* [PATCH] crypto/openssl: Add support for SHA3 algorithms @ 2026-01-08 13:08 Emma Finn 2026-01-23 16:36 ` Ji, Kai 2026-01-27 10:05 ` [v2] " Emma Finn 0 siblings, 2 replies; 12+ messages in thread From: Emma Finn @ 2026-01-08 13:08 UTC (permalink / raw) To: Kai Ji; +Cc: dev, Emma Finn Add SHA3-224, SHA3-256, SHA3-384, and SHA3-512 support to the OpenSSL PMD, including both hash and HMAC variants. Signed-off-by: Emma Finn <emma.finn@intel.com> --- drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++++ drivers/crypto/openssl/rte_openssl_pmd_ops.c | 168 +++++++++++++++++++ 2 files changed, 204 insertions(+) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 4f171f48cc..8817d7893c 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -92,6 +92,14 @@ digest_name_get(enum rte_crypto_auth_algorithm algo) return OSSL_DIGEST_NAME_SHA2_384; case RTE_CRYPTO_AUTH_SHA512_HMAC: return OSSL_DIGEST_NAME_SHA2_512; + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + return OSSL_DIGEST_NAME_SHA3_224; + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + return OSSL_DIGEST_NAME_SHA3_256; + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + return OSSL_DIGEST_NAME_SHA3_384; + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + return OSSL_DIGEST_NAME_SHA3_512; default: return NULL; } @@ -270,6 +278,22 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo, case RTE_CRYPTO_AUTH_SHA512_HMAC: *algo = EVP_sha512(); break; + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + *algo = EVP_sha3_224(); + break; + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + *algo = EVP_sha3_256(); + break; + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + *algo = EVP_sha3_384(); + break; + case RTE_CRYPTO_AUTH_SHA3_512: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + *algo = EVP_sha3_512(); + break; default: res = -EINVAL; break; @@ -659,6 +683,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_512: sess->auth.mode = OPENSSL_AUTH_AS_AUTH; if (get_auth_algo(xform->auth.algo, &sess->auth.auth.evp_algo) != 0) @@ -714,6 +742,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; algo = digest_name_get(xform->auth.algo); @@ -744,6 +776,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; sess->auth.hmac.ctx = HMAC_CTX_new(); if (get_auth_algo(xform->auth.algo, diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 5095e6cbea..8d6ae346a8 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -269,6 +269,174 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, + { /* SHA3_224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC, + .block_size = 144, + .key_size = { + .min = 1, + .max = 144, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 28, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224, + .block_size = 144, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC, + .block_size = 136, + .key_size = { + .min = 1, + .max = 136, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 32, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256, + .block_size = 136, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC, + .block_size = 104, + .key_size = { + .min = 1, + .max = 104, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 48, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384, + .block_size = 104, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC, + .block_size = 72, + .key_size = { + .min = 1, + .max = 72, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512, + .block_size = 72, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* AES CBC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { -- 2.43.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH] crypto/openssl: Add support for SHA3 algorithms 2026-01-08 13:08 [PATCH] crypto/openssl: Add support for SHA3 algorithms Emma Finn @ 2026-01-23 16:36 ` Ji, Kai 2026-01-27 10:05 ` [v2] " Emma Finn 1 sibling, 0 replies; 12+ messages in thread From: Ji, Kai @ 2026-01-23 16:36 UTC (permalink / raw) To: Finn, Emma; +Cc: dev@dpdk.org [-- Attachment #1: Type: text/plain, Size: 12335 bytes --] Release notes doc/guides/rel_notes/ and PMD documentation need to updated for the new SHA3 algo ________________________________ From: Finn, Emma <emma.finn@intel.com> Sent: 08 January 2026 13:08 To: Ji, Kai <kai.ji@intel.com> Cc: dev@dpdk.org <dev@dpdk.org>; Finn, Emma <emma.finn@intel.com> Subject: [PATCH] crypto/openssl: Add support for SHA3 algorithms Add SHA3-224, SHA3-256, SHA3-384, and SHA3-512 support to the OpenSSL PMD, including both hash and HMAC variants. Signed-off-by: Emma Finn <emma.finn@intel.com> --- drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++++ drivers/crypto/openssl/rte_openssl_pmd_ops.c | 168 +++++++++++++++++++ 2 files changed, 204 insertions(+) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 4f171f48cc..8817d7893c 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -92,6 +92,14 @@ digest_name_get(enum rte_crypto_auth_algorithm algo) return OSSL_DIGEST_NAME_SHA2_384; case RTE_CRYPTO_AUTH_SHA512_HMAC: return OSSL_DIGEST_NAME_SHA2_512; + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + return OSSL_DIGEST_NAME_SHA3_224; + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + return OSSL_DIGEST_NAME_SHA3_256; + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + return OSSL_DIGEST_NAME_SHA3_384; + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + return OSSL_DIGEST_NAME_SHA3_512; default: return NULL; } @@ -270,6 +278,22 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo, case RTE_CRYPTO_AUTH_SHA512_HMAC: *algo = EVP_sha512(); break; + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + *algo = EVP_sha3_224(); + break; + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + *algo = EVP_sha3_256(); + break; + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + *algo = EVP_sha3_384(); + break; + case RTE_CRYPTO_AUTH_SHA3_512: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + *algo = EVP_sha3_512(); + break; default: res = -EINVAL; break; @@ -659,6 +683,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_512: sess->auth.mode = OPENSSL_AUTH_AS_AUTH; if (get_auth_algo(xform->auth.algo, &sess->auth.auth.evp_algo) != 0) @@ -714,6 +742,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; algo = digest_name_get(xform->auth.algo); @@ -744,6 +776,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; sess->auth.hmac.ctx = HMAC_CTX_new(); if (get_auth_algo(xform->auth.algo, diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 5095e6cbea..8d6ae346a8 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -269,6 +269,174 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, + { /* SHA3_224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC, + .block_size = 144, + .key_size = { + .min = 1, + .max = 144, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 28, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224, + .block_size = 144, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC, + .block_size = 136, + .key_size = { + .min = 1, + .max = 136, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 32, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256, + .block_size = 136, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC, + .block_size = 104, + .key_size = { + .min = 1, + .max = 104, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 48, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384, + .block_size = 104, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC, + .block_size = 72, + .key_size = { + .min = 1, + .max = 72, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512, + .block_size = 72, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* AES CBC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { -- 2.43.0 [-- Attachment #2: Type: text/html, Size: 41545 bytes --] ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [v2] crypto/openssl: Add support for SHA3 algorithms 2026-01-08 13:08 [PATCH] crypto/openssl: Add support for SHA3 algorithms Emma Finn 2026-01-23 16:36 ` Ji, Kai @ 2026-01-27 10:05 ` Emma Finn 2026-01-27 10:11 ` Emma Finn 1 sibling, 1 reply; 12+ messages in thread From: Emma Finn @ 2026-01-27 10:05 UTC (permalink / raw) To: Kai Ji; +Cc: dev, Emma Finn openssl 3.X supports SHA3. Hence adding SHA3-224, SHA3-256, SHA3-384 and SHA3-512 support to the PMD. Signed-off-by: Emma Finn <emma.finn@intel.com> --- v2: * Updated documentation --- doc/guides/cryptodevs/features/openssl.ini | 8 + doc/guides/cryptodevs/openssl.rst | 8 + doc/guides/rel_notes/release_26_03.rst | 3 + drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++++ drivers/crypto/openssl/rte_openssl_pmd_ops.c | 168 +++++++++++++++++++ 5 files changed, 223 insertions(+) diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini index df6e7de316..08f7e0f82f 100644 --- a/doc/guides/cryptodevs/features/openssl.ini +++ b/doc/guides/cryptodevs/features/openssl.ini @@ -43,6 +43,14 @@ SHA384 = Y SHA384 HMAC = Y SHA512 = Y SHA512 HMAC = Y +SHA3-224 = Y +SHA3-224 HMAC = Y +SHA3-256 = Y +SHA3-256 HMAC = Y +SHA3-384 = Y +SHA3-384 HMAC = Y +SHA3-512 = Y +SHA3-512 HMAC = Y AES GMAC = Y ; diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index d467069cac..0af609fddf 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -34,12 +34,20 @@ Supported authentication algorithms: * ``RTE_CRYPTO_AUTH_SHA256`` * ``RTE_CRYPTO_AUTH_SHA384`` * ``RTE_CRYPTO_AUTH_SHA512`` +* ``RTE_CRYPTO_AUTH_SHA3_224`` +* ``RTE_CRYPTO_AUTH_SHA3_256`` +* ``RTE_CRYPTO_AUTH_SHA3_384`` +* ``RTE_CRYPTO_AUTH_SHA3_512`` * ``RTE_CRYPTO_AUTH_MD5_HMAC`` * ``RTE_CRYPTO_AUTH_SHA1_HMAC`` * ``RTE_CRYPTO_AUTH_SHA224_HMAC`` * ``RTE_CRYPTO_AUTH_SHA256_HMAC`` * ``RTE_CRYPTO_AUTH_SHA384_HMAC`` * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_224_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_384_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_512_HMAC`` Supported AEAD algorithms: diff --git a/doc/guides/rel_notes/release_26_03.rst b/doc/guides/rel_notes/release_26_03.rst index 15dabee7a1..e1a4e9d7a2 100644 --- a/doc/guides/rel_notes/release_26_03.rst +++ b/doc/guides/rel_notes/release_26_03.rst @@ -55,6 +55,9 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= + * **Updated openssl crypto driver.** + + * Added support for SHA3-224/256/384/512 algorithms. Removed Items ------------- diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 4f171f48cc..8817d7893c 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -92,6 +92,14 @@ digest_name_get(enum rte_crypto_auth_algorithm algo) return OSSL_DIGEST_NAME_SHA2_384; case RTE_CRYPTO_AUTH_SHA512_HMAC: return OSSL_DIGEST_NAME_SHA2_512; + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + return OSSL_DIGEST_NAME_SHA3_224; + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + return OSSL_DIGEST_NAME_SHA3_256; + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + return OSSL_DIGEST_NAME_SHA3_384; + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + return OSSL_DIGEST_NAME_SHA3_512; default: return NULL; } @@ -270,6 +278,22 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo, case RTE_CRYPTO_AUTH_SHA512_HMAC: *algo = EVP_sha512(); break; + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + *algo = EVP_sha3_224(); + break; + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + *algo = EVP_sha3_256(); + break; + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + *algo = EVP_sha3_384(); + break; + case RTE_CRYPTO_AUTH_SHA3_512: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + *algo = EVP_sha3_512(); + break; default: res = -EINVAL; break; @@ -659,6 +683,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_512: sess->auth.mode = OPENSSL_AUTH_AS_AUTH; if (get_auth_algo(xform->auth.algo, &sess->auth.auth.evp_algo) != 0) @@ -714,6 +742,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; algo = digest_name_get(xform->auth.algo); @@ -744,6 +776,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; sess->auth.hmac.ctx = HMAC_CTX_new(); if (get_auth_algo(xform->auth.algo, diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 5095e6cbea..8d6ae346a8 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -269,6 +269,174 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, + { /* SHA3_224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC, + .block_size = 144, + .key_size = { + .min = 1, + .max = 144, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 28, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224, + .block_size = 144, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC, + .block_size = 136, + .key_size = { + .min = 1, + .max = 136, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 32, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256, + .block_size = 136, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC, + .block_size = 104, + .key_size = { + .min = 1, + .max = 104, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 48, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384, + .block_size = 104, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC, + .block_size = 72, + .key_size = { + .min = 1, + .max = 72, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512, + .block_size = 72, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* AES CBC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { -- 2.43.