Add support for PQC ML-KEM and ML-DSA algorithms.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
---
v4:
- enum and var name changes
---
doc/guides/cryptodevs/features/default.ini | 2 +
doc/guides/prog_guide/cryptodev_lib.rst | 3 +-
doc/guides/rel_notes/release_25_11.rst | 7 +
lib/cryptodev/rte_crypto_asym.h | 308 +++++++++++++++++++++
lib/cryptodev/rte_cryptodev.c | 60 ++++
lib/cryptodev/rte_cryptodev.h | 15 +-
6 files changed, 392 insertions(+), 3 deletions(-)
diff --git a/doc/guides/cryptodevs/features/default.ini
b/doc/guides/cryptodevs/features/default.ini
index 116ffce249..64198f013a 100644
--- a/doc/guides/cryptodevs/features/default.ini
+++ b/doc/guides/cryptodevs/features/default.ini
@@ -134,6 +134,8 @@ ECPM =
ECDH =
SM2 =
EdDSA =
+ML-DSA =
+ML-KEM =
;
; Supported Operating systems of a default crypto driver.
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst
b/doc/guides/prog_guide/cryptodev_lib.rst
index b54efcb74e..f0ee44eb54 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -928,7 +928,8 @@ Asymmetric Cryptography
The cryptodev library currently provides support for the following asymmetric
Crypto operations; RSA, Modular exponentiation and inversion, Diffie-Hellman
and
Elliptic Curve Diffie-Hellman public and/or private key generation and shared
-secret compute, DSA and EdDSA signature generation and verification.
+secret compute, DSA and EdDSA signature generation and verification,
+PQC ML-KEM and ML-DSA algorithms.
Session and Session Management
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/doc/guides/rel_notes/release_25_11.rst
b/doc/guides/rel_notes/release_25_11.rst
index c3b94e1896..62b8767631 100644
--- a/doc/guides/rel_notes/release_25_11.rst
+++ b/doc/guides/rel_notes/release_25_11.rst
@@ -76,6 +76,10 @@ New Features
* Added multi-process per port.
* Optimized code.
+* **Added PQC ML-KEM and ML-DSA support.**
+
+ * Added PQC ML-KEM support with reference to FIPS203.
+ * Added PQC ML-DSA support with reference to FIPS204.
Removed Items
-------------
@@ -138,6 +142,9 @@ ABI Changes
* stack: The structure ``rte_stack_lf_head`` alignment has been updated to 16
bytes
to avoid unaligned accesses.
+* cryptodev: The enum ``rte_crypto_asym_xform_type``, struct
``rte_crypto_asym_xform``
+ and struct ``rte_crypto_asym_op`` are updated to include new values to
support
+ ML-KEM and ML-DSA.
Known Issues
------------
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 9787b710e7..7e066cdd54 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -37,6 +37,20 @@ rte_crypto_asym_ke_strings[];
extern const char *
rte_crypto_asym_op_strings[];
+/** PQC ML crypto op parameters size */
+extern const uint16_t
+rte_crypto_ml_kem_pubkey_size[];
+extern const uint16_t
+rte_crypto_ml_kem_privkey_size[];
+extern const uint16_t
+rte_crypto_ml_kem_cipher_size[];
+extern const uint16_t
+rte_crypto_ml_dsa_pubkey_size[];
+extern const uint16_t
+rte_crypto_ml_dsa_privkey_size[];
+extern const uint16_t
+rte_crypto_ml_dsa_sign_size[];
+
#ifdef __cplusplus
}
#endif
@@ -144,6 +158,14 @@ enum rte_crypto_asym_xform_type {
/**< Edwards Curve Digital Signature Algorithm
* Perform Signature Generation and Verification.
*/
+ RTE_CRYPTO_ASYM_XFORM_ML_KEM,
+ /**< Module Lattice based Key Encapsulation Mechanism
+ * Performs Key Pair Generation, Encapsulation and Decapsulation.
+ */
+ RTE_CRYPTO_ASYM_XFORM_ML_DSA
+ /**< Module Lattice based Digital Signature Algorithm
+ * Performs Key Pair Generation, Signature Generation and Verification.
