[PATCH v3 1/3] cryptodev: support PQC ML algorithms
Akhil Goyal
gakhil at marvell.com
Fri Oct 3 16:24:33 CEST 2025
> Subject: [PATCH v3 1/3] cryptodev: support PQC ML algorithms
>
> Add support for PQC ML-KEM and ML-DSA algorithms.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn at marvell.com>
> ---
> doc/guides/cryptodevs/features/default.ini | 2 +
> doc/guides/prog_guide/cryptodev_lib.rst | 3 +-
> doc/guides/rel_notes/release_25_11.rst | 11 +
> lib/cryptodev/rte_crypto_asym.h | 306 +++++++++++++++++++++
> lib/cryptodev/rte_cryptodev.c | 60 ++++
> lib/cryptodev/rte_cryptodev.h | 15 +-
> 6 files changed, 394 insertions(+), 3 deletions(-)
>
> diff --git a/doc/guides/cryptodevs/features/default.ini
> b/doc/guides/cryptodevs/features/default.ini
> index 116ffce249..64198f013a 100644
> --- a/doc/guides/cryptodevs/features/default.ini
> +++ b/doc/guides/cryptodevs/features/default.ini
> @@ -134,6 +134,8 @@ ECPM =
> ECDH =
> SM2 =
> EdDSA =
> +ML-DSA =
> +ML-KEM =
>
> ;
> ; Supported Operating systems of a default crypto driver.
> diff --git a/doc/guides/prog_guide/cryptodev_lib.rst
> b/doc/guides/prog_guide/cryptodev_lib.rst
> index b54efcb74e..f0ee44eb54 100644
> --- a/doc/guides/prog_guide/cryptodev_lib.rst
> +++ b/doc/guides/prog_guide/cryptodev_lib.rst
> @@ -928,7 +928,8 @@ Asymmetric Cryptography
> The cryptodev library currently provides support for the following asymmetric
> Crypto operations; RSA, Modular exponentiation and inversion, Diffie-Hellman
> and
> Elliptic Curve Diffie-Hellman public and/or private key generation and shared
> -secret compute, DSA and EdDSA signature generation and verification.
> +secret compute, DSA and EdDSA signature generation and verification,
> +PQC ML-KEM and ML-DSA algorithms.
>
> Session and Session Management
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> diff --git a/doc/guides/rel_notes/release_25_11.rst
> b/doc/guides/rel_notes/release_25_11.rst
> index c3b94e1896..9d47f762d7 100644
> --- a/doc/guides/rel_notes/release_25_11.rst
> +++ b/doc/guides/rel_notes/release_25_11.rst
> @@ -76,6 +76,14 @@ New Features
> * Added multi-process per port.
> * Optimized code.
>
> +* **Added PQC ML-KEM and ML-DSA support.**
> +
> + * Added PQC ML-KEM support with reference to FIPS203.
> + * Added PQC ML-DSA support with reference to FIPS204.
> +
> +* **Updated openssl crypto driver.**
> +
> + * Added support for PQC ML-KEM and ML-DSA algorithms.
Split the openssl update into your 2/3 patch.
>
> Removed Items
> -------------
> @@ -138,6 +146,9 @@ ABI Changes
> * stack: The structure ``rte_stack_lf_head`` alignment has been updated to 16
> bytes
> to avoid unaligned accesses.
>
> +* cryptodev: The enum ``rte_crypto_asym_xform_type``, struct
> ``rte_crypto_asym_xform``
> + and struct ``rte_crypto_asym_op`` are updated to include new values to
> support
> + ML-KEM and ML-DSA.
>
> Known Issues
> ------------
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 9787b710e7..14a0e57467 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -37,6 +37,20 @@ rte_crypto_asym_ke_strings[];
> extern const char *
> rte_crypto_asym_op_strings[];
>
> +/** PQC ML crypto op parameters size */
> +extern const uint16_t
> +rte_crypto_ml_kem_pubkey_size[];
> +extern const uint16_t
> +rte_crypto_ml_kem_privkey_size[];
> +extern const uint16_t
> +rte_crypto_ml_kem_cipher_size[];
> +extern const uint16_t
> +rte_crypto_ml_dsa_pubkey_size[];
> +extern const uint16_t
> +rte_crypto_ml_dsa_privkey_size[];
> +extern const uint16_t
> +rte_crypto_ml_dsa_sign_size[];
> +
> #ifdef __cplusplus
> }
> #endif
> @@ -144,6 +158,14 @@ enum rte_crypto_asym_xform_type {
> /**< Edwards Curve Digital Signature Algorithm
> * Perform Signature Generation and Verification.