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [v2] crypto/openssl: Add support for SHA3 algorithms 2026-01-27 10:05 ` [v2] " Emma Finn @ 2026-01-27 10:11 ` Emma Finn 2026-01-29 14:42 ` Emma Finn 0 siblings, 1 reply; 12+ messages in thread From: Emma Finn @ 2026-01-27 10:11 UTC (permalink / raw) To: Kai Ji; +Cc: dev, Emma Finn Openssl has support for SHA3. Hence adding SHA3-224, SHA3-256, SHA3-384 and SHA3-512 support to the PMD. Signed-off-by: Emma Finn <emma.finn@intel.com> --- v2: * Updated documentation --- doc/guides/cryptodevs/features/openssl.ini | 8 + doc/guides/cryptodevs/openssl.rst | 8 + doc/guides/rel_notes/release_26_03.rst | 3 + drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++++ drivers/crypto/openssl/rte_openssl_pmd_ops.c | 168 +++++++++++++++++++ 5 files changed, 223 insertions(+) diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini index df6e7de316..08f7e0f82f 100644 --- a/doc/guides/cryptodevs/features/openssl.ini +++ b/doc/guides/cryptodevs/features/openssl.ini @@ -43,6 +43,14 @@ SHA384 = Y SHA384 HMAC = Y SHA512 = Y SHA512 HMAC = Y +SHA3-224 = Y +SHA3-224 HMAC = Y +SHA3-256 = Y +SHA3-256 HMAC = Y +SHA3-384 = Y +SHA3-384 HMAC = Y +SHA3-512 = Y +SHA3-512 HMAC = Y AES GMAC = Y ; diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index d467069cac..0af609fddf 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -34,12 +34,20 @@ Supported authentication algorithms: * ``RTE_CRYPTO_AUTH_SHA256`` * ``RTE_CRYPTO_AUTH_SHA384`` * ``RTE_CRYPTO_AUTH_SHA512`` +* ``RTE_CRYPTO_AUTH_SHA3_224`` +* ``RTE_CRYPTO_AUTH_SHA3_256`` +* ``RTE_CRYPTO_AUTH_SHA3_384`` +* ``RTE_CRYPTO_AUTH_SHA3_512`` * ``RTE_CRYPTO_AUTH_MD5_HMAC`` * ``RTE_CRYPTO_AUTH_SHA1_HMAC`` * ``RTE_CRYPTO_AUTH_SHA224_HMAC`` * ``RTE_CRYPTO_AUTH_SHA256_HMAC`` * ``RTE_CRYPTO_AUTH_SHA384_HMAC`` * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_224_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_384_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_512_HMAC`` Supported AEAD algorithms: diff --git a/doc/guides/rel_notes/release_26_03.rst b/doc/guides/rel_notes/release_26_03.rst index 15dabee7a1..e1a4e9d7a2 100644 --- a/doc/guides/rel_notes/release_26_03.rst +++ b/doc/guides/rel_notes/release_26_03.rst @@ -55,6 +55,9 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= + * **Updated openssl crypto driver.** + + * Added support for SHA3-224/256/384/512 algorithms. Removed Items ------------- diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 4f171f48cc..8817d7893c 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -92,6 +92,14 @@ digest_name_get(enum rte_crypto_auth_algorithm algo) return OSSL_DIGEST_NAME_SHA2_384; case RTE_CRYPTO_AUTH_SHA512_HMAC: return OSSL_DIGEST_NAME_SHA2_512; + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + return OSSL_DIGEST_NAME_SHA3_224; + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + return OSSL_DIGEST_NAME_SHA3_256; + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + return OSSL_DIGEST_NAME_SHA3_384; + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + return OSSL_DIGEST_NAME_SHA3_512; default: return NULL; } @@ -270,6 +278,22 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo, case RTE_CRYPTO_AUTH_SHA512_HMAC: *algo = EVP_sha512(); break; + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + *algo = EVP_sha3_224(); + break; + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + *algo = EVP_sha3_256(); + break; + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + *algo = EVP_sha3_384(); + break; + case RTE_CRYPTO_AUTH_SHA3_512: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + *algo = EVP_sha3_512(); + break; default: res = -EINVAL; break; @@ -659,6 +683,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_512: sess->auth.mode = OPENSSL_AUTH_AS_AUTH; if (get_auth_algo(xform->auth.algo, &sess->auth.auth.evp_algo) != 0) @@ -714,6 +742,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; algo = digest_name_get(xform->auth.algo); @@ -744,6 +776,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; sess->auth.hmac.ctx = HMAC_CTX_new(); if (get_auth_algo(xform->auth.algo, diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 5095e6cbea..8d6ae346a8 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -269,6 +269,174 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, + { /* SHA3_224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC, + .block_size = 144, + .key_size = { + .min = 1, + .max = 144, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 28, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224, + .block_size = 144, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC, + .block_size = 136, + .key_size = { + .min = 1, + .max = 136, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 32, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256, + .block_size = 136, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC, + .block_size = 104, + .key_size = { + .min = 1, + .max = 104, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 48, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384, + .block_size = 104, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC, + .block_size = 72, + .key_size = { + .min = 1, + .max = 72, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512, + .block_size = 72, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* AES CBC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { -- 2.43.