> Subject: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl You should update the title with version number to identify each Version and remove confusion.
Also, I see that there are compilation issues reported by CI http://mails.dpdk.org/archives/test-report/2023-February/360051.html Please fix and ensure compilation is not broken with different versions of OpenSSL. > > Added SM3 support in openssl, and added SM4-EBC/ > SM4-CBC/SM4-CTR support in openssl. > > Signed-off-by: Sunyang Wu <sunyang...@jaguarmicro.com> > --- > doc/guides/cryptodevs/features/openssl.ini | 4 + > doc/guides/cryptodevs/openssl.rst | 4 + > drivers/crypto/openssl/rte_openssl_pmd.c | 20 +++++ > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 82 ++++++++++++++++++++ > 4 files changed, 110 insertions(+) > > diff --git a/doc/guides/cryptodevs/features/openssl.ini > b/doc/guides/cryptodevs/features/openssl.ini > index 4b0f9b162e..efa339da55 100644 > --- a/doc/guides/cryptodevs/features/openssl.ini > +++ b/doc/guides/cryptodevs/features/openssl.ini > @@ -27,6 +27,9 @@ AES CTR (256) = Y > 3DES CBC = Y > 3DES CTR = Y > DES DOCSIS BPI = Y > +SM4 ECB = Y > +SM4 CBC = Y > +SM4 CTR = Y > ; > ; Supported authentication algorithms of the 'openssl' crypto driver. > ; > @@ -44,6 +47,7 @@ SHA384 HMAC = Y > SHA512 = Y > SHA512 HMAC = Y > AES GMAC = Y > +SM3 = Y > > ; > ; Supported AEAD algorithms of the 'openssl' crypto driver. > diff --git a/doc/guides/cryptodevs/openssl.rst > b/doc/guides/cryptodevs/openssl.rst > index 03041ceda1..07dbd2763b 100644 > --- a/doc/guides/cryptodevs/openssl.rst > +++ b/doc/guides/cryptodevs/openssl.rst > @@ -19,10 +19,13 @@ OpenSSL PMD has support for: > > Supported cipher algorithms: > > +* ``RTE_CRYPTO_CIPHER_SM4_ECB`` > * ``RTE_CRYPTO_CIPHER_3DES_CBC`` > * ``RTE_CRYPTO_CIPHER_AES_CBC`` > +* ``RTE_CRYPTO_CIPHER_SM4_CBC`` > * ``RTE_CRYPTO_CIPHER_AES_CTR`` > * ``RTE_CRYPTO_CIPHER_3DES_CTR`` > +* ``RTE_CRYPTO_CIPHER_SM4_CTR`` > * ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` > > Supported authentication algorithms: > @@ -34,6 +37,7 @@ Supported authentication algorithms: > * ``RTE_CRYPTO_AUTH_SHA256`` > * ``RTE_CRYPTO_AUTH_SHA384`` > * ``RTE_CRYPTO_AUTH_SHA512`` > +* ``RTE_CRYPTO_AUTH_SM3`` > * ``RTE_CRYPTO_AUTH_MD5_HMAC`` > * ``RTE_CRYPTO_AUTH_SHA1_HMAC`` > * ``RTE_CRYPTO_AUTH_SHA224_HMAC`` > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c > b/drivers/crypto/openssl/rte_openssl_pmd.c > index abcb641a44..4c9f12355f 100644 > --- a/drivers/crypto/openssl/rte_openssl_pmd.c > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c > @@ -240,6 +240,17 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm > sess_algo, size_t keylen, > res = -EINVAL; > } > break; > +#ifndef OPENSSL_NO_SM4 Where is OPENSSL_NO_SM4 defined? We cannot just add a piece of DEAD code in the driver. > + case RTE_CRYPTO_CIPHER_SM4_ECB: > + *algo = EVP_sm4_ecb(); > + break; > + case RTE_CRYPTO_CIPHER_SM4_CBC: > + *algo = EVP_sm4_cbc(); > + break; > + case RTE_CRYPTO_CIPHER_SM4_CTR: > + *algo = EVP_sm4_ctr(); > + break; > +#endif > default: > res = -EINVAL; > break; > @@ -284,6 +295,11 @@ get_auth_algo(enum rte_crypto_auth_algorithm > sessalgo, > case RTE_CRYPTO_AUTH_SHA512_HMAC: > *algo = EVP_sha512(); > break; > +#ifndef OPENSSL_NO_SM3 > + case RTE_CRYPTO_AUTH_SM3: > + *algo = EVP_sm3(); > + break; > +#endif > default: > res = -EINVAL; > break; > @@ -483,6 +499,9 @@ openssl_set_session_cipher_parameters(struct > openssl_session *sess, > case RTE_CRYPTO_CIPHER_3DES_CBC: > case RTE_CRYPTO_CIPHER_AES_CBC: > case RTE_CRYPTO_CIPHER_AES_CTR: > + case RTE_CRYPTO_CIPHER_SM4_ECB: > + case RTE_CRYPTO_CIPHER_SM4_CBC: > + case RTE_CRYPTO_CIPHER_SM4_CTR: > sess->cipher.mode = OPENSSL_CIPHER_LIB; > sess->cipher.algo = xform->cipher.algo; > sess->cipher.ctx = EVP_CIPHER_CTX_new(); > @@ -636,6 +655,7 @@ openssl_set_session_auth_parameters(struct > openssl_session *sess, > case RTE_CRYPTO_AUTH_SHA256: > case RTE_CRYPTO_AUTH_SHA384: > case RTE_CRYPTO_AUTH_SHA512: > + case RTE_CRYPTO_AUTH_SM3: > sess->auth.mode = OPENSSL_AUTH_AS_AUTH; > if (get_auth_algo(xform->auth.algo, > &sess->auth.auth.evp_algo) != 0) > diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c > b/drivers/crypto/openssl/rte_openssl_pmd_ops.c > index 29ad1b9505..bd908b40fa 100644 > --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c > +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c > @@ -269,6 +269,28 @@ static const struct rte_cryptodev_capabilities > openssl_pmd_capabilities[] = { > }, } > }, } > }, > + { > + /* SM3 */ > + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, > + {.sym = { > + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, > + {.auth = { > + .algo = RTE_CRYPTO_AUTH_SM3, > + .block_size = 64, > + .key_size = { > + .min = 0, > + .max = 0, > + .increment = 0 > + }, > + .digest_size = { > + .min = 32, > + .max = 32, > + .increment = 0 > + }, > + .aad_size = { 0 } > + }, } > + }, } > + }, > { /* AES CBC */ > .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, > {.sym = { > @@ -494,6 +516,66 @@ static const struct rte_cryptodev_capabilities > openssl_pmd_capabilities[] = { > }, } > }, } > }, > + { /* SM4 ECB */ > + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, > + {.sym = { > + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, > + {.cipher = { > + .algo = RTE_CRYPTO_CIPHER_SM4_ECB, > + .block_size = 16, > + .key_size = { > + .min = 16, > + .max = 16, > + .increment = 0 > + }, > + .iv_size = { > + .min = 0, > + .max = 0, > + .increment = 0 > + } > + }, } > + }, } > + }, > + { /* SM4 CBC */ > + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, > + {.sym = { > + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, > + {.cipher = { > + .algo = RTE_CRYPTO_CIPHER_SM4_CBC, > + .block_size = 16, > + .key_size = { > + .min = 16, > + .max = 16, > + .increment = 0 > + }, > + .iv_size = { > + .min = 16, > + .max = 16, > + .increment = 0 > + } > + }, } > + }, } > + }, > + { /* SM4 CTR */ > + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, > + {.sym = { > + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, > + {.cipher = { > + .algo = RTE_CRYPTO_CIPHER_SM4_CTR, > + .block_size = 16, > + .key_size = { > + .min = 16, > + .max = 16, > + .increment = 0 > + }, > + .iv_size = { > + .min = 16, > + .max = 16, > + .increment = 0 > + } > + }, } > + }, } > + }, > { /* RSA */ > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, > {.asym = { > -- > 2.19.0.rc0.windows.1
