diff mbox series

[v2,2/7] cryptodev: set private and public keys in EC session

Message ID 20230927113734.1244-3-gmuthukrishn@marvell.com (mailing list archive)
State Superseded, archived
Delegated to: akhil goyal
Headers
Series cryptodev: support digest message in SM2 |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Gowrishankar Muthukrishnan Sept. 27, 2023, 11:37 a.m. UTC 
  Set EC private and public keys into xform so that, it can be
maintained per session.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 app/test/test_cryptodev_asym.c               | 121 ++++++----
 drivers/common/cnxk/roc_ae.h                 |  18 ++
 drivers/common/cpt/cpt_mcode_defines.h       |  18 ++
 drivers/common/cpt/cpt_ucode_asym.h          |  22 +-
 drivers/crypto/cnxk/cnxk_ae.h                | 235 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd.c     |  53 +----
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  38 ++-
 drivers/crypto/qat/qat_asym.c                |   6 +-
 examples/fips_validation/main.c              |  14 +-
 lib/cryptodev/rte_crypto_asym.h              |  28 +--
 10 files changed, 409 insertions(+), 144 deletions(-)

Comments

Power, Ciara Sept. 28, 2023, 12:44 p.m. UTC | #1 
Hi Gowrishankar,

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Wednesday, September 27, 2023 12:37 PM
> To: dev@dpdk.org
> Cc: anoobj@marvell.com; Akhil Goyal <gakhil@marvell.com>; Fan Zhang
> <fanzhang.oss@gmail.com>; Ji, Kai <kai.ji@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>; Gowrishankar Muthukrishnan
> <gmuthukrishn@marvell.com>
> Subject: [PATCH v2 2/7] cryptodev: set private and public keys in EC session
> 
> Set EC private and public keys into xform so that, it can be maintained per
> session.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  app/test/test_cryptodev_asym.c               | 121 ++++++----
>  drivers/common/cnxk/roc_ae.h                 |  18 ++
>  drivers/common/cpt/cpt_mcode_defines.h       |  18 ++
>  drivers/common/cpt/cpt_ucode_asym.h          |  22 +-
>  drivers/crypto/cnxk/cnxk_ae.h                | 235 ++++++++++++++++++-

The cnxk changes should be in patch [v2,7/7] crypto/cnxk: add SM2 support.

>  drivers/crypto/openssl/rte_openssl_pmd.c     |  53 +----
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c |  38 ++-
>  drivers/crypto/qat/qat_asym.c                |   6 +-
>  examples/fips_validation/main.c              |  14 +-
>  lib/cryptodev/rte_crypto_asym.h              |  28 +--
>  10 files changed, 409 insertions(+), 144 deletions(-)
<snip>

Thanks,
Ciara
Gowrishankar Muthukrishnan Sept. 28, 2023, 1:12 p.m. UTC | #2 
> 
> The cnxk changes should be in patch [v2,7/7] crypto/cnxk: add SM2 support.
> 

Thanks Ciara. Minor issue in patches rebase. I'll send next version fixing it.

Regards,
Gowrishankar
diff mbox series

Patch

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 9820b80f7e..0e7a9b5460 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1503,6 +1503,12 @@  test_ecdsa_sign_verify(enum curve curve_id)
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
 	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -1524,8 +1530,6 @@  test_ecdsa_sign_verify(enum curve curve_id)
 	op->asym->ecdsa.message.length = input_params.digest.length;
 	op->asym->ecdsa.k.data = input_params.scalar.data;
 	op->asym->ecdsa.k.length = input_params.scalar.length;
-	op->asym->ecdsa.pkey.data = input_params.pkey.data;
-	op->asym->ecdsa.pkey.length = input_params.pkey.length;
 
 	/* Init out buf */
 	op->asym->ecdsa.r.data = output_buf_r;
@@ -1582,10 +1586,6 @@  test_ecdsa_sign_verify(enum curve curve_id)
 
