DPDK patches and discussions
 help / color / mirror / Atom feed
* [PATCH] crypto/openssl: support SM3/SM4 in openssl
@ 2023-02-28 10:06 Sunyang Wu
  2023-03-01 12:22 ` [EXT] " Akhil Goyal
  0 siblings, 1 reply; 4+ messages in thread
From: Sunyang Wu @ 2023-02-28 10:06 UTC (permalink / raw)
  To: dev; +Cc: kai.ji, gakhil

Added SM3 support in openssl, and added SM4-EBC/
SM4-CBC/SM4-CTR support in openssl.

Signed-off-by: Sunyang Wu <sunyang.wu@jaguarmicro.com>
---
 doc/guides/cryptodevs/features/openssl.ini   |  4 +
 doc/guides/cryptodevs/openssl.rst            |  4 +
 drivers/crypto/openssl/rte_openssl_pmd.c     | 20 +++++
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 82 ++++++++++++++++++++
 4 files changed, 110 insertions(+)

diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini
index 4b0f9b162e..efa339da55 100644
--- a/doc/guides/cryptodevs/features/openssl.ini
+++ b/doc/guides/cryptodevs/features/openssl.ini
@@ -27,6 +27,9 @@ AES CTR (256)  = Y
 3DES CBC       = Y
 3DES CTR       = Y
 DES DOCSIS BPI = Y
+SM4 ECB        = Y
+SM4 CBC        = Y
+SM4 CTR        = Y
 ;
 ; Supported authentication algorithms of the 'openssl' crypto driver.
 ;
@@ -44,6 +47,7 @@ SHA384 HMAC  = Y
 SHA512       = Y
 SHA512 HMAC  = Y
 AES GMAC     = Y
+SM3          = Y
 
 ;
 ; Supported AEAD algorithms of the 'openssl' crypto driver.
diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst
index 03041ceda1..07dbd2763b 100644
--- a/doc/guides/cryptodevs/openssl.rst
+++ b/doc/guides/cryptodevs/openssl.rst
@@ -19,10 +19,13 @@ OpenSSL PMD has support for:
 
 Supported cipher algorithms:
 
+* ``RTE_CRYPTO_CIPHER_SM4_ECB``
 * ``RTE_CRYPTO_CIPHER_3DES_CBC``
 * ``RTE_CRYPTO_CIPHER_AES_CBC``
+* ``RTE_CRYPTO_CIPHER_SM4_CBC``
 * ``RTE_CRYPTO_CIPHER_AES_CTR``
 * ``RTE_CRYPTO_CIPHER_3DES_CTR``
+* ``RTE_CRYPTO_CIPHER_SM4_CTR``
 * ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI``
 
 Supported authentication algorithms:
@@ -34,6 +37,7 @@ Supported authentication algorithms:
 * ``RTE_CRYPTO_AUTH_SHA256``
 * ``RTE_CRYPTO_AUTH_SHA384``
 * ``RTE_CRYPTO_AUTH_SHA512``
+* ``RTE_CRYPTO_AUTH_SM3``
 * ``RTE_CRYPTO_AUTH_MD5_HMAC``
 * ``RTE_CRYPTO_AUTH_SHA1_HMAC``
 * ``RTE_CRYPTO_AUTH_SHA224_HMAC``
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index abcb641a44..4c9f12355f 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -240,6 +240,17 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm sess_algo, size_t keylen,
 				res = -EINVAL;
 			}
 			break;
+#ifndef OPENSSL_NO_SM4
+		case RTE_CRYPTO_CIPHER_SM4_ECB:
+			*algo = EVP_sm4_ecb();
+			break;
+		case RTE_CRYPTO_CIPHER_SM4_CBC:
+			*algo = EVP_sm4_cbc();
+			break;
+		case RTE_CRYPTO_CIPHER_SM4_CTR:
+			*algo = EVP_sm4_ctr();
+			break;
+#endif
 		default:
 			res = -EINVAL;
 			break;
@@ -284,6 +295,11 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo,
 		case RTE_CRYPTO_AUTH_SHA512_HMAC:
 			*algo = EVP_sha512();
 			break;
+#ifndef OPENSSL_NO_SM3
+		case RTE_CRYPTO_AUTH_SM3:
+			*algo = EVP_sm3();
+			break;
+#endif
 		default:
 			res = -EINVAL;
 			break;
@@ -483,6 +499,9 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 	case RTE_CRYPTO_CIPHER_AES_CTR:
+	case RTE_CRYPTO_CIPHER_SM4_ECB:
+	case RTE_CRYPTO_CIPHER_SM4_CBC:
+	case RTE_CRYPTO_CIPHER_SM4_CTR:
 		sess->cipher.mode = OPENSSL_CIPHER_LIB;
 		sess->cipher.algo = xform->cipher.algo;
 		sess->cipher.ctx = EVP_CIPHER_CTX_new();
@@ -636,6 +655,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_AUTH_SHA256:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_SHA512:
+	case RTE_CRYPTO_AUTH_SM3:
 		sess->auth.mode = OPENSSL_AUTH_AS_AUTH;
 		if (get_auth_algo(xform->auth.algo,
 				&sess->auth.auth.evp_algo) != 0)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 29ad1b9505..bd908b40fa 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -269,6 +269,28 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{
+		/* SM3 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SM3,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 32,
+					.max = 32,
+					.increment = 0
+				},
+				.aad_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* AES CBC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -494,6 +516,66 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SM4 ECB */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SM4_ECB,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+	{	/* SM4 CBC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SM4_CBC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+	{	/* SM4 CTR */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SM4_CTR,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
 	{	/* RSA */
 		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
 		{.asym = {
-- 
2.19.0.rc0.windows.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl
  2023-02-28 10:06 [PATCH] crypto/openssl: support SM3/SM4 in openssl Sunyang Wu
@ 2023-03-01 12:22 ` Akhil Goyal
  2023-03-15 11:09   ` Akhil Goyal
  0 siblings, 1 reply; 4+ messages in thread
From: Akhil Goyal @ 2023-03-01 12:22 UTC (permalink / raw)
  To: Sunyang Wu, dev; +Cc: kai.ji