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [v2] crypto/openssl: Add support for SHA3 algorithms 2026-01-27 10:11 ` Emma Finn @ 2026-01-29 14:42 ` Emma Finn 2026-02-04 10:05 ` Emma Finn 0 siblings, 1 reply; 12+ messages in thread From: Emma Finn @ 2026-01-29 14:42 UTC (permalink / raw) To: Kai Ji; +Cc: dev, Emma Finn Add SHA3-224, SHA3-256, SHA3-384, and SHA3-512 support to the OpenSSL PMD, including both hash and HMAC variants. Signed-off-by: Emma Finn <emma.finn@intel.com> --- v2: * Updated documentation --- doc/guides/cryptodevs/features/openssl.ini | 10 +- doc/guides/cryptodevs/openssl.rst | 8 + drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++++ drivers/crypto/openssl/rte_openssl_pmd_ops.c | 168 +++++++++++++++++++ 4 files changed, 221 insertions(+), 1 deletion(-) diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini index df6e7de316..82da0df22f 100644 --- a/doc/guides/cryptodevs/features/openssl.ini +++ b/doc/guides/cryptodevs/features/openssl.ini @@ -43,7 +43,15 @@ SHA384 = Y SHA384 HMAC = Y SHA512 = Y SHA512 HMAC = Y -AES GMAC = Y +SHA3_224 = Y +SHA3_224 HMAC = Y +SHA3_256 = Y +SHA3_256 HMAC = Y +SHA3_384 = Y +SHA3_384 HMAC = Y +SHA3_512 = Y +SHA3_512 HMAC = Y +AES GMAC = Y ; ; Supported AEAD algorithms of the 'openssl' crypto driver. diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index d467069cac..0af609fddf 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -34,12 +34,20 @@ Supported authentication algorithms: * ``RTE_CRYPTO_AUTH_SHA256`` * ``RTE_CRYPTO_AUTH_SHA384`` * ``RTE_CRYPTO_AUTH_SHA512`` +* ``RTE_CRYPTO_AUTH_SHA3_224`` +* ``RTE_CRYPTO_AUTH_SHA3_256`` +* ``RTE_CRYPTO_AUTH_SHA3_384`` +* ``RTE_CRYPTO_AUTH_SHA3_512`` * ``RTE_CRYPTO_AUTH_MD5_HMAC`` * ``RTE_CRYPTO_AUTH_SHA1_HMAC`` * ``RTE_CRYPTO_AUTH_SHA224_HMAC`` * ``RTE_CRYPTO_AUTH_SHA256_HMAC`` * ``RTE_CRYPTO_AUTH_SHA384_HMAC`` * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_224_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_384_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_512_HMAC`` Supported AEAD algorithms: diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 4f171f48cc..8817d7893c 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -92,6 +92,14 @@ digest_name_get(enum rte_crypto_auth_algorithm algo) return OSSL_DIGEST_NAME_SHA2_384; case RTE_CRYPTO_AUTH_SHA512_HMAC: return OSSL_DIGEST_NAME_SHA2_512; + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + return OSSL_DIGEST_NAME_SHA3_224; + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + return OSSL_DIGEST_NAME_SHA3_256; + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + return OSSL_DIGEST_NAME_SHA3_384; + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + return OSSL_DIGEST_NAME_SHA3_512; default: return NULL; } @@ -270,6 +278,22 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo, case RTE_CRYPTO_AUTH_SHA512_HMAC: *algo = EVP_sha512(); break; + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + *algo = EVP_sha3_224(); + break; + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + *algo = EVP_sha3_256(); + break; + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + *algo = EVP_sha3_384(); + break; + case RTE_CRYPTO_AUTH_SHA3_512: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + *algo = EVP_sha3_512(); + break; default: res = -EINVAL; break; @@ -659,6 +683,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_512: sess->auth.mode = OPENSSL_AUTH_AS_AUTH; if (get_auth_algo(xform->auth.algo, &sess->auth.auth.evp_algo) != 0) @@ -714,6 +742,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; algo = digest_name_get(xform->auth.algo); @@ -744,6 +776,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; sess->auth.hmac.ctx = HMAC_CTX_new(); if (get_auth_algo(xform->auth.algo, diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 5095e6cbea..8d6ae346a8 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -269,6 +269,174 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, + { /* SHA3_224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC, + .block_size = 144, + .key_size = { + .min = 1, + .max = 144, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 28, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224, + .block_size = 144, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC, + .block_size = 136, + .key_size = { + .min = 1, + .max = 136, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 32, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256, + .block_size = 136, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC, + .block_size = 104, + .key_size = { + .min = 1, + .max = 104, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 48, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384, + .block_size = 104, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC, + .block_size = 72, + .key_size = { + .min = 1, + .max = 72, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512, + .block_size = 72, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* AES CBC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { -- 2.43.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [v2] crypto/openssl: Add support for SHA3 algorithms 2026-01-29 14:42 ` Emma Finn @ 2026-02-04 10:05 ` Emma Finn 2026-02-10 15:04 ` [EXTERNAL] " Akhil Goyal 2026-02-11 11:47 ` [v3] " Emma Finn 0 siblings, 2 replies; 12+ messages in thread From: Emma Finn @ 2026-02-04 10:05 UTC (permalink / raw) To: Kai Ji; +Cc: dev, Emma Finn Add SHA3-224, SHA3-256, SHA3-384, and SHA3-512 support to the OpenSSL PMD, including both hash and HMAC variants. Signed-off-by: Emma Finn <emma.finn@intel.com> --- v2: * Updated documentation --- doc/guides/cryptodevs/features/openssl.ini | 10 +- doc/guides/cryptodevs/openssl.rst | 8 + doc/guides/rel_notes/release_26_03.rst | 4 + drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++++ drivers/crypto/openssl/rte_openssl_pmd_ops.c | 168 +++++++++++++++++++ 5 files changed, 225 insertions(+), 1 deletion(-) diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini index df6e7de316..82da0df22f 100644 --- a/doc/guides/cryptodevs/features/openssl.ini +++ b/doc/guides/cryptodevs/features/openssl.ini @@ -43,7 +43,15 @@ SHA384 = Y SHA384 HMAC = Y SHA512 = Y SHA512 HMAC = Y -AES GMAC = Y +SHA3_224 = Y +SHA3_224 HMAC = Y +SHA3_256 = Y +SHA3_256 HMAC = Y +SHA3_384 = Y +SHA3_384 HMAC = Y +SHA3_512 = Y +SHA3_512 HMAC = Y +AES GMAC = Y ; ; Supported AEAD algorithms of the 'openssl' crypto driver. diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index d467069cac..0af609fddf 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -34,12 +34,20 @@ Supported authentication algorithms: * ``RTE_CRYPTO_AUTH_SHA256`` * ``RTE_CRYPTO_AUTH_SHA384`` * ``RTE_CRYPTO_AUTH_SHA512`` +* ``RTE_CRYPTO_AUTH_SHA3_224`` +* ``RTE_CRYPTO_AUTH_SHA3_256`` +* ``RTE_CRYPTO_AUTH_SHA3_384`` +* ``RTE_CRYPTO_AUTH_SHA3_512`` * ``RTE_CRYPTO_AUTH_MD5_HMAC`` * ``RTE_CRYPTO_AUTH_SHA1_HMAC`` * ``RTE_CRYPTO_AUTH_SHA224_HMAC`` * ``RTE_CRYPTO_AUTH_SHA256_HMAC`` * ``RTE_CRYPTO_AUTH_SHA384_HMAC`` * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_224_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_384_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_512_HMAC`` Supported AEAD algorithms: diff --git a/doc/guides/rel_notes/release_26_03.rst b/doc/guides/rel_notes/release_26_03.rst index a0f89b5ea2..d7c9352649 100644 --- a/doc/guides/rel_notes/release_26_03.rst +++ b/doc/guides/rel_notes/release_26_03.rst @@ -63,6 +63,10 @@ New Features * Added support for pre and post VF reset callbacks. +* **Updated openssl crypto driver.