 	/* Populate op with operational details */
 	op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
-	op->asym->ecdsa.q.x.data = input_params.pubkey_qx.data;
-	op->asym->ecdsa.q.x.length = input_params.pubkey_qx.length;
-	op->asym->ecdsa.q.y.data = input_params.pubkey_qy.data;
-	op->asym->ecdsa.q.y.length = input_params.pubkey_qx.length;
 	op->asym->ecdsa.r.data = asym_op->ecdsa.r.data;
 	op->asym->ecdsa.r.length = asym_op->ecdsa.r.length;
 	op->asym->ecdsa.s.data = asym_op->ecdsa.s.data;
@@ -1653,10 +1653,10 @@  test_ecpm(enum curve curve_id)
 	struct crypto_testsuite_ecpm_params input_params;
 	void *sess = NULL;
 	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_asym_xform xform = {0};
 	struct rte_crypto_op *result_op = NULL;
 	uint8_t output_buf_x[TEST_DATA_SIZE];
 	uint8_t output_buf_y[TEST_DATA_SIZE];
-	struct rte_crypto_asym_xform xform;
 	struct rte_crypto_asym_op *asym_op;
 	struct rte_cryptodev_info dev_info;
 	struct rte_crypto_op *op = NULL;
@@ -1838,7 +1838,13 @@  _test_sm2_sign(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -1856,16 +1862,23 @@  _test_sm2_sign(bool rnd_secret)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
-	asym_op->sm2.message.data = input_params.message.data;
-	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
-	asym_op->sm2.id.data = input_params.id.data;
-	asym_op->sm2.id.length = input_params.id.length;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
+	if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) {
+		asym_op->sm2.message.data = input_params.message.data;
+		asym_op->sm2.message.length = input_params.message.length;
+		asym_op->sm2.id.data = input_params.id.data;
+		asym_op->sm2.id.length = input_params.id.length;
+	} else {
+		asym_op->sm2.message.data = input_params.digest.data;
+		asym_op->sm2.message.length = input_params.digest.length;
+		asym_op->sm2.id.data = NULL;
+		asym_op->sm2.id.length = 0;
+	}
+
 	if (rnd_secret) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
@@ -2019,7 +2032,13 @@  test_sm2_verify(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2037,14 +2056,23 @@  test_sm2_verify(void)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
-	asym_op->sm2.message.data = input_params.message.data;
-	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
+	if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) {
+		asym_op->sm2.message.data = input_params.message.data;
+		asym_op->sm2.message.length = input_params.message.length;
+		asym_op->sm2.id.data = input_params.id.data;
+		asym_op->sm2.id.length = input_params.id.length;
+	} else {
+		asym_op->sm2.message.data = input_params.digest.data;
+		asym_op->sm2.message.length = input_params.digest.length;
+		asym_op->sm2.id.data = NULL;
+		asym_op->sm2.id.length = 0;
+	}
+
 	asym_op->sm2.r.data = input_params.sign_r.data;
 	asym_op->sm2.r.length = input_params.sign_r.length;
 	asym_op->sm2.s.data = input_params.sign_s.data;
@@ -2120,7 +2148,13 @@  _test_sm2_enc(bool rnd_secret)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2138,14 +2172,14 @@  _test_sm2_enc(bool rnd_secret)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
 	asym_op->sm2.message.data = input_params.message.data;
 	asym_op->sm2.message.length = input_params.message.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
+
 	if (rnd_secret) {
 		asym_op->sm2.k.data = NULL;
 		asym_op->sm2.k.length = 0;
@@ -2299,7 +2333,13 @@  test_sm2_dec(void)
 	/* Setup asym xform */
 	xform.next = NULL;
 	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-	xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	xform.ec.curve_id = input_params.curve;
+	xform.ec.pkey.data = input_params.pkey.data;
+	xform.ec.pkey.length = input_params.pkey.length;
+	xform.ec.q.x.data = input_params.pubkey_qx.data;
+	xform.ec.q.x.length = input_params.pubkey_qx.length;
+	xform.ec.q.y.data = input_params.pubkey_qy.data;
+	xform.ec.q.y.length = input_params.pubkey_qy.length;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
@@ -2317,14 +2357,13 @@  test_sm2_dec(void)
 
 	/* Populate op with operational details */
 	asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+	if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+	else
+		asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
 	asym_op->sm2.cipher.data = input_params.cipher.data;
 	asym_op->sm2.cipher.length = input_params.cipher.length;
-	asym_op->sm2.pkey.data = input_params.pkey.data;
-	asym_op->sm2.pkey.length = input_params.pkey.length;
-	asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
-	asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
-	asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
-	asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
 