> Subject: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl

You should update the title with version number to identify each
Version and remove confusion.

Also, I see that there are compilation issues reported by CI
http://mails.dpdk.org/archives/test-report/2023-February/360051.html

Please fix and ensure compilation is not broken with different versions of OpenSSL.

> 
> Added SM3 support in openssl, and added SM4-EBC/
> SM4-CBC/SM4-CTR support in openssl.
> 
> Signed-off-by: Sunyang Wu <sunyang.wu@jaguarmicro.com>
> ---
>  doc/guides/cryptodevs/features/openssl.ini   |  4 +
>  doc/guides/cryptodevs/openssl.rst            |  4 +
>  drivers/crypto/openssl/rte_openssl_pmd.c     | 20 +++++
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c | 82 ++++++++++++++++++++
>  4 files changed, 110 insertions(+)
> 
> diff --git a/doc/guides/cryptodevs/features/openssl.ini
> b/doc/guides/cryptodevs/features/openssl.ini
> index 4b0f9b162e..efa339da55 100644
> --- a/doc/guides/cryptodevs/features/openssl.ini
> +++ b/doc/guides/cryptodevs/features/openssl.ini
> @@ -27,6 +27,9 @@ AES CTR (256)  = Y
>  3DES CBC       = Y
>  3DES CTR       = Y
>  DES DOCSIS BPI = Y
> +SM4 ECB        = Y
> +SM4 CBC        = Y
> +SM4 CTR        = Y
>  ;
>  ; Supported authentication algorithms of the 'openssl' crypto driver.
>  ;
> @@ -44,6 +47,7 @@ SHA384 HMAC  = Y
>  SHA512       = Y
>  SHA512 HMAC  = Y
>  AES GMAC     = Y
> +SM3          = Y
> 
>  ;
>  ; Supported AEAD algorithms of the 'openssl' crypto driver.
> diff --git a/doc/guides/cryptodevs/openssl.rst
> b/doc/guides/cryptodevs/openssl.rst
> index 03041ceda1..07dbd2763b 100644
> --- a/doc/guides/cryptodevs/openssl.rst
> +++ b/doc/guides/cryptodevs/openssl.rst
> @@ -19,10 +19,13 @@ OpenSSL PMD has support for:
> 
>  Supported cipher algorithms:
> 
> +* ``RTE_CRYPTO_CIPHER_SM4_ECB``
>  * ``RTE_CRYPTO_CIPHER_3DES_CBC``
>  * ``RTE_CRYPTO_CIPHER_AES_CBC``
> +* ``RTE_CRYPTO_CIPHER_SM4_CBC``
>  * ``RTE_CRYPTO_CIPHER_AES_CTR``
>  * ``RTE_CRYPTO_CIPHER_3DES_CTR``
> +* ``RTE_CRYPTO_CIPHER_SM4_CTR``
>  * ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI``
> 
>  Supported authentication algorithms:
> @@ -34,6 +37,7 @@ Supported authentication algorithms:
>  * ``RTE_CRYPTO_AUTH_SHA256``
>  * ``RTE_CRYPTO_AUTH_SHA384``
>  * ``RTE_CRYPTO_AUTH_SHA512``
> +* ``RTE_CRYPTO_AUTH_SM3``
>  * ``RTE_CRYPTO_AUTH_MD5_HMAC``
>  * ``RTE_CRYPTO_AUTH_SHA1_HMAC``
>  * ``RTE_CRYPTO_AUTH_SHA224_HMAC``
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index abcb641a44..4c9f12355f 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -240,6 +240,17 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm
> sess_algo, size_t keylen,
>  				res = -EINVAL;
>  			}
>  			break;
> +#ifndef OPENSSL_NO_SM4

