[PATCH v3 0/3] SM2 crypto algorithm support

[PATCH v3 0/3] SM2 crypto algorithm support

[Gowrishankar Muthukrishnan]

This patch series adds SM2 crypto algorithm support, along with tests
verified using Openssl.

v3:
 - sm2 xform contains hash param and key pair info moved into op.

Gowrishankar Muthukrishnan (3):
  cryptodev: add SM2 asymmetric crypto algorithm
  test/crypto: add asymmetric SM2 test cases
  crypto/openssl: add SM2 asymmetric crypto support

 app/test/test_cryptodev_asym.c               | 581 +++++++++++++++++++
 app/test/test_cryptodev_sm2_test_vectors.h   | 129 ++++
 doc/guides/cryptodevs/features/default.ini   |   1 +
 doc/guides/cryptodevs/features/openssl.ini   |   1 +
 doc/guides/cryptodevs/openssl.rst            |   1 +
 doc/guides/rel_notes/release_23_07.rst       |   9 +
 drivers/crypto/openssl/openssl_pmd_private.h |   6 +
 drivers/crypto/openssl/rte_openssl_pmd.c     | 297 ++++++++++
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  48 ++
 lib/cryptodev/rte_crypto_asym.h              |  87 +++
 lib/cryptodev/rte_cryptodev.c                |   1 +
 11 files changed, 1161 insertions(+)
 create mode 100644 app/test/test_cryptodev_sm2_test_vectors.h

-- 
2.25.1

[PATCH v3 1/3] cryptodev: add SM2 asymmetric crypto algorithm

[Gowrishankar Muthukrishnan]

ShangMi 2 (SM2) is set of public-key cryptography algorithms
based on elliptic curves.

Added support for asymmetric SM2 in cryptodev along with prime
field curve, as referenced in RFC:
https://datatracker.ietf.org/doc/html/draft-shen-sm2-ecdsa-02

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/cryptodevs/features/default.ini |  1 +
 doc/guides/rel_notes/release_23_07.rst     |  5 ++
 lib/cryptodev/rte_crypto_asym.h            | 87 ++++++++++++++++++++++
 lib/cryptodev/rte_cryptodev.c              |  1 +
 4 files changed, 94 insertions(+)

diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini
index 523da0cfa8..a69967bb9e 100644
--- a/doc/guides/cryptodevs/features/default.ini
+++ b/doc/guides/cryptodevs/features/default.ini
@@ -125,6 +125,7 @@ Diffie-hellman          =
 ECDSA                   =
 ECPM                    =
 ECDH                    =
+SM2                     =
 
 ;
 ; Supported Operating systems of a default crypto driver.
diff --git a/doc/guides/rel_notes/release_23_07.rst b/doc/guides/rel_notes/release_23_07.rst
index a9b1293689..8b8e69d619 100644
--- a/doc/guides/rel_notes/release_23_07.rst
+++ b/doc/guides/rel_notes/release_23_07.rst
@@ -55,6 +55,11 @@ New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+* **Added SM2 asymmetric algorithm in cryptodev.**
+
+  Added support for ShamMi 2 (SM2) asymmetric crypto algorithm
+  along with prime field curve support.
+
 
 Removed Items
 -------------
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 989f38323f..ab0b4abea7 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -119,6 +119,11 @@ enum rte_crypto_asym_xform_type {
 	/**< Elliptic Curve Point Multiplication */
 	RTE_CRYPTO_ASYM_XFORM_ECFPM,
 	/**< Elliptic Curve Fixed Point Multiplication */
+	RTE_CRYPTO_ASYM_XFORM_SM2,
+	/**< ShangMi 2
+	 * Performs Encrypt, Decrypt, Sign and Verify.
+	 * Refer to rte_crypto_asym_op_type.
+	 */
 	RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
 	/**< End of list */
 };
@@ -382,6 +387,17 @@ struct rte_crypto_ec_xform {
 	/**< Pre-defined ec groups */
 };
 
+/**
+ * Asymmetric SM2 transform data
+ *
+ * Structure describing SM2 xform params
+ *
+ */
+struct rte_crypto_sm2_xform {
+	enum rte_crypto_auth_algorithm hash;
+	/**< Hash algorithm used in SM2 op. */
+};
+
 /**
  * Operations params for modular operations:
  * exponentiation and multiplicative inverse
@@ -637,9 +653,79 @@ struct rte_crypto_asym_xform {
 		/**< EC xform parameters, used by elliptic curve based
 		 * operations.
 		 */
+
+		struct rte_crypto_sm2_xform sm2;
+		/**< SM2 xform parameters */
 	};
 };
 
+/**
+ * SM2 operation params
+ */
+struct rte_crypto_sm2_op_param {
+	enum rte_crypto_asym_op_type op_type;
+	/**< Signature generation or verification */
+
+	rte_crypto_uint pkey;
+	/**< Private key for encryption or sign generation */
+
+	struct rte_crypto_ec_point q;
+	/**< Public key for decryption or verification */
+
+	rte_crypto_param message;
+	/**<
+	 * Pointer to input data
+	 * - to be encrypted for SM2 public encrypt.
+	 * - to be signed for SM2 sign generation.
+	 * - to be authenticated for SM2 sign verification.
+	 *
+	 * Pointer to output data
+	 * - for SM2 private decrypt.
+	 * In this case the underlying array should have been
+	 * allocated with enough memory to hold plaintext output
+	 * (at least encrypted text length). The message.length field
+	 * will be overwritten by the PMD with the decrypted length.
+	 */
+
+	rte_crypto_param cipher;
+	/**<
+	 * Pointer to input data
+	 * - to be decrypted for SM2 private decrypt.
+	 *
+	 * Pointer to output data
+	 * - for SM2 public encrypt.
+	 * In this case the underlying array should have been allocated
+	 * with enough memory to hold ciphertext output (at least X bytes
+	 * for prime field curve of N bytes and for message M bytes,
+	 * where X = (C1 + C2 + C3) and computed based on SM2 RFC as
+	 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
+	 * be overwritten by the PMD with the encrypted length.
+	 */
+
+	rte_crypto_uint id;
+	/**< The SM2 id used by signer and verifier and is in interval (1, n-1). */
+
+	rte_crypto_uint k;
+	/**< The SM2 per-message secret number, which is an integer
+	 * in the interval (1, n-1).
+	 * If the random number is generated by the PMD,
+	 * the 'rte_crypto_param.data' parameter should be set to NULL.
+	 */
+
+	rte_crypto_uint r;
+	/**< r component of elliptic curve signature
+	 *     output : for signature generation (of at least N bytes
+	 *              where prime field length is N bytes)
+	 *     input  : for signature verification
+	 */
+	rte_crypto_uint s;
+	/**< s component of elliptic curve signature
+	 *     output : for signature generation (of at least N bytes
+	 *              where prime field length is N bytes)
+	 *     input  : for signature verification
+	 */
+};
+
 /**
  * Asymmetric Cryptographic Operation.
  *
@@ -665,6 +751,7 @@ struct rte_crypto_asym_op {
 		struct rte_crypto_dsa_op_param dsa;
 		struct rte_crypto_ecdsa_op_param ecdsa;
 		struct rte_crypto_ecpm_op_param ecpm;
+		struct rte_crypto_sm2_op_param sm2;
 	};
 	uint16_t flags;
 	/**<
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index a96114b2da..21cabc3ffd 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -299,6 +299,7 @@ crypto_asym_xform_strings[] = {
 	[RTE_CRYPTO_ASYM_XFORM_DSA]	= "dsa",
 	[RTE_CRYPTO_ASYM_XFORM_ECDSA]	= "ecdsa",
 	[RTE_CRYPTO_ASYM_XFORM_ECPM]	= "ecpm",
+	[RTE_CRYPTO_ASYM_XFORM_SM2]	= "sm2",
 };
 
