On 05/01/2026 17:37, Daniel Hodges wrote:
Add support for ECDSA signature verification in BPF programs through
the unified bpf_crypto_ctx API.
Changes:
- Add enum bpf_crypto_type_id for efficient type checking
- Update all crypto type modules to set type_id field
- Implement bpf_ecdsa_verify() for signature verification
- Add bpf_ecdsa_keysize(), bpf_ecdsa_digestsize(), bpf_ecdsa_maxsize()
helper functions for querying context properties
- Add type_id checks in all ECDSA kfuncs for type safety
- Register ECDSA kfuncs for SCHED_CLS and XDP program types
ECDSA contexts are created using bpf_crypto_ctx_create() with
type="sig" and appropriate algorithm (e.g., "p1363(ecdsa-nist-p256)").
The public key is passed via the key/key_len fields in bpf_crypto_params.
This enables BPF programs to perform cryptographic signature verification
for use cases such as packet authentication and content validation.
Signed-off-by: Daniel Hodges <[email protected]>
@@ -57,6 +58,7 @@ struct bpf_crypto_ctx {
refcount_t usage;
};
+
int bpf_crypto_register_type(const struct bpf_crypto_type *type)
{
struct bpf_crypto_type_list *node;
This chunk is extra empty line - no need for it
