From patchwork Wed Jul  3 15:37:57 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
X-Patchwork-Id: 56039
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 465C22C38;
	Wed,  3 Jul 2019 17:39:10 +0200 (CEST)
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
	by dpdk.org (Postfix) with ESMTP id 9318B2956
	for <dev@dpdk.org>; Wed,  3 Jul 2019 17:39:08 +0200 (CEST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
	by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	03 Jul 2019 08:39:07 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.63,446,1557212400"; d="scan'208";a="184788144"
Received: from damiannx-mobl1.ger.corp.intel.com (HELO
	akusztax-MOBL.ger.corp.intel.com) ([10.104.14.182])
	by fmsmga001.fm.intel.com with ESMTP; 03 Jul 2019 08:39:05 -0700
From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com,
	shally.verma@caviumnetworks.com,
	Arek Kusztal <arkadiuszx.kusztal@intel.com>
Date: Wed,  3 Jul 2019 17:37:57 +0200
Message-Id: <20190703153759.1508-2-arkadiuszx.kusztal@intel.com>
X-Mailer: git-send-email 2.19.1.windows.1
In-Reply-To: <20190703153759.1508-1-arkadiuszx.kusztal@intel.com>
References: <20190703153759.1508-1-arkadiuszx.kusztal@intel.com>
MIME-Version: 1.0
Subject: [dpdk-dev] [PATCH v2 1/3] cryptodev: rework api of rsa algorithm
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

This patch reworks API of RSA algorithm.
Major changes:
- Cipher field was introduced
- Field for singature verification when padding none selected was added
- Padding union was created
- PKCS1-v1_5 Block type 0 was removed
- Fixed comments about prime numbers
- Added guide to use none padding

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/librte_cryptodev/rte_crypto_asym.h | 150 ++++++++++++++++++++++++++-------
 1 file changed, 118 insertions(+), 32 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h
index 8672f21..486399c 100644
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@@ -111,23 +111,21 @@ enum rte_crypto_asym_op_type {
  */
 enum rte_crypto_rsa_padding_type {
 	RTE_CRYPTO_RSA_PADDING_NONE = 0,
-	/**< RSA no padding scheme */
-	RTE_CRYPTO_RSA_PKCS1_V1_5_BT0,
-	/**< RSA PKCS#1 V1.5 Block Type 0 padding scheme
-	 * as described in rfc2313
+	/**< RSA no padding scheme.
+	 * In this case user is responsible for provision and verification
+	 * of padding.
 	 */
-	RTE_CRYPTO_RSA_PKCS1_V1_5_BT1,
-	/**< RSA PKCS#1 V1.5 Block Type 01 padding scheme
-	 * as described in rfc2313
-	 */
-	RTE_CRYPTO_RSA_PKCS1_V1_5_BT2,
-	/**< RSA PKCS#1 V1.5 Block Type 02 padding scheme
-	 * as described in rfc2313
+	RTE_CRYPTO_RSA_PADDING_PKCS1,
+	/**< RSA PKCS#1 PKCS1-v1_5 padding scheme. For signatures block type 01,
+	 * for encryption block type 02 are used.
 	 */
 	RTE_CRYPTO_RSA_PADDING_OAEP,
-	/**< RSA PKCS#1 OAEP padding scheme */
+	/**< RSA PKCS#1 OAEP padding scheme, can be used only for encryption/
+	 * decryption.
+	 */
 	RTE_CRYPTO_RSA_PADDING_PSS,
-	/**< RSA PKCS#1 PSS padding scheme */
+	/**< RSA PKCS#1 PSS padding scheme, can be used only for signatures.
+	 */
 	RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
 };
 
@@ -199,8 +197,8 @@ struct rte_crypto_rsa_priv_key_qt {
  */
 struct rte_crypto_rsa_xform {
 	rte_crypto_param n;
-	/**< n - Prime modulus
-	 * Prime modulus data of RSA operation in Octet-string network
+	/**< n - Modulus
+	 * Modulus data of RSA operation in Octet-string network
 	 * byte order format.
 	 */
 
