From nobody Sat Feb 7 08:43:03 2026 Received: from devnull.danielhodges.dev (vps-2f6e086e.vps.ovh.us [135.148.138.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7EAFF1C3BF7; Mon, 5 Jan 2026 17:47:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=135.148.138.8 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767635259; cv=none; b=VLFIkl413pxqeZBr6GWk/juvJSt7KDCeX4Ft5KQIp62RN+7R3FYKhrVVR9BX5/gu44Jdr+pexfvfPANt087F3+YZxQJFywrPEZ20ilSpNVNSHz77A2guupiSmgNC4p/9fapJfUcabHiNB/NOWN8GFVp/7eqkqrtHM15enwKQUoI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767635259; c=relaxed/simple; bh=wirrKdUILPa+ztEIgAAZT9tqHv9j2vrUAip4DfwBiuI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IGfE5OCgEj3K4aQ6WrH5ecNPvNbOhBB8ARLSOfR6aG5UoGZ4nMd56DeBkPj0ZhdIsCu1BeLuIsoyDCNFCERkJeIP57Wq88SkcjX18c4VF6l4RpbxZh04ZmaTZW+3/o2b7mDlk5GjEnIzx2xU3LmrOE7qdN7E7rnLzP/OcI/A8a0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev; spf=pass smtp.mailfrom=danielhodges.dev; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=SOjOeS5d; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=cTswnLwF; arc=none smtp.client-ip=135.148.138.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="SOjOeS5d"; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="cTswnLwF" DKIM-Signature: v=1; a=rsa-sha256; s=202510r; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1767634676; bh=4RFsQG38WUaFBQCY8IsR0nQ s4fmT2fb1harffXkZ3+Q=; b=SOjOeS5d0Joldy7ixTWiryY6+PhZ7Cyd+Hdh7pOCR+PaItZecM gvSB4wjcR07uLSzt9mU+0taiX4/Ey1ZuySFQ6aWyJWl+b8XwGCDqqMMGEr79R5QWYJEpZa8cLqs 6fe5uuy7Nu1POaRCuehk5gmvtsWmQLN78B6EiGNq7oU9KXvSmPUuEAvD8RBKdCHakrprSq9E0ue 0P2gBe4mwyl0QIie0PP6jJ5+rz0ZsLOxYCP1WSBwLuYDS/cPbU43+cnt4+HHrMqfVPtwofFuoWf LL5Z9wzPVJ1VzeLyZ00qDuQj2P501jG7UKqhMrRXKBNdZyhhJfL/F7NEEL7jtmg4YcQ==; DKIM-Signature: v=1; a=ed25519-sha256; s=202510e; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1767634676; bh=4RFsQG38WUaFBQCY8IsR0nQ s4fmT2fb1harffXkZ3+Q=; b=cTswnLwFl3a4OxJh/0Ynnwofzfws5qYC+jaUAKQByZPQluwJqL EBjY7kViMDeDTqezYczIT5tJHQG5vgUZnpCg==; From: Daniel Hodges To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Vadim Fedorenko , Song Liu , Mykyta Yatsenko , Martin KaFai Lau , Eduard Zingerman , Hao Luo , Jiri Olsa , John Fastabend , KP Singh , Stanislav Fomichev , Yonghong Song , Herbert Xu , "David S . Miller" , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Daniel Hodges Subject: [PATCH bpf-next v4 1/6] crypto: Add BPF hash algorithm type registration module Date: Mon, 5 Jan 2026 12:37:50 -0500 Message-ID: <20260105173755.22515-2-git@danielhodges.dev> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260105173755.22515-1-git@danielhodges.dev> References: <20260105173755.22515-1-git@danielhodges.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add bpf_crypto_shash module that registers a hash type with the BPF crypto infrastructure, enabling BPF programs to access kernel hash algorithms through a unified interface. Update the bpf_crypto_type interface with hash-specific callbacks: - alloc_tfm: Allocates crypto_shash context with proper descriptor size - free_tfm: Releases hash transform and context memory - has_algo: Checks algorithm availability via crypto_has_shash() - hash: Performs single-shot hashing via crypto_shash_digest() - digestsize: Returns the output size for the hash algorithm - get_flags: Exposes transform flags to BPF programs Update bpf_shash_ctx to contain crypto_shash transform and shash_desc descriptor to accommodate algorithm-specific descriptor requirements. Signed-off-by: Daniel Hodges --- MAINTAINERS | 1 + crypto/Makefile | 3 ++ crypto/bpf_crypto_shash.c | 95 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 99 insertions(+) create mode 100644 crypto/bpf_crypto_shash.c diff --git a/MAINTAINERS b/MAINTAINERS index 70c2b73b3941..05e0aee5693c 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4712,6 +4712,7 @@ BPF [CRYPTO] M: Vadim Fedorenko L: bpf@vger.kernel.org S: Maintained +F: crypto/bpf_crypto_shash.c F: crypto/bpf_crypto_skcipher.c F: include/linux/bpf_crypto.h F: kernel/bpf/crypto.c diff --git a/crypto/Makefile b/crypto/Makefile index 16a35649dd91..853dff375906 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -30,6 +30,9 @@ obj-$(CONFIG_CRYPTO_ECHAINIV) +=3D echainiv.o crypto_hash-y +=3D ahash.o crypto_hash-y +=3D shash.o obj-$(CONFIG_CRYPTO_HASH2) +=3D crypto_hash.o +ifeq ($(CONFIG_BPF_SYSCALL),y) +obj-$(CONFIG_CRYPTO_HASH2) +=3D bpf_crypto_shash.o +endif =20 obj-$(CONFIG_CRYPTO_AKCIPHER2) +=3D akcipher.o obj-$(CONFIG_CRYPTO_SIG2) +=3D sig.o diff --git a/crypto/bpf_crypto_shash.c b/crypto/bpf_crypto_shash.c new file mode 100644 index 000000000000..95c178ec0ce8 --- /dev/null +++ b/crypto/bpf_crypto_shash.c @@ -0,0 +1,95 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ +#include +#include +#include +#include + +struct bpf_shash_ctx { + struct crypto_shash *tfm; + struct shash_desc desc; +}; + +static void *bpf_crypto_shash_alloc_tfm(const char *algo) +{ + struct bpf_shash_ctx *ctx; + struct crypto_shash *tfm; + + tfm =3D crypto_alloc_shash(algo, 0, 0); + if (IS_ERR(tfm)) + return tfm; + + ctx =3D kzalloc(sizeof(*ctx) + crypto_shash_descsize(tfm), GFP_KERNEL); + if (!ctx) { + crypto_free_shash(tfm); + return ERR_PTR(-ENOMEM); + } + + ctx->tfm =3D tfm; + ctx->desc.tfm =3D tfm; + + return ctx; +} + +static void bpf_crypto_shash_free_tfm(void *tfm) +{ + struct bpf_shash_ctx *ctx =3D tfm; + + crypto_free_shash(ctx->tfm); + kfree(ctx); +} + +static int bpf_crypto_shash_has_algo(const char *algo) +{ + return crypto_has_shash(algo, 0, 0); +} + +static int bpf_crypto_shash_hash(void *tfm, const u8 *data, u8 *out, + unsigned int len) +{ + struct bpf_shash_ctx *ctx =3D tfm; + + return crypto_shash_digest(&ctx->desc, data, len, out); +} + +static unsigned int bpf_crypto_shash_digestsize(void *tfm) +{ + struct bpf_shash_ctx *ctx =3D tfm; + + return crypto_shash_digestsize(ctx->tfm); +} + +static u32 bpf_crypto_shash_get_flags(void *tfm) +{ + struct bpf_shash_ctx *ctx =3D tfm; + + return crypto_shash_get_flags(ctx->tfm); +} + +static const struct bpf_crypto_type bpf_crypto_shash_type =3D { + .alloc_tfm =3D bpf_crypto_shash_alloc_tfm, + .free_tfm =3D bpf_crypto_shash_free_tfm, + .has_algo =3D bpf_crypto_shash_has_algo, + .hash =3D bpf_crypto_shash_hash, + .digestsize =3D bpf_crypto_shash_digestsize, + .get_flags =3D bpf_crypto_shash_get_flags, + .owner =3D THIS_MODULE, + .name =3D "hash", +}; + +static int __init bpf_crypto_shash_init(void) +{ + return bpf_crypto_register_type(&bpf_crypto_shash_type); +} + +static void __exit bpf_crypto_shash_exit(void) +{ + int err =3D bpf_crypto_unregister_type(&bpf_crypto_shash_type); + + WARN_ON_ONCE(err); +} + +module_init(bpf_crypto_shash_init); +module_exit(bpf_crypto_shash_exit); +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("Hash algorithm support for BPF"); --=20 2.51.0 From nobody Sat Feb 7 08:43:03 2026 Received: from devnull.danielhodges.dev (vps-2f6e086e.vps.ovh.us [135.148.138.