 /**
-- 
2.25.1

[PATCH v3 2/3] test/crypto: add asymmetric SM2 test cases

[Gowrishankar Muthukrishnan]

Added test cases for asymmetric SM2 crypto validation.
Test cases are added for sign/verify/encrypt/decrypt.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 app/test/test_cryptodev_asym.c             | 581 +++++++++++++++++++++
 app/test/test_cryptodev_sm2_test_vectors.h | 129 +++++
 2 files changed, 710 insertions(+)
 create mode 100644 app/test/test_cryptodev_sm2_test_vectors.h

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 9236817650..baa8f89325 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -21,6 +21,7 @@
 #include "test_cryptodev_ecpm_test_vectors.h"
 #include "test_cryptodev_mod_test_vectors.h"
 #include "test_cryptodev_rsa_test_vectors.h"
+#include "test_cryptodev_sm2_test_vectors.h"
 #include "test_cryptodev_asym_util.h"
 #include "test.h"
 
@@ -2196,6 +2197,582 @@ test_ecpm_all_curve(void)
 	return overall_status;
 }
 
+static int
+_test_sm2_sign(bool rnd_secret)
+{
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_op *result_op = NULL;
+	uint8_t output_buf_r[TEST_DATA_SIZE];
+	uint8_t output_buf_s[TEST_DATA_SIZE];
+	struct rte_crypto_asym_xform xform;
+	struct rte_crypto_asym_op *asym_op;
+	struct rte_crypto_op *op = NULL;
+	int ret, status = TEST_SUCCESS;
+	void *sess = NULL;
+
+	/* Setup crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto "
+				"operation struct\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	asym_op = op->asym;
+
+	/* Setup asym xform */
+	xform.next = NULL;
+	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+
+	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
+	if (ret < 0) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Session creation failed\n");
+		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
+		goto exit;
+	}
+
+	/* Attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	/* Compute sign */
+
+	/* Populate op with operational details */
+	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+	asym_op->sm2.message.data = input_params.message.data;
+	asym_op->sm2.message.length = input_params.message.length;
+	asym_op->sm2.pkey.data = input_params.pkey.data;
+	asym_op->sm2.pkey.length = input_params.pkey.length;
+	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
+	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
+	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
+	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
+	asym_op->sm2.id.data = input_params.id.data;
+	asym_op->sm2.id.length = input_params.id.length;
+	if (rnd_secret) {
+		asym_op->sm2.k.data = NULL;
+		asym_op->sm2.k.length = 0;
+	} else {
+		asym_op->sm2.k.data = input_params.k.data;
+		asym_op->sm2.k.length = input_params.k.length;
+	}
+
+	/* Init out buf */
+	asym_op->sm2.r.data = output_buf_r;
+	asym_op->sm2.s.data = output_buf_s;
+
+	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	asym_op = result_op->asym;
+
+	debug_hexdump(stdout, "r:",
+			asym_op->sm2.r.data, asym_op->sm2.r.length);
+	debug_hexdump(stdout, "s:",
+			asym_op->sm2.s.data, asym_op->sm2.s.length);
+
+	if (!rnd_secret) {
+		/* Verify sign (by comparison). */
+		if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data,
+				   asym_op->sm2.r.length) != 0) {
+			status = TEST_FAILED;
+			RTE_LOG(ERR, USER1,
+					"line %u FAILED: %s", __LINE__,
+					"SM2 sign failed.\n");
+			goto exit;
+		}
+		if (memcmp(input_params.sign_s.data, asym_op->sm2.s.data,
+				   asym_op->sm2.s.length) != 0) {
+			status = TEST_FAILED;
+			RTE_LOG(ERR, USER1,
+					"line %u FAILED: %s", __LINE__,
+					"SM2 sign failed.\n");
+			goto exit;
+		}
+	} else {
+		/* Verify sign (in roundtrip).
+		 * Due to random number used per message, sign op
+		 * would produce different output for same message
+		 * every time. Hence, we can't have expected output
+		 * to match, instead reverse op to verify.
+		 */
+
+		/* Populate op with operational details */
+		asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+
+		/* Enqueue sign result for verify */
+		if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+			status = TEST_FAILED;
+			RTE_LOG(ERR, USER1,
+					"line %u FAILED: %s", __LINE__,
+					"Error sending packet for operation\n");
+			goto exit;
+		}
+
+		while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+			rte_pause();
+
+		if (result_op == NULL) {
+			status = TEST_FAILED;
+			goto exit;
+		}
+		if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+			status = TEST_FAILED;
+			RTE_LOG(ERR, USER1,
+					"line %u FAILED: %s", __LINE__,
+					"SM2 verify failed.\n");
+			goto exit;
+		}
+	}
+
+exit:
+	if (sess != NULL)
+		rte_cryptodev_asym_session_free(dev_id, sess);
+	rte_crypto_op_free(op);
+	return status;
+};
+
+static int
+test_sm2_sign_rnd_secret(void)
+{
+	return _test_sm2_sign(true);
+}
+
+__rte_used static int
+test_sm2_sign_plain_secret(void)
+{
+	return _test_sm2_sign(false);
+}
+
+static int
+test_sm2_verify(void)
+{
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_op *result_op = NULL;
+	struct rte_crypto_asym_xform xform;
+	struct rte_crypto_asym_op *asym_op;
+	struct rte_crypto_op *op = NULL;
+	int ret, status = TEST_SUCCESS;
+	void *sess = NULL;
+
+	/* Setup crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto "
+				"operation struct\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	asym_op = op->asym;
+
+	/* Setup asym xform */
+	xform.next = NULL;
+	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+
+	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
+	if (ret < 0) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Session creation failed\n");
+		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
+		goto exit;
+	}
+
+	/* Attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	/* Verify given sign */
+
+	/* Populate op with operational details */
