(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
-		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
-	else
-		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+	xform.ec.curve_id = input_params.curve;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -1867,6 +1864,11 @@ _test_sm2_sign(bool rnd_secret)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
 	asym_op->sm2.pkey.data = input_params.pkey.data;
@@ -2038,10 +2040,7 @@ test_sm2_verify(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
-		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
-	else
-		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+	xform.ec.curve_id = input_params.curve;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2059,6 +2058,11 @@ test_sm2_verify(void)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
 	asym_op->sm2.pkey.data = input_params.pkey.data;
@@ -2150,10 +2154,7 @@ _test_sm2_enc(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
-		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
-	else
-		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+	xform.ec.curve_id = input_params.curve;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2171,6 +2172,11 @@ _test_sm2_enc(bool rnd_secret)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
 	asym_op->sm2.pkey.data = input_params.pkey.data;
@@ -2340,10 +2346,7 @@ test_sm2_dec(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
-		xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
-	else
-		xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+	xform.ec.curve_id = input_params.curve;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2361,6 +2364,11 @@ test_sm2_dec(void)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
 	asym_op->sm2.cipher.data = input_params.cipher.data;
 	asym_op->sm2.cipher.length = input_params.cipher.length;
 	asym_op->sm2.pkey.data = input_params.pkey.data;
diff --git a/app/test/test_cryptodev_sm2_test_vectors.h b/app/test/test_cryptodev_sm2_test_vectors.h
index 7a4ce70c10..3d2dba1359 100644
--- a/app/test/test_cryptodev_sm2_test_vectors.h
+++ b/app/test/test_cryptodev_sm2_test_vectors.h
@@ -17,6 +17,7 @@ struct crypto_testsuite_sm2_params {
 	rte_crypto_param id;
 	rte_crypto_param cipher;
 	rte_crypto_param message;
+	int curve;
 };
 
 static uint8_t fp256_pkey[] = {
@@ -123,7 +124,8 @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = {
 	.cipher = {
 		.data = fp256_cipher,
 		.length = sizeof(fp256_cipher),
-	}
+	},
+	.curve = RTE_CRYPTO_EC_GROUP_SM2
 };
 
 #endif /* __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__ */
diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst
index 250735efa9..53639543a6 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -122,6 +122,8 @@ Removed Items
 * security: Removed deprecated field ``reserved_opts`` from struct
   ``rte_security_ipsec_sa_options``.
 
+* crypto: Removed SM2 xform parameter in asymmetric xform.
+
 
 API Changes
 -----------
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index d5dc365064..6252a36f94 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -1305,9 +1305,6 @@ static int openssl_set_asym_session_parameters(
 		OSSL_PARAM *params = NULL;
 		int ret = -1;
 
-		if (xform->sm2.hash != RTE_CRYPTO_AUTH_SM3)
-			return -1;
-
 		param_bld = OSSL_PARAM_BLD_new();
 		if (!param_bld) {
 			OPENSSL_LOG(ERR, "failed to allocate params\n");
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 2f000ab015..e56c8c7816 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -64,7 +64,8 @@ enum rte_crypto_curve_id {
 	RTE_CRYPTO_EC_GROUP_SECP224R1 = 21,
 	RTE_CRYPTO_EC_GROUP_SECP256R1 = 23,
 	RTE_CRYPTO_EC_GROUP_SECP384R1 = 24,
-	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25
+	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25,
+	RTE_CRYPTO_EC_GROUP_SM2       = 41,
 };
 
 /**
@@ -373,16 +374,6 @@ struct rte_crypto_ec_xform {
 	/**< Pre-defined ec groups */
 };
 
-/**
- * Asymmetric SM2 transform data.
- *
- * Structure describing SM2 xform params.
- */
-struct rte_crypto_sm2_xform {
-	enum rte_crypto_auth_algorithm hash;
-	/**< Hash algorithm used in SM2 op. */
-};
-
 /**
  * Operations params for modular operations:
  * exponentiation and multiplicative inverse
@@ -639,9 +630,6 @@ struct rte_crypto_asym_xform {
 		/**< EC xform parameters, used by elliptic curve based
 		 * operations.
 		 */
-
-		struct rte_crypto_sm2_xform sm2;
-		/**< SM2 xform parameters */
 	};
 };
 
@@ -652,6 +640,9 @@ struct rte_crypto_sm2_op_param {
 	enum rte_crypto_asym_op_type op_type;
 	/**< Signature generation or verification. */
 
+	enum rte_crypto_auth_algorithm hash;
+	/**< Hash algorithm used in EC op. */
+
 	rte_crypto_uint pkey;
 	/**< Private key for encryption or sign generation. */
 
-- 
2.25.1

[PATCH v4 4/7] cryptodev: set private and public keys in EC session

[Gowrishankar Muthukrishnan]

Set EC private and public keys into xform so that, it can be
maintained per session.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
---
 app/test/test_cryptodev_asym.c               | 60 ++++++++++----------
 drivers/common/cnxk/roc_ae.h                 | 18 ++++++
 drivers/common/cpt/cpt_mcode_defines.h       | 18 ++++++
 drivers/common/cpt/cpt_ucode_asym.h          | 22 +++----
 drivers/crypto/cnxk/cnxk_ae.h                | 37 ++++++++----
 drivers/crypto/openssl/rte_openssl_pmd.c     | 53 +----------------
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 35 ++++++++++++
 drivers/crypto/qat/qat_asym.c                |  6 +-
 examples/fips_validation/main.c              | 14 +++--
 lib/cryptodev/rte_crypto_asym.h              | 18 ++----
 10 files changed, 158 insertions(+), 123 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 514ea96b8b..a2bb1f9336 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1503,6 +1503,12 @@ test_ecdsa_sign_verify(enum curve curve_id)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
 	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -1524,8 +1530,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
 	op->asym->ecdsa.message.length = input_params.digest.length;
 	op->asym->ecdsa.k.data = input_params.scalar.data;
 	op->asym->ecdsa.k.length = input_params.scalar.length;
-	op->asym->ecdsa.pkey.data = input_params.pkey.data;
-	op->asym->ecdsa.pkey.length = input_params.pkey.length;
 
 	/* Init out buf */
 	op->asym->ecdsa.r.data = output_buf_r;
@@ -1582,10 +1586,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
 
 	/* Populate op with operational details */
 	op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
-	op->asym->ecdsa.q.x.data = input_params.pubkey_qx.data;
-	op->asym->ecdsa.q.x.length = input_params.pubkey_qx.length;
-	op->asym->ecdsa.q.y.data = input_params.pubkey_qy.data;
-	op->asym->ecdsa.q.y.length = input_params.pubkey_qx.length;
 	op->asym->ecdsa.r.data = asym_op->ecdsa.r.data;
 	op->asym->ecdsa.r.length = asym_op->ecdsa.r.length;
 	op->asym->ecdsa.s.data = asym_op->ecdsa.s.data;
@@ -1847,6 +1847,12 @@ _test_sm2_sign(bool rnd_secret)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
 	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -1871,12 +1877,6 @@ _test_sm2_sign(bool rnd_secret)
 
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
 	asym_op->sm2.id.data = input_params.id.data;
 	asym_op->sm2.id.length = input_params.id.length;
 	if (rnd_secret) {
@@ -2041,6 +2041,12 @@ test_sm2_verify(void)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
 	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2065,12 +2071,6 @@ test_sm2_verify(void)
 
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
 	asym_op->sm2.r.data = input_params.sign_r.data;
 	asym_op->sm2.r.length = input_params.sign_r.length;
 	asym_op->sm2.s.data = input_params.sign_s.data;
@@ -2155,6 +2155,12 @@ _test_sm2_enc(bool rnd_secret)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
 	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2179,12 +2185,6 @@ _test_sm2_enc(bool rnd_secret)
 
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
 	if (rnd_secret) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
@@ -2347,6 +2347,12 @@ test_sm2_dec(void)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
 	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2371,12 +2377,6 @@ test_sm2_dec(void)
 
 	asym_op->sm2.cipher.data = input_params.cipher.data;
 	asym_op->sm2.cipher.length = input_params.cipher.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
 
 	/* Init out buf */
 	asym_op->sm2.message.data = output_buf_m;
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index c972878eff..d8ad0129b1 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -67,6 +67,24 @@ struct roc_ae_ec_group {
 struct roc_ae_ec_ctx {
 	/* Prime length defined by microcode for EC operations */
 	uint8_t curveid;
+
+	/* Private key */
+	struct {
+		uint8_t data[66];
+		unsigned int length;
+	} pkey;
+
+	/* Public key */
+	struct {
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} x;
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} y;
+	} q;
 };
 