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 253E033890E; Mon, 5 Jan 2026 17:43:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=135.148.138.8 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767635025; cv=none; b=MMS4cqveAUtnI1wgVuXJA//oG6ZdRv14UYu0whfQQ+sBICS2whHMVEIuIUUu3WlqQosHO0b80xtt5MlIKoBWMqQd47BKsPOlKOQ3WRi0UHclRI166MW6j0wzgWlO9HX2XrzdW3BkxaliwpxnCdss/x92Yxa1DTaNsKnoKZxOBog= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767635025; c=relaxed/simple; bh=CCLSrVcQQdLtKMevZOtc1V0zWYDen3Yz71UZ/CUV9bk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uUxg5SMoy4eRdiabI1qr5Vt6q15/WAHTu7UcwYxsm6kKB+PLj22tth9FMl1UAAdxTF3n/Ci6kh5Fok3LnjS3ywkfvc7Tpptlxdy/+VLwoTunn8XsO0m/ZRATzotJhrLsKo5/+GwAsjgMdP7jtT5iFg1GlhwNoIBOaaA3emF0C6s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev; spf=pass smtp.mailfrom=danielhodges.dev; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=pmldrgkC; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=dJtnKrWx; arc=none smtp.client-ip=135.148.138.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="pmldrgkC"; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="dJtnKrWx" DKIM-Signature: v=1; a=rsa-sha256; s=202510r; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1767634676; bh=27Bq5HOhFwej0EJiEqS0MFP 4ZRLAKVJI/s2j8DhSHkA=; b=pmldrgkC9WVB/NZIuV6rfjzTgLSQr4mNfSbBXJu/kOTxKc7/jG m4yglgu59SzefXr+s1HpB6EVVxtPP+roN1x2CM/vMBy/C546sUjzDFkKmPUZOkVxNJMdCU6J8ZS zI6lU+JAi1h/X+jS88Q12XKgeLU8Muw4mfuwAZxhipakkqMq+Jg9eL/riBxbcq8iA0QfyH14kVz BNTciMiyzmXfxAJkOLGfgG61UnPVlNlK3VLGDOoncaTpeouHWcfBHagswYbid/CaZWU6YT7ZxAh 0jiWSIV+L9DZ5iyXOgIJTA+1MBwbAJcBuXswGF+VxSQ+SC/Sd7FUms86mKkF7bCmPdg==; DKIM-Signature: v=1; a=ed25519-sha256; s=202510e; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1767634676; bh=27Bq5HOhFwej0EJiEqS0MFP 4ZRLAKVJI/s2j8DhSHkA=; b=dJtnKrWxVXyKcpvQgI044R9GQaPvZ2ZK4p1KzgUQl4FcneIINh XNl88fa0nb0o6LgzO05SdqFIba8qugJ/HUDA==; From: Daniel Hodges To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Vadim Fedorenko , Song Liu , Mykyta Yatsenko , Martin KaFai Lau , Eduard Zingerman , Hao Luo , Jiri Olsa , John Fastabend , KP Singh , Stanislav Fomichev , Yonghong Song , Herbert Xu , "David S . Miller" , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Daniel Hodges Subject: [PATCH bpf-next v4 2/6] crypto: Add BPF signature algorithm type registration module Date: Mon, 5 Jan 2026 12:37:51 -0500 Message-ID: <20260105173755.22515-3-git@danielhodges.dev> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260105173755.22515-1-git@danielhodges.dev> References: <20260105173755.22515-1-git@danielhodges.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a new bpf_crypto_sig module that registers signature verification algorithms with the BPF crypto type system. This enables signature operations (like ECDSA) to use the unified bpf_crypto_ctx structure instead of requiring separate context types. The module provides: - alloc_tfm/free_tfm for crypto_sig transform lifecycle - has_algo to check algorithm availability - get_flags for crypto API flags This allows ECDSA and other signature verification operations to integrate with the existing BPF crypto infrastructure. Signed-off-by: Daniel Hodges --- MAINTAINERS | 1 + crypto/Makefile | 3 +++ crypto/bpf_crypto_sig.c | 59 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 crypto/bpf_crypto_sig.c diff --git a/MAINTAINERS b/MAINTAINERS index 05e0aee5693c..fdf451bad869 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4713,6 +4713,7 @@ M: Vadim Fedorenko L: bpf@vger.kernel.org S: Maintained F: crypto/bpf_crypto_shash.c +F: crypto/bpf_crypto_sig.c F: crypto/bpf_crypto_skcipher.c F: include/linux/bpf_crypto.h F: kernel/bpf/crypto.c diff --git a/crypto/Makefile b/crypto/Makefile index 853dff375906..c9ab98b57bc0 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -36,6 +36,9 @@ endif =20 obj-$(CONFIG_CRYPTO_AKCIPHER2) +=3D akcipher.o obj-$(CONFIG_CRYPTO_SIG2) +=3D sig.o +ifeq ($(CONFIG_BPF_SYSCALL),y) +obj-$(CONFIG_CRYPTO_SIG2) +=3D bpf_crypto_sig.o +endif obj-$(CONFIG_CRYPTO_KPP2) +=3D kpp.o obj-$(CONFIG_CRYPTO_HKDF) +=3D hkdf.o =20 diff --git a/crypto/bpf_crypto_sig.c b/crypto/bpf_crypto_sig.c new file mode 100644 index 000000000000..ad0d3810df8e --- /dev/null +++ b/crypto/bpf_crypto_sig.c @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ +#include +#include +#include +#include +#include + +static void *bpf_crypto_sig_alloc_tfm(const char *algo) +{ + return crypto_alloc_sig(algo, 0, 0); +} + +static void bpf_crypto_sig_free_tfm(void *tfm) +{ + crypto_free_sig(tfm); +} + +static int bpf_crypto_sig_has_algo(const char *algo) +{ + return crypto_has_alg(algo, CRYPTO_ALG_TYPE_SIG, CRYPTO_ALG_TYPE_MASK); +} + +static u32 bpf_crypto_sig_get_flags(void *tfm) +{ + return crypto_tfm_get_flags(crypto_sig_tfm(tfm)); +} + +static int bpf_crypto_sig_setkey(void *tfm, const u8 *key, unsigned int ke= ylen) +{ + return crypto_sig_set_pubkey(tfm, key, keylen); +} + +static const struct bpf_crypto_type bpf_crypto_sig_type =3D { + .alloc_tfm =3D bpf_crypto_sig_alloc_tfm, + .free_tfm =3D bpf_crypto_sig_free_tfm, + .has_algo =3D bpf_crypto_sig_has_algo, + .get_flags =3D bpf_crypto_sig_get_flags, + .setkey =3D bpf_crypto_sig_setkey, + .owner =3D THIS_MODULE, + .name =3D "sig", +}; + +static int __init bpf_crypto_sig_init(void) +{ + return bpf_crypto_register_type(&bpf_crypto_sig_type); +} + +static void __exit bpf_crypto_sig_exit(void) +{ + int err =3D bpf_crypto_unregister_type(&bpf_crypto_sig_type); + + WARN_ON_ONCE(err); +} + +module_init(bpf_crypto_sig_init); +module_exit(bpf_crypto_sig_exit); +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("Signature algorithm support for BPF"); --=20 2.51.0 From nobody Sat Feb 7 08:43:03 2026 Received: from devnull.danielhodges.dev (vps-2f6e086e.vps.ovh.us [135.148.138.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D098D3043DB; Mon, 5 Jan 2026 17:44:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=135.148.138.8 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767635045; cv=none; b=KTLQOBpgFxAoXl0g1kCn0kNp6QJtTlqZaOIJIZYy7wsfkolNE+S9lYEFSWPhc2birxwFJGEKyVRnZE9AZh0HsokhoWIxHDwsh61ZhRBX4hh5xTM3qgRctlPODvzaQRuastnNVUp1AAvKC+ged2Xxd3v8z9nGOfgJYP9sPd7oPas= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767635045; c=relaxed/simple; bh=LIQ2RWQ/rdcmAdOs3BQYDxhIAkXIgtIE2/y/0QfGXcY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=T95jdQUhjStOofZquSzf13iOxk/PlSf3Q1tpgVyRdWEvt8CAXVBRbpNdI2yGdOARXR7tSnPZpw9vx8VlGpGhbw4QzveKKtSt2USnLTnnOxZQnKpJ8orairqqU7/mdCMNEwPOWCV9HkRF4RYZtHuszKzEjk4VBa4dR6VC7XsgRWI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev; spf=pass smtp.mailfrom=danielhodges.dev; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=E835BmqO; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=XauI79+z; arc=none smtp.client-ip=135.148.138.