+	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+	asym_op->sm2.message.data = input_params.message.data;
+	asym_op->sm2.message.length = input_params.message.length;
+	asym_op->sm2.pkey.data = input_params.pkey.data;
+	asym_op->sm2.pkey.length = input_params.pkey.length;
+	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
+	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
+	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
+	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
+	asym_op->sm2.r.data = input_params.sign_r.data;
+	asym_op->sm2.r.length = input_params.sign_r.length;
+	asym_op->sm2.s.data = input_params.sign_s.data;
+	asym_op->sm2.s.length = input_params.sign_s.length;
+	asym_op->sm2.id.data = input_params.id.data;
+	asym_op->sm2.id.length = input_params.id.length;
+
+	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+exit:
+	if (sess != NULL)
+		rte_cryptodev_asym_session_free(dev_id, sess);
+	rte_crypto_op_free(op);
+	return status;
+};
+
+static int
+_test_sm2_enc(bool rnd_secret)
+{
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	uint8_t output_buf[TEST_DATA_SIZE], *pbuf = NULL;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_op *result_op = NULL;
+	struct rte_crypto_asym_xform xform;
+	struct rte_crypto_asym_op *asym_op;
+	struct rte_crypto_op *op = NULL;
+	int ret, status = TEST_SUCCESS;
+	void *sess = NULL;
+
+	/* Setup crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto "
+				"operation struct\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+	asym_op = op->asym;
+
+	/* Setup asym xform */
+	xform.next = NULL;
+	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+
+	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
+	if (ret < 0) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Session creation failed\n");
+		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
+		goto exit;
+	}
+
+	/* Attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	/* Compute encrypt */
+
+	/* Populate op with operational details */
+	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
+	asym_op->sm2.message.data = input_params.message.data;
+	asym_op->sm2.message.length = input_params.message.length;
+	asym_op->sm2.pkey.data = input_params.pkey.data;
+	asym_op->sm2.pkey.length = input_params.pkey.length;
+	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
+	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
+	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
+	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
+	if (rnd_secret) {
+		asym_op->sm2.k.data = NULL;
+		asym_op->sm2.k.length = 0;
+	} else {
+		asym_op->sm2.k.data = input_params.k.data;
+		asym_op->sm2.k.length = input_params.k.length;
+	}
+
+	/* Init out buf */
+	asym_op->sm2.cipher.data = output_buf;
+
+	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	asym_op = result_op->asym;
+
+	debug_hexdump(stdout, "cipher:",
+			asym_op->sm2.cipher.data, asym_op->sm2.cipher.length);
+
+	if (!rnd_secret) {
+		if (memcmp(input_params.cipher.data, asym_op->sm2.cipher.data,
+				   asym_op->sm2.cipher.length) != 0) {
+			status = TEST_FAILED;
+			RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+					"SM2 encrypt failed.\n");
+			goto exit;
+		}
+	} else {
+		/* Verify cipher (in roundtrip).
+		 * Due to random number used per message, encrypt op
+		 * would produce different output for same message
+		 * every time. Hence, we can't have expected output
+		 * to match, instead reverse op to decrypt.
+		 */
+
+		/* Populate op with operational details */
+		op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+		pbuf = rte_malloc(NULL, TEST_DATA_SIZE, 0);
+		op->asym->sm2.message.data = pbuf;
+		op->asym->sm2.message.length = TEST_DATA_SIZE;
+
+		/* Enqueue cipher result for decrypt */
+		if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+			status = TEST_FAILED;
+			RTE_LOG(ERR, USER1,
+					"line %u FAILED: %s", __LINE__,
+					"Error sending packet for operation\n");
+			goto exit;
+		}
+
+		while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+			rte_pause();
+
+		if (result_op == NULL) {
+			status = TEST_FAILED;
+			goto exit;
+		}
+		if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+			status = TEST_FAILED;
+			RTE_LOG(ERR, USER1,
+					"line %u FAILED: %s", __LINE__,
+					"SM2 encrypt failed.\n");
+			goto exit;
+		}
+
+		asym_op = result_op->asym;
+		if (memcmp(input_params.message.data, asym_op->sm2.message.data,
+			       asym_op->sm2.message.length) != 0) {
+			status = TEST_FAILED;
+			RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+					"SM2 encrypt failed.\n");
+			goto exit;
+		}
+	}
+exit:
+	if (pbuf != NULL)
+		rte_free(pbuf);
+
+	if (sess != NULL)
+		rte_cryptodev_asym_session_free(dev_id, sess);
+	rte_crypto_op_free(op);
+	return status;
+};
+
+static int
+test_sm2_enc_rnd_secret(void)
+{
+	return _test_sm2_enc(true);
+}
+
+__rte_used static int
+test_sm2_enc_plain_secret(void)
+{
+	return _test_sm2_enc(false);
+}
+
+static int
+test_sm2_dec(void)
+{
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_op *result_op = NULL;
+	uint8_t output_buf_m[TEST_DATA_SIZE];
+	struct rte_crypto_asym_xform xform;
+	struct rte_crypto_asym_op *asym_op;
+	struct rte_crypto_op *op = NULL;
+	int ret, status = TEST_SUCCESS;
+	void *sess = NULL;
+
+	/* Setup crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto "
+				"operation struct\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+	asym_op = op->asym;
+
+	/* Setup asym xform */
+	xform.next = NULL;
+	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
+	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+
+	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
+	if (ret < 0) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Session creation failed\n");