 	/* Init out buf */
 	asym_op->sm2.message.data = output_buf_m;
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index c972878eff..d8ad0129b1 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -67,6 +67,24 @@  struct roc_ae_ec_group {
 struct roc_ae_ec_ctx {
 	/* Prime length defined by microcode for EC operations */
 	uint8_t curveid;
+
+	/* Private key */
+	struct {
+		uint8_t data[66];
+		unsigned int length;
+	} pkey;
+
+	/* Public key */
+	struct {
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} x;
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} y;
+	} q;
 };
 
 /* Buffer pointer */
diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h
index e6dcb7674c..b337dbc68d 100644
--- a/drivers/common/cpt/cpt_mcode_defines.h
+++ b/drivers/common/cpt/cpt_mcode_defines.h
@@ -364,6 +364,24 @@  struct cpt_ec_group {
 struct cpt_asym_ec_ctx {
 	/* Prime length defined by microcode for EC operations */
 	uint8_t curveid;
+
+	/* Private key */
+	struct {
+		uint8_t data[66];
+		unsigned int length;
+	} pkey;
+
+	/* Public key */
+	struct {
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} x;
+		struct {
+			uint8_t data[66];
+			unsigned int length;
+		} y;
+	} q;
 };
 
 struct cpt_asym_sess_misc {
diff --git a/drivers/common/cpt/cpt_ucode_asym.h b/drivers/common/cpt/cpt_ucode_asym.h
index 1105a0c125..e1034bbeb4 100644
--- a/drivers/common/cpt/cpt_ucode_asym.h
+++ b/drivers/common/cpt/cpt_ucode_asym.h
@@ -633,12 +633,13 @@  static __rte_always_inline void
 cpt_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 		    struct asym_op_params *ecdsa_params,
 		    uint64_t fpm_table_iova,
-		    uint8_t curveid)
+		    struct cpt_asym_sess_misc *sess)
 {
 	struct cpt_request_info *req = ecdsa_params->req;
 	uint16_t message_len = ecdsa->message.length;
 	phys_addr_t mphys = ecdsa_params->meta_buf;
-	uint16_t pkey_len = ecdsa->pkey.length;
+	uint16_t pkey_len = sess->ec_ctx.pkey.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t p_align, k_align, m_align;
 	uint16_t k_len = ecdsa->k.length;
 	uint16_t order_len, prime_len;
@@ -688,7 +689,7 @@  cpt_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr + o_offset, ec_grp[curveid].order.data, order_len);
 	dptr += p_align;
 
-	memcpy(dptr + pk_offset, ecdsa->pkey.data, pkey_len);
+	memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
 	dptr += p_align;
 
 	memcpy(dptr, ecdsa->message.data, message_len);
@@ -735,14 +736,15 @@  static __rte_always_inline void
 cpt_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 		      struct asym_op_params *ecdsa_params,
 		      uint64_t fpm_table_iova,
-		      uint8_t curveid)
+		      struct cpt_asym_sess_misc *sess)
 {
 	struct cpt_request_info *req = ecdsa_params->req;
 	uint32_t message_len = ecdsa->message.length;
 	phys_addr_t mphys = ecdsa_params->meta_buf;
+	uint16_t qx_len = sess->ec_ctx.q.x.length;
+	uint16_t qy_len = sess->ec_ctx.q.y.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t o_offset, r_offset, s_offset;
-	uint16_t qx_len = ecdsa->q.x.length;
-	uint16_t qy_len = ecdsa->q.y.length;
 	uint16_t r_len = ecdsa->r.length;
 	uint16_t s_len = ecdsa->s.length;
 	uint16_t order_len, prime_len;
@@ -802,10 +804,10 @@  cpt_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr, ec_grp[curveid].prime.data, prime_len);
 	dptr += p_align;
 
-	memcpy(dptr + qx_offset, ecdsa->q.x.data, qx_len);
+	memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
 	dptr += p_align;
 
-	memcpy(dptr + qy_offset, ecdsa->q.y.data, qy_len);
+	memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
 	dptr += p_align;
 
 	memcpy(dptr, ec_grp[curveid].consta.data, prime_len);
@@ -852,10 +854,10 @@  cpt_enqueue_ecdsa_op(struct rte_crypto_op *op,
 	uint8_t curveid = sess->ec_ctx.curveid;
 
 	if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
-		cpt_ecdsa_sign_prep(ecdsa, params, fpm_iova[curveid], curveid);
+		cpt_ecdsa_sign_prep(ecdsa, params, fpm_iova[curveid], sess);
 	else if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
 		cpt_ecdsa_verify_prep(ecdsa, params, fpm_iova[curveid],
-				      curveid);
+				      sess);
 	else {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 		return -EINVAL;
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 7ad259b7f4..8fdb45177b 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -198,6 +198,21 @@  cnxk_ae_fill_ec_params(struct cnxk_ae_sess *sess,
 		return -EINVAL;
 	}
 
