RE: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Akhil Goyal <gakhil@marvell.com>
To: Sunyang Wu <sunyang.wu@jaguarmicro.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "kai.ji@intel.com" <kai.ji@intel.com>
Subject: RE: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl
Date: Tue, 28 Feb 2023 08:02:51 +0000	[thread overview]
Message-ID: <CO6PR18MB44843C95B551C8217C986265D8AC9@CO6PR18MB4484.namprd18.prod.outlook.com> (raw)
In-Reply-To: <20230228075827.15008-1-sunyang.wu@jaguarmicro.com>

> Added SM3/SM4 support in openssl
> 
> ---
> We wrote a test program to test it, this is the test result:
>  + SM4 Chain : 24/24 passed,
>     0/24 skipped, 0/24 failed, 0/24 unsupported
>  + SM4 Cipher Only : 10/10 passed,
>     0/10 skipped, 0/10 failed, 0/10 unsupported
> 
> Signed-off-by: Sunyang Wu <sunyang.wu@jaguarmicro.com>
> ---
>  drivers/crypto/openssl/rte_openssl_pmd.c     |  24 ++++
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c | 144 +++++++++++++++++++
>  lib/cryptodev/rte_crypto_sym.h               |   8 +-

You should split the patch into 2 - one for library changes and the other for PMD.
Also these patches cannot be part of DPDK 23.03 as library changes are accepted in RC1 only.

Also add documentation changes for the new algos added.

>  3 files changed, 175 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index abcb641a44..865cf03ff1 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -239,6 +239,19 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm
> sess_algo, size_t keylen,
>  			default:
>  				res = -EINVAL;
>  			}
> +		case RTE_CRYPTO_CIPHER_SM4_ECB:
> +			*algo = EVP_sm4_ecb();
> +			break;
> +		case RTE_CRYPTO_CIPHER_SM4_CBC:
> +			*algo = EVP_sm4_cbc();
> +			break;
> +		case RTE_CRYPTO_CIPHER_SM4_CTR:
> +			*algo = EVP_sm4_ctr();
> +		case RTE_CRYPTO_CIPHER_SM4_OFB:
> +			*algo = EVP_sm4_ofb();
> +			break;
> +		case RTE_CRYPTO_CIPHER_SM4_CFB:
> +			*algo = EVP_sm4_cfb();
>  			break;
>  		default:
>  			res = -EINVAL;
> @@ -284,6 +297,10 @@ get_auth_algo(enum rte_crypto_auth_algorithm
> sessalgo,
>  		case RTE_CRYPTO_AUTH_SHA512_HMAC:
>  			*algo = EVP_sha512();
>  			break;
> +		case RTE_CRYPTO_AUTH_SM3:
> +		case RTE_CRYPTO_AUTH_SM3_HMAC:
> +			*algo = EVP_sm3();
> +			break;
>  		default:
>  			res = -EINVAL;
>  			break;
> @@ -483,6 +500,11 @@ openssl_set_session_cipher_parameters(struct
> openssl_session *sess,
>  	case RTE_CRYPTO_CIPHER_3DES_CBC:
>  	case RTE_CRYPTO_CIPHER_AES_CBC:
>  	case RTE_CRYPTO_CIPHER_AES_CTR:
> +	case RTE_CRYPTO_CIPHER_SM4_ECB:
> +	case RTE_CRYPTO_CIPHER_SM4_CBC:
> +	case RTE_CRYPTO_CIPHER_SM4_CTR:
> +	case RTE_CRYPTO_CIPHER_SM4_CFB:
> +	case RTE_CRYPTO_CIPHER_SM4_OFB:
>  		sess->cipher.mode = OPENSSL_CIPHER_LIB;
>  		sess->cipher.algo = xform->cipher.algo;
>  		sess->cipher.ctx = EVP_CIPHER_CTX_new();
> @@ -636,6 +658,7 @@ openssl_set_session_auth_parameters(struct
> openssl_session *sess,
>  	case RTE_CRYPTO_AUTH_SHA256:
>  	case RTE_CRYPTO_AUTH_SHA384:
>  	case RTE_CRYPTO_AUTH_SHA512:
> +	case RTE_CRYPTO_AUTH_SM3:
>  		sess->auth.mode = OPENSSL_AUTH_AS_AUTH;
>  		if (get_auth_algo(xform->auth.algo,
>  				&sess->auth.auth.evp_algo) != 0)
> @@ -721,6 +744,7 @@ openssl_set_session_auth_parameters(struct
> openssl_session *sess,
>  	case RTE_CRYPTO_AUTH_SHA256_HMAC:
>  	case RTE_CRYPTO_AUTH_SHA384_HMAC:
>  	case RTE_CRYPTO_AUTH_SHA512_HMAC:
> +	case RTE_CRYPTO_AUTH_SM3_HMAC:
>  		sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
>  		sess->auth.hmac.ctx = HMAC_CTX_new();
>  		if (get_auth_algo(xform->auth.algo,
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 29ad1b9505..b9f5c6f034 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -269,6 +269,50 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
>  			}, }
>  		}, }
>  	},
> +	{
> +		/* SM3 */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> +			{.auth = {
> +				.algo = RTE_CRYPTO_AUTH_SM3,
> +				.block_size = 64,
> +				.key_size = {
> +					.min = 0,
> +					.max = 0,
> +					.increment = 0
> +				},
> +				.digest_size = {
> +					.min = 32,
> +					.max = 32,
> +					.increment = 0
> +				},
> +				.aad_size = { 0 }
> +			}, }
> +		}, }
> +	},
> +	{
> +		/* SM3 HMAC */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> +			{.auth = {
> +				.algo = RTE_CRYPTO_AUTH_SM3_HMAC,
> +				.block_size = 64,
> +				.key_size = {
> +					.min = 1,
> +					.max = 64,
> +					.increment = 1
> +				},
> +				.digest_size = {
> +					.min = 32,
> +					.max = 32,
> +					.increment = 0
> +				},
> +				.aad_size = { 0 }
> +			}, }
> +		}, }
> +	},
>  	{	/* AES CBC */
>  		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
>  		{.sym = {
> @@ -494,6 +538,106 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
>  			}, }
>  		}, }
>  	},
> +	{	/* SM4 ECB */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_ECB,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 0,
> +					.max = 0,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 CBC */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_CBC,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 CTR */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_CTR,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 OFB */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_OFB,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 CFB */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_CFB,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
>  	{	/* RSA */
>  		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
>  		{.asym = {
> diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
> index 2cfe66530c..b5c6d87740 100644
> --- a/lib/cryptodev/rte_crypto_sym.h
> +++ b/lib/cryptodev/rte_crypto_sym.h
> @@ -172,8 +172,12 @@ enum rte_crypto_cipher_algorithm {
>  	/**< ShangMi 4 (SM4) algorithm in ECB mode */
>  	RTE_CRYPTO_CIPHER_SM4_CBC,
>  	/**< ShangMi 4 (SM4) algorithm in CBC mode */
> -	RTE_CRYPTO_CIPHER_SM4_CTR
> +	RTE_CRYPTO_CIPHER_SM4_CTR,
>  	/**< ShangMi 4 (SM4) algorithm in CTR mode */
> +	RTE_CRYPTO_CIPHER_SM4_CFB,
> +	/**< ShangMi 4 (SM4) algorithm in CFB mode */
> +	RTE_CRYPTO_CIPHER_SM4_OFB
> +	/**< ShangMi 4 (SM4) algorithm in OFB mode */
>  };
> 
>  /** Cipher algorithm name strings */
> @@ -376,6 +380,8 @@ enum rte_crypto_auth_algorithm {
>  	/**< HMAC using 512 bit SHA3 algorithm. */
>  	RTE_CRYPTO_AUTH_SM3,
>  	/**< ShangMi 3 (SM3) algorithm */
> +	RTE_CRYPTO_AUTH_SM3_HMAC,
> +	/**< HMAC using ShangMi 3 (SM3) algorithm */
> 
>  	RTE_CRYPTO_AUTH_SHAKE_128,
>  	/**< 128 bit SHAKE algorithm. */
> --
> 2.19.0.rc0.windows.1

next      parent reply	other threads:[~2023-02-28  8:02 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20230228075827.15008-1-sunyang.wu@jaguarmicro.com>
2023-02-28  8:02 ` Akhil Goyal [this message]
2023-02-28 10:06 Sunyang Wu
2023-03-01 12:22 ` [EXT] " Akhil Goyal
2023-03-15 11:09   ` Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CO6PR18MB44843C95B551C8217C986265D8AC9@CO6PR18MB4484.namprd18.prod.outlook.com \
    --to=gakhil@marvell.com \
    --cc=dev@dpdk.org \
    --cc=kai.ji@intel.com \
    --cc=sunyang.wu@jaguarmicro.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).