Add provider support for SM4-GCM(BabaSSL)

Signed-off-by: Ashwin Basapathy <ashwinx.kumar.basapathy.shivaprasad@intel.com>

Makefile.am

@@ -53,8 +53,8 @@ if QAT_PROVIDER
                 qat_prov_capabilities.c   \
                 qat_prov_chachapoly.c     \
                 qat_prov_sign_sm2.c       \
-                qat_prov_hkdf_packet.c
-
+                qat_prov_hkdf_packet.c    \
+                qat_prov_sm4_gcm.c
 if QAT_FIPS
  QAT_FIPS_SRC = qat_fips.c                \
                 qat_self_test_kats.c      \

docs/qat_common.md

@@ -151,6 +151,7 @@ and the default if not specified will use engine interface.
 | SHA3-384 | QAT_HW |
 | SHA3-512 | QAT_HW |
 | ChachaPoly | QAT_HW |
+| SM4-GCM (BabaSSL only) | QAT_SW |
 
 This support is added as an experimental feature and tested with
 OpenSSL Speed and testapp only and not tested with any application.

e_qat.c

@@ -1284,6 +1284,11 @@ int bind_qat(ENGINE *e, const char *id)
     if (qat_hw_gcm_offload && !qat_sw_gcm_offload)
         INFO("QAT_HW GCM for Provider Enabled\n");
 # endif
+
+# ifdef ENABLE_QAT_SW_SM4_GCM
+    if (qat_sw_sm4_gcm_offload)
+        INFO("QAT_SW SM4-GCM for Provider Enabled\n");
+# endif
 #endif
 
 #ifndef QAT_BORINGSSL

e_qat_err.c

@@ -222,6 +222,7 @@ static ERR_STRING_DATA QAT_str_reasons[] = {
     {ERR_PACK(0, 0, QAT_R_CAPABILITY_FAILURE), "capability failure"},
     {ERR_PACK(0, 0, QAT_R_CHACHAPOLY_CTX_NULL), "chachapoly ctx null"},
     {ERR_PACK(0, 0, QAT_R_CIPHER_DATA_NULL), "cipher data null"},
+    {ERR_PACK(0, 0, QAT_R_CIPHER_OPERATION_FAILED), "cipher operation failed"},
     {ERR_PACK(0, 0, QAT_R_CLOSE_READFD_FAILURE), "close readfd failure"},
     {ERR_PACK(0, 0, QAT_R_COMPUTE_FAILURE), "compute failure"},
     {ERR_PACK(0, 0, QAT_R_COMPUTE_H_MULTIPLY_Q_FAILURE),
@@ -285,6 +286,8 @@ static ERR_STRING_DATA QAT_str_reasons[] = {
     {ERR_PACK(0, 0, QAT_R_EPOLL_CTL_FAILURE), "epoll ctl failure"},
     {ERR_PACK(0, 0, QAT_R_EVENTS_MALLOC_FAILURE), "events malloc failure"},
     {ERR_PACK(0, 0, QAT_R_EVP_LIB), "evp lib"},
+    {ERR_PACK(0, 0, QAT_R_FAILED_TO_GET_PARAMETER), "failed to get parameter"},
+    {ERR_PACK(0, 0, QAT_R_FAILED_TO_SET_PARAMETER), "failed to set parameter"},
     {ERR_PACK(0, 0, QAT_R_FALLBACK_INIT_FAILURE), "fallback init failure"},
     {ERR_PACK(0, 0, QAT_R_FALLBACK_POINTER_NULL), "fallback pointer null"},
     {ERR_PACK(0, 0, QAT_R_FIELD_SIZE_INVALID), "field size invalid"},
@@ -324,6 +327,7 @@ static ERR_STRING_DATA QAT_str_reasons[] = {
     "instance handle malloc failure"},
     {ERR_PACK(0, 0, QAT_R_INSTANCE_UNAVAILABLE), "instance unavailable"},
     {ERR_PACK(0, 0, QAT_R_INTERNAL_ERROR), "internal error"},
+    {ERR_PACK(0, 0, QAT_R_INVALID_AAD), "invalid aad"},
     {ERR_PACK(0, 0, QAT_R_INVALID_ATTACHED_TAG), "invalid attached tag"},
     {ERR_PACK(0, 0, QAT_R_INVALID_CTRL_TYPE), "invalid ctrl type"},
     {ERR_PACK(0, 0, QAT_R_INVALID_CURVE), "invalid curve"},
@@ -332,6 +336,7 @@ static ERR_STRING_DATA QAT_str_reasons[] = {
     {ERR_PACK(0, 0, QAT_R_INVALID_INPUT_LENGTH), "invalid input length"},
     {ERR_PACK(0, 0, QAT_R_INVALID_INPUT_PARAMETER), "invalid input parameter"},
     {ERR_PACK(0, 0, QAT_R_INVALID_IVLEN), "invalid ivlen"},
+    {ERR_PACK(0, 0, QAT_R_INVALID_IV_LENGTH), "invalid iv length"},
     {ERR_PACK(0, 0, QAT_R_INVALID_L), "invalid l"},
     {ERR_PACK(0, 0, QAT_R_INVALID_LEN), "invalid len"},
     {ERR_PACK(0, 0, QAT_R_INVALID_PEER_KEY), "invalid peer key"},
@@ -340,6 +345,7 @@ static ERR_STRING_DATA QAT_str_reasons[] = {
     {ERR_PACK(0, 0, QAT_R_INVALID_PTR_IV), "invalid ptr iv"},
     {ERR_PACK(0, 0, QAT_R_INVALID_PUB_KEY), "invalid pub key"},
     {ERR_PACK(0, 0, QAT_R_INVALID_QCTX_MEMORY), "invalid qctx memory"},
+    {ERR_PACK(0, 0, QAT_R_INVALID_TAG), "invalid tag"},
     {ERR_PACK(0, 0, QAT_R_INVALID_TAG_LEN), "invalid tag len"},
     {ERR_PACK(0, 0, QAT_R_INVALID_TYPE), "invalid type"},
     {ERR_PACK(0, 0, QAT_R_IN_KINV_CONVERT_TO_FB_FAILURE),
@@ -413,6 +419,7 @@ static ERR_STRING_DATA QAT_str_reasons[] = {
     "out1 pdata malloc failure"},
     {ERR_PACK(0, 0, QAT_R_OUT2_PDATA_MALLOC_FAILURE),
     "out2 pdata malloc failure"},
+    {ERR_PACK(0, 0, QAT_R_OUTPUT_BUFFER_TOO_SMALL), "output buffer too small"},
     {ERR_PACK(0, 0, QAT_R_OUTPUT_BUF_MALLOC_FAILURE),
     "output buf malloc failure"},
     {ERR_PACK(0, 0, QAT_R_OUTPUT_BUF_PDATA_MALLOC_FAILURE),