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="E835BmqO"; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="XauI79+z" DKIM-Signature: v=1; a=rsa-sha256; s=202510r; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1767634676; bh=VBJzN7USezqgJjm8fsrBxac CNv0aHzMvoebXe0qR4UQ=; b=E835BmqOLQBDDcrUAe/iFme+hZaOZUgyk3uFhhln+tQzn+yyTW MeCm5mVdx4Rqk0vtFT3LRpUSGZ41Yj3y5vIfuv/UODSoRgJQyiYUhkITzmoJ+TSJG5QuaaYVUt1 XQebRzsPHdonjd6pGJMNLc/iH0U7kx3vm1Mv0WrqjwsTuQI3z7IO7Ls/Ggwyv7GzGATv53+wsig XtKIO9+4K/REeJrZ+nkSR5hroLiAEfmcg5v8M/MtmDIZuugKWgTM5q9OMFtUNeYxxm3K3dViNKl HqzjgFA3yfPanRa/lxm92tS8yZkaBJr3fQJZXcoBr6HomzznxHgaa1AsTgEdwJf3q/g==; DKIM-Signature: v=1; a=ed25519-sha256; s=202510e; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1767634676; bh=VBJzN7USezqgJjm8fsrBxac CNv0aHzMvoebXe0qR4UQ=; b=XauI79+zRQRgCKiyd0E382Zth4bdyv82/kyENxoNzEW+sssUkm 9MSN6eNZURKXqk3OwLKTZsf3Nk3YkJW/AuAA==; From: Daniel Hodges To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Vadim Fedorenko , Song Liu , Mykyta Yatsenko , Martin KaFai Lau , Eduard Zingerman , Hao Luo , Jiri Olsa , John Fastabend , KP Singh , Stanislav Fomichev , Yonghong Song , Herbert Xu , "David S . Miller" , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Daniel Hodges Subject: [PATCH bpf-next v4 3/6] bpf: Add hash kfunc for cryptographic hashing Date: Mon, 5 Jan 2026 12:37:52 -0500 Message-ID: <20260105173755.22515-4-git@danielhodges.dev> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260105173755.22515-1-git@danielhodges.dev> References: <20260105173755.22515-1-git@danielhodges.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Extend bpf_crypto_type structure with hash operations: - hash(): Performs hashing operation - digestsize(): Returns hash output size Update bpf_crypto_ctx_create() to support keyless operations: - Hash algorithms don't require keys, unlike ciphers - Only validates key presence if type->setkey is defined - Conditionally sets IV/state length for cipher operations only Add bpf_crypto_hash() kfunc that works with any hash algorithm registered in the kernel's crypto API through the BPF crypto type system. This enables BPF programs to compute cryptographic hashes for use cases such as content verification, integrity checking, and data authentication. Signed-off-by: Daniel Hodges --- kernel/bpf/crypto.c | 78 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 70 insertions(+), 8 deletions(-) diff --git a/kernel/bpf/crypto.c b/kernel/bpf/crypto.c index 1ab79a6dec84..f593e7910d3d 100644 --- a/kernel/bpf/crypto.c +++ b/kernel/bpf/crypto.c @@ -171,7 +171,12 @@ bpf_crypto_ctx_create(const struct bpf_crypto_params *= params, u32 params__sz, goto err_module_put; } =20 - if (!params->key_len || params->key_len > sizeof(params->key)) { + /* Hash operations don't require a key, but cipher operations do */ + if (params->key_len > sizeof(params->key)) { + *err =3D -EINVAL; + goto err_module_put; + } + if (!params->key_len && type->setkey) { *err =3D -EINVAL; goto err_module_put; } @@ -195,16 +200,19 @@ bpf_crypto_ctx_create(const struct bpf_crypto_params = *params, u32 params__sz, goto err_free_tfm; } =20 - *err =3D type->setkey(ctx->tfm, params->key, params->key_len); - if (*err) - goto err_free_tfm; + if (params->key_len) { + *err =3D type->setkey(ctx->tfm, params->key, params->key_len); + if (*err) + goto err_free_tfm; =20 - if (type->get_flags(ctx->tfm) & CRYPTO_TFM_NEED_KEY) { - *err =3D -EINVAL; - goto err_free_tfm; + if (type->get_flags(ctx->tfm) & CRYPTO_TFM_NEED_KEY) { + *err =3D -EINVAL; + goto err_free_tfm; + } } =20 - ctx->siv_len =3D type->ivsize(ctx->tfm) + type->statesize(ctx->tfm); + if (type->ivsize && type->statesize) + ctx->siv_len =3D type->ivsize(ctx->tfm) + type->statesize(ctx->tfm); =20 refcount_set(&ctx->usage, 1); =20 @@ -343,6 +351,55 @@ __bpf_kfunc int bpf_crypto_encrypt(struct bpf_crypto_c= tx *ctx, return bpf_crypto_crypt(ctx, src_kern, dst_kern, siv_kern, false); } =20 +#if IS_ENABLED(CONFIG_CRYPTO_HASH2) +/** + * bpf_crypto_hash() - Compute hash using configured context + * @ctx: The crypto context being used. The ctx must be a trusted pointer. + * @data: bpf_dynptr to the input data to hash. Must be a trusted pointer. + * @out: bpf_dynptr to the output buffer. Must be a trusted pointer. + * + * Computes hash of the input data using the crypto context. The output bu= ffer + * must be at least as large as the digest size of the hash algorithm. + */ +__bpf_kfunc int bpf_crypto_hash(struct bpf_crypto_ctx *ctx, + const struct bpf_dynptr *data, + const struct bpf_dynptr *out) +{ + const struct bpf_dynptr_kern *data_kern =3D (struct bpf_dynptr_kern *)dat= a; + const struct bpf_dynptr_kern *out_kern =3D (struct bpf_dynptr_kern *)out; + unsigned int digestsize; + u64 data_len, out_len; + const u8 *data_ptr; + u8 *out_ptr; + + if (!ctx->type->hash) + return -EOPNOTSUPP; + + data_len =3D __bpf_dynptr_size(data_kern); + out_len =3D __bpf_dynptr_size(out_kern); + + if (data_len =3D=3D 0 || data_len > UINT_MAX) + return -EINVAL; + + if (!ctx->type->digestsize) + return -EOPNOTSUPP; + + digestsize =3D ctx->type->digestsize(ctx->tfm); + if (out_len < digestsize) + return -EINVAL; + + data_ptr =3D __bpf_dynptr_data(data_kern, data_len); + if (!data_ptr) + return -EINVAL; + + out_ptr =3D __bpf_dynptr_data_rw(out_kern, out_len); + if (!out_ptr) + return -EINVAL; + + return ctx->type->hash(ctx->tfm, data_ptr, out_ptr, data_len); +} +#endif /* CONFIG_CRYPTO_HASH2 */ + __bpf_kfunc_end_defs(); =20 BTF_KFUNCS_START(crypt_init_kfunc_btf_ids) @@ -359,6 +416,9 @@ static const struct btf_kfunc_id_set crypt_init_kfunc_s= et =3D { BTF_KFUNCS_START(crypt_kfunc_btf_ids) BTF_ID_FLAGS(func, bpf_crypto_decrypt, KF_RCU) BTF_ID_FLAGS(func, bpf_crypto_encrypt, KF_RCU) +#if IS_ENABLED(CONFIG_CRYPTO_HASH2) +BTF_ID_FLAGS(func, bpf_crypto_hash, KF_RCU) +#endif BTF_KFUNCS_END(crypt_kfunc_btf_ids) =20 static const struct btf_kfunc_id_set crypt_kfunc_set =3D { @@ -383,6 +443,8 @@ static int __init crypto_kfunc_init(void) ret =3D register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_CLS, &crypt_kfunc_s= et); ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_ACT, &crypt_= kfunc_set); ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_XDP, &crypt_kfunc_= set); + /* Register for SYSCALL programs to enable testing and debugging */ + ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &crypt_kf= unc_set); ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &crypt_init_kfunc_set); return ret ?: register_btf_id_dtor_kfuncs(bpf_crypto_dtors, --=20 2.51.0 From nobody Sat Feb 7 08:43:03 2026 Received: from devnull.danielhodges.dev (vps-2f6e086e.vps.ovh.us [135.148.138.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1CB10274B48; Mon, 5 Jan 2026 17:44:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=135.148.138.8 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767635060; cv=none; b=Nzq5oc5bOLCB3hgOjkPWndvki/AXwAfdJ+qm7U+6LxgXn5wCi+/QjLh/35d76tSKdqjGTguDrd0SgAWJR50wUlSTmiUzXL0dM37kaAUy/KFkR4g5L22GJabygKWUWZ2Oa9lV/7iO+5cIUBC89McvHh8EEOcU6LG5PcpmDil8P/c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767635060; c=relaxed/simple; bh=cQoG6zPuMPulqqFHwVib7hRRrrQaZYLXQn1yk/MldhU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PVTjvMpWaNv74YXUHGTBo8qKEUo+kIQIBOXhYDawBE0Z30D2h6PBtL3a7ngmLCgfWzQPk4xUQjEJsaPsduSPmRh2qD5kF7rb3qjAVw10LvSgIqA3rNHecZv4a/WQrfm/rGvc9KJ4OKVnwJPmjUM44OGdWQkAh1kpIHsWvjPeJt4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev; spf=pass smtp.mailfrom=danielhodges.dev; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=gnJiEZQZ; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=laZQfacq; arc=none smtp.client-ip=135.148.138.