diff mbox

[dpdk-dev,v3,4/6] test/crypto: add unit testcase for asym crypto

Message ID 1526450713-17299-5-git-send-email-shally.verma@caviumnetworks.com (mailing list archive)
State Changes Requested, archived
Delegated to: Pablo de Lara Guarch
Headers

Checks

Context Check Description
ci/checkpatch warning coding style issues
ci/Intel-compilation success Compilation OK

Commit Message

Shally Verma May 16, 2018, 6:05 a.m. UTC 
  Add unit test case to test openssl PMD asym crypto
operations. Test case invoke asymmetric operation on DPDK
Openssl PMD and cross-verify results via Openssl SW library.
Tests have been verified with openssl 1.0.2m release.

Tested for:

* RSA Encrypt, Decrypt, Sign and Verify using pre-defined
  test vectors
* Modular Inversion and Exponentiation using pre-defined
  test vectors
* Deiffie-Hellman Public key generation using pre-defined
  private key and dynamically generated test vectors
* Deffie-hellman private key generation using dynamically
  generated test vectors
* Deffie-hellman private and public key pair generation
  using xform chain and using dynamically generated test
  vectors
* Deffie-hellman shared secret compute using dynamically
  generated test vectors
* DSA Sign and Verification

Deffie-hellman testcases use run-time generated test params,
thus may take some time for execution.

Changes from v2:
- Change test application to use the renamed APIs and
  to use xform type from capability structure

Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>

---
This patch dependent on asym crypto API patches.
Please apply them before compilation
---
---
 test/test/Makefile              |    3 +-
 test/test/meson.build           |    1 +
 test/test/test_cryptodev_asym.c | 1787 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 1790 insertions(+), 1 deletion(-)

Comments

De Lara Guarch, Pablo June 17, 2018, 12:52 p.m. UTC | #1 
Hi Shally,

> -----Original Message-----
> From: Shally Verma [mailto:shally.verma@caviumnetworks.com]
> Sent: Wednesday, May 16, 2018 7:05 AM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> dev@dpdk.org; pathreya@caviumnetworks.com; Sunila Sahu
> <sunila.sahu@caviumnetworks.com>; Ashish Gupta
> <ashish.gupta@caviumnetworks.com>
> Subject: [PATCH v3 4/6] test/crypto: add unit testcase for asym crypto
> 
> Add unit test case to test openssl PMD asym crypto
> operations. Test case invoke asymmetric operation on DPDK
> Openssl PMD and cross-verify results via Openssl SW library.
> Tests have been verified with openssl 1.0.2m release.

Is it possible to run these tests without using an external library to verify the results,
like what we do with symmetric crypto? Having known answers in the test vectors?
I am not familiar with asymmetric, that's why I am asking.

Also, you are adding asymmetric support for OpenSSL PMD in the 5th patch,
So this test won't work until then.
I think it is better to change the other between patch 4 and 5.

> 
> Tested for:
> 
> * RSA Encrypt, Decrypt, Sign and Verify using pre-defined
>   test vectors
> * Modular Inversion and Exponentiation using pre-defined
>   test vectors
> * Deiffie-Hellman Public key generation using pre-defined
>   private key and dynamically generated test vectors
> * Deffie-hellman private key generation using dynamically
>   generated test vectors
> * Deffie-hellman private and public key pair generation
>   using xform chain and using dynamically generated test
>   vectors
> * Deffie-hellman shared secret compute using dynamically
>   generated test vectors
> * DSA Sign and Verification
> 
> Deffie-hellman testcases use run-time generated test params,
> thus may take some time for execution.
> 
> Changes from v2:
> - Change test application to use the renamed APIs and
>   to use xform type from capability structure
> 
> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
> Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
> Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
> 
> ---
> This patch dependent on asym crypto API patches.
> Please apply them before compilation
> ---
> ---
>  test/test/Makefile              |    3 +-
>  test/test/meson.build           |    1 +
>  test/test/test_cryptodev_asym.c | 1787
> +++++++++++++++++++++++++++++++++++++++
>  3 files changed, 1790 insertions(+), 1 deletion(-)
> 
> diff --git a/test/test/Makefile b/test/test/Makefile
> index d1a75fe92..9526b939d 100644
> --- a/test/test/Makefile
> +++ b/test/test/Makefile
> @@ -179,6 +179,7 @@ SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) +=
> test_pmd_ring_perf.c
> 
>  SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_blockcipher.c
>  SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev.c
> +SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_asym.c
> 
>  ifeq ($(CONFIG_RTE_COMPRESSDEV_TEST),y)
>  SRCS-$(CONFIG_RTE_LIBRTE_COMPRESSDEV) += test_compressdev.c
> @@ -205,7 +206,7 @@ CFLAGS += $(WERROR_FLAGS)
> 
>  CFLAGS += -D_GNU_SOURCE
> 
> -LDLIBS += -lm
> +LDLIBS += -lm -lcrypto

If openssl libcrypto is actually required, I would add a check similar to
the one just below, with compressdev, to add "-lcrypto", so
users can run the test app without this, if they don't want to test asymmetric.

>  ifeq ($(CONFIG_RTE_COMPRESSDEV_TEST),y)
>  ifeq ($(CONFIG_RTE_LIBRTE_COMPRESSDEV),y)
>  LDLIBS += -lz

..

> +++ b/test/test/test_cryptodev_asym.c
> @@ -0,0 +1,1787 @@
> +/* SPDX-License-Identifier: BSD-3-Clause
> + * Copyright(c) 2017-2018 Cavium Networks
> + */
> +
> +#include <rte_common.h>
> +#include <rte_hexdump.h>
> +#include <rte_mbuf.h>
> +#include <rte_malloc.h>
> +#include <rte_memcpy.h>
> +#include <rte_pause.h>
> +#include <rte_bus_vdev.h>
> +
> +#include <rte_crypto.h>
> +#include <rte_cryptodev.h>
> +#include <rte_cryptodev_pmd.h>
> +#include <openssl/ssl.h>

Move this to the top of the file (as it is an external library to DPDK).

> +
> +#include "test.h"
> +#include "test_cryptodev.h"

...

> +/** rsa xform using exponent key */
> +struct rte_crypto_asym_xform rsa_xform = {
> +	.next = NULL,
> +	.xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> +	.rsa = {
> +		.n = {
> +		.data =
> +		(uint8_t *)
> +

For better consistency, could you use the format used above (0x00, 0xB3, 0xA1...)?

> 	("\x00\xb3\xa1\xaf\xb7\x13\x08\x00\x0a\x35\xdc\x2b\x20\x8d"

...

> +#pragma GCC diagnostic pop
> +
> +static int
> +test_rsa(struct rsa_test_data *t)

...

> +	rsa->n =
> +		BN_bin2bn(
> +			(const unsigned char *)rsa_xform.rsa.n.data,
> +			rsa_xform.rsa.n.length,
> +			rsa->n);

I am getting a compilation error:

/test/test/test_cryptodev_asym.c:322:5: error:
dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
  rsa->n =
     ^~

My OpenSSL version is 1.1.0h.

Thanks,
Pablo
Verma, Shally June 17, 2018, 3:01 p.m. UTC | #2 
Hi Pablo

>-----Original Message-----
>From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
>Sent: 17 June 2018 18:23
>To: Verma, Shally <Shally.Verma@cavium.com>
>Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>Subject: RE: [PATCH v3 4/6] test/crypto: add unit testcase for asym crypto
>
>External Email
>
>Hi Shally,
>
>> -----Original Message-----
>> From: Shally Verma [mailto:shally.verma@caviumnetworks.com]
>> Sent: Wednesday, May 16, 2018 7:05 AM
>> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
>> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
>> dev@dpdk.org; pathreya@caviumnetworks.com; Sunila Sahu
>> <sunila.sahu@caviumnetworks.com>; Ashish Gupta
>> <ashish.gupta@caviumnetworks.com>
>> Subject: [PATCH v3 4/6] test/crypto: add unit testcase for asym crypto
>>
>> Add unit test case to test openssl PMD asym crypto
>> operations. Test case invoke asymmetric operation on DPDK
>> Openssl PMD and cross-verify results via Openssl SW library.
>> Tests have been verified with openssl 1.0.2m release.
>
>Is it possible to run these tests without using an external library to verify the results,
>like what we do with symmetric crypto? Having known answers in the test vectors?
>I am not familiar with asymmetric, that's why I am asking.
>
[Shally] I prefer to have it cross verified using an independent library module, that's the reason I kept design that way.

>Also, you are adding asymmetric support for OpenSSL PMD in the 5th patch,
>So this test won't work until then.
>I think it is better to change the other between patch 4 and 5.
[Shally] Ok

>
>>

//snip

>>
>> -LDLIBS += -lm
>> +LDLIBS += -lm -lcrypto
>
>If openssl libcrypto is actually required, I would add a check similar to
>the one just below, with compressdev, to add "-lcrypto", so
>users can run the test app without this, if they don't want to test asymmetric.
>
>>  ifeq ($(CONFIG_RTE_COMPRESSDEV_TEST),y)
>>  ifeq ($(CONFIG_RTE_LIBRTE_COMPRESSDEV),y)
>>  LDLIBS += -lz
>
[Shally] You mean add another config option for Asymmetric test?

>..
>

//snip

>> +#include <rte_crypto.h>
>> +#include <rte_cryptodev.h>
>> +#include <rte_cryptodev_pmd.h>
>> +#include <openssl/ssl.h>
>
>Move this to the top of the file (as it is an external library to DPDK).
>
[Shally] Ok

>> +
>> +#include "test.h"
>> +#include "test_cryptodev.h"
>
>...
>
>> +/** rsa xform using exponent key */
>> +struct rte_crypto_asym_xform rsa_xform = {
>> +     .next = NULL,
>> +     .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
>> +     .rsa = {
>> +             .n = {
>> +             .data =
>> +             (uint8_t *)
>> +
>
>For better consistency, could you use the format used above (0x00, 0xB3, 0xA1...)?
>
>>       ("\x00\xb3\xa1\xaf\xb7\x13\x08\x00\x0a\x35\xdc\x2b\x20\x8d"
[Shally] Ok. 

>
>...
>
>> +#pragma GCC diagnostic pop
>> +
>> +static int
>> +test_rsa(struct rsa_test_data *t)
>
>...
>
>> +     rsa->n =
>> +             BN_bin2bn(
>> +                     (const unsigned char *)rsa_xform.rsa.n.data,
>> +                     rsa_xform.rsa.n.length,
>> +                     rsa->n);
>
>I am getting a compilation error:
>
>/test/test/test_cryptodev_asym.c:322:5: error:
>dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
>  rsa->n =
>     ^~
>
>My OpenSSL version is 1.1.0h.
>
[Shally] This library is tested with version 1.0.2m (mentioned above) and also one supported by openssl PMD . So, you need to take similar version.