+ */
};
/**
@@ -720,6 +742,284 @@ struct rte_crypto_sm2_op_param {
*/
};
+/**
+ * PQC ML-KEM parameter type
+ *
+ * List of ML-KEM parameter types used in PQC
+ */
+enum rte_crypto_ml_kem_type {
+ RTE_CRYPTO_ML_KEM_NONE,
+ RTE_CRYPTO_ML_KEM_512,
+ RTE_CRYPTO_ML_KEM_768,
+ RTE_CRYPTO_ML_KEM_1024,
+};
+
+/**
+ * PQC ML-KEM op type
+ *
+ * List of ML-KEM op types in PQC
+ */
+enum rte_crypto_ml_kem_op_type {
+ RTE_CRYPTO_ML_KEM_OP_KEYGEN,
+ RTE_CRYPTO_ML_KEM_OP_KEYVER,
+ RTE_CRYPTO_ML_KEM_OP_ENCAP,
+ RTE_CRYPTO_ML_KEM_OP_DECAP,
+ RTE_CRYPTO_ML_KEM_OP_END
+};
+
+/**
+ * PQC ML-KEM transform data
+ *
+ * Structure describing ML-KEM xform parameters
+ */
+struct rte_crypto_ml_kem_xform {
+ enum rte_crypto_ml_kem_type type;
+ /**< ML-KEM xform type */
+};
+
+/**
+ * PQC ML-KEM KEYGEN op
+ *
+ * Parameters for PQC ML-KEM key generation operation
+ */
+struct rte_crypto_ml_kem_keygen_op {
+ rte_crypto_param d;
+ /**< The seed d value (of 32 bytes in length) to generate key pair.*/
+
+ rte_crypto_param z;
+ /**< The seed z value (of 32 bytes in length) to generate key pair.*/
+
+ rte_crypto_param ek;
+ /**<
+ * Pointer to output data
+ * - The computed encapsulation key.
+ * - Refer `rte_crypto_ml_kem_pubkey_size` for size of buffer.
+ */
+
+ rte_crypto_param dk;
+ /**<
+ * Pointer to output data
+ * - The computed decapsulation key.
+ * - Refer `rte_crypto_ml_kem_privkey_size` for size of buffer.
+ */
+};
+
+/**
+ * PQC ML-KEM KEYVER op
+ *
+ * Parameters for PQC ML-KEM key verification operation
+ */
+struct rte_crypto_ml_kem_keyver_op {
+ enum rte_crypto_ml_kem_op_type op;
+ /**<
+ * Op associated with key to be verified is one of below:
+ * - Encapsulation op
+ * - Decapsulation op
+ */
+
+ rte_crypto_param key;
+ /**<
+ * KEM key to check.
+ * - ek in case of encapsulation op.
+ * - dk in case of decapsulation op.
+ */
+};
+
+/**
+ * PQC ML-KEM ENCAP op
+ *
+ * Parameters for PQC ML-KEM encapsulation operation
+ */
+struct rte_crypto_ml_kem_encap_op {
+ rte_crypto_param message;
+ /**< The message (of 32 bytes in length) for randomness.*/
+
+ rte_crypto_param ek;
+ /**< The encapsulation key.*/
+
+ rte_crypto_param cipher;
+ /**<
+ * Pointer to output data
+ * - The computed cipher.
+ * - Refer `rte_crypto_ml_kem_cipher_size` for size of buffer.
+ */
+
+ rte_crypto_param sk;
+ /**<
+ * Pointer to output data
+ * - The computed shared secret key (32 bytes).
+ */
+};
+
+/**
+ * PQC ML-KEM DECAP op
+ *
+ * Parameters for PQC ML-KEM decapsulation operation
+ */
+struct rte_crypto_ml_kem_decap_op {
+ rte_crypto_param cipher;
+ /**< The cipher to be decapsulated.*/
+
+ rte_crypto_param dk;
+ /**< The decapsulation key.*/
+
+ rte_crypto_param sk;
+ /**<
+ * Pointer to output data
+ * - The computed shared secret key (32 bytes).
+ */
+};
+
+/**
+ * PQC ML-KEM op
+ *
+ * Parameters for PQC ML-KEM operation
+ */
+struct rte_crypto_ml_kem_op {
+ enum rte_crypto_ml_kem_op_type op;
+ union {
+ struct rte_crypto_ml_kem_keygen_op keygen;
+ struct rte_crypto_ml_kem_keyver_op keyver;
+ struct rte_crypto_ml_kem_encap_op encap;
+ struct rte_crypto_ml_kem_decap_op decap;
+ };
+};
+
+/**
+ * PQC ML-DSA parameter type
+ *
+ * List of ML-DSA parameter types used in PQC
+ */
+enum rte_crypto_ml_dsa_type {
+ RTE_CRYPTO_ML_DSA_NONE,
+ RTE_CRYPTO_ML_DSA_44,
+ RTE_CRYPTO_ML_DSA_65,
+ RTE_CRYPTO_ML_DSA_87,
+};
+
+/**
+ * PQC ML-DSA op type
+ *
+ * List of ML-DSA op types in PQC
+ */
+enum rte_crypto_ml_dsa_op_type {
+ RTE_CRYPTO_ML_DSA_OP_KEYGEN,
+ RTE_CRYPTO_ML_DSA_OP_SIGN,
+ RTE_CRYPTO_ML_DSA_OP_VERIFY,
+ RTE_CRYPTO_ML_DSA_OP_END
+};
+
+/**
+ * PQC ML-DSA transform data
+ *
+ * Structure describing ML-DSA xform parameters
+ */
+struct rte_crypto_ml_dsa_xform {
+ enum rte_crypto_ml_dsa_type type;
+ /**< ML-DSA xform type */
+
+ bool sign_deterministic;
+ /**< The signature generated using deterministic method. */
+
+ bool sign_prehash;
+ /**< The signature generated using prehash or pure routine. */
+};
+
+/**
+ * PQC ML-DSA KEYGEN op
+ *
+ * Parameters for PQC ML-DSA key generation operation
+ */
+struct rte_crypto_ml_dsa_keygen_op {
+ rte_crypto_param seed;
+ /**< The random seed (of 32 bytes in length) to generate key pair.*/
+
+ rte_crypto_param pubkey;
+ /**<
+ * Pointer to output data
+ * - The computed public key.
