From nobody Tue Dec 16 07:44:47 2025 Received: from devnull.danielhodges.dev (vps-2f6e086e.vps.ovh.us [135.148.138.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 428962DA756; Mon, 8 Dec 2025 03:01:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=135.148.138.8 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765162891; cv=none; b=iJHC6aWdRs4+AxBc0WPIeCL8Hx008HHTpFGTFJrWNOEEbMgP9gJ19Vekcxk6+ADyfAozmaRVpSOWVEhIvoRBCokgBJM+usBQMIIpWFsMrvBlO/wTlG7IANDhvpFOU4p5sY2epMPkewSE0U/Ui9UQub59nJ8yKxvG4b3Zxyp0z68= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765162891; c=relaxed/simple; bh=69f0no6crvKhMEd+JiQv8rn2UCxYW5/d6S8UNzaKXr8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oCuJDvIQUXGNeldI33IlijDWXKkzL8DYTFMYxPkZEdkRfXoyjAAC3X3VHtKibFO1HNieISkjnvliQvcbsjhnrMkQT103qFDml3X0v3BYfHDa+en1iFwzH7U8xMnli4dyNlNwc/AdonpO/IaF39YCw70ookqHlZfE/8XanzeK0NE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev; spf=pass smtp.mailfrom=danielhodges.dev; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=addqnOSM; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=F7TmOW1X; arc=none smtp.client-ip=135.148.138.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="addqnOSM"; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="F7TmOW1X" DKIM-Signature: v=1; a=rsa-sha256; s=202510r; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1765162877; bh=exw2fblN+oBTCKLIjuHLn7L 2MsrPArZyIEbi3CO/DyA=; b=addqnOSMoxjSov4fgpqL33puiPq6+e3Sobb4BX8BeEQ4QDE40O UfZlRO1fyqBLyo4E9KF1t1N3Al0oQ+yChYzdfCaAKtx5sA6+KbWFc4TJZDS3WYAwpS76BiBaQtc KyW94lTlvU/v8Q18KUdT6Xz3LSDQIffniaLK+Sw6R2mKIx6DMK9UwoMiGmobiwZTt6D5/rXXVj0 8SEJqROAiXmy5i2hij9eNNSelPK/ESvZQNcxtcmpXe2MdDpFw1hFJtrBJXI8wfmzQEbojGI3BQW SlzCuItHBjBMvT/WYIYFZnHuVNlvMb+pdQCBdn0W5tse+X/bZyV5Wdmpb7VlawATzyw==; DKIM-Signature: v=1; a=ed25519-sha256; s=202510e; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1765162877; bh=exw2fblN+oBTCKLIjuHLn7L 2MsrPArZyIEbi3CO/DyA=; b=F7TmOW1XSksjKwwWuDgNJxsXPuCGO0H1+VSMc5qMkjT4NCo5Dl phAKYwM2/dTHzcZD09xYwlHKgy4vXCczXoAw==; From: Daniel Hodges To: bpf@vger.kernel.org Cc: ast@kernel.org, andrii@kernel.org, daniel@iogearbox.net, vadim.fedorenko@linux.dev, song@kernel.org, yatsenko@meta.com, martin.lau@linux.dev, eddyz87@gmail.com, haoluo@google.com, jolsa@kernel.org, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me, yonghong.song@linux.dev, herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Daniel Hodges Subject: [PATCH bpf-next v3 1/6] bpf: Extend bpf_crypto_type with hash operations Date: Sun, 7 Dec 2025 22:01:12 -0500 Message-ID: <20251208030117.18892-2-git@danielhodges.dev> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251208030117.18892-1-git@danielhodges.dev> References: <20251208030117.18892-1-git@danielhodges.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add hash operation callbacks to bpf_crypto_type structure: - hash(): Performs hashing operation on input data - digestsize(): Returns the output size for the hash algorithm These additions enable BPF programs to use cryptographic hash functions through the unified bpf_crypto_type interface, supporting use cases such as content verification, integrity checking, and data authentication. Signed-off-by: Daniel Hodges --- include/linux/bpf_crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/bpf_crypto.h b/include/linux/bpf_crypto.h index a41e71d4e2d9..c84371cc4e47 100644 --- a/include/linux/bpf_crypto.h +++ b/include/linux/bpf_crypto.h @@ -11,8 +11,10 @@ struct bpf_crypto_type { int (*setauthsize)(void *tfm, unsigned int authsize); int (*encrypt)(void *tfm, const u8 *src, u8 *dst, unsigned int len, u8 *i= v); int (*decrypt)(void *tfm, const u8 *src, u8 *dst, unsigned int len, u8 *i= v); + int (*hash)(void *tfm, const u8 *data, u8 *out, unsigned int len); unsigned int (*ivsize)(void *tfm); unsigned int (*statesize)(void *tfm); + unsigned int (*digestsize)(void *tfm); u32 (*get_flags)(void *tfm); struct module *owner; char name[14]; --=20 2.51.0 From nobody Tue Dec 16 07:44:47 2025 Received: from devnull.danielhodges.dev (vps-2f6e086e.vps.ovh.us [135.148.138.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 84F3D1C5D57; Mon, 8 Dec 2025 03:04:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=135.148.138.8 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765163063; cv=none; b=PU3C9FHsCfNdN85iahbeavLkHDsV+3rL0x5Ud/8cbCe/fOroGzHihUXmZw0LwO78Z3VhUw0DLk0EYkrPdUZq1q40swBACxhl9HxjFzdoClbnbZmsiFvkBJ6iPVCmY7FcJCzdBa5a0mQi74M2iv4Q+lAKo7VQV2/BIud6w2wKN3M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765163063; c=relaxed/simple; bh=n/6Ij5wpcMBoeeRl+pQHtqgU6qo0CnrWCwQwPDxpMPI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Rjq3lwTcj461RHEqh25cmV/YUx2HZKD+WosQYLNslVA0S9FIJ573CKJlIcq0k/AMhSmhl9/B+pJpRRABGrab1h3gda8NdxbeqsotJpzQBtINlklxlg19Hg9f3OpC2iM60Qt+v+7ch1C84kczVGMPl4vtbpECYBOfkdqJz6J/Yc0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev; spf=pass smtp.mailfrom=danielhodges.dev; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=W64enURy; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=KjuYF8ul; arc=none smtp.client-ip=135.148.138.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="W64enURy"; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="KjuYF8ul" DKIM-Signature: v=1; a=rsa-sha256; s=202510r; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1765162878; bh=T6p27ig63eCdRe1ACpmWrHV 14KHrG/tKLWuIaAZSrIk=; b=W64enURypkwIcJp/oBE5gqx2UVQaPrt9mf6LgWSLqG5SmtYUWV NP8wo/ZbylnGhTN4nGK5TLWEsnSH1QkGgzH90nJXZfwQ3fYY6Qhpp3URF5jXEpdXl2SsqTFudYT Bz12kxR4dM0Dvq1xYCMX11ZtHETJF2i0wy1iNIzws04s90pi9FCQEsL/iwq/N+kAK0MdmuzTuPG xX+byUIF+Q1tj79fE0dHArxQ6HnumpM9R/gsGTgL/Hnk2txsIPlYh4BBjGL2hqE4pAyBpZNLpZd sEFbWOLAgd5lMrV7oKws0NmSsldOKk9dxuYkxaz9VyY9fDueV/4nvEdI/U6DIKAF+Jg==; DKIM-Signature: v=1; a=ed25519-sha256; s=202510e; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1765162878; bh=T6p27ig63eCdRe1ACpmWrHV 14KHrG/tKLWuIaAZSrIk=; b=KjuYF8ulHMhpsh9PpsQb7QiU3kS3MoP1vCJCzqQtC7zsD/XvfJ bIRs/k+GfAhx08PvTIICyHStUJsW/rcPUOAA==; From: Daniel Hodges To: bpf@vger.kernel.org Cc: ast@kernel.org, andrii@kernel.org, daniel@iogearbox.net, vadim.fedorenko@linux.dev, song@kernel.org, yatsenko@meta.com, martin.lau@linux.dev, eddyz87@gmail.com, haoluo@google.com, jolsa@kernel.org, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me, yonghong.song@linux.dev, herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Daniel Hodges Subject: [PATCH bpf-next v3 2/6] crypto: Add BPF hash algorithm type registration module Date: Sun, 7 Dec 2025 22:01:13 -0500 Message-ID: <20251208030117.18892-3-git@danielhodges.dev> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251208030117.18892-1-git@danielhodges.dev> References: <20251208030117.18892-1-git@danielhodges.