[dpdk-dev] [PATCH 0/3] adding op-type crt sign and decrypt

[dpdk-dev] [PATCH 0/3] adding op-type crt sign and decrypt

[Ayuj Verma]

Some PMDs can only support RSA private key operations using CRT keys
(quintuple) only. Thus it is required to add in PMD RSA xform
capability which key type is supported to perform sign and decrypt ops.

Thus add an another op_type RTE_CRYPTO_OP_TYPE_SIGN_CRT and
RTE_CRYPTO_OP_TYPE_DECRYPT_CRT, which would mean perform an private
key op using CRT keys (quintuple) only.

PMD would reflect its capability to support these operations using its
op_type mask. App should query RSA xform capability API to check if
specific op_type is supported, thus call operation with relevant key
type.

Another proposal is, it is not known if non-crt keys is used at all to
perform otherwise naturally slow RSA private keys operations.
So, it is also possible to deprecate RSA_KEY_TYPE_EXPONENT altogether
and just use quintuple key type for private key operations.
In that case, there is no need to add another SIGN/DECRYPT_CRT variant,
current SIGN and DECRYPT operation default to using quintuple RSA keys.

Ayuj Verma (3):
  lib/cryptodev: add crt sign and decrypt ops
  crypto/openssl: update op-type mask with crt ops
  test/crypto: check for rsa capa for op-type

 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  4 +-
 lib/librte_cryptodev/rte_crypto_asym.h       |  8 ++++
 test/test/test_cryptodev_asym.c              | 47 ++++++++++++++++++++
 3 files changed, 58 insertions(+), 1 deletion(-)

-- 
2.20.0

[dpdk-dev] [PATCH 1/3] lib/cryptodev: add crt sign and decrypt ops

[Ayuj Verma]

Add CRT variant of RTE_CRYPTO_ASYM_SIGN and DECRYPT operation,
to perform RSA Sign and Decrypt using CRT quintuple keys only

PMD would reflect its capability to support these
operations using its op_type mask. App should query
RSA xform capability API to check if specific op_type is
supported, thus call operation with relevant key type.

Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Signed-off-by: Shally Verma <shallyv@marvell.com>
---
 lib/librte_cryptodev/rte_crypto_asym.h | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h
index 5e185b2dd..2c1f95eb6 100644
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@@ -91,8 +91,16 @@ enum rte_crypto_asym_op_type {
 	/**< Asymmetric Encrypt operation */
 	RTE_CRYPTO_ASYM_OP_DECRYPT,
 	/**< Asymmetric Decrypt operation */
+	RTE_CRYPTO_ASYM_OP_DECRYPT_CRT,
+	/**< RSA private key decrypt operation
+	 * using CRT quintuple keys
+	 */
 	RTE_CRYPTO_ASYM_OP_SIGN,
 	/**< Signature Generation operation */
+	RTE_CRYPTO_ASYM_OP_SIGN_CRT,
+	/**< RSA signature (private key encrypt)
+	 * generation using CRT quintuple keys
+	 */
 	RTE_CRYPTO_ASYM_OP_VERIFY,
 	/**< Signature Verification operation */
 	RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE,
-- 
2.20.0

[dpdk-dev] [PATCH 2/3] crypto/openssl: update op-type mask with crt ops

[Ayuj Verma]

add new asym op_types RTE_CRYPTO_ASYM_OP_SIGN_CRT and
RTE_CRYPTO_ASYM_OP_DECRYPT_CRT in capability structure

Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Signed-off-by: Shally Verma <shallyv@marvell.com>
---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 40217cf0d..579d9d25e 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -476,9 +476,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			.xform_capa = {
 				.xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
 				.op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
+					(1 << RTE_CRYPTO_ASYM_OP_SIGN_CRT) |
 					(1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
 					(1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
-					(1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+					(1 << RTE_CRYPTO_ASYM_OP_DECRYPT) |
+					(1 << RTE_CRYPTO_ASYM_OP_DECRYPT_CRT)),
 				{
 				.modlen = {
 				/* min length is based on openssl rsa keygen */
-- 
2.20.0

[dpdk-dev] [PATCH 3/3] test/crypto: check for rsa capa for op-type

[Ayuj Verma]

Add a rsa xform capability check in test functions,
to check for supported sign and decrypt op_types

Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Signed-off-by: Shally Verma <shallyv@marvell.com>
---
 test/test/test_cryptodev_asym.c | 47 +++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/test/test/test_cryptodev_asym.c b/test/test/test_cryptodev_asym.c
index 0f6fc5767..ae1c76db7 100644
--- a/test/test/test_cryptodev_asym.c
+++ b/test/test/test_cryptodev_asym.c
@@ -52,10 +52,33 @@ test_rsa_sign_verify(void)
 	struct rte_crypto_asym_op *asym_op = NULL;
 	struct rte_crypto_op *op = NULL, *result_op = NULL;
 	struct rte_cryptodev_asym_session *sess = NULL;
+	struct rte_cryptodev_asym_capability_idx cap_idx;
+	const struct rte_cryptodev_asymmetric_xform_capability *capability;
 	int status = TEST_SUCCESS;
 	uint8_t output_buf[TEST_DATA_SIZE] = {0};
 	uint8_t input_buf[TEST_DATA_SIZE] = {0};
 
+	/* check for RSA capability */
+	cap_idx.type = RTE_CRYPTO_ASYM_XFORM_RSA;
+	capability = rte_cryptodev_asym_capability_get(dev_id, &cap_idx);
+
+	if (!capability) {
+		RTE_LOG(ERR, USER1,
+				"RSA xform not supported\n");
+				return TEST_SKIPPED;
+	}
+
+	/* test case supports non-crt sign op only,
+	 * so check for it in capability
+	 */
+	if (!rte_cryptodev_asym_xform_capability_check_optype(
+		capability, RTE_CRYPTO_ASYM_OP_SIGN)) {
+		RTE_LOG(ERR, USER1,
+				"non-crt mode RTE_CRYPTO_ASYM_OP_SIGN "
+				"not supported\n");
+				return TEST_SKIPPED;
+		}
+
 	sess = rte_cryptodev_asym_session_create(sess_mpool);
 
 	if (!sess) {
@@ -186,9 +209,33 @@ test_rsa_enc_dec(void)
 	struct rte_crypto_asym_op *asym_op = NULL;
 	struct rte_crypto_op *op = NULL, *result_op = NULL;
 	struct rte_cryptodev_asym_session *sess = NULL;
+	struct rte_cryptodev_asym_capability_idx cap_idx;
+	const struct rte_cryptodev_asymmetric_xform_capability *capability;
 	int status = TEST_SUCCESS;
 	uint8_t input_buf[TEST_DATA_SIZE] = {0};
 
+	/* check for RSA capability */
+	cap_idx.type = RTE_CRYPTO_ASYM_XFORM_RSA;
+	capability = rte_cryptodev_asym_capability_get(dev_id, &cap_idx);
+
+	if (!capability) {
+		RTE_LOG(ERR, USER1,
+				"RSA xform not supported\n");
+				return TEST_SKIPPED;
+	}
+
+	/* test case supports non-crt decrypt op only,
+	 * so check for it in capability
+	 */
+	if (!rte_cryptodev_asym_xform_capability_check_optype(
+		capability, RTE_CRYPTO_ASYM_OP_DECRYPT)) {
+		RTE_LOG(ERR, USER1,
+				"non-crt mode RTE_CRYPTO_ASYM_OP_DECRYPT "
+				"not supported\n");
+				return TEST_SKIPPED;
+		}
+
+
 	sess = rte_cryptodev_asym_session_create(sess_mpool);
 
 	if (!sess) {
-- 
2.20.0

Re: [dpdk-dev] [PATCH 0/3] adding op-type crt sign and decrypt

[Ayuj Verma]

Hi Pablo,Fiona


Did you get a chance to look into these.


Thanks and regards

Ayuj Verma

________________________________
From: Ayuj Verma <ayverma@marvell.com>
Sent: 06 February 2019 16:46:17
To: pablo.de.lara.guarch@intel.com
Cc: fiona.trahe@intel.com; dev@dpdk.org; Shally Verma; Sunila Sahu; Kanaka Durga Kotamarthy; Arvind Desai; Ayuj Verma
Subject: [PATCH 0/3] adding op-type crt sign and decrypt

Some PMDs can only support RSA private key operations using CRT keys
(quintuple) only. Thus it is required to add in PMD RSA xform
capability which key type is supported to perform sign and decrypt ops.

Thus add an another op_type RTE_CRYPTO_OP_TYPE_SIGN_CRT and
RTE_CRYPTO_OP_TYPE_DECRYPT_CRT, which would mean perform an private
key op using CRT keys (quintuple) only.

PMD would reflect its capability to support these operations using its
op_type mask. App should query RSA xform capability API to check if
specific op_type is supported, thus call operation with relevant key
type.

Another proposal is, it is not known if non-crt keys is used at all to
perform otherwise naturally slow RSA private keys operations.
So, it is also possible to deprecate RSA_KEY_TYPE_EXPONENT altogether
and just use quintuple key type for private key operations.
In that case, there is no need to add another SIGN/DECRYPT_CRT variant,
current SIGN and DECRYPT operation default to using quintuple RSA keys.

Ayuj Verma (3):
  lib/cryptodev: add crt sign and decrypt ops
  crypto/openssl: update op-type mask with crt ops
  test/crypto: check for rsa capa for op-type

 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  4 +-
 lib/librte_cryptodev/rte_crypto_asym.h       |  8 ++++
 test/test/test_cryptodev_asym.c              | 47 ++++++++++++++++++++
 3 files changed, 58 insertions(+), 1 deletion(-)

--
2.20.0

Re: [dpdk-dev] [PATCH 0/3] adding op-type crt sign and decrypt

[Shally Verma]

HI Arek,

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com> 
Sent: 11 February 2019 17:11
To: Ayuj Verma <ayverma@marvell.com>; Trahe, Fiona <fiona.trahe@intel.com>; Shally Verma <shallyv@marvell.com>
Cc: akhil.goyal@nxp.com
Subject: [EXT] RE: [PATCH 0/3] adding op-type crt sign and decrypt

External Email 
________________________________________
Hi Ayuj,

Few comments from me. 

Some PMDs can only support RSA private key operations using CRT keys
(quintuple) only. Thus it is required to add in PMD RSA xform
capability which key type is supported to perform sign and decrypt ops.


Thus add an another op_type RTE_CRYPTO_OP_TYPE_SIGN_CRT and
RTE_CRYPTO_OP_TYPE_DECRYPT_CRT, which would mean perform an private
key op using CRT keys (quintuple) only.
[AK] - What would be the purpose of enum rte_crypto_rsa_priv_key_type key_type in RSA XFORM then?

[Shally] PMDs, like openssl, can support private key ops with both key type i.e. one can invoke RSA_Sign() with quintuple keys or exponent keys. 
Openssl in its capability would reflect it support ops with both key types. that's why key_type is still required in xform. 

PMD would reflect its capability to support these operations using its
op_type mask. App should query RSA xform capability API to check if
specific op_type is supported, thus call operation with relevant key
type.

Another proposal is, it is not known if non-crt keys is used at all to
perform otherwise naturally slow RSA private keys operations.
So, it is also possible to deprecate RSA_KEY_TYPE_EXPONENT altogether
and just use quintuple key type for private key operations.
In that case, there is no need to add another SIGN/DECRYPT_CRT variant,
current SIGN and DECRYPT operation default to using quintuple RSA keys.
[AK] - even if I generally agree that all drivers will be using CRT by default (when quintuple keys provided) I think that if some PMD cannot support mod exp, it should fail on session init or should receive unsupported error on dequeue.

[Shally] Sorry this isn't clear to me when you say "if some PMD cannot support mod exp, it should fail on session init" . modexp is exported as separate xform on lib, if PMD doesn't support this xform, it will not be in its capability.
Or do you mean to say, we can leave exponent key type support , if PMD doesn't support operations using this type, it can will fail during session_init()?
modexp is base for all RSA operation, so any PMD has to support it internally in any case.

Ayuj Verma (3):
  lib/cryptodev: add crt sign and decrypt ops
  crypto/openssl: update op-type mask with crt ops
  test/crypto: check for rsa capa for op-type

 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  4 +-
 lib/librte_cryptodev/rte_crypto_asym.h       |  8 ++++
 test/test/test_cryptodev_asym.c              | 47 ++++++++++++++++++++
 3 files changed, 58 insertions(+), 1 deletion(-)

-- 
2.20.0

Regards,
Arek

Re: [dpdk-dev] [PATCH 0/3] adding op-type crt sign and decrypt

[Kusztal, ArkadiuszX]

Hi Shally, Ayuj

Answers with [AK]

> -----Original Message-----
> From: Shally Verma [mailto:shallyv@marvell.com]
> Sent: Tuesday, February 12, 2019 6:27 AM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Ayuj Verma
> <ayverma@marvell.com>; Trahe, Fiona <fiona.trahe@intel.com>
> Cc: akhil.goyal@nxp.com; Kanaka Durga Kotamarthy
> <kkotamarthy@marvell.com>; Sunila Sahu <ssahu@marvell.com>;
> dev@dpdk.org
> Subject: RE: [PATCH 0/3] adding op-type crt sign and decrypt
> 
> HI Arek,
> 
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: 11 February 2019 17:11
> To: Ayuj Verma <ayverma@marvell.com>; Trahe, Fiona
> <fiona.trahe@intel.com>; Shally Verma <shallyv@marvell.com>
> Cc: akhil.goyal@nxp.com
> Subject: [EXT] RE: [PATCH 0/3] adding op-type crt sign and decrypt
> 
> External Email
> ________________________________________
> Hi Ayuj,
> 
> Few comments from me.
> 
> Some PMDs can only support RSA private key operations using CRT keys
> (quintuple) only. Thus it is required to add in PMD RSA xform capability
> which key type is supported to perform sign and decrypt ops.
> 
> 
> Thus add an another op_type RTE_CRYPTO_OP_TYPE_SIGN_CRT and
> RTE_CRYPTO_OP_TYPE_DECRYPT_CRT, which would mean perform an
> private key op using CRT keys (quintuple) only.
> [AK] - What would be the purpose of enum rte_crypto_rsa_priv_key_type
> key_type in RSA XFORM then?
> 
> [Shally] PMDs, like openssl, can support private key ops with both key type
> i.e. one can invoke RSA_Sign() with quintuple keys or exponent keys.
> Openssl in its capability would reflect it support ops with both key types.
> that's why key_type is still required in xform.

[AK] But still I wonder if we could not just use this enum to distinguish between crt and mod exp rsa?
I am not very keen on adding SIGN_CRT op type as it is RSA only. Another option would be to add flags to rsa op like uint64_t flags;
> 
> PMD would reflect its capability to support these operations using its
> op_type mask. App should query RSA xform capability API to check if specific
> op_type is supported, thus call operation with relevant key type.
> 
> Another proposal is, it is not known if non-crt keys is used at all to perform
> otherwise naturally slow RSA private keys operations.
> So, it is also possible to deprecate RSA_KEY_TYPE_EXPONENT altogether and
> just use quintuple key type for private key operations.
> In that case, there is no need to add another SIGN/DECRYPT_CRT variant,
> current SIGN and DECRYPT operation default to using quintuple RSA keys.
> [AK] - even if I generally agree that all drivers will be using CRT by default
> (when quintuple keys provided) I think that if some PMD cannot support
> mod exp, it should fail on session init or should receive unsupported error on
> dequeue.
> 
> [Shally] Sorry this isn't clear to me when you say "if some PMD cannot
> support mod exp, it should fail on session init" . modexp is exported as
> separate xform on lib, if PMD doesn't support this xform, it will not be in its
> capability.
> Or do you mean to say, we can leave exponent key type support , if PMD
> doesn't support operations using this type, it can will fail during
> session_init()?
[AK] Yes
> modexp is base for all RSA operation, so any PMD has to support it internally
> in any case.
> 
> Ayuj Verma (3):
>   lib/cryptodev: add crt sign and decrypt ops
>   crypto/openssl: update op-type mask with crt ops
>   test/crypto: check for rsa capa for op-type
> 
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c |  4 +-
>  lib/librte_cryptodev/rte_crypto_asym.h       |  8 ++++
>  test/test/test_cryptodev_asym.c              | 47 ++++++++++++++++++++
>  3 files changed, 58 insertions(+), 1 deletion(-)
> 
> --
> 2.20.0
> 
> Regards,
> Arek

Re: [dpdk-dev] [PATCH 0/3] adding op-type crt sign and decrypt

[Shally Verma]

Hi Arek

>-----Original Message-----
>From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
>Sent: 12 February 2019 16:42
>To: Shally Verma <shallyv@marvell.com>; Ayuj Verma <ayverma@marvell.com>; Trahe, Fiona <fiona.trahe@intel.com>
>Cc: akhil.goyal@nxp.com; Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>; Sunila Sahu <ssahu@marvell.com>;
>dev@dpdk.org
>Subject: RE: [PATCH 0/3] adding op-type crt sign and decrypt
>
>Hi Shally, Ayuj
>
>Answers with [AK]
>
>> -----Original Message-----
>> From: Shally Verma [mailto:shallyv@marvell.com]
>> Sent: Tuesday, February 12, 2019 6:27 AM
>> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Ayuj Verma
>> <ayverma@marvell.com>; Trahe, Fiona <fiona.trahe@intel.com>
>> Cc: akhil.goyal@nxp.com; Kanaka Durga Kotamarthy
>> <kkotamarthy@marvell.com>; Sunila Sahu <ssahu@marvell.com>;
>> dev@dpdk.org
>> Subject: RE: [PATCH 0/3] adding op-type crt sign and decrypt
>>
>> HI Arek,
>>
>> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
>> Sent: 11 February 2019 17:11
>> To: Ayuj Verma <ayverma@marvell.com>; Trahe, Fiona
>> <fiona.trahe@intel.com>; Shally Verma <shallyv@marvell.com>
>> Cc: akhil.goyal@nxp.com
>> Subject: [EXT] RE: [PATCH 0/3] adding op-type crt sign and decrypt
>>
>> External Email
>> ________________________________________
>> Hi Ayuj,
>>
>> Few comments from me.
>>
>> Some PMDs can only support RSA private key operations using CRT keys
>> (quintuple) only. Thus it is required to add in PMD RSA xform capability
>> which key type is supported to perform sign and decrypt ops.
>>
>>
>> Thus add an another op_type RTE_CRYPTO_OP_TYPE_SIGN_CRT and
>> RTE_CRYPTO_OP_TYPE_DECRYPT_CRT, which would mean perform an
>> private key op using CRT keys (quintuple) only.
>> [AK] - What would be the purpose of enum rte_crypto_rsa_priv_key_type
>> key_type in RSA XFORM then?
>>
>> [Shally] PMDs, like openssl, can support private key ops with both key type
>> i.e. one can invoke RSA_Sign() with quintuple keys or exponent keys.
>> Openssl in its capability would reflect it support ops with both key types.
>> that's why key_type is still required in xform.
>
>[AK] But still I wonder if we could not just use this enum to distinguish between crt and mod exp rsa?
>I am not very keen on adding SIGN_CRT op type as it is RSA only. Another option would be to add flags to rsa op like uint64_t flags;
[Shally] Ok .. you mean as feature flag? Example, RTE_CRYPTODEV_ASYM_FF_RSA_PRIV_KEY_OP_CRT?

Thanks
Shally
...
>> Regards,
>> Arek

Re: [dpdk-dev] [PATCH 0/3] adding op-type crt sign and decrypt

[Kusztal, ArkadiuszX]

> -----Original Message-----
> From: Shally Verma [mailto:shallyv@marvell.com]
> Sent: Tuesday, February 12, 2019 12:19 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Ayuj Verma
> <ayverma@marvell.com>; Trahe, Fiona <fiona.trahe@intel.com>
> Cc: akhil.goyal@nxp.com; Kanaka Durga Kotamarthy
> <kkotamarthy@marvell.com>; Sunila Sahu <ssahu@marvell.com>;
> dev@dpdk.org
> Subject: RE: [PATCH 0/3] adding op-type crt sign and decrypt
> 
> Hi Arek
> 
> >-----Original Message-----
> >From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> >Sent: 12 February 2019 16:42
> >To: Shally Verma <shallyv@marvell.com>; Ayuj Verma
> ><ayverma@marvell.com>; Trahe, Fiona <fiona.trahe@intel.com>
> >Cc: akhil.goyal@nxp.com; Kanaka Durga Kotamarthy
> ><kkotamarthy@marvell.com>; Sunila Sahu <ssahu@marvell.com>;
> >dev@dpdk.org
> >Subject: RE: [PATCH 0/3] adding op-type crt sign and decrypt
> >
> >Hi Shally, Ayuj
> >
> >Answers with [AK]
> >
> >> -----Original Message-----
> >> From: Shally Verma [mailto:shallyv@marvell.com]
> >> Sent: Tuesday, February 12, 2019 6:27 AM
> >> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Ayuj Verma
> >> <ayverma@marvell.com>; Trahe, Fiona <fiona.trahe@intel.com>
> >> Cc: akhil.goyal@nxp.com; Kanaka Durga Kotamarthy
> >> <kkotamarthy@marvell.com>; Sunila Sahu <ssahu@marvell.com>;
> >> dev@dpdk.org
> >> Subject: RE: [PATCH 0/3] adding op-type crt sign and decrypt
> >>
> >> HI Arek,
> >>
> >> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> >> Sent: 11 February 2019 17:11
> >> To: Ayuj Verma <ayverma@marvell.com>; Trahe, Fiona
> >> <fiona.trahe@intel.com>; Shally Verma <shallyv@marvell.com>
> >> Cc: akhil.goyal@nxp.com
> >> Subject: [EXT] RE: [PATCH 0/3] adding op-type crt sign and decrypt
> >>
> >> External Email
> >> ________________________________________
> >> Hi Ayuj,
> >>
> >> Few comments from me.
> >>
> >> Some PMDs can only support RSA private key operations using CRT keys
> >> (quintuple) only. Thus it is required to add in PMD RSA xform
> >> capability which key type is supported to perform sign and decrypt ops.
> >>
> >>
> >> Thus add an another op_type RTE_CRYPTO_OP_TYPE_SIGN_CRT and
> >> RTE_CRYPTO_OP_TYPE_DECRYPT_CRT, which would mean perform an
> private
> >> key op using CRT keys (quintuple) only.
> >> [AK] - What would be the purpose of enum rte_crypto_rsa_priv_key_type
> >> key_type in RSA XFORM then?
> >>
> >> [Shally] PMDs, like openssl, can support private key ops with both
> >> key type i.e. one can invoke RSA_Sign() with quintuple keys or exponent
> keys.
> >> Openssl in its capability would reflect it support ops with both key types.
> >> that's why key_type is still required in xform.
> >
> >[AK] But still I wonder if we could not just use this enum to distinguish
> between crt and mod exp rsa?
> >I am not very keen on adding SIGN_CRT op type as it is RSA only.
> >Another option would be to add flags to rsa op like uint64_t flags;
> [Shally] Ok .. you mean as feature flag? Example,
> RTE_CRYPTODEV_ASYM_FF_RSA_PRIV_KEY_OP_CRT?
[AK] Yes.
> 
> Thanks
> Shally
> ...
> >> Regards,
> >> Arek