+ * - Refer `rte_crypto_ml_dsa_pubkey_size` for size of buffer.
+ */
+
+ rte_crypto_param privkey;
+ /**<
+ * Pointer to output data
+ * - The computed secret key.
+ * - Refer `rte_crypto_ml_dsa_privkey_size` for size of buffer.
+ */
+};
+
+/**
+ * PQC ML-DSA SIGGEN op
+ *
+ * Parameters for PQC ML-DSA sign operation
+ */
+struct rte_crypto_ml_dsa_siggen_op {
+ rte_crypto_param message;
+ /**< The message to generate signature.*/
+
+ rte_crypto_param mu;
+ /**< The mu to generate signature.*/
+
+ rte_crypto_param privkey;
+ /**< The secret key to generate signature.*/
+
+ rte_crypto_param seed;
+ /**< The seed to generate signature.*/
+
+ rte_crypto_param ctx;
+ /**< The context key to generate signature.*/
+
+ enum rte_crypto_auth_algorithm hash;
+ /**< Hash function to generate signature. */
+
+ rte_crypto_param sign;
+ /**<
+ * Pointer to output data
+ * - The computed signature.
+ * - Refer `rte_crypto_ml_dsa_sign_size` for size of buffer.
+ */
+};
+
+/**
+ * PQC ML-DSA SIGVER op
+ *
+ * Parameters for PQC ML-DSA verify operation
+ */
+struct rte_crypto_ml_dsa_sigver_op {
+ rte_crypto_param pubkey;
+ /**< The public key to verify signature.*/
+
+ rte_crypto_param message;
+ /**< The message used to verify signature.*/
+
+ rte_crypto_param sign;
+ /**< The signature to verify.*/
+
+ rte_crypto_param mu;
+ /**< The mu used to generate signature.*/
+
+ rte_crypto_param ctx;
+ /**< The context key to generate signature.*/
+
+ enum rte_crypto_auth_algorithm hash;
+ /**< Hash function to generate signature. */
+};
+
+/**
+ * PQC ML-DSA op
+ *
+ * Parameters for PQC ML-DSA operation
+ */
+struct rte_crypto_ml_dsa_op {
+ enum rte_crypto_ml_dsa_op_type op;
+ union {
+ struct rte_crypto_ml_dsa_keygen_op keygen;
+ struct rte_crypto_ml_dsa_siggen_op siggen;
+ struct rte_crypto_ml_dsa_sigver_op sigver;
+ };
+};
+
/**
* Asymmetric crypto transform data
*
@@ -751,6 +1051,12 @@ struct rte_crypto_asym_xform {
/**< EC xform parameters, used by elliptic curve based
* operations.
*/
+
+ struct rte_crypto_ml_kem_xform mlkem;
+ /**< PQC ML-KEM xform parameters */
+
+ struct rte_crypto_ml_dsa_xform mldsa;
+ /**< PQC ML-DSA xform parameters */
};
};
@@ -778,6 +1084,8 @@ struct rte_crypto_asym_op {
struct rte_crypto_ecpm_op_param ecpm;
struct rte_crypto_sm2_op_param sm2;
struct rte_crypto_eddsa_op_param eddsa;
+ struct rte_crypto_ml_kem_op mlkem;
+ struct rte_crypto_ml_dsa_op mldsa;
};
uint16_t flags;
/**<
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index bb7bab4dd5..f4c6f692f0 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -229,6 +229,66 @@ const char *rte_crypto_asym_ke_strings[] = {
[RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY] = "pub_ec_key_verify"
};
+/**
+ * Public key size used in PQC ML-KEM based crypto ops.
+ */
+RTE_EXPORT_SYMBOL(rte_crypto_ml_kem_pubkey_size)
+const uint16_t rte_crypto_ml_kem_pubkey_size[] = {
+ [RTE_CRYPTO_ML_KEM_512] = 800,
+ [RTE_CRYPTO_ML_KEM_768] = 1184,
+ [RTE_CRYPTO_ML_KEM_1024] = 1568,
+};
+
+/**
+ * Private key size used in PQC ML-KEM based crypto ops.