@@ -397,9 +395,36 @@ struct rte_crypto_rsa_op_param {
 	/**<
 	 * Pointer to data
 	 * - to be encrypted for RSA public encrypt.
-	 * - to be decrypted for RSA private decrypt.
 	 * - to be signed for RSA sign generation.
 	 * - to be authenticated for RSA sign verification.
+	 *
+	 * Octet-string network byte order format.
+	 *
+	 * This field is an input to RTE_CRYPTO_ASYM_OP_ENCRYPT
+	 * operation, and output to RTE_CRYPTO_ASYM_OP_DECRYPT operation.
+	 *
+	 * When RTE_CRYPTO_ASYM_OP_DECRYPT op_type used length in bytes
+	 * of this field needs to be greater or equal to the length of
+	 * corresponding RSA key in bytes.
+	 *
+	 * When padding field is set to RTE_CRYPTO_RSA_PADDING_NONE
+	 * returned data size will be equal to the size of RSA key
+	 * in bytes. All leading zeroes will be preserved.
+	 */
+
+	rte_crypto_param cipher;
+	/**<
+	 * Pointer to data
+	 * - to be decrypted for RSA private decrypt.
+	 *
+	 * Octet-string network byte order format.
+	 *
+	 * This field is an input to RTE_CRYPTO_ASYM_OP_DECRYPT
+	 * operation, and output to RTE_CRYPTO_ASYM_OP_ENCRYPT operation.
+	 *
+	 * When RTE_CRYPTO_ASYM_OP_ENCRYPT op_type used length in bytes
+	 * of this field needs to be greater or equal to the length of
+	 * corresponding RSA key in bytes.
 	 */
 
 	rte_crypto_param sign;
@@ -408,27 +433,88 @@ struct rte_crypto_rsa_op_param {
 	 * sign @ref RTE_CRYPTO_ASYM_OP_SIGN, buffer will be
 	 * over-written with generated signature.
 	 *
-	 * Length of the signature data will be equal to the
-	 * RSA prime modulus length.
+	 * Octet-string network byte order format.
+	 *
+	 * When RTE_CRYPTO_ASYM_OP_SIGN op_type used length in bytes
+	 * of this field needs to be greater or equal to the length of
+	 * corresponding RSA key in bytes.
 	 */
 
-	enum rte_crypto_rsa_padding_type pad;
-	/**< RSA padding scheme to be used for transform */
-
-	enum rte_crypto_auth_algorithm md;
-	/**< Hash algorithm to be used for data hash if padding
-	 * scheme is either OAEP or PSS. Valid hash algorithms
-	 * are:
-	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+	rte_crypto_param message_to_verify;
+	/**<
+	 * Pointer to the message 'm' that was signed with
+	 * RSASP1 in RFC8017. It is the result of operation RSAVP1
+	 * defined in RFC8017, where field `sign` is the input
+	 * parameter `s`.
+	 *
+	 * Used only when padding type is set to RTE_CRYPTO_RSA_PADDING_NONE
+	 * and `op_type` is set to RTE_CRYPTO_ASYM_OP_VERIFY.
+	 *
+	 * Returned data size will be equal to the size of RSA key
+	 * in bytes. All leading zeroes will be preserved.
+	 *
+	 * When RTE_CRYPTO_ASYM_OP_VERIFY op_type used length in bytes
+	 * of this field needs to be greater or equal to the length of
+	 * corresponding RSA key in bytes.
 	 */
 
-	enum rte_crypto_auth_algorithm mgf1md;
+	enum rte_crypto_rsa_padding_type padding;
+	/**<
+	 * In case RTE_CRYPTO_RSA_PADDING_PKCS1 is selected,
+	 * driver will distinguish between block type basing
+	 * on rte_crypto_asym_op_type of the operation.
+	 *
+	 * Which padding type is supported by the driver can be
+	 * found in in specific driver guide.
+	 */
+	enum rte_crypto_auth_algorithm padding_hash;
+	/**<
+	 * -	For PKCS1-v1_5 signature (Block type 01) this field
+	 * represents hash function that will be used to create
+	 * message hash.
+	 *
+	 * -	For OAEP this field represents hash function that will
+	 * be used to produce hash of the optional label.
+	 *
+	 * -	For PSS this field represents hash function that will be used
+	 * to produce hash (mHash) of message M and of M' (padding1 | mHash | salt)
+	 *
+	 * If not set driver will use default value.
+	 */
+	union {
+		struct {
+			enum rte_crypto_auth_algorithm mgf;
+			/**<
+			 * Mask genereation function hash algorithm.
+			 *
+			 * If not set driver will use default value.
+			 */
+			rte_crypto_param label;
+			/**<
+			 * Optional label, if driver does not support
+			 * this option, optional label is just an empty string.
+			 */
+		} OAEP;
+		struct {
+			enum rte_crypto_auth_algorithm mgf;
+			/**<
+			 * Mask genereation function hash algorithm.
+			 *
+			 * If not set driver will use default value.
+			 */
+			int seed_len;
+			/**<
+			 * Intended seed length. Nagative number has special
+			 * value as follows:
+			 * -1 : seed len = length of output ot used hash function
+			 * -2 : seed len is maximized
+			 */
+		} PSS;
+	};
 	/**<
-	 * Hash algorithm to be used for mask generation if
-	 * padding scheme is either OAEP or PSS. If padding
-	 * scheme is unspecified data hash algorithm is used
-	 * for mask generation. Valid hash algorithms are:
-	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+	 * Padding type of RSA crypto operation.
+	 * What are random number generator requirements and prequisites
+	 * can be found specific driver guide.
 	 */
 };
 

