[v4,1/3] cryptodev: add SM2 asymmetric crypto algorithm
Checks
Commit Message
ShangMi 2 (SM2) is set of public-key cryptography algorithms
based on elliptic curves.
Added support for asymmetric SM2 in cryptodev along with prime
field curve, as referenced in RFC:
https://datatracker.ietf.org/doc/html/draft-shen-sm2-ecdsa-02
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
doc/guides/cryptodevs/features/default.ini | 1 +
doc/guides/rel_notes/release_23_07.rst | 5 ++
lib/cryptodev/rte_crypto_asym.h | 87 ++++++++++++++++++++++
lib/cryptodev/rte_cryptodev.c | 1 +
4 files changed, 94 insertions(+)
@@ -125,6 +125,7 @@ Diffie-hellman =
ECDSA =
ECPM =
ECDH =
+SM2 =
;
; Supported Operating systems of a default crypto driver.
@@ -67,6 +67,11 @@ New Features
to PCI bus so that PCI drivers can access PCI memory resources
when they are not mapped to process address space.
+* **Added SM2 asymmetric algorithm in cryptodev.**
+
+ Added support for ShamMi 2 (SM2) asymmetric crypto algorithm
+ along with prime field curve support.
+
Removed Items
-------------
@@ -119,6 +119,11 @@ enum rte_crypto_asym_xform_type {
/**< Elliptic Curve Point Multiplication */
RTE_CRYPTO_ASYM_XFORM_ECFPM,
/**< Elliptic Curve Fixed Point Multiplication */
+ RTE_CRYPTO_ASYM_XFORM_SM2,
+ /**< ShangMi 2
+ * Performs Encrypt, Decrypt, Sign and Verify.
+ * Refer to rte_crypto_asym_op_type.
+ */
RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
/**< End of list */
};
@@ -382,6 +387,17 @@ struct rte_crypto_ec_xform {
/**< Pre-defined ec groups */
};
+/**
+ * Asymmetric SM2 transform data
+ *
+ * Structure describing SM2 xform params
+ *
+ */
+struct rte_crypto_sm2_xform {
+ enum rte_crypto_auth_algorithm hash;
+ /**< Hash algorithm used in SM2 op. */
+};
+
/**
* Operations params for modular operations:
* exponentiation and multiplicative inverse
@@ -637,9 +653,79 @@ struct rte_crypto_asym_xform {
/**< EC xform parameters, used by elliptic curve based
* operations.
*/
+
+ struct rte_crypto_sm2_xform sm2;
+ /**< SM2 xform parameters */
};
};
+/**
+ * SM2 operation params
+ */
+struct rte_crypto_sm2_op_param {
+ enum rte_crypto_asym_op_type op_type;
+ /**< Signature generation or verification */
+
+ rte_crypto_uint pkey;
+ /**< Private key for encryption or sign generation */
+
+ struct rte_crypto_ec_point q;
+ /**< Public key for decryption or verification */
+
+ rte_crypto_param message;
+ /**<
+ * Pointer to input data
+ * - to be encrypted for SM2 public encrypt.
+ * - to be signed for SM2 sign generation.
+ * - to be authenticated for SM2 sign verification.
+ *
+ * Pointer to output data
+ * - for SM2 private decrypt.
+ * In this case the underlying array should have been
+ * allocated with enough memory to hold plaintext output
+ * (at least encrypted text length). The message.length field
+ * will be overwritten by the PMD with the decrypted length.
+ */
+
+ rte_crypto_param cipher;
+ /**<
+ * Pointer to input data
+ * - to be decrypted for SM2 private decrypt.
+ *
+ * Pointer to output data
+ * - for SM2 public encrypt.
+ * In this case the underlying array should have been allocated
+ * with enough memory to hold ciphertext output (at least X bytes
+ * for prime field curve of N bytes and for message M bytes,
+ * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
+ * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
+ * be overwritten by the PMD with the encrypted length.
+ */
+
+ rte_crypto_uint id;
+ /**< The SM2 id used by signer and verifier. */
+
+ rte_crypto_uint k;
+ /**< The SM2 per-message secret number, which is an integer
+ * in the interval (1, n-1).
+ * If the random number is generated by the PMD,
+ * the 'rte_crypto_param.data' parameter should be set to NULL.
+ */
+
+ rte_crypto_uint r;
+ /**< r component of elliptic curve signature
+ * output : for signature generation (of at least N bytes
+ * where prime field length is N bytes)
+ * input : for signature verification
+ */
+ rte_crypto_uint s;
+ /**< s component of elliptic curve signature
+ * output : for signature generation (of at least N bytes
+ * where prime field length is N bytes)
+ * input : for signature verification
+ */
+};
+
/**
* Asymmetric Cryptographic Operation.
*
@@ -665,6 +751,7 @@ struct rte_crypto_asym_op {
struct rte_crypto_dsa_op_param dsa;
struct rte_crypto_ecdsa_op_param ecdsa;
struct rte_crypto_ecpm_op_param ecpm;
+ struct rte_crypto_sm2_op_param sm2;
};
uint16_t flags;
/**<
@@ -299,6 +299,7 @@ crypto_asym_xform_strings[] = {
[RTE_CRYPTO_ASYM_XFORM_DSA] = "dsa",
[RTE_CRYPTO_ASYM_XFORM_ECDSA] = "ecdsa",
[RTE_CRYPTO_ASYM_XFORM_ECPM] = "ecpm",
+ [RTE_CRYPTO_ASYM_XFORM_SM2] = "sm2",
};
/**