+ */
+RTE_EXPORT_SYMBOL(rte_crypto_ml_kem_privkey_size)
+const uint16_t rte_crypto_ml_kem_privkey_size[] = {
+ [RTE_CRYPTO_ML_KEM_512] = 1632,
+ [RTE_CRYPTO_ML_KEM_768] = 2400,
+ [RTE_CRYPTO_ML_KEM_1024] = 3168,
+};
+
+/**
+ * Cipher size used in PQC ML-KEM based crypto ops.
+ */
+RTE_EXPORT_SYMBOL(rte_crypto_ml_kem_cipher_size)
+const uint16_t rte_crypto_ml_kem_cipher_size[] = {
+ [RTE_CRYPTO_ML_KEM_512] = 768,
+ [RTE_CRYPTO_ML_KEM_768] = 1088,
+ [RTE_CRYPTO_ML_KEM_1024] = 1568,
+};
+
+/**
+ * Public key size used in PQC ML-DSA based crypto ops.
+ */
+RTE_EXPORT_SYMBOL(rte_crypto_ml_dsa_pubkey_size)
+const uint16_t rte_crypto_ml_dsa_pubkey_size[] = {
+ [RTE_CRYPTO_ML_DSA_44] = 1312,
+ [RTE_CRYPTO_ML_DSA_65] = 1952,
+ [RTE_CRYPTO_ML_DSA_87] = 2592,
+};
+
+/**
+ * Private key size used in PQC ML-DSA based crypto ops.
+ */
+RTE_EXPORT_SYMBOL(rte_crypto_ml_dsa_privkey_size)
+const uint16_t rte_crypto_ml_dsa_privkey_size[] = {
+ [RTE_CRYPTO_ML_DSA_44] = 2560,
+ [RTE_CRYPTO_ML_DSA_65] = 4032,
+ [RTE_CRYPTO_ML_DSA_87] = 4896,
+};
+
+/**
+ * Sign size used in PQC ML-KEM based crypto ops.
+ */
+RTE_EXPORT_SYMBOL(rte_crypto_ml_dsa_sign_size)
+const uint16_t rte_crypto_ml_dsa_sign_size[] = {
+ [RTE_CRYPTO_ML_DSA_44] = 2420,
+ [RTE_CRYPTO_ML_DSA_65] = 3309,
+ [RTE_CRYPTO_ML_DSA_87] = 4627,
+};
+
struct rte_cryptodev_sym_session_pool_private_data {
uint16_t sess_data_sz;
/**< driver session data size */
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index eaf0e50d37..37a6a5e49b 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -167,10 +167,13 @@ struct rte_cryptodev_asymmetric_xform_capability {
uint32_t op_types;
/**<
* Bitmask for supported rte_crypto_asym_op_type or
+ * rte_crypto_ml_kem_op_type or rte_crypto_ml_dsa_op_type or
* rte_crypto_asym_ke_type. Which enum is used is determined
* by the rte_crypto_asym_xform_type. For key exchange algorithms
- * like Diffie-Hellman it is rte_crypto_asym_ke_type, for others
- * it is rte_crypto_asym_op_type.
+ * like Diffie-Hellman it is rte_crypto_asym_ke_type,
+ * for ML-KEM algorithms it is rte_crypto_ml_kem_op_type,
+ * for ML-DSA algorithms it is rte_crypto_ml_dsa_op_type,
+ * or others it is rte_crypto_asym_op_type.
*/
__extension__
@@ -188,6 +191,12 @@ struct rte_cryptodev_asymmetric_xform_capability {
uint32_t op_capa[RTE_CRYPTO_ASYM_OP_LIST_END];
/**< Operation specific capabilities. */
+
+ uint32_t mlkem_capa[RTE_CRYPTO_ML_KEM_OP_END];
+ /**< Bitmask of supported ML-KEM parameter sets. */
+
+ uint32_t mldsa_capa[RTE_CRYPTO_ML_DSA_OP_END];
+ /**< Bitmask of supported ML-DSA parameter sets. */
};
uint64_t hash_algos;
@@ -577,6 +586,8 @@ rte_cryptodev_asym_get_xform_string(enum
rte_crypto_asym_xform_type xform_enum);
/**< Support inner checksum computation/verification */
#define RTE_CRYPTODEV_FF_SECURITY_RX_INJECT (1ULL << 28)
/**< Support Rx injection after security processing */
+#define RTE_CRYPTODEV_FF_MLDSA_SIGN_PREHASH (1ULL << 29)
+/**< Support Pre Hash ML-DSA Signature Generation */
/**
* Get the name of a crypto device feature flag
--
2.37.1