qat_evp.c

@@ -972,14 +972,17 @@ const EVP_CIPHER *qat_create_sm4_gcm_cipher_meth(int nid, int keylen)
         }
         res &= EVP_CIPHER_meth_set_iv_length(c, QAT_SM4_TLS_TOTAL_IV_LEN);
         res &= EVP_CIPHER_meth_set_flags(c, CUSTOM_FLAGS);
+#ifndef QAT_OPENSSL_PROVIDER
         res &= EVP_CIPHER_meth_set_init(c, qat_sw_sm4_gcm_init);
         res &= EVP_CIPHER_meth_set_do_cipher(c, qat_sw_sm4_gcm_cipher);
         res &= EVP_CIPHER_meth_set_cleanup(c, qat_sw_sm4_gcm_cleanup);
+#endif
         res &= EVP_CIPHER_meth_set_impl_ctx_size(c, sizeof(QAT_SM4_GCM_CTX));
         res &= EVP_CIPHER_meth_set_set_asn1_params(c, NULL);
         res &= EVP_CIPHER_meth_set_get_asn1_params(c, NULL);
+#ifndef QAT_OPENSSL_PROVIDER
         res &= EVP_CIPHER_meth_set_ctrl(c, qat_sw_sm4_gcm_ctrl);
-
+#endif
         if (0 == res) {
             WARN("Failed to set cipher methods for nid %d\n", NID_sm4_gcm);
             EVP_CIPHER_meth_free(c);

qat_evp.h

@@ -131,15 +131,6 @@ int qat_sw_sm3_update(EVP_MD_CTX *ctx, const void *in, size_t len);
 int qat_sw_sm3_final(EVP_MD_CTX *ctx, unsigned char *md);
 # endif
 
-# ifdef ENABLE_QAT_SW_SM4_GCM
-int qat_sw_sm4_gcm_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-        const unsigned char *iv, int enc);
-int qat_sw_sm4_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-int qat_sw_sm4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        const unsigned char *in, size_t len);
-int qat_sw_sm4_gcm_cleanup(EVP_CIPHER_CTX *ctx);
-# endif
-
 # ifdef ENABLE_QAT_SW_SM4_CCM
 int qat_sw_sm4_ccm_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         const unsigned char *iv, int enc);