 /* Buffer pointer */
diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h
index e6dcb7674c..b337dbc68d 100644
--- a/drivers/common/cpt/cpt_mcode_defines.h
+++ b/drivers/common/cpt/cpt_mcode_defines.h
@@ -364,6 +364,24 @@ struct cpt_ec_group {
 struct cpt_asym_ec_ctx {
 	/* Prime length defined by microcode for EC operations */
 	uint8_t curveid;
+
+	/* Private key */
+	struct {
+		uint8_t data[66];
+		unsigned int length;
+	} pkey;
+
+	/* Public key */
+	struct {
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} x;
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} y;
+	} q;
 };
 
 struct cpt_asym_sess_misc {
diff --git a/drivers/common/cpt/cpt_ucode_asym.h b/drivers/common/cpt/cpt_ucode_asym.h
index 1105a0c125..e1034bbeb4 100644
--- a/drivers/common/cpt/cpt_ucode_asym.h
+++ b/drivers/common/cpt/cpt_ucode_asym.h
@@ -633,12 +633,13 @@ static __rte_always_inline void
 cpt_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 		    struct asym_op_params *ecdsa_params,
 		    uint64_t fpm_table_iova,
-		    uint8_t curveid)
+		    struct cpt_asym_sess_misc *sess)
 {
 	struct cpt_request_info *req = ecdsa_params->req;
 	uint16_t message_len = ecdsa->message.length;
 	phys_addr_t mphys = ecdsa_params->meta_buf;
-	uint16_t pkey_len = ecdsa->pkey.length;
+	uint16_t pkey_len = sess->ec_ctx.pkey.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t p_align, k_align, m_align;
 	uint16_t k_len = ecdsa->k.length;
 	uint16_t order_len, prime_len;
@@ -688,7 +689,7 @@ cpt_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr + o_offset, ec_grp[curveid].order.data, order_len);
 	dptr += p_align;
 
-	memcpy(dptr + pk_offset, ecdsa->pkey.data, pkey_len);
+	memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
 	dptr += p_align;
 
 	memcpy(dptr, ecdsa->message.data, message_len);
@@ -735,14 +736,15 @@ static __rte_always_inline void
 cpt_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 		      struct asym_op_params *ecdsa_params,
 		      uint64_t fpm_table_iova,
-		      uint8_t curveid)
+		      struct cpt_asym_sess_misc *sess)
 {
 	struct cpt_request_info *req = ecdsa_params->req;
 	uint32_t message_len = ecdsa->message.length;
 	phys_addr_t mphys = ecdsa_params->meta_buf;
+	uint16_t qx_len = sess->ec_ctx.q.x.length;
+	uint16_t qy_len = sess->ec_ctx.q.y.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t o_offset, r_offset, s_offset;
-	uint16_t qx_len = ecdsa->q.x.length;
-	uint16_t qy_len = ecdsa->q.y.length;
 	uint16_t r_len = ecdsa->r.length;
 	uint16_t s_len = ecdsa->s.length;
 	uint16_t order_len, prime_len;
@@ -802,10 +804,10 @@ cpt_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr, ec_grp[curveid].prime.data, prime_len);
 	dptr += p_align;
 
-	memcpy(dptr + qx_offset, ecdsa->q.x.data, qx_len);
+	memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
 	dptr += p_align;
 
-	memcpy(dptr + qy_offset, ecdsa->q.y.data, qy_len);
+	memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
 	dptr += p_align;
 
 	memcpy(dptr, ec_grp[curveid].consta.data, prime_len);
@@ -852,10 +854,10 @@ cpt_enqueue_ecdsa_op(struct rte_crypto_op *op,
 	uint8_t curveid = sess->ec_ctx.curveid;
 
 	if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
-		cpt_ecdsa_sign_prep(ecdsa, params, fpm_iova[curveid], curveid);
+		cpt_ecdsa_sign_prep(ecdsa, params, fpm_iova[curveid], sess);
 	else if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
 		cpt_ecdsa_verify_prep(ecdsa, params, fpm_iova[curveid],
-				      curveid);
+				      sess);
 	else {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 		return -EINVAL;
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 209bcd0b43..2aa39d2226 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -198,6 +198,21 @@ cnxk_ae_fill_ec_params(struct cnxk_ae_sess *sess,
 		return -EINVAL;
 	}
 
+	if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_ECPM)
+		return 0;
+
+	ec->pkey.length = xform->ec.pkey.length;
+	if (xform->ec.pkey.length)
+		rte_memcpy(ec->pkey.data, xform->ec.pkey.data, xform->ec.pkey.length);
+
+	ec->q.x.length = xform->ec.q.x.length;
+	if (xform->ec.q.x.length)
+		rte_memcpy(ec->q.x.data, xform->ec.q.x.data, xform->ec.q.x.length);
+
+	ec->q.y.length = xform->ec.q.y.length;
+	if (xform->ec.q.y.length)
+		rte_memcpy(ec->q.y.data, xform->ec.q.y.data, xform->ec.q.y.length);
+
 	return 0;
 }
 
@@ -502,10 +517,11 @@ static __rte_always_inline void
 cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 			struct roc_ae_buf_ptr *meta_buf,
 			uint64_t fpm_table_iova, struct roc_ae_ec_group *ec_grp,
-			uint8_t curveid, struct cpt_inst_s *inst)
+			struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
 {
 	uint16_t message_len = ecdsa->message.length;
-	uint16_t pkey_len = ecdsa->pkey.length;
+	uint16_t pkey_len = sess->ec_ctx.pkey.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t p_align, k_align, m_align;
 	uint16_t k_len = ecdsa->k.length;
 	uint16_t order_len, prime_len;
@@ -555,7 +571,7 @@ cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr + o_offset, ec_grp->order.data, order_len);
 	dptr += p_align;
 
-	memcpy(dptr + pk_offset, ecdsa->pkey.data, pkey_len);
+	memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
 	dptr += p_align;
 
 	memcpy(dptr, ecdsa->message.data, message_len);
@@ -583,13 +599,14 @@ static __rte_always_inline void
 cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 			  struct roc_ae_buf_ptr *meta_buf,
 			  uint64_t fpm_table_iova,
-			  struct roc_ae_ec_group *ec_grp, uint8_t curveid,
+			  struct roc_ae_ec_group *ec_grp, struct cnxk_ae_sess *sess,
 			  struct cpt_inst_s *inst)
 {
 	uint32_t message_len = ecdsa->message.length;
+	uint16_t qx_len = sess->ec_ctx.q.x.length;
+	uint16_t qy_len = sess->ec_ctx.q.y.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t o_offset, r_offset, s_offset;
-	uint16_t qx_len = ecdsa->q.x.length;
-	uint16_t qy_len = ecdsa->q.y.length;
 	uint16_t r_len = ecdsa->r.length;
 	uint16_t s_len = ecdsa->s.length;
 	uint16_t order_len, prime_len;
@@ -649,10 +666,10 @@ cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr, ec_grp->prime.data, prime_len);
 	dptr += p_align;
 
-	memcpy(dptr + qx_offset, ecdsa->q.x.data, qx_len);
+	memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
 	dptr += p_align;
 
-	memcpy(dptr + qy_offset, ecdsa->q.y.data, qy_len);
+	memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
 	dptr += p_align;
 
 	memcpy(dptr, ec_grp->consta.data, prime_len);
@@ -685,10 +702,10 @@ cnxk_ae_enqueue_ecdsa_op(struct rte_crypto_op *op,
 
 	if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
 		cnxk_ae_ecdsa_sign_prep(ecdsa, meta_buf, fpm_iova[curveid],
-					ec_grp[curveid], curveid, inst);
+					ec_grp[curveid], sess, inst);
 	else if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
 		cnxk_ae_ecdsa_verify_prep(ecdsa, meta_buf, fpm_iova[curveid],
-					  ec_grp[curveid], curveid, inst);
+					  ec_grp[curveid], sess, inst);
 	else {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 		return -EINVAL;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5e8624cebe..c234882417 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2673,12 +2673,8 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
 {
 	EVP_PKEY_CTX *kctx = NULL, *sctx = NULL, *cctx = NULL;
 	struct rte_crypto_asym_op *op = cop->asym;
-	OSSL_PARAM_BLD *param_bld = NULL;
-	OSSL_PARAM *params = NULL;
+	OSSL_PARAM *params = sess->u.sm2.params;
 	EVP_PKEY *pkey = NULL;
-	BIGNUM *pkey_bn = NULL;
-	uint8_t pubkey[64];
-	size_t len = 0;
 	int ret = -1;
 
 	cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
@@ -2686,50 +2682,6 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
 	if (cop->asym->sm2.k.data != NULL)
 		goto err_sm2;
 