+	if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_ECPM)
+		return 0;
+
+	ec->pkey.length = xform->ec.pkey.length;
+	if (xform->ec.pkey.length)
+		rte_memcpy(ec->pkey.data, xform->ec.pkey.data, xform->ec.pkey.length);
+
+	ec->q.x.length = xform->ec.q.x.length;
+	if (xform->ec.q.x.length)
+		rte_memcpy(ec->q.x.data, xform->ec.q.x.data, xform->ec.q.x.length);
+
+	ec->q.y.length = xform->ec.q.y.length;
+	if (xform->ec.q.y.length)
+		rte_memcpy(ec->q.y.data, xform->ec.q.y.data, xform->ec.q.y.length);
+
 	return 0;
 }
 
@@ -502,10 +517,11 @@  static __rte_always_inline void
 cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 			struct roc_ae_buf_ptr *meta_buf,
 			uint64_t fpm_table_iova, struct roc_ae_ec_group *ec_grp,
-			uint8_t curveid, struct cpt_inst_s *inst)
+			struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
 {
 	uint16_t message_len = ecdsa->message.length;
-	uint16_t pkey_len = ecdsa->pkey.length;
+	uint16_t pkey_len = sess->ec_ctx.pkey.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t p_align, k_align, m_align;
 	uint16_t k_len = ecdsa->k.length;
 	uint16_t order_len, prime_len;
@@ -555,7 +571,7 @@  cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr + o_offset, ec_grp->order.data, order_len);
 	dptr += p_align;
 
-	memcpy(dptr + pk_offset, ecdsa->pkey.data, pkey_len);
+	memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
 	dptr += p_align;
 
 	memcpy(dptr, ecdsa->message.data, message_len);
@@ -579,17 +595,99 @@  cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	inst->rptr = (uintptr_t)dptr;
 }
 
+static __rte_always_inline void
+cnxk_ae_sm2_sign_prep(struct rte_crypto_sm2_op_param *sm2,
+			struct roc_ae_buf_ptr *meta_buf,
+			uint64_t fpm_table_iova, struct roc_ae_ec_group *ec_grp,
+			struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
+{
+	uint16_t message_len = sm2->message.length;
+	uint16_t pkey_len = sess->ec_ctx.pkey.length;
+	uint16_t p_align, k_align, m_align;
+	uint16_t k_len = sm2->k.length;
+	uint16_t order_len, prime_len;
+	uint16_t o_offset, pk_offset;
+	union cpt_inst_w4 w4;
+	uint16_t dlen;
+	uint8_t *dptr;
+
+	prime_len = ec_grp->prime.length;
+	order_len = ec_grp->order.length;
+
+	/* Truncate input length to curve prime length */
+	if (message_len > prime_len)
+		message_len = prime_len;
+	m_align = RTE_ALIGN_CEIL(message_len, 8);
+
+	p_align = RTE_ALIGN_CEIL(prime_len, 8);
+	k_align = RTE_ALIGN_CEIL(k_len, 8);
+
+	/* Set write offset for order and private key */
+	o_offset = prime_len - order_len;
+	pk_offset = p_align - pkey_len;
+
+	/* Input buffer */
+	dptr = meta_buf->vaddr;
+	inst->dptr = (uintptr_t)dptr;
+
+	/*
+	 * Set dlen = sum(sizeof(fpm address), ROUNDUP8(scalar len, input len),
+	 * ROUNDUP8(priv key len, prime len, order len)).
+	 * Please note, private key, order cannot exceed prime
+	 * length i.e 3 * p_align.
+	 */
+	dlen = sizeof(fpm_table_iova) + k_align + m_align + p_align * 5;
+
+	memset(dptr, 0, dlen);
+
+	*(uint64_t *)dptr = fpm_table_iova;
+	dptr += sizeof(fpm_table_iova);
+
+	rte_memcpy(dptr, sm2->k.data, k_len);
+	dptr += k_align;
+
+	rte_memcpy(dptr, ec_grp->prime.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + o_offset, ec_grp->order.data, order_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, sm2->message.data, message_len);
+	dptr += m_align;
+
+	rte_memcpy(dptr, ec_grp->consta.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->constb.data, prime_len);
+	dptr += p_align;
+
+	/* Setup opcodes */
+	w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA;
+	w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_SIGN;
+
+	w4.s.param1 = 2 | 1 << 7 | 1 << 6 | (message_len << 8);
+	w4.s.param2 = (p_align << 8) | k_len;
+	w4.s.dlen = dlen;
+
+	inst->w4.u64 = w4.u64;
+	inst->rptr = (uintptr_t)dptr;
+}
+
 static __rte_always_inline void
 cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 			  struct roc_ae_buf_ptr *meta_buf,
 			  uint64_t fpm_table_iova,
-			  struct roc_ae_ec_group *ec_grp, uint8_t curveid,
+			  struct roc_ae_ec_group *ec_grp, struct cnxk_ae_sess *sess,
 			  struct cpt_inst_s *inst)
 {
 	uint32_t message_len = ecdsa->message.length;
+	uint16_t qx_len = sess->ec_ctx.q.x.length;
+	uint16_t qy_len = sess->ec_ctx.q.y.length;
+	uint8_t curveid = sess->ec_ctx.curveid;
 	uint16_t o_offset, r_offset, s_offset;
-	uint16_t qx_len = ecdsa->q.x.length;
-	uint16_t qy_len = ecdsa->q.y.length;
 	uint16_t r_len = ecdsa->r.length;
 	uint16_t s_len = ecdsa->s.length;
 	uint16_t order_len, prime_len;
@@ -649,10 +747,10 @@  cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	memcpy(dptr, ec_grp->prime.data, prime_len);
 	dptr += p_align;
 