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="gnJiEZQZ"; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="laZQfacq" DKIM-Signature: v=1; a=rsa-sha256; s=202510r; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1767634677; bh=psRspwxSwofsdvOuCeeS15b ALpOWHSbPQu+l/vx/unk=; b=gnJiEZQZRKw/vbwfTlY+X+CW0zFOiI1VK999lFuYhJ1PTgh9pq q0KwgR+p5kYYKAO1sswdJooDgzGaVwd6vQHYFx8cmEeOVm9ZdoFMB67gwTHPnnY/xwL3GXlD6bK MA7RtMNMCqaDGS3SJn64P210oeW3eEb6ySjx2G8qgVwSPtTxK9Egoi0hfwD6qdCCnUxrgH/S7u8 Ed7H1ZFaDtbaqbBQPSpf0IMm+0pLLWaYePdbAX/LQ3FeaYXGz+kUSY4LcsBHhXYqz7aTvu2Gcgq 1R5ih28s6TUoqfnixyKdygPSysV637MW6xw1s8aaYiumnFV8LL4xm611poVcWZaIY7w==; DKIM-Signature: v=1; a=ed25519-sha256; s=202510e; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1767634677; bh=psRspwxSwofsdvOuCeeS15b ALpOWHSbPQu+l/vx/unk=; b=laZQfacqBtBpc8crIrs9RB0AHLXhPZCsGLgJ4JyBQs0IupSlZn kt7AUjray0oqtrHDg1cW7I4+Nf1Ub7kQkzCA==; From: Daniel Hodges To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Vadim Fedorenko , Song Liu , Mykyta Yatsenko , Martin KaFai Lau , Eduard Zingerman , Hao Luo , Jiri Olsa , John Fastabend , KP Singh , Stanislav Fomichev , Yonghong Song , Herbert Xu , "David S . Miller" , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Daniel Hodges Subject: [PATCH bpf-next v4 4/6] selftests/bpf: Add tests for bpf_crypto_hash kfunc Date: Mon, 5 Jan 2026 12:37:53 -0500 Message-ID: <20260105173755.22515-5-git@danielhodges.dev> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260105173755.22515-1-git@danielhodges.dev> References: <20260105173755.22515-1-git@danielhodges.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add selftests to validate the bpf_crypto_hash works properly. The tests verify both correct functionality and proper error handling. Test Data: All tests use the well-known NIST test vector input "abc" and validate against the standardized expected outputs for each algorithm. This ensures the BPF kfunc wrappers correctly delegate to the kernel crypto library. Signed-off-by: Daniel Hodges --- MAINTAINERS | 2 + tools/testing/selftests/bpf/config | 2 + .../selftests/bpf/prog_tests/crypto_hash.c | 147 ++++++++++++++++++ .../selftests/bpf/progs/crypto_common.h | 7 + .../testing/selftests/bpf/progs/crypto_hash.c | 136 ++++++++++++++++ 5 files changed, 294 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/crypto_hash.c create mode 100644 tools/testing/selftests/bpf/progs/crypto_hash.c diff --git a/MAINTAINERS b/MAINTAINERS index fdf451bad869..a413cb1b973c 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4717,6 +4717,8 @@ F: crypto/bpf_crypto_sig.c F: crypto/bpf_crypto_skcipher.c F: include/linux/bpf_crypto.h F: kernel/bpf/crypto.c +F: tools/testing/selftests/bpf/prog_tests/crypto_hash.c +F: tools/testing/selftests/bpf/progs/crypto_hash.c =20 BPF [DOCUMENTATION] (Related to Standardization) R: David Vernet diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/b= pf/config index 558839e3c185..d168b3073cba 100644 --- a/tools/testing/selftests/bpf/config +++ b/tools/testing/selftests/bpf/config @@ -12,7 +12,9 @@ CONFIG_BPF_SYSCALL=3Dy # CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set CONFIG_CGROUP_BPF=3Dy CONFIG_CRYPTO_HMAC=3Dy +CONFIG_CRYPTO_HASH2=3Dy CONFIG_CRYPTO_SHA256=3Dy +CONFIG_CRYPTO_SHA512=3Dy CONFIG_CRYPTO_USER_API=3Dy CONFIG_CRYPTO_USER_API_HASH=3Dy CONFIG_CRYPTO_USER_API_SKCIPHER=3Dy diff --git a/tools/testing/selftests/bpf/prog_tests/crypto_hash.c b/tools/t= esting/selftests/bpf/prog_tests/crypto_hash.c new file mode 100644 index 000000000000..1d8acbd56e32 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/crypto_hash.c @@ -0,0 +1,147 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ + +#include +#include +#include "crypto_hash.skel.h" + +/* NIST test vectors for SHA-256("abc") */ +static const unsigned char expected_sha256[32] =3D { + 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, + 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, + 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, + 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad +}; + +/* NIST test vectors for SHA-384("abc") */ +static const unsigned char expected_sha384[48] =3D { + 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, + 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07, + 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, + 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed, + 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, + 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 +}; + +/* NIST test vectors for SHA-512("abc") */ +static const unsigned char expected_sha512[64] =3D { + 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, + 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, + 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, + 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, + 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, + 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, + 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, + 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f +}; + +static struct crypto_hash *setup_skel(void) +{ + struct crypto_hash *skel; + + skel =3D crypto_hash__open_and_load(); + if (!skel) { + /* Skip if kfuncs not available (CONFIG_CRYPTO_HASH2 not set) */ + if (errno =3D=3D ENOENT || errno =3D=3D EINVAL) { + test__skip(); + return NULL; + } + ASSERT_OK_PTR(skel, "crypto_hash__open_and_load"); + return NULL; + } + + return skel; +} + +static void test_sha256_basic(void) +{ + struct crypto_hash *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D setup_skel(); + if (!skel) + return; + + prog_fd =3D bpf_program__fd(skel->progs.test_sha256); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_sha256"); + ASSERT_EQ(skel->data->sha256_status, 0, "sha256_status"); + ASSERT_EQ(memcmp(skel->bss->sha256_output, expected_sha256, 32), 0, + "sha256_output_match"); + + crypto_hash__destroy(skel); +} + +static void test_sha384_basic(void) +{ + struct crypto_hash *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D setup_skel(); + if (!skel) + return; + prog_fd =3D bpf_program__fd(skel->progs.test_sha384); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_sha384"); + ASSERT_EQ(skel->data->sha384_status, 0, "sha384_status"); + ASSERT_EQ(memcmp(skel->bss->sha384_output, expected_sha384, 48), 0, + "sha384_output_match"); + + crypto_hash__destroy(skel); +} + +static void test_sha512_basic(void) +{ + struct crypto_hash *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D setup_skel(); + if (!skel) + return; + + prog_fd =3D bpf_program__fd(skel->progs.test_sha512); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_sha512"); + ASSERT_EQ(skel->data->sha512_status, 