[v2] cryptodev: add ec points to sm2 op

Message ID 20240929172912.87859-1-arkadiuszx.kusztal@intel.com (mailing list archive)
State Superseded, archived
Delegated to: akhil goyal
Headers
Series [v2] cryptodev: add ec points to sm2 op |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK
ci/loongarch-compilation success Compilation OK
ci/loongarch-unit-testing success Unit Testing PASS
ci/intel-Testing success Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/intel-Functional success Functional PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/github-robot: build success github build: passed
ci/iol-marvell-Functional success Functional Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-sample-apps-testing success Testing PASS
ci/iol-unit-amd64-testing success Testing PASS
ci/iol-compile-amd64-testing success Testing PASS
ci/iol-unit-arm64-testing success Testing PASS
ci/iol-compile-arm64-testing success Testing PASS

Commit Message

Kusztal, ArkadiuszX Sept. 29, 2024, 5:29 p.m. UTC
In the case when PMD cannot support the full process of the SM2,
but elliptic curve computation only, additional fields
are needed to handle such a case.

Points C1, kP therefore were added to the SM2 crypto operation struct.

Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/cryptodev/rte_crypto_asym.h | 119 ++++++++++++++++++++++++----------------
 1 file changed, 71 insertions(+), 48 deletions(-)
  

Comments

Akhil Goyal Oct. 1, 2024, 7:57 a.m. UTC | #1
> In the case when PMD cannot support the full process of the SM2,
> but elliptic curve computation only, additional fields
> are needed to handle such a case.
> 
> Points C1, kP therefore were added to the SM2 crypto operation struct.
> 
> Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/cryptodev/rte_crypto_asym.h | 119 ++++++++++++++++++++++++-------------
> ---
>  1 file changed, 71 insertions(+), 48 deletions(-)
> 
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 39d3da3952..f59759062f 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -600,40 +600,6 @@ struct rte_crypto_ecpm_op_param {
>  };
> 
>  /**
> - * Asymmetric crypto transform data
> - *
> - * Structure describing asym xforms.
> - */
> -struct rte_crypto_asym_xform {
> -	struct rte_crypto_asym_xform *next;
> -	/**< Pointer to next xform to set up xform chain.*/
> -	enum rte_crypto_asym_xform_type xform_type;
> -	/**< Asymmetric crypto transform */
> -
> -	union {
> -		struct rte_crypto_rsa_xform rsa;
> -		/**< RSA xform parameters */
> -
> -		struct rte_crypto_modex_xform modex;
> -		/**< Modular Exponentiation xform parameters */
> -
> -		struct rte_crypto_modinv_xform modinv;
> -		/**< Modular Multiplicative Inverse xform parameters */
> -
> -		struct rte_crypto_dh_xform dh;
> -		/**< DH xform parameters */
> -
> -		struct rte_crypto_dsa_xform dsa;
> -		/**< DSA xform parameters */
> -
> -		struct rte_crypto_ec_xform ec;
> -		/**< EC xform parameters, used by elliptic curve based
> -		 * operations.
> -		 */
> -	};
> -};

Above change seems unnecessary.