Thanks for review.
Shally

>Thanks,
>Pablo
De Lara Guarch, Pablo June 17, 2018, 7:31 p.m. UTC | #3 
> -----Original Message-----
> From: Verma, Shally [mailto:Shally.Verma@cavium.com]
> Sent: Sunday, June 17, 2018 4:01 PM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> dev@dpdk.org; Athreya, Narayana Prasad
> <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
> <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
> Subject: RE: [PATCH v3 4/6] test/crypto: add unit testcase for asym crypto
> 
> Hi Pablo
> 
> >-----Original Message-----
> >From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
> >Sent: 17 June 2018 18:23
> >To: Verma, Shally <Shally.Verma@cavium.com>
> >Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> >dev@dpdk.org; Athreya, Narayana Prasad
> ><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
> ><Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
> >Subject: RE: [PATCH v3 4/6] test/crypto: add unit testcase for asym
> >crypto
> >
> >External Email
> >
> >Hi Shally,
> >
> >> -----Original Message-----
> >> From: Shally Verma [mailto:shally.verma@caviumnetworks.com]
> >> Sent: Wednesday, May 16, 2018 7:05 AM
> >> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> >> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> >> dev@dpdk.org; pathreya@caviumnetworks.com; Sunila Sahu
> >> <sunila.sahu@caviumnetworks.com>; Ashish Gupta
> >> <ashish.gupta@caviumnetworks.com>
> >> Subject: [PATCH v3 4/6] test/crypto: add unit testcase for asym
> >> crypto
> >>
> >> Add unit test case to test openssl PMD asym crypto operations. Test
> >> case invoke asymmetric operation on DPDK Openssl PMD and cross-verify
> >> results via Openssl SW library.
> >> Tests have been verified with openssl 1.0.2m release.
> >
> >Is it possible to run these tests without using an external library to
> >verify the results, like what we do with symmetric crypto? Having known
> answers in the test vectors?
> >I am not familiar with asymmetric, that's why I am asking.
> >
> [Shally] I prefer to have it cross verified using an independent library module,
> that's the reason I kept design that way.
> 
> >Also, you are adding asymmetric support for OpenSSL PMD in the 5th
> >patch, So this test won't work until then.
> >I think it is better to change the other between patch 4 and 5.
> [Shally] Ok
> 
> >
> >>
> 
> //snip
> 
> >>
> >> -LDLIBS += -lm
> >> +LDLIBS += -lm -lcrypto
> >
> >If openssl libcrypto is actually required, I would add a check similar
> >to the one just below, with compressdev, to add "-lcrypto", so users
> >can run the test app without this, if they don't want to test asymmetric.
> >
> >>  ifeq ($(CONFIG_RTE_COMPRESSDEV_TEST),y)
> >>  ifeq ($(CONFIG_RTE_LIBRTE_COMPRESSDEV),y)
> >>  LDLIBS += -lz
> >
> [Shally] You mean add another config option for Asymmetric test?

At least check for CRYPTODEV, but since this is enabled by default,
I think we need an RTE_CRYPTODEV_ASYM_TEST flag.

> 
> >..
> >
> 
> //snip
> 
> >> +#include <rte_crypto.h>
> >> +#include <rte_cryptodev.h>
> >> +#include <rte_cryptodev_pmd.h>
> >> +#include <openssl/ssl.h>
> >
> >Move this to the top of the file (as it is an external library to DPDK).
> >
> [Shally] Ok
> 
> >> +
> >> +#include "test.h"
> >> +#include "test_cryptodev.h"
> >
> >...
> >
> >> +/** rsa xform using exponent key */
> >> +struct rte_crypto_asym_xform rsa_xform = {
> >> +     .next = NULL,
> >> +     .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> >> +     .rsa = {
> >> +             .n = {
> >> +             .data =
> >> +             (uint8_t *)
> >> +
> >
> >For better consistency, could you use the format used above (0x00, 0xB3,
> 0xA1...)?
> >
> >>       ("\x00\xb3\xa1\xaf\xb7\x13\x08\x00\x0a\x35\xdc\x2b\x20\x8d"
> [Shally] Ok.
> 
> >
> >...
> >
> >> +#pragma GCC diagnostic pop
> >> +
> >> +static int
> >> +test_rsa(struct rsa_test_data *t)
> >
> >...
> >
> >> +     rsa->n =
> >> +             BN_bin2bn(
> >> +                     (const unsigned char *)rsa_xform.rsa.n.data,
> >> +                     rsa_xform.rsa.n.length,
> >> +                     rsa->n);
> >
> >I am getting a compilation error:
> >
> >/test/test/test_cryptodev_asym.c:322:5: error:
> >dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
> >  rsa->n =
> >     ^~
> >
> >My OpenSSL version is 1.1.0h.
> >
> [Shally] This library is tested with version 1.0.2m (mentioned above) and also
> one supported by openssl PMD . So, you need to take similar version.

I'd say we should support the latest stable version of OpenSSL.
Could you get the latest 1.1.0?

Thanks,
Pablo
Verma, Shally June 18, 2018, 5:40 a.m. UTC | #4 
Hi Pablo

>-----Original Message-----
>From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
>Sent: 18 June 2018 01:01
>To: Verma, Shally <Shally.Verma@cavium.com>
>Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>Subject: RE: [PATCH v3 4/6] test/crypto: add unit testcase for asym crypto
>
>External Email
>
//snip 

>> >>  ifeq ($(CONFIG_RTE_COMPRESSDEV_TEST),y)
>> >>  ifeq ($(CONFIG_RTE_LIBRTE_COMPRESSDEV),y)
>> >>  LDLIBS += -lz
>> >
>> [Shally] You mean add another config option for Asymmetric test?
>
>At least check for CRYPTODEV, but since this is enabled by default,
>I think we need an RTE_CRYPTODEV_ASYM_TEST flag.

[Shally] OK. Will look into this.

>
>>
>> >..

//snip

>> >> +#pragma GCC diagnostic pop
>> >> +
>> >> +static int
>> >> +test_rsa(struct rsa_test_data *t)
>> >
>> >...
>> >
>> >> +     rsa->n =
>> >> +             BN_bin2bn(
>> >> +                     (const unsigned char *)rsa_xform.rsa.n.data,
>> >> +                     rsa_xform.rsa.n.length,
>> >> +                     rsa->n);
>> >
>> >I am getting a compilation error:
>> >
>> >/test/test/test_cryptodev_asym.c:322:5: error:
>> >dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
>> >  rsa->n =
>> >     ^~
>> >
>> >My OpenSSL version is 1.1.0h.
>> >
>> [Shally] This library is tested with version 1.0.2m (mentioned above) and also
>> one supported by openssl PMD . So, you need to take similar version.
>
>I'd say we should support the latest stable version of OpenSSL.
>Could you get the latest 1.1.0?
[Shally] Openssl PMD uses 1.0.2h. If we move test to 1.1.0 then dpdk would need to be set
to link to two different version of libcrypto whenever openssl PMD is enabled which seems like a cumbersome process for users.
So I recommend for now to stick to one version.

Thanks
Shally

>
>Thanks,
>Pablo
Akhil Goyal June 18, 2018, 6:39 a.m. UTC | #5 
Hi Shally,
On 6/18/2018 11:10 AM, Verma, Shally wrote:
> Hi Pablo
>
>> -----Original Message-----
>> From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
>> Sent: 18 June 2018 01:01
>> To: Verma, Shally <Shally.Verma@cavium.com>
>> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
>> <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>> Subject: RE: [PATCH v3 4/6] test/crypto: add unit testcase for asym crypto
>>
>> External Email
>>
> //snip
>
>>>>>  ifeq ($(CONFIG_RTE_COMPRESSDEV_TEST),y)
>>>>>  ifeq ($(CONFIG_RTE_LIBRTE_COMPRESSDEV),y)
>>>>>  LDLIBS += -lz
>>>>
>>> [Shally] You mean add another config option for Asymmetric test?
>>
>> At least check for CRYPTODEV, but since this is enabled by default,
>> I think we need an RTE_CRYPTODEV_ASYM_TEST flag.
>
> [Shally] OK. Will look into this.
>
>>
>>>
>>>> ..
>
> //snip
>
>>>>> +#pragma GCC diagnostic pop
>>>>> +
>>>>> +static int
>>>>> +test_rsa(struct rsa_test_data *t)
>>>>
>>>> ...
>>>>
>>>>> +     rsa->n =
>>>>> +             BN_bin2bn(
>>>>> +                     (const unsigned char *)rsa_xform.rsa.n.data,
>>>>> +                     rsa_xform.rsa.n.length,
>>>>> +                     rsa->n);
>>>>
>>>> I am getting a compilation error:
>>>>
>>>> /test/test/test_cryptodev_asym.c:322:5: error:
>>>> dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
>>>>  rsa->n =
>>>>     ^~
>>>>
>>>> My OpenSSL version is 1.1.0h.
>>>>
>>> [Shally] This library is tested with version 1.0.2m (mentioned above) and also
>>> one supported by openssl PMD . So, you need to take similar version.
>>
>> I'd say we should support the latest stable version of OpenSSL.
>> Could you get the latest 1.1.0?
> [Shally] Openssl PMD uses 1.0.2h. If we move test to 1.1.0 then dpdk would need to be set
> to link to two different version of libcrypto whenever openssl PMD is enabled which seems like a cumbersome process for users.
> So I recommend for now to stick to one version.
>

OpenSSL PMD can get compiled/linked with any of the versions 1.0.2 or 
1.1. We cannot control the above applications which version it is using. 
So we should not add limitation for openssl version. Please check below 
snippet in the PMD if this is suitable in your case.

+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+static HMAC_CTX *HMAC_CTX_new(void)
+{
+       HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+
+       if (ctx != NULL)
+               HMAC_CTX_init(ctx);
+       return ctx;
+}
+
+static void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+       if (ctx != NULL) {
+               HMAC_CTX_cleanup(ctx);
+               OPENSSL_free(ctx);
+       }
+}
+#endif


> Thanks
> Shally
>
>>
>> Thanks,
>> Pablo
Verma, Shally June 18, 2018, 6:48 a.m. UTC | #6 
Hi

>-----Original Message-----
>From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>Sent: 18 June 2018 12:10
>To: Verma, Shally <Shally.Verma@cavium.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
>Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>Subject: Re: [dpdk-dev] [PATCH v3 4/6] test/crypto: add unit testcase for asym crypto
>

//snip

>>>>>> +static int
>>>>>> +test_rsa(struct rsa_test_data *t)
>>>>>
>>>>> ...
>>>>>
>>>>>> +     rsa->n =
>>>>>> +             BN_bin2bn(
>>>>>> +                     (const unsigned char *)rsa_xform.rsa.n.data,
>>>>>> +                     rsa_xform.rsa.n.length,
>>>>>> +                     rsa->n);
>>>>>
>>>>> I am getting a compilation error:
>>>>>
>>>>> /test/test/test_cryptodev_asym.c:322:5: error:
>>>>> dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
>>>>>  rsa->n =
>>>>>     ^~
>>>>>
>>>>> My OpenSSL version is 1.1.0h.
>>>>>
>>>> [Shally] This library is tested with version 1.0.2m (mentioned above) and also
>>>> one supported by openssl PMD . So, you need to take similar version.
>>>
>>> I'd say we should support the latest stable version of OpenSSL.
>>> Could you get the latest 1.1.0?
>> [Shally] Openssl PMD uses 1.0.2h. If we move test to 1.1.0 then dpdk would need to be set
>> to link to two different version of libcrypto whenever openssl PMD is enabled which seems like a cumbersome process for users.
>> So I recommend for now to stick to one version.
>>
>
>OpenSSL PMD can get compiled/linked with any of the versions 1.0.2 or
>1.1. We cannot control the above applications which version it is using.
>So we should not add limitation for openssl version. Please check below
>snippet in the PMD if this is suitable in your case.
>
>+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
>+static HMAC_CTX *HMAC_CTX_new(void)
>+{
>+       HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
>+
>+       if (ctx != NULL)
>+               HMAC_CTX_init(ctx);
>+       return ctx;
>+}
>+
>+static void HMAC_CTX_free(HMAC_CTX *ctx)
>+{
>+       if (ctx != NULL) {
>+               HMAC_CTX_cleanup(ctx);
>+               OPENSSL_free(ctx);
>+       }
>+}
>+#endif
>
[Shally] Are we just planning to make PMD/test compatible for all lib versions? Won't it then be too many version compatibility checks in PMD/test and a maintainability issue than having implementation mentioned to be compatible with specific version?