-	param_bld = OSSL_PARAM_BLD_new();
-	if (!param_bld) {
-		OPENSSL_LOG(ERR, "failed to allocate params\n");
-		goto err_sm2;
-	}
-
-	ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
-		OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0);
-	if (!ret) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
-	pkey_bn = BN_bin2bn((const unsigned char *)op->sm2.pkey.data,
-						op->sm2.pkey.length, pkey_bn);
-
-	memset(pubkey, 0, RTE_DIM(pubkey));
-	pubkey[0] = 0x04;
-	len += 1;
-	memcpy(&pubkey[len], op->sm2.q.x.data, op->sm2.q.x.length);
-	len += op->sm2.q.x.length;
-	memcpy(&pubkey[len], op->sm2.q.y.data, op->sm2.q.y.length);
-	len += op->sm2.q.y.length;
-
-	ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY,
-								 pkey_bn);
-	if (!ret) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
-	ret = OSSL_PARAM_BLD_push_octet_string(param_bld,
-			OSSL_PKEY_PARAM_PUB_KEY, pubkey, len);
-	if (!ret) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
-	params = OSSL_PARAM_BLD_to_param(param_bld);
-	if (!params) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
 	switch (op->sm2.op_type) {
 	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
 		{
@@ -2940,9 +2892,6 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
 	if (pkey)
 		EVP_PKEY_free(pkey);
 
-	if (param_bld)
-		OSSL_PARAM_BLD_free(param_bld);
-
 	return ret;
 }
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 6252a36f94..083ad63360 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -1303,6 +1303,9 @@ static int openssl_set_asym_session_parameters(
 #ifndef OPENSSL_NO_SM2
 		OSSL_PARAM_BLD *param_bld = NULL;
 		OSSL_PARAM *params = NULL;
+		BIGNUM *pkey_bn = NULL;
+		uint8_t pubkey[64];
+		size_t len = 0;
 		int ret = -1;
 
 		param_bld = OSSL_PARAM_BLD_new();
@@ -1318,6 +1321,38 @@ static int openssl_set_asym_session_parameters(
 			goto err_sm2;
 		}
 
+		ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
+				OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		pkey_bn = BN_bin2bn((const unsigned char *)xform->ec.pkey.data,
+							xform->ec.pkey.length, pkey_bn);
+
+		ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY,
+									 pkey_bn);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		memset(pubkey, 0, sizeof(pubkey));
+		pubkey[0] = 0x04;
+		len += 1;
+		memcpy(&pubkey[len], xform->ec.q.x.data, xform->ec.q.x.length);
+		len += xform->ec.q.x.length;
+		memcpy(&pubkey[len], xform->ec.q.y.data, xform->ec.q.y.length);
+		len += xform->ec.q.y.length;
+
+		ret = OSSL_PARAM_BLD_push_octet_string(param_bld,
+				OSSL_PKEY_PARAM_PUB_KEY, pubkey, len);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
 		params = OSSL_PARAM_BLD_to_param(param_bld);
 		if (!params) {
 			OPENSSL_LOG(ERR, "failed to push params\n");
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 7abd513423..0f196ace30 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -593,7 +593,7 @@ ecdsa_set_input(struct icp_qat_fw_pke_request *qat_req,
 		qat_func_alignsize =
 			RTE_ALIGN_CEIL(qat_function.bytesize, 8);
 
-		SET_PKE_9A_IN(asym_op->ecdsa.pkey, 0);
+		SET_PKE_9A_IN(xform->ec.pkey, 0);
 		SET_PKE_9A_IN(asym_op->ecdsa.message, 1);
 		SET_PKE_9A_IN(asym_op->ecdsa.k, 2);
 		SET_PKE_9A_EC(curve[curve_id], b, 3);
@@ -635,8 +635,8 @@ ecdsa_set_input(struct icp_qat_fw_pke_request *qat_req,
 		SET_PKE_9A_EC(curve[curve_id], n, 7);
 		SET_PKE_9A_EC(curve[curve_id], x, 6);
 		SET_PKE_9A_EC(curve[curve_id], y, 5);
-		SET_PKE_9A_IN(asym_op->ecdsa.q.x, 4);
-		SET_PKE_9A_IN(asym_op->ecdsa.q.y, 3);
+		SET_PKE_9A_IN(xform->ec.q.x, 4);
+		SET_PKE_9A_IN(xform->ec.q.y, 3);
 		SET_PKE_9A_EC(curve[curve_id], a, 2);
 		SET_PKE_9A_EC(curve[curve_id], b, 1);
 		SET_PKE_9A_EC(curve[curve_id], p, 0);
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index fed5596f36..7ae2c6c007 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1006,8 +1006,6 @@ prepare_ecdsa_op(void)
 		asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
 		asym->ecdsa.message.data = msg.val;
 		asym->ecdsa.message.length = msg.len;
-		asym->ecdsa.pkey.data = vec.ecdsa.pkey.val;
-		asym->ecdsa.pkey.length = vec.ecdsa.pkey.len;
 		asym->ecdsa.k.data = vec.ecdsa.k.val;
 		asym->ecdsa.k.length = vec.ecdsa.k.len;
 
@@ -1029,10 +1027,6 @@ prepare_ecdsa_op(void)
 		asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
 		asym->ecdsa.message.data = msg.val;
 		asym->ecdsa.message.length = msg.len;
-		asym->ecdsa.q.x.data = vec.ecdsa.qx.val;
-		asym->ecdsa.q.x.length = vec.ecdsa.qx.len;
-		asym->ecdsa.q.y.data = vec.ecdsa.qy.val;
-		asym->ecdsa.q.y.length = vec.ecdsa.qy.len;
 		asym->ecdsa.r.data = vec.ecdsa.r.val;
 		asym->ecdsa.r.length = vec.ecdsa.r.len;
 		asym->ecdsa.s.data = vec.ecdsa.s.val;
@@ -1570,6 +1564,9 @@ prepare_ecdsa_xform(struct rte_crypto_asym_xform *xform)
 				info.device_name, RTE_CRYPTO_ASYM_OP_SIGN);
 			return -EPERM;
 		}
+
+		xform->ec.pkey.data = vec.ecdsa.pkey.val;
+		xform->ec.pkey.length = vec.ecdsa.pkey.len;
 		break;
 	case FIPS_TEST_ASYM_SIGVER:
 		if (!rte_cryptodev_asym_xform_capability_check_optype(cap,
@@ -1578,6 +1575,11 @@ prepare_ecdsa_xform(struct rte_crypto_asym_xform *xform)
 				info.device_name, RTE_CRYPTO_ASYM_OP_VERIFY);
 			return -EPERM;
 		}
+
+		xform->ec.q.x.data = vec.ecdsa.qx.val;
+		xform->ec.q.x.length = vec.ecdsa.qx.len;
+		xform->ec.q.y.data = vec.ecdsa.qy.val;
+		xform->ec.q.y.length = vec.ecdsa.qy.len;
 		break;
 	default:
 		break;
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index e56c8c7816..39d3da3952 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -372,6 +372,12 @@ struct rte_crypto_dsa_xform {
 struct rte_crypto_ec_xform {
 	enum rte_crypto_curve_id curve_id;
 	/**< Pre-defined ec groups */
+
+	rte_crypto_uint pkey;
+	/**< Private key */
+
+	struct rte_crypto_ec_point q;
+	/**< Public key */
 };
 
 /**
@@ -557,12 +563,6 @@ struct rte_crypto_ecdsa_op_param {
 	enum rte_crypto_asym_op_type op_type;
 	/**< Signature generation or verification */
 
-	rte_crypto_uint pkey;
-	/**< Private key of the signer for signature generation */
-
-	struct rte_crypto_ec_point q;
-	/**< Public key of the signer for verification */
-
 	rte_crypto_param message;
 	/**< Input message digest to be signed or verified */
 