0, "sha512_status"); + ASSERT_EQ(memcmp(skel->bss->sha512_output, expected_sha512, 64), 0, + "sha512_output_match"); + + crypto_hash__destroy(skel); +} + +static void test_sha256_invalid_params(void) +{ + struct crypto_hash *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D setup_skel(); + if (!skel) + return; + + prog_fd =3D bpf_program__fd(skel->progs.test_sha256_zero_len); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_zero_len"); + ASSERT_EQ(skel->data->sha256_status, 0, "zero_len_rejected"); + + crypto_hash__destroy(skel); +} + +void test_crypto_hash(void) +{ + if (test__start_subtest("sha256_basic")) + test_sha256_basic(); + if (test__start_subtest("sha384_basic")) + test_sha384_basic(); + if (test__start_subtest("sha512_basic")) + test_sha512_basic(); + if (test__start_subtest("sha256_invalid_params")) + test_sha256_invalid_params(); +} diff --git a/tools/testing/selftests/bpf/progs/crypto_common.h b/tools/test= ing/selftests/bpf/progs/crypto_common.h index 57dd7a68a8c3..c357850b17a6 100644 --- a/tools/testing/selftests/bpf/progs/crypto_common.h +++ b/tools/testing/selftests/bpf/progs/crypto_common.h @@ -15,6 +15,13 @@ int bpf_crypto_encrypt(struct bpf_crypto_ctx *ctx, const= struct bpf_dynptr *src, const struct bpf_dynptr *dst, const struct bpf_dynptr *iv) __ksym; int bpf_crypto_decrypt(struct bpf_crypto_ctx *ctx, const struct bpf_dynptr= *src, const struct bpf_dynptr *dst, const struct bpf_dynptr *iv) __ksym; +int bpf_crypto_hash(struct bpf_crypto_ctx *ctx, const struct bpf_dynptr *d= ata, + const struct bpf_dynptr *out) __ksym; +int bpf_ecdsa_verify(struct bpf_crypto_ctx *ctx, const struct bpf_dynptr *= message, + const struct bpf_dynptr *signature) __ksym; +int bpf_ecdsa_keysize(struct bpf_crypto_ctx *ctx) __ksym; +int bpf_ecdsa_digestsize(struct bpf_crypto_ctx *ctx) __ksym; +int bpf_ecdsa_maxsize(struct bpf_crypto_ctx *ctx) __ksym; =20 struct __crypto_ctx_value { struct bpf_crypto_ctx __kptr * ctx; diff --git a/tools/testing/selftests/bpf/progs/crypto_hash.c b/tools/testin= g/selftests/bpf/progs/crypto_hash.c new file mode 100644 index 000000000000..7eafbdd394af --- /dev/null +++ b/tools/testing/selftests/bpf/progs/crypto_hash.c @@ -0,0 +1,136 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ + +#include "vmlinux.h" +#include +#include "bpf_misc.h" +#include "bpf_kfuncs.h" +#include "crypto_common.h" + +unsigned char test_input[3] =3D "abc"; + +/* Expected SHA-256 hash of "abc" */ +/* ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad= */ +unsigned char expected_sha256[32] =3D { + 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, + 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, + 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, + 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad +}; + +/* Output buffers for test results */ +unsigned char sha256_output[32] =3D {}; +unsigned char sha384_output[48] =3D {}; +unsigned char sha512_output[64] =3D {}; + +int sha256_status =3D -1; +int sha384_status =3D -1; +int sha512_status =3D -1; + +SEC("syscall") +int test_sha256(void *ctx) +{ + struct bpf_dynptr input_ptr, output_ptr; + struct bpf_crypto_ctx *hash_ctx; + struct bpf_crypto_params params =3D { + .type =3D "hash", + .algo =3D "sha256", + .key_len =3D 0, + }; + int err =3D 0; + + hash_ctx =3D bpf_crypto_ctx_create(¶ms, sizeof(params), &err); + if (!hash_ctx) { + sha256_status =3D err; + return 0; + } + + bpf_dynptr_from_mem(test_input, sizeof(test_input), 0, &input_ptr); + bpf_dynptr_from_mem(sha256_output, sizeof(sha256_output), 0, &output_ptr); + + sha256_status =3D bpf_crypto_hash(hash_ctx, &input_ptr, &output_ptr); + bpf_crypto_ctx_release(hash_ctx); + return 0; +} + +SEC("syscall") +int test_sha384(void *ctx) +{ + struct bpf_dynptr input_ptr, output_ptr; + struct bpf_crypto_ctx *hash_ctx; + struct bpf_crypto_params params =3D { + .type =3D "hash", + .algo =3D "sha384", + .key_len =3D 0, + }; + int err =3D 0; + + hash_ctx =3D bpf_crypto_ctx_create(¶ms, sizeof(params), &err); + if (!hash_ctx) { + sha384_status =3D err; + return 0; + } + + bpf_dynptr_from_mem(test_input, sizeof(test_input), 0, &input_ptr); + bpf_dynptr_from_mem(sha384_output, sizeof(sha384_output), 0, &output_ptr); + + sha384_status =3D bpf_crypto_hash(hash_ctx, &input_ptr, &output_ptr); + bpf_crypto_ctx_release(hash_ctx); + return 0; +} + +SEC("syscall") +int test_sha512(void *ctx) +{ + struct bpf_dynptr input_ptr, output_ptr; + struct bpf_crypto_ctx *hash_ctx; + struct bpf_crypto_params params =3D { + .type =3D "hash", + .algo =3D "sha512", + .key_len =3D 0, + }; + int err =3D 0; + + hash_ctx =3D bpf_crypto_ctx_create(¶ms, sizeof(params), &err); + if (!hash_ctx) { + sha512_status =3D err; + return 0; + } + + bpf_dynptr_from_mem(test_input, sizeof(test_input), 0, &input_ptr); + bpf_dynptr_from_mem(sha512_output, sizeof(sha512_output), 0, &output_ptr); + + sha512_status =3D bpf_crypto_hash(hash_ctx, &input_ptr, &output_ptr); + bpf_crypto_ctx_release(hash_ctx); + return 0; +} + +SEC("syscall") +int test_sha256_zero_len(void *ctx) +{ + struct bpf_dynptr input_ptr, output_ptr; + struct bpf_crypto_ctx *hash_ctx; + struct bpf_crypto_params params =3D { + .type =3D "hash", + .algo =3D "sha256", + .key_len =3D 0, + }; + int err =3D 0; + int ret; + + hash_ctx =3D bpf_crypto_ctx_create(¶ms, sizeof(params), &err); + if (!hash_ctx) { + sha256_status =3D err; + return 0; + } + + bpf_dynptr_from_mem(test_input, 0, 0, &input_ptr); + bpf_dynptr_from_mem(sha256_output, sizeof(sha256_output), 0, &output_ptr); + + ret =3D bpf_crypto_hash(hash_ctx, &input_ptr, &output_ptr); + sha256_status =3D (ret =3D=3D -22) ? 0 : ret; + bpf_crypto_ctx_release(hash_ctx); + return 0; +} + +char __license[] SEC("license") =3D "GPL"; --=20 2.51.0 From nobody Sat Feb 7 08:43:03 2026 Received: from devnull.danielhodges.dev (vps-2f6e086e.vps.ovh.us [135.148.138.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B0F32F3C0A; Mon, 5 Jan 2026 17:44:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=135.148.138.8 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767635061; cv=none; b=SWuaDnie9WsK3an0pZBvgvDUSWNoxTIR6SR2OEZeNbP3ZN/jh4M/F7rk/9DvnrLlHFY/b9oITT+vNragb7CGhSexG87SP8EpOGozsW4E7Ybb+/nNPhEjR89CA9FKgjnsJM+m7f3t6AmErCO3xx3qEAhbv9hX2EODeLJfvWPQ92M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767635061; c=relaxed/simple; bh=3OAcQVPjbA4HjgHSJgvd9krWCA+NhHdCh0atFvYZL3s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hntDpnsGx/N6WiQjeUHEebTbdtMKdEEx+D0EmSmaiSizZ5KuLlMpfSmSkqRpKgOusUw/n7vYPfNHfaovPoRNUbyx/S4DiTxQkhIcMV/jxiA5BGaHYpiUXh1uTOctvDVlEsp3haAUaSeFGFbUGnEe4t92e60oCDp86GZqdilA4ac= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev; spf=pass smtp.mailfrom=danielhodges.dev; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=LWNGpZ1z; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=hia6ne2M; arc=none smtp.client-ip=135.148.138.