> -----Original Message-----
> From: Akhil Goyal <gak...@marvell.com>
> Sent: Thursday, October 3, 2024 4:39 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusz...@intel.com>; dev@dpdk.org
> Cc: Dooley, Brian <brian.doo...@intel.com>
> Subject: RE: [EXTERNAL] [PATCH v2] cryptodev: add ec points to sm2 op
>
> > In the case when PMD cannot support the full process of the SM2, but
> > elliptic curve computation only, additional fields are needed to
> > handle such a case.
> >
> > Points C1, kP therefore were added to the SM2 crypto operation struct.
> >
> > Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusz...@intel.com>
> > ---
> > lib/cryptodev/rte_crypto_asym.h | 119
> > ++++++++++++++++++++++++-------------
> > ---
> > 1 file changed, 71 insertions(+), 48 deletions(-)
> >
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index 39d3da3952..f59759062f 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -600,40 +600,6 @@ struct rte_crypto_ecpm_op_param { };
> >
> > /**
> > - * Asymmetric crypto transform data
> > - *
> > - * Structure describing asym xforms.
> > - */
> > -struct rte_crypto_asym_xform {
> > - struct rte_crypto_asym_xform *next;
> > - /**< Pointer to next xform to set up xform chain.*/
> > - enum rte_crypto_asym_xform_type xform_type;
> > - /**< Asymmetric crypto transform */
> > -
> > - union {
> > - struct rte_crypto_rsa_xform rsa;
> > - /**< RSA xform parameters */
> > -
> > - struct rte_crypto_modex_xform modex;
> > - /**< Modular Exponentiation xform parameters */
> > -
> > - struct rte_crypto_modinv_xform modinv;
> > - /**< Modular Multiplicative Inverse xform parameters */
> > -
> > - struct rte_crypto_dh_xform dh;
> > - /**< DH xform parameters */
> > -
> > - struct rte_crypto_dsa_xform dsa;
> > - /**< DSA xform parameters */
> > -
> > - struct rte_crypto_ec_xform ec;
> > - /**< EC xform parameters, used by elliptic curve based
> > - * operations.
> > - */
> > - };
> > -};
> > -
> > -/**
> > * SM2 operation params.
> > */
> > struct rte_crypto_sm2_op_param {
> > @@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
> > * will be overwritten by the PMD with the decrypted length.
> > */
> >
> > - rte_crypto_param cipher;
> > - /**<
> > - * Pointer to input data
> > - * - to be decrypted for SM2 private decrypt.
> > - *
> > - * Pointer to output data
> > - * - for SM2 public encrypt.
> > - * In this case the underlying array should have been allocated
> > - * with enough memory to hold ciphertext output (at least X bytes
> > - * for prime field curve of N bytes and for message M bytes,
> > - * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> > - * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > - * be overwritten by the PMD with the encrypted length.
> > - */
> > + union {
> > + rte_crypto_param cipher;
> > + /**<
> > + * Pointer to input data
> > + * - to be decrypted for SM2 private decrypt.
> > + *
> > + * Pointer to output data
> > + * - for SM2 public encrypt.
> > + * In this case the underlying array should have been allocated
> > + * with enough memory to hold ciphertext output (at least X
> > bytes
> > + * for prime field curve of N bytes and for message M bytes,
> > + * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> > as
> > + * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > + * be overwritten by the PMD with the encrypted length.
> > + */
> > + struct {
> > + struct rte_crypto_ec_point C1;
> > + /**<
> > + * This field is used only when PMD does not support
> the
> > full
> > + * process of the SM2 encryption/decryption, but the
> > elliptic
> > + * curve part only.
> > + *
> > + * In the case of encryption, it is an output - point
> > C1 =
> > (x1,y1).
> > + * In the case of decryption, if is an input - point C1
> > =
> > (x1,y1)
> > + *
> > + */
> > + struct rte_crypto_ec_point kP;
> > + /**<
> > + * This field is used only when PMD does not support
> the
> > full
> > + * process of the SM2 encryption/decryption, but the
> > elliptic
> > + * curve part only.
> > + *
> > + * It is an output in the encryption case, it is a point
> > + * [k]P = (x2,y2)
> > + */
> > + };
> > + };
> >
> > rte_crypto_uint id;
> > /**< The SM2 id used by signer and verifier. */ @@ -698,6 +687,40 @@
> > struct rte_crypto_sm2_op_param { };
> >
>
> How is the application supposed to know, it need to fill these parameters and
> PMD does not support full operation?
> Can we add some capability checks?
Initially I though it should be based on the .rst file PMD information, like
with the key generation random number.
Otherwise, it could rather be a feature flag than a capability?
>
> Also send the patches for test case and PMD support.
Sure, I will send.
>
> > /**
> > + * Asymmetric crypto transform data
> > + *
> > + * Structure describing asym xforms.
> > + */
> > +struct rte_crypto_asym_xform {
> > + struct rte_crypto_asym_xform *next;
> > + /**< Pointer to next xform to set up xform chain.*/
> > + enum rte_crypto_asym_xform_type xform_type;
> > + /**< Asymmetric crypto transform */
> > +
> > + union {
> > + struct rte_crypto_rsa_xform rsa;
> > + /**< RSA xform parameters */
> > +
> > + struct rte_crypto_modex_xform modex;
> > + /**< Modular Exponentiation xform parameters */
> > +
> > + struct rte_crypto_modinv_xform modinv;
> > + /**< Modular Multiplicative Inverse xform parameters */
> > +
> > + struct rte_crypto_dh_xform dh;
> > + /**< DH xform parameters */
> > +
> > + struct rte_crypto_dsa_xform dsa;
> > + /**< DSA xform parameters */
> > +
> > + struct rte_crypto_ec_xform ec;
> > + /**< EC xform parameters, used by elliptic curve based
> > + * operations.
> > + */
> > + };
> > +};
> > +
> > +/**
> > * Asymmetric Cryptographic Operation.
> > *
> > * Structure describing asymmetric crypto operation params.
> > --
> > 2.13.6