@@ -643,12 +643,6 @@ struct rte_crypto_sm2_op_param {
 	enum rte_crypto_auth_algorithm hash;
 	/**< Hash algorithm used in EC op. */
 
-	rte_crypto_uint pkey;
-	/**< Private key for encryption or sign generation. */
-
-	struct rte_crypto_ec_point q;
-	/**< Public key for decryption or verification. */
-
 	rte_crypto_param message;
 	/**<
 	 * Pointer to input data
-- 
2.25.1

[PATCH v4 5/7] cryptodev: add RNG capability in EC based xform

[Gowrishankar Muthukrishnan]

Elliptic curve based asymmetric operations use cryptographically
secure random number in its computation. If PMD supports RNG
for such ops, the application could skip computing on its own.
This patch adds new field in asymmetric capability to declare
this capability.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 2 ++
 lib/cryptodev/rte_cryptodev.h                | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 083ad63360..2862c294a9 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -604,6 +604,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
 				 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
 				 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+				{.internal_rng = 1
+				}
 			}
 		}
 		}
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 3a1b4dc501..6c8f532797 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -181,6 +181,12 @@ struct rte_cryptodev_asymmetric_xform_capability {
 		/**< Range of modulus length supported by modulus based xform.
 		 * Value 0 mean implementation default
 		 */
+
+		uint8_t internal_rng;
+		/**< Availability of random number generator for Elliptic curve based xform.
+		 * Value 0 means unavailable, and application should pass the required
+		 * random value. Otherwise, PMD would internally compute the random number.
+		 */
 	};
 
 	uint64_t hash_algos;
-- 
2.25.1

[PATCH v4 6/7] crypto/cnxk: add SM2 support

[Gowrishankar Muthukrishnan]

Add SM2 asymmetric algorithm support in cnxk PMD.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/cryptodevs/features/cn10k.ini      |   1 +
 doc/guides/rel_notes/release_23_11.rst        |   4 +
 drivers/common/cnxk/hw/cpt.h                  |   2 +-
 drivers/common/cnxk/roc_ae.c                  |  32 ++-
 drivers/common/cnxk/roc_ae.h                  |   3 +-
 drivers/common/cnxk/roc_ae_fpm_tables.c       | 190 ++++++++++++++
 drivers/crypto/cnxk/cnxk_ae.h                 | 232 +++++++++++++++++-
 drivers/crypto/cnxk/cnxk_cryptodev.h          |   2 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c |  17 ++
 9 files changed, 478 insertions(+), 5 deletions(-)

diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini
index 53ee2a720e..4f542c6038 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -104,6 +104,7 @@ Modular Inversion       =
 Diffie-hellman          =
 ECDSA                   = Y
 ECPM                    = Y
+SM2                     = Y
 
 ;
 ; Supported Operating systems of the 'cn10k' crypto driver.
diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst
index 53639543a6..401230a1c0 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -96,6 +96,10 @@ New Features
   Added support for DOCSIS security protocol through the ``rte_security`` API
   callbacks.
 
+* **Updated CNXK crypto driver.**
+
+  Added SM2 algorithm support in asymmetric crypto operations.
+
 
 Removed Items
 -------------
diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index cad4ed7e79..cf9046bbfb 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -78,7 +78,7 @@ union cpt_eng_caps {
 		uint64_t __io sm4 : 1;
 		uint64_t __io reserved_23_34 : 12;
 		uint64_t __io sg_ver2 : 1;
-		uint64_t __io reserved36 : 1;
+		uint64_t __io sm2 : 1;
 		uint64_t __io pdcp_chain_zuc256 : 1;
 		uint64_t __io reserved_38_63 : 26;
 	};
diff --git a/drivers/common/cnxk/roc_ae.c b/drivers/common/cnxk/roc_ae.c
index 336b927641..e6a013d7c4 100644
--- a/drivers/common/cnxk/roc_ae.c
+++ b/drivers/common/cnxk/roc_ae.c
@@ -149,7 +149,37 @@ const struct roc_ae_ec_group ae_ec_grp[ROC_AE_EC_ID_PMAX] = {
 			     0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C,
 			     0x34, 0xF1, 0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50,
 			     0x3F, 0x00},
-		    .length = 66}}};
+		    .length = 66},
+	},
+	{},
+	{},
+	{},
+	{
+		.prime = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+				   0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF},
+			  .length = 32},
+		.order = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+				   0xFF, 0xFF, 0x72, 0x03, 0xDF, 0x6B, 0x21,
+				   0xC6, 0x05, 0x2B, 0x53, 0xBB, 0xF4, 0x09,
+				   0x39, 0xD5, 0x41, 0x23},
+			  .length = 32},
+		.consta = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+				    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+				    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+				    0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+				    0xFF, 0xFF, 0xFF, 0xFC},
+			   .length = 32},
+		.constb = {.data = {0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E,
+				    0x34, 0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65,
+				    0x09, 0xA7, 0xF3, 0x97, 0x89, 0xF5, 0x15,
+				    0xAB, 0x8F, 0x92, 0xDD, 0xBC, 0xBD, 0x41,
+				    0x4D, 0x94, 0x0E, 0x93},
+			   .length = 32},
+	}};
 
 int
 roc_ae_ec_grp_get(struct roc_ae_ec_group **tbl)
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index d8ad0129b1..d459c5e680 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -34,7 +34,8 @@ typedef enum {
 	ROC_AE_EC_ID_P160 = 5,
 	ROC_AE_EC_ID_P320 = 6,
 	ROC_AE_EC_ID_P512 = 7,
-	ROC_AE_EC_ID_PMAX = 8
+	ROC_AE_EC_ID_SM2  = 8,
+	ROC_AE_EC_ID_PMAX
 } roc_ae_ec_id;
 
 /* Prime and order fields of built-in elliptic curves */
diff --git a/drivers/common/cnxk/roc_ae_fpm_tables.c b/drivers/common/cnxk/roc_ae_fpm_tables.c
index f91570299b..ead3128e7f 100644
--- a/drivers/common/cnxk/roc_ae_fpm_tables.c
+++ b/drivers/common/cnxk/roc_ae_fpm_tables.c
@@ -1057,6 +1057,189 @@ const uint8_t ae_fpm_tbl_p521[AE_FPM_P521_LEN] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
 };
 