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="LWNGpZ1z"; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="hia6ne2M" DKIM-Signature: v=1; a=rsa-sha256; s=202510r; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1767634677; bh=j0BJC2IDsdxfLZAhla89qAl kedAI2eotg/cturZSd50=; b=LWNGpZ1zIsjMNp+P+jT2w6N9zbU2gKX0+oXRGzw2p/7BXAhicC jqQk0ulLkjG53KfGkoe/SjCjQgDXfXac/SjD6HhBHiRgZPSP4meBsdRRIqwpNBO/uXnoH4U/GNJ LrrhQvWDkwTfvrhTYUUN2uztTimWNKMupysmqiVbFwRR+78cPNajcXVhq8MohxLTNiYhlO5OpvE xvGOmm+3PhM/acw2H5An7tjqF5ZZ/y7qUxTBAOZwO+C9dt+RRJVyJ38JQCHfRQ7lUma+h1rgQV5 FigfIgn62fuKvn6ONYP3cdk5b0P0B4/3B9wJC64F6kLFcsm2mwSk1NOhmAhI3XRNRnQ==; DKIM-Signature: v=1; a=ed25519-sha256; s=202510e; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1767634677; bh=j0BJC2IDsdxfLZAhla89qAl kedAI2eotg/cturZSd50=; b=hia6ne2M7WykpmMpmBEcaktXOk29VvFpjjzsgjE2TBglMQI4rA xcnzxBpU9TrMNOzKoB08qRZyel0/KmBTQIDg==; From: Daniel Hodges To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Vadim Fedorenko , Song Liu , Mykyta Yatsenko , Martin KaFai Lau , Eduard Zingerman , Hao Luo , Jiri Olsa , John Fastabend , KP Singh , Stanislav Fomichev , Yonghong Song , Herbert Xu , "David S . Miller" , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Daniel Hodges Subject: [PATCH bpf-next v4 5/6] bpf: Add ECDSA signature verification kfuncs Date: Mon, 5 Jan 2026 12:37:54 -0500 Message-ID: <20260105173755.22515-6-git@danielhodges.dev> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260105173755.22515-1-git@danielhodges.dev> References: <20260105173755.22515-1-git@danielhodges.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add support for ECDSA signature verification in BPF programs through the unified bpf_crypto_ctx API. Changes: - Add enum bpf_crypto_type_id for efficient type checking - Update all crypto type modules to set type_id field - Implement bpf_ecdsa_verify() for signature verification - Add bpf_ecdsa_keysize(), bpf_ecdsa_digestsize(), bpf_ecdsa_maxsize() helper functions for querying context properties - Add type_id checks in all ECDSA kfuncs for type safety - Register ECDSA kfuncs for SCHED_CLS and XDP program types ECDSA contexts are created using bpf_crypto_ctx_create() with type=3D"sig" and appropriate algorithm (e.g., "p1363(ecdsa-nist-p256)"). The public key is passed via the key/key_len fields in bpf_crypto_params. This enables BPF programs to perform cryptographic signature verification for use cases such as packet authentication and content validation. Signed-off-by: Daniel Hodges --- crypto/bpf_crypto_shash.c | 1 + crypto/bpf_crypto_sig.c | 1 + crypto/bpf_crypto_skcipher.c | 1 + include/linux/bpf_crypto.h | 7 +++ kernel/bpf/crypto.c | 115 +++++++++++++++++++++++++++++++++++ 5 files changed, 125 insertions(+) diff --git a/crypto/bpf_crypto_shash.c b/crypto/bpf_crypto_shash.c index 95c178ec0ce8..6e9b0d757ec9 100644 --- a/crypto/bpf_crypto_shash.c +++ b/crypto/bpf_crypto_shash.c @@ -74,6 +74,7 @@ static const struct bpf_crypto_type bpf_crypto_shash_type= =3D { .digestsize =3D bpf_crypto_shash_digestsize, .get_flags =3D bpf_crypto_shash_get_flags, .owner =3D THIS_MODULE, + .type_id =3D BPF_CRYPTO_TYPE_HASH, .name =3D "hash", }; =20 diff --git a/crypto/bpf_crypto_sig.c b/crypto/bpf_crypto_sig.c index ad0d3810df8e..c6e67338cd40 100644 --- a/crypto/bpf_crypto_sig.c +++ b/crypto/bpf_crypto_sig.c @@ -38,6 +38,7 @@ static const struct bpf_crypto_type bpf_crypto_sig_type = =3D { .get_flags =3D bpf_crypto_sig_get_flags, .setkey =3D bpf_crypto_sig_setkey, .owner =3D THIS_MODULE, + .type_id =3D BPF_CRYPTO_TYPE_SIG, .name =3D "sig", }; =20 diff --git a/crypto/bpf_crypto_skcipher.c b/crypto/bpf_crypto_skcipher.c index a88798d3e8c8..79d310fbcc48 100644 --- a/crypto/bpf_crypto_skcipher.c +++ b/crypto/bpf_crypto_skcipher.c @@ -63,6 +63,7 @@ static const struct bpf_crypto_type bpf_crypto_lskcipher_= type =3D { .statesize =3D bpf_crypto_lskcipher_statesize, .get_flags =3D bpf_crypto_lskcipher_get_flags, .owner =3D THIS_MODULE, + .type_id =3D BPF_CRYPTO_TYPE_SKCIPHER, .name =3D "skcipher", }; =20 diff --git a/include/linux/bpf_crypto.h b/include/linux/bpf_crypto.h index c84371cc4e47..cf2c66f9782b 100644 --- a/include/linux/bpf_crypto.h +++ b/include/linux/bpf_crypto.h @@ -3,6 +3,12 @@ #ifndef _BPF_CRYPTO_H #define _BPF_CRYPTO_H =20 +enum bpf_crypto_type_id { + BPF_CRYPTO_TYPE_SKCIPHER =3D 1, + BPF_CRYPTO_TYPE_HASH, + BPF_CRYPTO_TYPE_SIG, +}; + struct bpf_crypto_type { void *(*alloc_tfm)(const char *algo); void (*free_tfm)(void *tfm); @@ -17,6 +23,7 @@ struct bpf_crypto_type { unsigned int (*digestsize)(void *tfm); u32 (*get_flags)(void *tfm); struct module *owner; + enum bpf_crypto_type_id type_id; char name[14]; }; =20 diff --git a/kernel/bpf/crypto.c b/kernel/bpf/crypto.c index f593e7910d3d..3c57a8c31ea2 100644 --- a/kernel/bpf/crypto.c +++ b/kernel/bpf/crypto.c @@ -9,6 +9,7 @@ #include #include #include +#include =20 struct bpf_crypto_type_list { const struct bpf_crypto_type *type; @@ -57,6 +58,7 @@ struct bpf_crypto_ctx { refcount_t usage; }; =20 + int bpf_crypto_register_type(const struct bpf_crypto_type *type) { struct bpf_crypto_type_list *node; @@ -400,6 +402,109 @@ __bpf_kfunc int bpf_crypto_hash(struct bpf_crypto_ctx= *ctx, } #endif /* CONFIG_CRYPTO_HASH2 */ =20 +#if IS_ENABLED(CONFIG_CRYPTO_ECDSA) +/** + * bpf_ecdsa_verify() - Verify ECDSA signature using pre-allocated context + * @ctx: ECDSA context created by bpf_crypto_ctx_create() with type "sig" + * @message: bpf_dynptr to the message hash to verify. Must be a trusted p= ointer. + * @signature: bpf_dynptr to the ECDSA signature in r || s format. Must be= a trusted pointer. + * Must be 64 bytes for P-256, 96 for P-384, 132 for P-521 + * + * Verifies an ECDSA signature using a pre-allocated context. This function + * does not allocate memory and can be used in non-sleepable BPF programs. + * Uses bpf_dynptr to ensure safe memory access without risk of page fault= s. + */ +__bpf_kfunc int bpf_ecdsa_verify(struct bpf_crypto_ctx *ctx, + const struct bpf_dynptr *message, + const struct bpf_dynptr *signature) +{ + const struct bpf_dynptr_kern *msg_kern =3D (struct bpf_dynptr_kern *)mess= age; + const struct bpf_dynptr_kern *sig_kern =3D (struct bpf_dynptr_kern *)sign= ature; + struct crypto_sig *sig_tfm; + const u8 *msg_ptr, *sig_ptr; + u32 msg_len, sig_len; + + if (!ctx) + return -EINVAL; + + if (ctx->type->type_id !=3D BPF_CRYPTO_TYPE_SIG) + return -EINVAL; + + msg_len =3D __bpf_dynptr_size(msg_kern); + sig_len =3D __bpf_dynptr_size(sig_kern); + + if (msg_len =3D=3D 0 || sig_len =3D=3D 0) + return -EINVAL; + + msg_ptr =3D __bpf_dynptr_data(msg_kern, msg_len); + if (!msg_ptr) + return -EINVAL; + + sig_ptr =3D __bpf_dynptr_data(sig_kern, sig_len); + if (!sig_ptr) + return -EINVAL; + + sig_tfm =3D (struct crypto_sig *)ctx->tfm; + return crypto_sig_verify(sig_tfm, sig_ptr, sig_len, msg_ptr, msg_len); +} + +/** + * bpf_ecdsa_keysize() - Get the key size for ECDSA context + * @ctx: ECDSA context + * + * Returns: Key size in bits, or negative error code on failure + */ +__bpf_kfunc int bpf_ecdsa_keysize(struct bpf_crypto_ctx *ctx) +{ + struct crypto_sig *sig_tfm; + + if (!ctx) + return -EINVAL; + + if (ctx->type->type_id !