>
>> Thanks
>> Shally
>>
>>>
>>> Thanks,
>>> Pablo
Akhil Goyal June 18, 2018, 7:34 a.m. UTC | #7 
Hi Shally,
On 6/18/2018 12:18 PM, Verma, Shally wrote:
> Hi
>
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>> Sent: 18 June 2018 12:10
>> To: Verma, Shally <Shally.Verma@cavium.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
>> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
>> <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>> Subject: Re: [dpdk-dev] [PATCH v3 4/6] test/crypto: add unit testcase for asym crypto
>>
>
> //snip
>
>>>>>>> +static int
>>>>>>> +test_rsa(struct rsa_test_data *t)
>>>>>>
>>>>>> ...
>>>>>>
>>>>>>> +     rsa->n =
>>>>>>> +             BN_bin2bn(
>>>>>>> +                     (const unsigned char *)rsa_xform.rsa.n.data,
>>>>>>> +                     rsa_xform.rsa.n.length,
>>>>>>> +                     rsa->n);
>>>>>>
>>>>>> I am getting a compilation error:
>>>>>>
>>>>>> /test/test/test_cryptodev_asym.c:322:5: error:
>>>>>> dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
>>>>>>  rsa->n =
>>>>>>     ^~
>>>>>>
>>>>>> My OpenSSL version is 1.1.0h.
>>>>>>
>>>>> [Shally] This library is tested with version 1.0.2m (mentioned above) and also
>>>>> one supported by openssl PMD . So, you need to take similar version.
>>>>
>>>> I'd say we should support the latest stable version of OpenSSL.
>>>> Could you get the latest 1.1.0?
>>> [Shally] Openssl PMD uses 1.0.2h. If we move test to 1.1.0 then dpdk would need to be set
>>> to link to two different version of libcrypto whenever openssl PMD is enabled which seems like a cumbersome process for users.
>>> So I recommend for now to stick to one version.
>>>
>>
>> OpenSSL PMD can get compiled/linked with any of the versions 1.0.2 or
>> 1.1. We cannot control the above applications which version it is using.
>> So we should not add limitation for openssl version. Please check below
>> snippet in the PMD if this is suitable in your case.
>>
>> +#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
>> +static HMAC_CTX *HMAC_CTX_new(void)
>> +{
>> +       HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
>> +
>> +       if (ctx != NULL)
>> +               HMAC_CTX_init(ctx);
>> +       return ctx;
>> +}
>> +
>> +static void HMAC_CTX_free(HMAC_CTX *ctx)
>> +{
>> +       if (ctx != NULL) {
>> +               HMAC_CTX_cleanup(ctx);
>> +               OPENSSL_free(ctx);
>> +       }
>> +}
>> +#endif
>>
> [Shally] Are we just planning to make PMD/test compatible for all lib versions? Won't it then be too many version compatibility checks in PMD/test and a maintainability issue than having implementation mentioned to be compatible with specific version?
>

I think we should at least support the latest stable version. As per the 
openssl website "The latest stable version is the 1.1.0 series. The 
1.0.2 series is our Long Term Support (LTS) release, supported until 
31st December 2019". I think Pablo also suggested to support openssl 1.1.

Thanks,
Akhil
>>
>>> Thanks
>>> Shally
>>>
>>>>
>>>> Thanks,
>>>> Pablo
>
De Lara Guarch, Pablo June 18, 2018, 8:38 a.m. UTC | #8 
Hi,

> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Monday, June 18, 2018 8:35 AM
> To: Verma, Shally <Shally.Verma@cavium.com>; Akhil Goyal
> <akhil.goyal@nxp.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; dev@dpdk.org; Athreya, Narayana
> Prasad <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
> <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
> Subject: Re: [dpdk-dev] [PATCH v3 4/6] test/crypto: add unit testcase for asym
> crypto
> 
> Hi Shally,
> On 6/18/2018 12:18 PM, Verma, Shally wrote:
> > Hi
> >
> >> -----Original Message-----
> >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >> Sent: 18 June 2018 12:10
> >> To: Verma, Shally <Shally.Verma@cavium.com>; De Lara Guarch, Pablo
> >> <pablo.de.lara.guarch@intel.com>
> >> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> >> dev@dpdk.org; Athreya, Narayana Prasad
> >> <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
> >> <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
> >> Subject: Re: [dpdk-dev] [PATCH v3 4/6] test/crypto: add unit testcase
> >> for asym crypto
> >>
> >
> > //snip
> >
> >>>>>>> +static int
> >>>>>>> +test_rsa(struct rsa_test_data *t)
> >>>>>>
> >>>>>> ...
> >>>>>>
> >>>>>>> +     rsa->n =
> >>>>>>> +             BN_bin2bn(
> >>>>>>> +                     (const unsigned char *)rsa_xform.rsa.n.data,
> >>>>>>> +                     rsa_xform.rsa.n.length,
> >>>>>>> +                     rsa->n);
> >>>>>>
> >>>>>> I am getting a compilation error:
> >>>>>>
> >>>>>> /test/test/test_cryptodev_asym.c:322:5: error:
> >>>>>> dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
> >>>>>>  rsa->n =
> >>>>>>     ^~
> >>>>>>
> >>>>>> My OpenSSL version is 1.1.0h.
> >>>>>>
> >>>>> [Shally] This library is tested with version 1.0.2m (mentioned
> >>>>> above) and also one supported by openssl PMD . So, you need to take
> similar version.
> >>>>
> >>>> I'd say we should support the latest stable version of OpenSSL.
> >>>> Could you get the latest 1.1.0?
> >>> [Shally] Openssl PMD uses 1.0.2h. If we move test to 1.1.0 then dpdk
> >>> would need to be set to link to two different version of libcrypto whenever
> openssl PMD is enabled which seems like a cumbersome process for users.
> >>> So I recommend for now to stick to one version.
> >>>
> >>
> >> OpenSSL PMD can get compiled/linked with any of the versions 1.0.2 or
> >> 1.1. We cannot control the above applications which version it is using.
> >> So we should not add limitation for openssl version. Please check
> >> below snippet in the PMD if this is suitable in your case.
> >>
> >> +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) static HMAC_CTX
> >> +*HMAC_CTX_new(void) {
> >> +       HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
> >> +
> >> +       if (ctx != NULL)
> >> +               HMAC_CTX_init(ctx);
> >> +       return ctx;
> >> +}
> >> +
> >> +static void HMAC_CTX_free(HMAC_CTX *ctx) {
> >> +       if (ctx != NULL) {
> >> +               HMAC_CTX_cleanup(ctx);
> >> +               OPENSSL_free(ctx);
> >> +       }
> >> +}
> >> +#endif
> >>
> > [Shally] Are we just planning to make PMD/test compatible for all lib versions?
> Won't it then be too many version compatibility checks in PMD/test and a
> maintainability issue than having implementation mentioned to be compatible
> with specific version?
> >
> 
> I think we should at least support the latest stable version. As per the openssl
> website "The latest stable version is the 1.1.0 series. The
> 1.0.2 series is our Long Term Support (LTS) release, supported until 31st
> December 2019". I think Pablo also suggested to support openssl 1.1.

I think we should keep supporting OpenSSL 1.1, even though our documentation
says that we support up to 1.0.2 (which we should fix!).
Knowing that Ubuntu and Fedora have 1.1 version in their latest versions,
I think it is a good idea to keep supporting this,
As many users will be using this version and we would be breaking their code if he change this.

Thanks,
Pablo

> 
> Thanks,
> Akhil
> >>
> >>> Thanks
> >>> Shally
> >>>
> >>>>
> >>>> Thanks,
> >>>> Pablo
> >
Verma, Shally June 18, 2018, 4:22 p.m. UTC | #9 
>-----Original Message-----
>From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
>Sent: 18 June 2018 14:09
>To: Akhil Goyal <akhil.goyal@nxp.com>; Verma, Shally <Shally.Verma@cavium.com>
>Cc: Trahe, Fiona <fiona.trahe@intel.com>; dev@dpdk.org; Athreya, Narayana Prasad <NarayanaPrasad.Athreya@cavium.com>; Sahu,
>Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>Subject: RE: [dpdk-dev] [PATCH v3 4/6] test/crypto: add unit testcase for asym crypto
>
//snip

>> >>>>>>> +static int
>> >>>>>>> +test_rsa(struct rsa_test_data *t)
>> >>>>>>
>> >>>>>> ...
>> >>>>>>
>> >>>>>>> +     rsa->n =
>> >>>>>>> +             BN_bin2bn(
>> >>>>>>> +                     (const unsigned char *)rsa_xform.rsa.n.data,
>> >>>>>>> +                     rsa_xform.rsa.n.length,
>> >>>>>>> +                     rsa->n);
>> >>>>>>
>> >>>>>> I am getting a compilation error:
>> >>>>>>
>> >>>>>> /test/test/test_cryptodev_asym.c:322:5: error:
>> >>>>>> dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
>> >>>>>>  rsa->n =
>> >>>>>>     ^~
>> >>>>>>
>> >>>>>> My OpenSSL version is 1.1.0h.
>> >>>>>>
>> >>>>> [Shally] This library is tested with version 1.0.2m (mentioned
>> >>>>> above) and also one supported by openssl PMD . So, you need to take
>> similar version.
>> >>>>
>> >>>> I'd say we should support the latest stable version of OpenSSL.
>> >>>> Could you get the latest 1.1.0?
>> >>> [Shally] Openssl PMD uses 1.0.2h. If we move test to 1.1.0 then dpdk
>> >>> would need to be set to link to two different version of libcrypto whenever
>> openssl PMD is enabled which seems like a cumbersome process for users.
>> >>> So I recommend for now to stick to one version.
>> >>>
>> >>
>> >> OpenSSL PMD can get compiled/linked with any of the versions 1.0.2 or
>> >> 1.1. We cannot control the above applications which version it is using.
>> >> So we should not add limitation for openssl version. Please check
>> >> below snippet in the PMD if this is suitable in your case.
>> >>
>> >> +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) static HMAC_CTX
>> >> +*HMAC_CTX_new(void) {
>> >> +       HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
>> >> +
>> >> +       if (ctx != NULL)
>> >> +               HMAC_CTX_init(ctx);
>> >> +       return ctx;
>> >> +}
>> >> +
>> >> +static void HMAC_CTX_free(HMAC_CTX *ctx) {
>> >> +       if (ctx != NULL) {
>> >> +               HMAC_CTX_cleanup(ctx);
>> >> +               OPENSSL_free(ctx);
>> >> +       }
>> >> +}
>> >> +#endif
>> >>
>> > [Shally] Are we just planning to make PMD/test compatible for all lib versions?
>> Won't it then be too many version compatibility checks in PMD/test and a
>> maintainability issue than having implementation mentioned to be compatible
>> with specific version?
>> >
>>
>> I think we should at least support the latest stable version. As per the openssl
>> website "The latest stable version is the 1.1.0 series. The
>> 1.0.2 series is our Long Term Support (LTS) release, supported until 31st
>> December 2019". I think Pablo also suggested to support openssl 1.1.
>
>I think we should keep supporting OpenSSL 1.1, even though our documentation
>says that we support up to 1.0.2 (which we should fix!).
>Knowing that Ubuntu and Fedora have 1.1 version in their latest versions,
>I think it is a good idea to keep supporting this,
>As many users will be using this version and we would be breaking their code if he change this.

