Add SHA3-224, SHA3-256, SHA3-384, and SHA3-512 support to the OpenSSL PMD, including both hash and HMAC variants.
Signed-off-by: Emma Finn <[email protected]> --- v2: * Updated documentation v3: * rebase v4: * rebase --- doc/guides/cryptodevs/features/openssl.ini | 8 + doc/guides/cryptodevs/openssl.rst | 8 + doc/guides/rel_notes/release_26_03.rst | 2 + drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++++ drivers/crypto/openssl/rte_openssl_pmd_ops.c | 168 +++++++++++++++++++ 5 files changed, 222 insertions(+) diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini index 536557e9e0..bcc0c39c2f 100644 --- a/doc/guides/cryptodevs/features/openssl.ini +++ b/doc/guides/cryptodevs/features/openssl.ini @@ -45,6 +45,14 @@ SHA384 = Y SHA384 HMAC = Y SHA512 = Y SHA512 HMAC = Y +SHA3_224 = Y +SHA3_224 HMAC = Y +SHA3_256 = Y +SHA3_256 HMAC = Y +SHA3_384 = Y +SHA3_384 HMAC = Y +SHA3_512 = Y +SHA3_512 HMAC = Y SHAKE_128 = Y SHAKE_256 = Y AES GMAC = Y diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index 921592ba2d..9d94668a9a 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -35,12 +35,20 @@ Supported authentication algorithms: * ``RTE_CRYPTO_AUTH_SHA256`` * ``RTE_CRYPTO_AUTH_SHA384`` * ``RTE_CRYPTO_AUTH_SHA512`` +* ``RTE_CRYPTO_AUTH_SHA3_224`` +* ``RTE_CRYPTO_AUTH_SHA3_256`` +* ``RTE_CRYPTO_AUTH_SHA3_384`` +* ``RTE_CRYPTO_AUTH_SHA3_512`` * ``RTE_CRYPTO_AUTH_MD5_HMAC`` * ``RTE_CRYPTO_AUTH_SHA1_HMAC`` * ``RTE_CRYPTO_AUTH_SHA224_HMAC`` * ``RTE_CRYPTO_AUTH_SHA256_HMAC`` * ``RTE_CRYPTO_AUTH_SHA384_HMAC`` * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_224_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_384_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA3_512_HMAC`` * ``RTE_CRYPTO_AUTH_SHAKE_128`` * ``RTE_CRYPTO_AUTH_SHAKE_256`` diff --git a/doc/guides/rel_notes/release_26_03.rst b/doc/guides/rel_notes/release_26_03.rst index b4499ec066..2c3a318dba 100644 --- a/doc/guides/rel_notes/release_26_03.rst +++ b/doc/guides/rel_notes/release_26_03.rst @@ -100,6 +100,8 @@ New Features * Added support for AES-XTS cipher algorithm. * Added support for SHAKE-128 and SHAKE-256 authentication algorithms. + * Added support for SHA3-224, SHA3-256, SHA3-384, and SHA3-512 hash algorithms + and their HMAC variants. * **Added Ctrl+L support to cmdline library.** diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index e5fa1a4eeb..c34efb8ad0 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -92,6 +92,14 @@ digest_name_get(enum rte_crypto_auth_algorithm algo) return OSSL_DIGEST_NAME_SHA2_384; case RTE_CRYPTO_AUTH_SHA512_HMAC: return OSSL_DIGEST_NAME_SHA2_512; + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + return OSSL_DIGEST_NAME_SHA3_224; + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + return OSSL_DIGEST_NAME_SHA3_256; + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + return OSSL_DIGEST_NAME_SHA3_384; + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + return OSSL_DIGEST_NAME_SHA3_512; default: return NULL; } @@ -282,6 +290,22 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo, case RTE_CRYPTO_AUTH_SHA512_HMAC: *algo = EVP_sha512(); break; + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + *algo = EVP_sha3_224(); + break; + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + *algo = EVP_sha3_256(); + break; + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + *algo = EVP_sha3_384(); + break; + case RTE_CRYPTO_AUTH_SHA3_512: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + *algo = EVP_sha3_512(); + break; #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) case RTE_CRYPTO_AUTH_SHAKE_128: *algo = EVP_shake128(); @@ -680,6 +704,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA3_224: + case RTE_CRYPTO_AUTH_SHA3_256: + case RTE_CRYPTO_AUTH_SHA3_384: + case RTE_CRYPTO_AUTH_SHA3_512: #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) case RTE_CRYPTO_AUTH_SHAKE_128: case RTE_CRYPTO_AUTH_SHAKE_256: @@ -739,6 +767,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; algo = digest_name_get(xform->auth.algo); @@ -769,6 +801,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA256_HMAC: case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; sess->auth.hmac.ctx = HMAC_CTX_new(); if (get_auth_algo(xform->auth.algo, diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 0f2b82ec00..6133622f1b 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -269,6 +269,174 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, + { /* SHA3_224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC, + .block_size = 144, + .key_size = { + .min = 1, + .max = 144, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 28, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224, + .block_size = 144, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC, + .block_size = 136, + .key_size = { + .min = 1, + .max = 136, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 32, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256, + .block_size = 136, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC, + .block_size = 104, + .key_size = { + .min = 1, + .max = 104, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 48, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384, + .block_size = 104, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC, + .block_size = 72, + .key_size = { + .min = 1, + .max = 72, + .increment = 1 + }, + .digest_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, + { /* SHA3_512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512, + .block_size = 72, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* AES XTS */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { -- 2.43.0
