Xiaodong Zhang

Enable GmSSL which supports OSCCA Algorithm Toolbox on i.MX

Blog Post created by Xiaodong Zhang Employee on May 29, 2019

GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 and other national secret (national commercial password) algorithm, SM2 digital certificate and SM2 certificate based on SSL / TLS secure communication protocol to support the national security hardware password device , To provide in line with the national standard programming interface and command line tools, can be used to build PKI / CA, secure communication, data encryption and other standards in line with national security applications. For more information, please access GmSSL official website http://gmssl.org/english.html.

 

Software environments as the belows:

Linux kernel: imx_4.14.98_2.0.0_ga

cryptodev: 1.9

HW platform: i.MX6UL, i.MX7D/S, i.MX8M/MM, i.MX8QM/QXP.

The patches include the following features:

1, Support SM2/SM9 encryption/decryption/sign/verify/key exchange, RSA encryption/decryption, DSA/ECDSA sign/verify, DH/ECDH key agreement, ECC & DLC & RSA key generation and big number operation and elliptic curve math by CAAM hardware accelerating.

2, run "git apply 0001-Enhance-cryptodev-and-its-engine-in-GmSSL-by-CAAM-s-.patch" under folder sources/poky, and "git apply 0001-Add-public-key-cryptography-operations-in-CAAM-drive.patch" under folder sources/meta-fsl-bsp-release for patch these codes.

3, GmSSL Build command:

$ tar zxvf GmSSL-master-iMX.tgz

cd GmSSL-master-iMX

(For i.MX8M/MM, i.MX8QM/QXP)

source /opt/arm-arch64/environment-setup-aarch64-poky-linux 

$ ./Configure -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHW_ENDIAN_SWAP  --prefix=~/install64 --openssldir=/etc/gmssl --libdir=/usr/lib no-saf no-sdf no-skf no-sof no-zuc -no-ssl3 shared linux-aarch64

$ make 

$ make install                            /*image and config file will be installed to folder ~/install64 */

 

(For i.MX6UL, i.MX7D/S)

$ source /opt/arm-arch32/environment-setup-cortexa7hf-neon-poky-linux-gnueabi

$ ./Configure -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS --prefix=~/install32 --openssldir=/etc/gmssl --libdir=/usr/lib no-saf no-sdf no-skf no-sof no-zuc -no-ssl3 shared linux-armv4

$ make 

$ make install                            /*image and config file will be installed to folder ~/install32 */

 

4, How to use GmSSL:

copy image gmssl to /usr/bin on i.MX board; copy gmssl libcrypto.so.1.1 and libssl.so.1.1 to /usr/lib on i.MX board; copy folder etc/gmssl to /etc/ on i.MX board. copy test examples (dhtest, dsatest, rsa_test, ecdhtest, ecdsatest, eciestest, sm3test, sms4test, sm2test, sm9test) under GmSSL-master-iMX/test  to U disk for running.

You can run test examples by the following commands:

#insmod /lib/modules/4.14.98-imx_4.14.98_2.0.0_ga+g5d6cbeafb80c/extra/cryptodev.ko

#/run/media/sda1/dhtest
#/run/media/sda1/dsatest
#/run/media/sda1/rsa_test
#/run/media/sda1/ecdhtest
#/run/media/sda1/ecdsatest
#/run/media/sda1/eciestest
#/run/media/sda1/sm3test
#/run/media/sda1/sms4test
#/run/media/sda1/sm2test
#/run/media/sda1/sm9test

and speed test commands:

#gmssl speed sm2
#gmssl genrsa -rand -f4 512
#gmssl speed dsa
#gmssl genrsa -rand -f4 1024
#gmssl speed rsa
#gmssl genrsa -rand -f4 2048
#gmssl speed ecdsa
#gmssl genrsa -rand -f4 3072
#gmssl speed ecdh
#gmssl genrsa -rand -f4 4096

Outcomes