From patchwork Wed Jul  3 15:37:58 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
X-Patchwork-Id: 56040
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id E0ADE4C99;
	Wed,  3 Jul 2019 17:39:23 +0200 (CEST)
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
	by dpdk.org (Postfix) with ESMTP id 6C4732C60
	for <dev@dpdk.org>; Wed,  3 Jul 2019 17:39:22 +0200 (CEST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
	by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	03 Jul 2019 08:39:21 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.63,446,1557212400"; d="scan'208";a="184788186"
Received: from damiannx-mobl1.ger.corp.intel.com (HELO
	akusztax-MOBL.ger.corp.intel.com) ([10.104.14.182])
	by fmsmga001.fm.intel.com with ESMTP; 03 Jul 2019 08:39:19 -0700
From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com,
	shally.verma@caviumnetworks.com,
	Arek Kusztal <arkadiuszx.kusztal@intel.com>
Date: Wed,  3 Jul 2019 17:37:58 +0200
Message-Id: <20190703153759.1508-3-arkadiuszx.kusztal@intel.com>
X-Mailer: git-send-email 2.19.1.windows.1
In-Reply-To: <20190703153759.1508-1-arkadiuszx.kusztal@intel.com>
References: <20190703153759.1508-1-arkadiuszx.kusztal@intel.com>
MIME-Version: 1.0
Subject: [dpdk-dev] [PATCH v2 2/3] crypto/openssl: rework openssl rsa
	implementation
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

This commit reworks implementation of RSA algorithm
in OPENSSL PMD to be conformant to API changes.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 67 ++++++++++++++++++--------------
 1 file changed, 38 insertions(+), 29 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 7c8bf0d..642580b 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1842,15 +1842,13 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 	int ret = 0;
 	struct rte_crypto_asym_op *op = cop->asym;
 	RSA *rsa = sess->u.r.rsa;
-	uint32_t pad = (op->rsa.pad);
+	uint32_t pad = (op->rsa.padding);
 	uint8_t *tmp;
 
 	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	switch (pad) {
-	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0:
-	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1:
-	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2:
+	case RTE_CRYPTO_RSA_PADDING_PKCS1:
 		pad = RSA_PKCS1_PADDING;
 		break;
 	case RTE_CRYPTO_RSA_PADDING_NONE:
@@ -1867,19 +1865,19 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
 		ret = RSA_public_encrypt(op->rsa.message.length,
 				op->rsa.message.data,
-				op->rsa.message.data,
+				op->rsa.cipher.data,
 				rsa,
 				pad);
 
 		if (ret > 0)
-			op->rsa.message.length = ret;
+			op->rsa.cipher.length = ret;
 		OPENSSL_LOG(DEBUG,
 				"length of encrypted text %d\n", ret);
 		break;
 
 	case RTE_CRYPTO_ASYM_OP_DECRYPT:
-		ret = RSA_private_decrypt(op->rsa.message.length,
-				op->rsa.message.data,
+		ret = RSA_private_decrypt(op->rsa.cipher.length,
+				op->rsa.cipher.data,
 				op->rsa.message.data,
 				rsa,
 				pad);
@@ -1898,28 +1896,39 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 		break;
 