** + + * Added support for SHA3-224, SHA3-256, SHA3-384, and SHA3-512 hash algorithms + and their HMAC variants. Removed Items ------------- diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 4f171f48cc..8817d7893c 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -92,6 +92,14 @@ digest_name_get(enum rte_crypto_auth_algorithm algo) return OSSL_DIGEST_NAME_SHA2_384; case RTE_CRYPTO_AUTH_SHA512_HMAC: return OSSL_DIGEST_NAME_SHA2_512; + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + return OSSL_DIGEST_NAME_SHA3_224; + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + return OSSL_DIGEST_NAME_SHA3_256; + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + return OSSL_DIGEST_NAME_SHA3_384; + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + return OSSL_DIGEST_NAME_SHA3_512; default: return NULL; } @@ -270,6 +278,22 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo, case RTE_CRYPTO_AUTH_SHA512_HMAC: *algo = EVP_sha512(); break; + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + *algo = EVP_sha3_224(); + break; + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + *algo = EVP_sha3_256(); + break; + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + *algo = EVP_sha3_384(); + break; + case RTE_CRYPTO_AUTH_SHA3_512: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + *algo = EVP_sha3_512(); + break; default: res = -EINVAL; break; @@ -659,6 +683,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_512: sess->auth.mode = OPENSSL_AUTH_AS_AUTH; if (get_auth_algo(xform->auth.algo, &sess->auth.auth.evp_algo) != 0) @@ -714,6 +742,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; algo = digest_name_get(xform->auth.algo); @@ -744,6 +776,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; sess->auth.hmac.ctx = HMAC_CTX_new(); if (get_auth_algo(xform->auth.algo, diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 5095e6cbea..8d6ae346a8 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -269,6 +269,174 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, + { /* SHA3_224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC, + .block_size = 144, + .key_size = { + .min = 1, + .max = 144, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 28, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224, + .block_size = 144, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC, + .block_size = 136, + .key_size = { + .min = 1, + .max = 136, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 32, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256, + .block_size = 136, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC, + .block_size = 104, + .key_size = { + .min = 1, + .max = 104, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 48, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384, + .block_size = 104, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC, + .block_size = 72, + .key_size = { + .min = 1, + .max = 72, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512, + .block_size = 72, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* AES CBC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { -- 2.43.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* RE: [EXTERNAL] [v2] crypto/openssl: Add support for SHA3 algorithms 2026-02-04 10:05 ` Emma Finn @ 2026-02-10 15:04 ` Akhil Goyal 2026-02-11 11:47 ` [v3] " Emma Finn 1 sibling, 0 replies; 12+ messages in thread From: Akhil Goyal @ 2026-02-10 15:04 UTC (permalink / raw) To: Emma Finn, Kai Ji; +Cc: dev@dpdk.org > Add SHA3-224, SHA3-256, SHA3-384, and SHA3-512 > support to the OpenSSL PMD, including both hash > and HMAC variants. > > Signed-off-by: Emma Finn <emma.finn@intel.com> > --- > v2: > * Updated documentation > --- > doc/guides/cryptodevs/features/openssl.ini | 10 +- > doc/guides/cryptodevs/openssl.rst | 8 + > doc/guides/rel_notes/release_26_03.rst | 4 + > drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++++ > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 168 +++++++++++++++++++ > 5 files changed, 225 insertions(+), 1 deletion(-) > Please rebase. ^ permalink raw reply [flat|nested] 12+ messages in thread
* [v3] crypto/openssl: Add support for SHA3 algorithms 2026-02-04 10:05 ` Emma Finn 2026-02-10 15:04 ` [EXTERNAL] " Akhil Goyal @ 2026-02-11 11:47 ` Emma Finn 2026-03-03 15:45 ` Ji, Kai ` (2 more replies) 1 sibling, 3 replies; 12+ messages in thread From: Emma Finn @ 2026-02-11 11:47 UTC (permalink / raw) To: Kai Ji; +Cc: dev, Emma Finn Add SHA3-224, SHA3-256, SHA3-384, and SHA3-512 support to the OpenSSL PMD, including both hash and HMAC variants. Signed-off-by: Emma Finn <emma.finn@intel.com> --- v2: * Updated documentation v3: * rebase --- doc/guides/cryptodevs/features/openssl.ini | 10 +- doc/guides/cryptodevs/openssl.rst | 8 + doc/guides/rel_notes/release_26_03.rst | 4 + drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++++ drivers/crypto/openssl/rte_openssl_pmd_ops.c | 168 +++++++++++++++++++ 5 files changed, 225 insertions(+), 1 deletion(-) diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini index df6e7de316..82da0df22f 100644 --- a/doc/guides/cryptodevs/features/openssl.ini +++ b/doc/guides/cryptodevs/features/openssl.ini @@ -43,7 +43,15 @@ SHA384 = Y SHA384 HMAC = Y SHA512 = Y SHA512 HMAC = Y -AES GMAC = Y +SHA3_224 = Y +SHA3_224 HMAC = Y +SHA3_256 = Y +SHA3_256 HMAC = Y +SHA3_384 = Y +SHA3_384 HMAC = Y +SHA3_512 = Y +SHA3_512 HMAC = Y +AES GMAC = Y ; ; Supported AEAD algorithms of the 'openssl' crypto driver. diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index d467069cac..0af609fddf 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -34,12 +34,20 @@ Supported authentication algorithms: * ``RTE_CRYPTO_AUTH_SHA256`` * ``RTE_CRYPTO_AUTH_SHA384`` * ``RTE_CRYPTO_AUTH_SHA512`` +* ``RTE_CRYPTO_AUTH_SHA3_224`` +* ``RTE_CRYPTO_AUTH_SHA3_256`` +* ``RTE_CRYPTO_AUTH_SHA3_384`` +* ``RTE_CRYPTO_AUTH_SHA3_512`` * ``RTE_CRYPTO_AUTH_MD5_HMAC`` * ``RTE_CRYPTO_AUTH_SHA1_HMAC`` * ``RTE_CRYPTO_AUTH_SHA224_HMAC`` * ``RTE_CRYPTO_AUTH_SHA256_HMAC`` * ``RTE_CRYPTO_AUTH_SHA384_HMAC`` * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_224_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_384_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_512_HMAC`` Supported AEAD algorithms: diff --git a/doc/guides/rel_notes/release_26_03.rst b/doc/guides/rel_notes/release_26_03.rst index 5c2a4bb32e..de7182dc08 100644 --- a/doc/guides/rel_notes/release_26_03.rst +++ b/doc/guides/rel_notes/release_26_03.rst @@ -82,6 +82,10 @@ New Features * NEA5, NIA5, NCA5: AES 256 confidentiality, integrity and AEAD modes. * NEA6, NIA6, NCA6: ZUC 256 confidentiality, integrity and AEAD modes. +* **Updated openssl crypto driver.