[Shally] Will look into this .

>
>Thanks,
>Pablo
>
>>
>> Thanks,
>> Akhil
>> >>
>> >>> Thanks
>> >>> Shally
>> >>>
>> >>>>
>> >>>> Thanks,
>> >>>> Pablo
>> >
diff mbox

Patch

diff --git a/test/test/Makefile b/test/test/Makefile
index d1a75fe92..9526b939d 100644
--- a/test/test/Makefile
+++ b/test/test/Makefile
@@ -179,6 +179,7 @@  SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring_perf.c
 
 SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_blockcipher.c
 SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev.c
+SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_asym.c
 
 ifeq ($(CONFIG_RTE_COMPRESSDEV_TEST),y)
 SRCS-$(CONFIG_RTE_LIBRTE_COMPRESSDEV) += test_compressdev.c
@@ -205,7 +206,7 @@  CFLAGS += $(WERROR_FLAGS)
 
 CFLAGS += -D_GNU_SOURCE
 
-LDLIBS += -lm
+LDLIBS += -lm -lcrypto
 ifeq ($(CONFIG_RTE_COMPRESSDEV_TEST),y)
 ifeq ($(CONFIG_RTE_LIBRTE_COMPRESSDEV),y)
 LDLIBS += -lz
diff --git a/test/test/meson.build b/test/test/meson.build
index 3c8edf521..85bb90a42 100644
--- a/test/test/meson.build
+++ b/test/test/meson.build
@@ -21,6 +21,7 @@  test_sources = files('commands.c',
 	'test_cpuflags.c',
 	'test_crc.c',
 	'test_cryptodev.c',
+	'test_cryptodev_asym.c',
 	'test_cryptodev_blockcipher.c',
 	'test_cycles.c',
 	'test_debug.c',
diff --git a/test/test/test_cryptodev_asym.c b/test/test/test_cryptodev_asym.c
new file mode 100644
index 000000000..a904c2785
--- /dev/null
+++ b/test/test/test_cryptodev_asym.c
@@ -0,0 +1,1787 @@ 
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2017-2018 Cavium Networks
+ */
+
+#include <rte_common.h>
+#include <rte_hexdump.h>
+#include <rte_mbuf.h>
+#include <rte_malloc.h>
+#include <rte_memcpy.h>
+#include <rte_pause.h>
+#include <rte_bus_vdev.h>
+
+#include <rte_crypto.h>
+#include <rte_cryptodev.h>
+#include <rte_cryptodev_pmd.h>
+#include <openssl/ssl.h>
+
+#include "test.h"
+#include "test_cryptodev.h"
+
+#define TEST_DATA_SIZE 4096
+#define TEST_NUM_BUFS 10
+#define TEST_NUM_SESSIONS 4
+#define ASYM_TEST_MSG_LEN	256
+#define TEST_DH_MOD_LEN 1024
+
+static int gbl_driver_id;
+struct crypto_testsuite_params {
+	struct rte_mempool *op_mpool;
+	struct rte_mempool *session_mpool;
+	struct rte_cryptodev_config conf;
+	struct rte_cryptodev_qp_conf qp_conf;
+	uint8_t valid_devs[RTE_CRYPTO_MAX_DEVS];
+	uint8_t valid_dev_count;
+};
+
+struct crypto_unittest_params {
+	struct rte_cryptodev_asym_session *sess;
+	struct rte_crypto_op *op;
+};
+
+static struct crypto_testsuite_params testsuite_params = { NULL };
+
+struct rsa_test_data {
+	enum rte_crypto_asym_op_type op_type;
+
+	struct {
+		uint8_t data[TEST_DATA_SIZE];
+		unsigned int len;
+	} plainText;
+	struct {
+		uint8_t data[TEST_DATA_SIZE];
+		unsigned int len;
+	} encryptedText;
+	struct {
+		uint8_t data[TEST_DATA_SIZE];
+		unsigned int len;
+	} signText;
+};
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+
+static unsigned char base[] = {	0xF8, 0xBA, 0x1A, 0x55, 0xD0, 0x2F, 0x85,
+				0xAE, 0x96, 0x7B, 0xB6, 0x2F, 0xB6, 0xCD,
+				0xA8, 0xEB, 0x7E, 0x78, 0xA0, 0x50 };
+
+static struct rsa_test_data rsa_test_case = {
+	.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT,
+	.plainText = {
+		.data = {
+			0xF8, 0xBA, 0x1A, 0x55, 0xD0, 0x2F, 0x85, 0xAE,
+			0x96, 0x7B, 0xB6, 0x2F, 0xB6, 0xCD, 0xA8, 0xEB,
+			0x7E, 0x78, 0xA0, 0x50
+		},
+		.len = 20
+	},
+	.encryptedText = {
+		.data = {
+			0x4B, 0x22, 0x88, 0xF1, 0x91, 0x5A, 0x6A, 0xCC,
+			0x75, 0xD6, 0x40, 0xE3, 0x58, 0xCA, 0xC8, 0x70,
+			0x9B, 0x2B, 0xC7, 0x36, 0x1F, 0xAE, 0x38, 0xF3,
+			0x97, 0xA6, 0xEE, 0xA7, 0xDB, 0xFF, 0x9F, 0x09,
+			0x73, 0x1A, 0x2F, 0x01, 0xFA, 0xAF, 0x77, 0x09,
+			0xE1, 0x8D, 0x3E, 0x2D, 0x1D, 0x45, 0x15, 0x66,
+			0xE1, 0x79, 0xD7, 0xC6, 0x94, 0x1D, 0x54, 0xBF,
+			0xDD, 0xAB, 0x46, 0x34, 0xC7, 0x55, 0x62, 0x5B,
+			0x9D, 0xBD, 0x28, 0xDB, 0x46, 0x0D, 0x2D, 0x3D,
+			0x41, 0x46, 0xDA, 0x45, 0x31, 0x78, 0xD5, 0xE7,
+			0x2C, 0xA4, 0x1F, 0x73, 0xBE, 0x62, 0x41, 0x2C,
+			0x5C, 0x8D, 0x0D, 0xFA, 0xCC, 0x4C, 0xC1, 0x69,
+			0x90, 0xC9, 0x50, 0x21, 0x20, 0x90, 0x72, 0x70,
+			0x55, 0xA0, 0x25, 0x11, 0x5B, 0x96, 0x96, 0x07,
+			0x98, 0x90, 0x10, 0x81, 0x9E, 0x32, 0x16, 0x02,
+			0x6F, 0x52, 0xCF, 0xDB, 0x57, 0x9C, 0x57, 0xD2
+		},
+		.len = 128
+	},
+	.signText = {
+		.data = {
+			0x2F, 0x42, 0xB3, 0xB1, 0x7F, 0xA8, 0x66, 0x00,
+			0xC6, 0xB4, 0x7D, 0x12, 0x67, 0x5F, 0x94, 0xF7,
+			0x25, 0xD6, 0x7E, 0x14, 0xE4, 0xC2, 0x63, 0xB2,
+			0xDC, 0x1B, 0x13, 0xC0, 0xDA, 0xDA, 0x0D, 0x32,
+			0x9B, 0xF4, 0x8A, 0x62, 0x90, 0xE7, 0xB3, 0xF3,
+			0xBB, 0x5A, 0xAB, 0x5F, 0xF8, 0xAF, 0xF4, 0x19,
+			0x0D, 0xA5, 0x66, 0x25, 0x95, 0x69, 0x57, 0x43,
+			0x87, 0x44, 0xB0, 0x92, 0x1A, 0x39, 0xA6, 0x97,
+			0x06, 0xFD, 0xF3, 0x20, 0x72, 0xFB, 0xEA, 0xEF,
+			0xCF, 0xD1, 0x88, 0xCA, 0x23, 0x26, 0xA9, 0xA9,
+			0x22, 0xCD, 0xA0, 0x10, 0xF9, 0x14, 0x28, 0xC7,
+			0x0E, 0x82, 0xE1, 0xCD, 0xC3, 0x31, 0x0F, 0x75,
+			0x6D, 0x69, 0xCD, 0x55, 0x30, 0xA3, 0x26, 0xCB,
+			0xF8, 0xBC, 0xF3, 0xC5, 0xFA, 0xD7, 0x7E, 0x51,
+			0x81, 0xC9, 0x5C, 0x9F, 0x2A, 0x40, 0x40, 0x83,
+			0xB3, 0xBA, 0xDB, 0x94, 0x2D, 0x31, 0x1C, 0xF8
+
+		},
+		.len = 128
+	}
+};
+
+/** rsa xform using exponent key */
+struct rte_crypto_asym_xform rsa_xform = {
+	.next = NULL,
+	.xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
+	.rsa = {
+		.n = {
+		.data =
+		(uint8_t *)
+		("\x00\xb3\xa1\xaf\xb7\x13\x08\x00\x0a\x35\xdc\x2b\x20\x8d"
+		"\xa1\xb5\xce\x47\x8a\xc3\x80\xf4\x7d\x4a\xa2\x62\xfd\x61\x7f"
+		"\xb5\xa8\xde\x0a\x17\x97\xa0\xbf\xdf\x56\x5a\x3d\x51\x56\x4f"
+		"\x70\x70\x3f\x63\x6a\x44\x5b\xad\x84\x0d\x3f\x27\x6e\x3b\x34"
+		"\x91\x60\x14\xb9\xaa\x72\xfd\xa3\x64\xd2\x03\xa7\x53\x87\x9e"
+		"\x88\x0b\xc1\x14\x93\x1a\x62\xff\xb1\x5d\x74\xcd\x59\x63\x18"
+		"\x11\x3d\x4f\xba\x75\xd4\x33\x4e\x23\x6b\x7b\x57\x44\xe1\xd3"
+		"\x03\x13\xa6\xf0\x8b\x60\xb0\x9e\xee\x75\x08\x9d\x71\x63\x13"
+		"\xcb\xa6\x81\x92\x14\x03\x22\x2d\xde\x55"),
+		.length = 129
+		},
+		.e = {
+		.data = (uint8_t *)("\x01\x00\x01"),
+		.length = 3
+		},
+		.key_type = RTE_RSA_KEY_TYPE_EXP,
+		{
+		.d = {
+		.data =
+		(uint8_t *)
+		("\x24\xd7\xea\xf4\x7f\xe0\xca\x31\x4d\xee\xc4\xa1\xbe\xab\x06"
+		"\x61\x32\xe7\x51\x46\x27\xdf\x72\xe9\x6f\xa8\x4c\xd1\x26\xef"
+		"\x65\xeb\x67\xff\x5f\xa7\x3b\x25\xb9\x08\x8e\xa0\x47\x56\xe6"
+		"\x8e\xf9\xd3\x18\x06\x3d\xc6\xb1\xf8\xdc\x1b\x8d\xe5\x30\x54"
+		"\x26\xac\x16\x3b\x7b\xad\x46\x9e\x21\x6a\x57\xe6\x81\x56\x1d"
+		"\x2a\xc4\x39\x63\x67\x81\x2c\xca\xcc\xf8\x42\x04\xbe\xcf\x8f"
+		"\x6c\x5b\x81\x46\xb9\xc7\x62\x90\x87\x35\x03\x9b\x89\xcb\x37"
+		"\xbd\xf1\x1b\x99\xa1\x9a\x78\xd5\x4c\xdd\x3f\x41\x0c\xb7\x1a"
+		"\xd9\x7b\x87\x5f\xbe\xb1\x83\x41"),
+		.length = 128
+		},
+		}
+	}
+};
+
+struct rte_crypto_asym_xform modex_xform = {
+	.next = NULL,
+	.xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
+	.modex = {
+		.modulus = {
+			.data =
+			(uint8_t *)
+			("\x00\xb3\xa1\xaf\xb7\x13\x08\x00\x0a\x35\xdc\x2b\x20\x8d"
+			"\xa1\xb5\xce\x47\x8a\xc3\x80\xf4\x7d\x4a\xa2\x62\xfd\x61\x7f"
+			"\xb5\xa8\xde\x0a\x17\x97\xa0\xbf\xdf\x56\x5a\x3d\x51\x56\x4f"
+			"\x70\x70\x3f\x63\x6a\x44\x5b\xad\x84\x0d\x3f\x27\x6e\x3b\x34"
+			"\x91\x60\x14\xb9\xaa\x72\xfd\xa3\x64\xd2\x03\xa7\x53\x87\x9e"
+			"\x88\x0b\xc1\x14\x93\x1a\x62\xff\xb1\x5d\x74\xcd\x59\x63\x18"
+			"\x11\x3d\x4f\xba\x75\xd4\x33\x4e\x23\x6b\x7b\x57\x44\xe1\xd3"
+			"\x03\x13\xa6\xf0\x8b\x60\xb0\x9e\xee\x75\x08\x9d\x71\x63\x13"
+			"\xcb\xa6\x81\x92\x14\x03\x22\x2d\xde\x55"),
+			.length = 129
+		},
+		.exponent = {
+			.data = (uint8_t *)("\x01\x00\x01"),
+			.length = 3
+		}
+	}
+};
+
+struct rte_crypto_asym_xform modinv_xform = {
+	.next = NULL,
+	.xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
+	.modinv = {
+		.modulus = {
+			.data =
+			(uint8_t *)
+			("\x00\xb3\xa1\xaf\xb7\x13\x08\x00\x0a\x35\xdc\x2b\x20\x8d"
+			"\xa1\xb5\xce\x47\x8a\xc3\x80\xf4\x7d\x4a\xa2\x62\xfd\x61\x7f"
+			"\xb5\xa8\xde\x0a\x17\x97\xa0\xbf\xdf\x56\x5a\x3d\x51\x56\x4f"
+			"\x70\x70\x3f\x63\x6a\x44\x5b\xad\x84\x0d\x3f\x27\x6e\x3b\x34"
+			"\x91\x60\x14\xb9\xaa\x72\xfd\xa3\x64\xd2\x03\xa7\x53\x87\x9e"
+			"\x88\x0b\xc1\x14\x93\x1a\x62\xff\xb1\x5d\x74\xcd\x59\x63\x18"
+			"\x11\x3d\x4f\xba\x75\xd4\x33\x4e\x23\x6b\x7b\x57\x44\xe1\xd3"
+			"\x03\x13\xa6\xf0\x8b\x60\xb0\x9e\xee\x75\x08\x9d\x71\x63\x13"
+			"\xcb\xa6\x81\x92\x14\x03\x22\x2d\xde\x55"),
+			.length = 129
+		}
+	}
+};
+
+#pragma GCC diagnostic pop
+
+static int
+test_rsa(struct rsa_test_data *t)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_asym_op *asym_op = NULL;
+	struct rte_crypto_op *op = NULL, *result_op = NULL;
+	struct rte_cryptodev_asym_session *sess = NULL;
+	RSA *rsa = NULL;
+	int status = TEST_SUCCESS;
+	uint8_t tmp_buf[TEST_DATA_SIZE];
+	int tmp_len = 0;
+	uint8_t output_buf[TEST_DATA_SIZE] = {0};
+	uint8_t input_buf[TEST_DATA_SIZE] = {0};
+	char test_msg[ASYM_TEST_MSG_LEN + 1];
+
+	sess = rte_cryptodev_asym_session_create(sess_mpool);
+
+	if (!sess) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN, "line %u "
+				"FAILED: %s", __LINE__,
+				"Session creation failed");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	if (rte_cryptodev_asym_session_init(dev_id, sess, &rsa_xform,
+			sess_mpool) < 0) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "unabled to config sym session");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+
+	/* set up crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (!op) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to allocate asymmetric crypto "
+			"operation struct");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	asym_op = op->asym;
+	asym_op->rsa.op_type = t->op_type;