 	case RTE_CRYPTO_ASYM_OP_VERIFY:
-		tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
-		if (tmp == NULL) {
-			OPENSSL_LOG(ERR, "Memory allocation failed");
-			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
-			break;
-		}
-		ret = RSA_public_decrypt(op->rsa.sign.length,
-				op->rsa.sign.data,
-				tmp,
-				rsa,
-				pad);
-
-		OPENSSL_LOG(DEBUG,
-				"Length of public_decrypt %d "
-				"length of message %zd\n",
-				ret, op->rsa.message.length);
-		if ((ret <= 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data,
-				op->rsa.message.length))) {
-			OPENSSL_LOG(ERR, "RSA sign Verification failed");
-			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+		if (pad == RSA_NO_PADDING) {
+			ret = RSA_public_decrypt(op->rsa.sign.length,
+					op->rsa.sign.data,
+					op->rsa.message_to_verify.data,
+					rsa,
+					pad);
+
+			if (ret > 0)
+				op->rsa.message_to_verify.length = ret;
+		} else {
+			tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
+			if (tmp == NULL) {
+				OPENSSL_LOG(ERR, "Memory allocation failed");
+				cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+				break;
+			}
+			ret = RSA_public_decrypt(op->rsa.sign.length,
+					op->rsa.sign.data,
+					tmp,
+					rsa,
+					pad);
+
+			OPENSSL_LOG(DEBUG,
+					"Length of public_decrypt %d "
+					"length of message %zd\n",
+					ret, op->rsa.message.length);
+			if ((ret <= 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data,
+					op->rsa.message.length))) {
+				OPENSSL_LOG(ERR, "RSA sign Verification failed");
+				cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+			}
+			rte_free(tmp);
 		}
-		rte_free(tmp);
 		break;
 
 	default:

From patchwork Wed Jul  3 15:37:59 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
X-Patchwork-Id: 56041
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 333EA5B3A;
	Wed,  3 Jul 2019 17:39:28 +0200 (CEST)
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
	by dpdk.org (Postfix) with ESMTP id 562BB58C4
	for <dev@dpdk.org>; Wed,  3 Jul 2019 17:39:25 +0200 (CEST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
	by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	03 Jul 2019 08:39:24 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.63,446,1557212400"; d="scan'208";a="184788201"
Received: from damiannx-mobl1.ger.corp.intel.com (HELO
	akusztax-MOBL.ger.corp.intel.com) ([10.104.14.182])
	by fmsmga001.fm.intel.com with ESMTP; 03 Jul 2019 08:39:22 -0700
From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com,
	shally.verma@caviumnetworks.com,
	Arek Kusztal <arkadiuszx.kusztal@intel.com>
Date: Wed,  3 Jul 2019 17:37:59 +0200
Message-Id: <20190703153759.1508-4-arkadiuszx.kusztal@intel.com>
X-Mailer: git-send-email 2.19.1.windows.1
In-Reply-To: <20190703153759.1508-1-arkadiuszx.kusztal@intel.com>
References: <20190703153759.1508-1-arkadiuszx.kusztal@intel.com>
MIME-Version: 1.0
Subject: [dpdk-dev] [PATCH v2 3/3] test: rework rsa test implementation
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

This commit reworks rsa test implementation to be conformant
to the RSA API.
Simulation of PKCS1_5 padding was added to be used with PADDING_NONE
option.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c      | 44 ++++++++++++++++++++++++-------
 app/test/test_cryptodev_asym_util.h | 52 +++++++++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+), 9 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index fc92d3d..ae43861 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -402,7 +402,7 @@ test_rsa_sign_verify(void)
 	asym_op->rsa.message.data = input_buf;
 	asym_op->rsa.message.length = rsaplaintext.len;
 	asym_op->rsa.sign.data = output_buf;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
+	asym_op->rsa.padding = RTE_CRYPTO_RSA_PADDING_PKCS1;
 
 	debug_hexdump(stdout, "message", asym_op->rsa.message.data,
 			asym_op->rsa.message.length);
@@ -437,7 +437,7 @@ test_rsa_sign_verify(void)
 
 	/* Verify sign */
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
+	asym_op->rsa.padding = RTE_CRYPTO_RSA_PADDING_PKCS1;
 
 	/* Process crypto operation */
 	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -483,7 +483,7 @@ test_rsa_sign_verify(void)
 }
 
 static int
-test_rsa_enc_dec(void)
+test_rsa_enc_dec(enum rte_crypto_rsa_padding_type padding)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
@@ -495,6 +495,7 @@ test_rsa_enc_dec(void)
 	struct rte_cryptodev_asym_session *sess = NULL;
 	int status = TEST_SUCCESS;
 	uint8_t input_buf[TEST_DATA_SIZE] = {0};
+	uint8_t cipher_buf[TEST_DATA_SIZE] = {0};
 