> */
> + RTE_CRYPTO_ASYM_XFORM_ML_KEM,
> + /**< Module Lattice based Key Encapsulation Mechanism
> + * Performs Key Pair Generation, Encapsulation and Decapsulation.
> + */
> + RTE_CRYPTO_ASYM_XFORM_ML_DSA
> + /**< Module Lattice based Digital Signature Algorithm
> + * Performs Key Pair Generation, Signature Generation and Verification.
> + */
> };
>
> /**
> @@ -720,6 +742,282 @@ struct rte_crypto_sm2_op_param {
> */
> };
>
> +/**
> + * PQC ML-KEM algorithms
> + *
> + * List of ML-KEM algorithms used in PQC
> + */
> +enum rte_crypto_ml_kem_param_set {
> + RTE_CRYPTO_ML_KEM_PARAM_NONE,
> + RTE_CRYPTO_ML_KEM_PARAM_512,
> + RTE_CRYPTO_ML_KEM_PARAM_768,
> + RTE_CRYPTO_ML_KEM_PARAM_1024,
> +};
Can we drop PARAM and use RTE_CRYPTO_ML_KEM_512
> +
> +/**
> + * PQC ML-KEM op types
> + *
> + * List of ML-KEM op types in PQC
> + */
> +enum rte_crypto_ml_kem_op_type {
> + RTE_CRYPTO_ML_KEM_OP_KEYGEN,
> + RTE_CRYPTO_ML_KEM_OP_KEYVER,
> + RTE_CRYPTO_ML_KEM_OP_ENCAP,
> + RTE_CRYPTO_ML_KEM_OP_DECAP,
> + RTE_CRYPTO_ML_KEM_OP_END
> +};
> +
> +/**
> + * PQC ML-KEM transform data
> + *
> + * Structure describing ML-KEM xform params
> + */
> +struct rte_crypto_ml_kem_xform {
> + enum rte_crypto_ml_kem_param_set param;
> +};
Doxygen comments missing.
> +
> +/**
> + * PQC ML-KEM KEYGEN op
> + *
> + * Parameters for PQC ML-KEM key generation operation
> + */
> +struct rte_crypto_ml_kem_keygen_op {
> + rte_crypto_param d;
> + /**< The seed d value (of 32 bytes in length) to generate key pair.*/
> +
> + rte_crypto_param z;
> + /**< The seed z value (of 32 bytes in length) to generate key pair.*/
> +
> + rte_crypto_param ek;
> + /**<
> + * Pointer to output data
> + * - The computed encapsulation key.
> + * - Refer `rte_crypto_ml_kem_pubkey_size` for size of buffer.
> + */
> +
> + rte_crypto_param dk;
> + /**<
> + * Pointer to output data
> + * - The computed decapsulation key.
> + * - Refer `rte_crypto_ml_kem_privkey_size` for size of buffer.
> + */
> +};
> +
> +/**
> + * PQC ML-KEM KEYVER op
> + *
> + * Parameters for PQC ML-KEM key verification operation
> + */
> +struct rte_crypto_ml_kem_keyver_op {
> + enum rte_crypto_ml_kem_op_type op;
> + /**<
> + * Op associated with key to be verified is one of below:
> + * - Encapsulation op
> + * - Decapsulation op
> + */
> +
> + rte_crypto_param key;
> + /**<
> + * KEM key to check.
> + * - ek in case of encapsulation op.
> + * - dk in case of decapsulation op.
> + */
> +};
> +
> +/**
> + * PQC ML-KEM ENCAP op
> + *
> + * Parameters for PQC ML-KEM encapsulation operation
> + */
> +struct rte_crypto_ml_kem_encap_op {
> + rte_crypto_param message;
> + /**< The message (of 32 bytes in length) for randomness.*/
> +
> + rte_crypto_param ek;
> + /**< The encapsulation key.*/
> +
> + rte_crypto_param cipher;
> + /**<
> + * Pointer to output data
> + * - The computed cipher.