+	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
+
+	if (t->op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+		memcpy(input_buf, t->plainText.data, t->plainText.len);
+		asym_op->rsa.message.data = input_buf;
+		asym_op->rsa.message.length = t->plainText.len;
+	} else if (t->op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+		asym_op->rsa.message.data = t->plainText.data;
+		asym_op->rsa.message.length = t->plainText.len;
+		asym_op->rsa.sign.data = output_buf;
+	} else if (t->op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
+		memcpy(input_buf, t->encryptedText.data, t->encryptedText.len);
+		asym_op->rsa.message.data = input_buf;
+		asym_op->rsa.message.length = t->encryptedText.len;
+	} else if (t->op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
+		memcpy(input_buf, t->signText.data, t->signText.len);
+		asym_op->rsa.message.data = t->plainText.data;
+		asym_op->rsa.message.length = t->plainText.len;
+		asym_op->rsa.sign.data = input_buf;
+		asym_op->rsa.sign.length = t->signText.len;
+	}
+
+	/* attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "Error sending packet for operation");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "Failed to process asym crypto op");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	/* verify result using sw lib */
+	rsa = RSA_new();
+	if (rsa == NULL) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to allocate sw RSA");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	rsa->n =
+		BN_bin2bn(
+			(const unsigned char *)rsa_xform.rsa.n.data,
+			rsa_xform.rsa.n.length,
+			rsa->n);
+	rsa->e = BN_bin2bn((const unsigned char *)rsa_xform.rsa.e.data,
+						rsa_xform.rsa.e.length,
+						rsa->e);
+	rsa->d = BN_bin2bn((const unsigned char *)rsa_xform.rsa.d.data,
+						rsa_xform.rsa.d.length,
+						rsa->d);
+
+	if (t->op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+		debug_hexdump(stdout, "Encrypted output:",
+				asym_op->rsa.message.data,
+				asym_op->rsa.message.length);
+
+		/* decrypt using openssl lib */
+		tmp_len = RSA_private_decrypt(asym_op->rsa.message.length,
+						asym_op->rsa.message.data,
+						tmp_buf,
+						rsa,
+						RSA_PKCS1_PADDING);
+
+		if (memcmp(t->plainText.data, tmp_buf, tmp_len)) {
+			snprintf(test_msg,
+					 ASYM_TEST_MSG_LEN, "line %u "
+					"FAILED: %s", __LINE__,
+					"Crypto data not as expected");
+			status = TEST_FAILED;
+			goto error_exit;
+		}
+	} else if (t->op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+		debug_hexdump(stdout, "RSA Sign output:",
+				asym_op->rsa.sign.data,
+				asym_op->rsa.sign.length);
+
+		/* verify generated sign using openssl lib */
+		tmp_len = RSA_public_decrypt(asym_op->rsa.sign.length,
+						asym_op->rsa.sign.data,
+						tmp_buf, rsa,
+						RSA_PKCS1_PADDING);
+
+		if (memcmp(asym_op->rsa.message.data, tmp_buf, tmp_len)) {
+			snprintf(test_msg, ASYM_TEST_MSG_LEN, "line %u "
+					"FAILED: %s", __LINE__,
+					"Crypto data not as expected");
+			status = TEST_FAILED;
+			goto error_exit;
+		}
+	} else if (t->op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
+		if (memcmp(asym_op->rsa.message.data,
+				t->plainText.data,
+				t->plainText.len)) {
+			snprintf(test_msg, ASYM_TEST_MSG_LEN, "line %u "
+					"FAILED: %s", __LINE__,
+					"Crypto data not as expected");
+			status = TEST_FAILED;
+			goto error_exit;
+		}
+	} else if (t->op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
+		/* compare verification output in sign to original message */
+		if (memcmp(asym_op->rsa.sign.data,
+				   asym_op->rsa.message.data,
+				   asym_op->rsa.message.length)) {
+			snprintf(test_msg, ASYM_TEST_MSG_LEN,
+					"line %u "
+					"FAILED: %s", __LINE__,
+					"Crypto data not as expected");
+			status = TEST_FAILED;
+			goto error_exit;
+		}
+	}
+
+	snprintf(test_msg, ASYM_TEST_MSG_LEN, "PASS");
+
+error_exit:
+	if (rsa)
+		RSA_free(rsa);
+	if (sess) {
+		rte_cryptodev_asym_session_clear(dev_id, sess);
+		rte_cryptodev_asym_session_free(sess);
+	}
+
+	if (op)
+		rte_crypto_op_free(op);
+
+	return status;
+}
+
+static int
+testsuite_setup(void)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info info;
+	uint32_t i = 0, nb_devs, dev_id;
+	int ret;
+	uint16_t qp_id;
+
+	memset(ts_params, 0, sizeof(*ts_params));
+
+	ts_params->op_mpool = rte_crypto_op_pool_create(
+			"CRYPTO_ASYM_OP_POOL",
+			RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+			TEST_NUM_BUFS, 0,
+			0,
+			rte_socket_id());
+	if (ts_params->op_mpool == NULL) {
+		RTE_LOG(ERR, USER1, "Can't create ASYM_CRYPTO_OP_POOL\n");
+		return TEST_FAILED;
+	}
+
+	/* Create an OPENSSL device if required */
+	if (gbl_driver_id == rte_cryptodev_driver_id_get(
+			RTE_STR(CRYPTODEV_NAME_OPENSSL_PMD))) {
+		nb_devs = rte_cryptodev_device_count_by_driver(
+				rte_cryptodev_driver_id_get(
+				RTE_STR(CRYPTODEV_NAME_OPENSSL_PMD)));
+		if (nb_devs < 1) {
+			ret = rte_vdev_init(
+				RTE_STR(CRYPTODEV_NAME_OPENSSL_PMD),
+				NULL);
+
+			TEST_ASSERT(ret == 0, "Failed to create "
+				"instance of pmd : %s",
+				RTE_STR(CRYPTODEV_NAME_OPENSSL_PMD));
+		}
+	}
+
+	nb_devs = rte_cryptodev_count();
+	if (nb_devs < 1) {
+		RTE_LOG(ERR, USER1, "No crypto devices found?\n");
+		return TEST_FAILED;
+	}
+
+	/* Create list of valid crypto devs */
+	for (i = 0; i < nb_devs; i++) {
+		rte_cryptodev_info_get(i, &info);
+		if (info.driver_id == gbl_driver_id)
+			ts_params->valid_devs[ts_params->valid_dev_count++] = i;
+	}
+
+	if (ts_params->valid_dev_count < 1)
+		return TEST_FAILED;
+
+	/* Set up all the qps on the first of the valid devices found */
+
+	dev_id = ts_params->valid_devs[0];
+
+	rte_cryptodev_info_get(dev_id, &info);
+
+	/* check if device support asymmetric , skip if not */
+	if (!(info.feature_flags &
+				RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO)) {
+		RTE_LOG(ERR, USER1, "Device doesn't support asymmetric. "
+				"Test Skipped.\n");
+		return TEST_FAILED;
+	}
+
+	/* configure device with num qp */
+	ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
+	ts_params->conf.socket_id = SOCKET_ID_ANY;
+	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
+			&ts_params->conf),
+			"Failed to configure cryptodev %u with %u qps",
+			dev_id, ts_params->conf.nb_queue_pairs);
+
+	/* configure qp */
+	ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
+	for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
+		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
+			dev_id, qp_id, &ts_params->qp_conf,
+			rte_cryptodev_socket_id(dev_id),
+			ts_params->session_mpool),
+			"Failed to setup queue pair %u on cryptodev %u ASYM",
+			qp_id, dev_id);
+	}
+
+	/* setup asym session pool */
+	unsigned int session_size =
+		rte_cryptodev_asym_get_private_session_size(dev_id);
+	/*
+	 * Create mempool with TEST_NUM_SESSIONS * 2,
+	 * to include the session headers
+	 */
+	ts_params->session_mpool = rte_mempool_create(
+				"test_asym_sess_mp",
+				TEST_NUM_SESSIONS * 2,
+				session_size,
+				0, 0, NULL, NULL, NULL,
+				NULL, SOCKET_ID_ANY,
+				0);
+
+	TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
+			"session mempool allocation failed");
+
+	return TEST_SUCCESS;
+}
+
+static void
+testsuite_teardown(void)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+
+	if (ts_params->op_mpool != NULL) {
+		RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
+		rte_mempool_avail_count(ts_params->op_mpool));
+	}
+
+	/* Free session mempools */
+	if (ts_params->session_mpool != NULL) {
+		rte_mempool_free(ts_params->session_mpool);
+		ts_params->session_mpool = NULL;
+	}
+}
+
+static int
+ut_setup(void)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+
+	uint16_t qp_id;
+
+	/* Reconfigure device to default parameters */
+	ts_params->conf.socket_id = SOCKET_ID_ANY;
+
+	TEST_ASSERT_SUCCESS(rte_cryptodev_configure(ts_params->valid_devs[0],
+			&ts_params->conf),
+			"Failed to configure cryptodev %u",
+			ts_params->valid_devs[0]);
+
+	for (qp_id = 0; qp_id < ts_params->conf.nb_queue_pairs ; qp_id++) {
+		TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
+			ts_params->valid_devs[0], qp_id,
+			&ts_params->qp_conf,
+			rte_cryptodev_socket_id(ts_params->valid_devs[0]),
+			ts_params->session_mpool),
+			"Failed to setup queue pair %u on cryptodev %u",
+			qp_id, ts_params->valid_devs[0]);
+	}
+
+	rte_cryptodev_stats_reset(ts_params->valid_devs[0]);
+
+	/* Start the device */
+	TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_devs[0]),
+						"Failed to start cryptodev %u",
+						ts_params->valid_devs[0]);
+
+	return TEST_SUCCESS;
+}
+
+static void
+ut_teardown(void)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_stats stats;
+
+	rte_cryptodev_stats_get(ts_params->valid_devs[0], &stats);
+
+	/* Stop the device */
+	rte_cryptodev_stop(ts_params->valid_devs[0]);
+}
+
+static inline void print_asym_capa(
+		const struct rte_cryptodev_asymmetric_xfrm_capability	*capa)
+{
+	int i = 0;
+
+	printf("\nxform type: %s\n===================\n",
+			rte_crypto_asym_xform_strings[capa->xform_type]);
+	printf("operation supported -");
+
+	for (i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) {
+		/* check supported operations */
+		if (rte_cryptodev_asym_xfrm_capability_check_optype(capa, i))
+			printf(" %s",
+					rte_crypto_asym_op_strings[i]);
+		}
+		switch (capa->xform_type) {
+		case RTE_CRYPTO_ASYM_XFORM_RSA:
+		case RTE_CRYPTO_ASYM_XFORM_MODINV:
+		case RTE_CRYPTO_ASYM_XFORM_MODEX:
+		case RTE_CRYPTO_ASYM_XFORM_DH:
+		case RTE_CRYPTO_ASYM_XFORM_DSA:
+			printf(" modlen: min %d max %d increment %d\n",
+					capa->modlen.min,
+					capa->modlen.max,