> -
> -/**
>   * SM2 operation params.
>   */
>  struct rte_crypto_sm2_op_param {
> @@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
>  	 * will be overwritten by the PMD with the decrypted length.
>  	 */
> 
> -	rte_crypto_param cipher;
> -	/**<
> -	 * Pointer to input data
> -	 * - to be decrypted for SM2 private decrypt.
> -	 *
> -	 * Pointer to output data
> -	 * - for SM2 public encrypt.
> -	 * In this case the underlying array should have been allocated
> -	 * with enough memory to hold ciphertext output (at least X bytes
> -	 * for prime field curve of N bytes and for message M bytes,
> -	 * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> -	 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> -	 * be overwritten by the PMD with the encrypted length.
> -	 */
> +	union {
> +		rte_crypto_param cipher;
> +		/**<
> +		 * Pointer to input data
> +		 * - to be decrypted for SM2 private decrypt.
> +		 *
> +		 * Pointer to output data
> +		 * - for SM2 public encrypt.
> +		 * In this case the underlying array should have been allocated
> +		 * with enough memory to hold ciphertext output (at least X
> bytes
> +		 * for prime field curve of N bytes and for message M bytes,
> +		 * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> as
> +		 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> +		 * be overwritten by the PMD with the encrypted length.
> +		 */
> +		struct {
> +			struct rte_crypto_ec_point C1;
> +			/**<
> +			 * This field is used only when PMD does not support the
> full
> +			 * process of the SM2 encryption/decryption, but the
> elliptic
> +			 * curve part only.
> +			 *
> +			 * In the case of encryption, it is an output - point C1 =
> (x1,y1).
> +			 * In the case of decryption, if is an input - point C1 =
> (x1,y1)
> +			 *
> +			 */
> +			struct rte_crypto_ec_point kP;
> +			/**<
> +			 * This field is used only when PMD does not support the
> full
> +			 * process of the SM2 encryption/decryption, but the
> elliptic
> +			 * curve part only.
> +			 *
> +			 * It is an output in the encryption case, it is a point
> +			 * [k]P = (x2,y2)
> +			 */
> +		};
> +	};
> 
>  	rte_crypto_uint id;
>  	/**< The SM2 id used by signer and verifier. */
> @@ -698,6 +687,40 @@ struct rte_crypto_sm2_op_param {
>  };
> 
>  /**
> + * Asymmetric crypto transform data
> + *
> + * Structure describing asym xforms.
> + */
> +struct rte_crypto_asym_xform {
> +	struct rte_crypto_asym_xform *next;
> +	/**< Pointer to next xform to set up xform chain.*/
> +	enum rte_crypto_asym_xform_type xform_type;
> +	/**< Asymmetric crypto transform */
> +
> +	union {
> +		struct rte_crypto_rsa_xform rsa;
> +		/**< RSA xform parameters */
> +
> +		struct rte_crypto_modex_xform modex;
> +		/**< Modular Exponentiation xform parameters */
> +
> +		struct rte_crypto_modinv_xform modinv;
> +		/**< Modular Multiplicative Inverse xform parameters */
> +
> +		struct rte_crypto_dh_xform dh;
> +		/**< DH xform parameters */
> +
> +		struct rte_crypto_dsa_xform dsa;
> +		/**< DSA xform parameters */
> +
> +		struct rte_crypto_ec_xform ec;
> +		/**< EC xform parameters, used by elliptic curve based
> +		 * operations.
> +		 */
> +	};
> +};
> +
> +/**
>   * Asymmetric Cryptographic Operation.
>   *
>   * Structure describing asymmetric crypto operation params.
> --
> 2.13.6
  
