[v1] crypto/cnxk: support exponent type private key

[v1] crypto/cnxk: support exponent type private key

[Gowrishankar Muthukrishnan]

This patch adds support for RTE_RSA_KEY_TYPE_EXP in cnxk crypto
driver.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 drivers/crypto/cnxk/cnxk_ae.h        | 60 ++++++++++++++++++++++------
 drivers/crypto/cnxk/cnxk_cryptodev.c |  1 +
 2 files changed, 48 insertions(+), 13 deletions(-)

diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 4a7ce0bf40..7a61c81cfd 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -82,6 +82,7 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
 	struct rte_crypto_rsa_priv_key_qt qt = xform->rsa.qt;
 	struct rte_crypto_rsa_xform *xfrm_rsa = &xform->rsa;
 	struct rte_crypto_rsa_xform *rsa = &sess->rsa_ctx;
+	struct rte_crypto_param_t d = xform->rsa.d;
 	size_t mod_len = xfrm_rsa->n.length;
 	size_t exp_len = xfrm_rsa->e.length;
 	uint64_t total_size;
@@ -90,12 +91,20 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
 	if (qt.p.length != 0 && qt.p.data == NULL)
 		return -EINVAL;
 
+	/* Set private key type */
+	rsa->key_type = xfrm_rsa->key_type;
+
 	/* Make sure key length used is not more than mod_len/2 */
-	if (qt.p.data != NULL)
-		len = (((mod_len / 2) < qt.p.length) ? 0 : qt.p.length);
+	if (rsa->key_type == RTE_RSA_KEY_TYPE_QT) {
+		if (qt.p.data != NULL)
+			len = (((mod_len / 2) < qt.p.length) ? 0 : qt.p.length * 5);
+	} else if (rsa->key_type == RTE_RSA_KEY_TYPE_EXP) {
+		if (d.length != 0)
+			len = d.length - exp_len;
+	}
 
 	/* Total size required for RSA key params(n,e,(q,dQ,p,dP,qInv)) */
-	total_size = mod_len + exp_len + 5 * len;
+	total_size = mod_len + exp_len + len;
 
 	/* Allocate buffer to hold all RSA keys */
 	rsa->n.data = rte_malloc(NULL, total_size, 0);
@@ -107,8 +116,8 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
 	rsa->e.data = rsa->n.data + mod_len;
 	memcpy(rsa->e.data, xfrm_rsa->e.data, exp_len);
 
-	/* Private key in quintuple format */
-	if (len != 0) {
+	if (rsa->key_type == RTE_RSA_KEY_TYPE_QT) {
+		/* Private key in quintuple format */
 		rsa->qt.q.data = rsa->e.data + exp_len;
 		memcpy(rsa->qt.q.data, qt.q.data, qt.q.length);
 		rsa->qt.dQ.data = rsa->qt.q.data + qt.q.length;
@@ -126,6 +135,14 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
 		rsa->qt.p.length = qt.p.length;
 		rsa->qt.dP.length = qt.dP.length;
 		rsa->qt.qInv.length = qt.qInv.length;
+	} else if (d.length != 0) {
+		/* Private key in exponent format */
+		rsa->d.data = rte_malloc(NULL, d.length, 0);
+		if (rsa->d.data == NULL)
+			return -ENOMEM;
+
+		memcpy(rsa->d.data, d.data, d.length);
+		rsa->d.length = d.length;
 	}
 	rsa->n.length = mod_len;
 	rsa->e.length = exp_len;
@@ -200,6 +217,8 @@ cnxk_ae_free_session_parameters(struct cnxk_ae_sess *sess)
 	case RTE_CRYPTO_ASYM_XFORM_RSA:
 		rsa = &sess->rsa_ctx;
 		rte_free(rsa->n.data);
+		if (rsa->key_type == RTE_RSA_KEY_TYPE_EXP)
+			rte_free(rsa->d.data);
 		break;
 	case RTE_CRYPTO_ASYM_XFORM_MODEX:
 		mod = &sess->mod_ctx;
@@ -295,12 +314,14 @@ cnxk_ae_rsa_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
 		w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX;
 		w4.s.param2 = exp_len;
 	} else {
-		if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+		if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT ||
+			rsa_op.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
 			w4.s.opcode_minor = ROC_AE_MINOR_OP_PKCS_ENC;
 			/* Public key encrypt, use BT2*/
 			w4.s.param2 = ROC_AE_CPT_BLOCK_TYPE2 |
 				      ((uint16_t)(exp_len) << 1);
-		} else if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
+		} else if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_VERIFY ||
+				   rsa_op.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
 			w4.s.opcode_minor = ROC_AE_MINOR_OP_PKCS_DEC;
 			/* Public key decrypt, use BT1 */
 			w4.s.param2 = ROC_AE_CPT_BLOCK_TYPE1;
@@ -379,23 +400,36 @@ cnxk_ae_enqueue_rsa_op(struct rte_crypto_op *op,
 		       struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
 {
 	struct rte_crypto_rsa_op_param *rsa = &op->asym->rsa;
+	struct rte_crypto_rsa_xform *ctx = &sess->rsa_ctx;
 
 	switch (rsa->op_type) {
 	case RTE_CRYPTO_ASYM_OP_VERIFY:
-		cnxk_ae_rsa_prep(op, meta_buf, &sess->rsa_ctx, &rsa->sign,
+		cnxk_ae_rsa_prep(op, meta_buf, ctx, &rsa->sign,
 				 inst);
 		break;
 	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
-		cnxk_ae_rsa_prep(op, meta_buf, &sess->rsa_ctx, &rsa->message,
+		cnxk_ae_rsa_prep(op, meta_buf, ctx, &rsa->message,
 				 inst);
 		break;
 	case RTE_CRYPTO_ASYM_OP_SIGN:
-		cnxk_ae_rsa_crt_prep(op, meta_buf, &sess->rsa_ctx,
-				     &rsa->message, inst);
+		if (ctx->key_type == RTE_RSA_KEY_TYPE_QT) {
+			cnxk_ae_rsa_crt_prep(op, meta_buf, ctx, &rsa->message, inst);
+		} else {
+			memcpy(ctx->e.data, ctx->d.data, ctx->d.length);
+			ctx->e.length = ctx->d.length;
+			cnxk_ae_rsa_prep(op, meta_buf, ctx,
+					 &rsa->message, inst);
+		}
 		break;
 	case RTE_CRYPTO_ASYM_OP_DECRYPT:
-		cnxk_ae_rsa_crt_prep(op, meta_buf, &sess->rsa_ctx, &rsa->cipher,
-				     inst);
+		if (ctx->key_type == RTE_RSA_KEY_TYPE_QT) {
+			cnxk_ae_rsa_crt_prep(op, meta_buf, ctx, &rsa->cipher, inst);
+		} else {
+			memcpy(ctx->e.data, ctx->d.data, ctx->d.length);
+			ctx->e.length = ctx->d.length;
+			cnxk_ae_rsa_prep(op, meta_buf, ctx,
+					 &rsa->cipher, inst);
+		}
 		break;
 	default:
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.c b/drivers/crypto/cnxk/cnxk_cryptodev.c
index d67de54a7b..35635f7831 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.c
@@ -15,6 +15,7 @@ cnxk_cpt_default_ff_get(void)
 		      RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
 		      RTE_CRYPTODEV_FF_HW_ACCELERATED |
 		      RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
+		      RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP |
 		      RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
 		      RTE_CRYPTODEV_FF_IN_PLACE_SGL |
 		      RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
-- 
2.25.1

RE: [v1] crypto/cnxk: support exponent type private key

[Akhil Goyal]

> Subject: [v1] crypto/cnxk: support exponent type private key
> 
> This patch adds support for RTE_RSA_KEY_TYPE_EXP in cnxk crypto
> driver.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  drivers/crypto/cnxk/cnxk_ae.h        | 60 ++++++++++++++++++++++------
>  drivers/crypto/cnxk/cnxk_cryptodev.c |  1 +
>  2 files changed, 48 insertions(+), 13 deletions(-)
Please also update cn9k.ini and cn10k.ini file for the feature supported.

[v2] crypto/cnxk: support exponent type private key

[Gowrishankar Muthukrishnan]

This patch adds support for RTE_RSA_KEY_TYPE_EXP in cnxk crypto
driver.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
--
v2:
 - new function to handle exp type priv key.
---
 drivers/crypto/cnxk/cnxk_ae.h        | 112 ++++++++++++++++++++++-----
 drivers/crypto/cnxk/cnxk_cryptodev.c |   1 +
 2 files changed, 93 insertions(+), 20 deletions(-)

diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 4a7ce0bf40..adf719da73 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -82,20 +82,31 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
 	struct rte_crypto_rsa_priv_key_qt qt = xform->rsa.qt;
 	struct rte_crypto_rsa_xform *xfrm_rsa = &xform->rsa;
 	struct rte_crypto_rsa_xform *rsa = &sess->rsa_ctx;
+	struct rte_crypto_param_t d = xform->rsa.d;
 	size_t mod_len = xfrm_rsa->n.length;
 	size_t exp_len = xfrm_rsa->e.length;
 	uint64_t total_size;
 	size_t len = 0;
 
-	if (qt.p.length != 0 && qt.p.data == NULL)
-		return -EINVAL;
+	/* Set private key type */
+	rsa->key_type = xfrm_rsa->key_type;
+
+	if (rsa->key_type == RTE_RSA_KEY_TYPE_QT) {
+		if (qt.p.length != 0 && qt.p.data == NULL)
+			return -EINVAL;
+
+		/* Make sure key length used is not more than mod_len/2 */
+		if (qt.p.data != NULL)
+			len = (((mod_len / 2) < qt.p.length) ? 0 : qt.p.length * 5);
+	} else if (rsa->key_type == RTE_RSA_KEY_TYPE_EXP) {
+		if (d.length != 0 && d.data == NULL)
+			return -EINVAL;
 
-	/* Make sure key length used is not more than mod_len/2 */
-	if (qt.p.data != NULL)
-		len = (((mod_len / 2) < qt.p.length) ? 0 : qt.p.length);
+		len = d.length;
+	}
 
 	/* Total size required for RSA key params(n,e,(q,dQ,p,dP,qInv)) */
-	total_size = mod_len + exp_len + 5 * len;
+	total_size = mod_len + exp_len + len;
 
 	/* Allocate buffer to hold all RSA keys */
 	rsa->n.data = rte_malloc(NULL, total_size, 0);
@@ -107,8 +118,8 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
 	rsa->e.data = rsa->n.data + mod_len;
 	memcpy(rsa->e.data, xfrm_rsa->e.data, exp_len);
 
-	/* Private key in quintuple format */
-	if (len != 0) {
+	if (rsa->key_type == RTE_RSA_KEY_TYPE_QT) {
+		/* Private key in quintuple format */
 		rsa->qt.q.data = rsa->e.data + exp_len;
 		memcpy(rsa->qt.q.data, qt.q.data, qt.q.length);
 		rsa->qt.dQ.data = rsa->qt.q.data + qt.q.length;
@@ -126,6 +137,11 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
 		rsa->qt.p.length = qt.p.length;
 		rsa->qt.dP.length = qt.dP.length;
 		rsa->qt.qInv.length = qt.qInv.length;
+	} else if (rsa->key_type == RTE_RSA_KEY_TYPE_EXP) {
+		/* Private key in exponent format */
+		rsa->d.data = rsa->e.data + exp_len;
+		memcpy(rsa->d.data, d.data, d.length);
+		rsa->d.length = d.length;
 	}
 	rsa->n.length = mod_len;
 	rsa->e.length = exp_len;
@@ -316,10 +332,64 @@ cnxk_ae_rsa_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
 	inst->rptr = (uintptr_t)dptr;
 }
 
+static __rte_always_inline void
+cnxk_ae_rsa_exp_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
+		     struct rte_crypto_rsa_xform *rsa, rte_crypto_param *crypto_param,
+		     struct cpt_inst_s *inst)
+{
+	struct rte_crypto_rsa_op_param rsa_op;
+	uint32_t privkey_len = rsa->d.length;
+	uint32_t mod_len = rsa->n.length;
+	union cpt_inst_w4 w4;
+	uint32_t in_size;
+	uint32_t dlen;
+	uint8_t *dptr;
+
+	rsa_op = op->asym->rsa;
+
+	/* Input buffer */
+	dptr = meta_buf->vaddr;
+	inst->dptr = (uintptr_t)dptr;
+	memcpy(dptr, rsa->n.data, mod_len);
+	dptr += mod_len;
+	memcpy(dptr, rsa->d.data, privkey_len);
+	dptr += privkey_len;
+
+	in_size = crypto_param->length;
+	memcpy(dptr, crypto_param->data, in_size);
+
+	dptr += in_size;
+	dlen = mod_len + privkey_len + in_size;
+
+	if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
+		/* Use mod_exp operation for no_padding type */
+		w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX;
+		w4.s.param2 = privkey_len;
+	} else {
+		if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+			w4.s.opcode_minor = ROC_AE_MINOR_OP_PKCS_ENC;
+			/* Private key encrypt (exponent), use BT1*/
+			w4.s.param2 = ROC_AE_CPT_BLOCK_TYPE1 | ((uint16_t)(privkey_len) << 1);
+		} else if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
+			w4.s.opcode_minor = ROC_AE_MINOR_OP_PKCS_DEC;
+			/* Private key decrypt (exponent), use BT2 */
+			w4.s.param2 = ROC_AE_CPT_BLOCK_TYPE2;
+		}
+	}
+
+	w4.s.opcode_major = ROC_AE_MAJOR_OP_MODEX;
+
+	w4.s.param1 = mod_len;
+	w4.s.dlen = dlen;
+
+	inst->w4.u64 = w4.u64;
+	inst->rptr = (uintptr_t)dptr;
+}
+
 static __rte_always_inline void
 cnxk_ae_rsa_crt_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
-		     struct rte_crypto_rsa_xform *rsa,
-		     rte_crypto_param *crypto_param, struct cpt_inst_s *inst)
+		     struct rte_crypto_rsa_xform *rsa, rte_crypto_param *crypto_param,
+		     struct cpt_inst_s *inst)
 {
 	uint32_t qInv_len = rsa->qt.qInv.length;
 	struct rte_crypto_rsa_op_param rsa_op;
@@ -374,28 +444,30 @@ cnxk_ae_rsa_crt_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
 }
 
 static __rte_always_inline int __rte_hot
-cnxk_ae_enqueue_rsa_op(struct rte_crypto_op *op,
-		       struct roc_ae_buf_ptr *meta_buf,
+cnxk_ae_enqueue_rsa_op(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
 		       struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
 {
 	struct rte_crypto_rsa_op_param *rsa = &op->asym->rsa;
+	struct rte_crypto_rsa_xform *ctx = &sess->rsa_ctx;
 
 	switch (rsa->op_type) {
 	case RTE_CRYPTO_ASYM_OP_VERIFY:
-		cnxk_ae_rsa_prep(op, meta_buf, &sess->rsa_ctx, &rsa->sign,
-				 inst);
+		cnxk_ae_rsa_prep(op, meta_buf, ctx, &rsa->sign, inst);
 		break;
 	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
-		cnxk_ae_rsa_prep(op, meta_buf, &sess->rsa_ctx, &rsa->message,
-				 inst);
+		cnxk_ae_rsa_prep(op, meta_buf, ctx, &rsa->message, inst);
 		break;
 	case RTE_CRYPTO_ASYM_OP_SIGN:
-		cnxk_ae_rsa_crt_prep(op, meta_buf, &sess->rsa_ctx,
-				     &rsa->message, inst);
+		if (ctx->key_type == RTE_RSA_KEY_TYPE_QT)
+			cnxk_ae_rsa_crt_prep(op, meta_buf, ctx, &rsa->message, inst);
+		else
+			cnxk_ae_rsa_exp_prep(op, meta_buf, ctx, &rsa->message, inst);
 		break;
 	case RTE_CRYPTO_ASYM_OP_DECRYPT:
-		cnxk_ae_rsa_crt_prep(op, meta_buf, &sess->rsa_ctx, &rsa->cipher,
-				     inst);
+		if (ctx->key_type == RTE_RSA_KEY_TYPE_QT)
+			cnxk_ae_rsa_crt_prep(op, meta_buf, ctx, &rsa->cipher, inst);
+		else
+			cnxk_ae_rsa_exp_prep(op, meta_buf, ctx, &rsa->cipher, inst);
 		break;
 	default:
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.c b/drivers/crypto/cnxk/cnxk_cryptodev.c
index d67de54a7b..35635f7831 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.c
@@ -15,6 +15,7 @@ cnxk_cpt_default_ff_get(void)
 		      RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
 		      RTE_CRYPTODEV_FF_HW_ACCELERATED |
 		      RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
+		      RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP |
 		      RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
 		      RTE_CRYPTODEV_FF_IN_PLACE_SGL |
 		      RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
-- 
2.25.1

[v3] crypto/cnxk: support exponent type private key

[Gowrishankar Muthukrishnan]

This patch adds support for RTE_RSA_KEY_TYPE_EXP in cnxk crypto
driver.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
--
v3:
 - .ini updates.
v2:
 - new function to handle exp type priv key.
---
 doc/guides/cryptodevs/features/cn10k.ini |   2 +
 doc/guides/cryptodevs/features/cn9k.ini  |   2 +
 drivers/crypto/cnxk/cnxk_ae.h            | 112 +++++++++++++++++++----
 drivers/crypto/cnxk/cnxk_cryptodev.c     |   1 +
 4 files changed, 97 insertions(+), 20 deletions(-)

diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini
index 166fca5adb..6e4e0e0095 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -14,6 +14,8 @@ OOP SGL In LB  Out     = Y
 OOP SGL In SGL Out     = Y
 OOP LB  In LB  Out     = Y
 Symmetric sessionless  = Y
+RSA PRIV OP KEY EXP    = Y
+RSA PRIV OP KEY QT     = Y
 Digest encrypted       = Y
 Inner checksum         = Y
 
diff --git a/doc/guides/cryptodevs/features/cn9k.ini b/doc/guides/cryptodevs/features/cn9k.ini
index c3d131db1a..f9c896f6bd 100644
--- a/doc/guides/cryptodevs/features/cn9k.ini
+++ b/doc/guides/cryptodevs/features/cn9k.ini
@@ -14,6 +14,8 @@ OOP SGL In LB  Out     = Y
 OOP SGL In SGL Out     = Y
 OOP LB  In LB  Out     = Y
 Symmetric sessionless  = Y
+RSA PRIV OP KEY EXP    = Y
+RSA PRIV OP KEY QT     = Y
 Digest encrypted       = Y
 
 ;
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 4a7ce0bf40..adf719da73 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -82,20 +82,31 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
 	struct rte_crypto_rsa_priv_key_qt qt = xform->rsa.qt;
 	struct rte_crypto_rsa_xform *xfrm_rsa = &xform->rsa;
 	struct rte_crypto_rsa_xform *rsa = &sess->rsa_ctx;
+	struct rte_crypto_param_t d = xform->rsa.d;
 	size_t mod_len = xfrm_rsa->n.length;
 	size_t exp_len = xfrm_rsa->e.length;
 	uint64_t total_size;
 	size_t len = 0;
 
-	if (qt.p.length != 0 && qt.p.data == NULL)
-		return -EINVAL;
+	/* Set private key type */
+	rsa->key_type = xfrm_rsa->key_type;
+
+	if (rsa->key_type == RTE_RSA_KEY_TYPE_QT) {
+		if (qt.p.length != 0 && qt.p.data == NULL)
+			return -EINVAL;
+
+		/* Make sure key length used is not more than mod_len/2 */
+		if (qt.p.data != NULL)
+			len = (((mod_len / 2) < qt.p.length) ? 0 : qt.p.length * 5);
+	} else if (rsa->key_type == RTE_RSA_KEY_TYPE_EXP) {
+		if (d.length != 0 && d.data == NULL)
+			return -EINVAL;
 
-	/* Make sure key length used is not more than mod_len/2 */
-	if (qt.p.data != NULL)
-		len = (((mod_len / 2) < qt.p.length) ? 0 : qt.p.length);
+		len = d.length;
+	}
 
 	/* Total size required for RSA key params(n,e,(q,dQ,p,dP,qInv)) */
-	total_size = mod_len + exp_len + 5 * len;
+	total_size = mod_len + exp_len + len;
 
 	/* Allocate buffer to hold all RSA keys */
 	rsa->n.data = rte_malloc(NULL, total_size, 0);
@@ -107,8 +118,8 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
 	rsa->e.data = rsa->n.data + mod_len;
 	memcpy(rsa->e.data, xfrm_rsa->e.data, exp_len);
 
-	/* Private key in quintuple format */
-	if (len != 0) {
+	if (rsa->key_type == RTE_RSA_KEY_TYPE_QT) {
+		/* Private key in quintuple format */
 		rsa->qt.q.data = rsa->e.data + exp_len;
 		memcpy(rsa->qt.q.data, qt.q.data, qt.q.length);
 		rsa->qt.dQ.data = rsa->qt.q.data + qt.q.length;
@@ -126,6 +137,11 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
 		rsa->qt.p.length = qt.p.length;
 		rsa->qt.dP.length = qt.dP.length;
 		rsa->qt.qInv.length = qt.qInv.length;
+	} else if (rsa->key_type == RTE_RSA_KEY_TYPE_EXP) {
+		/* Private key in exponent format */
+		rsa->d.data = rsa->e.data + exp_len;
+		memcpy(rsa->d.data, d.data, d.length);
+		rsa->d.length = d.length;
 	}
 	rsa->n.length = mod_len;
 	rsa->e.length = exp_len;
@@ -316,10 +332,64 @@ cnxk_ae_rsa_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
 	inst->rptr = (uintptr_t)dptr;
 }
 
+static __rte_always_inline void
+cnxk_ae_rsa_exp_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
+		     struct rte_crypto_rsa_xform *rsa, rte_crypto_param *crypto_param,
+		     struct cpt_inst_s *inst)
+{
+	struct rte_crypto_rsa_op_param rsa_op;
+	uint32_t privkey_len = rsa->d.length;
+	uint32_t mod_len = rsa->n.length;
+	union cpt_inst_w4 w4;
+	uint32_t in_size;
+	uint32_t dlen;
+	uint8_t *dptr;
+
+	rsa_op = op->asym->rsa;
+
+	/* Input buffer */
+	dptr = meta_buf->vaddr;
+	inst->dptr = (uintptr_t)dptr;
+	memcpy(dptr, rsa->n.data, mod_len);
+	dptr += mod_len;
+	memcpy(dptr, rsa->d.data, privkey_len);
+	dptr += privkey_len;
+
+	in_size = crypto_param->length;
+	memcpy(dptr, crypto_param->data, in_size);
+
+	dptr += in_size;
+	dlen = mod_len + privkey_len + in_size;
+
+	if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
+		/* Use mod_exp operation for no_padding type */
+		w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX;
+		w4.s.param2 = privkey_len;
+	} else {
+		if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+			w4.s.opcode_minor = ROC_AE_MINOR_OP_PKCS_ENC;
+			/* Private key encrypt (exponent), use BT1*/
+			w4.s.param2 = ROC_AE_CPT_BLOCK_TYPE1 | ((uint16_t)(privkey_len) << 1);
+		} else if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
+			w4.s.opcode_minor = ROC_AE_MINOR_OP_PKCS_DEC;
+			/* Private key decrypt (exponent), use BT2 */
+			w4.s.param2 = ROC_AE_CPT_BLOCK_TYPE2;
+		}
+	}
+
+	w4.s.opcode_major = ROC_AE_MAJOR_OP_MODEX;
+
+	w4.s.param1 = mod_len;
+	w4.s.dlen = dlen;
+
+	inst->w4.u64 = w4.u64;
+	inst->rptr = (uintptr_t)dptr;
+}
+
 static __rte_always_inline void
 cnxk_ae_rsa_crt_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
-		     struct rte_crypto_rsa_xform *rsa,
-		     rte_crypto_param *crypto_param, struct cpt_inst_s *inst)
+		     struct rte_crypto_rsa_xform *rsa, rte_crypto_param *crypto_param,
+		     struct cpt_inst_s *inst)
 {
 	uint32_t qInv_len = rsa->qt.qInv.length;
 	struct rte_crypto_rsa_op_param rsa_op;
@@ -374,28 +444,30 @@ cnxk_ae_rsa_crt_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
 }
 
 static __rte_always_inline int __rte_hot
-cnxk_ae_enqueue_rsa_op(struct rte_crypto_op *op,
-		       struct roc_ae_buf_ptr *meta_buf,
+cnxk_ae_enqueue_rsa_op(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
 		       struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
 {
 	struct rte_crypto_rsa_op_param *rsa = &op->asym->rsa;
+	struct rte_crypto_rsa_xform *ctx = &sess->rsa_ctx;
 
 	switch (rsa->op_type) {
 	case RTE_CRYPTO_ASYM_OP_VERIFY:
-		cnxk_ae_rsa_prep(op, meta_buf, &sess->rsa_ctx, &rsa->sign,
-				 inst);
+		cnxk_ae_rsa_prep(op, meta_buf, ctx, &rsa->sign, inst);
 		break;
 	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
-		cnxk_ae_rsa_prep(op, meta_buf, &sess->rsa_ctx, &rsa->message,
-				 inst);
+		cnxk_ae_rsa_prep(op, meta_buf, ctx, &rsa->message, inst);
 		break;
 	case RTE_CRYPTO_ASYM_OP_SIGN:
-		cnxk_ae_rsa_crt_prep(op, meta_buf, &sess->rsa_ctx,
-				     &rsa->message, inst);
+		if (ctx->key_type == RTE_RSA_KEY_TYPE_QT)
+			cnxk_ae_rsa_crt_prep(op, meta_buf, ctx, &rsa->message, inst);
+		else
+			cnxk_ae_rsa_exp_prep(op, meta_buf, ctx, &rsa->message, inst);
 		break;
 	case RTE_CRYPTO_ASYM_OP_DECRYPT:
-		cnxk_ae_rsa_crt_prep(op, meta_buf, &sess->rsa_ctx, &rsa->cipher,
-				     inst);
+		if (ctx->key_type == RTE_RSA_KEY_TYPE_QT)
+			cnxk_ae_rsa_crt_prep(op, meta_buf, ctx, &rsa->cipher, inst);
+		else
+			cnxk_ae_rsa_exp_prep(op, meta_buf, ctx, &rsa->cipher, inst);
 		break;
 	default:
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.c b/drivers/crypto/cnxk/cnxk_cryptodev.c
index d67de54a7b..35635f7831 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.c
@@ -15,6 +15,7 @@ cnxk_cpt_default_ff_get(void)
 		      RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
 		      RTE_CRYPTODEV_FF_HW_ACCELERATED |
 		      RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
+		      RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP |
 		      RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
 		      RTE_CRYPTODEV_FF_IN_PLACE_SGL |
 		      RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
-- 
2.25.1

RE: [v3] crypto/cnxk: support exponent type private key

[Anoob Joseph]

> 
> This patch adds support for RTE_RSA_KEY_TYPE_EXP in cnxk crypto driver.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> --
> v3:
>  - .ini updates.
> v2:
>  - new function to handle exp type priv key.
> ---
>  doc/guides/cryptodevs/features/cn10k.ini |   2 +
>  doc/guides/cryptodevs/features/cn9k.ini  |   2 +
>  drivers/crypto/cnxk/cnxk_ae.h            | 112 +++++++++++++++++++----
>  drivers/crypto/cnxk/cnxk_cryptodev.c     |   1 +
>  4 files changed, 97 insertions(+), 20 deletions(-)

Acked-by: Anoob Joseph <anoobj@marvell.com>

RE: [v3] crypto/cnxk: support exponent type private key

[Akhil Goyal]

> Subject: [v3] crypto/cnxk: support exponent type private key
> 
> This patch adds support for RTE_RSA_KEY_TYPE_EXP in cnxk crypto
> driver.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> --
Applied to dpdk-next-crypto
Thanks.