GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 and other national secret (national commercial password) algorithm, SM2 digital certificate and SM2 certificate based on SSL / TLS secure communication protocol to support the national security hardware password device , To provide in line with the national standard programming interface and command line tools, can be used to build PKI / CA, secure communication, data encryption and other standards in line with national security applications. For more information, please access GmSSL official website http://gmssl.org/english.html.
Software environments as the belows:
Linux kernel: imx_4.14.98_2.0.0_ga
cryptodev: 1.9
HW platform: i.MX6UL, i.MX7D/S, i.MX8M/MM, i.MX8QM/QXP.
The patches include the following features:
1, Support SM2/SM9 encryption/decryption/sign/verify/key exchange, RSA encryption/decryption, DSA/ECDSA sign/verify, DH/ECDH key agreement, ECC & DLC & RSA key generation and big number operation and elliptic curve math by CAAM hardware accelerating.
2, run "git apply 0001-Enhance-cryptodev-and-its-engine-in-GmSSL-by-CAAM-s-.patch" under folder sources/poky, and "git apply 0001-Add-public-key-cryptography-operations-in-CAAM-drive.patch" under folder sources/meta-fsl-bsp-release for patch these codes.
3, GmSSL Build command:
$ tar zxvf GmSSL-master-iMX.tgz
$ cd GmSSL-master-iMX
(For i.MX8M/MM, i.MX8QM/QXP)
$ source /opt/arm-arch64/environment-setup-aarch64-poky-linux
$ ./Configure -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHW_ENDIAN_SWAP --prefix=~/install64 --openssldir=/etc/gmssl --libdir=/usr/lib no-saf no-sdf no-skf no-sof no-zuc -no-ssl3 shared linux-aarch64
$ make
$ make install /*image and config file will be installed to folder ~/install64 */
(For i.MX6UL, i.MX7D/S)
$ source /opt/arm-arch32/environment-setup-cortexa7hf-neon-poky-linux-gnueabi
$ ./Configure -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS --prefix=~/install32 --openssldir=/etc/gmssl --libdir=/usr/lib no-saf no-sdf no-skf no-sof no-zuc -no-ssl3 shared linux-armv4
$ make
$ make install /*image and config file will be installed to folder ~/install32 */
4, How to use GmSSL:
copy image gmssl to /usr/bin on i.MX board; copy gmssl libcrypto.so.1.1 and libssl.so.1.1 to /usr/lib on i.MX board; copy folder etc/gmssl to /etc/ on i.MX board. copy test examples (dhtest, dsatest, rsa_test, ecdhtest, ecdsatest, eciestest, sm3test, sms4test, sm2test, sm9test) under GmSSL-master-iMX/test to U disk for running.
You can run test examples by the following commands:
#insmod /lib/modules/4.14.98-imx_4.14.98_2.0.0_ga+g5d6cbeafb80c/extra/cryptodev.ko
#/run/media/sda1/dhtest
#/run/media/sda1/dsatest
#/run/media/sda1/rsa_test
#/run/media/sda1/ecdhtest
#/run/media/sda1/ecdsatest
#/run/media/sda1/eciestest
#/run/media/sda1/sm3test
#/run/media/sda1/sms4test
#/run/media/sda1/sm2test
#/run/media/sda1/sm9test
and speed test commands:
#gmssl speed sm2
#gmssl genrsa -rand -f4 512
#gmssl speed dsa
#gmssl genrsa -rand -f4 1024
#gmssl speed rsa
#gmssl genrsa -rand -f4 2048
#gmssl speed ecdsa
#gmssl genrsa -rand -f4 3072
#gmssl speed ecdh
#gmssl genrsa -rand -f4 4096
ここにコメントを追加するには、ご登録いただく必要があります。 ご登録済みの場合は、ログインしてください。 ご登録がまだの場合は、ご登録後にログインしてください。