 	/* test case supports op with exponent key only,
 	 * Check in PMD feature flag for RSA exponent key type support.
@@ -542,12 +543,18 @@ test_rsa_enc_dec(void)
 	asym_op = op->asym;
 	/*Compute encryption on the test vector */
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
-
-	memcpy(input_buf, rsaplaintext.data,
-			rsaplaintext.len);
 	asym_op->rsa.message.data = input_buf;
 	asym_op->rsa.message.length = rsaplaintext.len;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
+	asym_op->rsa.cipher.data = cipher_buf;
+	asym_op->rsa.cipher.length = 0;
+	asym_op->rsa.padding = padding;
+	if (padding == RTE_CRYPTO_RSA_PADDING_NONE) {
+		rsa_simulate_pkcs1_5_padding(0, input_buf, rsa_xform.rsa.n.length,
+				rsaplaintext.data, rsaplaintext.len);
+		asym_op->rsa.message.length = rsa_xform.rsa.n.length;
+	} else
+		memcpy(input_buf, rsaplaintext.data,
+				rsaplaintext.len);
 
 	debug_hexdump(stdout, "message", asym_op->rsa.message.data,
 			asym_op->rsa.message.length);
@@ -581,7 +588,7 @@ test_rsa_enc_dec(void)
 	/* Use the resulted output as decryption Input vector*/
 	asym_op = result_op->asym;
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
+	asym_op->rsa.padding = padding;
 
 	/* Process crypto operation */
 	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -604,7 +611,15 @@ test_rsa_enc_dec(void)
 	}
 	status = TEST_SUCCESS;
 	int ret = 0;
+
+	if (padding == RTE_CRYPTO_RSA_PADDING_NONE) {
+		result_op->asym->rsa.message.length =
+				rsa_simulate_strip_pkcs1_5_padding(result_op->asym->rsa.message.data,
+				rsa_xform.rsa.n.length);
+	}
+
 	ret = rsa_verify(&rsaplaintext, result_op);
+
 	if (ret)
 		status = TEST_FAILED;
 
@@ -624,6 +639,16 @@ test_rsa_enc_dec(void)
 }
 
 static int
+test_rsa_enc_dec_pkcs_1(void){
+	return test_rsa_enc_dec(RTE_CRYPTO_RSA_PADDING_PKCS1);
+}
+
+static int
+test_rsa_enc_dec_pkcs_1_none(void){
+	return test_rsa_enc_dec(RTE_CRYPTO_RSA_PADDING_NONE);
+}
+
+static int
 testsuite_setup(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -1684,7 +1709,8 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown, test_capability),
 		TEST_CASE_ST(ut_setup, ut_teardown, test_dsa),
 		TEST_CASE_ST(ut_setup, ut_teardown, test_dh_keygenration),
-		TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_enc_dec),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_enc_dec_pkcs_1),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_enc_dec_pkcs_1_none),
 		TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_sign_verify),
 		TEST_CASE_ST(ut_setup, ut_teardown, test_mod_inv),
 		TEST_CASE_ST(ut_setup, ut_teardown, test_mod_exp),
diff --git a/app/test/test_cryptodev_asym_util.h b/app/test/test_cryptodev_asym_util.h
index b3d9fb4..484b967 100644
--- a/app/test/test_cryptodev_asym_util.h
+++ b/app/test/test_cryptodev_asym_util.h
@@ -7,6 +7,58 @@
 
 /* Below Apis compare resulted buffer to original test vector */
 
+/*
+ * Two functions below simulate pkcs 1.5 padding and serves only as an example,
+ * both offer no security.
+ */
+static inline int rsa_simulate_pkcs1_5_padding(int op, uint8_t *p,
+		int key_size, const uint8_t *src, int len) {
+
+	int ps_len;
+
+	if (len > key_size - 11)
+		return -1;
+	ps_len = key_size - len - 3;
+
+	*(p++) = 0;
+	*(p++) = op ? 1 : 2;
+	if (op) {
+		while (ps_len--)
+			*p = 0xFF;
+	} else {
+		while (ps_len--) {
+			*p = (uint8_t)rand();
+			*p ^= !(*p);
+			p++;
+		}
+	}
+
+	*(p++) = 0;
+	memcpy(p, src, len);
+
+	return 0;
+}
+
+static inline int rsa_simulate_strip_pkcs1_5_padding(uint8_t *src,
+		int key_size) {
+	uint8_t tmp[key_size], *orig_src = src;
+	int i = 1;
+	++src;
+	while (*(src) && i < key_size) {
+		++i;
+		++src;
+	}
+	if (i == key_size)
+		return -1;
+
+	++i;
+	++src;
+
+	memcpy(tmp, src, key_size - i);
+	memcpy(orig_src, tmp, key_size - i);
+	return key_size - i;
+}
+
 static inline int rsa_verify(struct rsa_test_data *rsa_param,
 		struct rte_crypto_op *result_op)
 {