+		status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
+		goto exit;
+	}
+
+	/* Attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	/* Compute decrypt */
+
+	/* Populate op with operational details */
+	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+	asym_op->sm2.cipher.data = input_params.cipher.data;
+	asym_op->sm2.cipher.length = input_params.cipher.length;
+	asym_op->sm2.pkey.data = input_params.pkey.data;
+	asym_op->sm2.pkey.length = input_params.pkey.length;
+	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
+	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
+	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
+	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
+
+	/* Init out buf */
+	asym_op->sm2.message.data = output_buf_m;
+	asym_op->sm2.message.length = RTE_DIM(output_buf_m);
+
+	RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		status = TEST_FAILED;
+		goto exit;
+	}
+
+	asym_op = result_op->asym;
+
+	debug_hexdump(stdout, "message:",
+			asym_op->sm2.message.data, asym_op->sm2.message.length);
+
+	if (memcmp(input_params.message.data, asym_op->sm2.message.data,
+			op->asym->sm2.message.length)) {
+		status = TEST_FAILED;
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"SM2 decrypt failed.\n");
+		goto exit;
+	}
+exit:
+	if (sess != NULL)
+		rte_cryptodev_asym_session_free(dev_id, sess);
+	rte_crypto_op_free(op);
+	return status;
+};
+
 static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 	.suite_name = "Crypto Device OPENSSL ASYM Unit Test Suite",
 	.setup = testsuite_setup,
@@ -2205,6 +2782,10 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 				test_dh_keygenration),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign_rnd_secret),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_enc_rnd_secret),
+		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_dec),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
 				test_rsa_sign_verify),
diff --git a/app/test/test_cryptodev_sm2_test_vectors.h b/app/test/test_cryptodev_sm2_test_vectors.h
new file mode 100644
index 0000000000..7a4ce70c10
--- /dev/null
+++ b/app/test/test_cryptodev_sm2_test_vectors.h
@@ -0,0 +1,129 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#ifndef __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__
+#define __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__
+
+#include "rte_crypto_asym.h"
+
+struct crypto_testsuite_sm2_params {
+	rte_crypto_param pubkey_qx;
+	rte_crypto_param pubkey_qy;
+	rte_crypto_param pkey;
+	rte_crypto_param k;
+	rte_crypto_param sign_r;
+	rte_crypto_param sign_s;
+	rte_crypto_param id;
+	rte_crypto_param cipher;
+	rte_crypto_param message;
+};
+
+static uint8_t fp256_pkey[] = {
+	0x77, 0x84, 0x35, 0x65, 0x4c, 0x7a, 0x6d, 0xb1,
+	0x1e, 0x63, 0x0b, 0x41, 0x97, 0x36, 0x04, 0xf4,
+	0xec, 0x35, 0xee, 0x3b, 0x76, 0xc2, 0x34, 0x08,
+	0xd9, 0x4a, 0x22, 0x0d, 0x7f, 0xf6, 0xc6, 0x90
+};
+
+static uint8_t fp256_qx[] = {
+	0x7b, 0x24, 0xa3, 0x03, 0xcf, 0xb2, 0x22, 0xfa,
+	0x4c, 0xb3, 0x88, 0x54, 0xf9, 0x30, 0xd1, 0x4d,
+	0xe3, 0x50, 0xda, 0xba, 0xe6, 0xa7, 0x0b, 0x91,
+	0x4c, 0x04, 0x0d, 0x5c, 0xe0, 0x8e, 0x86, 0xc5
+};
+
+static uint8_t fp256_qy[] = {
+	0xbc, 0x39, 0xe3, 0x19, 0x4e, 0xd2, 0x29, 0x22,
+	0x5b, 0x37, 0x2d, 0xeb, 0xcc, 0x05, 0x52, 0x8d,
+	0xb9, 0x40, 0xa3, 0xab, 0x3c, 0xbe, 0x16, 0x30,
+	0x1c, 0xe4, 0xe8, 0x7f, 0xba, 0x6e, 0x0b, 0xae
+};
+
+static uint8_t fp256_k[] = {
+	0x01, 0x04, 0x02, 0x05, 0x04, 0x06, 0x03, 0x07
+};
+
+static uint8_t fp256_sign_r[] = {
+	0xf3, 0x26, 0x10, 0xde, 0xfb, 0xbf, 0x13, 0xd4,
+	0x73, 0xb1, 0xc2, 0x80, 0x51, 0x06, 0x29, 0xf9,
+	0xfb, 0xc8, 0x11, 0xa7, 0x8d, 0x2c, 0xcb, 0x09,
+	0x7c, 0xb2, 0xcf, 0x58, 0x0b, 0x5e, 0x25, 0xff
+};
+
+static uint8_t fp256_sign_s[] = {
+	0x8d, 0x8d, 0xb5, 0x40, 0xe3, 0xfb, 0x98, 0xf9,
+	0x8c, 0xe4, 0x58, 0x60, 0xf2, 0x78, 0x8f, 0xd9,
+	0xbf, 0xb8, 0x47, 0x73, 0x88, 0xc1, 0xd1, 0xcd,
+	0x2d, 0xdb, 0xe3, 0xc1, 0x44, 0x30, 0x25, 0x86
+};
+
+static uint8_t fp256_id[] = {
+	0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8
+};
+
+static uint8_t fp256_message[] = {
+	0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20,
+	0x64, 0x69, 0x67, 0x65, 0x73, 0x74
+};
+
+static uint8_t fp256_cipher[] = {
+	0x30, 0x78, 0x02, 0x21, 0x00, 0xAB, 0xBD, 0xE8,
+	0xE8, 0x80, 0x93, 0x36, 0x77, 0xB6, 0x44, 0x47,
+	0x6D, 0x00, 0xF6, 0x51, 0xC8, 0x80, 0x9C, 0x9E,
+	0xD9, 0xEC, 0x36, 0x8A, 0x60, 0x8E, 0x26, 0x2D,
+	0x71, 0x31, 0xB7, 0xC1, 0x38, 0x02, 0x21, 0x00,
+	0xE1, 0xBF, 0x4C, 0x13, 0x7A, 0x87, 0x40, 0x32,
+	0xF5, 0xA1, 0xE2, 0xA1, 0x3B, 0x83, 0xBF, 0x6B,
+	0x3F, 0xFB, 0xC8, 0x13, 0x01, 0xDE, 0xCF, 0xC0,
+	0xF4, 0x24, 0x66, 0x52, 0x89, 0xDA, 0x6D, 0x7A,
+	0x04, 0x20, 0x8E, 0xFD, 0x52, 0x77, 0xC9, 0xE7,
+	0x90, 0xD1, 0x17, 0x75, 0xDE, 0xEE, 0xF3, 0xE5,
+	0x11, 0x0C, 0x5D, 0xE1, 0x3A, 0xB6, 0x2B, 0x72,
+	0x60, 0xE5, 0xD5, 0xF3, 0x0F, 0xE2, 0x44, 0xDB,
+	0xBC, 0x66, 0x04, 0x0E, 0x78, 0x2D, 0xC0, 0x3D,
+	0x38, 0xA2, 0x42, 0xA4, 0x8E, 0x8B, 0xF5, 0x06,
+	0x32, 0xFA
+};
+
+/** SM2 Fp256 elliptic curve test params */
+struct crypto_testsuite_sm2_params sm2_param_fp256 = {
+	.pubkey_qx = {
+		.data = fp256_qx,
+		.length = sizeof(fp256_qx),
+	},
+	.pubkey_qy = {
+		.data = fp256_qy,
+		.length = sizeof(fp256_qy),
+	},
+	.k = {
+		.data = fp256_k,
+		.length = sizeof(fp256_k),
+	},
+	.sign_r = {
+		.data = fp256_sign_r,
+		.length = sizeof(fp256_sign_r),
+	},
+	.sign_s = {
+		.data = fp256_sign_s,
+		.length = sizeof(fp256_sign_s),
+	},
+	.id = {
+		.data = fp256_id,
+		.length = sizeof(fp256_id),
+	},
+	.pkey = {
+		.data = fp256_pkey,
+		.length = sizeof(fp256_pkey),
+	},
+	.message = {
+		.data = fp256_message,
+		.length = sizeof(fp256_message),
+	},
+	.cipher = {
+		.data = fp256_cipher,
+		.length = sizeof(fp256_cipher),
+	}
+};
+
+#endif /* __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__ */
-- 
2.25.1