-	memcpy(dptr + qx_offset, ecdsa->q.x.data, qx_len);
+	memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
 	dptr += p_align;
 
-	memcpy(dptr + qy_offset, ecdsa->q.y.data, qy_len);
+	memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
 	dptr += p_align;
 
 	memcpy(dptr, ec_grp->consta.data, prime_len);
@@ -673,6 +771,100 @@  cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	inst->rptr = (uintptr_t)dptr;
 }
 
+static __rte_always_inline void
+cnxk_ae_sm2_verify_prep(struct rte_crypto_sm2_op_param *sm2,
+			  struct roc_ae_buf_ptr *meta_buf,
+			  uint64_t fpm_table_iova,
+			  struct roc_ae_ec_group *ec_grp, struct cnxk_ae_sess *sess,
+			  struct cpt_inst_s *inst)
+{
+	uint32_t message_len = sm2->message.length;
+	uint16_t o_offset, r_offset, s_offset;
+	uint16_t qx_len = sess->ec_ctx.q.x.length;
+	uint16_t qy_len = sess->ec_ctx.q.y.length;
+	uint16_t r_len = sm2->r.length;
+	uint16_t s_len = sm2->s.length;
+	uint16_t order_len, prime_len;
+	uint16_t qx_offset, qy_offset;
+	uint16_t p_align, m_align;
+	union cpt_inst_w4 w4;
+	uint16_t dlen;
+	uint8_t *dptr;
+
+	prime_len = ec_grp->prime.length;
+	order_len = ec_grp->order.length;
+
+	/* Truncate input length to curve prime length */
+	if (message_len > prime_len)
+		message_len = prime_len;
+
+	m_align = RTE_ALIGN_CEIL(message_len, 8);
+	p_align = RTE_ALIGN_CEIL(prime_len, 8);
+
+	/* Set write offset for sign, order and public key coordinates */
+	o_offset = prime_len - order_len;
+	qx_offset = prime_len - qx_len;
+	qy_offset = prime_len - qy_len;
+	r_offset = prime_len - r_len;
+	s_offset = prime_len - s_len;
+
+	/* Input buffer */
+	dptr = meta_buf->vaddr;
+	inst->dptr = (uintptr_t)dptr;
+
+	/*
+	 * Set dlen = sum(sizeof(fpm address), ROUNDUP8(message len),
+	 * ROUNDUP8(sign len(r and s), public key len(x and y coordinates),
+	 * prime len, order len)).
+	 * Please note sign, public key and order can not exceed prime length
+	 * i.e. 6 * p_align
+	 */
+	dlen = sizeof(fpm_table_iova) + m_align + (8 * p_align);
+
+	memset(dptr, 0, dlen);
+
+	*(uint64_t *)dptr = fpm_table_iova;
+	dptr += sizeof(fpm_table_iova);
+
+	rte_memcpy(dptr + r_offset, sm2->r.data, r_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + s_offset, sm2->s.data, s_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, sm2->message.data, message_len);
+	dptr += m_align;
+
+	rte_memcpy(dptr + o_offset, ec_grp->order.data, order_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->prime.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->consta.data, prime_len);
+	dptr += p_align;
+
+	rte_memcpy(dptr, ec_grp->constb.data, prime_len);
+	dptr += p_align;
+
+	/* Setup opcodes */
+	w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA;
+	w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_VERIFY;
+
+	w4.s.param1 = 2 | 1 << 7 | 1 << 6 | (message_len << 8);
+	w4.s.param2 = 0;
+	w4.s.dlen = dlen;
+
+	inst->w4.u64 = w4.u64;
+	inst->rptr = (uintptr_t)dptr;
+}
+
 static __rte_always_inline int __rte_hot
 cnxk_ae_enqueue_ecdsa_op(struct rte_crypto_op *op,
 			 struct roc_ae_buf_ptr *meta_buf,
@@ -685,10 +877,33 @@  cnxk_ae_enqueue_ecdsa_op(struct rte_crypto_op *op,
 