=3D BPF_CRYPTO_TYPE_SIG) + return -EINVAL; + + sig_tfm =3D (struct crypto_sig *)ctx->tfm; + return crypto_sig_keysize(sig_tfm); +} + +/** + * bpf_ecdsa_digestsize() - Get the maximum digest size for ECDSA context + * @ctx: ECDSA context + */ +__bpf_kfunc int bpf_ecdsa_digestsize(struct bpf_crypto_ctx *ctx) +{ + struct crypto_sig *sig_tfm; + + if (!ctx) + return -EINVAL; + + if (ctx->type->type_id !=3D BPF_CRYPTO_TYPE_SIG) + return -EINVAL; + + sig_tfm =3D (struct crypto_sig *)ctx->tfm; + return crypto_sig_digestsize(sig_tfm); +} + +/** + * bpf_ecdsa_maxsize() - Get the maximum signature size for ECDSA context + * @ctx: ECDSA context + */ +__bpf_kfunc int bpf_ecdsa_maxsize(struct bpf_crypto_ctx *ctx) +{ + struct crypto_sig *sig_tfm; + + if (!ctx) + return -EINVAL; + + if (ctx->type->type_id !=3D BPF_CRYPTO_TYPE_SIG) + return -EINVAL; + + sig_tfm =3D (struct crypto_sig *)ctx->tfm; + return crypto_sig_maxsize(sig_tfm); +} +#endif /* CONFIG_CRYPTO_ECDSA */ + __bpf_kfunc_end_defs(); =20 BTF_KFUNCS_START(crypt_init_kfunc_btf_ids) @@ -419,6 +524,12 @@ BTF_ID_FLAGS(func, bpf_crypto_encrypt, KF_RCU) #if IS_ENABLED(CONFIG_CRYPTO_HASH2) BTF_ID_FLAGS(func, bpf_crypto_hash, KF_RCU) #endif +#if IS_ENABLED(CONFIG_CRYPTO_ECDSA) +BTF_ID_FLAGS(func, bpf_ecdsa_verify, KF_RCU) +BTF_ID_FLAGS(func, bpf_ecdsa_keysize, 0) +BTF_ID_FLAGS(func, bpf_ecdsa_digestsize, 0) +BTF_ID_FLAGS(func, bpf_ecdsa_maxsize, 0) +#endif BTF_KFUNCS_END(crypt_kfunc_btf_ids) =20 static const struct btf_kfunc_id_set crypt_kfunc_set =3D { @@ -447,6 +558,10 @@ static int __init crypto_kfunc_init(void) ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &crypt_kf= unc_set); ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &crypt_init_kfunc_set); + ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_CLS, + &crypt_init_kfunc_set); + ret =3D ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_XDP, + &crypt_init_kfunc_set); return ret ?: register_btf_id_dtor_kfuncs(bpf_crypto_dtors, ARRAY_SIZE(bpf_crypto_dtors), THIS_MODULE); --=20 2.51.0 From nobody Sat Feb 7 08:43:03 2026 Received: from devnull.danielhodges.dev (vps-2f6e086e.vps.ovh.us [135.148.138.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C56831B13B; Mon, 5 Jan 2026 17:40:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=135.148.138.8 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767634836; cv=none; b=IPLC6/KeOfe2OvXw7iztlatg/EXK32k7wnqIGCqCOs5kkXDe6vw6r5gOOUh9PtPvjmJC5XStbhMiHFJ4CpQWSoWA5ela2BXG+dIEaodNSuOjZjD+tQvPlAHx0KyqGppsOHQ+aNlXrKt4SdmqT08eDQ+lI0gkhnQ2VmkFGhOmp9U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767634836; c=relaxed/simple; bh=lIPnO+kw2886Ju9Xk8DvPqC+wPtM4g3aStXtUa2+qgY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bs55IAInBCgcKF0ZNce2+hyF63Y3X6A2zQ3zWJwzDqgHvSNvJ9bdRLoXyyKMOp5CYSERDb7JpfXa3UMMWIGIfTqeii/Z4DQdG8YNKonH0zc2MykMDUajBcRPND6QqI0b7I8JqpBmzn5pA46IcXQbX4c++FmT0S8UAXSX2qamNl8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev; spf=pass smtp.mailfrom=danielhodges.dev; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=tUpjItM9; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b=9urMZkA7; arc=none smtp.client-ip=135.148.138.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=danielhodges.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="tUpjItM9"; dkim=permerror (0-bit key) header.d=danielhodges.dev header.i=@danielhodges.dev header.b="9urMZkA7" DKIM-Signature: v=1; a=rsa-sha256; s=202510r; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1767634677; bh=U9uDF5+qPxHr49V2MHK2v7G XWlBfmcMJXNTrT92Jg+o=; b=tUpjItM9Qal68jCxDxOK+lUlmfciMUflX6ZdKhyaxb7LjtePKJ zrxLTrBHxDCfb3792m1eVMhMuQPe4ruLBxFgR2seBRG70Up4eeOXKAoeVtROP2AoNU2LclR/+uc atpK9zOqCu0L+ASpZjrbsl3CoZM6YdkSlUnOGZxeMxHLnMoixH26vwdWpOFTe6aYYiAmVHMW9qN dbVx8Y7Mvhf3YvtfLSoz321+5zpuNL7N4T+Byu55Rfn/H7KrSvDEpzy2YTTG0a7garODcwHeMzR wrYJlUIvgP6GJ41TfpOZfpURRLlcK2Id6RANhT9mLBtr9pHA8JlW2EL7Jk7PLkTN5cg==; DKIM-Signature: v=1; a=ed25519-sha256; s=202510e; d=danielhodges.dev; c=relaxed/relaxed; h=Message-ID:Date:Subject:To:From; t=1767634677; bh=U9uDF5+qPxHr49V2MHK2v7G XWlBfmcMJXNTrT92Jg+o=; b=9urMZkA7OpbTreqmL/Sbee2zCHFsV9wtyqpxa7V73p5QNS0rbR yZInYJitvVf+aj5HU0KNfsSbhhRN+/PeyiCg==; From: Daniel Hodges To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Vadim Fedorenko , Song Liu , Mykyta Yatsenko , Martin KaFai Lau , Eduard Zingerman , Hao Luo , Jiri Olsa , John Fastabend , KP Singh , Stanislav Fomichev , Yonghong Song , Herbert Xu , "David S . Miller" , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Daniel Hodges Subject: [PATCH bpf-next v4 6/6] selftests/bpf: Add tests for ECDSA signature verification kfuncs Date: Mon, 5 Jan 2026 12:37:55 -0500 Message-ID: <20260105173755.22515-7-git@danielhodges.dev> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260105173755.22515-1-git@danielhodges.dev> References: <20260105173755.22515-1-git@danielhodges.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add selftests to validate the ECDSA signature verification kfuncs introduced in the BPF crypto subsystem. The tests verify both valid signature acceptance and invalid signature rejection using the context-based ECDSA API. The tests use RFC 6979 test vectors for NIST P-256 (secp256r1) with well-known valid signatures. The algorithm "p1363(ecdsa-nist-p256)" is used to handle standard r||s signature format. Signed-off-by: Daniel Hodges --- MAINTAINERS | 2 + tools/testing/selftests/bpf/config | 1 + .../selftests/bpf/prog_tests/ecdsa_verify.c | 75 +++++++++ .../selftests/bpf/progs/ecdsa_verify.c | 157 ++++++++++++++++++ 4 files changed, 235 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/ecdsa_verify.c create mode 100644 tools/testing/selftests/bpf/progs/ecdsa_verify.c diff --git a/MAINTAINERS b/MAINTAINERS index a413cb1b973c..7d65deb4dd03 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4718,7 +4718,9 @@ F: crypto/bpf_crypto_skcipher.c F: include/linux/bpf_crypto.h F: kernel/bpf/crypto.c F: tools/testing/selftests/bpf/prog_tests/crypto_hash.c +F: tools/testing/selftests/bpf/prog_tests/ecdsa_verify.c F: tools/testing/selftests/bpf/progs/crypto_hash.c +F: tools/testing/selftests/bpf/progs/ecdsa_verify.c =20 BPF [DOCUMENTATION] (Related to Standardization) R: David Vernet diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/b= pf/config index d168b3073cba..c99811d3f61f 100644 --- a/tools/testing/selftests/bpf/config +++ b/tools/testing/selftests/bpf/config @@ -15,6 +15,7 @@ CONFIG_CRYPTO_HMAC=3Dy CONFIG_CRYPTO_HASH2=3Dy CONFIG_CRYPTO_SHA256=3Dy CONFIG_CRYPTO_SHA512=3Dy +CONFIG_CRYPTO_ECDSA=3Dy CONFIG_CRYPTO_USER_API=3Dy CONFIG_CRYPTO_USER_API_HASH=3Dy CONFIG_CRYPTO_USER_API_SKCIPHER=3Dy diff --git a/tools/testing/selftests/bpf/prog_tests/ecdsa_verify.c b/tools/= testing/selftests/bpf/prog_tests/ecdsa_verify.c new file mode 100644 index 000000000000..4e88b3eeb3eb --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/ecdsa_verify.c @@ -0,0 +1,75 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ + +#include +#include "ecdsa_verify.skel.h" + +static void