Akhil Goyal Oct. 3, 2024, 2:39 p.m. UTC | #2
> In the case when PMD cannot support the full process of the SM2,
> but elliptic curve computation only, additional fields
> are needed to handle such a case.
> 
> Points C1, kP therefore were added to the SM2 crypto operation struct.
> 
> Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/cryptodev/rte_crypto_asym.h | 119 ++++++++++++++++++++++++-------------
> ---
>  1 file changed, 71 insertions(+), 48 deletions(-)
> 
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 39d3da3952..f59759062f 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -600,40 +600,6 @@ struct rte_crypto_ecpm_op_param {
>  };
> 
>  /**
> - * Asymmetric crypto transform data
> - *
> - * Structure describing asym xforms.
> - */
> -struct rte_crypto_asym_xform {
> -	struct rte_crypto_asym_xform *next;
> -	/**< Pointer to next xform to set up xform chain.*/
> -	enum rte_crypto_asym_xform_type xform_type;
> -	/**< Asymmetric crypto transform */
> -
> -	union {
> -		struct rte_crypto_rsa_xform rsa;
> -		/**< RSA xform parameters */
> -
> -		struct rte_crypto_modex_xform modex;
> -		/**< Modular Exponentiation xform parameters */
> -
> -		struct rte_crypto_modinv_xform modinv;
> -		/**< Modular Multiplicative Inverse xform parameters */
> -
> -		struct rte_crypto_dh_xform dh;
> -		/**< DH xform parameters */
> -
> -		struct rte_crypto_dsa_xform dsa;
> -		/**< DSA xform parameters */
> -
> -		struct rte_crypto_ec_xform ec;
> -		/**< EC xform parameters, used by elliptic curve based
> -		 * operations.
> -		 */
> -	};
> -};
> -
> -/**
>   * SM2 operation params.
>   */
>  struct rte_crypto_sm2_op_param {
> @@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
>  	 * will be overwritten by the PMD with the decrypted length.
>  	 */
> 
> -	rte_crypto_param cipher;
> -	/**<
> -	 * Pointer to input data
> -	 * - to be decrypted for SM2 private decrypt.
> -	 *
> -	 * Pointer to output data
> -	 * - for SM2 public encrypt.
> -	 * In this case the underlying array should have been allocated
> -	 * with enough memory to hold ciphertext output (at least X bytes
> -	 * for prime field curve of N bytes and for message M bytes,
> -	 * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> -	 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> -	 * be overwritten by the PMD with the encrypted length.
> -	 */
> +	union {
> +		rte_crypto_param cipher;
> +		/**<
> +		 * Pointer to input data
> +		 * - to be decrypted for SM2 private decrypt.
> +		 *
> +		 * Pointer to output data
> +		 * - for SM2 public encrypt.
> +		 * In this case the underlying array should have been allocated
> +		 * with enough memory to hold ciphertext output (at least X
> bytes
> +		 * for prime field curve of N bytes and for message M bytes,
> +		 * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> as
> +		 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> +		 * be overwritten by the PMD with the encrypted length.
> +		 */
> +		struct {
> +			struct rte_crypto_ec_point C1;
> +			/**<
> +			 * This field is used only when PMD does not support the
> full
> +			 * process of the SM2 encryption/decryption, but the
> elliptic
> +			 * curve part only.
> +			 *
> +			 * In the case of encryption, it is an output - point C1 =
> (x1,y1).
> +			 * In the case of decryption, if is an input - point C1 =
> (x1,y1)
> +			 *
> +			 */
> +			struct rte_crypto_ec_point kP;
> +			/**<
> +			 * This field is used only when PMD does not support the
> full
> +			 * process of the SM2 encryption/decryption, but the
> elliptic
> +			 * curve part only.
> +			 *
> +			 * It is an output in the encryption case, it is a point
> +			 * [k]P = (x2,y2)
> +			 */
> +		};
> +	};
> 
>  	rte_crypto_uint id;
>  	/**< The SM2 id used by signer and verifier. */
> @@ -698,6 +687,40 @@ struct rte_crypto_sm2_op_param {
>  };
> 

How is the application supposed to know, it need to fill these parameters and PMD does not support full operation?
Can we add some capability checks?

Also send the patches for test case and PMD support.