> + * - Refer `rte_crypto_ml_kem_cipher_size` for size of buffer.
> + */
> +
> + rte_crypto_param sk;
> + /**<
> + * Pointer to output data
> + * - The computed shared secret key (32 bytes).
> + */
> +};
> +
> +/**
> + * PQC ML-KEM DECAP op
> + *
> + * Parameters for PQC ML-KEM decapsulation operation
> + */
> +struct rte_crypto_ml_kem_decap_op {
> + rte_crypto_param cipher;
> + /**< The cipher to be decapsulated.*/
> +
> + rte_crypto_param dk;
> + /**< The decapsulation key.*/
> +
> + rte_crypto_param sk;
> + /**<
> + * Pointer to output data
> + * - The computed shared secret key (32 bytes).
> + */
> +};
> +
> +/**
> + * PQC ML-KEM op
> + *
> + * Parameters for PQC ML-KEM operation
> + */
> +struct rte_crypto_ml_kem_op {
> + enum rte_crypto_ml_kem_op_type op;
> + union {
> + struct rte_crypto_ml_kem_keygen_op keygen;
> + struct rte_crypto_ml_kem_keyver_op keyver;
> + struct rte_crypto_ml_kem_encap_op encap;
> + struct rte_crypto_ml_kem_decap_op decap;
> + };
> +};
> +
> +/**
> + * PQC ML-DSA algorithms
> + *
> + * List of ML-DSA algorithms used in PQC
> + */
> +enum rte_crypto_ml_dsa_param_set {
> + RTE_CRYPTO_ML_DSA_PARAM_NONE,
> + RTE_CRYPTO_ML_DSA_PARAM_44,
> + RTE_CRYPTO_ML_DSA_PARAM_65,
> + RTE_CRYPTO_ML_DSA_PARAM_87,
> +};
Can we drop PARAM?
> +
> +/**
> + * PQC ML-DSA op types
> + *
> + * List of ML-DSA op types in PQC
> + */
> +enum rte_crypto_ml_dsa_op_type {
> + RTE_CRYPTO_ML_DSA_OP_KEYGEN,
> + RTE_CRYPTO_ML_DSA_OP_SIGN,
> + RTE_CRYPTO_ML_DSA_OP_VERIFY,
> + RTE_CRYPTO_ML_DSA_OP_END
> +};
> +
> +/**
> + * PQC ML-DSA transform data
> + *
> + * Structure describing ML-DSA xform params
> + */
> +struct rte_crypto_ml_dsa_xform {
> + enum rte_crypto_ml_dsa_param_set param;
Add missing doxygen comments.
> +
> + bool sign_deterministic;
> + /**< The signature generated using deterministic method. */
> +
> + bool sign_prehash;
> + /**< The signature generated using prehash or pure routine. */
> +};
> +
> +/**
> + * PQC ML-DSA KEYGEN op
> + *
> + * Parameters for PQC ML-DSA key generation operation
> + */
> +struct rte_crypto_ml_dsa_keygen_op {
> + rte_crypto_param seed;
> + /**< The random seed (of 32 bytes in length) to generate key pair.*/
> +
> + rte_crypto_param pubkey;
> + /**<
> + * Pointer to output data
> + * - The computed public key.
> + * - Refer `rte_crypto_ml_dsa_pubkey_size` for size of buffer.
> + */
> +
> + rte_crypto_param privkey;
> + /**<
> + * Pointer to output data
> + * - The computed secret key.
> + * - Refer `rte_crypto_ml_dsa_privkey_size` for size of buffer.
> + */
> +};
> +
> +/**
> + * PQC ML-DSA SIGGEN op
> + *
> + * Parameters for PQC ML-DSA sign operation
> + */
> +struct rte_crypto_ml_dsa_siggen_op {
> + rte_crypto_param message;
> + /**< The message to generate signature.*/
> +
> + rte_crypto_param mu;
> + /**< The mu to generate signature.*/
> +
> + rte_crypto_param privkey;
> + /**< The secret key to generate signature.*/
> +
> + rte_crypto_param seed;
> + /**< The seed to generate signature.*/
> +
> + rte_crypto_param ctx;
> + /**< The context key to generate signature.*/
> +
> + enum rte_crypto_auth_algorithm hash;
> + /**< Hash function to generate signature. */
> +
> + rte_crypto_param sign;
> + /**<
> + * Pointer to output data
> + * - The computed signature.