** + + * Added support for SHA3-224, SHA3-256, SHA3-384, and SHA3-512 hash algorithms + and their HMAC variants. Removed Items ------------- diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 4f171f48cc..8817d7893c 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -92,6 +92,14 @@ digest_name_get(enum rte_crypto_auth_algorithm algo) return OSSL_DIGEST_NAME_SHA2_384; case RTE_CRYPTO_AUTH_SHA512_HMAC: return OSSL_DIGEST_NAME_SHA2_512; + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + return OSSL_DIGEST_NAME_SHA3_224; + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + return OSSL_DIGEST_NAME_SHA3_256; + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + return OSSL_DIGEST_NAME_SHA3_384; + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + return OSSL_DIGEST_NAME_SHA3_512; default: return NULL; } @@ -270,6 +278,22 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo, case RTE_CRYPTO_AUTH_SHA512_HMAC: *algo = EVP_sha512(); break; + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + *algo = EVP_sha3_224(); + break; + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + *algo = EVP_sha3_256(); + break; + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + *algo = EVP_sha3_384(); + break; + case RTE_CRYPTO_AUTH_SHA3_512: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + *algo = EVP_sha3_512(); + break; default: res = -EINVAL; break; @@ -659,6 +683,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_512: sess->auth.mode = OPENSSL_AUTH_AS_AUTH; if (get_auth_algo(xform->auth.algo, &sess->auth.auth.evp_algo) != 0) @@ -714,6 +742,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; algo = digest_name_get(xform->auth.algo); @@ -744,6 +776,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; sess->auth.hmac.ctx = HMAC_CTX_new(); if (get_auth_algo(xform->auth.algo, diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 5095e6cbea..8d6ae346a8 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -269,6 +269,174 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, + { /* SHA3_224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC, + .block_size = 144, + .key_size = { + .min = 1, + .max = 144, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 28, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224, + .block_size = 144, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC, + .block_size = 136, + .key_size = { + .min = 1, + .max = 136, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 32, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256, + .block_size = 136, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC, + .block_size = 104, + .key_size = { + .min = 1, + .max = 104, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 48, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384, + .block_size = 104, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC, + .block_size = 72, + .key_size = { + .min = 1, + .max = 72, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512, + .block_size = 72, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* AES CBC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { -- 2.43.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [v3] crypto/openssl: Add support for SHA3 algorithms 2026-02-11 11:47 ` [v3] " Emma Finn @ 2026-03-03 15:45 ` Ji, Kai 2026-03-10 6:03 ` [EXTERNAL] " Akhil Goyal 2026-03-10 10:20 ` [v4] " Emma Finn 2 siblings, 0 replies; 12+ messages in thread From: Ji, Kai @ 2026-03-03 15:45 UTC (permalink / raw) To: Finn, Emma; +Cc: dev@dpdk.org [-- Attachment #1: Type: text/plain, Size: 14599 bytes --] Acked-by: Kai Ji <kai.ji@intel.com> ________________________________ From: Finn, Emma <emma.finn@intel.com> Sent: 11 February 2026 11:47 To: Ji, Kai <kai.ji@intel.com> Cc: dev@dpdk.org <dev@dpdk.org>; Finn, Emma <emma.finn@intel.com> Subject: [v3] crypto/openssl: Add support for SHA3 algorithms Add SHA3-224, SHA3-256, SHA3-384, and SHA3-512 support to the OpenSSL PMD, including both hash and HMAC variants. Signed-off-by: Emma Finn <emma.finn@intel.com> --- v2: * Updated documentation v3: * rebase --- doc/guides/cryptodevs/features/openssl.ini | 10 +- doc/guides/cryptodevs/openssl.rst | 8 + doc/guides/rel_notes/release_26_03.rst | 4 + drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++++ drivers/crypto/openssl/rte_openssl_pmd_ops.c | 168 +++++++++++++++++++ 5 files changed, 225 insertions(+), 1 deletion(-) diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini index df6e7de316..82da0df22f 100644 --- a/doc/guides/cryptodevs/features/openssl.ini +++ b/doc/guides/cryptodevs/features/openssl.ini @@ -43,7 +43,15 @@ SHA384 = Y SHA384 HMAC = Y SHA512 = Y SHA512 HMAC = Y -AES GMAC = Y +SHA3_224 = Y +SHA3_224 HMAC = Y +SHA3_256 = Y +SHA3_256 HMAC = Y +SHA3_384 = Y +SHA3_384 HMAC = Y +SHA3_512 = Y +SHA3_512 HMAC = Y +AES GMAC = Y ; ; Supported AEAD algorithms of the 'openssl' crypto driver. diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index d467069cac..0af609fddf 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -34,12 +34,20 @@ Supported authentication algorithms: * ``RTE_CRYPTO_AUTH_SHA256`` * ``RTE_CRYPTO_AUTH_SHA384`` * ``RTE_CRYPTO_AUTH_SHA512`` +* ``RTE_CRYPTO_AUTH_SHA3_224`` +* ``RTE_CRYPTO_AUTH_SHA3_256`` +* ``RTE_CRYPTO_AUTH_SHA3_384`` +* ``RTE_CRYPTO_AUTH_SHA3_512`` * ``RTE_CRYPTO_AUTH_MD5_HMAC`` * ``RTE_CRYPTO_AUTH_SHA1_HMAC`` * ``RTE_CRYPTO_AUTH_SHA224_HMAC`` * ``RTE_CRYPTO_AUTH_SHA256_HMAC`` * ``RTE_CRYPTO_AUTH_SHA384_HMAC`` * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_224_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_384_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_512_HMAC`` Supported AEAD algorithms: diff --git a/doc/guides/rel_notes/release_26_03.rst b/doc/guides/rel_notes/release_26_03.rst index 5c2a4bb32e..de7182dc08 100644 --- a/doc/guides/rel_notes/release_26_03.rst +++ b/doc/guides/rel_notes/release_26_03.rst @@ -82,6 +82,10 @@ New Features * NEA5, NIA5, NCA5: AES 256 confidentiality, integrity and AEAD modes. * NEA6, NIA6, NCA6: ZUC 256 confidentiality, integrity and AEAD modes. +* **Updated openssl crypto driver.