test_ecdsa_verify_valid_signature(void) +{ + struct ecdsa_verify *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D ecdsa_verify__open_and_load(); + if (!ASSERT_OK_PTR(skel, "ecdsa_verify__open_and_load")) + return; + + prog_fd =3D bpf_program__fd(skel->progs.test_ecdsa_verify_valid); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_ecdsa_verify_valid"); + ASSERT_EQ(skel->data->ctx_create_status, 0, "ctx_create_status"); + ASSERT_EQ(skel->data->verify_result, 0, "verify_valid_signature"); + + ecdsa_verify__destroy(skel); +} + +static void test_ecdsa_verify_invalid_signature(void) +{ + struct ecdsa_verify *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D ecdsa_verify__open_and_load(); + if (!ASSERT_OK_PTR(skel, "ecdsa_verify__open_and_load")) + return; + + prog_fd =3D bpf_program__fd(skel->progs.test_ecdsa_verify_invalid); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_ecdsa_verify_invalid"); + ASSERT_NEQ(skel->data->verify_invalid_result, 0, "verify_invalid_signatur= e_rejected"); + + ecdsa_verify__destroy(skel); +} + +static void test_ecdsa_size_queries(void) +{ + struct ecdsa_verify *skel; + int err, prog_fd; + + LIBBPF_OPTS(bpf_test_run_opts, topts); + + skel =3D ecdsa_verify__open_and_load(); + if (!ASSERT_OK_PTR(skel, "ecdsa_verify__open_and_load")) + return; + + prog_fd =3D bpf_program__fd(skel->progs.test_ecdsa_size_queries); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + ASSERT_OK(err, "test_ecdsa_size_queries"); + ASSERT_EQ(skel->data->keysize_result, 256, "keysize_p256"); + ASSERT_EQ(skel->data->digestsize_result, 64, "digestsize_p256"); + ASSERT_EQ(skel->data->maxsize_result, 64, "maxsize_p256"); + + ecdsa_verify__destroy(skel); +} + +void test_ecdsa_verify(void) +{ + if (test__start_subtest("verify_valid_signature")) + test_ecdsa_verify_valid_signature(); + if (test__start_subtest("verify_invalid_signature")) + test_ecdsa_verify_invalid_signature(); + if (test__start_subtest("size_queries")) + test_ecdsa_size_queries(); +} diff --git a/tools/testing/selftests/bpf/progs/ecdsa_verify.c b/tools/testi= ng/selftests/bpf/progs/ecdsa_verify.c new file mode 100644 index 000000000000..2dd74995bd3a --- /dev/null +++ b/tools/testing/selftests/bpf/progs/ecdsa_verify.c @@ -0,0 +1,157 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ + +#include "vmlinux.h" +#include +#include "bpf_misc.h" +#include "crypto_common.h" + +/* NIST P-256 test vector + * This is a known valid ECDSA signature for testing purposes + */ + +/* Public key in uncompressed format: 0x04 || x || y (65 bytes) */ +unsigned char pubkey_p256[65] =3D { + 0x04, /* Uncompressed point indicator */ + /* X coordinate (32 bytes) */ + 0x60, 0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d, 0x31, + 0xc9, 0x61, 0xeb, 0x74, 0xc6, 0x35, 0x6d, 0x68, + 0xc0, 0x49, 0xb8, 0x92, 0x3b, 0x61, 0xfa, 0x6c, + 0xe6, 0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f, 0xb6, + /* Y coordinate (32 bytes) */ + 0x79, 0x03, 0xfe, 0x10, 0x08, 0xb8, 0xbc, 0x99, + 0xa4, 0x1a, 0xe9, 0xe9, 0x56, 0x28, 0xbc, 0x64, + 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, + 0x77, 0xa3, 0xc2, 0x94, 0xd4, 0x46, 0x22, 0x99 +}; + +/* Message hash (32 bytes) - SHA-256 of "sample" */ +unsigned char message_hash[32] =3D { + 0xaf, 0x2b, 0xdb, 0xe1, 0xaa, 0x9b, 0x6e, 0xc1, + 0xe2, 0xad, 0xe1, 0xd6, 0x94, 0xf4, 0x1f, 0xc7, + 0x1a, 0x83, 0x1d, 0x02, 0x68, 0xe9, 0x89, 0x15, + 0x62, 0x11, 0x3d, 0x8a, 0x62, 0xad, 0xd1, 0xbf +}; + +/* Valid signature r || s (64 bytes) */ +unsigned char valid_signature[64] =3D { + /* r component (32 bytes) */ + 0xef, 0xd4, 0x8b, 0x2a, 0xac, 0xb6, 0xa8, 0xfd, + 0x11, 0x40, 0xdd, 0x9c, 0xd4, 0x5e, 0x81, 0xd6, + 0x9d, 0x2c, 0x87, 0x7b, 0x56, 0xaa, 0xf9, 0x91, + 0xc3, 0x4d, 0x0e, 0xa8, 0x4e, 0xaf, 0x37, 0x16, + /* s component (32 bytes) */ + 0xf7, 0xcb, 0x1c, 0x94, 0x2d, 0x65, 0x7c, 0x41, + 0xd4, 0x36, 0xc7, 0xa1, 0xb6, 0xe2, 0x9f, 0x65, + 0xf3, 0xe9, 0x00, 0xdb, 0xb9, 0xaf, 0xf4, 0x06, + 0x4d, 0xc4, 0xab, 0x2f, 0x84, 0x3a, 0xcd, 0xa8 +}; + +/* Invalid signature (modified r component) for negative test */ +unsigned char invalid_signature[64] =3D { + /* r component (32 bytes) - first byte modified */ + 0xff, 0xd4, 0x8b, 0x2a, 0xac, 0xb6, 0xa8, 0xfd, + 0x11, 0x40, 0xdd, 0x9c, 0xd4, 0x5e, 0x81, 0xd6, + 0x9d, 0x2c, 0x87, 0x7b, 0x56, 0xaa, 0xf9, 0x91, + 0xc3, 0x4d, 0x0e, 0xa8, 0x4e, 0xaf, 0x37, 0x16, + /* s component (32 bytes) */ + 0xf7, 0xcb, 0x1c, 0x94, 0x2d, 0x65, 0x7c, 0x41, + 0xd4, 0x36, 0xc7, 0xa1, 0xb6, 0xe2, 0x9f, 0x65, + 0xf3, 0xe9, 0x00, 0xdb, 0xb9, 0xaf, 0xf4, 0x06, + 0x4d, 0xc4, 0xab, 0x2f, 0x84, 0x3a, 0xcd, 0xa8 +}; + +/* Test results */ +int verify_result =3D -1; +int verify_invalid_result =3D -1; +int ctx_create_status =3D -1; +int keysize_result =3D -1; +int digestsize_result =3D -1; +int maxsize_result =3D -1; + +SEC("syscall") +int test_ecdsa_verify_valid(void *ctx) +{ + struct bpf_crypto_ctx *ecdsa_ctx; + struct bpf_crypto_params params =3D { + .type =3D "sig", + .algo =3D "p1363(ecdsa-nist-p256)", + .key_len =3D sizeof(pubkey_p256), + }; + struct bpf_dynptr msg_ptr, sig_ptr; + int err =3D 0; + + __builtin_memcpy(params.key, pubkey_p256, sizeof(pubkey_p256)); + + ecdsa_ctx =3D bpf_crypto_ctx_create(¶ms, sizeof(params), &err); + if (!ecdsa_ctx) { + ctx_create_status =3D err; + return 0; + } + ctx_create_status =3D 0; + + bpf_dynptr_from_mem(message_hash, sizeof(message_hash), 0, &msg_ptr); + bpf_dynptr_from_mem(valid_signature, sizeof(valid_signature), 0, &sig_ptr= ); + + verify_result =3D bpf_ecdsa_verify(ecdsa_ctx, &msg_ptr, &sig_ptr); + + bpf_crypto_ctx_release(ecdsa_ctx); + + return 0; +} + +SEC("syscall") +int test_ecdsa_verify_invalid(void *ctx) +{ + struct bpf_crypto_ctx *ecdsa_ctx; + struct bpf_crypto_params params =3D { + .type =3D "sig", + .algo =3D "p1363(ecdsa-nist-p256)", + .key_len =3D sizeof(pubkey_p256), + }; + struct bpf_dynptr msg_ptr, sig_ptr; + int err =3D 0; + + __builtin_memcpy(params.key, pubkey_p256, sizeof(pubkey_p256)); + + ecdsa_ctx =3D bpf_crypto_ctx_create(¶ms, sizeof(params), &err); + if (!ecdsa_ctx) + return 0; + + bpf_dynptr_from_mem(message_hash, sizeof(message_hash), 0, &msg_ptr); + bpf_dynptr_from_mem(invalid_signature, sizeof(invalid_signature), 0, &sig= _ptr); + + verify_invalid_result =3D bpf_ecdsa_verify(ecdsa_ctx, &msg_ptr, &sig_ptr); + + bpf_crypto_ctx_release(ecdsa_ctx); + + return 0; +} + +SEC("syscall") +int test_ecdsa_size_queries(void *ctx) +{ + struct bpf_crypto_ctx *ecdsa_ctx; + struct bpf_crypto_params params =3D { + .type =3D "sig", + .algo =3D "p1363(ecdsa-nist-p256)", + .key_len =3D sizeof(pubkey_p256), + }; + int err =3D 0; + + __builtin_memcpy(params.key, pubkey_p256, sizeof(pubkey_p256)); + + ecdsa_ctx =3D bpf_crypto_ctx_create(¶ms, sizeof(params), &err); + if (!ecdsa_ctx) + return 0; + + keysize_result =3D bpf_ecdsa_keysize(ecdsa_ctx); + digestsize_result =3D bpf_ecdsa_digestsize(ecdsa_ctx); + maxsize_result =3D bpf_ecdsa_maxsize(ecdsa_ctx); + + bpf_crypto_ctx_release(ecdsa_ctx); + + return 0; +} + +char __license[] SEC("license") =3D "GPL"; --=20 2.51.0