+const uint8_t ae_fpm_tbl_p256_sm2[AE_FPM_P256_LEN] = {
+	0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7, 0x8F, 0xE3, 0x0B, 0xBF,
+	0xF2, 0x66, 0x0B, 0xE1, 0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94,
+	0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0, 0xD0, 0xA9, 0x87, 0x7C,
+	0xC6, 0x2A, 0x47, 0x40, 0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53,
+	0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xE1, 0x8B, 0xD5, 0x46, 0xB5, 0x82, 0x45, 0x17, 0x67, 0x38, 0x91, 0xD7,
+	0x91, 0xCA, 0xA4, 0x86, 0xBA, 0x22, 0x0B, 0x99, 0xDF, 0x9F, 0x9A, 0x14,
+	0x95, 0xAF, 0xBD, 0x11, 0x55, 0xC1, 0xDA, 0x54, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x8E, 0x44, 0x50, 0xEB, 0x33, 0x4A, 0xCD, 0xCB, 0xC3, 0xC7, 0xD1, 0x89,
+	0x8A, 0x53, 0xF2, 0x0D, 0x2E, 0xEE, 0x75, 0x0F, 0x40, 0x53, 0x01, 0x7C,
+	0xE8, 0xA6, 0xD8, 0x2C, 0x51, 0x73, 0x88, 0xC2, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xF8, 0x1C, 0x8D, 0xA9, 0xB9, 0x9F, 0xBA, 0x55, 0x13, 0x7F, 0x6C, 0x61,
+	0x49, 0xFE, 0xEF, 0x6E, 0xCB, 0x12, 0x9A, 0xA4, 0x94, 0xDA, 0x9A, 0xD4,
+	0x82, 0xA0, 0xF5, 0x40, 0x7D, 0x12, 0x3D, 0xB6, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xFD, 0xEC, 0xA0, 0x07, 0x72, 0xC4, 0xDB, 0xC9, 0xA9, 0x61, 0xB5, 0x8F,
+	0x0C, 0xF5, 0x83, 0x73, 0xEC, 0xAC, 0xAB, 0x94, 0xE9, 0x73, 0xF9, 0xC3,
+	0xF1, 0x2F, 0xA4, 0x69, 0x6A, 0x22, 0xCA, 0x3F, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xEA, 0xE3, 0xD9, 0xA9, 0xD1, 0x3A, 0x42, 0xED, 0x2B, 0x23, 0x08, 0xF6,
+	0x48, 0x4E, 0x1B, 0x38, 0x3D, 0xB7, 0xB2, 0x48, 0x88, 0xC2, 0x1F, 0x3A,
+	0xB6, 0x92, 0xE5, 0xB5, 0x74, 0xD5, 0x5D, 0xA9, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xD1, 0x86, 0x46, 0x9D, 0xE2, 0x95, 0xE5, 0xAB, 0xDB, 0x61, 0xAC, 0x17,
+	0x73, 0x43, 0x8E, 0x6D, 0x5A, 0x92, 0x4F, 0x85, 0x54, 0x49, 0x26, 0xF9,
+	0xA1, 0x75, 0x05, 0x1B, 0x0F, 0x3F, 0xB6, 0x13, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xA7, 0x2D, 0x08, 0x4F, 0x62, 0xC8, 0xD5, 0x8B, 0xE3, 0xD6, 0x46, 0x7D,
+	0xEA, 0xF4, 0x8F, 0xD7, 0x8F, 0xE7, 0x5E, 0x5A, 0x12, 0x8A, 0x56, 0xA7,
+	0xC0, 0x02, 0x3F, 0xE7, 0xFF, 0x2B, 0x68, 0xBD, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x64, 0xF6, 0x77, 0x82, 0x31, 0x68, 0x15, 0xF9, 0xB5, 0x2B, 0x6D, 0x9B,
+	0x19, 0xA6, 0x9C, 0xD2, 0x5D, 0x1E, 0xD6, 0xFA, 0x89, 0xCB, 0xBA, 0xDE,
+	0x79, 0x6C, 0x91, 0x0E, 0xE7, 0xF4, 0xCC, 0xDB, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x1B, 0x21, 0x50, 0xC1, 0xC5, 0xF1, 0x30, 0x15, 0xDA, 0xAB, 0xA9, 0x1B,
+	0x5D, 0x95, 0x2C, 0x9B, 0x0E, 0x8C, 0xC2, 0x4C, 0x3F, 0x54, 0x61, 0x42,
+	0x75, 0xA3, 0x4B, 0x24, 0x37, 0x05, 0xF2, 0x60, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x77, 0xD1, 0x95, 0x42, 0x1C, 0xEF, 0x13, 0x39, 0x63, 0x66, 0x44, 0xAA,
+	0x0C, 0x3A, 0x06, 0x23, 0x46, 0x83, 0xDF, 0x17, 0x6E, 0xEB, 0x24, 0x44,
+	0x64, 0x2C, 0xE3, 0xBD, 0x35, 0x35, 0xE7, 0x4D, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x4A, 0x59, 0xAC, 0x2C, 0x6E, 0x7E, 0xCC, 0x08, 0xAF, 0x2B, 0x71, 0x16,
+	0x4F, 0x19, 0x1D, 0x63, 0x36, 0x22, 0xA8, 0x7F, 0xB2, 0x84, 0x55, 0x4F,
+	0xD9, 0xEB, 0x39, 0x7B, 0x44, 0x1E, 0x9C, 0xD0, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xA6, 0x6B, 0x8A, 0x48, 0x93, 0xB6, 0xA5, 0x4D, 0x26, 0xFB, 0x89, 0xA4,
+	0x0B, 0x4A, 0x66, 0x3A, 0xAF, 0xA8, 0x75, 0x01, 0xEE, 0xDF, 0xC9, 0xF4,
+	0xF3, 0xF0, 0x00, 0xBC, 0x66, 0xF9, 0x81, 0x08, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xAD, 0x8B, 0xC6, 0x8C, 0xE0, 0x31, 0xD6, 0x16, 0x16, 0x88, 0x8D, 0x8E,
+	0xE4, 0x00, 0x31, 0x87, 0x44, 0xC0, 0x75, 0x7F, 0x3B, 0xB8, 0xB6, 0x00,
+	0x79, 0x3F, 0xAE, 0x7A, 0xF0, 0x16, 0x42, 0x45, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x21, 0x0C, 0xD0, 0x42, 0x97, 0x3F, 0x33, 0x3B, 0x08, 0x66, 0x6F, 0xF5,
+	0x2D, 0xBD, 0x25, 0xF9, 0x65, 0xC5, 0xB1, 0x29, 0xF5, 0xF7, 0xAD, 0x5D,
+	0xE0, 0x3D, 0x7A, 0x8D, 0x19, 0xB3, 0x21, 0x9A, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xD6, 0x8B, 0xFB, 0xAC, 0xE0, 0xE0, 0x03, 0x92, 0x26, 0x10, 0x14, 0xF7,
+	0xD3, 0x44, 0x5D, 0xC7, 0xD9, 0xF4, 0x6B, 0x27, 0x14, 0xA0, 0x71, 0xEE,
+	0x1B, 0x20, 0x0A, 0xF3, 0x08, 0x10, 0xB6, 0x82, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x0D, 0x91, 0xD8, 0xB1, 0x2A, 0xE6, 0x9B, 0xCD, 0x74, 0xA0, 0x8F, 0x17,
+	0xBF, 0x8C, 0xD9, 0x81, 0xD8, 0x22, 0x91, 0x3C, 0xF0, 0xD2, 0xB8, 0x2D,
+	0x24, 0x8B, 0x7A, 0xF0, 0xB0, 0x5B, 0xFA, 0xD2, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xBA, 0x11, 0x9A, 0x04, 0x9E, 0x62, 0xF2, 0xE2, 0xF2, 0x78, 0xE8, 0xA3,
+	0x4D, 0xF0, 0x5A, 0xE5, 0xD2, 0x69, 0xF3, 0x56, 0x4E, 0xB5, 0xD1, 0x80,
+	0x8E, 0x74, 0xAD, 0x0F, 0x4F, 0x95, 0x7C, 0xB1, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x11, 0x2F, 0xF4, 0xDA, 0xBD, 0x76, 0xE2, 0xDD, 0x91, 0x37, 0x3F, 0x20,
+	0x63, 0x0F, 0xDB, 0x7F, 0xF4, 0x3E, 0xAB, 0x47, 0x49, 0x92, 0x90, 0x4C,
+	0x55, 0xA5, 0xCC, 0xC7, 0xAF, 0x3B, 0x6D, 0xB4, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x5A, 0xD1, 0x04, 0xA8, 0xBD, 0xD2, 0x3D, 0xE9, 0xF5, 0xA9, 0xE5, 0x15,
+	0xEB, 0x71, 0xC2, 0xC1, 0x39, 0x05, 0x42, 0xA0, 0xBA, 0x95, 0xC1, 0x74,
+	0x4C, 0x55, 0xFB, 0x20, 0x42, 0x64, 0x91, 0xBF, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x91, 0x52, 0x57, 0x35, 0xEF, 0x62, 0x62, 0x89, 0xD2, 0xED, 0x97, 0x7F,
+	0x88, 0xF0, 0x96, 0x35, 0xFD, 0x48, 0x73, 0x1B, 0x7A, 0x8A, 0x85, 0x21,
+	0x08, 0xF8, 0x9A, 0x03, 0xB8, 0xFD, 0xEB, 0xEA, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x7E, 0x8E, 0x61, 0xEA, 0x35, 0xEB, 0x8E, 0x2E, 0x1B, 0xB2, 0x70, 0x0D,
+	0xB9, 0x8A, 0x76, 0x2C, 0xD8, 0x1E, 0xA2, 0x3B, 0x77, 0x38, 0xC1, 0x7C,
+	0xF9, 0xDE, 0xF2, 0xA4, 0x6D, 0xBA, 0x26, 0xA3, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x18, 0x3A, 0x79, 0x12, 0xD0, 0x5E, 0x32, 0x9F, 0x34, 0x66, 0x4A, 0x08,
+	0x96, 0xCC, 0xDE, 0x0E, 0x56, 0xC2, 0x26, 0x52, 0x61, 0x42, 0x83, 0xBB,
+	0x91, 0x69, 0x28, 0x99, 0xD5, 0xFF, 0x05, 0x13, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x44, 0x9D, 0x48, 0xD8, 0xF3, 0xBD, 0xBE, 0x19, 0xAB, 0x95, 0xDE, 0x03,
+	0xCC, 0x85, 0x10, 0xCB, 0xAE, 0xF1, 0x59, 0x46, 0x3F, 0x8B, 0xFB, 0x25,
+	0xDA, 0x72, 0xC3, 0x79, 0xDA, 0xE3, 0xCA, 0x8B, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xCB, 0xA9, 0x31, 0x5C, 0xE8, 0x2C, 0xC3, 0xEA, 0x4E, 0x52, 0x4B, 0xAC,
+	0x38, 0xA5, 0x80, 0x20, 0x36, 0xBA, 0x27, 0x52, 0x53, 0x8E, 0x34, 0x8C,
+	0xB1, 0x70, 0xD0, 0xDA, 0x75, 0xED, 0x45, 0x0F, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x94, 0x7A, 0xF0, 0xF5, 0x2B, 0x4F, 0x8D, 0xA6, 0x7E, 0xDA, 0x17, 0xD9,
+	0x17, 0x82, 0x79, 0x76, 0x5B, 0xA7, 0x9A, 0x0C, 0x70, 0x58, 0x53, 0xA0,
+	0xA5, 0xD9, 0x87, 0x3B, 0x3F, 0xB2, 0xDD, 0xC7, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xC2, 0xA4, 0x81, 0x62, 0xA5, 0xFD, 0x9C, 0xE9, 0x80, 0xEE, 0x8A, 0xE5,
+	0x26, 0xF2, 0x5F, 0x02, 0xF6, 0x0C, 0x8E, 0xF6, 0x63, 0x3B, 0xE6, 0xA9,
+	0xE2, 0xE2, 0x3F, 0x02, 0x29, 0xA8, 0x4A, 0x35, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xBC, 0x49, 0x45, 0xBD, 0x86, 0xBB, 0x6A, 0xFB, 0x23, 0x7E, 0xB7, 0x11,
+	0xEB, 0xA4, 0x6F, 0xEE, 0x7C, 0x1D, 0xB5, 0x8B, 0x7B, 0x86, 0xEB, 0x33,
+	0xD9, 0x4E, 0xB7, 0x28, 0x27, 0x3B, 0x3A, 0xC7, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xBE, 0x17, 0x17, 0xE5, 0x95, 0x68, 0xD0, 0xA4, 0x4A, 0x60, 0x67, 0xCC,
+	0x45, 0xF7, 0x02, 0x12, 0x19, 0xB3, 0x2E, 0xB5, 0xAF, 0xC2, 0xFB, 0x17,
+	0xBE, 0x3C, 0x1E, 0x7A, 0xC3, 0xAC, 0x9D, 0x3C, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
 const struct ae_fpm_entry ae_fpm_tbl_scalar[ROC_AE_EC_ID_PMAX] = {
 	{
 		.data = ae_fpm_tbl_p192,
@@ -1077,6 +1260,13 @@ const struct ae_fpm_entry ae_fpm_tbl_scalar[ROC_AE_EC_ID_PMAX] = {
 	{
 		.data = ae_fpm_tbl_p521,
 		.len = sizeof(ae_fpm_tbl_p521)
+	},
+	{},
+	{},
+	{},
+	{
+		.data = ae_fpm_tbl_p256_sm2,
+		.len = sizeof(ae_fpm_tbl_p256_sm2)
 	}
 };
 