** + + * Added support for SHA3-224, SHA3-256, SHA3-384, and SHA3-512 hash algorithms + and their HMAC variants. Removed Items ------------- diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 4f171f48cc..8817d7893c 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -92,6 +92,14 @@ digest_name_get(enum rte_crypto_auth_algorithm algo) return OSSL_DIGEST_NAME_SHA2_384; case RTE_CRYPTO_AUTH_SHA512_HMAC: return OSSL_DIGEST_NAME_SHA2_512; + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + return OSSL_DIGEST_NAME_SHA3_224; + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + return OSSL_DIGEST_NAME_SHA3_256; + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + return OSSL_DIGEST_NAME_SHA3_384; + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + return OSSL_DIGEST_NAME_SHA3_512; default: return NULL; } @@ -270,6 +278,22 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo, case RTE_CRYPTO_AUTH_SHA512_HMAC: *algo = EVP_sha512(); break; + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + *algo = EVP_sha3_224(); + break; + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + *algo = EVP_sha3_256(); + break; + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + *algo = EVP_sha3_384(); + break; + case RTE_CRYPTO_AUTH_SHA3_512: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + *algo = EVP_sha3_512(); + break; default: res = -EINVAL; break; @@ -659,6 +683,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_512: sess->auth.mode = OPENSSL_AUTH_AS_AUTH; if (get_auth_algo(xform->auth.algo, &sess->auth.auth.evp_algo) != 0) @@ -714,6 +742,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; algo = digest_name_get(xform->auth.algo); @@ -744,6 +776,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; sess->auth.hmac.ctx = HMAC_CTX_new(); if (get_auth_algo(xform->auth.algo, diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 5095e6cbea..8d6ae346a8 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -269,6 +269,174 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, + { /* SHA3_224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC, + .block_size = 144, + .key_size = { + .min = 1, + .max = 144, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 28, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224, + .block_size = 144, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC, + .block_size = 136, + .key_size = { + .min = 1, + .max = 136, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 32, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256, + .block_size = 136, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC, + .block_size = 104, + .key_size = { + .min = 1, + .max = 104, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 48, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384, + .block_size = 104, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC, + .block_size = 72, + .key_size = { + .min = 1, + .max = 72, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512, + .block_size = 72, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* AES CBC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { -- 2.43.0 [-- Attachment #2: Type: text/html, Size: 44681 bytes --] ^ permalink raw reply related [flat|nested] 12+ messages in thread
* RE: [EXTERNAL] [v3] crypto/openssl: Add support for SHA3 algorithms 2026-02-11 11:47 ` [v3] " Emma Finn 2026-03-03 15:45 ` Ji, Kai @ 2026-03-10 6:03 ` Akhil Goyal 2026-03-10 10:20 ` [v4] " Emma Finn 2 siblings, 0 replies; 12+ messages in thread From: Akhil Goyal @ 2026-03-10 6:03 UTC (permalink / raw) To: Emma Finn, Kai Ji; +Cc: dev@dpdk.org > Add SHA3-224, SHA3-256, SHA3-384, and SHA3-512 > support to the OpenSSL PMD, including both hash > and HMAC variants. > > Signed-off-by: Emma Finn <emma.finn@intel.com> > --- > v2: > * Updated documentation > v3: > * rebase Seems it is still not rebased on next-crypto dpdk-next-crypto$ git am index.html Applying: crypto/openssl: Add support for SHA3 algorithms error: patch failed: doc/guides/cryptodevs/features/openssl.ini:43 error: doc/guides/cryptodevs/features/openssl.ini: patch does not apply error: patch failed: doc/guides/cryptodevs/openssl.rst:34 error: doc/guides/cryptodevs/openssl.rst: patch does not apply error: patch failed: doc/guides/rel_notes/release_26_03.rst:82 error: doc/guides/rel_notes/release_26_03.rst: patch does not apply error: patch failed: drivers/crypto/openssl/rte_openssl_pmd.c:270 error: drivers/crypto/openssl/rte_openssl_pmd.c: patch does not apply error: patch failed: drivers/crypto/openssl/rte_openssl_pmd_ops.c:269 error: drivers/crypto/openssl/rte_openssl_pmd_ops.c: patch does not apply Patch failed at 0001 crypto/openssl: Add support for SHA3 algorithms ^ permalink raw reply [flat|nested] 12+ messages in thread
* [v4] crypto/openssl: Add support for SHA3 algorithms 2026-02-11 11:47 ` [v3] " Emma Finn 2026-03-03 15:45 ` Ji, Kai 2026-03-10 6:03 ` [EXTERNAL] " Akhil Goyal @ 2026-03-10 10:20 ` Emma Finn 2026-03-10 14:41 ` [EXTERNAL] " Akhil Goyal 2 siblings, 1 reply; 12+ messages in thread From: Emma Finn @ 2026-03-10 10:20 UTC (permalink / raw) To: Kai Ji; +Cc: dev, gakhil, Emma Finn Add SHA3-224, SHA3-256, SHA3-384, and SHA3-512 support to the OpenSSL PMD, including both hash and HMAC variants. Signed-off-by: Emma Finn <emma.finn@intel.com> --- v2: * Updated documentation v3: * rebase v4: * rebase --- doc/guides/cryptodevs/features/openssl.ini | 8 + doc/guides/cryptodevs/openssl.rst | 8 + doc/guides/rel_notes/release_26_03.rst | 2 + drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++++ drivers/crypto/openssl/rte_openssl_pmd_ops.c | 168 +++++++++++++++++++ 5 files changed, 222 insertions(+) diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini index 536557e9e0..bcc0c39c2f 100644 --- a/doc/guides/cryptodevs/features/openssl.ini +++ b/doc/guides/cryptodevs/features/openssl.ini @@ -45,6 +45,14 @@ SHA384 = Y SHA384 HMAC = Y SHA512 = Y SHA512 HMAC = Y +SHA3_224 = Y +SHA3_224 HMAC = Y +SHA3_256 = Y +SHA3_256 HMAC = Y +SHA3_384 = Y +SHA3_384 HMAC = Y +SHA3_512 = Y +SHA3_512 HMAC = Y SHAKE_128 = Y SHAKE_256 = Y AES GMAC = Y diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index 921592ba2d..9d94668a9a 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -35,12 +35,20 @@ Supported authentication algorithms: * ``RTE_CRYPTO_AUTH_SHA256`` * ``RTE_CRYPTO_AUTH_SHA384`` * ``RTE_CRYPTO_AUTH_SHA512`` +* ``RTE_CRYPTO_AUTH_SHA3_224`` +* ``RTE_CRYPTO_AUTH_SHA3_256`` +* ``RTE_CRYPTO_AUTH_SHA3_384`` +* ``RTE_CRYPTO_AUTH_SHA3_512`` * ``RTE_CRYPTO_AUTH_MD5_HMAC`` * ``RTE_CRYPTO_AUTH_SHA1_HMAC`` * ``RTE_CRYPTO_AUTH_SHA224_HMAC`` * ``RTE_CRYPTO_AUTH_SHA256_HMAC`` * ``RTE_CRYPTO_AUTH_SHA384_HMAC`` * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_224_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_384_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_512_HMAC`` * ``RTE_CRYPTO_AUTH_SHAKE_128`` * ``RTE_CRYPTO_AUTH_SHAKE_256`` diff --git a/doc/guides/rel_notes/release_26_03.rst b/doc/guides/rel_notes/release_26_03.rst index b4499ec066..2c3a318dba 100644 --- a/doc/guides/rel_notes/release_26_03.rst +++ b/doc/guides/rel_notes/release_26_03.rst @@ -100,6 +100,8 @@ New Features * Added support for AES-XTS cipher algorithm. * Added support for SHAKE-128 and SHAKE-256 authentication algorithms. + * Added support for SHA3-224, SHA3-256, SHA3-384, and SHA3-512 hash algorithms + and their HMAC variants. * **Added Ctrl+L support to cmdline library.** diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index e5fa1a4eeb..c34efb8ad0 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -92,6 +92,14 @@ digest_name_get(enum rte_crypto_auth_algorithm algo) return OSSL_DIGEST_NAME_SHA2_384; case RTE_CRYPTO_AUTH_SHA512_HMAC: return OSSL_DIGEST_NAME_SHA2_512; + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + return OSSL_DIGEST_NAME_SHA3_224; + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + return OSSL_DIGEST_NAME_SHA3_256; + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + return OSSL_DIGEST_NAME_SHA3_384; + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + return OSSL_DIGEST_NAME_SHA3_512; default: return NULL; } @@ -282,6 +290,22 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo, case RTE_CRYPTO_AUTH_SHA512_HMAC: *algo = EVP_sha512(); break; + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + *algo = EVP_sha3_224(); + break; + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + *algo = EVP_sha3_256(); + break; + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + *algo = EVP_sha3_384(); + break; + case RTE_CRYPTO_AUTH_SHA3_512: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + *algo = EVP_sha3_512(); + break; #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) case RTE_CRYPTO_AUTH_SHAKE_128: *algo = EVP_shake128(); @@ -680,6 +704,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_512: #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) case RTE_CRYPTO_AUTH_SHAKE_128: case RTE_CRYPTO_AUTH_SHAKE_256: @@ -739,6 +767,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; algo = digest_name_get(xform->auth.algo); @@ -769,6 +801,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; sess->auth.hmac.ctx = HMAC_CTX_new(); if (get_auth_algo(xform->auth.algo, diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 0f2b82ec00..6133622f1b 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -269,6 +269,174 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, + { /* SHA3_224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC, + .block_size = 144, + .key_size = { + .min = 1, + .max = 144, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 28, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224, + .block_size = 144, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC, + .block_size = 136, + .key_size = { + .min = 1, + .max = 136, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 32, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256, + .block_size = 136, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC, + .block_size = 104, + .key_size = { + .min = 1, + .max = 104, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 48, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384, + .block_size = 104, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC, + .block_size = 72, + .key_size = { + .min = 1, + .max = 72, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512, + .block_size = 72, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* AES XTS */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { -- 2.43.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* RE: [EXTERNAL] [v4] crypto/openssl: Add support for SHA3 algorithms 2026-03-10 10:20 ` [v4] " Emma Finn @ 2026-03-10 14:41 ` Akhil Goyal 0 siblings, 0 replies; 12+ messages in thread From: Akhil Goyal @ 2026-03-10 14:41 UTC (permalink / raw) To: Emma Finn, Kai Ji; +Cc: dev@dpdk.org > Add SHA3-224, SHA3-256, SHA3-384, and SHA3-512 > support to the OpenSSL PMD, including both hash > and HMAC variants. > > Signed-off-by: Emma Finn <emma.finn@intel.com> > --- > v2: > * Updated documentation > v3: > * rebase > v4: > * rebase > --- > doc/guides/cryptodevs/features/openssl.ini | 8 + > doc/guides/cryptodevs/openssl.rst | 8 + > doc/guides/rel_notes/release_26_03.rst | 2 + > drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++++ > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 168 +++++++++++++++++++ > 5 files changed, 222 insertions(+) Acked-by: Akhil Goyal <gakhil@marvell.com> Applied to dpdk-next-crypto Thanks. ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2026-03-10 14:42 UTC | newest] Thread overview: 12+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-01-08 13:08 [PATCH] crypto/openssl: Add support for SHA3 algorithms Emma Finn 2026-01-23 16:36 ` Ji, Kai 2026-01-27 10:05 ` [v2] " Emma Finn 2026-01-27 10:11 ` Emma Finn 2026-01-29 14:42 ` Emma Finn 2026-02-04 10:05 ` Emma Finn 2026-02-10 15:04 ` [EXTERNAL] " Akhil Goyal 2026-02-11 11:47 ` [v3] " Emma Finn 2026-03-03 15:45 ` Ji, Kai 2026-03-10 6:03 ` [EXTERNAL] " Akhil Goyal 2026-03-10 10:20 ` [v4] " Emma Finn 2026-03-10 14:41 ` [EXTERNAL] " Akhil Goyal
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox