From: Vadim Fedorenko <vadim.fedorenko@linux.dev>
To: Daniel Hodges <git@danielhodges.dev>, bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Song Liu <song@kernel.org>, Mykyta Yatsenko <yatsenko@meta.com>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>,
Yonghong Song <yonghong.song@linux.dev>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH bpf-next v4 2/6] crypto: Add BPF signature algorithm type registration module
Date: Tue, 6 Jan 2026 22:08:06 +0000 [thread overview]
Message-ID: <ede58147-3bde-4408-9f69-d2d717b4ee40@linux.dev> (raw)
In-Reply-To: <20260105173755.22515-3-git@danielhodges.dev>
On 05/01/2026 17:37, Daniel Hodges wrote:
> Add a new bpf_crypto_sig module that registers signature verification
> algorithms with the BPF crypto type system. This enables signature
> operations (like ECDSA) to use the unified bpf_crypto_ctx structure
> instead of requiring separate context types.
>
> The module provides:
> - alloc_tfm/free_tfm for crypto_sig transform lifecycle
> - has_algo to check algorithm availability
> - get_flags for crypto API flags
>
> This allows ECDSA and other signature verification operations to
> integrate with the existing BPF crypto infrastructure.
>
> Signed-off-by: Daniel Hodges <git@danielhodges.dev>
[...]
> +static int bpf_crypto_sig_setkey(void *tfm, const u8 *key, unsigned int keylen)
> +{
> + return crypto_sig_set_pubkey(tfm, key, keylen);
> +}
That effectively means that signature verification only is provided for
BPF programs? Do we plan to extend API to sign a buffer?
> +
> +static const struct bpf_crypto_type bpf_crypto_sig_type = {
> + .alloc_tfm = bpf_crypto_sig_alloc_tfm,
> + .free_tfm = bpf_crypto_sig_free_tfm,
> + .has_algo = bpf_crypto_sig_has_algo,
> + .get_flags = bpf_crypto_sig_get_flags,
> + .setkey = bpf_crypto_sig_setkey,
> + .owner = THIS_MODULE,
> + .name = "sig",
> +};
I think we have to introduce verify() callback here.
next prev parent reply other threads:[~2026-01-06 22:08 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-05 17:37 [PATCH bpf-next v4 0/6] Add cryptographic hash and signature verification kfuncs to BPF Daniel Hodges
2026-01-05 17:37 ` [PATCH bpf-next v4 1/6] crypto: Add BPF hash algorithm type registration module Daniel Hodges
2026-01-06 21:57 ` Vadim Fedorenko
2026-01-05 17:37 ` [PATCH bpf-next v4 2/6] crypto: Add BPF signature " Daniel Hodges
2026-01-06 22:08 ` Vadim Fedorenko [this message]
2026-01-05 17:37 ` [PATCH bpf-next v4 3/6] bpf: Add hash kfunc for cryptographic hashing Daniel Hodges
2026-01-06 22:12 ` Vadim Fedorenko
2026-01-05 17:37 ` [PATCH bpf-next v4 4/6] selftests/bpf: Add tests for bpf_crypto_hash kfunc Daniel Hodges
2026-01-05 17:37 ` [PATCH bpf-next v4 5/6] bpf: Add ECDSA signature verification kfuncs Daniel Hodges
2026-01-06 22:17 ` Vadim Fedorenko
2026-01-06 23:11 ` Vadim Fedorenko
2026-01-05 17:37 ` [PATCH bpf-next v4 6/6] selftests/bpf: Add tests for " Daniel Hodges
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ede58147-3bde-4408-9f69-d2d717b4ee40@linux.dev \
--to=vadim.fedorenko@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=eddyz87@gmail.com \
--cc=git@danielhodges.dev \
--cc=haoluo@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=yatsenko@meta.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox