From patchwork Fri Oct 11 13:01:35 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Anoob Joseph <anoobj@marvell.com>
X-Patchwork-Id: 60969
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 19CCB1EAC6;
	Fri, 11 Oct 2019 15:02:31 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
	[67.231.156.173]) by dpdk.org (Postfix) with ESMTP id E3DC51EAC6
	for <dev@dpdk.org>; Fri, 11 Oct 2019 15:02:29 +0200 (CEST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
	by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
	x9BCxGrx007679; Fri, 11 Oct 2019 06:02:26 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
	h=from : to : cc :
	subject : date : message-id : in-reply-to : references : mime-version
	: content-transfer-encoding : content-type; s=pfpt0818;
	bh=tvK72BxgPpEdcHeAW2hPIbWU4OaVJKFp3i9484mAN9E=;
	b=M+wXiqmiZogiHA8tL7mYU78/maNNE2t+FSZJ/0/k7EaPrM1NyfbepXYhmB3JeNaa6FNm
	jOrWfBpxDfXlueHxKUQN02taZ0/N9xISzplAlN/r1Tl7Ddyz/a+z/Txo9ZL9yACp2X33
	6hFPhoYRcLsCDMO5dWCVwSD9h/Ke2zk/09eb26vpntDS+Zw3PntRwsaRXhnlf8Nx/GDs
	JkW071064xHy2xyQKvV8JUa0J4R9IS/Oa6UPMN7SsYffky19nmTR7/dIlMVio1LvgdlT
	6eR22RVHT7MTskosp3Y3jKy3ujmTNEqMk/DTYLVDlR2KVX42Q0UwnVai8Nfdm5RBVdPi
	SA==
Received: from sc-exch01.marvell.com ([199.233.58.181])
	by mx0b-0016f401.pphosted.com with ESMTP id 2vhdxc1p36-2
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
	Fri, 11 Oct 2019 06:02:26 -0700
Received: from SC-EXCH01.marvell.com (10.93.176.81) by SC-EXCH01.marvell.com
	(10.93.176.81) with Microsoft SMTP Server (TLS) id 15.0.1367.3;
	Fri, 11 Oct 2019 06:02:24 -0700
Received: from maili.marvell.com (10.93.176.43) by SC-EXCH01.marvell.com
	(10.93.176.81) with Microsoft SMTP Server id 15.0.1367.3 via Frontend
	Transport; Fri, 11 Oct 2019 06:02:24 -0700
Received: from ajoseph83.caveonetworks.com.com (unknown [10.29.45.60])
	by maili.marvell.com (Postfix) with ESMTP id 014283F7040;
	Fri, 11 Oct 2019 06:02:19 -0700 (PDT)
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <akhil.goyal@nxp.com>, Pablo de Lara
	<pablo.de.lara.guarch@intel.com>
CC: Sunila Sahu <ssahu@marvell.com>, Jerin Jacob <jerinj@marvell.com>,
	Narayana Prasad <pathreya@marvell.com>, Kanaka Durga Kotamarthy
	<kkotamarthy@marvell.com>, Shally Verma <shallyv@marvell.com>,
	Fiona Trahe <fiona.trahe@intel.com>, <dev@dpdk.org>,
	Anoob Joseph <anoobj@marvell.com>
Date: Fri, 11 Oct 2019 18:31:35 +0530
Message-ID: <1570798896-18974-5-git-send-email-anoobj@marvell.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1570798896-18974-1-git-send-email-anoobj@marvell.com>
References: <1568035687-25492-1-git-send-email-anoobj@marvell.com>
	<1570798896-18974-1-git-send-email-anoobj@marvell.com>
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8
	definitions=2019-10-11_08:2019-10-10,2019-10-11 signatures=0
Subject: [dpdk-dev] [PATCH v2 4/5] crypto/octeontx: add asymmetric
	enqueue/dequeue ops
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

From: Sunila Sahu <ssahu@marvell.com>

Add asymmetric crypto op enqueue & dequeue routines

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
---
 drivers/common/cpt/cpt_common.h             |   1 +
 drivers/common/cpt/cpt_mcode_defines.h      |  20 ++
 drivers/common/cpt/cpt_ucode_asym.h         | 282 ++++++++++++++++++++++++++++
 drivers/crypto/octeontx/otx_cryptodev_ops.c | 236 +++++++++++++++++++++--
 4 files changed, 522 insertions(+), 17 deletions(-)

diff --git a/drivers/common/cpt/cpt_common.h b/drivers/common/cpt/cpt_common.h
index 7ef6b29..dff45f0 100644
--- a/drivers/common/cpt/cpt_common.h
+++ b/drivers/common/cpt/cpt_common.h
@@ -75,6 +75,7 @@ struct cpt_request_info {
 		uint64_t ei2;
 		uint64_t ei3;
 	} ist;
+	uint8_t *rptr;
 
 	/** Control path fields */
 	uint64_t time_out;
diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h
index d5b3c59..91d30a5 100644
--- a/drivers/common/cpt/cpt_mcode_defines.h
+++ b/drivers/common/cpt/cpt_mcode_defines.h
@@ -21,6 +21,18 @@
 #define CPT_MAJOR_OP_KASUMI	0x38
 #define CPT_MAJOR_OP_MISC	0x01
 
+/* AE opcodes */
+#define CPT_MAJOR_OP_MODEX	0x03
+#define CPT_MINOR_OP_MODEX	0x01
+#define CPT_MINOR_OP_PKCS_ENC	0x02
+#define CPT_MINOR_OP_PKCS_ENC_CRT	0x03
+#define CPT_MINOR_OP_PKCS_DEC	0x04
+#define CPT_MINOR_OP_PKCS_DEC_CRT	0x05
+#define CPT_MINOR_OP_MODEX_CRT	0x06
+
+#define CPT_BLOCK_TYPE1 0
+#define CPT_BLOCK_TYPE2 1
+
 #define CPT_BYTE_16		16
 #define CPT_BYTE_24		24
 #define CPT_BYTE_32		32
@@ -367,6 +379,14 @@ typedef struct fc_params {
 } fc_params_t;
 
 /*
+ * Parameters for asymmetric operations
+ */
+struct asym_op_params {
+	struct cpt_request_info *req;
+	phys_addr_t meta_buf;
+};
+
+/*
  * Parameters for digest
  * generate requests
  * Only src_iov, op, ctx_buf, mac_buf, prep_req
diff --git a/drivers/common/cpt/cpt_ucode_asym.h b/drivers/common/cpt/cpt_ucode_asym.h
index e0311f1..00e01b5 100644
--- a/drivers/common/cpt/cpt_ucode_asym.h
+++ b/drivers/common/cpt/cpt_ucode_asym.h
@@ -9,6 +9,8 @@
 #include <rte_crypto_asym.h>
 #include <rte_malloc.h>
 
+#include "cpt_common.h"
+#include "cpt_hw_types.h"
 #include "cpt_mcode_defines.h"
 
 static __rte_always_inline void
@@ -168,4 +170,284 @@ cpt_free_asym_session_parameters(struct cpt_asym_sess_misc *sess)
 	}
 }
 
+static __rte_always_inline void
+cpt_fill_req_comp_addr(struct cpt_request_info *req, buf_ptr_t addr)
+{
+	void *completion_addr = RTE_PTR_ALIGN(addr.vaddr, 16);
+
+	/* Pointer to cpt_res_s, updated by CPT */
+	req->completion_addr = (volatile uint64_t *)completion_addr;
+	req->comp_baddr = addr.dma_addr +
+			  RTE_PTR_DIFF(completion_addr, addr.vaddr);
+	*(req->completion_addr) = COMPLETION_CODE_INIT;
+}
+
+static __rte_always_inline int
+cpt_modex_prep(struct asym_op_params *modex_params,
+	       struct rte_crypto_modex_xform *mod)
+{
+	struct cpt_request_info *req = modex_params->req;
+	phys_addr_t mphys = modex_params->meta_buf;
+	uint32_t exp_len = mod->exponent.length;
+	uint32_t mod_len = mod->modulus.length;
+	struct rte_crypto_mod_op_param mod_op;
+	struct rte_crypto_op **op;
+	vq_cmd_word0_t vq_cmd_w0;
+	uint64_t total_key_len;
+	opcode_info_t opcode;
+	uint32_t dlen, rlen;
+	uint32_t base_len;
+	buf_ptr_t caddr;
+	uint8_t *dptr;
+
+	/* Extracting modex op form params->req->op[1]->asym->modex */
+	op = RTE_PTR_ADD(req->op, sizeof(uintptr_t));
+	mod_op = ((struct rte_crypto_op *)*op)->asym->modex;
+
+	base_len = mod_op.base.length;
+	if (unlikely(base_len > mod_len)) {
+		CPT_LOG_DP_ERR("Base length greater than modulus length is not supported");
+		(*op)->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		return -ENOTSUP;
+	}
+
+	total_key_len = mod_len + exp_len;
+
+	/* Input buffer */
+	dptr = RTE_PTR_ADD(req, sizeof(struct cpt_request_info));
+	memcpy(dptr, mod->modulus.data, total_key_len);
+	dptr += total_key_len;
+	memcpy(dptr, mod_op.base.data, base_len);
+	dptr += base_len;
+	dlen = total_key_len + base_len;
+
+	/* Result buffer */
+	rlen = mod_len;
+
+	/* Setup opcodes */
+	opcode.s.major = CPT_MAJOR_OP_MODEX;
+	opcode.s.minor = CPT_MINOR_OP_MODEX;
+	vq_cmd_w0.s.opcode = opcode.flags;
+
+	/* GP op header */
+	vq_cmd_w0.s.param1 = mod_len;
+	vq_cmd_w0.s.param2 = exp_len;
+	vq_cmd_w0.s.dlen = dlen;
+
+	/* Filling cpt_request_info structure */
+	req->ist.ei0 = vq_cmd_w0.u64;
+	req->ist.ei1 = mphys;
+	req->ist.ei2 = mphys + dlen;
+
+	/* Result pointer to store result data */
+	req->rptr = dptr;
+
+	/* alternate_caddr to write completion status of the microcode */
+	req->alternate_caddr = (uint64_t *)(dptr + rlen);
+	*req->alternate_caddr = ~((uint64_t)COMPLETION_CODE_INIT);
+
+	/* Preparing completion addr, +1 for completion code */
+	caddr.vaddr = dptr + rlen + 1;
+	caddr.dma_addr = mphys + dlen + rlen + 1;
+
+	cpt_fill_req_comp_addr(req, caddr);
+	return 0;
+}
+
+static __rte_always_inline void
+cpt_rsa_prep(struct asym_op_params *rsa_params,
+	     struct rte_crypto_rsa_xform *rsa,
+	     rte_crypto_param *crypto_param)
+{
+	struct cpt_request_info *req = rsa_params->req;
+	phys_addr_t mphys = rsa_params->meta_buf;
+	struct rte_crypto_rsa_op_param rsa_op;
+	uint32_t mod_len = rsa->n.length;
+	uint32_t exp_len = rsa->e.length;
+	struct rte_crypto_op **op;
+	vq_cmd_word0_t vq_cmd_w0;
+	uint64_t total_key_len;
+	opcode_info_t opcode;
+	uint32_t dlen, rlen;
+	uint32_t in_size;
+	buf_ptr_t caddr;
+	uint8_t *dptr;
+
+	/* Extracting rsa op form params->req->op[1]->asym->rsa */
+	op = RTE_PTR_ADD(req->op, sizeof(uintptr_t));
+	rsa_op = ((struct rte_crypto_op *)*op)->asym->rsa;
+	total_key_len  = mod_len + exp_len;
+
+	/* Input buffer */
+	dptr = RTE_PTR_ADD(req, sizeof(struct cpt_request_info));
+	memcpy(dptr, rsa->n.data, total_key_len);
+	dptr += total_key_len;
+
+	in_size = crypto_param->length;
+	memcpy(dptr, crypto_param->data, in_size);
+
+	dptr += in_size;
+	dlen = total_key_len + in_size;
+
+	/* Result buffer */
+	rlen = mod_len;
+
+	if (rsa_op.pad == RTE_CRYPTO_RSA_PADDING_NONE) {
+		/* Use mod_exp operation for no_padding type */
+		opcode.s.minor = CPT_MINOR_OP_MODEX;
+		vq_cmd_w0.s.param2 = exp_len;
+	} else {
+		if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+			opcode.s.minor = CPT_MINOR_OP_PKCS_ENC;
+			/* Public key encrypt, use BT2*/
+			vq_cmd_w0.s.param2 = CPT_BLOCK_TYPE2 |
+					((uint16_t)(exp_len) << 1);
+		} else if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
+			opcode.s.minor = CPT_MINOR_OP_PKCS_DEC;
+			/* Public key decrypt, use BT1 */
+			vq_cmd_w0.s.param2 = CPT_BLOCK_TYPE1;
+			/* + 2 for decrypted len */
+			rlen += 2;
+		}
+	}
+
+	/* Setup opcodes */
+	opcode.s.major = CPT_MAJOR_OP_MODEX;
+	vq_cmd_w0.s.opcode = opcode.flags;
+
+	/* GP op header */
+	vq_cmd_w0.s.param1 = mod_len;
+	vq_cmd_w0.s.dlen = dlen;
+
+	/* Filling cpt_request_info structure */
+	req->ist.ei0 = vq_cmd_w0.u64;
+	req->ist.ei1 = mphys;
+	req->ist.ei2 = mphys + dlen;
+
+	/* Result pointer to store result data */
+	req->rptr = dptr;
+
+	/* alternate_caddr to write completion status of the microcode */
+	req->alternate_caddr = (uint64_t *)(dptr + rlen);
+	*req->alternate_caddr = ~((uint64_t)COMPLETION_CODE_INIT);
+
+	/* Preparing completion addr, +1 for completion code */
+	caddr.vaddr = dptr + rlen + 1;
+	caddr.dma_addr = mphys + dlen + rlen + 1;
+
+	cpt_fill_req_comp_addr(req, caddr);
+}
+
+static __rte_always_inline void
+cpt_rsa_crt_prep(struct asym_op_params *rsa_params,
+		 struct rte_crypto_rsa_xform *rsa,
+		 rte_crypto_param *crypto_param)
+{
+	struct cpt_request_info *req = rsa_params->req;
+	phys_addr_t mphys = rsa_params->meta_buf;
+	uint32_t qInv_len = rsa->qt.qInv.length;
+	struct rte_crypto_rsa_op_param rsa_op;
+	uint32_t dP_len = rsa->qt.dP.length;
+	uint32_t dQ_len = rsa->qt.dQ.length;
+	uint32_t p_len = rsa->qt.p.length;
+	uint32_t q_len = rsa->qt.q.length;
+	uint32_t mod_len = rsa->n.length;
+	struct rte_crypto_op **op;
+	vq_cmd_word0_t vq_cmd_w0;
+	uint64_t total_key_len;
+	opcode_info_t opcode;
+	uint32_t dlen, rlen;
+	uint32_t in_size;
+	buf_ptr_t caddr;
+	uint8_t *dptr;
+
+	/* Extracting rsa op form params->req->op[1]->asym->rsa */
+	op = RTE_PTR_ADD(req->op, sizeof(uintptr_t));
+	rsa_op = ((struct rte_crypto_op *)*op)->asym->rsa;
+	total_key_len = p_len + q_len + dP_len + dQ_len + qInv_len;
+
+	/* Input buffer */
+	dptr = RTE_PTR_ADD(req, sizeof(struct cpt_request_info));
+	memcpy(dptr, rsa->qt.q.data, total_key_len);
+	dptr += total_key_len;
+
+	in_size = crypto_param->length;
+	memcpy(dptr, crypto_param->data, in_size);
+
+	dptr += in_size;
+	dlen = total_key_len + in_size;
+
+	/* Result buffer */
+	rlen = mod_len;
+
+	if (rsa_op.pad == RTE_CRYPTO_RSA_PADDING_NONE) {
+		/*Use mod_exp operation for no_padding type */
+		opcode.s.minor = CPT_MINOR_OP_MODEX_CRT;
+	} else {
+		if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+			opcode.s.minor = CPT_MINOR_OP_PKCS_ENC_CRT;
+			/* Private encrypt, use BT1 */
+			vq_cmd_w0.s.param2 = CPT_BLOCK_TYPE1;
+		} else if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
+			opcode.s.minor = CPT_MINOR_OP_PKCS_DEC_CRT;
+			/* Private decrypt, use BT2 */
+			vq_cmd_w0.s.param2 = CPT_BLOCK_TYPE2;
+			/* + 2 for decrypted len */
+			rlen += 2;
+		}
+	}
+
+	/* Setup opcodes */
+	opcode.s.major = CPT_MAJOR_OP_MODEX;
+	vq_cmd_w0.s.opcode = opcode.flags;
+
+	/* GP op header */
+	vq_cmd_w0.s.param1 = mod_len;
+	vq_cmd_w0.s.dlen = dlen;
+
+	/* Filling cpt_request_info structure */
+	req->ist.ei0 = vq_cmd_w0.u64;
+	req->ist.ei1 = mphys;
+	req->ist.ei2 = mphys + dlen;
+
+	/* Result pointer to store result data */
+	req->rptr = dptr;
+
+	/* alternate_caddr to write completion status of the microcode */
+	req->alternate_caddr = (uint64_t *)(dptr + rlen);
+	*req->alternate_caddr = ~((uint64_t)COMPLETION_CODE_INIT);
+
+	/* Preparing completion addr, +1 for completion code */
+	caddr.vaddr = dptr + rlen + 1;
+	caddr.dma_addr = mphys + dlen + rlen + 1;
+
+	cpt_fill_req_comp_addr(req, caddr);
+}
+
+static __rte_always_inline int __hot
+cpt_enqueue_rsa_op(struct rte_crypto_op *op,
+	       struct asym_op_params *params,
+	       struct cpt_asym_sess_misc *sess)
+{
+	struct rte_crypto_rsa_op_param *rsa = &op->asym->rsa;
+
+	switch (rsa->op_type) {
+	case RTE_CRYPTO_ASYM_OP_VERIFY:
+		cpt_rsa_prep(params, &sess->rsa_ctx, &rsa->sign);
+		break;
+	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
+		cpt_rsa_prep(params, &sess->rsa_ctx, &rsa->message);
+		break;
+	case RTE_CRYPTO_ASYM_OP_SIGN:
+		cpt_rsa_crt_prep(params, &sess->rsa_ctx, &rsa->message);
+		break;
+	case RTE_CRYPTO_ASYM_OP_DECRYPT:
+		cpt_rsa_crt_prep(params, &sess->rsa_ctx, &rsa->cipher);
+		break;
+	default:
+		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		return -EINVAL;
+	}
+	return 0;
+}
 #endif /* _CPT_UCODE_ASYM_H_ */
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index 4b58c85..ba56b21 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -379,6 +379,74 @@ otx_cpt_request_enqueue(struct cpt_instance *instance,
 }
 
 static __rte_always_inline int __hot
+otx_cpt_enq_single_asym(struct cpt_instance *instance,
+			struct rte_crypto_op *op,
+			struct pending_queue *pqueue)
+{
+	struct cpt_qp_meta_info *minfo = &instance->meta_info;
+	struct rte_crypto_asym_op *asym_op = op->asym;
+	struct asym_op_params params = {0};
+	struct cpt_asym_sess_misc *sess;
+	uintptr_t *cop;
+	void *mdata;
+	int ret;
+
+	if (unlikely(rte_mempool_get(minfo->pool, &mdata) < 0)) {
+		CPT_LOG_DP_ERR("Could not allocate meta buffer for request");
+		return -ENOMEM;
+	}
+
+	sess = get_asym_session_private_data(asym_op->session,
+					     otx_cryptodev_driver_id);
+
+	/* Store phys_addr of the mdata to meta_buf */
+	params.meta_buf = rte_mempool_virt2iova(mdata);
+
+	cop = mdata;
+	cop[0] = (uintptr_t)mdata;
+	cop[1] = (uintptr_t)op;
+	cop[2] = cop[3] = 0ULL;
+
+	params.req = RTE_PTR_ADD(cop, 4 * sizeof(uintptr_t));
+	params.req->op = cop;
+
+	/* Adjust meta_buf by crypto_op data  and request_info struct */
+	params.meta_buf += (4 * sizeof(uintptr_t)) +
+			   sizeof(struct cpt_request_info);
+
+	switch (sess->xfrm_type) {
+	case RTE_CRYPTO_ASYM_XFORM_MODEX:
+		ret = cpt_modex_prep(&params, &sess->mod_ctx);
+		if (unlikely(ret))
+			goto req_fail;
+		break;
+	case RTE_CRYPTO_ASYM_XFORM_RSA:
+		ret = cpt_enqueue_rsa_op(op, &params, sess);
+		if (unlikely(ret))
+			goto req_fail;
+		break;
+	default:
+		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		ret = -EINVAL;
+		goto req_fail;
+	}
+
+	ret = otx_cpt_request_enqueue(instance, pqueue, params.req);
+
+	if (unlikely(ret)) {
+		CPT_LOG_DP_ERR("Could not enqueue crypto req");
+		goto req_fail;
+	}
+
+	return 0;
+
+req_fail:
+	free_op_meta(mdata, minfo->pool);
+
+	return ret;
+}
+
+static __rte_always_inline int __hot
 otx_cpt_enq_single_sym(struct cpt_instance *instance,
 		       struct rte_crypto_op *op,
 		       struct pending_queue *pqueue)
@@ -477,24 +545,37 @@ otx_cpt_enq_single_sym_sessless(struct cpt_instance *instance,
 	return ret;
 }
 
+#define OP_TYPE_SYM		0
+#define OP_TYPE_ASYM		1
+
 static __rte_always_inline int __hot
 otx_cpt_enq_single(struct cpt_instance *inst,
 		   struct rte_crypto_op *op,
-		   struct pending_queue *pqueue)
+		   struct pending_queue *pqueue,
+		   const uint8_t op_type)
 {
 	/* Check for the type */
 
-	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
-		return otx_cpt_enq_single_sym(inst, op, pqueue);
-	else if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS))
-		return otx_cpt_enq_single_sym_sessless(inst, op, pqueue);
+	if (op_type == OP_TYPE_SYM) {
+		if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			return otx_cpt_enq_single_sym(inst, op, pqueue);
+		else
+			return otx_cpt_enq_single_sym_sessless(inst, op,
+							       pqueue);
+	}
+
+	if (op_type == OP_TYPE_ASYM) {
+		if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			return otx_cpt_enq_single_asym(inst, op, pqueue);
+	}
 
 	/* Should not reach here */
-	return -EINVAL;
+	return -ENOTSUP;
 }
 
-static uint16_t
-otx_cpt_pkt_enqueue(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
+static  __rte_always_inline uint16_t __hot
+otx_cpt_pkt_enqueue(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops,
+		    const uint8_t op_type)
 {
 	struct cpt_instance *instance = (struct cpt_instance *)qptr;
 	uint16_t count;
@@ -510,7 +591,7 @@ otx_cpt_pkt_enqueue(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
 	while (likely(count < nb_ops)) {
 
 		/* Enqueue single op */
-		ret = otx_cpt_enq_single(instance, ops[count], pqueue);
+		ret = otx_cpt_enq_single(instance, ops[count], pqueue, op_type);
 
 		if (unlikely(ret))
 			break;
@@ -520,24 +601,128 @@ otx_cpt_pkt_enqueue(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
 	return count;
 }
 
-static __rte_always_inline void
-otx_cpt_dequeue_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
+static uint16_t
+otx_cpt_enqueue_asym(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
+{
+	return otx_cpt_pkt_enqueue(qptr, ops, nb_ops, OP_TYPE_ASYM);
+}
+
+static uint16_t
+otx_cpt_enqueue_sym(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
+{
+	return otx_cpt_pkt_enqueue(qptr, ops, nb_ops, OP_TYPE_SYM);
+}
+
+static inline void
+otx_cpt_asym_rsa_op(struct rte_crypto_op *cop, struct cpt_request_info *req,
+		    struct rte_crypto_rsa_xform *rsa_ctx)
+
+{
+	struct rte_crypto_rsa_op_param *rsa = &cop->asym->rsa;
+
+	switch (rsa->op_type) {
+	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
+		rsa->cipher.length = rsa_ctx->n.length;
+		memcpy(rsa->cipher.data, req->rptr, rsa->cipher.length);
+		break;
+	case RTE_CRYPTO_ASYM_OP_DECRYPT:
+		if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE)
+			rsa->message.length = rsa_ctx->n.length;
+		else {
+			/* Get length of decrypted output */
+			rsa->message.length = rte_cpu_to_be_16
+					(*((uint16_t *)req->rptr));
+
+			/* Offset data pointer by length fields */
+			req->rptr += 2;
+		}
+		memcpy(rsa->message.data, req->rptr, rsa->message.length);
+		break;
+	case RTE_CRYPTO_ASYM_OP_SIGN:
+		rsa->sign.length = rsa_ctx->n.length;
+		memcpy(rsa->sign.data, req->rptr, rsa->sign.length);
+		break;
+	case RTE_CRYPTO_ASYM_OP_VERIFY:
+		if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE)
+			rsa->sign.length = rsa_ctx->n.length;
+		else {
+			/* Get length of decrypted output */
+			rsa->sign.length = rte_cpu_to_be_16
+					(*((uint16_t *)req->rptr));
+
+			/* Offset data pointer by length fields */
+			req->rptr += 2;
+		}
+		memcpy(rsa->sign.data, req->rptr, rsa->sign.length);
+
+		if (memcmp(rsa->sign.data, rsa->message.data,
+			   rsa->message.length)) {
+			CPT_LOG_DP_ERR("RSA verification failed");
+			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+		}
+		break;
+	default:
+		CPT_LOG_DP_DEBUG("Invalid RSA operation type");
+		cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		break;
+	}
+}
+
+static __rte_always_inline void __hot
+otx_cpt_asym_post_process(struct rte_crypto_op *cop,
+			  struct cpt_request_info *req)
+{
+	struct rte_crypto_asym_op *op = cop->asym;
+	struct cpt_asym_sess_misc *sess;
+
+	sess = get_asym_session_private_data(op->session,
+					     otx_cryptodev_driver_id);
+
+	switch (sess->xfrm_type) {
+	case RTE_CRYPTO_ASYM_XFORM_RSA:
+		otx_cpt_asym_rsa_op(cop, req, &sess->rsa_ctx);
+		break;
+	case RTE_CRYPTO_ASYM_XFORM_MODEX:
+		op->modex.result.length = sess->mod_ctx.modulus.length;
+		memcpy(op->modex.result.data, req->rptr,
+		       op->modex.result.length);
+		break;
+	default:
+		CPT_LOG_DP_DEBUG("Invalid crypto xform type");
+		cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		break;
+	}
+}
+
+static __rte_always_inline void __hot
+otx_cpt_dequeue_post_process(struct rte_crypto_op *cop, uintptr_t *rsp,
+			     const uint8_t op_type)
 {
 	/* H/w has returned success */
 	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	/* Perform further post processing */
 
-	if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
+	if ((op_type == OP_TYPE_SYM) &&
+	    (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC)) {
 		/* Check if auth verify need to be completed */
 		if (unlikely(rsp[2]))
 			compl_auth_verify(cop, (uint8_t *)rsp[2], rsp[3]);
 		return;
 	}
+
+	if ((op_type == OP_TYPE_ASYM) &&
+	    (cop->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC)) {
+		rsp = RTE_PTR_ADD(rsp, 4 * sizeof(uintptr_t));
+		otx_cpt_asym_post_process(cop, (struct cpt_request_info *)rsp);
+	}
+
+	return;
 }
 
-static uint16_t
-otx_cpt_pkt_dequeue(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
+static __rte_always_inline uint16_t __hot
+otx_cpt_pkt_dequeue(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops,
+		    const uint8_t op_type)
 {
 	struct cpt_instance *instance = (struct cpt_instance *)qptr;
 	struct cpt_request_info *user_req;
@@ -598,7 +783,7 @@ otx_cpt_pkt_dequeue(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
 
 		if (likely(cc[i] == 0)) {
 			/* H/w success pkt. Post process */
-			otx_cpt_dequeue_post_process(cop, rsp);
+			otx_cpt_dequeue_post_process(cop, rsp, op_type);
 		} else if (cc[i] == ERR_GC_ICV_MISCOMPARE) {
 			/* auth data mismatch */
 			cop->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
@@ -627,6 +812,18 @@ otx_cpt_pkt_dequeue(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
 	return nb_completed;
 }
 
+static uint16_t
+otx_cpt_dequeue_asym(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
+{
+	return otx_cpt_pkt_dequeue(qptr, ops, nb_ops, OP_TYPE_ASYM);
+}
+
+static uint16_t
+otx_cpt_dequeue_sym(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
+{
+	return otx_cpt_pkt_dequeue(qptr, ops, nb_ops, OP_TYPE_SYM);
+}
+
 static struct rte_cryptodev_ops cptvf_ops = {
 	/* Device related operations */
 	.dev_configure = otx_cpt_dev_config,
@@ -723,8 +920,13 @@ otx_cpt_dev_create(struct rte_cryptodev *c_dev)
 
 	c_dev->dev_ops = &cptvf_ops;
 
-	c_dev->enqueue_burst = otx_cpt_pkt_enqueue;
-	c_dev->dequeue_burst = otx_cpt_pkt_dequeue;
+	if (c_dev->feature_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) {
+		c_dev->enqueue_burst = otx_cpt_enqueue_sym;
+		c_dev->dequeue_burst = otx_cpt_dequeue_sym;
+	} else {
+		c_dev->enqueue_burst = otx_cpt_enqueue_asym;
+		c_dev->dequeue_burst = otx_cpt_dequeue_asym;
+	}
 
 	/* Save dev private data */
 	c_dev->data->dev_private = cptvf;