+					capa->modlen.increment);
+		break;
+		default:
+			break;
+		}
+}
+
+/* ***** Plaintext data for tests ***** */
+static int
+test_capability(void)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_cryptodev_info dev_info;
+	const struct rte_cryptodev_capabilities *dev_capa;
+	int i = 0;
+	struct rte_cryptodev_asym_capability_idx idx;
+	const struct rte_cryptodev_asymmetric_xfrm_capability *capa;
+
+	rte_cryptodev_info_get(dev_id, &dev_info);
+	if (!(dev_info.feature_flags &
+				RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO)) {
+	RTE_LOG(INFO, USER1,
+		"Device doesn't support asymmetric. Test Skipped\n");
+		return TEST_SUCCESS;
+	}
+
+	/* print xfrm capability */
+	for (i = 0;
+		dev_info.capabilities[i].op != RTE_CRYPTO_OP_TYPE_UNDEFINED;
+		i++) {
+		dev_capa = &(dev_info.capabilities[i]);
+		if (dev_info.capabilities[i].op ==
+				RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
+			idx.type = dev_capa->asym.xfrm_capa.xform_type;
+
+			capa = rte_cryptodev_asym_capability_get(dev_id,
+				(const struct
+				rte_cryptodev_asym_capability_idx *) &idx);
+			print_asym_capa(capa);
+			}
+	}
+	return TEST_SUCCESS;
+}
+
+static int
+test_dh_gen_shared_sec(DH *testkey, struct rte_crypto_asym_xform *xfrm)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_asym_op *asym_op = NULL;
+	struct rte_crypto_op *op = NULL, *result_op = NULL;
+	struct rte_cryptodev_asym_session *sess = NULL;
+	int status = TEST_SUCCESS;
+	char test_msg[ASYM_TEST_MSG_LEN + 1];
+	uint8_t output[TEST_DH_MOD_LEN];
+	struct rte_crypto_asym_xform xform = *xfrm;
+	uint8_t peer[] = "01234567890123456789012345678901234567890123456789";
+
+	sess = rte_cryptodev_asym_session_create(sess_mpool);
+	if (sess == NULL) {
+		snprintf(test_msg,
+				ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s", __LINE__,
+				"Session creation failed");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	/* set up crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (!op) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to allocate asymmetric crypto "
+			"operation struct");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	asym_op = op->asym;
+
+	/* Setup a xform and op to generate private key only */
+	xform.dh.type = RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE;
+	xform.next = NULL;
+	asym_op->dh.priv_key.data = rte_malloc(NULL,
+					BN_num_bytes(testkey->priv_key),
+					0);
+	asym_op->dh.priv_key.length = BN_bn2bin(testkey->priv_key,
+					asym_op->dh.priv_key.data);
+	asym_op->dh.pub_key.data = (uint8_t *)peer;
+	asym_op->dh.pub_key.length = sizeof(peer);
+	asym_op->dh.shared_secret.data = output;
+	asym_op->dh.shared_secret.length = sizeof(output);
+
+	if (rte_cryptodev_asym_session_init(dev_id, sess, &xform,
+			sess_mpool) < 0) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "unabled to config sym session");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	/* attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Error sending packet for operation");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to process asym crypto op");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	debug_hexdump(stdout, "shared secret:",
+			asym_op->dh.shared_secret.data,
+			asym_op->dh.shared_secret.length);
+
+	/* compute shared secret using sw and compare */
+	BIGNUM *p = NULL;
+	p = BN_bin2bn(peer, sizeof(peer), p);
+	if (p != NULL) {
+		size_t test_len;
+		uint8_t *test_shared = rte_malloc(NULL, DH_size(testkey), 0);
+		test_len = DH_compute_key(test_shared, p, testkey);
+
+		debug_hexdump(stdout, "sw shared secret:",
+			test_shared,
+			test_len);
+
+		if ((test_len != asym_op->dh.shared_secret.length) ||
+		    (memcmp(test_shared,
+			asym_op->dh.shared_secret.data, test_len))) {
+			RTE_LOG(ERR, USER1,
+				"shared secret compute verification failed\n");
+			status = TEST_FAILED;
+		}
+		rte_free(test_shared);
+		BN_free(p);
+	}
+error_exit:
+	if (sess != NULL) {
+		rte_cryptodev_asym_session_clear(dev_id, sess);
+		rte_cryptodev_asym_session_free(sess);
+	}
+	if (op != NULL) {
+		if (asym_op->dh.priv_key.data != NULL)
+			rte_free(asym_op->dh.priv_key.data);
+		rte_crypto_op_free(op);
+	}
+	return status;
+}
+
+static int
+test_dh_gen_priv_key(DH *testkey __rte_unused,
+		     struct rte_crypto_asym_xform *xfrm)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_asym_op *asym_op = NULL;
+	struct rte_crypto_op *op = NULL, *result_op = NULL;
+	struct rte_cryptodev_asym_session *sess = NULL;
+	int status = TEST_SUCCESS;
+	char test_msg[ASYM_TEST_MSG_LEN + 1];
+	uint8_t output[TEST_DH_MOD_LEN];
+	struct rte_crypto_asym_xform xform = *xfrm;
+
+	sess = rte_cryptodev_asym_session_create(sess_mpool);
+	if (sess == NULL) {
+		snprintf(test_msg,
+				 ASYM_TEST_MSG_LEN,
+				 "line %u FAILED: %s", __LINE__,
+				"Session creation failed");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	/* set up crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (!op) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to allocate asymmetric crypto "
+			"operation struct");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	asym_op = op->asym;
+
+	/* Setup a xform and op to generate private key only */
+	xform.dh.type = RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE;
+	xform.next = NULL;
+	asym_op->dh.priv_key.data = output;
+	asym_op->dh.priv_key.length = sizeof(output);
+
+	if (rte_cryptodev_asym_session_init(dev_id, sess, &xform,
+			sess_mpool) < 0) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "unabled to config sym session");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	/* attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Error sending packet for operation");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to process asym crypto op");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	debug_hexdump(stdout, "private key:",
+			asym_op->dh.priv_key.data,
+			asym_op->dh.priv_key.length);
+
+
+error_exit:
+	if (sess != NULL) {
+		rte_cryptodev_asym_session_clear(dev_id, sess);
+		rte_cryptodev_asym_session_free(sess);
+	}
+	if (op != NULL)
+		rte_crypto_op_free(op);
+
+	return status;
+}
+
+
+static int
+test_dh_gen_pub_key(DH *testkey,
+		    struct rte_crypto_asym_xform *xfrm)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_asym_op *asym_op = NULL;
+	struct rte_crypto_op *op = NULL, *result_op = NULL;
+	struct rte_cryptodev_asym_session *sess = NULL;
+	int status = TEST_SUCCESS;
+	char test_msg[ASYM_TEST_MSG_LEN + 1];
+	uint8_t output[TEST_DH_MOD_LEN];
+	struct rte_crypto_asym_xform xform = *xfrm;
+
+	sess = rte_cryptodev_asym_session_create(sess_mpool);
+	if (sess == NULL) {
+		snprintf(test_msg,
+				 ASYM_TEST_MSG_LEN,
+				 "line %u FAILED: %s", __LINE__,
+				"Session creation failed");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	/* set up crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (!op) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to allocate asymmetric crypto "
+			"operation struct");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	asym_op = op->asym;
+	/* Setup a xform chain to generate public key
+	 * using test private key
+	 *
+	 */
+	xform.dh.type = RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE;
+	xform.next = NULL;
+
+	asym_op->dh.pub_key.data = output;
+	asym_op->dh.pub_key.length = sizeof(output);
+	/* load pre-defined private key */
+	asym_op->dh.priv_key.data = rte_malloc(NULL,
+					BN_num_bytes(testkey->priv_key),
+					0);
+	asym_op->dh.priv_key.length = BN_bn2bin(testkey->priv_key,
+					asym_op->dh.priv_key.data);
+
+	if (rte_cryptodev_asym_session_init(dev_id, sess, &xform,
+			sess_mpool) < 0) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "unabled to config sym session");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	/* attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Error sending packet for operation");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to process asym crypto op");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	debug_hexdump(stdout, "pub key:",
+			asym_op->dh.pub_key.data, asym_op->dh.pub_key.length);
+
+	BIGNUM *r = BN_new();
+	if (r != NULL) {
+		/* if priv key is same, then pub too should be same */
+		r = BN_bin2bn(asym_op->dh.pub_key.data,
+			      asym_op->dh.pub_key.length, r);
+		if (BN_cmp(testkey->pub_key, r))
+			status = TEST_FAILED;
+		BN_free(r);
+	}
+
+error_exit:
+	if (sess != NULL) {
+		rte_cryptodev_asym_session_clear(dev_id, sess);
+		rte_cryptodev_asym_session_free(sess);
+	}
+	if (op != NULL) {
+		if (asym_op->dh.priv_key.data != NULL)
+			rte_free(asym_op->dh.priv_key.data);
+		rte_crypto_op_free(op);
+
+	}
+	return status;
+}
+
+
+static int
+test_dh_gen_kp(DH *testkey, struct rte_crypto_asym_xform *xfrm)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_asym_op *asym_op = NULL;
+	struct rte_crypto_op *op = NULL, *result_op = NULL;
+	struct rte_cryptodev_asym_session *sess = NULL;
+	int status = TEST_SUCCESS;
+	char test_msg[ASYM_TEST_MSG_LEN + 1];
+	uint8_t out_pub_key[TEST_DH_MOD_LEN];
+	uint8_t out_prv_key[TEST_DH_MOD_LEN];
+	struct rte_crypto_asym_xform pub_key_xform;
+	struct rte_crypto_asym_xform xform = *xfrm;
+
+	sess = rte_cryptodev_asym_session_create(sess_mpool);
+	if (sess == NULL) {
+		snprintf(test_msg,
+				 ASYM_TEST_MSG_LEN,
+				 "line %u FAILED: %s", __LINE__,
+				"Session creation failed");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	/* set up crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (!op) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to allocate asymmetric crypto "