Where is OPENSSL_NO_SM4 defined?
We cannot just add a piece of DEAD code in the driver.

> +		case RTE_CRYPTO_CIPHER_SM4_ECB:
> +			*algo = EVP_sm4_ecb();
> +			break;
> +		case RTE_CRYPTO_CIPHER_SM4_CBC:
> +			*algo = EVP_sm4_cbc();
> +			break;
> +		case RTE_CRYPTO_CIPHER_SM4_CTR:
> +			*algo = EVP_sm4_ctr();
> +			break;
> +#endif
>  		default:
>  			res = -EINVAL;
>  			break;
> @@ -284,6 +295,11 @@ get_auth_algo(enum rte_crypto_auth_algorithm
> sessalgo,
>  		case RTE_CRYPTO_AUTH_SHA512_HMAC:
>  			*algo = EVP_sha512();
>  			break;
> +#ifndef OPENSSL_NO_SM3
> +		case RTE_CRYPTO_AUTH_SM3:
> +			*algo = EVP_sm3();
> +			break;
> +#endif
>  		default:
>  			res = -EINVAL;
>  			break;
> @@ -483,6 +499,9 @@ openssl_set_session_cipher_parameters(struct
> openssl_session *sess,
>  	case RTE_CRYPTO_CIPHER_3DES_CBC:
>  	case RTE_CRYPTO_CIPHER_AES_CBC:
>  	case RTE_CRYPTO_CIPHER_AES_CTR:
> +	case RTE_CRYPTO_CIPHER_SM4_ECB:
> +	case RTE_CRYPTO_CIPHER_SM4_CBC:
> +	case RTE_CRYPTO_CIPHER_SM4_CTR:
>  		sess->cipher.mode = OPENSSL_CIPHER_LIB;
>  		sess->cipher.algo = xform->cipher.algo;
>  		sess->cipher.ctx = EVP_CIPHER_CTX_new();
> @@ -636,6 +655,7 @@ openssl_set_session_auth_parameters(struct
> openssl_session *sess,
>  	case RTE_CRYPTO_AUTH_SHA256:
>  	case RTE_CRYPTO_AUTH_SHA384:
>  	case RTE_CRYPTO_AUTH_SHA512:
> +	case RTE_CRYPTO_AUTH_SM3:
>  		sess->auth.mode = OPENSSL_AUTH_AS_AUTH;
>  		if (get_auth_algo(xform->auth.algo,
>  				&sess->auth.auth.evp_algo) != 0)
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 29ad1b9505..bd908b40fa 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -269,6 +269,28 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
>  			}, }
>  		}, }
>  	},
> +	{
> +		/* SM3 */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> +			{.auth = {
> +				.algo = RTE_CRYPTO_AUTH_SM3,
> +				.block_size = 64,
> +				.key_size = {
> +					.min = 0,
> +					.max = 0,
> +					.increment = 0
> +				},
> +				.digest_size = {
> +					.min = 32,
> +					.max = 32,
> +					.increment = 0
> +				},
> +				.aad_size = { 0 }
> +			}, }
> +		}, }
> +	},
>  	{	/* AES CBC */
>  		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
>  		{.sym = {
> @@ -494,6 +516,66 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
>  			}, }
>  		}, }
>  	},
> +	{	/* SM4 ECB */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_ECB,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 0,
> +					.max = 0,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 CBC */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_CBC,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 CTR */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_CTR,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
>  	{	/* RSA */
>  		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
>  		{.asym = {
> --
> 2.19.0.rc0.windows.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl
  2023-03-01 12:22 ` [EXT] " Akhil Goyal
@ 2023-03-15 11:09   ` Akhil Goyal
  0 siblings, 0 replies; 4+ messages in thread
From: Akhil Goyal @ 2023-03-15 11:09 UTC (permalink / raw)
  To: Sunyang Wu, dev; +Cc: kai.ji