 	if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
 		cnxk_ae_ecdsa_sign_prep(ecdsa, meta_buf, fpm_iova[curveid],
-					ec_grp[curveid], curveid, inst);
+					ec_grp[curveid], sess, inst);
 	else if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
 		cnxk_ae_ecdsa_verify_prep(ecdsa, meta_buf, fpm_iova[curveid],
-					  ec_grp[curveid], curveid, inst);
+					  ec_grp[curveid], sess, inst);
+	else {
+		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		return -EINVAL;
+	}
+	return 0;
+}
+
+static __rte_always_inline int __rte_hot
+cnxk_ae_enqueue_sm2_op(struct rte_crypto_op *op,
+			 struct roc_ae_buf_ptr *meta_buf,
+			 struct cnxk_ae_sess *sess, uint64_t *fpm_iova,
+			 struct roc_ae_ec_group **ec_grp,
+			 struct cpt_inst_s *inst)
+{
+	struct rte_crypto_sm2_op_param *sm2 = &op->asym->sm2;
+	uint8_t curveid = sess->ec_ctx.curveid;
+
+	if (sm2->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
+		cnxk_ae_sm2_sign_prep(sm2, meta_buf, fpm_iova[curveid],
+					ec_grp[curveid], sess, inst);
+	else if (sm2->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+		cnxk_ae_sm2_verify_prep(sm2, meta_buf, fpm_iova[curveid],
+					  ec_grp[curveid], sess, inst);
 	else {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 		return -EINVAL;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5e8624cebe..c234882417 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2673,12 +2673,8 @@  process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
 {
 	EVP_PKEY_CTX *kctx = NULL, *sctx = NULL, *cctx = NULL;
 	struct rte_crypto_asym_op *op = cop->asym;
-	OSSL_PARAM_BLD *param_bld = NULL;
-	OSSL_PARAM *params = NULL;
+	OSSL_PARAM *params = sess->u.sm2.params;
 	EVP_PKEY *pkey = NULL;
-	BIGNUM *pkey_bn = NULL;
-	uint8_t pubkey[64];
-	size_t len = 0;
 	int ret = -1;
 
 	cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
@@ -2686,50 +2682,6 @@  process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
 	if (cop->asym->sm2.k.data != NULL)
 		goto err_sm2;
 
