> Added SM3/SM4 support in openssl
>
> ---
> We wrote a test program to test it, this is the test result:
> + SM4 Chain : 24/24 passed,
> 0/24 skipped, 0/24 failed, 0/24 unsupported
> + SM4 Cipher Only : 10/10 passed,
> 0/10 skipped, 0/10 failed, 0/10 unsupported
>
> Signed-off-by: Sunyang Wu <sunyang...@jaguarmicro.com>
> ---
> drivers/crypto/openssl/rte_openssl_pmd.c | 24 ++++
> drivers/crypto/openssl/rte_openssl_pmd_ops.c | 144 +++++++++++++++++++
> lib/cryptodev/rte_crypto_sym.h | 8 +-
You should split the patch into 2 - one for library changes and the other for
PMD.
Also these patches cannot be part of DPDK 23.03 as library changes are accepted
in RC1 only.
Also add documentation changes for the new algos added.
> 3 files changed, 175 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index abcb641a44..865cf03ff1 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -239,6 +239,19 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm
> sess_algo, size_t keylen,
> default:
> res = -EINVAL;
> }
> + case RTE_CRYPTO_CIPHER_SM4_ECB:
> + *algo = EVP_sm4_ecb();
> + break;
> + case RTE_CRYPTO_CIPHER_SM4_CBC:
> + *algo = EVP_sm4_cbc();
> + break;
> + case RTE_CRYPTO_CIPHER_SM4_CTR:
> + *algo = EVP_sm4_ctr();
> + case RTE_CRYPTO_CIPHER_SM4_OFB:
> + *algo = EVP_sm4_ofb();
> + break;
> + case RTE_CRYPTO_CIPHER_SM4_CFB:
> + *algo = EVP_sm4_cfb();
> break;
> default:
> res = -EINVAL;
> @@ -284,6 +297,10 @@ get_auth_algo(enum rte_crypto_auth_algorithm
> sessalgo,
> case RTE_CRYPTO_AUTH_SHA512_HMAC:
> *algo = EVP_sha512();
> break;
> + case RTE_CRYPTO_AUTH_SM3:
> + case RTE_CRYPTO_AUTH_SM3_HMAC:
> + *algo = EVP_sm3();
> + break;
> default:
> res = -EINVAL;
> break;
> @@ -483,6 +500,11 @@ openssl_set_session_cipher_parameters(struct
> openssl_session *sess,
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CTR:
> + case RTE_CRYPTO_CIPHER_SM4_ECB:
> + case RTE_CRYPTO_CIPHER_SM4_CBC:
> + case RTE_CRYPTO_CIPHER_SM4_CTR:
> + case RTE_CRYPTO_CIPHER_SM4_CFB:
> + case RTE_CRYPTO_CIPHER_SM4_OFB:
> sess->cipher.mode = OPENSSL_CIPHER_LIB;
> sess->cipher.algo = xform->cipher.algo;
> sess->cipher.ctx = EVP_CIPHER_CTX_new();
> @@ -636,6 +658,7 @@ openssl_set_session_auth_parameters(struct
> openssl_session *sess,
> case RTE_CRYPTO_AUTH_SHA256:
> case RTE_CRYPTO_AUTH_SHA384:
> case RTE_CRYPTO_AUTH_SHA512:
> + case RTE_CRYPTO_AUTH_SM3:
> sess->auth.mode = OPENSSL_AUTH_AS_AUTH;
> if (get_auth_algo(xform->auth.algo,
> &sess->auth.auth.evp_algo) != 0)
> @@ -721,6 +744,7 @@ openssl_set_session_auth_parameters(struct
> openssl_session *sess,
> case RTE_CRYPTO_AUTH_SHA256_HMAC:
> case RTE_CRYPTO_AUTH_SHA384_HMAC:
> case RTE_CRYPTO_AUTH_SHA512_HMAC:
> + case RTE_CRYPTO_AUTH_SM3_HMAC:
> sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
> sess->auth.hmac.ctx = HMAC_CTX_new();
> if (get_auth_algo(xform->auth.algo,
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 29ad1b9505..b9f5c6f034 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -269,6 +269,50 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
> }, }
> }, }
> },
> + {
> + /* SM3 */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> + {.auth = {
> + .algo = RTE_CRYPTO_AUTH_SM3,
> + .block_size = 64,
> + .key_size = {
> + .min = 0,
> + .max = 0,
> + .increment = 0
> + },
> + .digest_size = {
> + .min = 32,
> + .max = 32,
> + .increment = 0
> + },
> + .aad_size = { 0 }
> + }, }
> + }, }
> + },
> + {
> + /* SM3 HMAC */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> + {.auth = {
> + .algo = RTE_CRYPTO_AUTH_SM3_HMAC,
> + .block_size = 64,
> + .key_size = {
> + .min = 1,
> + .max = 64,
> + .increment = 1
> + },
> + .digest_size = {
> + .min = 32,
> + .max = 32,
> + .increment = 0
> + },
> + .aad_size = { 0 }
> + }, }
> + }, }
> + },
> { /* AES CBC */
> .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> {.sym = {
> @@ -494,6 +538,106 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
> }, }
> }, }
> },
> + { /* SM4 ECB */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_SM4_ECB,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 0,
> + .max = 0,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> + { /* SM4 CBC */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_SM4_CBC,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> + { /* SM4 CTR */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_SM4_CTR,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> + { /* SM4 OFB */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_SM4_OFB,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> + { /* SM4 CFB */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_SM4_CFB,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> { /* RSA */
> .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> {.asym = {
> diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
> index 2cfe66530c..b5c6d87740 100644
> --- a/lib/cryptodev/rte_crypto_sym.h
> +++ b/lib/cryptodev/rte_crypto_sym.h
> @@ -172,8 +172,12 @@ enum rte_crypto_cipher_algorithm {
> /**< ShangMi 4 (SM4) algorithm in ECB mode */
> RTE_CRYPTO_CIPHER_SM4_CBC,
> /**< ShangMi 4 (SM4) algorithm in CBC mode */
> - RTE_CRYPTO_CIPHER_SM4_CTR
> + RTE_CRYPTO_CIPHER_SM4_CTR,
> /**< ShangMi 4 (SM4) algorithm in CTR mode */
> + RTE_CRYPTO_CIPHER_SM4_CFB,
> + /**< ShangMi 4 (SM4) algorithm in CFB mode */
> + RTE_CRYPTO_CIPHER_SM4_OFB
> + /**< ShangMi 4 (SM4) algorithm in OFB mode */
> };
>
> /** Cipher algorithm name strings */
> @@ -376,6 +380,8 @@ enum rte_crypto_auth_algorithm {
> /**< HMAC using 512 bit SHA3 algorithm. */
> RTE_CRYPTO_AUTH_SM3,
> /**< ShangMi 3 (SM3) algorithm */
> + RTE_CRYPTO_AUTH_SM3_HMAC,
> + /**< HMAC using ShangMi 3 (SM3) algorithm */
>
> RTE_CRYPTO_AUTH_SHAKE_128,
> /**< 128 bit SHAKE algorithm. */
> --
> 2.19.0.rc0.windows.1
