Add a new bpf_crypto_sig module that registers signature verification algorithms with the BPF crypto type system. This enables signature operations (like ECDSA) to use the unified bpf_crypto_ctx structure instead of requiring separate context types.
The module provides: - alloc_tfm/free_tfm for crypto_sig transform lifecycle - has_algo to check algorithm availability - get_flags for crypto API flags This allows ECDSA and other signature verification operations to integrate with the existing BPF crypto infrastructure. Signed-off-by: Daniel Hodges <[email protected]> --- MAINTAINERS | 1 + crypto/Makefile | 3 +++ crypto/bpf_crypto_sig.c | 59 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 crypto/bpf_crypto_sig.c diff --git a/MAINTAINERS b/MAINTAINERS index 05e0aee5693c..fdf451bad869 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4713,6 +4713,7 @@ M: Vadim Fedorenko <[email protected]> L: [email protected] S: Maintained F: crypto/bpf_crypto_shash.c +F: crypto/bpf_crypto_sig.c F: crypto/bpf_crypto_skcipher.c F: include/linux/bpf_crypto.h F: kernel/bpf/crypto.c diff --git a/crypto/Makefile b/crypto/Makefile index 853dff375906..c9ab98b57bc0 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -36,6 +36,9 @@ endif obj-$(CONFIG_CRYPTO_AKCIPHER2) += akcipher.o obj-$(CONFIG_CRYPTO_SIG2) += sig.o +ifeq ($(CONFIG_BPF_SYSCALL),y) +obj-$(CONFIG_CRYPTO_SIG2) += bpf_crypto_sig.o +endif obj-$(CONFIG_CRYPTO_KPP2) += kpp.o obj-$(CONFIG_CRYPTO_HKDF) += hkdf.o diff --git a/crypto/bpf_crypto_sig.c b/crypto/bpf_crypto_sig.c new file mode 100644 index 000000000000..ad0d3810df8e --- /dev/null +++ b/crypto/bpf_crypto_sig.c @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ +#include <linux/types.h> +#include <linux/module.h> +#include <linux/bpf_crypto.h> +#include <linux/crypto.h> +#include <crypto/sig.h> + +static void *bpf_crypto_sig_alloc_tfm(const char *algo) +{ + return crypto_alloc_sig(algo, 0, 0); +} + +static void bpf_crypto_sig_free_tfm(void *tfm) +{ + crypto_free_sig(tfm); +} + +static int bpf_crypto_sig_has_algo(const char *algo) +{ + return crypto_has_alg(algo, CRYPTO_ALG_TYPE_SIG, CRYPTO_ALG_TYPE_MASK); +} + +static u32 bpf_crypto_sig_get_flags(void *tfm) +{ + return crypto_tfm_get_flags(crypto_sig_tfm(tfm)); +} + +static int bpf_crypto_sig_setkey(void *tfm, const u8 *key, unsigned int keylen) +{ + return crypto_sig_set_pubkey(tfm, key, keylen); +} + +static const struct bpf_crypto_type bpf_crypto_sig_type = { + .alloc_tfm = bpf_crypto_sig_alloc_tfm, + .free_tfm = bpf_crypto_sig_free_tfm, + .has_algo = bpf_crypto_sig_has_algo, + .get_flags = bpf_crypto_sig_get_flags, + .setkey = bpf_crypto_sig_setkey, + .owner = THIS_MODULE, + .name = "sig", +}; + +static int __init bpf_crypto_sig_init(void) +{ + return bpf_crypto_register_type(&bpf_crypto_sig_type); +} + +static void __exit bpf_crypto_sig_exit(void) +{ + int err = bpf_crypto_unregister_type(&bpf_crypto_sig_type); + + WARN_ON_ONCE(err); +} + +module_init(bpf_crypto_sig_init); +module_exit(bpf_crypto_sig_exit); +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("Signature algorithm support for BPF"); -- 2.51.0