[PATCH v3 3/3] crypto/openssl: add SM2 asymmetric crypto support

[Gowrishankar Muthukrishnan]

Add SM2 asymmetric algorithm support in openssl PMD.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/cryptodevs/features/openssl.ini   |   1 +
 doc/guides/cryptodevs/openssl.rst            |   1 +
 doc/guides/rel_notes/release_23_07.rst       |   4 +
 drivers/crypto/openssl/openssl_pmd_private.h |   6 +
 drivers/crypto/openssl/rte_openssl_pmd.c     | 297 +++++++++++++++++++
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  48 +++
 6 files changed, 357 insertions(+)

diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini
index 4b0f9b162e..b64c8ec4a5 100644
--- a/doc/guides/cryptodevs/features/openssl.ini
+++ b/doc/guides/cryptodevs/features/openssl.ini
@@ -65,6 +65,7 @@ DSA = Y
 Modular Exponentiation = Y
 Modular Inversion = Y
 Diffie-hellman = Y
+SM2 = Y
 
 ;
 ; Supported Operating systems of the 'openssl' crypto driver.
diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst
index 03041ceda1..ff21d21b23 100644
--- a/doc/guides/cryptodevs/openssl.rst
+++ b/doc/guides/cryptodevs/openssl.rst
@@ -53,6 +53,7 @@ Supported Asymmetric Crypto algorithms:
 * ``RTE_CRYPTO_ASYM_XFORM_DH``
 * ``RTE_CRYPTO_ASYM_XFORM_MODINV``
 * ``RTE_CRYPTO_ASYM_XFORM_MODEX``
+* ``RTE_CRYPTO_ASYM_XFORM_SM2``
 
 
 Installation
diff --git a/doc/guides/rel_notes/release_23_07.rst b/doc/guides/rel_notes/release_23_07.rst
index 8b8e69d619..aeebcffb60 100644
--- a/doc/guides/rel_notes/release_23_07.rst
+++ b/doc/guides/rel_notes/release_23_07.rst
@@ -61,6 +61,10 @@ New Features
   along with prime field curve support.
 
 
+* **Updated OpenSSL crypto driver for SM2 support.**
+
+  Added SM2 algorithm support in asymmetric crypto operations.
+
 Removed Items
 -------------
 
diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index ed6841e460..1edb669dfd 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -12,6 +12,7 @@
 #include <openssl/rsa.h>
 #include <openssl/dh.h>
 #include <openssl/dsa.h>
+#include <openssl/ec.h>
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 #include <openssl/provider.h>
 #include <openssl/core_names.h>
@@ -200,6 +201,11 @@ struct openssl_asym_session {
 			OSSL_PARAM_BLD * param_bld;
 #endif
 		} s;
+		struct {
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+			OSSL_PARAM * params;
+#endif
+		} sm2;
 	} u;
 } __rte_cache_aligned;
 /** Set and validate OPENSSL crypto session parameters */
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 384d262621..9442d39907 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -13,6 +13,7 @@
 #include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
+#include <openssl/ec.h>
 
 #include "openssl_pmd_private.h"
 #include "compat.h"
@@ -2662,6 +2663,286 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
 	return ret;
 
 }
+
+static int
+process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
+		struct openssl_asym_session *sess)
+{
+	EVP_PKEY_CTX *kctx = NULL, *sctx = NULL, *cctx = NULL;
+	struct rte_crypto_asym_op *op = cop->asym;
+	OSSL_PARAM_BLD *param_bld = NULL;
+	OSSL_PARAM *params = NULL;
+	EVP_PKEY *pkey = NULL;
+	BIGNUM *pkey_bn = NULL;
+	uint8_t pubkey[64];
+	size_t len = 0;
+	int ret = -1;
+
+	cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+
+	if (cop->asym->sm2.k.data != NULL)
+		goto err_sm2;
+
+	param_bld = OSSL_PARAM_BLD_new();
+	if (!param_bld) {
+		OPENSSL_LOG(ERR, "failed to allocate params\n");
+		goto err_sm2;
+	}
+
+	ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
+		OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0);
+	if (!ret) {
+		OPENSSL_LOG(ERR, "failed to push params\n");
+		goto err_sm2;
+	}
+
+	pkey_bn = BN_bin2bn((const unsigned char *)op->sm2.pkey.data,
+						op->sm2.pkey.length, pkey_bn);
+
+	memset(pubkey, 0, RTE_DIM(pubkey));
+	pubkey[0] = 0x04;
+	len += 1;
+	memcpy(&pubkey[len], op->sm2.q.x.data, op->sm2.q.x.length);
+	len += op->sm2.q.x.length;
+	memcpy(&pubkey[len], op->sm2.q.y.data, op->sm2.q.y.length);
+	len += op->sm2.q.y.length;
+
+	ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY,
+								 pkey_bn);
+	if (!ret) {
+		OPENSSL_LOG(ERR, "failed to push params\n");
+		goto err_sm2;
+	}
+
+	ret = OSSL_PARAM_BLD_push_octet_string(param_bld,
+			OSSL_PKEY_PARAM_PUB_KEY, pubkey, len);
+	if (!ret) {
+		OPENSSL_LOG(ERR, "failed to push params\n");
+		goto err_sm2;
+	}
+
+	params = OSSL_PARAM_BLD_to_param(param_bld);
+	if (!params) {
+		OPENSSL_LOG(ERR, "failed to push params\n");
+		goto err_sm2;
+	}
+
+	switch (op->sm2.op_type) {
+	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
+		{
+			OSSL_PARAM *eparams = sess->u.sm2.params;
+			size_t output_len;
+
+			kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
+			if (kctx == NULL || EVP_PKEY_fromdata_init(kctx) <= 0 ||
+				EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
+				goto err_sm2;
+
+			cctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
+			if (!cctx)
+				goto err_sm2;
+
+			if (!EVP_PKEY_encrypt_init(cctx))
+				goto err_sm2;
+
+			if (!EVP_PKEY_CTX_set_params(cctx, eparams))
+				goto err_sm2;
+
+			if (!EVP_PKEY_encrypt(cctx, op->sm2.cipher.data, &output_len,
+								 op->sm2.message.data,
+								 op->sm2.message.length))
+				goto err_sm2;
+			op->sm2.cipher.length = output_len;
+		}
+		break;
+	case RTE_CRYPTO_ASYM_OP_DECRYPT:
+		{
+			OSSL_PARAM *eparams = sess->u.sm2.params;
+
+			kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
+			if (kctx == NULL
+				|| EVP_PKEY_fromdata_init(kctx) <= 0
+				|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
+				goto err_sm2;
+
+			cctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
+			if (!cctx)
+				goto err_sm2;
+
+			if (!EVP_PKEY_decrypt_init(cctx))
+				goto err_sm2;
+
+			if (!EVP_PKEY_CTX_set_params(cctx, eparams))
+				goto err_sm2;
+
+			if (!EVP_PKEY_decrypt(cctx, op->sm2.message.data, &op->sm2.message.length,
+					op->sm2.cipher.data, op->sm2.cipher.length))
+				goto err_sm2;
+		}
+		break;
+	case RTE_CRYPTO_ASYM_OP_SIGN:
+		{
+			unsigned char signbuf[128] = {0};
+			const unsigned char *signptr;
+			EVP_MD_CTX *md_ctx = NULL;
+			const BIGNUM *r, *s;
+			ECDSA_SIG *ec_sign;
+			EVP_MD *check_md;
+			size_t signlen;
+
+			kctx = EVP_PKEY_CTX_new_from_name(NULL, "SM2", NULL);
+			if (kctx == NULL || EVP_PKEY_fromdata_init(kctx) <= 0 ||
+				EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
+				goto err_sm2;
+
+			md_ctx = EVP_MD_CTX_new();
+			if (!md_ctx)
+				goto err_sm2;
+
+			sctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
+			if (!sctx)
+				goto err_sm2;
+
+			EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
+
+			check_md = EVP_MD_fetch(NULL, "sm3", NULL);
+			if (!check_md)
+				goto err_sm2;
+
+			if (!EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey))
+				goto err_sm2;
+
+			if (EVP_PKEY_CTX_set1_id(sctx, op->sm2.id.data, op->sm2.id.length) <= 0)
+				goto err_sm2;
+
+			if (!EVP_DigestSignUpdate(md_ctx, op->sm2.message.data,
+					op->sm2.message.length))
+				goto err_sm2;
+
+			if (!EVP_DigestSignFinal(md_ctx, NULL, &signlen))
+				goto err_sm2;
+
+			if (!EVP_DigestSignFinal(md_ctx, signbuf, &signlen))
+				goto err_sm2;
+
+			signptr = signbuf;
+			ec_sign = d2i_ECDSA_SIG(NULL, &signptr, signlen);
+			if (!ec_sign)
+				goto err_sm2;
+
+			r = ECDSA_SIG_get0_r(ec_sign);
+			s = ECDSA_SIG_get0_s(ec_sign);
+			if (!r || !s)
+				goto err_sm2;
+
+			op->sm2.r.length = BN_num_bytes(r);
+			op->sm2.s.length = BN_num_bytes(s);
+			BN_bn2bin(r, op->sm2.r.data);
+			BN_bn2bin(s, op->sm2.s.data);
+
+			ECDSA_SIG_free(ec_sign);
+		}
+		break;
+	case RTE_CRYPTO_ASYM_OP_VERIFY:
+		{
+			unsigned char signbuf[128] = {0};
+			BIGNUM *r = NULL, *s = NULL;
+			EVP_MD_CTX *md_ctx = NULL;
+			ECDSA_SIG *ec_sign;
+			EVP_MD *check_md;
+			size_t signlen;
+
+			kctx = EVP_PKEY_CTX_new_from_name(NULL, "SM2", NULL);
+			if (kctx == NULL || EVP_PKEY_fromdata_init(kctx) <= 0 ||
+				EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_PUBLIC_KEY, params) <= 0)
+				goto err_sm2;
+
+			if (!EVP_PKEY_is_a(pkey, "SM2"))
+				goto err_sm2;
+
+			md_ctx = EVP_MD_CTX_new();
+			if (!md_ctx)
+				goto err_sm2;
+
+			sctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
+			if (!sctx)
+				goto err_sm2;
+
+			EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
+
+			check_md = EVP_MD_fetch(NULL, "sm3", NULL);
+			if (!check_md)
+				goto err_sm2;
+
+			if (!EVP_DigestVerifyInit(md_ctx, NULL, check_md, NULL, pkey))
+				goto err_sm2;
+
+			if (EVP_PKEY_CTX_set1_id(sctx, op->sm2.id.data, op->sm2.id.length) <= 0)
+				goto err_sm2;
+
+			if (!EVP_DigestVerifyUpdate(md_ctx, op->sm2.message.data,
+					op->sm2.message.length))
+				goto err_sm2;
+
+			ec_sign = ECDSA_SIG_new();
+			if (!ec_sign)
+				goto err_sm2;
+
+			r = BN_bin2bn(op->sm2.r.data, op->sm2.r.length, r);
+			s = BN_bin2bn(op->sm2.s.data, op->sm2.s.length, s);
+			if (!r || !s)
+				goto err_sm2;
+
+			if (!ECDSA_SIG_set0(ec_sign, r, s)) {
+				BN_free(r);
+				BN_free(s);
+				goto err_sm2;
+			}
+
+			r = NULL;
+			s = NULL;
+
+			signlen = i2d_ECDSA_SIG(ec_sign, (unsigned char **)&signbuf);
+			if (signlen <= 0)
+				goto err_sm2;
+
+			if (!EVP_DigestVerifyFinal(md_ctx, signbuf, signlen))
+				goto err_sm2;
+
+			BN_free(r);
+			BN_free(s);
+			ECDSA_SIG_free(ec_sign);
+	}
+		break;
+	default:
+		/* allow ops with invalid args to be pushed to
+		 * completion queue
+		 */
+		cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		goto err_sm2;
+	}
+
+	ret = 0;
+	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+err_sm2:
+	if (kctx)
+		EVP_PKEY_CTX_free(kctx);
+
+	if (sctx)
+		EVP_PKEY_CTX_free(sctx);
+
+	if (cctx)
+		EVP_PKEY_CTX_free(cctx);
+
+	if (pkey)
+		EVP_PKEY_free(pkey);
+
+	if (param_bld)
+		OSSL_PARAM_BLD_free(param_bld);
+
+	return ret;
+}
+
 #else
 static int
 process_openssl_rsa_op(struct rte_crypto_op *cop,
@@ -2761,6 +3042,15 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 
 	return 0;
 }
+
+static int
+process_openssl_sm2_op(struct rte_crypto_op *cop,
+		struct openssl_asym_session *sess)
+{
+	RTE_SET_USED(cop);
+	RTE_SET_USED(sess);
+	return -ENOTSUP;
+}
 #endif
 