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 2aa39d2226..09468d58b0 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -193,8 +193,11 @@ cnxk_ae_fill_ec_params(struct cnxk_ae_sess *sess,
 	case RTE_CRYPTO_EC_GROUP_SECP521R1:
 		ec->curveid = ROC_AE_EC_ID_P521;
 		break;
+	case RTE_CRYPTO_EC_GROUP_SM2:
+		ec->curveid = ROC_AE_EC_ID_SM2;
+		break;
 	default:
-		/* Only NIST curves (FIPS 186-4) are supported */
+		/* Only NIST curves (FIPS 186-4) and SM2 are supported */
 		return -EINVAL;
 	}
 
@@ -235,6 +238,7 @@ cnxk_ae_fill_session_parameters(struct cnxk_ae_sess *sess,
 		/* Fall through */
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 	case RTE_CRYPTO_ASYM_XFORM_ECFPM:
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
 		ret = cnxk_ae_fill_ec_params(sess, xform);
 		break;
 	default:
@@ -713,6 +717,204 @@ cnxk_ae_enqueue_ecdsa_op(struct rte_crypto_op *op,
 	return 0;
 }
 
+static __rte_always_inline void
+cnxk_ae_sm2_sign_prep(struct rte_crypto_sm2_op_param *sm2,
+			 struct roc_ae_buf_ptr *meta_buf,
+			 uint64_t fpm_table_iova, struct roc_ae_ec_group *ec_grp,
+			 struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
+{
+	uint16_t message_len = sm2->message.length;
+	uint16_t pkey_len = sess->ec_ctx.pkey.length;
+	uint16_t p_align, k_align, m_align;
+	uint16_t k_len = sm2->k.length;
+	uint16_t order_len, prime_len;
+	uint16_t o_offset, pk_offset;
+	union cpt_inst_w4 w4;
+	uint16_t dlen;
+	uint8_t *dptr;
+
+	prime_len = ec_grp->prime.length;
+	order_len = ec_grp->order.length;
+
+	/* Truncate input length to curve prime length */
+	if (message_len > prime_len)
+		message_len = prime_len;
+	m_align = RTE_ALIGN_CEIL(message_len, 8);
+
+	p_align = RTE_ALIGN_CEIL(prime_len, 8);
+	k_align = RTE_ALIGN_CEIL(k_len, 8);
+
+	/* Set write offset for order and private key */
+	o_offset = prime_len - order_len;
+	pk_offset = p_align - pkey_len;
+
+	/* Input buffer */
+	dptr = meta_buf->vaddr;
+	inst->dptr = (uintptr_t)dptr;
+
+	/*
+	 * Set dlen = sum(sizeof(fpm address), ROUNDUP8(scalar len, input len),
+	 * ROUNDUP8(priv key len, prime len, order len)).
+	 * Please note, private key, order cannot exceed prime
+	 * length i.e 3 * p_align.
+	 */
+	dlen = sizeof(fpm_table_iova) + k_align + m_align + p_align * 5;
+
+	memset(dptr, 0, dlen);
+
+	*(uint64_t *)dptr = fpm_table_iova;
+	dptr += sizeof(fpm_table_iova);
+
+	rte_memcpy(dptr, sm2->k.data, k_len);
+	dptr += k_align;
+
+	rte_memcpy(dptr, ec_grp->prime.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + o_offset, ec_grp->order.data, order_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, sm2->message.data, message_len);
+	dptr += m_align;
+
+	rte_memcpy(dptr, ec_grp->consta.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->constb.data, prime_len);
+	dptr += p_align;
+
+	/* Setup opcodes */
+	w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA;
+	w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_SIGN;
+
+	w4.s.param1 = 2 | 1 << 7 | 1 << 6 | (message_len << 8);
+	w4.s.param2 = (p_align << 8) | k_len;
+	w4.s.dlen = dlen;
+
+	inst->w4.u64 = w4.u64;
+	inst->rptr = (uintptr_t)dptr;
+}
+
+static __rte_always_inline void
+cnxk_ae_sm2_verify_prep(struct rte_crypto_sm2_op_param *sm2,
+			 struct roc_ae_buf_ptr *meta_buf,
+			 uint64_t fpm_table_iova,
+			 struct roc_ae_ec_group *ec_grp, struct cnxk_ae_sess *sess,
+			 struct cpt_inst_s *inst)
+{
+	uint32_t message_len = sm2->message.length;
+	uint16_t o_offset, r_offset, s_offset;
+	uint16_t qx_len = sess->ec_ctx.q.x.length;
+	uint16_t qy_len = sess->ec_ctx.q.y.length;
+	uint16_t r_len = sm2->r.length;
+	uint16_t s_len = sm2->s.length;
+	uint16_t order_len, prime_len;
+	uint16_t qx_offset, qy_offset;
+	uint16_t p_align, m_align;
+	union cpt_inst_w4 w4;
+	uint16_t dlen;
+	uint8_t *dptr;
+
+	prime_len = ec_grp->prime.length;
+	order_len = ec_grp->order.length;
+
+	/* Truncate input length to curve prime length */
+	if (message_len > prime_len)
+		message_len = prime_len;
+
+	m_align = RTE_ALIGN_CEIL(message_len, 8);
+	p_align = RTE_ALIGN_CEIL(prime_len, 8);
+
+	/* Set write offset for sign, order and public key coordinates */
+	o_offset = prime_len - order_len;
+	qx_offset = prime_len - qx_len;
+	qy_offset = prime_len - qy_len;
+	r_offset = prime_len - r_len;
+	s_offset = prime_len - s_len;
+
+	/* Input buffer */
+	dptr = meta_buf->vaddr;
+	inst->dptr = (uintptr_t)dptr;
+
+	/*
+	 * Set dlen = sum(sizeof(fpm address), ROUNDUP8(message len),
+	 * ROUNDUP8(sign len(r and s), public key len(x and y coordinates),
+	 * prime len, order len)).
+	 * Please note sign, public key and order can not exceed prime length
+	 * i.e. 6 * p_align
+	 */
+	dlen = sizeof(fpm_table_iova) + m_align + (8 * p_align);
+
+	memset(dptr, 0, dlen);
+
+	*(uint64_t *)dptr = fpm_table_iova;
+	dptr += sizeof(fpm_table_iova);
+
+	rte_memcpy(dptr + r_offset, sm2->r.data, r_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + s_offset, sm2->s.data, s_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, sm2->message.data, message_len);
+	dptr += m_align;
+
+	rte_memcpy(dptr + o_offset, ec_grp->order.data, order_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->prime.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->consta.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->constb.data, prime_len);
+	dptr += p_align;
+
+	/* Setup opcodes */
+	w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA;
+	w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_VERIFY;
+
+	w4.s.param1 = 2 | 1 << 7 | 1 << 6 | (message_len << 8);
+	w4.s.param2 = 0;
+	w4.s.dlen = dlen;
+
+	inst->w4.u64 = w4.u64;
+	inst->rptr = (uintptr_t)dptr;
+}
+
+static __rte_always_inline int __rte_hot
+cnxk_ae_enqueue_sm2_op(struct rte_crypto_op *op,
+					   struct roc_ae_buf_ptr *meta_buf,
+					   struct cnxk_ae_sess *sess, uint64_t *fpm_iova,
+					   struct roc_ae_ec_group **ec_grp,
+					   struct cpt_inst_s *inst)
+{
+	struct rte_crypto_sm2_op_param *sm2 = &op->asym->sm2;
+	uint8_t curveid = sess->ec_ctx.curveid;
+
+	if (sm2->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
+		cnxk_ae_sm2_sign_prep(sm2, meta_buf, fpm_iova[curveid],
+							  ec_grp[curveid], sess, inst);
+	else if (sm2->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+		cnxk_ae_sm2_verify_prep(sm2, meta_buf, fpm_iova[curveid],
+								ec_grp[curveid], sess, inst);
+	else {
+		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		return -EINVAL;
+	}
+	return 0;
+}
+
 static __rte_always_inline int
 cnxk_ae_ecfpm_prep(struct rte_crypto_ecpm_op_param *ecpm,
 		   struct roc_ae_buf_ptr *meta_buf, uint64_t *fpm_iova,
@@ -915,6 +1117,23 @@ cnxk_ae_dequeue_ecdsa_op(struct rte_crypto_ecdsa_op_param *ecdsa, uint8_t *rptr,
 	ecdsa->s.length = prime_len;
 }
 