+			"operation struct");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	asym_op = op->asym;
+	/* Setup a xform chain to generate
+	 * private key first followed by
+	 * public key
+	 */
+	xform.dh.type = RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE;
+	pub_key_xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH;
+	pub_key_xform.dh.type = RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE;
+	xform.next = &pub_key_xform;
+
+	asym_op->dh.pub_key.data = out_pub_key;
+	asym_op->dh.pub_key.length = sizeof(out_pub_key);
+	asym_op->dh.priv_key.data = out_prv_key;
+	asym_op->dh.priv_key.length = sizeof(out_prv_key);
+	if (rte_cryptodev_asym_session_init(dev_id, sess, &xform,
+			sess_mpool) < 0) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "unabled to config sym session");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	/* attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Error sending packet for operation");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to process asym crypto op");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	debug_hexdump(stdout, "priv key:",
+			out_prv_key, asym_op->dh.priv_key.length);
+	debug_hexdump(stdout, "pub key:",
+			out_pub_key, asym_op->dh.pub_key.length);
+
+	BIGNUM *r = BN_new();
+	if (r != NULL) {
+		r = BN_bin2bn(asym_op->dh.priv_key.data,
+				   asym_op->dh.priv_key.length, r);
+
+		/* if priv key is same, then pub too should be same */
+		if (!BN_cmp(testkey->priv_key, r)) {
+			r = BN_bin2bn(asym_op->dh.pub_key.data,
+				      asym_op->dh.pub_key.length, r);
+			if (BN_cmp(testkey->pub_key, r))
+				status = TEST_FAILED;
+		}
+		BN_free(r);
+	}
+
+error_exit:
+	if (sess != NULL) {
+		rte_cryptodev_asym_session_clear(dev_id, sess);
+		rte_cryptodev_asym_session_free(sess);
+	}
+	if (op != NULL)
+		rte_crypto_op_free(op);
+
+	return status;
+}
+
+static int
+test_RSA_encryption(void)
+{
+	rsa_test_case.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
+	return test_rsa(&rsa_test_case);
+}
+
+static int
+test_RSA_decryption(void)
+{
+	rsa_test_case.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+	return test_rsa(&rsa_test_case);
+}
+
+static int
+test_RSA_sign(void)
+{
+	rsa_test_case.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+	return test_rsa(&rsa_test_case);
+}
+
+static int
+test_RSA_verify(void)
+{
+	int status;
+	rsa_test_case.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+	status = test_rsa(&rsa_test_case);
+	TEST_ASSERT_EQUAL(status, 0, "Test failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_mod_inv(void)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_asym_op *asym_op = NULL;
+	struct rte_crypto_op *op = NULL, *result_op = NULL;
+	struct rte_cryptodev_asym_session *sess = NULL;
+	int status = TEST_SUCCESS;
+	char test_msg[ASYM_TEST_MSG_LEN + 1];
+	struct rte_cryptodev_asym_capability_idx cap_idx;
+	const struct rte_cryptodev_asymmetric_xfrm_capability *capability;
+	BN_CTX *ctx = NULL;
+	uint8_t input[TEST_DATA_SIZE] = {0}, sw_res[TEST_DATA_SIZE] = {0};
+	uint8_t sw_res_len = 0;
+
+	if (rte_cryptodev_asym_get_xform_enum(
+		&modinv_xform.xform_type, "modinv") < 0) {
+		snprintf(test_msg,
+				 ASYM_TEST_MSG_LEN,
+				 "Invalid ASYNC algorithm specified\n");
+		return -1;
+	}
+
+	cap_idx.type = modinv_xform.xform_type;
+	capability = rte_cryptodev_asym_capability_get(dev_id,
+					&cap_idx);
+
+	if (rte_cryptodev_asym_xfrm_capability_check_modlen(
+		capability,
+		modinv_xform.modinv.modulus.length)) {
+		snprintf(test_msg,
+				 ASYM_TEST_MSG_LEN,
+				 "Invalid MODULOUS length specified\n");
+				return -1;
+		}
+
+	sess = rte_cryptodev_asym_session_create(sess_mpool);
+	if (!sess) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN, "line %u "
+				"FAILED: %s", __LINE__,
+				"Session creation failed");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	if (rte_cryptodev_asym_session_init(dev_id, sess, &modinv_xform,
+			sess_mpool) < 0) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "unabled to config sym session");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	/* generate crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (!op) {
+		snprintf(test_msg,
+			ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to allocate asymmetric crypto "
+			"operation struct");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	asym_op = op->asym;
+	memcpy(input, base, sizeof(base));
+	asym_op->modinv.base.data = input;
+	asym_op->modinv.base.length = sizeof(base);
+
+	/* attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Error sending packet for operation");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+	if (result_op == NULL) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "Failed to process asym crypto op");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	snprintf(test_msg,
+			ASYM_TEST_MSG_LEN,
+			"Modinv :%s length:%lu\n",
+			asym_op->modinv.base.data,
+			asym_op->modinv.base.length);
+
+	/* cross verify output using sw lib */
+	ctx = BN_CTX_new();
+	if (ctx == NULL) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "Failed to allocate CTX");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	BN_CTX_start(ctx);
+	BIGNUM *x = BN_CTX_get(ctx);
+	BIGNUM *m = BN_CTX_get(ctx);
+	BIGNUM *r = BN_CTX_get(ctx);
+
+	if (!x || !m || !r) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "Failed to allocate Bignum");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	m = BN_bin2bn(
+		(const unsigned char *)modinv_xform.modinv.modulus.data,
+		modinv_xform.modinv.modulus.length, m);
+	x = BN_bin2bn((const unsigned char *)base, sizeof(base), x);
+	if (!BN_mod_inverse(r, x, m, ctx)) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "SW Mod Inv failed");
+		status = TEST_FAILED;
+		goto error_exit;
+	} else {
+		sw_res_len = BN_bn2bin(r, sw_res);
+		if (memcmp(sw_res, result_op->asym->modinv.base.data,
+					result_op->asym->modinv.base.length)) {
+			snprintf(test_msg, ASYM_TEST_MSG_LEN,
+					"resulted len[%lu]:expected len[%d]"
+					"FAILED: %s",
+					result_op->asym->modinv.base.length,
+					sw_res_len,
+					"SW validation fails");
+			status = TEST_FAILED;
+			goto error_exit;
+		}
+	}
+	snprintf(test_msg, ASYM_TEST_MSG_LEN, "PASS");
+
+error_exit:
+	if (ctx) {
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+	}
+
+	if (sess) {
+		rte_cryptodev_asym_session_clear(dev_id, sess);
+		rte_cryptodev_asym_session_free(sess);
+	}
+
+	if (op)
+		rte_crypto_op_free(op);
+	return status;
+}
+
+static int
+test_mod_exp(void)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_asym_op *asym_op = NULL;
+	struct rte_crypto_op *op = NULL, *result_op = NULL;
+	struct rte_cryptodev_asym_session *sess = NULL;
+	int status = TEST_SUCCESS;
+	char test_msg[ASYM_TEST_MSG_LEN + 1];
+	struct rte_cryptodev_asym_capability_idx cap_idx;
+	const struct rte_cryptodev_asymmetric_xfrm_capability *capability;
+	BN_CTX *ctx = NULL;
+	uint8_t input[TEST_DATA_SIZE] = {0}, sw_res[TEST_DATA_SIZE] = {0};
+	uint8_t sw_res_len = 0;
+
+	if (rte_cryptodev_asym_get_xform_enum(&modex_xform.xform_type,
+		"modexp")
+		< 0) {
+		snprintf(test_msg,
+				ASYM_TEST_MSG_LEN,
+				"Invalid ASYNC algorithm specified\n");
+		return -1;
+	}
+
+	/* check for modlen capability */
+	cap_idx.type = modex_xform.xform_type;
+	capability = rte_cryptodev_asym_capability_get(dev_id, &cap_idx);
+
+	if (rte_cryptodev_asym_xfrm_capability_check_modlen(
+			capability, modex_xform.modex.modulus.length)) {
+		snprintf(test_msg,
+				ASYM_TEST_MSG_LEN,
+				"Invalid MODULOUS length specified\n");
+				return -1;
+		}
+
+	/* generate crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (!op) {
+		snprintf(test_msg,
+			ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to allocate asymmetric crypto "
+			"operation struct");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	sess = rte_cryptodev_asym_session_create(sess_mpool);
+	if (!sess) {
+		snprintf(test_msg,
+				 ASYM_TEST_MSG_LEN,
+				 "line %u "
+				"FAILED: %s", __LINE__,
+				"Session creation failed");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	if (rte_cryptodev_asym_session_init(dev_id, sess, &modex_xform,
+			sess_mpool) < 0) {
+		snprintf(test_msg,
+				 ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "unabled to config sym session");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	asym_op = op->asym;
+	memcpy(input, base, sizeof(base));
+	asym_op->modex.base.data = input;
+	asym_op->modex.base.length = sizeof(base);
+	/* attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+
+	snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		snprintf(test_msg,
+				 ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "Error sending packet for operation");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		snprintf(test_msg,
+				 ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "Failed to process asym crypto op");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	/* cross verify output using sw lib */
+	ctx = BN_CTX_new();
+	if (ctx == NULL) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "Failed to allocate CTX");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	BN_CTX_start(ctx);
+	BIGNUM *x = BN_CTX_get(ctx);
+	BIGNUM *m = BN_CTX_get(ctx);
+	BIGNUM *e = BN_CTX_get(ctx);
+	BIGNUM *r = BN_CTX_get(ctx);
+
+	if (!x || !m || !e || !r) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "Failed to allocate Bignum");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	m = BN_bin2bn(
+			(const unsigned char *)modex_xform.modex.modulus.data,
+			modex_xform.modex.modulus.length, m);
+	e = BN_bin2bn(
