cancel
Showing results for 
Search instead for 
Did you mean: 

Enable GmSSL which supports OSCCA Algorithm Toolbox on i.MX

NXP Employee
NXP Employee
1 0 479

GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 and other national secret (national commercial password) algorithm, SM2 digital certificate and SM2 certificate based on SSL / TLS secure communication protocol to support the national security hardware password device , To provide in line with the national standard programming interface and command line tools, can be used to build PKI / CA, secure communication, data encryption and other standards in line with national security applications. For more information, please access GmSSL official website http://gmssl.org/english.html.

Software environments as the belows:

Linux kernel: imx_4.14.98_2.0.0_ga

cryptodev: 1.9

HW platform: i.MX6UL, i.MX7D/S, i.MX8M/MM, i.MX8QM/QXP.

The patches include the following features:

1, Support SM2/SM9 encryption/decryption/sign/verify/key exchange, RSA encryption/decryption, DSA/ECDSA sign/verify, DH/ECDH key agreement, ECC & DLC & RSA key generation and big number operation and elliptic curve math by CAAM hardware accelerating.

2, run "git apply 0001-Enhance-cryptodev-and-its-engine-in-GmSSL-by-CAAM-s-.patch" under folder sources/poky, and "git apply 0001-Add-public-key-cryptography-operations-in-CAAM-drive.patch" under folder sources/meta-fsl-bsp-release for patch these codes.

3, GmSSL Build command:

$ tar zxvf GmSSL-master-iMX.tgz

cd GmSSL-master-iMX

(For i.MX8M/MM, i.MX8QM/QXP)

source /opt/arm-arch64/environment-setup-aarch64-poky-linux 

$ ./Configure -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHW_ENDIAN_SWAP  --prefix=~/install64 --openssldir=/etc/gmssl --libdir=/usr/lib no-saf no-sdf no-skf no-sof no-zuc -no-ssl3 shared linux-aarch64

$ make 

$ make install                            /*image and config file will be installed to folder ~/install64 */

(For i.MX6UL, i.MX7D/S)

$ source /opt/arm-arch32/environment-setup-cortexa7hf-neon-poky-linux-gnueabi

$ ./Configure -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS --prefix=~/install32 --openssldir=/etc/gmssl --libdir=/usr/lib no-saf no-sdf no-skf no-sof no-zuc -no-ssl3 shared linux-armv4

$ make 

$ make install                            /*image and config file will be installed to folder ~/install32 */

4, How to use GmSSL:

copy image gmssl to /usr/bin on i.MX board; copy gmssl libcrypto.so.1.1 and libssl.so.1.1 to /usr/lib on i.MX board; copy folder etc/gmssl to /etc/ on i.MX board. copy test examples (dhtest, dsatest, rsa_test, ecdhtest, ecdsatest, eciestest, sm3test, sms4test, sm2test, sm9test) under GmSSL-master-iMX/test  to U disk for running.

You can run test examples by the following commands:

#insmod /lib/modules/4.14.98-imx_4.14.98_2.0.0_ga+g5d6cbeafb80c/extra/cryptodev.ko

#/run/media/sda1/dhtest
#/run/media/sda1/dsatest
#/run/media/sda1/rsa_test
#/run/media/sda1/ecdhtest
#/run/media/sda1/ecdsatest
#/run/media/sda1/eciestest
#/run/media/sda1/sm3test
#/run/media/sda1/sms4test
#/run/media/sda1/sm2test
#/run/media/sda1/sm9test

and speed test commands:

#gmssl speed sm2
#gmssl genrsa -rand -f4 512
#gmssl speed dsa
#gmssl genrsa -rand -f4 1024
#gmssl speed rsa
#gmssl genrsa -rand -f4 2048
#gmssl speed ecdsa
#gmssl genrsa -rand -f4 3072
#gmssl speed ecdh
#gmssl genrsa -rand -f4 4096