[v1,1/3] cryptodev: add SM2 asymmetric crypto algorithm
Checks
Commit Message
ShangMi 2 (SM2) is a encryption and digital signatture algorithm
used in the Chinese National Standard.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
doc/guides/cryptodevs/features/default.ini | 1 +
doc/guides/rel_notes/release_23_07.rst | 3 +
lib/cryptodev/rte_crypto_asym.h | 76 ++++++++++++++++++++++
lib/cryptodev/rte_cryptodev.c | 1 +
4 files changed, 81 insertions(+)
Comments
> Subject: [v1, 1/3] cryptodev: add SM2 asymmetric crypto algorithm
>
> ShangMi 2 (SM2) is a encryption and digital signatture algorithm
> used in the Chinese National Standard.
ShangMi 2 (SM2) is an encryption and digital signature algorithm
used in the Chinese National Standard.
Added support for asymmetric SM2 in cryptodev along with prime field curve.
Can you also add link for RFC in patch description here as it is mentioned in the
comments of the structure.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> doc/guides/cryptodevs/features/default.ini | 1 +
> doc/guides/rel_notes/release_23_07.rst | 3 +
> lib/cryptodev/rte_crypto_asym.h | 76 ++++++++++++++++++++++
> lib/cryptodev/rte_cryptodev.c | 1 +
> 4 files changed, 81 insertions(+)
>
> diff --git a/doc/guides/cryptodevs/features/default.ini
> b/doc/guides/cryptodevs/features/default.ini
> index 523da0cfa8..a69967bb9e 100644
> --- a/doc/guides/cryptodevs/features/default.ini
> +++ b/doc/guides/cryptodevs/features/default.ini
> @@ -125,6 +125,7 @@ Diffie-hellman =
> ECDSA =
> ECPM =
> ECDH =
> +SM2 =
>
> ;
> ; Supported Operating systems of a default crypto driver.
> diff --git a/doc/guides/rel_notes/release_23_07.rst
> b/doc/guides/rel_notes/release_23_07.rst
> index a9b1293689..b920840038 100644
> --- a/doc/guides/rel_notes/release_23_07.rst
> +++ b/doc/guides/rel_notes/release_23_07.rst
> @@ -55,6 +55,9 @@ New Features
> Also, make sure to start the actual text at the margin.
> =======================================================
>
> +* **Added SM2 algorithm in cryptodev library.**
> +
> + Added SM2 algorithm with prime field curve support.
* **Added SM2 asymmetric algorithm in cryptodev.**
Added support for ShamMi 2 (SM2) asymmetric crypto algorithm
along with prime field curve support.
>
> Removed Items
> -------------
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 989f38323f..c91a8dee4d 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -119,6 +119,8 @@ enum rte_crypto_asym_xform_type {
> /**< Elliptic Curve Point Multiplication */
> RTE_CRYPTO_ASYM_XFORM_ECFPM,
> /**< Elliptic Curve Fixed Point Multiplication */
> + RTE_CRYPTO_ASYM_XFORM_SM2,
> + /**< ShangMi 2. Performs Encrypt, Decrypt, Sign and Verify. */
/**< ShangMi 2.
* Performs Encrypt, Decrypt, Sign and Verify.
* Refer to rte_crypto_asym_op_type.
*/
> RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
> /**< End of list */
> };
> @@ -382,6 +384,20 @@ struct rte_crypto_ec_xform {
> /**< Pre-defined ec groups */
> };
>
> +/**
> + * Asymmetric SM2 transform data
> + *
> + * Structure describing SM2 xform params
> + *
> + */
> +struct rte_crypto_sm2_xform {
> + rte_crypto_uint pkey;
> + /**< Private key of the signer for signature generation */
> +
> + struct rte_crypto_ec_point q;
> + /**< Public key of the signer for verification */
Please add dots at end of sentences.
> +};
> +
> /**
> * Operations params for modular operations:
> * exponentiation and multiplicative inverse
> @@ -637,9 +653,68 @@ struct rte_crypto_asym_xform {
> /**< EC xform parameters, used by elliptic curve based
> * operations.
> */
> +
> + struct rte_crypto_sm2_xform sm2;
> + /**< SM2 xform parameters */
> };
> };
>
> +/**
> + * SM2 operation params
> + */
> +struct rte_crypto_sm2_op_param {
> + enum rte_crypto_asym_op_type op_type;
> + /**< Signature generation or verification */
> +
> + rte_crypto_param message;
> + /**<
> + * Pointer to input data
> + * - to be encrypted for SM2 public encrypt.
> + * - to be signed for SM2 sign generation.
> + * - to be authenticated for SM2 sign verification.
> + *
> + * Pointer to output data
> + * - for SM2 private decrypt.
> + * In this case the underlying array should have been
> + * allocated with enough memory to hold plaintext output
> + * (atleast encrypted text length). The message.length field
> + * will be overwritten by the PMD with the decrypted length.
> + */
> +
> + rte_crypto_param cipher;
> + /**<
> + * Pointer to input data
> + * - to be decrypted for SM2 private decrypt.
> + *
> + * Pointer to output data
> + * - for SM2 public encrypt.
> + * In this case the underlying array should have been allocated
> + * with enough memory to hold ciphertext output (atleast X bytes
> + * for prime field curve of N bytes and for message M bytes,
> + * where X = (C1 + C2 + C3) and computed based on SM2 RFC as
> + * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> + * be overwritten by the PMD with the encrypted length.
> + */
> +
> + rte_crypto_uint id;
> + /**< The SM2 id used by signer and verifier and is in interval
> + * (1, n-1).
> + */
This can be a single line comment.