> + * - Refer `rte_crypto_ml_dsa_sign_size` for size of buffer.
> + */
> +};
> +
> +/**
> + * PQC ML-DSA SIGVER op
> + *
> + * Parameters for PQC ML-DSA verify operation
> + */
> +struct rte_crypto_ml_dsa_sigver_op {
> + rte_crypto_param pubkey;
> + /**< The public key to verify signature.*/
> +
> + rte_crypto_param message;
> + /**< The message used to verify signature.*/
> +
> + rte_crypto_param sign;
> + /**< The signature to verify.*/
> +
> + rte_crypto_param mu;
> + /**< The mu used to generate signature.*/
> +
> + rte_crypto_param ctx;
> + /**< The context key to generate signature.*/
> +
> + enum rte_crypto_auth_algorithm hash;
> + /**< Hash function to generate signature. */
> +};
> +
> +/**
> + * PQC ML-DSA op
> + *
> + * Parameters for PQC ML-DSA operation
> + */
> +struct rte_crypto_ml_dsa_op {
> + enum rte_crypto_ml_dsa_op_type op;
> + union {
> + struct rte_crypto_ml_dsa_keygen_op keygen;
> + struct rte_crypto_ml_dsa_siggen_op siggen;
> + struct rte_crypto_ml_dsa_sigver_op sigver;
> + };
> +};
> +
> /**
> * Asymmetric crypto transform data
> *
> @@ -751,6 +1049,12 @@ struct rte_crypto_asym_xform {
> /**< EC xform parameters, used by elliptic curve based
> * operations.
> */
> +
> + struct rte_crypto_ml_kem_xform mlkem;
> + /**< PQC ML-KEM xform parameters */
> +
> + struct rte_crypto_ml_dsa_xform mldsa;
> + /**< PQC ML-DSA xform parameters */
> };
> };
>
> @@ -778,6 +1082,8 @@ struct rte_crypto_asym_op {
> struct rte_crypto_ecpm_op_param ecpm;
> struct rte_crypto_sm2_op_param sm2;
> struct rte_crypto_eddsa_op_param eddsa;
> + struct rte_crypto_ml_kem_op mlkem;
> + struct rte_crypto_ml_dsa_op mldsa;
> };
> uint16_t flags;
> /**<
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
> index bb7bab4dd5..fd40c8a64c 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -229,6 +229,66 @@ const char *rte_crypto_asym_ke_strings[] = {
> [RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY] = "pub_ec_key_verify"
> };
>
> +/**
> + * Public key size used in PQC ML-KEM based crypto ops.
> + */
> +RTE_EXPORT_SYMBOL(rte_crypto_ml_kem_pubkey_size)
> +const uint16_t rte_crypto_ml_kem_pubkey_size[] = {
> + [RTE_CRYPTO_ML_KEM_PARAM_512] = 800,
> + [RTE_CRYPTO_ML_KEM_PARAM_768] = 1184,
> + [RTE_CRYPTO_ML_KEM_PARAM_1024] = 1568,
> +};
> +
> +/**
> + * Private key size used in PQC ML-KEM based crypto ops.
> + */
> +RTE_EXPORT_SYMBOL(rte_crypto_ml_kem_privkey_size)
> +const uint16_t rte_crypto_ml_kem_privkey_size[] = {
> + [RTE_CRYPTO_ML_KEM_PARAM_512] = 1632,
> + [RTE_CRYPTO_ML_KEM_PARAM_768] = 2400,
> + [RTE_CRYPTO_ML_KEM_PARAM_1024] = 3168,
> +};
> +
> +/**
> + * Cipher size used in PQC ML-KEM based crypto ops.
> + */
> +RTE_EXPORT_SYMBOL(rte_crypto_ml_kem_cipher_size)
> +const uint16_t rte_crypto_ml_kem_cipher_size[] = {
> + [RTE_CRYPTO_ML_KEM_PARAM_512] = 768,
> + [RTE_CRYPTO_ML_KEM_PARAM_768] = 1088,
> + [RTE_CRYPTO_ML_KEM_PARAM_1024] = 1568,
> +};
> +
> +/**
> + * Public key size used in PQC ML-DSA based crypto ops.
> + */
> +RTE_EXPORT_SYMBOL(rte_crypto_ml_dsa_pubkey_size)
> +const uint16_t rte_crypto_ml_dsa_pubkey_size[] = {
> + [RTE_CRYPTO_ML_DSA_PARAM_44] = 1312,
> + [RTE_CRYPTO_ML_DSA_PARAM_65] = 1952,
> + [RTE_CRYPTO_ML_DSA_PARAM_87] = 2592,
> +};
> +
> +/**
> + * Private key size used in PQC ML-DSA based crypto ops.
> + */
> +RTE_EXPORT_SYMBOL(rte_crypto_ml_dsa_privkey_size)
> +const uint16_t rte_crypto_ml_dsa_privkey_size[] = {
> + [RTE_CRYPTO_ML_DSA_PARAM_44] = 2560,
> + [RTE_CRYPTO_ML_DSA_PARAM_65] = 4032,
> + [RTE_CRYPTO_ML_DSA_PARAM_87] = 4896,
> +};
> +
> +/**
> + * Sign size used in PQC ML-KEM based crypto ops.
> + */
> +RTE_EXPORT_SYMBOL(rte_crypto_ml_dsa_sign_size)
> +const uint16_t rte_crypto_ml_dsa_sign_size[] = {
> + [RTE_CRYPTO_ML_DSA_PARAM_44] = 2420,
> + [RTE_CRYPTO_ML_DSA_PARAM_65] = 3309,
> + [RTE_CRYPTO_ML_DSA_PARAM_87] = 4627,
> +};
> +
> struct rte_cryptodev_sym_session_pool_private_data {
> uint16_t sess_data_sz;
> /**< driver session data size */
> diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
> index eaf0e50d37..37a6a5e49b 100644
> --- a/lib/cryptodev/rte_cryptodev.h
> +++ b/lib/cryptodev/rte_cryptodev.h
> @@ -167,10 +167,13 @@ struct rte_cryptodev_asymmetric_xform_capability {
> uint32_t op_types;
> /**<
> * Bitmask for supported rte_crypto_asym_op_type or
> + * rte_crypto_ml_kem_op_type or rte_crypto_ml_dsa_op_type or
> * rte_crypto_asym_ke_type. Which enum is used is determined
> * by the rte_crypto_asym_xform_type. For key exchange algorithms
> - * like Diffie-Hellman it is rte_crypto_asym_ke_type, for others
> - * it is rte_crypto_asym_op_type.
> + * like Diffie-Hellman it is rte_crypto_asym_ke_type,
> + * for ML-KEM algorithms it is rte_crypto_ml_kem_op_type,
> + * for ML-DSA algorithms it is rte_crypto_ml_dsa_op_type,
> + * or others it is rte_crypto_asym_op_type.
> */
>
> __extension__
> @@ -188,6 +191,12 @@ struct rte_cryptodev_asymmetric_xform_capability {
>
> uint32_t op_capa[RTE_CRYPTO_ASYM_OP_LIST_END];
> /**< Operation specific capabilities. */
> +
> + uint32_t mlkem_capa[RTE_CRYPTO_ML_KEM_OP_END];
> + /**< Bitmask of supported ML-KEM parameter sets. */
> +
> + uint32_t mldsa_capa[RTE_CRYPTO_ML_DSA_OP_END];
> + /**< Bitmask of supported ML-DSA parameter sets. */
> };
>
> uint64_t hash_algos;
> @@ -577,6 +586,8 @@ rte_cryptodev_asym_get_xform_string(enum
> rte_crypto_asym_xform_type xform_enum);
> /**< Support inner checksum computation/verification */
> #define RTE_CRYPTODEV_FF_SECURITY_RX_INJECT (1ULL << 28)
> /**< Support Rx injection after security processing */
> +#define RTE_CRYPTODEV_FF_MLDSA_SIGN_PREHASH (1ULL << 29)
> +/**< Support Pre Hash ML-DSA Signature Generation */
>
> /**
> * Get the name of a crypto device feature flag
> --
> 2.37.1
More information about the dev
mailing list