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add bpf_crypto_shash module that registers a hash type with the BPF crypto infrastructure, enabling BPF programs to access kernel hash algorithms through a unified interface. Update the bpf_crypto_type interface with hash-specific callbacks: - alloc_tfm: Allocates crypto_shash context with proper descriptor size - free_tfm: Releases hash transform and context memory - has_algo: Checks algorithm availability via crypto_has_shash() - hash: Performs single-shot hashing via crypto_shash_digest() - digestsize: Returns the output size for the hash algorithm - get_flags: Exposes transform flags to BPF programs Update bpf_shash_ctx to contain crypto_shash transform and shash_desc descriptor to accommodate algorithm-specific descriptor requirements. Signed-off-by: Daniel Hodges --- crypto/Makefile | 3 ++ crypto/bpf_crypto_shash.c | 95 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+) create mode 100644 crypto/bpf_crypto_shash.c diff --git a/crypto/Makefile b/crypto/Makefile index 16a35649dd91..853dff375906 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -30,6 +30,9 @@ obj-$(CONFIG_CRYPTO_ECHAINIV) +=3D echainiv.o crypto_hash-y +=3D ahash.o crypto_hash-y +=3D shash.o obj-$(CONFIG_CRYPTO_HASH2) +=3D crypto_hash.o +ifeq ($(CONFIG_BPF_SYSCALL),y) +obj-$(CONFIG_CRYPTO_HASH2) +=3D bpf_crypto_shash.o +endif =20 obj-$(CONFIG_CRYPTO_AKCIPHER2) +=3D akcipher.o obj-$(CONFIG_CRYPTO_SIG2) +=3D sig.o diff --git a/crypto/bpf_crypto_shash.c b/crypto/bpf_crypto_shash.c new file mode 100644 index 000000000000..95c178ec0ce8 --- /dev/null +++ b/crypto/bpf_crypto_shash.c @@ -0,0 +1,95 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ +#include +#include +#include +#include + +struct bpf_shash_ctx { + struct crypto_shash *tfm; + struct shash_desc desc; +}; + +static void *bpf_crypto_shash_alloc_tfm(const char *algo) +{ + struct bpf_shash_ctx *ctx; + struct crypto_shash *tfm; + + tfm =3D crypto_alloc_shash(algo, 0, 0); + if (IS_ERR(tfm)) + return tfm; + + ctx =3D kzalloc(sizeof(*ctx) + crypto_shash_descsize(tfm), GFP_KERNEL); + if (!ctx) { + crypto_free_shash(tfm); + return ERR_PTR(-ENOMEM); + } + + ctx->tfm =3D tfm; + ctx->desc.tfm =3D tfm; + + return ctx; +} + +static void bpf_crypto_shash_free_tfm(void *tfm) +{ + struct bpf_shash_ctx *ctx =3D tfm; + + crypto_free_shash(ctx->tfm); + kfree(ctx); +} + +static int bpf_crypto_shash_has_algo(const char *algo) +{ + return crypto_has_shash(algo, 0, 0); +} + +static int bpf_crypto_shash_hash(void *tfm, const u8 *data, u8 *out, + unsigned int len) +{ + struct bpf_shash_ctx *ctx =3D tfm; + + return crypto_shash_digest(&ctx->desc, data, len, out); +} + +static unsigned int bpf_crypto_shash_digestsize(void *tfm) +{ + struct bpf_shash_ctx *ctx =3D tfm; + + return crypto_shash_digestsize(ctx->tfm); +} + +static u32 bpf_crypto_shash_get_flags(void *tfm) +{ + struct bpf_shash_ctx *ctx =3D tfm; + + return crypto_shash_get_flags(ctx->tfm); +} + +static const struct bpf_crypto_type bpf_crypto_shash_type =3D { + .alloc_tfm =3D bpf_crypto_shash_alloc_tfm, + .free_tfm =3D bpf_crypto_shash_free_tfm, + .has_algo =3D bpf_crypto_shash_has_algo, + .hash =3D bpf_crypto_shash_hash, + .digestsize =3D bpf_crypto_shash_digestsize, + .get_flags =3D bpf_crypto_shash_get_flags, + .owner =3D THIS_MODULE, + .name =3D "hash", +}; + +static int __init bpf_crypto_shash_init(void) +{ + return bpf_crypto_register_type(&bpf_crypto_shash_type); +} + +static void __exit bpf_crypto_shash_exit(void) +{ + int err =3D bpf_crypto_unregister_type(&bpf_crypto_shash_type); + + WARN_ON_ONCE(err); +} + +module_init(bpf_crypto_shash_init); +module_exit(bpf_crypto_shash_exit); +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("Hash algorithm support for BPF"); --=20 2.51.0 From nobody Tue Dec 16 07:44:47 2025 Received: from devnull.danielhodges.dev (vps-2f6e086e.vps.ovh.us [135.148.138.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F3A6288C24; Mon, 8 Dec 2025 03:04:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=135.148.138.8 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765163049; cv=none; b=DAHl6BYhbrRiABX/aCQGn0VfHWMRR6XL93ri3Bs3+GCd1jUySdG8zN5tic/Q8QPQtzTR4i+dZOydwRzz6Oo2vAMBg8c+kmbKR6rKkccUZ/qBVejOTmX2xnk2Jq+DCiFlFnzznIDxUFqwCTdXUYppwnYCywvQguIu6JwwNReCL8E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765163049; c=relaxed/simple; bh=gQSrJ6sLZR0UgasAXOI6aGw7bjQJLmMSnSI/FV6E+24=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GWx3OMgi40G91aUjOG1cRZU64qP21BtQfxHdjzyZoM4U9bMe8hklrDmLTeIH9hJi5Cl2whOaLG2YyAOgNg1p0+j+ai9PQub8hbbH44ZB8teCTD5LI7ZySdxKrUSLaRKU91VYnMsNLM0N13UxqDfqExUamJCKRKPIcRNLi/69GhU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev; spf=pass smtp.mailfrom=danielhodges.dev; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=pEeqIsqf; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=YqfWEdp4; arc=none smtp.client-ip=135.148.138.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="pEeqIsqf"; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="YqfWEdp4" DKIM-Signature: v=1; a=rsa-sha256; s=202510r; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1765162878; bh=lhHuv3JHJ5ECsH2LZI0gvI2 /2V1KyyLs/oMt1+jySa4=; b=pEeqIsqfCJxF73WuXHU4EQCRtKb4Fqo2A7uKR8gu+pjxDfdWcf Ab9hLS3cTcYmrBnv6V9S3AbwQduskOs7bkZ2XonykUEpCuI4qdk7WLEM5tZrKvUH4ezXih/mDz0 xyM+yrE1UykswLuAL2/zxZouqSEmGcs0/+JR4BavQBjriJJztICUcwWeaRp7T5f+/8WsBKFQ/aa +2+rk6IedhhLBdRrmvtOpbyz8IHSfpMbpHR0yWt1j75OH4lu+3w5BlfguuI83muDuhWRES00BkJ 6OEYCK+UuLfsaxDO/DXCTpgIdUZo374e0a6sxsNs0zPfudsRQID9REKYJRzIKWn+m5g==; DKIM-Signature: v=1; a=ed25519-sha256; s=202510e; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1765162878; bh=lhHuv3JHJ5ECsH2LZI0gvI2 /2V1KyyLs/oMt1+jySa4=; b=YqfWEdp4f/mMP756r/IuzD489o8vUEUD7HEq9FE4bUNv7pzVQv ZXMzEaazMdiaTSOZhAv9/Y1Z+fbdjVKJ1ZAA==; From: Daniel Hodges To: bpf@vger.kernel.org Cc: ast@kernel.org, andrii@kernel.org, daniel@iogearbox.net, vadim.fedorenko@linux.dev, song@kernel.org, yatsenko@meta.com, martin.lau@linux.dev, eddyz87@gmail.com, haoluo@google.com, jolsa@kernel.org, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me, yonghong.song@linux.dev, herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Daniel Hodges Subject: [PATCH bpf-next v3 3/6] bpf: Add SHA hash kfunc for cryptographic hashing Date: Sun, 7 Dec 2025 22:01:14 -0500 Message-ID: <20251208030117.18892-4-git@danielhodges.dev> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251208030117.18892-1-git@danielhodges.dev> References: <20251208030117.18892-1-git@danielhodges.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Extend bpf_crypto_type structure with hash operations: - hash(): Performs hashing operation - digestsize(): Returns hash output size Update bpf_crypto_ctx_create() to support keyless operations: - Hash algorithms don't require keys, unlike ciphers - Only validates key presence if type->setkey is defined - Conditionally sets IV/state length for cipher operations only Add bpf_crypto_hash() kfunc that works with any hash algorithm registered in the kernel's crypto API through the BPF crypto type system. This enables BPF programs to compute cryptographic hashes for use cases such as content verification, integrity checking, and data authentication. Signed-off-by: Daniel Hodges Acked-by: Mykyta Yatsenko --- kernel/bpf/crypto.c | 76 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 68 insertions(+), 8 deletions(-) diff --git a/kernel/bpf/crypto.c b/kernel/bpf/crypto.c index 83c4d9943084..47e6a43a46d4 100644 --- a/kernel/bpf/crypto.c +++ b/kernel/bpf/crypto.c @@ -171,7 +171,12 @@ bpf_crypto_ctx_create(const struct bpf_crypto_params *= params, u32 params__sz, goto err_module_put; } =20 - if (!params->key_len || params->key_len > sizeof(params->key)) { + /* Hash operations don't require a key, but cipher operations do */ + if (params->key_len > sizeof(params->key)) { + *err =3D -EINVAL; + goto err_module_put; + } + if (!params->key_len && type->setkey) { *err =3D -EINVAL; goto err_module_put; } @@ -195,16 +200,19 @@ bpf_crypto_ctx_create(const struct bpf_crypto_params = *params, u32 params__sz, goto err_free_tfm; } =20 - *err =3D type->setkey(ctx->tfm, params->key, params->key_len); - if (*err) - goto err_free_tfm; + if (params->key_len) { + *err =3D type->setkey(ctx->tfm, params->key, params->key_len); + if (*err) + goto err_free_tfm; =20 - if (type->get_flags(ctx->tfm) & CRYPTO_TFM_NEED_KEY) { - *err =3D -EINVAL; - goto err_free_tfm; + if (type->get_flags(ctx->tfm) & CRYPTO_TFM_NEED_KEY) { + *err =3D -EINVAL; + goto err_free_tfm; + } } =20 - ctx->siv_len =3D type->ivsize(ctx->tfm) + type->statesize(ctx->tfm); + if (type->ivsize && type->statesize) + ctx->siv_len =3D type->ivsize(ctx->tfm) + type->statesize(ctx->tfm); =20 refcount_set(&ctx->usage, 1); =20 @@ -343,6 +351,54 @@ __bpf_kfunc int bpf_crypto_encrypt(struct bpf_crypto_c= tx *ctx, return bpf_crypto_crypt(ctx, src_kern, dst_kern, siv_kern, false); } =20 +#if IS_ENABLED(CONFIG_CRYPTO_HASH2) +/** + * bpf_crypto_hash() - Compute hash using configured context + * @ctx: The crypto context being used. The ctx must be a trusted pointer. + * @data: bpf_dynptr to the input data to hash. Must be a trusted pointer. + * @out: bpf_dynptr to the output buffer. Must be a trusted pointer. + * + * Computes hash of the input data using the crypto context. The output bu= ffer + * must be at least as large as the digest size of the hash algorithm. + */ +__bpf_kfunc int bpf_crypto_hash(struct bpf_crypto_ctx *ctx, + const struct bpf_dynptr *data, + const struct bpf_dynptr *out) +{ + const struct bpf_dynptr_kern *data_kern =3D (struct bpf_dynptr_kern *)dat= a; + const struct bpf_dynptr_kern *out_kern =3D (struct bpf_dynptr_kern *)out; + u64 data_len, out_len; + const u8 *data_ptr; + u8 *out_ptr; + + if (!ctx->type->hash) + return -EOPNOTSUPP; + + data_len =3D __bpf_dynptr_size(data_kern); + out_len =3D __bpf_dynptr_size(out_kern); + + if (data_len =3D=3D 0) + return -EINVAL; + + if (!ctx->type->digestsize) + return -EOPNOTSUPP; + + unsigned int digestsize =3D ctx->type->digestsize(ctx->tfm); + if (out_len < digestsize) + return -EINVAL; + + data_ptr =3D __bpf_dynptr_data(data_kern, data_len); + if (!data_ptr) + return -EINVAL; + + out_ptr =3D __bpf_dynptr_data_rw(out_kern, out_len); + if (!out_ptr) + return -EINVAL; + + return ctx->type->hash(ctx->tfm, data_ptr, out_ptr, data_len); +} +#endif /* CONFIG_CRYPTO_HASH2 */ + __bpf_kfunc_end_defs(); =20 BTF_KFUNCS_START(crypt_init_kfunc_btf_ids) @@ -359,6 +415,9 @@ static const struct btf_kfunc_id_set crypt_init_kfunc_s= et =3D { BTF_KFUNCS_START(crypt_kfunc_btf_ids) BTF_ID_FLAGS(func, bpf_crypto_decrypt, KF_RCU) BTF_ID_FLAGS(func, bpf_crypto_encrypt, KF_RCU) +#if IS_ENABLED(CONFIG_CRYPTO_HASH2) +BTF_ID_FLAGS(func, bpf_crypto_hash, KF_RCU) +#endif BTF_KFUNCS_END(crypt_kfunc_btf_ids) =20 static const struct btf_kfunc_id_set crypt_kfunc_set =3D { @@ -383,6 +442,7 @@ static int __init crypto_kfunc_init(void) ret =3D register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_CLS, &crypt_kfunc_s= et); ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_ACT, &crypt_= kfunc_set); ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_XDP, &crypt_kfunc_= set); + ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &crypt_kf= unc_set); ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &crypt_init_kfunc_set); return ret ?: register_btf_id_dtor_kfuncs(bpf_crypto_dtors, --=20 2.51.0 From nobody Tue Dec 16 07:44:47 2025 Received: from devnull.danielhodges.dev (vps-2f6e086e.vps.ovh.us [135.148.138.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 93E5D18E1F; Mon, 8 Dec 2025 03:04:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=135.148.138.8 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765163046; cv=none; b=Lexz+/EWXYAw8vCIwArvr6I6lgN+NiCnreIASkpNoLe8zgqDwI+L7aeDn77Ny0IFNrxZUajDNlowHsRayq9IeM+tpoEIRY5VnexUMk8I1ybfWXBG76mftTZGCmgqT25M+XMWjw/DGdrnU3+oRz5t0B+LFU8yBvVDiNWk/pbqzt8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765163046; c=relaxed/simple; bh=PruMky51aq1b74UjBSuijf8uUQW9/wmqSaebUUO5YRQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rwxPZ0e9wB3lmo2v6pNxBTsjVIdt0miejhGKSsRe0j7VrwdZM0IwvpGHTZyRW4yWlXDb+IVsefK7sUDYbMvXJZ3vIEEAWLRiavVuHLuQEgMWePcbT6EPX+clh8hpFLKRueQ9J4Ih0SY3tGO3MJnri0C5wtWkZ2RCGc+pMNu9nMQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev; spf=pass smtp.mailfrom=danielhodges.dev; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=GiSdBMeE; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=IOW3PX+3; arc=none smtp.client-ip=135.148.138.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="GiSdBMeE"; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="IOW3PX+3" DKIM-Signature: v=1; a=rsa-sha256; s=202510r; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1765162878; bh=Vr3um8yPZTbStrtypCcGJMg YsEZF0UFd41eY7PNjUuo=; b=GiSdBMeEQxem7XLa0k5AAUdUaXSd4Y485HPO2YvGpCbvdKFh82 lfs1DHykMYlBGaN9I+Bk2aEFBTV3kTF+WPNAbHB4oegT2D9L6dlxJGDDjrUJE1g9WF3xvuHZ1rE 7E+Ybgrw/2flOtPUiBheY4mpaegNyYr3DNLnxBrwxNbZPjpbeJPiB9ec5eiRFVAccbS4Nie0v7U A42poedere/KUD9hhL2xNq63cCXZ3M8Oj4ahG1k4OGAFvh7SEcn6wZz8y0T1airKgBMevbe+Yep H20g1NvryS8R1izx1AroTSPK0TrUTWLNDPhhJftUU1t2DoEeu1gLo6zwGqx1ravSBaw==; DKIM-Signature: v=1; a=ed25519-sha256; s=202510e; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1765162878; bh=Vr3um8yPZTbStrtypCcGJMg YsEZF0UFd41eY7PNjUuo=; b=IOW3PX+3pmGwNB5HKDuLJEQgIstFTIavb63oGqKWkEB94rw2kg dLeWWhoj+7qNtqov3fT8ixlIwa6bEFMqgQDg==; From: Daniel Hodges To: bpf@vger.kernel.org Cc: ast@kernel.org, andrii@kernel.org, daniel@iogearbox.net, vadim.fedorenko@linux.dev, song@kernel.org, yatsenko@meta.com, martin.lau@linux.dev, eddyz87@gmail.com, haoluo@google.com, jolsa@kernel.org, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me, yonghong.song@linux.dev, herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Daniel Hodges Subject: [PATCH bpf-next v3 4/6] selftests/bpf: Add tests for bpf_crypto_hash kfunc Date: Sun, 7 Dec 2025 22:01:15 -0500 Message-ID: <20251208030117.18892-5-git@danielhodges.dev> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251208030117.18892-1-git@danielhodges.dev> References: <20251208030117.18892-1-git@danielhodges.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add selftests to validate the bpf_crypto_hash works properly. The tests verify both correct functionality and proper error handling. Test Data: All tests use the well-known NIST test vector input "abc" and validate against the standardized expected outputs for each algorithm. This ensures the BPF kfunc wrappers correctly delegate to the kernel crypto library. Signed-off-by: Daniel Hodges --- tools/testing/selftests/bpf/config | 2 + .../selftests/bpf/prog_tests/crypto_hash.c | 147 ++++++++++++++++++ .../testing/selftests/bpf/progs/crypto_hash.c | 142 +++++++++++++++++ 3 files changed, 291 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/crypto_hash.c create mode 100644 tools/testing/selftests/bpf/progs/crypto_hash.c diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/b= pf/config index 558839e3c185..d168b3073cba 100644 --- a/tools/testing/selftests/bpf/config +++ b/tools/testing/selftests/bpf/config @@ -12,7 +12,9 @@ CONFIG_BPF_SYSCALL=3Dy # CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set CONFIG_CGROUP_BPF=3Dy CONFIG_CRYPTO_HMAC=3Dy +CONFIG_CRYPTO_HASH2=3Dy CONFIG_CRYPTO_SHA256=3Dy +CONFIG_CRYPTO_SHA512=3Dy CONFIG_CRYPTO_USER_API=3Dy CONFIG_CRYPTO_USER_API_HASH=3Dy CONFIG_CRYPTO_USER_API_SKCIPHER=3Dy diff --git a/tools/testing/selftests/bpf/prog_tests/crypto_hash.c b/tools/t= esting/selftests/bpf/prog_tests/crypto_hash.c new file mode 100644 index 000000000000..1d8acbd56e32 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/crypto_hash.c @@ -0,0 +1,147 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ + +#include +#include +#include "crypto_hash.skel.h" + +/* NIST test vectors for SHA-256("abc") */ +static const unsigned char expected_sha256[32] =3D { + 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, + 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, + 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, + 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad +}; + +/* NIST test vectors for SHA-384("abc") */ +static const unsigned char expected_sha384[48] =3D { + 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, + 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07, + 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, + 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed, + 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, + 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 +}; + +/* NIST test vectors for SHA-512("abc") */ +static const unsigned char expected_sha512[64] =3D { + 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, + 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, + 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, + 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, + 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, + 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, + 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, + 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f +}; + +static struct crypto_hash *setup_skel(void) +{ + struct crypto_hash *skel; + + skel =3D crypto_hash__open_and_load(); + if (!skel) { + /* Skip if kfuncs not available (CONFIG_CRYPTO_HASH2 not set) */ + if (errno =3D=3D ENOENT || errno =3D=3D EINVAL) { + test__skip(); + return NULL; + } + ASSERT_OK_PTR(skel, "crypto_hash__open_and_load"); + return NULL; + } + + return skel; +} + +static void test_sha256_basic(void) +{ + struct crypto_hash *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D setup_skel(); + if (!skel) + return; + + prog_fd =3D bpf_program__fd(skel->progs.test_sha256); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_sha256"); + ASSERT_EQ(skel->data->sha256_status, 0, "sha256_status"); + ASSERT_EQ(memcmp(skel->bss->sha256_output, expected_sha256, 32), 0, + "sha256_output_match"); + + crypto_hash__destroy(skel); +} + +static void test_sha384_basic(void) +{ + struct crypto_hash *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D setup_skel(); + if (!skel) + return; + prog_fd =3D bpf_program__fd(skel->progs.test_sha384); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_sha384"); + ASSERT_EQ(skel->data->sha384_status, 0, "sha384_status"); + ASSERT_EQ(memcmp(skel->bss->sha384_output, expected_sha384, 48), 0, + "sha384_output_match"); + + crypto_hash__destroy(skel); +} + +static void test_sha512_basic(void) +{ + struct crypto_hash *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D setup_skel(); + if (!skel) + return; + + prog_fd =3D bpf_program__fd(skel->progs.test_sha512); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_sha512"); + ASSERT_EQ(skel->data->sha512_status, 0, "sha512_status"); + ASSERT_EQ(memcmp(skel->bss->sha512_output, expected_sha512, 64), 0, + "sha512_output_match"); + + crypto_hash__destroy(skel); +} + +static void test_sha256_invalid_params(void) +{ + struct crypto_hash *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D setup_skel(); + if (!skel) + return; + + prog_fd =3D bpf_program__fd(skel->progs.test_sha256_zero_len); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_zero_len"); + ASSERT_EQ(skel->data->sha256_status, 0, "zero_len_rejected"); + + crypto_hash__destroy(skel); +} + +void test_crypto_hash(void) +{ + if (test__start_subtest("sha256_basic")) + test_sha256_basic(); + if (test__start_subtest("sha384_basic")) + test_sha384_basic(); + if (test__start_subtest("sha512_basic")) + test_sha512_basic(); + if (test__start_subtest("sha256_invalid_params")) + test_sha256_invalid_params(); +} diff --git a/tools/testing/selftests/bpf/progs/crypto_hash.c b/tools/testin= g/selftests/bpf/progs/crypto_hash.c new file mode 100644 index 000000000000..0f9174b3cbd5 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/crypto_hash.c @@ -0,0 +1,142 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ + +#include "vmlinux.h" +#include +#include "bpf_misc.h" +#include "bpf_kfuncs.h" + +unsigned char test_input[3] =3D "abc"; + +/* Expected SHA-256 hash of "abc" */ +/* ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad= */ +unsigned char expected_sha256[32] =3D { + 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, + 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, + 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, + 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad +}; + +/* Output buffers for test results */ +unsigned char sha256_output[32] =3D {}; +unsigned char sha384_output[48] =3D {}; +unsigned char sha512_output[64] =3D {}; + +int sha256_status =3D -1; +int sha384_status =3D -1; +int sha512_status =3D -1; + +/* Declare the crypto kfuncs */ +extern struct bpf_crypto_ctx *bpf_crypto_ctx_create(const struct bpf_crypt= o_params *params, + u32 params__sz, int *err) __ksym; +extern void bpf_crypto_ctx_release(struct bpf_crypto_ctx *ctx) __ksym; +extern int bpf_crypto_hash(struct bpf_crypto_ctx *ctx, const struct bpf_dy= nptr *data, + const struct bpf_dynptr *out) __ksym; + +SEC("syscall") +int test_sha256(void *ctx) +{ + struct bpf_dynptr input_ptr, output_ptr; + struct bpf_crypto_ctx *hash_ctx; + struct bpf_crypto_params params =3D { + .type =3D "hash", + .algo =3D "sha256", + .key_len =3D 0, + }; + int err =3D 0; + + hash_ctx =3D bpf_crypto_ctx_create(¶ms, sizeof(params), &err); + if (!hash_ctx) { + sha256_status =3D err; + return 0; + } + + bpf_dynptr_from_mem(test_input, sizeof(test_input), 0, &input_ptr); + bpf_dynptr_from_mem(sha256_output, sizeof(sha256_output), 0, &output_ptr); + + sha256_status =3D bpf_crypto_hash(hash_ctx, &input_ptr, &output_ptr); + bpf_crypto_ctx_release(hash_ctx); + return 0; +} + +SEC("syscall") +int test_sha384(void *ctx) +{ + struct bpf_dynptr input_ptr, output_ptr; + struct bpf_crypto_ctx *hash_ctx; + struct bpf_crypto_params params =3D { + .type =3D "hash", + .algo =3D "sha384", + .key_len =3D 0, + }; + int err =3D 0; + + hash_ctx =3D bpf_crypto_ctx_create(¶ms, sizeof(params), &err); + if (!hash_ctx) { + sha384_status =3D err; + return 0; + } + + bpf_dynptr_from_mem(test_input, sizeof(test_input), 0, &input_ptr); + bpf_dynptr_from_mem(sha384_output, sizeof(sha384_output), 0, &output_ptr); + + sha384_status =3D bpf_crypto_hash(hash_ctx, &input_ptr, &output_ptr); + bpf_crypto_ctx_release(hash_ctx); + return 0; +} + +SEC("syscall") +int test_sha512(void *ctx) +{ + struct bpf_dynptr input_ptr, output_ptr; + struct bpf_crypto_ctx *hash_ctx; + struct bpf_crypto_params params =3D { + .type =3D "hash", + .algo =3D "sha512", + .key_len =3D 0, + }; + int err =3D 0; + + hash_ctx =3D bpf_crypto_ctx_create(¶ms, sizeof(params), &err); + if (!hash_ctx) { + sha512_status =3D err; + return 0; + } + + bpf_dynptr_from_mem(test_input, sizeof(test_input), 0, &input_ptr); + bpf_dynptr_from_mem(sha512_output, sizeof(sha512_output), 0, &output_ptr); + + sha512_status =3D bpf_crypto_hash(hash_ctx, &input_ptr, &output_ptr); + bpf_crypto_ctx_release(hash_ctx); + return 0; +} + +SEC("syscall") +int test_sha256_zero_len(void *ctx) +{ + struct bpf_dynptr input_ptr, output_ptr; + struct bpf_crypto_ctx *hash_ctx; + struct bpf_crypto_params params =3D { + .type =3D "hash", + .algo =3D "sha256", + .key_len =3D 0, + }; + int err =3D 0; + int ret; + + hash_ctx =3D bpf_crypto_ctx_create(¶ms, sizeof(params), &err); + if (!hash_ctx) { + sha256_status =3D err; + return 0; + } + + bpf_dynptr_from_mem(test_input, 0, 0, &input_ptr); + bpf_dynptr_from_mem(sha256_output, sizeof(sha256_output), 0, &output_ptr); + + ret =3D bpf_crypto_hash(hash_ctx, &input_ptr, &output_ptr); + sha256_status =3D (ret =3D=3D -22) ? 0 : ret; + bpf_crypto_ctx_release(hash_ctx); + return 0; +} + +char __license[] SEC("license") =3D "GPL"; --=20 2.51.0 From nobody Tue Dec 16 07:44:47 2025 Received: from devnull.danielhodges.dev (vps-2f6e086e.vps.ovh.us [135.148.138.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 60C0F2E718F; Mon, 8 Dec 2025 03:04:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=135.148.138.8 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765163051; cv=none; b=MAgC9vDiYpDgi2dAPxBiS1rxZ9m8SxlgsQoesMYjKanowiJzasfndNFa0kXg6DVo1kqgxIIUYgvIEqJL+UPXasxURBc7tfsdGrcNpQIKZaJHTNnCiqOqLaoa5opRP1uyyZywMwS8QGpuWcks6oaJ41JY6b29W7gQqsR2YtTmEek= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765163051; c=relaxed/simple; bh=1Wdws3rSUg0cgncQNyaYBymwVayZ8eyd4lqJC50mDXw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uibjgVQ8EyDM9y9h9vfUO7SALq7wVhwux+Nc9aYoF1/7ISUdcvQt2+C1SNTCCnosEOSu/5Qd9bbDdoGZQuhJL2NsJU4El6ElRM0HtGliDMpt78PKtGRLaY7LyPqEIFGinrBnTPpWgm30PmVyhdOPFC3NU+8vlQf92n3+cjTrDOA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev; spf=pass smtp.mailfrom=danielhodges.dev; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=EkoG0xG0; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=8oaGoBfE; arc=none smtp.client-ip=135.148.138.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="EkoG0xG0"; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="8oaGoBfE" DKIM-Signature: v=1; a=rsa-sha256; s=202510r; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1765162878; bh=zOp4T9zCz3QlaABPvs8kAp+ zpb43ZQBrNe9fNd6xE+s=; b=EkoG0xG0Foi4+Ss5+PJ7EtnyjXIa5YjplziY39I54iZQJ3tDeq UdE4ashl5htiRljttH/lrfaTj1AmF6jdObcXZvY6zOg2wC9TuSV3gB/3j2ZK0FL+6KShIEKJV+u ywJy+YQiYFJCAWw5gS9Rm1vlkQCLn8yYeGjYnnW323sW4wYrGls7oDQiZyXN736jHGu5uurlXPC eaF5ODtgikO5/k3N1NWZ0kOtTnRN1ImI+ouTDPuYVztZI8gX/iorw8dRe6WjM7bw72eJFDp6TwR n6G4eo6E2wFZ7jf/NeltwyArePduxaK6wr7KweaFzjEwytn1jShbpy1IptxAWmAsKkQ==; DKIM-Signature: v=1; a=ed25519-sha256; s=202510e; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1765162878; bh=zOp4T9zCz3QlaABPvs8kAp+ zpb43ZQBrNe9fNd6xE+s=; b=8oaGoBfEylU0QuXgS6OsrBoh31rymjUTRcikkfKBGPpR587yE8 ONbGMD6jENv5sK69He7nXcZsD43OWmrJnsAQ==; From: Daniel Hodges To: bpf@vger.kernel.org Cc: ast@kernel.org, andrii@kernel.org, daniel@iogearbox.net, vadim.fedorenko@linux.dev, song@kernel.org, yatsenko@meta.com, martin.lau@linux.dev, eddyz87@gmail.com, haoluo@google.com, jolsa@kernel.org, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me, yonghong.song@linux.dev, herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Daniel Hodges Subject: [PATCH bpf-next v3 5/6] bpf: Add ECDSA signature verification kfuncs Date: Sun, 7 Dec 2025 22:01:16 -0500 Message-ID: <20251208030117.18892-6-git@danielhodges.dev> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251208030117.18892-1-git@danielhodges.dev> References: <20251208030117.18892-1-git@danielhodges.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add context-based ECDSA signature verification kfuncs: - bpf_ecdsa_ctx_create(): Creates reusable ECDSA context with public key - bpf_ecdsa_verify(): Verifies signatures using the context - bpf_ecdsa_ctx_acquire(): Increments context reference count - bpf_ecdsa_ctx_release(): Releases context with RCU safety The ECDSA implementation supports NIST curves (P-256, P-384, P-521) and uses the kernel's crypto_sig API. Public keys must be in uncompressed format (0x04 || x || y), and signatures are in r || s format. Signed-off-by: Daniel Hodges --- kernel/bpf/crypto.c | 230 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 230 insertions(+) diff --git a/kernel/bpf/crypto.c b/kernel/bpf/crypto.c index 47e6a43a46d4..138abe58e87e 100644 --- a/kernel/bpf/crypto.c +++ b/kernel/bpf/crypto.c @@ -9,6 +9,7 @@ #include #include #include +#include =20 struct bpf_crypto_type_list { const struct bpf_crypto_type *type; @@ -57,6 +58,21 @@ struct bpf_crypto_ctx { refcount_t usage; }; =20 +#if IS_ENABLED(CONFIG_CRYPTO_ECDSA) +/** + * struct bpf_ecdsa_ctx - refcounted BPF ECDSA context structure + * @tfm: The crypto_sig transform for ECDSA operations + * @rcu: The RCU head used to free the context with RCU safety + * @usage: Object reference counter. When the refcount goes to 0, the + * memory is released with RCU safety. + */ +struct bpf_ecdsa_ctx { + struct crypto_sig *tfm; + struct rcu_head rcu; + refcount_t usage; +}; +#endif + int bpf_crypto_register_type(const struct bpf_crypto_type *type) { struct bpf_crypto_type_list *node; @@ -399,12 +415,206 @@ __bpf_kfunc int bpf_crypto_hash(struct bpf_crypto_ct= x *ctx, } #endif /* CONFIG_CRYPTO_HASH2 */ =20 +#if IS_ENABLED(CONFIG_CRYPTO_ECDSA) +/** + * bpf_ecdsa_ctx_create() - Create a BPF ECDSA verification context + * @algo_name: bpf_dynptr to the algorithm name (e.g., "p1363(ecdsa-nist-p= 256)") + * @public_key: bpf_dynptr to the public key in uncompressed format (0x04 = || x || y) + * Must be 65 bytes for P-256, 97 for P-384, 133 for P-521 + * @err: Pointer to store error code on failure + * + * Creates an ECDSA verification context that can be reused for multiple + * signature verifications. This function uses GFP_KERNEL allocation and + * can only be called from sleepable BPF programs. Uses bpf_dynptr to ensu= re + * safe memory access without risk of page faults. + */ +__bpf_kfunc struct bpf_ecdsa_ctx * +bpf_ecdsa_ctx_create(const struct bpf_dynptr *algo_name, + const struct bpf_dynptr *public_key, int *err) +{ + const struct bpf_dynptr_kern *algo_kern =3D (struct bpf_dynptr_kern *)alg= o_name; + const struct bpf_dynptr_kern *key_kern =3D (struct bpf_dynptr_kern *)publ= ic_key; + struct bpf_ecdsa_ctx *ctx; + const char *algo_ptr; + const u8 *key_ptr; + u32 algo_len, key_len; + char algo[64]; + int ret; + + if (!err) + return NULL; + + algo_len =3D __bpf_dynptr_size(algo_kern); + key_len =3D __bpf_dynptr_size(key_kern); + + if (algo_len =3D=3D 0 || algo_len >=3D sizeof(algo)) { + *err =3D -EINVAL; + return NULL; + } + + if (key_len < 65) { + *err =3D -EINVAL; + return NULL; + } + + algo_ptr =3D __bpf_dynptr_data(algo_kern, algo_len); + if (!algo_ptr) { + *err =3D -EINVAL; + return NULL; + } + + key_ptr =3D __bpf_dynptr_data(key_kern, key_len); + if (!key_ptr) { + *err =3D -EINVAL; + return NULL; + } + + if (key_ptr[0] !=3D 0x04) { + *err =3D -EINVAL; + return NULL; + } + + memcpy(algo, algo_ptr, algo_len); + algo[algo_len] =3D '\0'; + + ctx =3D kzalloc(sizeof(*ctx), GFP_KERNEL); + if (!ctx) { + *err =3D -ENOMEM; + return NULL; + } + + ctx->tfm =3D crypto_alloc_sig(algo, 0, 0); + if (IS_ERR(ctx->tfm)) { + *err =3D PTR_ERR(ctx->tfm); + kfree(ctx); + return NULL; + } + + ret =3D crypto_sig_set_pubkey(ctx->tfm, key_ptr, key_len); + if (ret) { + *err =3D ret; + crypto_free_sig(ctx->tfm); + kfree(ctx); + return NULL; + } + + refcount_set(&ctx->usage, 1); + *err =3D 0; + return ctx; +} + +/** + * bpf_ecdsa_verify() - Verify ECDSA signature using pre-allocated context + * @ctx: ECDSA context created by bpf_ecdsa_ctx_create() + * @message: bpf_dynptr to the message hash to verify. Must be a trusted p= ointer. + * @signature: bpf_dynptr to the ECDSA signature in r || s format. Must be= a trusted pointer. + * Must be 64 bytes for P-256, 96 for P-384, 132 for P-521 + * + * Verifies an ECDSA signature using a pre-allocated context. This function + * does not allocate memory and can be used in non-sleepable BPF programs. + * Uses bpf_dynptr to ensure safe memory access without risk of page fault= s. + */ +__bpf_kfunc int bpf_ecdsa_verify(struct bpf_ecdsa_ctx *ctx, + const struct bpf_dynptr *message, + const struct bpf_dynptr *signature) +{ + const struct bpf_dynptr_kern *msg_kern =3D (struct bpf_dynptr_kern *)mess= age; + const struct bpf_dynptr_kern *sig_kern =3D (struct bpf_dynptr_kern *)sign= ature; + const u8 *msg_ptr, *sig_ptr; + u32 msg_len, sig_len; + + if (!ctx) + return -EINVAL; + + msg_len =3D __bpf_dynptr_size(msg_kern); + sig_len =3D __bpf_dynptr_size(sig_kern); + + if (msg_len =3D=3D 0 || sig_len =3D=3D 0) + return -EINVAL; + + msg_ptr =3D __bpf_dynptr_data(msg_kern, msg_len); + if (!msg_ptr) + return -EINVAL; + + sig_ptr =3D __bpf_dynptr_data(sig_kern, sig_len); + if (!sig_ptr) + return -EINVAL; + + return crypto_sig_verify(ctx->tfm, sig_ptr, sig_len, msg_ptr, msg_len); +} + +__bpf_kfunc struct bpf_ecdsa_ctx * +bpf_ecdsa_ctx_acquire(struct bpf_ecdsa_ctx *ctx) +{ + if (!refcount_inc_not_zero(&ctx->usage)) + return NULL; + return ctx; +} + +static void ecdsa_free_cb(struct rcu_head *head) +{ + struct bpf_ecdsa_ctx *ctx =3D container_of(head, struct bpf_ecdsa_ctx, rc= u); + + crypto_free_sig(ctx->tfm); + kfree(ctx); +} + +__bpf_kfunc void bpf_ecdsa_ctx_release(struct bpf_ecdsa_ctx *ctx) +{ + if (refcount_dec_and_test(&ctx->usage)) + call_rcu(&ctx->rcu, ecdsa_free_cb); +} + +/** + * bpf_ecdsa_keysize() - Get the key size for ECDSA context + * @ctx: ECDSA context + * + * Returns: Key size in bits, or negative error code on failure + */ +__bpf_kfunc int bpf_ecdsa_keysize(struct bpf_ecdsa_ctx *ctx) +{ + if (!ctx) + return -EINVAL; + + return crypto_sig_keysize(ctx->tfm); +} + +/** + * bpf_ecdsa_digestsize() - Get the maximum digest size for ECDSA context + * @ctx: ECDSA context + */ +__bpf_kfunc int bpf_ecdsa_digestsize(struct bpf_ecdsa_ctx *ctx) +{ + if (!ctx) + return -EINVAL; + + return crypto_sig_digestsize(ctx->tfm); +} + +/** + * bpf_ecdsa_maxsize() - Get the maximum signature size for ECDSA context + * @ctx: ECDSA context + */ +__bpf_kfunc int bpf_ecdsa_maxsize(struct bpf_ecdsa_ctx *ctx) +{ + if (!ctx) + return -EINVAL; + + return crypto_sig_maxsize(ctx->tfm); +} +#endif /* CONFIG_CRYPTO_ECDSA */ + __bpf_kfunc_end_defs(); =20 BTF_KFUNCS_START(crypt_init_kfunc_btf_ids) BTF_ID_FLAGS(func, bpf_crypto_ctx_create, KF_ACQUIRE | KF_RET_NULL | KF_SL= EEPABLE) BTF_ID_FLAGS(func, bpf_crypto_ctx_release, KF_RELEASE) BTF_ID_FLAGS(func, bpf_crypto_ctx_acquire, KF_ACQUIRE | KF_RCU | KF_RET_NU= LL) +#if IS_ENABLED(CONFIG_CRYPTO_ECDSA) +BTF_ID_FLAGS(func, bpf_ecdsa_ctx_create, KF_ACQUIRE | KF_RET_NULL | KF_SLE= EPABLE) +BTF_ID_FLAGS(func, bpf_ecdsa_ctx_release, KF_RELEASE) +BTF_ID_FLAGS(func, bpf_ecdsa_ctx_acquire, KF_ACQUIRE | KF_RCU | KF_RET_NUL= L) +#endif BTF_KFUNCS_END(crypt_init_kfunc_btf_ids) =20 static const struct btf_kfunc_id_set crypt_init_kfunc_set =3D { @@ -418,6 +628,12 @@ BTF_ID_FLAGS(func, bpf_crypto_encrypt, KF_RCU) #if IS_ENABLED(CONFIG_CRYPTO_HASH2) BTF_ID_FLAGS(func, bpf_crypto_hash, KF_RCU) #endif +#if IS_ENABLED(CONFIG_CRYPTO_ECDSA) +BTF_ID_FLAGS(func, bpf_ecdsa_verify, 0) +BTF_ID_FLAGS(func, bpf_ecdsa_keysize, 0) +BTF_ID_FLAGS(func, bpf_ecdsa_digestsize, 0) +BTF_ID_FLAGS(func, bpf_ecdsa_maxsize, 0) +#endif BTF_KFUNCS_END(crypt_kfunc_btf_ids) =20 static const struct btf_kfunc_id_set crypt_kfunc_set =3D { @@ -428,6 +644,10 @@ static const struct btf_kfunc_id_set crypt_kfunc_set = =3D { BTF_ID_LIST(bpf_crypto_dtor_ids) BTF_ID(struct, bpf_crypto_ctx) BTF_ID(func, bpf_crypto_ctx_release) +#if IS_ENABLED(CONFIG_CRYPTO_ECDSA) +BTF_ID(struct, bpf_ecdsa_ctx) +BTF_ID(func, bpf_ecdsa_ctx_release) +#endif =20 static int __init crypto_kfunc_init(void) { @@ -437,6 +657,12 @@ static int __init crypto_kfunc_init(void) .btf_id =3D bpf_crypto_dtor_ids[0], .kfunc_btf_id =3D bpf_crypto_dtor_ids[1] }, +#if IS_ENABLED(CONFIG_CRYPTO_ECDSA) + { + .btf_id =3D bpf_crypto_dtor_ids[2], + .kfunc_btf_id =3D bpf_crypto_dtor_ids[3] + }, +#endif }; =20 ret =3D register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_CLS, &crypt_kfunc_s= et); @@ -445,6 +671,10 @@ static int __init crypto_kfunc_init(void) ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &crypt_kf= unc_set); ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &crypt_init_kfunc_set); + ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_CLS, + &crypt_init_kfunc_set); + ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_XDP, + &crypt_init_kfunc_set); return ret ?: register_btf_id_dtor_kfuncs(bpf_crypto_dtors, ARRAY_SIZE(bpf_crypto_dtors), THIS_MODULE); --=20 2.51.0 From nobody Tue Dec 16 07:44:47 2025 Received: from devnull.danielhodges.dev (vps-2f6e086e.vps.ovh.us [135.148.138.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B0B88168BD; Mon, 8 Dec 2025 03:04:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=135.148.138.8 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765163047; cv=none; b=kvdKtP7YU+O82wHIl7NI1U76KE96Z/ZDUJNw0ZxI73W14EdwiWM/C8wpsEagycif08k/0dEgGqxYCtt6KOEOLcTVaaQ1JNxc/nrFpjfyhO3AFC9OdPF4b9Z0k7NclGZ63omLtifpjsDQuJaj/yiybHSa7WRvvs67dD+ur1nzsPU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765163047; c=relaxed/simple; bh=l/0TpHk1H6P6VyJGny365/cUvUSc72h/vGE/0DLKC94=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uMz/qTOPbOWttmQ9CBQi7UBlxMQySkFCijQXDLgxB/F6k1hyWHzl2M2EwELfAvU0jbVKAs6xmFbb8BYR3rM215W6yXx13DC+PIDZ2EE7Jo78RLS8uk+L5zASutDFDNYnQZRb0kXAnC2aFUXdvIHOGuyjbhVL1v3oCbdmCNztS2s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev; spf=pass smtp.mailfrom=danielhodges.dev; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=JSi/BOZx; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=WNw+eHC9; arc=none smtp.client-ip=135.148.138.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="JSi/BOZx"; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="WNw+eHC9" DKIM-Signature: v=1; a=rsa-sha256; s=202510r; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1765162879; bh=/Adf8jxcFr7hW0Dm22zon8E cslcLIH6NLfbXL5N6zrs=; b=JSi/BOZxNJBq4EatxjAWODTEhx+qRZtysHgFECi5m1M4YUJ5Ao 2qNECDZX8GdXxzFzS5q1FWqGnuQB5ljAe9+WuEhbVxM8TYOuhdtQte2J6EaRri66iDeRIohcWR3 dMhWX+NtvMceCrgLYaYKfI97JHcVTGVtHS+GtdW4VKyY8S+rfndMeneRb5DtpLlsoP0bp3uVcha x9nwxel96W15jUA9bD+B2lmyZa5Rn+Z1n7DjAyEZ/Rxe6hzjGMqNmaCzbBhClrNPuui461u/trQ s4gIidGFKJdiZtD9UaAKHwt2DX5rQeGgvxAdq3SgkYPkz0AtR/4cH4KAL47v4JL7YUg==; DKIM-Signature: v=1; a=ed25519-sha256; s=202510e; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1765162879; bh=/Adf8jxcFr7hW0Dm22zon8E cslcLIH6NLfbXL5N6zrs=; b=WNw+eHC9dSOunuRoGKcQMYJZHRbPT1Ujvb1gLNxh5wXzm9IjT4 qQubJ+6smPDMtGVTNp1hk8vyY7psmhi7YRAw==; From: Daniel Hodges To: bpf@vger.kernel.org Cc: ast@kernel.org, andrii@kernel.org, daniel@iogearbox.net, vadim.fedorenko@linux.dev, song@kernel.org, yatsenko@meta.com, martin.lau@linux.dev, eddyz87@gmail.com, haoluo@google.com, jolsa@kernel.org, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me, yonghong.song@linux.dev, herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Daniel Hodges Subject: [PATCH bpf-next v3 6/6] selftests/bpf: Add tests for ECDSA signature verification kfuncs Date: Sun, 7 Dec 2025 22:01:17 -0500 Message-ID: <20251208030117.18892-7-git@danielhodges.dev> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251208030117.18892-1-git@danielhodges.dev> References: <20251208030117.18892-1-git@danielhodges.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add selftests to validate the ECDSA signature verification kfuncs introduced in the BPF crypto subsystem. The tests verify both valid signature acceptance and invalid signature rejection using the context-based ECDSA API. The tests use RFC 6979 test vectors for NIST P-256 (secp256r1) with well-known valid signatures. The algorithm "p1363(ecdsa-nist-p256)" is used to handle standard r||s signature format. Signed-off-by: Daniel Hodges --- tools/testing/selftests/bpf/config | 1 + .../selftests/bpf/prog_tests/ecdsa_verify.c | 75 ++++++++ .../selftests/bpf/progs/ecdsa_verify.c | 160 ++++++++++++++++++ 3 files changed, 236 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/ecdsa_verify.c create mode 100644 tools/testing/selftests/bpf/progs/ecdsa_verify.c diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/b= pf/config index d168b3073cba..c99811d3f61f 100644 --- a/tools/testing/selftests/bpf/config +++ b/tools/testing/selftests/bpf/config @@ -15,6 +15,7 @@ CONFIG_CRYPTO_HMAC=3Dy CONFIG_CRYPTO_HASH2=3Dy CONFIG_CRYPTO_SHA256=3Dy CONFIG_CRYPTO_SHA512=3Dy +CONFIG_CRYPTO_ECDSA=3Dy CONFIG_CRYPTO_USER_API=3Dy CONFIG_CRYPTO_USER_API_HASH=3Dy CONFIG_CRYPTO_USER_API_SKCIPHER=3Dy diff --git a/tools/testing/selftests/bpf/prog_tests/ecdsa_verify.c b/tools/= testing/selftests/bpf/prog_tests/ecdsa_verify.c new file mode 100644 index 000000000000..4e88b3eeb3eb --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/ecdsa_verify.c @@ -0,0 +1,75 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ + +#include +#include "ecdsa_verify.skel.h" + +static void test_ecdsa_verify_valid_signature(void) +{ + struct ecdsa_verify *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D ecdsa_verify__open_and_load(); + if (!ASSERT_OK_PTR(skel, "ecdsa_verify__open_and_load")) + return; + + prog_fd =3D bpf_program__fd(skel->progs.test_ecdsa_verify_valid); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_ecdsa_verify_valid"); + ASSERT_EQ(skel->data->ctx_create_status, 0, "ctx_create_status"); + ASSERT_EQ(skel->data->verify_result, 0, "verify_valid_signature"); + + ecdsa_verify__destroy(skel); +} + +static void test_ecdsa_verify_invalid_signature(void) +{ + struct ecdsa_verify *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D ecdsa_verify__open_and_load(); + if (!ASSERT_OK_PTR(skel, "ecdsa_verify__open_and_load")) + return; + + prog_fd =3D bpf_program__fd(skel->progs.test_ecdsa_verify_invalid); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_ecdsa_verify_invalid"); + ASSERT_NEQ(skel->data->verify_invalid_result, 0, "verify_invalid_signatur= e_rejected"); + + ecdsa_verify__destroy(skel); +} + +static void test_ecdsa_size_queries(void) +{ + struct ecdsa_verify *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D ecdsa_verify__open_and_load(); + if (!ASSERT_OK_PTR(skel, "ecdsa_verify__open_and_load")) + return; + + prog_fd =3D bpf_program__fd(skel->progs.test_ecdsa_size_queries); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_ecdsa_size_queries"); + ASSERT_EQ(skel->data->keysize_result, 256, "keysize_p256"); + ASSERT_EQ(skel->data->digestsize_result, 64, "digestsize_p256"); + ASSERT_EQ(skel->data->maxsize_result, 64, "maxsize_p256"); + + ecdsa_verify__destroy(skel); +} + +void test_ecdsa_verify(void) +{ + if (test__start_subtest("verify_valid_signature")) + test_ecdsa_verify_valid_signature(); + if (test__start_subtest("verify_invalid_signature")) + test_ecdsa_verify_invalid_signature(); + if (test__start_subtest("size_queries")) + test_ecdsa_size_queries(); +} diff --git a/tools/testing/selftests/bpf/progs/ecdsa_verify.c b/tools/testi= ng/selftests/bpf/progs/ecdsa_verify.c new file mode 100644 index 000000000000..e2a94ff80774 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/ecdsa_verify.c @@ -0,0 +1,160 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ + +#include "vmlinux.h" +#include +#include "bpf_misc.h" + +struct bpf_ecdsa_ctx; +extern struct bpf_ecdsa_ctx * +bpf_ecdsa_ctx_create(const struct bpf_dynptr *algo_name, + const struct bpf_dynptr *public_key, int *err) __ksym; +extern int bpf_ecdsa_verify(struct bpf_ecdsa_ctx *ctx, + const struct bpf_dynptr *message, + const struct bpf_dynptr *signature) __ksym; +extern int bpf_ecdsa_keysize(struct bpf_ecdsa_ctx *ctx) __ksym; +extern int bpf_ecdsa_digestsize(struct bpf_ecdsa_ctx *ctx) __ksym; +extern int bpf_ecdsa_maxsize(struct bpf_ecdsa_ctx *ctx) __ksym; +extern void bpf_ecdsa_ctx_release(struct bpf_ecdsa_ctx *ctx) __ksym; + +/* NIST P-256 test vector + * This is a known valid ECDSA signature for testing purposes + */ + +/* Algorithm name for P-256 with p1363 format (standard r||s signature) */ +char algo_p256[] =3D "p1363(ecdsa-nist-p256)"; + +/* Public key in uncompressed format: 0x04 || x || y (65 bytes) */ +unsigned char pubkey_p256[65] =3D { + 0x04, /* Uncompressed point indicator */ + /* X coordinate (32 bytes) */ + 0x60, 0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d, 0x31, + 0xc9, 0x61, 0xeb, 0x74, 0xc6, 0x35, 0x6d, 0x68, + 0xc0, 0x49, 0xb8, 0x92, 0x3b, 0x61, 0xfa, 0x6c, + 0xe6, 0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f, 0xb6, + /* Y coordinate (32 bytes) */ + 0x79, 0x03, 0xfe, 0x10, 0x08, 0xb8, 0xbc, 0x99, + 0xa4, 0x1a, 0xe9, 0xe9, 0x56, 0x28, 0xbc, 0x64, + 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, + 0x77, 0xa3, 0xc2, 0x94, 0xd4, 0x46, 0x22, 0x99 +}; + +/* Message hash (32 bytes) - SHA-256 of "sample" */ +unsigned char message_hash[32] =3D { + 0xaf, 0x2b, 0xdb, 0xe1, 0xaa, 0x9b, 0x6e, 0xc1, + 0xe2, 0xad, 0xe1, 0xd6, 0x94, 0xf4, 0x1f, 0xc7, + 0x1a, 0x83, 0x1d, 0x02, 0x68, 0xe9, 0x89, 0x15, + 0x62, 0x11, 0x3d, 0x8a, 0x62, 0xad, 0xd1, 0xbf +}; + +/* Valid signature r || s (64 bytes) */ +unsigned char valid_signature[64] =3D { + /* r component (32 bytes) */ + 0xef, 0xd4, 0x8b, 0x2a, 0xac, 0xb6, 0xa8, 0xfd, + 0x11, 0x40, 0xdd, 0x9c, 0xd4, 0x5e, 0x81, 0xd6, + 0x9d, 0x2c, 0x87, 0x7b, 0x56, 0xaa, 0xf9, 0x91, + 0xc3, 0x4d, 0x0e, 0xa8, 0x4e, 0xaf, 0x37, 0x16, + /* s component (32 bytes) */ + 0xf7, 0xcb, 0x1c, 0x94, 0x2d, 0x65, 0x7c, 0x41, + 0xd4, 0x36, 0xc7, 0xa1, 0xb6, 0xe2, 0x9f, 0x65, + 0xf3, 0xe9, 0x00, 0xdb, 0xb9, 0xaf, 0xf4, 0x06, + 0x4d, 0xc4, 0xab, 0x2f, 0x84, 0x3a, 0xcd, 0xa8 +}; + +/* Invalid signature (modified r component) for negative test */ +unsigned char invalid_signature[64] =3D { + /* r component (32 bytes) - first byte modified */ + 0xff, 0xd4, 0x8b, 0x2a, 0xac, 0xb6, 0xa8, 0xfd, + 0x11, 0x40, 0xdd, 0x9c, 0xd4, 0x5e, 0x81, 0xd6, + 0x9d, 0x2c, 0x87, 0x7b, 0x56, 0xaa, 0xf9, 0x91, + 0xc3, 0x4d, 0x0e, 0xa8, 0x4e, 0xaf, 0x37, 0x16, + /* s component (32 bytes) */ + 0xf7, 0xcb, 0x1c, 0x94, 0x2d, 0x65, 0x7c, 0x41, + 0xd4, 0x36, 0xc7, 0xa1, 0xb6, 0xe2, 0x9f, 0x65, + 0xf3, 0xe9, 0x00, 0xdb, 0xb9, 0xaf, 0xf4, 0x06, + 0x4d, 0xc4, 0xab, 0x2f, 0x84, 0x3a, 0xcd, 0xa8 +}; + +/* Test results */ +int verify_result =3D -1; +int verify_invalid_result =3D -1; +int ctx_create_status =3D -1; +int keysize_result =3D -1; +int digestsize_result =3D -1; +int maxsize_result =3D -1; + +SEC("syscall") +int test_ecdsa_verify_valid(void *ctx) +{ + struct bpf_ecdsa_ctx *ecdsa_ctx; + struct bpf_dynptr algo_ptr, key_ptr, msg_ptr, sig_ptr; + int err =3D 0; + + bpf_dynptr_from_mem(algo_p256, sizeof(algo_p256) - 1, 0, &algo_ptr); + bpf_dynptr_from_mem(pubkey_p256, sizeof(pubkey_p256), 0, &key_ptr); + + ecdsa_ctx =3D bpf_ecdsa_ctx_create(&algo_ptr, &key_ptr, &err); + if (!ecdsa_ctx) { + ctx_create_status =3D err; + return 0; + } + ctx_create_status =3D 0; + + bpf_dynptr_from_mem(message_hash, sizeof(message_hash), 0, &msg_ptr); + bpf_dynptr_from_mem(valid_signature, sizeof(valid_signature), 0, &sig_ptr= ); + + verify_result =3D bpf_ecdsa_verify(ecdsa_ctx, &msg_ptr, &sig_ptr); + + bpf_ecdsa_ctx_release(ecdsa_ctx); + + return 0; +} + +SEC("syscall") +int test_ecdsa_verify_invalid(void *ctx) +{ + struct bpf_ecdsa_ctx *ecdsa_ctx; + struct bpf_dynptr algo_ptr, key_ptr, msg_ptr, sig_ptr; + int err =3D 0; + + bpf_dynptr_from_mem(algo_p256, sizeof(algo_p256) - 1, 0, &algo_ptr); + bpf_dynptr_from_mem(pubkey_p256, sizeof(pubkey_p256), 0, &key_ptr); + + ecdsa_ctx =3D bpf_ecdsa_ctx_create(&algo_ptr, &key_ptr, &err); + if (!ecdsa_ctx) + return 0; + + bpf_dynptr_from_mem(message_hash, sizeof(message_hash), 0, &msg_ptr); + bpf_dynptr_from_mem(invalid_signature, sizeof(invalid_signature), 0, &sig= _ptr); + + verify_invalid_result =3D bpf_ecdsa_verify(ecdsa_ctx, &msg_ptr, &sig_ptr); + + bpf_ecdsa_ctx_release(ecdsa_ctx); + + return 0; +} + +SEC("syscall") +int test_ecdsa_size_queries(void *ctx) +{ + struct bpf_ecdsa_ctx *ecdsa_ctx; + struct bpf_dynptr algo_ptr, key_ptr; + int err =3D 0; + + bpf_dynptr_from_mem(algo_p256, sizeof(algo_p256) - 1, 0, &algo_ptr); + bpf_dynptr_from_mem(pubkey_p256, sizeof(pubkey_p256), 0, &key_ptr); + + ecdsa_ctx =3D bpf_ecdsa_ctx_create(&algo_ptr, &key_ptr, &err); + if (!ecdsa_ctx) + return 0; + + keysize_result =3D bpf_ecdsa_keysize(ecdsa_ctx); + digestsize_result =3D bpf_ecdsa_digestsize(ecdsa_ctx); + maxsize_result =3D bpf_ecdsa_maxsize(ecdsa_ctx); + + bpf_ecdsa_ctx_release(ecdsa_ctx); + + return 0; +} + +char __license[] SEC("license") =3D "GPL"; --=20 2.51.0