-	param_bld = OSSL_PARAM_BLD_new();
-	if (!param_bld) {
-		OPENSSL_LOG(ERR, "failed to allocate params\n");
-		goto err_sm2;
-	}
-
-	ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
-		OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0);
-	if (!ret) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
-	pkey_bn = BN_bin2bn((const unsigned char *)op->sm2.pkey.data,
-						op->sm2.pkey.length, pkey_bn);
-
-	memset(pubkey, 0, RTE_DIM(pubkey));
-	pubkey[0] = 0x04;
-	len += 1;
-	memcpy(&pubkey[len], op->sm2.q.x.data, op->sm2.q.x.length);
-	len += op->sm2.q.x.length;
-	memcpy(&pubkey[len], op->sm2.q.y.data, op->sm2.q.y.length);
-	len += op->sm2.q.y.length;
-
-	ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY,
-								 pkey_bn);
-	if (!ret) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
-	ret = OSSL_PARAM_BLD_push_octet_string(param_bld,
-			OSSL_PKEY_PARAM_PUB_KEY, pubkey, len);
-	if (!ret) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
-	params = OSSL_PARAM_BLD_to_param(param_bld);
-	if (!params) {
-		OPENSSL_LOG(ERR, "failed to push params\n");
-		goto err_sm2;
-	}
-
 	switch (op->sm2.op_type) {
 	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
 		{
@@ -2940,9 +2892,6 @@  process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
 	if (pkey)
 		EVP_PKEY_free(pkey);
 
-	if (param_bld)
-		OSSL_PARAM_BLD_free(param_bld);
-
 	return ret;
 }
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 2eb450fcfd..2a307aa839 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -1302,11 +1302,11 @@  static int openssl_set_asym_session_parameters(
 #ifndef OPENSSL_NO_SM2
 		OSSL_PARAM_BLD *param_bld = NULL;
 		OSSL_PARAM *params = NULL;
+		BIGNUM *pkey_bn = NULL;
+		uint8_t pubkey[64];
+		size_t len = 0;
 		int ret = -1;
 
-		if (xform->sm2.hash != RTE_CRYPTO_AUTH_SM3)
-			return -1;
-
 		param_bld = OSSL_PARAM_BLD_new();
 		if (!param_bld) {
 			OPENSSL_LOG(ERR, "failed to allocate params\n");
@@ -1320,6 +1320,38 @@  static int openssl_set_asym_session_parameters(
 			goto err_sm2;
 		}
 
+		ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
+				OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		pkey_bn = BN_bin2bn((const unsigned char *)xform->ec.pkey.data,
+							xform->ec.pkey.length, pkey_bn);
+
+		ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY,
+									 pkey_bn);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
+		memset(pubkey, 0, sizeof(pubkey));
+		pubkey[0] = 0x04;
+		len += 1;
+		memcpy(&pubkey[len], xform->ec.q.x.data, xform->ec.q.x.length);
+		len += xform->ec.q.x.length;
+		memcpy(&pubkey[len], xform->ec.q.y.data, xform->ec.q.y.length);
+		len += xform->ec.q.y.length;
+
+		ret = OSSL_PARAM_BLD_push_octet_string(param_bld,
+				OSSL_PKEY_PARAM_PUB_KEY, pubkey, len);
+		if (!ret) {
+			OPENSSL_LOG(ERR, "failed to push params\n");
+			goto err_sm2;
+		}
+
 		params = OSSL_PARAM_BLD_to_param(param_bld);
 		if (!params) {
 			OPENSSL_LOG(ERR, "failed to push params\n");
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 7abd513423..0f196ace30 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -593,7 +593,7 @@  ecdsa_set_input(struct icp_qat_fw_pke_request *qat_req,
 		qat_func_alignsize =
 			RTE_ALIGN_CEIL(qat_function.bytesize, 8);
 
-		SET_PKE_9A_IN(asym_op->ecdsa.pkey, 0);
+		SET_PKE_9A_IN(xform->ec.pkey, 0);
 		SET_PKE_9A_IN(asym_op->ecdsa.message, 1);
 		SET_PKE_9A_IN(asym_op->ecdsa.k, 2);
 		SET_PKE_9A_EC(curve[curve_id], b, 3);
@@ -635,8 +635,8 @@  ecdsa_set_input(struct icp_qat_fw_pke_request *qat_req,
 		SET_PKE_9A_EC(curve[curve_id], n, 7);
 		SET_PKE_9A_EC(curve[curve_id], x, 6);
 		SET_PKE_9A_EC(curve[curve_id], y, 5);
-		SET_PKE_9A_IN(asym_op->ecdsa.q.x, 4);
-		SET_PKE_9A_IN(asym_op->ecdsa.q.y, 3);
+		SET_PKE_9A_IN(xform->ec.q.x, 4);
+		SET_PKE_9A_IN(xform->ec.q.y, 3);
 		SET_PKE_9A_EC(curve[curve_id], a, 2);
 		SET_PKE_9A_EC(curve[curve_id], b, 1);
 		SET_PKE_9A_EC(curve[curve_id], p, 0);
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index fed5596f36..7ae2c6c007 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1006,8 +1006,6 @@  prepare_ecdsa_op(void)
 		asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
 		asym->ecdsa.message.data = msg.val;
 		asym->ecdsa.message.length = msg.len;
-		asym->ecdsa.pkey.data = vec.ecdsa.pkey.val;
-		asym->ecdsa.pkey.length = vec.ecdsa.pkey.len;
 		asym->ecdsa.k.data = vec.ecdsa.k.val;
 		asym->ecdsa.k.length = vec.ecdsa.k.len;
 