> Subject: RE: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl
> 
> > Subject: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl
> 
> You should update the title with version number to identify each
> Version and remove confusion.
> 
> Also, I see that there are compilation issues reported by CI
> http://mails.dpdk.org/archives/test-report/2023-February/360051.html
> 
> Please fix and ensure compilation is not broken with different versions of
> OpenSSL.
> 
Also can you or Kai add test vectors for verification in test app.
As SM3/SM4 are supported by QAT and openSSL.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl
       [not found] <20230228075827.15008-1-sunyang.wu@jaguarmicro.com>
@ 2023-02-28  8:02 ` Akhil Goyal
  0 siblings, 0 replies; 4+ messages in thread
From: Akhil Goyal @ 2023-02-28  8:02 UTC (permalink / raw)
  To: Sunyang Wu, dev; +Cc: kai.ji

> Added SM3/SM4 support in openssl
> 
> ---
> We wrote a test program to test it, this is the test result:
>  + SM4 Chain : 24/24 passed,
>     0/24 skipped, 0/24 failed, 0/24 unsupported
>  + SM4 Cipher Only : 10/10 passed,
>     0/10 skipped, 0/10 failed, 0/10 unsupported
> 
> Signed-off-by: Sunyang Wu <sunyang.wu@jaguarmicro.com>
> ---
>  drivers/crypto/openssl/rte_openssl_pmd.c     |  24 ++++
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c | 144 +++++++++++++++++++
>  lib/cryptodev/rte_crypto_sym.h               |   8 +-

You should split the patch into 2 - one for library changes and the other for PMD.
Also these patches cannot be part of DPDK 23.03 as library changes are accepted in RC1 only.

Also add documentation changes for the new algos added.

>  3 files changed, 175 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index abcb641a44..865cf03ff1 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -239,6 +239,19 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm
> sess_algo, size_t keylen,
>  			default:
>  				res = -EINVAL;
>  			}
> +		case RTE_CRYPTO_CIPHER_SM4_ECB:
> +			*algo = EVP_sm4_ecb();
> +			break;
> +		case RTE_CRYPTO_CIPHER_SM4_CBC:
> +			*algo = EVP_sm4_cbc();
> +			break;
> +		case RTE_CRYPTO_CIPHER_SM4_CTR:
> +			*algo = EVP_sm4_ctr();
> +		case RTE_CRYPTO_CIPHER_SM4_OFB:
> +			*algo = EVP_sm4_ofb();
> +			break;
> +		case RTE_CRYPTO_CIPHER_SM4_CFB:
> +			*algo = EVP_sm4_cfb();
>  			break;
>  		default:
>  			res = -EINVAL;
> @@ -284,6 +297,10 @@ get_auth_algo(enum rte_crypto_auth_algorithm
> sessalgo,
>  		case RTE_CRYPTO_AUTH_SHA512_HMAC:
>  			*algo = EVP_sha512();
>  			break;
> +		case RTE_CRYPTO_AUTH_SM3:
> +		case RTE_CRYPTO_AUTH_SM3_HMAC:
> +			*algo = EVP_sm3();
> +			break;
>  		default:
>  			res = -EINVAL;
>  			break;
> @@ -483,6 +500,11 @@ openssl_set_session_cipher_parameters(struct
> openssl_session *sess,
>  	case RTE_CRYPTO_CIPHER_3DES_CBC:
>  	case RTE_CRYPTO_CIPHER_AES_CBC:
>  	case RTE_CRYPTO_CIPHER_AES_CTR:
> +	case RTE_CRYPTO_CIPHER_SM4_ECB:
> +	case RTE_CRYPTO_CIPHER_SM4_CBC:
> +	case RTE_CRYPTO_CIPHER_SM4_CTR:
> +	case RTE_CRYPTO_CIPHER_SM4_CFB:
> +	case RTE_CRYPTO_CIPHER_SM4_OFB:
>  		sess->cipher.mode = OPENSSL_CIPHER_LIB;
>  		sess->cipher.algo = xform->cipher.algo;
>  		sess->cipher.ctx = EVP_CIPHER_CTX_new();
> @@ -636,6 +658,7 @@ openssl_set_session_auth_parameters(struct
> openssl_session *sess,
>  	case RTE_CRYPTO_AUTH_SHA256:
>  	case RTE_CRYPTO_AUTH_SHA384:
>  	case RTE_CRYPTO_AUTH_SHA512:
> +	case RTE_CRYPTO_AUTH_SM3:
>  		sess->auth.mode = OPENSSL_AUTH_AS_AUTH;
>  		if (get_auth_algo(xform->auth.algo,
>  				&sess->auth.auth.evp_algo) != 0)
> @@ -721,6 +744,7 @@ openssl_set_session_auth_parameters(struct
> openssl_session *sess,
>  	case RTE_CRYPTO_AUTH_SHA256_HMAC:
>  	case RTE_CRYPTO_AUTH_SHA384_HMAC:
>  	case RTE_CRYPTO_AUTH_SHA512_HMAC:
> +	case RTE_CRYPTO_AUTH_SM3_HMAC:
>  		sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
>  		sess->auth.hmac.ctx = HMAC_CTX_new();
>  		if (get_auth_algo(xform->auth.algo,
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 29ad1b9505..b9f5c6f034 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -269,6 +269,50 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
>  			}, }
>  		}, }
>  	},
> +	{
> +		/* SM3 */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> +			{.auth = {
> +				.algo = RTE_CRYPTO_AUTH_SM3,
> +				.block_size = 64,
> +				.key_size = {
> +					.min = 0,
> +					.max = 0,
> +					.increment = 0
> +				},
> +				.digest_size = {
> +					.min = 32,
> +					.max = 32,
> +					.increment = 0
> +				},
> +				.aad_size = { 0 }
> +			}, }
> +		}, }
> +	},
> +	{
> +		/* SM3 HMAC */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> +			{.auth = {
> +				.algo = RTE_CRYPTO_AUTH_SM3_HMAC,
> +				.block_size = 64,
> +				.key_size = {
> +					.min = 1,
> +					.max = 64,
> +					.increment = 1
> +				},
> +				.digest_size = {
> +					.min = 32,
> +					.max = 32,
> +					.increment = 0
> +				},
> +				.aad_size = { 0 }
> +			}, }
> +		}, }
> +	},
>  	{	/* AES CBC */
>  		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
>  		{.sym = {
> @@ -494,6 +538,106 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
>  			}, }
>  		}, }
>  	},
> +	{	/* SM4 ECB */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_ECB,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 0,
> +					.max = 0,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 CBC */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_CBC,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 CTR */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_CTR,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 OFB */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_OFB,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 CFB */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_CFB,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
>  	{	/* RSA */
>  		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
>  		{.asym = {
> diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
> index 2cfe66530c..b5c6d87740 100644
> --- a/lib/cryptodev/rte_crypto_sym.h
> +++ b/lib/cryptodev/rte_crypto_sym.h
> @@ -172,8 +172,12 @@ enum rte_crypto_cipher_algorithm {
>  	/**< ShangMi 4 (SM4) algorithm in ECB mode */
>  	RTE_CRYPTO_CIPHER_SM4_CBC,
>  	/**< ShangMi 4 (SM4) algorithm in CBC mode */
> -	RTE_CRYPTO_CIPHER_SM4_CTR
> +	RTE_CRYPTO_CIPHER_SM4_CTR,
>  	/**< ShangMi 4 (SM4) algorithm in CTR mode */
> +	RTE_CRYPTO_CIPHER_SM4_CFB,
> +	/**< ShangMi 4 (SM4) algorithm in CFB mode */
> +	RTE_CRYPTO_CIPHER_SM4_OFB
> +	/**< ShangMi 4 (SM4) algorithm in OFB mode */
>  };
> 
>  /** Cipher algorithm name strings */
> @@ -376,6 +380,8 @@ enum rte_crypto_auth_algorithm {
>  	/**< HMAC using 512 bit SHA3 algorithm. */
>  	RTE_CRYPTO_AUTH_SM3,
>  	/**< ShangMi 3 (SM3) algorithm */
> +	RTE_CRYPTO_AUTH_SM3_HMAC,
> +	/**< HMAC using ShangMi 3 (SM3) algorithm */
> 
>  	RTE_CRYPTO_AUTH_SHAKE_128,
>  	/**< 128 bit SHAKE algorithm. */
> --
> 2.19.0.rc0.windows.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-03-15 11:10 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-28 10:06 [PATCH] crypto/openssl: support SM3/SM4 in openssl Sunyang Wu
2023-03-01 12:22 ` [EXT] " Akhil Goyal
2023-03-15 11:09   ` Akhil Goyal
     [not found] <20230228075827.15008-1-sunyang.wu@jaguarmicro.com>
2023-02-28  8:02 ` Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).