In the case when PMD cannot support the full process of the SM2,
but elliptic curve computation only, additional fields
are needed to handle such a case.
Points C1, kP therefore were added to the SM2 crypto operation struct.
Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusz...@intel.com>
---
doc/guides/rel_notes/release_24_11.rst | 3 ++
lib/cryptodev/rte_crypto_asym.h | 56 +++++++++++++++++++-------
2 files changed, 45 insertions(+), 14 deletions(-)
diff --git a/doc/guides/rel_notes/release_24_11.rst
b/doc/guides/rel_notes/release_24_11.rst
index fa4822d928..0f91dae987 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -406,6 +406,9 @@ ABI Changes
added new structure ``rte_node_xstats`` to ``rte_node_register`` and
added ``xstat_off`` to ``rte_node``.
+* cryptodev: The ``rte_crypto_sm2_op_param`` struct member to hold ciphertext
+ is changed to union data type. This change is to support partial SM2
calculation.
+
Known Issues
------------
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index aeb46e688e..f095cebcd0 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -646,6 +646,8 @@ enum rte_crypto_sm2_op_capa {
/**< Random number generator supported in SM2 ops. */
RTE_CRYPTO_SM2_PH,
/**< Prehash message before crypto op. */
+ RTE_CRYPTO_SM2_PARTIAL,
+ /**< Calculate elliptic curve points only. */
};
/**
@@ -673,20 +675,46 @@ struct rte_crypto_sm2_op_param {
* will be overwritten by the PMD with the decrypted length.
*/
- rte_crypto_param cipher;
- /**<
- * Pointer to input data
- * - to be decrypted for SM2 private decrypt.
- *
- * Pointer to output data
- * - for SM2 public encrypt.
- * In this case the underlying array should have been allocated
- * with enough memory to hold ciphertext output (at least X bytes
- * for prime field curve of N bytes and for message M bytes,
- * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
- * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
- * be overwritten by the PMD with the encrypted length.
- */
+ union {
+ rte_crypto_param cipher;
+ /**<
+ * Pointer to input data
+ * - to be decrypted for SM2 private decrypt.
+ *
+ * Pointer to output data
+ * - for SM2 public encrypt.
+ * In this case the underlying array should have been allocated
+ * with enough memory to hold ciphertext output (at least X
bytes
+ * for prime field curve of N bytes and for message M bytes,
+ * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
+ * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
+ * be overwritten by the PMD with the encrypted length.
+ */
+ struct {
+ struct rte_crypto_ec_point c1;
+ /**<
+ * This field is used only when PMD does not support
the full
+ * process of the SM2 encryption/decryption, but the
elliptic
+ * curve part only.
+ *
+ * In the case of encryption, it is an output - point
C1 = (x1,y1).
+ * In the case of decryption, if is an input - point C1
= (x1,y1).
+ *
+ * Must be used along with the RTE_CRYPTO_SM2_PARTIAL
flag.
+ */
+ struct rte_crypto_ec_point kp;
+ /**<
+ * This field is used only when PMD does not support
the full
+ * process of the SM2 encryption/decryption, but the
elliptic
+ * curve part only.
+ *
+ * It is an output in the encryption case, it is a point
+ * [k]P = (x2,y2).
+ *
+ * Must be used along with the RTE_CRYPTO_SM2_PARTIAL
flag.
+ */
+ };
+ };
rte_crypto_uint id;
/**< The SM2 id used by signer and verifier. */
--
2.17.1