+static __rte_always_inline void
+cnxk_ae_dequeue_sm2_op(struct rte_crypto_sm2_op_param *sm2, uint8_t *rptr,
+			 struct roc_ae_ec_ctx *ec,
+			 struct roc_ae_ec_group **ec_grp)
+{
+	int prime_len = ec_grp[ec->curveid]->prime.length;
+
+	if (sm2->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+		return;
+
+	/* Separate out sign r and s components */
+	rte_memcpy(sm2->r.data, rptr, prime_len);
+	rte_memcpy(sm2->s.data, rptr + RTE_ALIGN_CEIL(prime_len, 8), prime_len);
+	sm2->r.length = prime_len;
+	sm2->s.length = prime_len;
+}
+
 static __rte_always_inline void
 cnxk_ae_dequeue_ecpm_op(struct rte_crypto_ecpm_op_param *ecpm, uint8_t *rptr,
 			struct roc_ae_ec_ctx *ec,
@@ -983,6 +1202,13 @@ cnxk_ae_enqueue(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 		if (unlikely(ret))
 			goto req_fail;
 		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		ret = cnxk_ae_enqueue_sm2_op(op, &meta_buf, sess,
+					       sess->cnxk_fpm_iova,
+					       sess->ec_grp, inst);
+		if (unlikely(ret))
+			goto req_fail;
+		break;
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 		ret = cnxk_ae_ecpm_prep(&asym_op->ecpm, &meta_buf,
 					sess->ec_grp[sess->ec_ctx.curveid],
@@ -1032,6 +1258,10 @@ cnxk_ae_post_process(struct rte_crypto_op *cop, struct cnxk_ae_sess *sess,
 		cnxk_ae_dequeue_ecdsa_op(&op->ecdsa, rptr, &sess->ec_ctx,
 					 sess->ec_grp);
 		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		cnxk_ae_dequeue_sm2_op(&op->sm2, rptr, &sess->ec_ctx,
+					 sess->ec_grp);
+		break;
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 	case RTE_CRYPTO_ASYM_XFORM_ECFPM:
 		cnxk_ae_dequeue_ecpm_op(&op->ecpm, rptr, &sess->ec_ctx,
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h
index 09f5ba0650..9a321aa8c9 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -13,7 +13,7 @@
 #define CNXK_CPT_MAX_CAPS	 54
 #define CNXK_SEC_CRYPTO_MAX_CAPS 16
 #define CNXK_SEC_MAX_CAPS	 9
-#define CNXK_AE_EC_ID_MAX	 8
+#define CNXK_AE_EC_ID_MAX	 9
 /**
  * Device private data
  */
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index fd91dec08f..b4864f66bf 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1152,6 +1152,20 @@ static const struct rte_cryptodev_capabilities caps_sm4[] = {
 	},
 };
 
+static const struct rte_cryptodev_capabilities caps_sm2[] = {
+	{	/* SM2 */
+		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+		{.asym = {
+			.xform_capa = {
+				.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+				.op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
+					     (1 << RTE_CRYPTO_ASYM_OP_VERIFY))
+			}
+		}
+		}
+	}
+};
+
 static const struct rte_cryptodev_capabilities caps_end[] = {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
@@ -1623,6 +1637,9 @@ cn10k_crypto_caps_add(struct rte_cryptodev_capabilities cnxk_caps[],
 		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm3);
 		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm4);
 	}
+
+	if (hw_caps[CPT_ENG_TYPE_AE].sm2)
+		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm2);
 }
 
 static void
-- 
2.25.1

[PATCH v4 7/7] app/test: check asymmetric capabilities in SM2 test

[Gowrishankar Muthukrishnan]

Check asymmetric capabilities such as SM3 hash support and
internal RNG and accordingly choose op params for SM2 test.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c             | 77 +++++++++++-----------
 app/test/test_cryptodev_sm2_test_vectors.h | 28 +++++---
 2 files changed, 57 insertions(+), 48 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index a2bb1f9336..94bb091df3 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -608,6 +608,7 @@ static inline void print_asym_capa(
 	break;
 	case RTE_CRYPTO_ASYM_XFORM_ECDSA:
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
 	default:
 		break;
 	}
@@ -1806,7 +1807,7 @@ test_ecpm_all_curve(void)
 }
 
 static int
-_test_sm2_sign(bool rnd_secret)
+test_sm2_sign(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
@@ -1875,11 +1876,19 @@ _test_sm2_sign(bool rnd_secret)
 	else
 		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
-	asym_op->sm2.message.data = input_params.message.data;
-	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.id.data = input_params.id.data;
-	asym_op->sm2.id.length = input_params.id.length;
-	if (rnd_secret) {
+	if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) {
+		asym_op->sm2.message.data = input_params.message.data;
+		asym_op->sm2.message.length = input_params.message.length;
+		asym_op->sm2.id.data = input_params.id.data;
+		asym_op->sm2.id.length = input_params.id.length;
+	} else {
+		asym_op->sm2.message.data = input_params.digest.data;
+		asym_op->sm2.message.length = input_params.digest.length;
+		asym_op->sm2.id.data = NULL;
+		asym_op->sm2.id.length = 0;
+	}
+
+	if (capa->internal_rng != 0) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
 	} else {
@@ -1928,7 +1937,7 @@ _test_sm2_sign(bool rnd_secret)
 	debug_hexdump(stdout, "s:",
 			asym_op->sm2.s.data, asym_op->sm2.s.length);
 