>  /**
> + * Asymmetric crypto transform data
> + *
> + * Structure describing asym xforms.
> + */
> +struct rte_crypto_asym_xform {
> +	struct rte_crypto_asym_xform *next;
> +	/**< Pointer to next xform to set up xform chain.*/
> +	enum rte_crypto_asym_xform_type xform_type;
> +	/**< Asymmetric crypto transform */
> +
> +	union {
> +		struct rte_crypto_rsa_xform rsa;
> +		/**< RSA xform parameters */
> +
> +		struct rte_crypto_modex_xform modex;
> +		/**< Modular Exponentiation xform parameters */
> +
> +		struct rte_crypto_modinv_xform modinv;
> +		/**< Modular Multiplicative Inverse xform parameters */
> +
> +		struct rte_crypto_dh_xform dh;
> +		/**< DH xform parameters */
> +
> +		struct rte_crypto_dsa_xform dsa;
> +		/**< DSA xform parameters */
> +
> +		struct rte_crypto_ec_xform ec;
> +		/**< EC xform parameters, used by elliptic curve based
> +		 * operations.
> +		 */
> +	};
> +};
> +
> +/**
>   * Asymmetric Cryptographic Operation.
>   *
>   * Structure describing asymmetric crypto operation params.
> --
> 2.13.6
  
Kusztal, ArkadiuszX Oct. 7, 2024, 8:29 a.m. UTC | #3
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, October 3, 2024 4:39 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Dooley, Brian <brian.dooley@intel.com>
> Subject: RE: [EXTERNAL] [PATCH v2] cryptodev: add ec points to sm2 op
> 
> > In the case when PMD cannot support the full process of the SM2, but
> > elliptic curve computation only, additional fields are needed to
> > handle such a case.
> >
> > Points C1, kP therefore were added to the SM2 crypto operation struct.
> >
> > Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  lib/cryptodev/rte_crypto_asym.h | 119
> > ++++++++++++++++++++++++-------------
> > ---
> >  1 file changed, 71 insertions(+), 48 deletions(-)
> >
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index 39d3da3952..f59759062f 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -600,40 +600,6 @@ struct rte_crypto_ecpm_op_param {  };
> >
> >  /**
> > - * Asymmetric crypto transform data
> > - *
> > - * Structure describing asym xforms.
> > - */
> > -struct rte_crypto_asym_xform {
> > -	struct rte_crypto_asym_xform *next;
> > -	/**< Pointer to next xform to set up xform chain.*/
> > -	enum rte_crypto_asym_xform_type xform_type;
> > -	/**< Asymmetric crypto transform */
> > -
> > -	union {
> > -		struct rte_crypto_rsa_xform rsa;
> > -		/**< RSA xform parameters */
> > -
> > -		struct rte_crypto_modex_xform modex;
> > -		/**< Modular Exponentiation xform parameters */
> > -
> > -		struct rte_crypto_modinv_xform modinv;
> > -		/**< Modular Multiplicative Inverse xform parameters */
> > -
> > -		struct rte_crypto_dh_xform dh;
> > -		/**< DH xform parameters */
> > -
> > -		struct rte_crypto_dsa_xform dsa;
> > -		/**< DSA xform parameters */
> > -
> > -		struct rte_crypto_ec_xform ec;
> > -		/**< EC xform parameters, used by elliptic curve based
> > -		 * operations.
> > -		 */
> > -	};
> > -};
> > -
> > -/**
> >   * SM2 operation params.
> >   */
> >  struct rte_crypto_sm2_op_param {
> > @@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
> >  	 * will be overwritten by the PMD with the decrypted length.
> >  	 */
> >
> > -	rte_crypto_param cipher;
> > -	/**<
> > -	 * Pointer to input data
> > -	 * - to be decrypted for SM2 private decrypt.
> > -	 *
> > -	 * Pointer to output data
> > -	 * - for SM2 public encrypt.
> > -	 * In this case the underlying array should have been allocated
> > -	 * with enough memory to hold ciphertext output (at least X bytes
> > -	 * for prime field curve of N bytes and for message M bytes,
> > -	 * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> > -	 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > -	 * be overwritten by the PMD with the encrypted length.
> > -	 */
> > +	union {
> > +		rte_crypto_param cipher;
> > +		/**<
> > +		 * Pointer to input data
> > +		 * - to be decrypted for SM2 private decrypt.
> > +		 *
> > +		 * Pointer to output data
> > +		 * - for SM2 public encrypt.
> > +		 * In this case the underlying array should have been allocated
> > +		 * with enough memory to hold ciphertext output (at least X
> > bytes
> > +		 * for prime field curve of N bytes and for message M bytes,
> > +		 * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> > as
> > +		 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > +		 * be overwritten by the PMD with the encrypted length.
> > +		 */
> > +		struct {
> > +			struct rte_crypto_ec_point C1;
> > +			/**<
> > +			 * This field is used only when PMD does not support
> the
> > full
> > +			 * process of the SM2 encryption/decryption, but the
> > elliptic
> > +			 * curve part only.
> > +			 *
> > +			 * In the case of encryption, it is an output - point C1 =
> > (x1,y1).
> > +			 * In the case of decryption, if is an input - point C1 =
> > (x1,y1)
> > +			 *
> > +			 */
> > +			struct rte_crypto_ec_point kP;
> > +			/**<
> > +			 * This field is used only when PMD does not support
> the
> > full
> > +			 * process of the SM2 encryption/decryption, but the
> > elliptic
> > +			 * curve part only.
> > +			 *
> > +			 * It is an output in the encryption case, it is a point
> > +			 * [k]P = (x2,y2)
> > +			 */
> > +		};
> > +	};
> >
> >  	rte_crypto_uint id;
> >  	/**< The SM2 id used by signer and verifier. */ @@ -698,6 +687,40 @@
> > struct rte_crypto_sm2_op_param {  };
> >
> 
> How is the application supposed to know, it need to fill these parameters and
> PMD does not support full operation?
> Can we add some capability checks?

Initially I though it should be based on the .rst file PMD information, like with the key generation random number.
Otherwise, it could rather be a feature flag than a capability?

> 
> Also send the patches for test case and PMD support.

Sure, I will send.

> 
> >  /**
> > + * Asymmetric crypto transform data
> > + *
> > + * Structure describing asym xforms.
> > + */
> > +struct rte_crypto_asym_xform {
> > +	struct rte_crypto_asym_xform *next;
> > +	/**< Pointer to next xform to set up xform chain.*/
> > +	enum rte_crypto_asym_xform_type xform_type;
> > +	/**< Asymmetric crypto transform */
> > +
> > +	union {
> > +		struct rte_crypto_rsa_xform rsa;
> > +		/**< RSA xform parameters */
> > +
> > +		struct rte_crypto_modex_xform modex;
> > +		/**< Modular Exponentiation xform parameters */
> > +
> > +		struct rte_crypto_modinv_xform modinv;
> > +		/**< Modular Multiplicative Inverse xform parameters */
> > +
> > +		struct rte_crypto_dh_xform dh;
> > +		/**< DH xform parameters */
> > +
> > +		struct rte_crypto_dsa_xform dsa;
> > +		/**< DSA xform parameters */
> > +
> > +		struct rte_crypto_ec_xform ec;
> > +		/**< EC xform parameters, used by elliptic curve based
> > +		 * operations.
> > +		 */
> > +	};
> > +};
> > +
> > +/**
> >   * Asymmetric Cryptographic Operation.
> >   *
> >   * Structure describing asymmetric crypto operation params.
> > --
> > 2.13.6
  

Patch

diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 39d3da3952..f59759062f 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -600,40 +600,6 @@  struct rte_crypto_ecpm_op_param {
 };
 
 /**
- * Asymmetric crypto transform data
- *
- * Structure describing asym xforms.
- */
-struct rte_crypto_asym_xform {
-	struct rte_crypto_asym_xform *next;
-	/**< Pointer to next xform to set up xform chain.*/
-	enum rte_crypto_asym_xform_type xform_type;
-	/**< Asymmetric crypto transform */
-
-	union {
-		struct rte_crypto_rsa_xform rsa;
-		/**< RSA xform parameters */
-
-		struct rte_crypto_modex_xform modex;
-		/**< Modular Exponentiation xform parameters */
-
-		struct rte_crypto_modinv_xform modinv;
-		/**< Modular Multiplicative Inverse xform parameters */
-
-		struct rte_crypto_dh_xform dh;
-		/**< DH xform parameters */
-
-		struct rte_crypto_dsa_xform dsa;
-		/**< DSA xform parameters */
-
-		struct rte_crypto_ec_xform ec;
-		/**< EC xform parameters, used by elliptic curve based
-		 * operations.
-		 */
-	};
-};
-
-/**
  * SM2 operation params.
  */
 struct rte_crypto_sm2_op_param {
@@ -658,20 +624,43 @@  struct rte_crypto_sm2_op_param {
 	 * will be overwritten by the PMD with the decrypted length.
 	 */
 
-	rte_crypto_param cipher;
-	/**<
-	 * Pointer to input data
-	 * - to be decrypted for SM2 private decrypt.
-	 *
-	 * Pointer to output data
-	 * - for SM2 public encrypt.
-	 * In this case the underlying array should have been allocated
-	 * with enough memory to hold ciphertext output (at least X bytes
-	 * for prime field curve of N bytes and for message M bytes,
-	 * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
-	 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
-	 * be overwritten by the PMD with the encrypted length.
-	 */
+	union {
+		rte_crypto_param cipher;
+		/**<
+		 * Pointer to input data
+		 * - to be decrypted for SM2 private decrypt.
+		 *
+		 * Pointer to output data
+		 * - for SM2 public encrypt.
+		 * In this case the underlying array should have been allocated
+		 * with enough memory to hold ciphertext output (at least X bytes
+		 * for prime field curve of N bytes and for message M bytes,
+		 * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
+		 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
+		 * be overwritten by the PMD with the encrypted length.
+		 */
+		struct {
+			struct rte_crypto_ec_point C1;
+			/**<
+			 * This field is used only when PMD does not support the full
+			 * process of the SM2 encryption/decryption, but the elliptic
+			 * curve part only.
+			 *
+			 * In the case of encryption, it is an output - point C1 = (x1,y1).
+			 * In the case of decryption, if is an input - point C1 = (x1,y1)
+			 *
+			 */
+			struct rte_crypto_ec_point kP;
+			/**<
+			 * This field is used only when PMD does not support the full
+			 * process of the SM2 encryption/decryption, but the elliptic
+			 * curve part only.
+			 *
+			 * It is an output in the encryption case, it is a point
+			 * [k]P = (x2,y2)
+			 */
+		};
+	};
 
 	rte_crypto_uint id;
 	/**< The SM2 id used by signer and verifier. */
@@ -698,6 +687,40 @@  struct rte_crypto_sm2_op_param {
 };
 
 /**
+ * Asymmetric crypto transform data
+ *
+ * Structure describing asym xforms.
+ */
+struct rte_crypto_asym_xform {
+	struct rte_crypto_asym_xform *next;
+	/**< Pointer to next xform to set up xform chain.*/
+	enum rte_crypto_asym_xform_type xform_type;
+	/**< Asymmetric crypto transform */
+
+	union {
+		struct rte_crypto_rsa_xform rsa;
+		/**< RSA xform parameters */
+
+		struct rte_crypto_modex_xform modex;
+		/**< Modular Exponentiation xform parameters */
+
+		struct rte_crypto_modinv_xform modinv;
+		/**< Modular Multiplicative Inverse xform parameters */
+
+		struct rte_crypto_dh_xform dh;
+		/**< DH xform parameters */
+
+		struct rte_crypto_dsa_xform dsa;
+		/**< DSA xform parameters */
+
+		struct rte_crypto_ec_xform ec;
+		/**< EC xform parameters, used by elliptic curve based
+		 * operations.
+		 */
+	};
+};
+
+/**
  * Asymmetric Cryptographic Operation.
  *
  * Structure describing asymmetric crypto operation params.