+			(const unsigned char *)modex_xform.modex.exponent.data,
+			modex_xform.modex.exponent.length, e);
+	x = BN_bin2bn((const unsigned char *)base, sizeof(base), x);
+	if (!BN_mod_exp(r, x, e, m, ctx)) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "SW Mod Exp failed");
+		status = TEST_FAILED;
+		goto error_exit;
+	} else {
+		sw_res_len = BN_bn2bin(r, sw_res);
+		/* compare PMD result with sw result */
+		if (memcmp(sw_res,
+				result_op->asym->modex.base.data,
+				result_op->asym->modex.base.length)) {
+			snprintf(test_msg, ASYM_TEST_MSG_LEN,
+					"resulted len[%lu]:expected len[%d]"
+					" FAILED: %s",
+					result_op->asym->modinv.base.length,
+					sw_res_len,
+					"SW validation fails");
+			status = TEST_FAILED;
+			goto error_exit;
+		}
+	}
+	snprintf(test_msg, ASYM_TEST_MSG_LEN, "PASS");
+
+error_exit:
+	if (ctx != NULL) {
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+	}
+
+	if (sess != NULL) {
+		rte_cryptodev_asym_session_clear(dev_id, sess);
+		rte_cryptodev_asym_session_free(sess);
+	}
+
+	if (op != NULL)
+		rte_crypto_op_free(op);
+
+	return status;
+}
+
+static int
+test_dh_keygenration(void)
+{
+	int status;
+	struct rte_crypto_asym_xform xform;
+	uint8_t p[TEST_DH_MOD_LEN];
+	uint8_t g[TEST_DH_MOD_LEN];
+
+	/* generate dh test params using openssl apis */
+	DH *key = NULL;
+	key = DH_new();
+	if (key == NULL ||
+	   (DH_generate_parameters_ex(key,
+					TEST_DH_MOD_LEN,
+					DH_GENERATOR_2, NULL) != 1)) {
+		RTE_LOG(ERR, USER1,
+			"Unable to generate test params\n");
+		status = TEST_FAILED;
+		return -1;
+	}
+
+	xform.dh.p.length = BN_bn2bin((const BIGNUM *)key->p, p);
+	xform.dh.g.length = BN_bn2bin((const BIGNUM *)key->g, g);
+
+	debug_hexdump(stdout, "p:", p, xform.dh.p.length);
+	debug_hexdump(stdout, "g:", g, xform.dh.g.length);
+
+	if (!DH_generate_key(key)) {
+		RTE_LOG(ERR, USER1,
+			"Unable to generate test params\n");
+		status = TEST_FAILED;
+		return -1;
+	}
+
+	/* load test params into dh xform */
+	xform.dh.p.data = p;
+	xform.dh.g.data = g;
+	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH;
+
+	RTE_LOG(INFO, USER1,
+		"Test Public and Private key pair generation\n");
+
+	status = test_dh_gen_kp(key, &xform);
+	TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+	RTE_LOG(INFO, USER1,
+		"Test Public Key Generation using pre-defined priv key\n");
+
+	status = test_dh_gen_pub_key(key, &xform);
+	TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+	RTE_LOG(INFO, USER1,
+		"Test Private Key Generation only\n");
+
+	status = test_dh_gen_priv_key(key, &xform);
+	TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+	RTE_LOG(INFO, USER1,
+		"Test shared secret compute\n");
+
+	status = test_dh_gen_shared_sec(key, &xform);
+	TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+	DH_free(key);
+	return status;
+}
+
+static int
+test_dsa_sign(DSA *testdsa, uint8_t *message, size_t msg_len)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_mempool *sess_mpool = ts_params->session_mpool;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_crypto_asym_op *asym_op = NULL;
+	struct rte_crypto_op *op = NULL, *result_op = NULL;
+	struct rte_cryptodev_asym_session *sess = NULL;
+	int status = TEST_SUCCESS;
+	char test_msg[ASYM_TEST_MSG_LEN + 1];
+	uint8_t r[TEST_DH_MOD_LEN];
+	uint8_t s[TEST_DH_MOD_LEN];
+	struct rte_crypto_asym_xform xform;
+
+	sess = rte_cryptodev_asym_session_create(sess_mpool);
+	if (sess == NULL) {
+		snprintf(test_msg,
+				 ASYM_TEST_MSG_LEN,
+				 "line %u FAILED: %s", __LINE__,
+				"Session creation failed");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	/* set up crypto op data structure */
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (!op) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to allocate asymmetric crypto "
+			"operation struct");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	asym_op = op->asym;
+
+	/* Setup a xform for DSA */
+	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DSA;
+	xform.next = NULL;
+	xform.dsa.x.data = rte_malloc(NULL,
+				      BN_num_bytes(testdsa->priv_key),
+				      0);
+	xform.dsa.p.data = rte_malloc(NULL,
+				      BN_num_bytes(testdsa->p),
+				      0);
+	xform.dsa.q.data = rte_malloc(NULL,
+				      BN_num_bytes(testdsa->q),
+				      0);
+	xform.dsa.g.data = rte_malloc(NULL,
+				      BN_num_bytes(testdsa->g),
+				      0);
+
+	/* copy test params to xform params */
+	xform.dsa.x.length = BN_bn2bin(testdsa->priv_key,
+				       xform.dsa.x.data);
+	xform.dsa.p.length = BN_bn2bin(testdsa->p,
+				       xform.dsa.p.data);
+	xform.dsa.q.length = BN_bn2bin(testdsa->q,
+				       xform.dsa.q.data);
+	xform.dsa.g.length = BN_bn2bin(testdsa->g,
+				       xform.dsa.g.data);
+
+	if (rte_cryptodev_asym_session_init(dev_id, sess, &xform,
+			sess_mpool) < 0) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+				"line %u FAILED: %s",
+				__LINE__, "unabled to config sym session");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	/* attach asymmetric crypto session to crypto operations */
+	rte_crypto_op_attach_asym_session(op, sess);
+	asym_op->dsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+	asym_op->dsa.message.data = message;
+	asym_op->dsa.message.length = msg_len;
+	asym_op->dsa.r.length = sizeof(r);
+	asym_op->dsa.r.data = r;
+	asym_op->dsa.s.length = sizeof(s);
+	asym_op->dsa.s.data = s;
+
+	snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Error sending packet for operation");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to process asym crypto op");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	asym_op = result_op->asym;
+
+	debug_hexdump(stdout, "r:",
+			asym_op->dsa.r.data, asym_op->dsa.r.length);
+	debug_hexdump(stdout, "s:",
+			asym_op->dsa.s.data, asym_op->dsa.s.length);
+
+	/* verify using sw */
+	DSA_SIG *sig = DSA_SIG_new();
+	if (!sig) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to allocate sw DSA sign");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+	sig->r = BN_bin2bn(asym_op->dsa.r.data, asym_op->dsa.r.length,
+			   sig->r);
+	sig->s = BN_bin2bn(asym_op->dsa.s.data, asym_op->dsa.s.length,
+			   sig->s);
+	if (!DSA_do_verify(message, msg_len, sig, testdsa)) {
+		status = TEST_FAILED;
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			" sign compute cross verification failed\n");
+		DSA_SIG_free(sig);
+		goto error_exit;
+	}
+	DSA_SIG_free(sig);
+
+	/* Test PMD DSA sign verification using signer public key */
+	asym_op->dsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+
+	/* copy signer public key */
+	asym_op->dsa.y.data = rte_malloc(NULL,
+				      BN_num_bytes(testdsa->pub_key),
+				      0);
+	asym_op->dsa.y.length = BN_bn2bin(testdsa->pub_key,
+					  asym_op->dsa.y.data);
+
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Error sending packet for operation");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to process asym crypto op");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		snprintf(test_msg, ASYM_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to process asym crypto op");
+		status = TEST_FAILED;
+	}
+
+error_exit:
+	if (sess != NULL) {
+		rte_cryptodev_asym_session_clear(dev_id, sess);
+		rte_cryptodev_asym_session_free(sess);
+	}
+	if (op != NULL) {
+		if (xform.dsa.x.data)
+			rte_free(xform.dsa.x.data);
+		if (xform.dsa.p.data)
+			rte_free(xform.dsa.p.data);
+		if (xform.dsa.q.data)
+			rte_free(xform.dsa.q.data);
+		if (xform.dsa.g.data)
+			rte_free(xform.dsa.g.data);
+		rte_crypto_op_free(op);
+	}
+	return status;
+}
+
+static int
+test_dsa(void)
+{
+	int status;
+	DSA *dsa = DSA_new();
+	uint8_t dgst[] = "01234567890123456789";
+	/* generate test params */
+	if (dsa == NULL || !DSA_generate_parameters_ex(dsa, TEST_DH_MOD_LEN,
+		NULL, 0, NULL, NULL, NULL)) {
+		RTE_LOG(ERR, USER1,
+			" failed to generate test params\n");
+		return TEST_FAILED;
+	}
+	if (!DSA_generate_key(dsa)) {
+		RTE_LOG(ERR, USER1,
+			" failed to generate test params\n");
+		return TEST_FAILED;
+	}
+
+	/* test DSA sign using generated private key */
+	status = test_dsa_sign(dsa, dgst, sizeof(dgst));
+	TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+	DSA_free(dsa);
+	return status;
+}
+
+
+static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
+	.suite_name = "Crypto Device OPENSSL ASYM Unit Test Suite",
+	.setup = testsuite_setup,
+	.teardown = testsuite_teardown,
+	.unit_test_cases = {
+		TEST_CASE_ST(ut_setup, ut_teardown, test_capability),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_dsa),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_dh_keygenration),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_RSA_encryption),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_RSA_decryption),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_RSA_sign),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_RSA_verify),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_mod_inv),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_mod_exp),
+		TEST_CASES_END() /**< NULL terminate unit test array */
+	}
+};
+
+static int
+test_cryptodev_openssl_asym(void)
+{
+	gbl_driver_id = rte_cryptodev_driver_id_get(
+			RTE_STR(CRYPTODEV_NAME_OPENSSL_PMD));
+
+	if (gbl_driver_id == -1) {
+		RTE_LOG(ERR, USER1, "OPENSSL PMD must be loaded. Check if "
+				"CONFIG_RTE_LIBRTE_PMD_OPENSSL is enabled "
+				"in config file to run this testsuite.\n");
+		return TEST_FAILED;
+	}
+
+	return unit_test_suite_runner(&cryptodev_openssl_asym_testsuite);
+}
+
+REGISTER_TEST_COMMAND(cryptodev_openssl_asym_autotest,
+					  test_cryptodev_openssl_asym);