On Wed, Dec 17, 2025 at 07:35:22AM +0900, Song Liu wrote: > On Mon, Dec 8, 2025 at 5:43 PM Daniel Hodges <[email protected]> wrote: > > > > Add context-based ECDSA signature verification kfuncs: > > - bpf_ecdsa_ctx_create(): Creates reusable ECDSA context with public key > > - bpf_ecdsa_verify(): Verifies signatures using the context > > - bpf_ecdsa_ctx_acquire(): Increments context reference count > > - bpf_ecdsa_ctx_release(): Releases context with RCU safety > > > > The ECDSA implementation supports NIST curves (P-256, P-384, P-521) and > > uses the kernel's crypto_sig API. Public keys must be in uncompressed > > format (0x04 || x || y), and signatures are in r || s format. > > > > Signed-off-by: Daniel Hodges <[email protected]> > > --- > > kernel/bpf/crypto.c | 230 ++++++++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 230 insertions(+) > > > > diff --git a/kernel/bpf/crypto.c b/kernel/bpf/crypto.c > > index 47e6a43a46d4..138abe58e87e 100644 > > --- a/kernel/bpf/crypto.c > > +++ b/kernel/bpf/crypto.c > > @@ -9,6 +9,7 @@ > > #include <linux/scatterlist.h> > > #include <linux/skbuff.h> > > #include <crypto/skcipher.h> > > +#include <crypto/sig.h> > > > > struct bpf_crypto_type_list { > > const struct bpf_crypto_type *type; > > @@ -57,6 +58,21 @@ struct bpf_crypto_ctx { > > refcount_t usage; > > }; > > > > +#if IS_ENABLED(CONFIG_CRYPTO_ECDSA) > > +/** > > + * struct bpf_ecdsa_ctx - refcounted BPF ECDSA context structure > > + * @tfm: The crypto_sig transform for ECDSA operations > > + * @rcu: The RCU head used to free the context with RCU safety > > + * @usage: Object reference counter. When the refcount goes to 0, the > > + * memory is released with RCU safety. > > + */ > > +struct bpf_ecdsa_ctx { > > + struct crypto_sig *tfm; > > + struct rcu_head rcu; > > + refcount_t usage; > > +}; > > +#endif > > Can we use bpf_crypto_ctx for ECDSA? > > Thanks, > Song Sure thing!
-Daniel
