Skip navigation

i.MX Processors

2 Posts authored by: Xiaodong Zhang Employee

GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 and other national secret (national commercial password) algorithm, SM2 digital certificate and SM2 certificate based on SSL / TLS secure communication protocol to support the national security hardware password device , To provide in line with the national standard programming interface and command line tools, can be used to build PKI / CA, secure communication, data encryption and other standards in line with national security applications. For more information, please access GmSSL official website http://gmssl.org/english.html.

 

Software environments as the belows:

Linux kernel: imx_4.14.98_2.0.0_ga

cryptodev: 1.9

HW platform: i.MX6UL, i.MX7D/S, i.MX8M/MM, i.MX8QM/QXP.

The patches include the following features:

1, Support SM2/SM9 encryption/decryption/sign/verify/key exchange, RSA encryption/decryption, DSA/ECDSA sign/verify, DH/ECDH key agreement, ECC & DLC & RSA key generation and big number operation and elliptic curve math by CAAM hardware accelerating.

2, run "git apply 0001-Enhance-cryptodev-and-its-engine-in-GmSSL-by-CAAM-s-.patch" under folder sources/poky, and "git apply 0001-Add-public-key-cryptography-operations-in-CAAM-drive.patch" under folder sources/meta-fsl-bsp-release for patch these codes.

3, GmSSL Build command:

$ tar zxvf GmSSL-master-iMX.tgz

cd GmSSL-master-iMX

(For i.MX8M/MM, i.MX8QM/QXP)

source /opt/arm-arch64/environment-setup-aarch64-poky-linux 

$ ./Configure -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHW_ENDIAN_SWAP  --prefix=~/install64 --openssldir=/etc/gmssl --libdir=/usr/lib no-saf no-sdf no-skf no-sof no-zuc -no-ssl3 shared linux-aarch64

$ make 

$ make install                            /*image and config file will be installed to folder ~/install64 */

 

(For i.MX6UL, i.MX7D/S)

$ source /opt/arm-arch32/environment-setup-cortexa7hf-neon-poky-linux-gnueabi

$ ./Configure -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS --prefix=~/install32 --openssldir=/etc/gmssl --libdir=/usr/lib no-saf no-sdf no-skf no-sof no-zuc -no-ssl3 shared linux-armv4

$ make 

$ make install                            /*image and config file will be installed to folder ~/install32 */

 

4, How to use GmSSL:

copy image gmssl to /usr/bin on i.MX board; copy gmssl libcrypto.so.1.1 and libssl.so.1.1 to /usr/lib on i.MX board; copy folder etc/gmssl to /etc/ on i.MX board. copy test examples (dhtest, dsatest, rsa_test, ecdhtest, ecdsatest, eciestest, sm3test, sms4test, sm2test, sm9test) under GmSSL-master-iMX/test  to U disk for running.

You can run test examples by the following commands:

#insmod /lib/modules/4.14.98-imx_4.14.98_2.0.0_ga+g5d6cbeafb80c/extra/cryptodev.ko

#/run/media/sda1/dhtest
#/run/media/sda1/dsatest
#/run/media/sda1/rsa_test
#/run/media/sda1/ecdhtest
#/run/media/sda1/ecdsatest
#/run/media/sda1/eciestest
#/run/media/sda1/sm3test
#/run/media/sda1/sms4test
#/run/media/sda1/sm2test
#/run/media/sda1/sm9test

and speed test commands:

#gmssl speed sm2
#gmssl genrsa -rand -f4 512
#gmssl speed dsa
#gmssl genrsa -rand -f4 1024
#gmssl speed rsa
#gmssl genrsa -rand -f4 2048
#gmssl speed ecdsa
#gmssl genrsa -rand -f4 3072
#gmssl speed ecdh
#gmssl genrsa -rand -f4 4096

GmSSL是一个开源的密码工具箱,支持SM2/SM3/SM4/SM9/ZUC等国密(国家商用密码)算法、SM2国密数字证书及基于SM2证书的SSL/TLS安全通信协议,提供符合国密规范的编程接口与命令行工具,可以用于构建PKI/CA、安全通信、数据加密等符合国密标准的安全应用。GmSSL项目是OpenSSL项目的分支,并与OpenSSL保持接口兼容。因此GmSSL可以替代应用中的OpenSSL组件,并使应用自动具备基于国密的安全能力。GmSSL项目采用对商业应用友好的类BSD开源许可证,开源且可以用于闭源的商业应用。

现成功移植GmSSL到i.MX平台,并且利用i.MX的加解密模块CAAM加速了SM2/SM9的运算。此外,还支持RSA,ECDSA/ECDH和DSA/DH以及AES,DES,SHA,MD5的硬件加速。

软件环境如下:

Linux kernel: imx_4.14.98_2.0.0_ga

cryptodev: 1.9

硬件平台: i.MX6UL, i.MX7D/S, i.MX8M/MM, i.MX8QM/QXP.

patch可以从下面的链接得到:

https://community.nxp.com/docs/DOC-343823

 

GmSSL官网链接http://gmssl.org/