-	if (!rnd_secret) {
+	if (capa->internal_rng == 0) {
 		/* Verify sign (by comparison). */
 		if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data,
 				   asym_op->sm2.r.length) != 0) {
@@ -1989,18 +1998,6 @@ _test_sm2_sign(bool rnd_secret)
 	return status;
 };
 
-static int
-test_sm2_sign_rnd_secret(void)
-{
-	return _test_sm2_sign(true);
-}
-
-__rte_used static int
-test_sm2_sign_plain_secret(void)
-{
-	return _test_sm2_sign(false);
-}
-
 static int
 test_sm2_verify(void)
 {
@@ -2064,19 +2061,28 @@ test_sm2_verify(void)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+
 	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
 		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
 	else
 		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
-	asym_op->sm2.message.data = input_params.message.data;
-	asym_op->sm2.message.length = input_params.message.length;
+	if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) {
+		asym_op->sm2.message.data = input_params.message.data;
+		asym_op->sm2.message.length = input_params.message.length;
+		asym_op->sm2.id.data = input_params.id.data;
+		asym_op->sm2.id.length = input_params.id.length;
+	} else {
+		asym_op->sm2.message.data = input_params.digest.data;
+		asym_op->sm2.message.length = input_params.digest.length;
+		asym_op->sm2.id.data = NULL;
+		asym_op->sm2.id.length = 0;
+	}
+
 	asym_op->sm2.r.data = input_params.sign_r.data;
 	asym_op->sm2.r.length = input_params.sign_r.length;
 	asym_op->sm2.s.data = input_params.sign_s.data;
 	asym_op->sm2.s.length = input_params.sign_s.length;
-	asym_op->sm2.id.data = input_params.id.data;
-	asym_op->sm2.id.length = input_params.id.length;
 
 	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
 
@@ -2116,7 +2122,7 @@ test_sm2_verify(void)
 };
 
 static int
-_test_sm2_enc(bool rnd_secret)
+test_sm2_enc(void)
 {
 	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
 	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
@@ -2185,7 +2191,8 @@ _test_sm2_enc(bool rnd_secret)
 
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
-	if (rnd_secret) {
+
+	if (capa->internal_rng != 0) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
 	} else {
@@ -2231,7 +2238,7 @@ _test_sm2_enc(bool rnd_secret)
 	debug_hexdump(stdout, "cipher:",
 			asym_op->sm2.cipher.data, asym_op->sm2.cipher.length);
 
-	if (!rnd_secret) {
+	if (capa->internal_rng == 0) {
 		if (memcmp(input_params.cipher.data, asym_op->sm2.cipher.data,
 				   asym_op->sm2.cipher.length) != 0) {
 			status = TEST_FAILED;
@@ -2295,18 +2302,6 @@ _test_sm2_enc(bool rnd_secret)
 	return status;
 };
 
-static int
-test_sm2_enc_rnd_secret(void)
-{
-	return _test_sm2_enc(true);
-}
-
-__rte_used static int
-test_sm2_enc_plain_secret(void)
-{
-	return _test_sm2_enc(false);
-}
-
 static int
 test_sm2_dec(void)
 {
@@ -2737,9 +2732,9 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 				test_dh_key_generation),
-		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign_rnd_secret),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify),
-		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_enc_rnd_secret),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_enc),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_dec),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
@@ -2803,6 +2798,8 @@ static struct unit_test_suite cryptodev_octeontx_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 			     test_ecdsa_sign_verify_all_curve),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 				test_ecpm_all_curve),
 		TEST_CASES_END() /**< NULL terminate unit test array */
diff --git a/app/test/test_cryptodev_sm2_test_vectors.h b/app/test/test_cryptodev_sm2_test_vectors.h
index 3d2dba1359..41f5f7074a 100644
--- a/app/test/test_cryptodev_sm2_test_vectors.h
+++ b/app/test/test_cryptodev_sm2_test_vectors.h
@@ -17,6 +17,7 @@ struct crypto_testsuite_sm2_params {
 	rte_crypto_param id;
 	rte_crypto_param cipher;
 	rte_crypto_param message;
+	rte_crypto_param digest;
 	int curve;
 };
 
@@ -46,17 +47,17 @@ static uint8_t fp256_k[] = {
 };
 
 static uint8_t fp256_sign_r[] = {
-	0xf3, 0x26, 0x10, 0xde, 0xfb, 0xbf, 0x13, 0xd4,
-	0x73, 0xb1, 0xc2, 0x80, 0x51, 0x06, 0x29, 0xf9,
-	0xfb, 0xc8, 0x11, 0xa7, 0x8d, 0x2c, 0xcb, 0x09,
-	0x7c, 0xb2, 0xcf, 0x58, 0x0b, 0x5e, 0x25, 0xff
+	0x75, 0x2B, 0x8C, 0x15, 0x38, 0x10, 0xF6, 0xC0,
+	0x28, 0xC9, 0x8A, 0x51, 0xD0, 0x62, 0x69, 0x4B,
+	0xF6, 0x58, 0x06, 0xEB, 0xF1, 0x91, 0x1F, 0x15,
+	0x8B, 0x08, 0x09, 0xF9, 0x88, 0x0A, 0x44, 0x24
 };
 
 static uint8_t fp256_sign_s[] = {
-	0x8d, 0x8d, 0xb5, 0x40, 0xe3, 0xfb, 0x98, 0xf9,
-	0x8c, 0xe4, 0x58, 0x60, 0xf2, 0x78, 0x8f, 0xd9,
-	0xbf, 0xb8, 0x47, 0x73, 0x88, 0xc1, 0xd1, 0xcd,
-	0x2d, 0xdb, 0xe3, 0xc1, 0x44, 0x30, 0x25, 0x86
+	0x5A, 0x3C, 0x96, 0x3E, 0x1C, 0xB4, 0x19, 0xF9,
+	0xD7, 0x78, 0xB8, 0xCE, 0xFF, 0x9D, 0xB1, 0x31,
+	0x77, 0xDB, 0xA0, 0xFE, 0x84, 0x61, 0x1A, 0xD9,
+	0x4E, 0xFF, 0x82, 0x13, 0x1C, 0xCA, 0x04, 0x75,
 };
 
 static uint8_t fp256_id[] = {
@@ -68,6 +69,13 @@ static uint8_t fp256_message[] = {
 	0x64, 0x69, 0x67, 0x65, 0x73, 0x74
 };
 
+static uint8_t fp256_digest[] = {
+	0x0F, 0xB5, 0xCE, 0xF3, 0x3C, 0xB7, 0xD1, 0x35,
+	0xA9, 0x3A, 0xC7, 0xA7, 0x89, 0x2A, 0x6D, 0x9A,
+	0xF3, 0x1E, 0xC5, 0x38, 0xD3, 0x65, 0x1B, 0xB9,
+	0xDF, 0x5F, 0x7F, 0x4A, 0xD8, 0x89, 0x57, 0xF1
+};
+
 static uint8_t fp256_cipher[] = {
 	0x30, 0x78, 0x02, 0x21, 0x00, 0xAB, 0xBD, 0xE8,
 	0xE8, 0x80, 0x93, 0x36, 0x77, 0xB6, 0x44, 0x47,
@@ -121,6 +129,10 @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = {
 		.data = fp256_message,
 		.length = sizeof(fp256_message),
 	},
+	.digest = {
+		.data = fp256_digest,
+		.length = sizeof(fp256_digest),
+	},
 	.cipher = {
 		.data = fp256_cipher,
 		.length = sizeof(fp256_cipher),
-- 
2.25.1

RE: [PATCH v4 0/7] cryptodev: support digest message in SM2

[Akhil Goyal]

> Subject: [PATCH v4 0/7] cryptodev: support digest message in SM2
> 
> This patch series fixes SM2 algorithm implementation to
> support digest message as input along with plain message
> as today.
> 
> v4:
>  - code rebase on next-crypto
> 

Added release notes for API changes introduced in 4/7 patch.
Updated some of the patch descriptions/title and release notes text.

Applied to dpdk-next-crypto

Thanks.