Re: [PATCH bpf-next 0/4] Add cryptographic hash and signature verification kfuncs to BPF

[Vadim Fedorenko <vadim.fedorenko@linux.dev>]

On 17/11/2025 21:13, Daniel Hodges wrote:
> This series extends BPF's cryptographic capabilities by adding kfuncs for
> SHA hashing and ECDSA signature verification. These functions enable BPF
> programs to perform cryptographic operations for use cases such as content
> verification, integrity checking, and data authentication.
> 
> BPF programs increasingly need to verify data integrity and authenticity in
> networking, security, and observability contexts. While BPF already supports
> symmetric encryption/decryption, it lacks support for:
> 
> 1. Cryptographic hashing - needed for content verification, fingerprinting,
>     and preparing message digests for signature operations
> 2. Asymmetric signature verification - needed to verify signed data without
>     requiring the signing key in the datapath
> 
> These capabilities enable use cases such as:
> - Verifying signed network packets or application data in XDP/TC programs
> - Implementing integrity checks in tracing and security monitoring
> - Building zero-trust security models where BPF programs verify credentials
> - Content-addressed storage and deduplication in BPF-based filesystems
> 
> Implementation:
> 
> The implementation follows BPF's existing crypto patterns:
> 1. Uses bpf_dynptr for safe memory access without page fault risks
> 2. Leverages the kernel's existing crypto library (lib/crypto/sha256.c and
>     crypto/ecdsa.c) rather than reimplementing algorithms
> 3. Provides context-based API for ECDSA to enable key reuse and support
>     multiple program types (syscall, XDP, TC)
> 4. Includes comprehensive selftests with NIST test vectors
> 
> Patch 1: Add SHA-256, SHA-384, and SHA-512 hash kfuncs
>    - Adds three kfuncs for computing cryptographic hashes
>    - Uses kernel's crypto library implementations
>    - Validates buffer sizes and handles read-only checks
> 
> Patch 2: Add selftests for SHA hash kfuncs
>    - Tests basic functionality with NIST "abc" test vectors
>    - Validates error handling for invalid parameters
>    - Ensures correct hash output for all three algorithms
> 
> Patch 3: Add ECDSA signature verification kfuncs
>    - Context-based API: create/acquire/release pattern
>    - Supports NIST curves (P-256, P-384, P-521)
>    - Includes both verification and signing operations
>    - Enables use in non-sleepable contexts via pre-allocated contexts
> 
> Patch 4: Add selftests for ECDSA signature verification
>    - Tests valid signature acceptance
>    - Tests invalid signature rejection
>    - Tests sign-then-verify workflow
>    - Tests size query functions
>    - Uses RFC 6979 test vectors for P-256
> 
> 
> Example programs demonstrating usage of these kfuncs can be found at:
> https://github.com/hodgesds/cryptbpf
> 
> All tests pass on x86_64:
> 
>    # ./test_progs -t crypto_hash
>    #1/1     crypto_hash/sha256_basic:OK
>    #1/2     crypto_hash/sha384_basic:OK
>    #1/3     crypto_hash/sha512_basic:OK
>    #1/4     crypto_hash/sha256_invalid_params:OK
>    #1       crypto_hash:OK
> 
>    # ./test_progs -t ecdsa_verify
>    #2/1     ecdsa_verify/verify_valid_signature:OK
>    #2/2     ecdsa_verify/verify_invalid_signature:OK
>    #2/3     ecdsa_verify/sign_and_verify:OK
>    #2/4     ecdsa_verify/size_queries:OK
>    #2       ecdsa_verify:OK
> 
> Configuration Requirements:
> - SHA kfuncs require CONFIG_CRYPTO_LIB_SHA256=y (default in most configs)
> - ECDSA kfuncs require CONFIG_CRYPTO_ECDSA=y|m
> 
> Future extensions could include:
> - Additional hash algorithms (SHA3, BLAKE2)
> - RSA signature verification
> - Additional NIST curves (P-192, P-521)
> - Hardware acceleration support where available

I might be a better idea to implement hashing type and register it, like
it's done for crypto algorithms. Currently, the only type is encryption/
decryption type. You can add hash type, extend callbacks to have hash(),
and let user choose the hash algo? That will make code without any
duplication just because of new algo...