> +
> + rte_crypto_uint r;
> + /**< r component of elliptic curve signature
> + * output : for signature generation (of atleast N bytes
> + * where prime field length is N bytes)
> + * input : for signature verification
> + */
> + rte_crypto_uint s;
> + /**< s component of elliptic curve signature
> + * output : for signature generation (of atleast N bytes
> + * where prime field length is N bytes)
> + * input : for signature verification
> + */
> +};
> +
> /**
> * Asymmetric Cryptographic Operation.
> *
> @@ -665,6 +740,7 @@ struct rte_crypto_asym_op {
> struct rte_crypto_dsa_op_param dsa;
> struct rte_crypto_ecdsa_op_param ecdsa;
> struct rte_crypto_ecpm_op_param ecpm;
> + struct rte_crypto_sm2_op_param sm2;
> };
> uint16_t flags;
> /**<
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
> index a96114b2da..fd7b6b92b5 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -282,6 +282,7 @@ const char *rte_crypto_asym_xform_strings[] = {
> [RTE_CRYPTO_ASYM_XFORM_DSA] = "dsa",
> [RTE_CRYPTO_ASYM_XFORM_ECDSA] = "ecdsa",
> [RTE_CRYPTO_ASYM_XFORM_ECPM] = "ecpm",
> + [RTE_CRYPTO_ASYM_XFORM_SM2] = "sm2",
> };
>
> /**
> --
> 2.25.1
@@ -125,6 +125,7 @@ Diffie-hellman =
ECDSA =
ECPM =
ECDH =
+SM2 =
;
; Supported Operating systems of a default crypto driver.
@@ -55,6 +55,9 @@ New Features
Also, make sure to start the actual text at the margin.
=======================================================
+* **Added SM2 algorithm in cryptodev library.**
+
+ Added SM2 algorithm with prime field curve support.
Removed Items
-------------
@@ -119,6 +119,8 @@ enum rte_crypto_asym_xform_type {
/**< Elliptic Curve Point Multiplication */
RTE_CRYPTO_ASYM_XFORM_ECFPM,
/**< Elliptic Curve Fixed Point Multiplication */
+ RTE_CRYPTO_ASYM_XFORM_SM2,
+ /**< ShangMi 2. Performs Encrypt, Decrypt, Sign and Verify. */
RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
/**< End of list */
};
@@ -382,6 +384,20 @@ struct rte_crypto_ec_xform {
/**< Pre-defined ec groups */
};
+/**
+ * Asymmetric SM2 transform data
+ *
+ * Structure describing SM2 xform params
+ *
+ */
+struct rte_crypto_sm2_xform {
+ rte_crypto_uint pkey;
+ /**< Private key of the signer for signature generation */
+
+ struct rte_crypto_ec_point q;
+ /**< Public key of the signer for verification */
+};
+
/**
* Operations params for modular operations:
* exponentiation and multiplicative inverse
@@ -637,9 +653,68 @@ struct rte_crypto_asym_xform {
/**< EC xform parameters, used by elliptic curve based
* operations.
*/
+
+ struct rte_crypto_sm2_xform sm2;
+ /**< SM2 xform parameters */
};
};
+/**
+ * SM2 operation params
+ */
+struct rte_crypto_sm2_op_param {
+ enum rte_crypto_asym_op_type op_type;
+ /**< Signature generation or verification */
+
+ rte_crypto_param message;
+ /**<
+ * Pointer to input data
+ * - to be encrypted for SM2 public encrypt.
+ * - to be signed for SM2 sign generation.
+ * - to be authenticated for SM2 sign verification.
+ *
+ * Pointer to output data
+ * - for SM2 private decrypt.
+ * In this case the underlying array should have been
+ * allocated with enough memory to hold plaintext output
+ * (atleast encrypted text length). The message.length field
+ * will be overwritten by the PMD with the decrypted length.
+ */
+
+ rte_crypto_param cipher;
+ /**<
+ * Pointer to input data
+ * - to be decrypted for SM2 private decrypt.
+ *
+ * Pointer to output data
+ * - for SM2 public encrypt.
+ * In this case the underlying array should have been allocated
+ * with enough memory to hold ciphertext output (atleast X bytes
+ * for prime field curve of N bytes and for message M bytes,
+ * where X = (C1 + C2 + C3) and computed based on SM2 RFC as
+ * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
+ * be overwritten by the PMD with the encrypted length.
+ */
+
+ rte_crypto_uint id;
+ /**< The SM2 id used by signer and verifier and is in interval
+ * (1, n-1).
+ */
+
+ rte_crypto_uint r;
+ /**< r component of elliptic curve signature
+ * output : for signature generation (of atleast N bytes
+ * where prime field length is N bytes)
+ * input : for signature verification
+ */
+ rte_crypto_uint s;
+ /**< s component of elliptic curve signature
+ * output : for signature generation (of atleast N bytes
+ * where prime field length is N bytes)
+ * input : for signature verification
+ */
+};
+
/**
* Asymmetric Cryptographic Operation.
*
@@ -665,6 +740,7 @@ struct rte_crypto_asym_op {
struct rte_crypto_dsa_op_param dsa;
struct rte_crypto_ecdsa_op_param ecdsa;
struct rte_crypto_ecpm_op_param ecpm;
+ struct rte_crypto_sm2_op_param sm2;
};
uint16_t flags;
/**<
@@ -282,6 +282,7 @@ const char *rte_crypto_asym_xform_strings[] = {
[RTE_CRYPTO_ASYM_XFORM_DSA] = "dsa",
[RTE_CRYPTO_ASYM_XFORM_ECDSA] = "ecdsa",
[RTE_CRYPTO_ASYM_XFORM_ECPM] = "ecpm",
+ [RTE_CRYPTO_ASYM_XFORM_SM2] = "sm2",
};
/**