 static int
@@ -2809,6 +3099,13 @@ process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 				process_openssl_dsa_verify_op(op, sess);
 		else
 			op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+#endif
+		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		retval = process_openssl_sm2_op_evp(op, sess);
+#else
+		retval = process_openssl_sm2_op(op, sess);
 #endif
 		break;
 	default:
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 29ad1b9505..fe38e4ebd8 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -1282,6 +1282,50 @@ static int openssl_set_asym_session_parameters(
 		BN_free(pub_key);
 		return -1;
 	}
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+	{
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		OSSL_PARAM_BLD *param_bld = NULL;
+		OSSL_PARAM *params = NULL;
+		int ret = -1;
+
+		if (xform->sm2.hash != RTE_CRYPTO_AUTH_SM3)
+			return -1;
+
+		param_bld = OSSL_PARAM_BLD_new();
+		if (!param_bld) {
+			OPENSSL_LOG(ERR, "failed to allocate params\n");
+			goto err_sm2;
+		}
+
+		ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
+				OSSL_ASYM_CIPHER_PARAM_DIGEST, "SM3", 0);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		params = OSSL_PARAM_BLD_to_param(param_bld);
+		if (!params) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		asym_session->u.sm2.params = params;
+		OSSL_PARAM_BLD_free(param_bld);
+
+		asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_SM2;
+		break;
+err_sm2:
+		if (param_bld)
+			OSSL_PARAM_BLD_free(param_bld);
+
+		if (asym_session->u.sm2.params)
+			OSSL_PARAM_free(asym_session->u.sm2.params);
+
+		return -1;
+#endif
+	}
 	default:
 		return ret;
 	}
@@ -1366,6 +1410,10 @@ static void openssl_reset_asym_session(struct openssl_asym_session *sess)
 			DSA_free(sess->u.s.dsa);
 #endif
 		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		OSSL_PARAM_free(sess->u.sm2.params);
+#endif
 	default:
 		break;
 	}
-- 
2.25.1

RE: [PATCH v3 1/3] cryptodev: add SM2 asymmetric crypto algorithm

[Kusztal, ArkadiuszX]

Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>

Some things will need to be changed before the next release (few of them I described below), but I will ack it. Especially that other algorithms have similar issues.

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Sunday, June 4, 2023 11:43 AM
> To: dev@dpdk.org
> Cc: anoobj@marvell.com; Akhil Goyal <gakhil@marvell.com>; Kusztal,
> ArkadiuszX <arkadiuszx.kusztal@intel.com>; Fan Zhang
> <fanzhang.oss@gmail.com>; Ji, Kai <kai.ji@intel.com>; Gowrishankar
> Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [PATCH v3 1/3] cryptodev: add SM2 asymmetric crypto algorithm
> 
> ShangMi 2 (SM2) is set of public-key cryptography algorithms based on elliptic
> curves.
> 
> Added support for asymmetric SM2 in cryptodev along with prime field curve, as
> referenced in RFC:
> https://datatracker.ietf.org/doc/html/draft-shen-sm2-ecdsa-02
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  doc/guides/cryptodevs/features/default.ini |  1 +
>  doc/guides/rel_notes/release_23_07.rst     |  5 ++
>  lib/cryptodev/rte_crypto_asym.h            | 87 ++++++++++++++++++++++
>  lib/cryptodev/rte_cryptodev.c              |  1 +
>  4 files changed, 94 insertions(+)
> 
> diff --git a/doc/guides/cryptodevs/features/default.ini
> b/doc/guides/cryptodevs/features/default.ini
> index 523da0cfa8..a69967bb9e 100644
> --- a/doc/guides/cryptodevs/features/default.ini
> +++ b/doc/guides/cryptodevs/features/default.ini
> @@ -125,6 +125,7 @@ Diffie-hellman          =
>  ECDSA                   =
>  ECPM                    =
>  ECDH                    =
> +SM2                     =
> 
>  ;
>  ; Supported Operating systems of a default crypto driver.
> diff --git a/doc/guides/rel_notes/release_23_07.rst
> b/doc/guides/rel_notes/release_23_07.rst
> index a9b1293689..8b8e69d619 100644
> --- a/doc/guides/rel_notes/release_23_07.rst
> +++ b/doc/guides/rel_notes/release_23_07.rst
> @@ -55,6 +55,11 @@ New Features
>       Also, make sure to start the actual text at the margin.
>       =======================================================
> 
> +* **Added SM2 asymmetric algorithm in cryptodev.**
> +
> +  Added support for ShamMi 2 (SM2) asymmetric crypto algorithm  along
> + with prime field curve support.
> +
> 
>  Removed Items
>  -------------
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 989f38323f..ab0b4abea7 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -119,6 +119,11 @@ enum rte_crypto_asym_xform_type {
>  	/**< Elliptic Curve Point Multiplication */
>  	RTE_CRYPTO_ASYM_XFORM_ECFPM,
>  	/**< Elliptic Curve Fixed Point Multiplication */
> +	RTE_CRYPTO_ASYM_XFORM_SM2,
> +	/**< ShangMi 2
> +	 * Performs Encrypt, Decrypt, Sign and Verify.
> +	 * Refer to rte_crypto_asym_op_type.
> +	 */
>  	RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
>  	/**< End of list */
>  };
> @@ -382,6 +387,17 @@ struct rte_crypto_ec_xform {
>  	/**< Pre-defined ec groups */
>  };
> 
> +/**
> + * Asymmetric SM2 transform data
> + *
> + * Structure describing SM2 xform params
> + *
> + */
> +struct rte_crypto_sm2_xform {
> +	enum rte_crypto_auth_algorithm hash;
> +	/**< Hash algorithm used in SM2 op. */ };
> +
>  /**
>   * Operations params for modular operations:
>   * exponentiation and multiplicative inverse @@ -637,9 +653,79 @@ struct
> rte_crypto_asym_xform {
>  		/**< EC xform parameters, used by elliptic curve based
>  		 * operations.
>  		 */
> +
> +		struct rte_crypto_sm2_xform sm2;
> +		/**< SM2 xform parameters */
>  	};
>  };
> 
> +/**
> + * SM2 operation params
> + */
> +struct rte_crypto_sm2_op_param {
> +	enum rte_crypto_asym_op_type op_type;
> +	/**< Signature generation or verification */
> +
> +	rte_crypto_uint pkey;
> +	/**< Private key for encryption or sign generation */
> +
> +	struct rte_crypto_ec_point q;
> +	/**< Public key for decryption or verification */
> +
> +	rte_crypto_param message;
> +	/**<
> +	 * Pointer to input data
> +	 * - to be encrypted for SM2 public encrypt.
> +	 * - to be signed for SM2 sign generation.
> +	 * - to be authenticated for SM2 sign verification.
> +	 *

This repeats problems known to dsa/ecdsa. What will work on OpenSSL PMD will not work on the HW. Ironically, test will pass for both...
We can extend this before the next release.