@@ -1029,10 +1027,6 @@  prepare_ecdsa_op(void)
 		asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
 		asym->ecdsa.message.data = msg.val;
 		asym->ecdsa.message.length = msg.len;
-		asym->ecdsa.q.x.data = vec.ecdsa.qx.val;
-		asym->ecdsa.q.x.length = vec.ecdsa.qx.len;
-		asym->ecdsa.q.y.data = vec.ecdsa.qy.val;
-		asym->ecdsa.q.y.length = vec.ecdsa.qy.len;
 		asym->ecdsa.r.data = vec.ecdsa.r.val;
 		asym->ecdsa.r.length = vec.ecdsa.r.len;
 		asym->ecdsa.s.data = vec.ecdsa.s.val;
@@ -1570,6 +1564,9 @@  prepare_ecdsa_xform(struct rte_crypto_asym_xform *xform)
 				info.device_name, RTE_CRYPTO_ASYM_OP_SIGN);
 			return -EPERM;
 		}
+
+		xform->ec.pkey.data = vec.ecdsa.pkey.val;
+		xform->ec.pkey.length = vec.ecdsa.pkey.len;
 		break;
 	case FIPS_TEST_ASYM_SIGVER:
 		if (!rte_cryptodev_asym_xform_capability_check_optype(cap,
@@ -1578,6 +1575,11 @@  prepare_ecdsa_xform(struct rte_crypto_asym_xform *xform)
 				info.device_name, RTE_CRYPTO_ASYM_OP_VERIFY);
 			return -EPERM;
 		}
+
+		xform->ec.q.x.data = vec.ecdsa.qx.val;
+		xform->ec.q.x.length = vec.ecdsa.qx.len;
+		xform->ec.q.y.data = vec.ecdsa.qy.val;
+		xform->ec.q.y.length = vec.ecdsa.qy.len;
 		break;
 	default:
 		break;
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index cbcfe1dc26..b72876240c 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -376,16 +376,12 @@  struct rte_crypto_dsa_xform {
 struct rte_crypto_ec_xform {
 	enum rte_crypto_curve_id curve_id;
 	/**< Pre-defined ec groups */
-};
 
-/**
- * Asymmetric SM2 transform data.
- *
- * Structure describing SM2 xform params.
- */
-struct rte_crypto_sm2_xform {
-	enum rte_crypto_auth_algorithm hash;
-	/**< Hash algorithm used in SM2 op. */
+	rte_crypto_uint pkey;
+	/**< Private key */
+
+	struct rte_crypto_ec_point q;
+	/**< Public key */
 };
 
 /**
@@ -571,11 +567,8 @@  struct rte_crypto_ecdsa_op_param {
 	enum rte_crypto_asym_op_type op_type;
 	/**< Signature generation or verification */
 
-	rte_crypto_uint pkey;
-	/**< Private key of the signer for signature generation */
-
-	struct rte_crypto_ec_point q;
-	/**< Public key of the signer for verification */
+	enum rte_crypto_auth_algorithm hash;
+	/**< Hash algorithm used in EC op. */
 
 	rte_crypto_param message;
 	/**< Input message digest to be signed or verified */
@@ -657,11 +650,8 @@  struct rte_crypto_sm2_op_param {
 	enum rte_crypto_asym_op_type op_type;
 	/**< Signature generation or verification. */
 
-	rte_crypto_uint pkey;
-	/**< Private key for encryption or sign generation. */
-
-	struct rte_crypto_ec_point q;
-	/**< Public key for decryption or verification. */
+	enum rte_crypto_auth_algorithm hash;
+	/**< Hash algorithm used in EC op. */
 
 	rte_crypto_param message;
 	/**<