On Mon, Dec 8, 2025 at 5:43 PM Daniel Hodges <[email protected]> wrote: > > Add context-based ECDSA signature verification kfuncs: > - bpf_ecdsa_ctx_create(): Creates reusable ECDSA context with public key > - bpf_ecdsa_verify(): Verifies signatures using the context > - bpf_ecdsa_ctx_acquire(): Increments context reference count > - bpf_ecdsa_ctx_release(): Releases context with RCU safety > > The ECDSA implementation supports NIST curves (P-256, P-384, P-521) and > uses the kernel's crypto_sig API. Public keys must be in uncompressed > format (0x04 || x || y), and signatures are in r || s format. > > Signed-off-by: Daniel Hodges <[email protected]> > --- > kernel/bpf/crypto.c | 230 ++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 230 insertions(+) > > diff --git a/kernel/bpf/crypto.c b/kernel/bpf/crypto.c > index 47e6a43a46d4..138abe58e87e 100644 > --- a/kernel/bpf/crypto.c > +++ b/kernel/bpf/crypto.c > @@ -9,6 +9,7 @@ > #include <linux/scatterlist.h> > #include <linux/skbuff.h> > #include <crypto/skcipher.h> > +#include <crypto/sig.h> > > struct bpf_crypto_type_list { > const struct bpf_crypto_type *type; > @@ -57,6 +58,21 @@ struct bpf_crypto_ctx { > refcount_t usage; > }; > > +#if IS_ENABLED(CONFIG_CRYPTO_ECDSA) > +/** > + * struct bpf_ecdsa_ctx - refcounted BPF ECDSA context structure > + * @tfm: The crypto_sig transform for ECDSA operations > + * @rcu: The RCU head used to free the context with RCU safety > + * @usage: Object reference counter. When the refcount goes to 0, the > + * memory is released with RCU safety. > + */ > +struct bpf_ecdsa_ctx { > + struct crypto_sig *tfm; > + struct rcu_head rcu; > + refcount_t usage; > +}; > +#endif
Can we use bpf_crypto_ctx for ECDSA? Thanks, Song