> +	 * Pointer to output data
> +	 * - for SM2 private decrypt.
> +	 * In this case the underlying array should have been
> +	 * allocated with enough memory to hold plaintext output
> +	 * (at least encrypted text length). The message.length field
> +	 * will be overwritten by the PMD with the decrypted length.
> +	 */
> +
> +	rte_crypto_param cipher;
> +	/**<
> +	 * Pointer to input data
> +	 * - to be decrypted for SM2 private decrypt.
> +	 *
> +	 * Pointer to output data
> +	 * - for SM2 public encrypt.
> +	 * In this case the underlying array should have been allocated
> +	 * with enough memory to hold ciphertext output (at least X bytes
> +	 * for prime field curve of N bytes and for message M bytes,
> +	 * where X = (C1 + C2 + C3) and computed based on SM2 RFC as
> +	 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> +	 * be overwritten by the PMD with the encrypted length.
> +	 */
I thought it was concatenation, not addition.
> +
> +	rte_crypto_uint id;
> +	/**< The SM2 id used by signer and verifier and is in interval (1,
> +n-1). */
Where does the (1,n-1) limitation comes from? As it is a hashed prefix, should it have any mathematical interpretation at all?
> +
> +	rte_crypto_uint k;
> +	/**< The SM2 per-message secret number, which is an integer
> +	 * in the interval (1, n-1).
> +	 * If the random number is generated by the PMD,
> +	 * the 'rte_crypto_param.data' parameter should be set to NULL.
> +	 */
> +
> +	rte_crypto_uint r;
> +	/**< r component of elliptic curve signature
> +	 *     output : for signature generation (of at least N bytes
> +	 *              where prime field length is N bytes)
> +	 *     input  : for signature verification
> +	 */
> +	rte_crypto_uint s;
> +	/**< s component of elliptic curve signature
> +	 *     output : for signature generation (of at least N bytes
> +	 *              where prime field length is N bytes)
> +	 *     input  : for signature verification
> +	 */
> +};
> +
>  /**
>   * Asymmetric Cryptographic Operation.
>   *
> @@ -665,6 +751,7 @@ struct rte_crypto_asym_op {
>  		struct rte_crypto_dsa_op_param dsa;
>  		struct rte_crypto_ecdsa_op_param ecdsa;
>  		struct rte_crypto_ecpm_op_param ecpm;
> +		struct rte_crypto_sm2_op_param sm2;
>  	};
>  	uint16_t flags;
>  	/**<
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index
> a96114b2da..21cabc3ffd 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -299,6 +299,7 @@ crypto_asym_xform_strings[] = {
>  	[RTE_CRYPTO_ASYM_XFORM_DSA]	= "dsa",
>  	[RTE_CRYPTO_ASYM_XFORM_ECDSA]	= "ecdsa",
>  	[RTE_CRYPTO_ASYM_XFORM_ECPM]	= "ecpm",
> +	[RTE_CRYPTO_ASYM_XFORM_SM2]	= "sm2",
>  };
> 
>  /**
> --
> 2.25.1

RE: [PATCH v3 1/3] cryptodev: add SM2 asymmetric crypto algorithm

[Gowrishankar Muthukrishnan]

> Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> 
> Some things will need to be changed before the next release (few of them I
> described below), but I will ack it. Especially that other algorithms have similar
> issues.
> 
Sure. I also thought any improvements can collectively addressed as it is another EC.

> > +/**
> > + * Asymmetric SM2 transform data
> > + *
> > + * Structure describing SM2 xform params
> > + *
> > + */
> > +struct rte_crypto_sm2_xform {
> > +	enum rte_crypto_auth_algorithm hash;
> > +	/**< Hash algorithm used in SM2 op. */ };
> > +
> >  /**
> >   * Operations params for modular operations:
> >   * exponentiation and multiplicative inverse @@ -637,9 +653,79 @@
> > struct rte_crypto_asym_xform {
> >  		/**< EC xform parameters, used by elliptic curve based
> >  		 * operations.
> >  		 */
> > +
> > +		struct rte_crypto_sm2_xform sm2;
> > +		/**< SM2 xform parameters */
> >  	};
> >  };
> >
> > +/**
> > + * SM2 operation params
> > + */
> > +struct rte_crypto_sm2_op_param {
> > +	enum rte_crypto_asym_op_type op_type;
> > +	/**< Signature generation or verification */
> > +
> > +	rte_crypto_uint pkey;
> > +	/**< Private key for encryption or sign generation */
> > +
> > +	struct rte_crypto_ec_point q;
> > +	/**< Public key for decryption or verification */
> > +
> > +	rte_crypto_param message;
> > +	/**<
> > +	 * Pointer to input data
> > +	 * - to be encrypted for SM2 public encrypt.
> > +	 * - to be signed for SM2 sign generation.
> > +	 * - to be authenticated for SM2 sign verification.
> > +	 *
> 
> This repeats problems known to dsa/ecdsa. What will work on OpenSSL PMD will
> not work on the HW. Ironically, test will pass for both...
> We can extend this before the next release.

Ack
> 
> > +	 * Pointer to output data
> > +	 * - for SM2 private decrypt.
> > +	 * In this case the underlying array should have been
> > +	 * allocated with enough memory to hold plaintext output
> > +	 * (at least encrypted text length). The message.length field
> > +	 * will be overwritten by the PMD with the decrypted length.
> > +	 */
> > +
> > +	rte_crypto_param cipher;
> > +	/**<
> > +	 * Pointer to input data
> > +	 * - to be decrypted for SM2 private decrypt.
> > +	 *
> > +	 * Pointer to output data
> > +	 * - for SM2 public encrypt.
> > +	 * In this case the underlying array should have been allocated
> > +	 * with enough memory to hold ciphertext output (at least X bytes
> > +	 * for prime field curve of N bytes and for message M bytes,
> > +	 * where X = (C1 + C2 + C3) and computed based on SM2 RFC as
> > +	 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > +	 * be overwritten by the PMD with the encrypted length.
> > +	 */
> I thought it was concatenation, not addition.

Typo I did. Yes it should have been ||.

> > +
> > +	rte_crypto_uint id;
> > +	/**< The SM2 id used by signer and verifier and is in interval (1,
> > +n-1). */
> Where does the (1,n-1) limitation comes from? As it is a hashed prefix, should it
> have any mathematical interpretation at all?

Yeah it is not necessarily limited wrt n. we can just phrase it:
/**< The SM2 id used by signer and verifier */

In fact, here could be another improvement (applicable to EC as well) to 
keep the params specific to op. Sign/verify only would need this param
(and r , s below).

> > +
> > +	rte_crypto_uint k;
> > +	/**< The SM2 per-message secret number, which is an integer
> > +	 * in the interval (1, n-1).
> > +	 * If the random number is generated by the PMD,
> > +	 * the 'rte_crypto_param.data' parameter should be set to NULL.
> > +	 */
> > +
> > +	rte_crypto_uint r;
> > +	/**< r component of elliptic curve signature
> > +	 *     output : for signature generation (of at least N bytes
> > +	 *              where prime field length is N bytes)
> > +	 *     input  : for signature verification
> > +	 */
> > +	rte_crypto_uint s;
> > +	/**< s component of elliptic curve signature
> > +	 *     output : for signature generation (of at least N bytes
> > +	 *              where prime field length is N bytes)
> > +	 *     input  : for signature verification
> > +	 */
> > +};
> > +