From: Akhil Goyal <gakhil@marvell.com>
To: Sunyang Wu <sunyang.wu@jaguarmicro.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "kai.ji@intel.com" <kai.ji@intel.com>
Subject: RE: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl
Date: Wed, 1 Mar 2023 12:22:01 +0000 [thread overview]
Message-ID: <CO6PR18MB448447D6E76CD907A7A96967D8AD9@CO6PR18MB4484.namprd18.prod.outlook.com> (raw)
In-Reply-To: <20230228100631.42444-1-sunyang.wu@jaguarmicro.com>
> Subject: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl
You should update the title with version number to identify each
Version and remove confusion.
Also, I see that there are compilation issues reported by CI
http://mails.dpdk.org/archives/test-report/2023-February/360051.html
Please fix and ensure compilation is not broken with different versions of OpenSSL.
>
> Added SM3 support in openssl, and added SM4-EBC/
> SM4-CBC/SM4-CTR support in openssl.
>
> Signed-off-by: Sunyang Wu <sunyang.wu@jaguarmicro.com>
> ---
> doc/guides/cryptodevs/features/openssl.ini | 4 +
> doc/guides/cryptodevs/openssl.rst | 4 +
> drivers/crypto/openssl/rte_openssl_pmd.c | 20 +++++
> drivers/crypto/openssl/rte_openssl_pmd_ops.c | 82 ++++++++++++++++++++
> 4 files changed, 110 insertions(+)
>
> diff --git a/doc/guides/cryptodevs/features/openssl.ini
> b/doc/guides/cryptodevs/features/openssl.ini
> index 4b0f9b162e..efa339da55 100644
> --- a/doc/guides/cryptodevs/features/openssl.ini
> +++ b/doc/guides/cryptodevs/features/openssl.ini
> @@ -27,6 +27,9 @@ AES CTR (256) = Y
> 3DES CBC = Y
> 3DES CTR = Y
> DES DOCSIS BPI = Y
> +SM4 ECB = Y
> +SM4 CBC = Y
> +SM4 CTR = Y
> ;
> ; Supported authentication algorithms of the 'openssl' crypto driver.
> ;
> @@ -44,6 +47,7 @@ SHA384 HMAC = Y
> SHA512 = Y
> SHA512 HMAC = Y
> AES GMAC = Y
> +SM3 = Y
>
> ;
> ; Supported AEAD algorithms of the 'openssl' crypto driver.
> diff --git a/doc/guides/cryptodevs/openssl.rst
> b/doc/guides/cryptodevs/openssl.rst
> index 03041ceda1..07dbd2763b 100644
> --- a/doc/guides/cryptodevs/openssl.rst
> +++ b/doc/guides/cryptodevs/openssl.rst
> @@ -19,10 +19,13 @@ OpenSSL PMD has support for:
>
> Supported cipher algorithms:
>
> +* ``RTE_CRYPTO_CIPHER_SM4_ECB``
> * ``RTE_CRYPTO_CIPHER_3DES_CBC``
> * ``RTE_CRYPTO_CIPHER_AES_CBC``
> +* ``RTE_CRYPTO_CIPHER_SM4_CBC``
> * ``RTE_CRYPTO_CIPHER_AES_CTR``
> * ``RTE_CRYPTO_CIPHER_3DES_CTR``
> +* ``RTE_CRYPTO_CIPHER_SM4_CTR``
> * ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI``
>
> Supported authentication algorithms:
> @@ -34,6 +37,7 @@ Supported authentication algorithms:
> * ``RTE_CRYPTO_AUTH_SHA256``
> * ``RTE_CRYPTO_AUTH_SHA384``
> * ``RTE_CRYPTO_AUTH_SHA512``
> +* ``RTE_CRYPTO_AUTH_SM3``
> * ``RTE_CRYPTO_AUTH_MD5_HMAC``
> * ``RTE_CRYPTO_AUTH_SHA1_HMAC``
> * ``RTE_CRYPTO_AUTH_SHA224_HMAC``
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index abcb641a44..4c9f12355f 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -240,6 +240,17 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm
> sess_algo, size_t keylen,
> res = -EINVAL;
> }
> break;
> +#ifndef OPENSSL_NO_SM4
Where is OPENSSL_NO_SM4 defined?
We cannot just add a piece of DEAD code in the driver.
> + case RTE_CRYPTO_CIPHER_SM4_ECB:
> + *algo = EVP_sm4_ecb();
> + break;
> + case RTE_CRYPTO_CIPHER_SM4_CBC:
> + *algo = EVP_sm4_cbc();
> + break;
> + case RTE_CRYPTO_CIPHER_SM4_CTR:
> + *algo = EVP_sm4_ctr();
> + break;
> +#endif
> default:
> res = -EINVAL;
> break;
> @@ -284,6 +295,11 @@ get_auth_algo(enum rte_crypto_auth_algorithm
> sessalgo,
> case RTE_CRYPTO_AUTH_SHA512_HMAC:
> *algo = EVP_sha512();
> break;
> +#ifndef OPENSSL_NO_SM3
> + case RTE_CRYPTO_AUTH_SM3:
> + *algo = EVP_sm3();
> + break;
> +#endif
> default:
> res = -EINVAL;
> break;
> @@ -483,6 +499,9 @@ openssl_set_session_cipher_parameters(struct
> openssl_session *sess,
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CTR:
> + case RTE_CRYPTO_CIPHER_SM4_ECB:
> + case RTE_CRYPTO_CIPHER_SM4_CBC:
> + case RTE_CRYPTO_CIPHER_SM4_CTR:
> sess->cipher.mode = OPENSSL_CIPHER_LIB;
> sess->cipher.algo = xform->cipher.algo;
> sess->cipher.ctx = EVP_CIPHER_CTX_new();
> @@ -636,6 +655,7 @@ openssl_set_session_auth_parameters(struct
> openssl_session *sess,
> case RTE_CRYPTO_AUTH_SHA256:
> case RTE_CRYPTO_AUTH_SHA384:
> case RTE_CRYPTO_AUTH_SHA512:
> + case RTE_CRYPTO_AUTH_SM3:
> sess->auth.mode = OPENSSL_AUTH_AS_AUTH;
> if (get_auth_algo(xform->auth.algo,
> &sess->auth.auth.evp_algo) != 0)
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 29ad1b9505..bd908b40fa 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -269,6 +269,28 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
> }, }
> }, }
> },
> + {
> + /* SM3 */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> + {.auth = {
> + .algo = RTE_CRYPTO_AUTH_SM3,
> + .block_size = 64,
> + .key_size = {
> + .min = 0,
> + .max = 0,
> + .increment = 0
> + },
> + .digest_size = {
> + .min = 32,
> + .max = 32,
> + .increment = 0
> + },
> + .aad_size = { 0 }
> + }, }
> + }, }
> + },
> { /* AES CBC */
> .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> {.sym = {
> @@ -494,6 +516,66 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
> }, }
> }, }
> },
> + { /* SM4 ECB */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_SM4_ECB,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 0,
> + .max = 0,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> + { /* SM4 CBC */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_SM4_CBC,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> + { /* SM4 CTR */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_SM4_CTR,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> { /* RSA */
> .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> {.asym = {
> --
> 2.19.0.rc0.windows.1
next prev parent reply other threads:[~2023-03-01 12:22 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-28 10:06 Sunyang Wu
2023-03-01 12:22 ` Akhil Goyal [this message]
2023-03-15 11:09 ` [EXT] " Akhil Goyal
[not found] <20230228075827.15008-1-sunyang.wu@jaguarmicro.com>
2023-02-28 8:02 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CO6PR18MB448447D6E76CD907A7A96967D8AD9@CO6PR18MB4484.namprd18.prod.outlook.com \
--to=gakhil@marvell.com \
--cc=dev@dpdk.org \
--cc=kai.ji@intel.com \
--cc=sunyang.wu@jaguarmicro.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).