SM2 curve could use generic EC xform as it is yet another EC. This would also require SM2 curve ID enumerated along with other curves, as listed in: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukri...@marvell.com> Acked-by: Arkadiusz Kusztal <arkadiuszx.kusz...@intel.com> --- app/test/test_cryptodev_asym.c | 40 ++++++++++++-------- app/test/test_cryptodev_sm2_test_vectors.h | 4 +- doc/guides/rel_notes/release_23_11.rst | 2 + drivers/crypto/openssl/rte_openssl_pmd_ops.c | 3 -- lib/cryptodev/rte_crypto_asym.h | 19 +++------- 5 files changed, 34 insertions(+), 34 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index af323e02d9..514ea96b8b 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -1846,10 +1846,7 @@ _test_sm2_sign(bool rnd_secret) /* Setup asym xform */ xform.next = NULL; xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2; - if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) - xform.sm2.hash = RTE_CRYPTO_AUTH_SM3; - else - xform.sm2.hash = RTE_CRYPTO_AUTH_NULL; + xform.ec.curve_id = input_params.curve; ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess); if (ret < 0) { @@ -1867,6 +1864,11 @@ _test_sm2_sign(bool rnd_secret) /* Populate op with operational details */ asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN; + if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) + asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3; + else + asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; + asym_op->sm2.message.data = input_params.message.data; asym_op->sm2.message.length = input_params.message.length; asym_op->sm2.pkey.data = input_params.pkey.data; @@ -2038,10 +2040,7 @@ test_sm2_verify(void) /* Setup asym xform */ xform.next = NULL; xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2; - if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) - xform.sm2.hash = RTE_CRYPTO_AUTH_SM3; - else - xform.sm2.hash = RTE_CRYPTO_AUTH_NULL; + xform.ec.curve_id = input_params.curve; ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess); if (ret < 0) { @@ -2059,6 +2058,11 @@ test_sm2_verify(void) /* Populate op with operational details */ asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY; + if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) + asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3; + else + asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; + asym_op->sm2.message.data = input_params.message.data; asym_op->sm2.message.length = input_params.message.length; asym_op->sm2.pkey.data = input_params.pkey.data; @@ -2150,10 +2154,7 @@ _test_sm2_enc(bool rnd_secret) /* Setup asym xform */ xform.next = NULL; xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2; - if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) - xform.sm2.hash = RTE_CRYPTO_AUTH_SM3; - else - xform.sm2.hash = RTE_CRYPTO_AUTH_NULL; + xform.ec.curve_id = input_params.curve; ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess); if (ret < 0) { @@ -2171,6 +2172,11 @@ _test_sm2_enc(bool rnd_secret) /* Populate op with operational details */ asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT; + if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) + asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3; + else + asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; + asym_op->sm2.message.data = input_params.message.data; asym_op->sm2.message.length = input_params.message.length; asym_op->sm2.pkey.data = input_params.pkey.data; @@ -2340,10 +2346,7 @@ test_sm2_dec(void) /* Setup asym xform */ xform.next = NULL; xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2; - if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) - xform.sm2.hash = RTE_CRYPTO_AUTH_SM3; - else - xform.sm2.hash = RTE_CRYPTO_AUTH_NULL; + xform.ec.curve_id = input_params.curve; ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess); if (ret < 0) { @@ -2361,6 +2364,11 @@ test_sm2_dec(void) /* Populate op with operational details */ asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT; + if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) + asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3; + else + asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; + asym_op->sm2.cipher.data = input_params.cipher.data; asym_op->sm2.cipher.length = input_params.cipher.length; asym_op->sm2.pkey.data = input_params.pkey.data; diff --git a/app/test/test_cryptodev_sm2_test_vectors.h b/app/test/test_cryptodev_sm2_test_vectors.h index 7a4ce70c10..3d2dba1359 100644 --- a/app/test/test_cryptodev_sm2_test_vectors.h +++ b/app/test/test_cryptodev_sm2_test_vectors.h @@ -17,6 +17,7 @@ struct crypto_testsuite_sm2_params { rte_crypto_param id; rte_crypto_param cipher; rte_crypto_param message; + int curve; }; static uint8_t fp256_pkey[] = { @@ -123,7 +124,8 @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = { .cipher = { .data = fp256_cipher, .length = sizeof(fp256_cipher), - } + }, + .curve = RTE_CRYPTO_EC_GROUP_SM2 }; #endif /* __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__ */ diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst index 250735efa9..53639543a6 100644 --- a/doc/guides/rel_notes/release_23_11.rst +++ b/doc/guides/rel_notes/release_23_11.rst @@ -122,6 +122,8 @@ Removed Items * security: Removed deprecated field ``reserved_opts`` from struct ``rte_security_ipsec_sa_options``. +* crypto: Removed SM2 xform parameter in asymmetric xform. + API Changes ----------- diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index d5dc365064..6252a36f94 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -1305,9 +1305,6 @@ static int openssl_set_asym_session_parameters( OSSL_PARAM *params = NULL; int ret = -1; - if (xform->sm2.hash != RTE_CRYPTO_AUTH_SM3) - return -1; - param_bld = OSSL_PARAM_BLD_new(); if (!param_bld) { OPENSSL_LOG(ERR, "failed to allocate params\n"); diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 2f000ab015..e56c8c7816 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -64,7 +64,8 @@ enum rte_crypto_curve_id { RTE_CRYPTO_EC_GROUP_SECP224R1 = 21, RTE_CRYPTO_EC_GROUP_SECP256R1 = 23, RTE_CRYPTO_EC_GROUP_SECP384R1 = 24, - RTE_CRYPTO_EC_GROUP_SECP521R1 = 25 + RTE_CRYPTO_EC_GROUP_SECP521R1 = 25, + RTE_CRYPTO_EC_GROUP_SM2 = 41, }; /** @@ -373,16 +374,6 @@ struct rte_crypto_ec_xform { /**< Pre-defined ec groups */ }; -/** - * Asymmetric SM2 transform data. - * - * Structure describing SM2 xform params. - */ -struct rte_crypto_sm2_xform { - enum rte_crypto_auth_algorithm hash; - /**< Hash algorithm used in SM2 op. */ -}; - /** * Operations params for modular operations: * exponentiation and multiplicative inverse @@ -639,9 +630,6 @@ struct rte_crypto_asym_xform { /**< EC xform parameters, used by elliptic curve based * operations. */ - - struct rte_crypto_sm2_xform sm2; - /**< SM2 xform parameters */ }; }; @@ -652,6 +640,9 @@ struct rte_crypto_sm2_op_param { enum rte_crypto_asym_op_type op_type; /**< Signature generation or verification. */ + enum rte_crypto_auth_algorithm hash; + /**< Hash algorithm used in EC op. */ + rte_crypto_uint pkey; /**< Private key for encryption or sign generation. */ -- 2.25.1