Re: [PATCH bpf-next 1/4] bpf: Add SHA hash kfuncs for cryptographic hashing

From: Vadim Fedorenko
Date: Tue Nov 18 2025 - 07:14:29 EST

Next message: Pratyush Yadav: "Re: [PATCH v4 0/5] mtd: spi-nor: micron-st: few clean up for micron spi nor chip"
Previous message: David Sterba: "Re: [PATCH v2] btrfs: simplify async csum synchronization"
In reply to: kernel test robot: "Re: [PATCH bpf-next 1/4] bpf: Add SHA hash kfuncs for cryptographic hashing"
Next in thread: kernel test robot: "Re: [PATCH bpf-next 1/4] bpf: Add SHA hash kfuncs for cryptographic hashing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 17/11/2025 21:13, Daniel Hodges wrote:

Add three new kfuncs for computing cryptographic hashes in BPF programs:
- bpf_sha256_hash(): Computes SHA-256 hash (32-byte output)
- bpf_sha384_hash(): Computes SHA-384 hash (48-byte output)
- bpf_sha512_hash(): Computes SHA-512 hash (64-byte output)

These kfuncs leverage the kernel's existing crypto library (sha256/sha384/
sha512 functions) and use bpf_dynptr for safe memory access without risk
of page faults. The functions validate input parameters including checking
for read-only output buffers and ensuring sufficient buffer sizes.

This enables BPF programs to compute cryptographic hashes for use cases
such as content verification, integrity checking, and data authentication.

Signed-off-by: Daniel Hodges <git@xxxxxxxxxxxxxxxx>

[...]

+#if IS_ENABLED(CONFIG_CRYPTO_LIB_SHA256)
+/**
+ * bpf_sha256_hash() - Compute SHA-256 hash using kernel crypto library
+ * @data: bpf_dynptr to the input data to hash. Must be a trusted pointer.
+ * @out: bpf_dynptr to the output buffer (must be at least 32 bytes). Must be a trusted pointer.
+ *
+ * Computes SHA-256 hash of the input data. Uses bpf_dynptr to ensure safe memory access
+ * without risk of page faults.
+ */
+__bpf_kfunc int bpf_sha256_hash(const struct bpf_dynptr *data, const struct bpf_dynptr *out)
+{
+ const struct bpf_dynptr_kern *data_kern = (struct bpf_dynptr_kern *)data;
+ const struct bpf_dynptr_kern *out_kern = (struct bpf_dynptr_kern *)out;
+ u32 data_len, out_len;
+ const u8 *data_ptr;
+ u8 *out_ptr;
+
+ if (__bpf_dynptr_is_rdonly(out_kern))
+ return -EINVAL;

__bpf_dynptr_data_rw() contains __bpf_dynptr_is_rdonly() check, no need
to do it again explicitly. This applies to all helpers

+
+ data_len = __bpf_dynptr_size(data_kern);
+ out_len = __bpf_dynptr_size(out_kern);
+
+ if (data_len == 0 || out_len < 32)
+ return -EINVAL;
+
+ data_ptr = __bpf_dynptr_data(data_kern, data_len);
+ if (!data_ptr)
+ return -EINVAL;
+
+ out_ptr = __bpf_dynptr_data_rw(out_kern, out_len);
+ if (!out_ptr)
+ return -EINVAL;
+
+ sha256(data_ptr, data_len, out_ptr);
+
+ return 0;
+}

Next message: Pratyush Yadav: "Re: [PATCH v4 0/5] mtd: spi-nor: micron-st: few clean up for micron spi nor chip"
Previous message: David Sterba: "Re: [PATCH v2] btrfs: simplify async csum synchronization"
In reply to: kernel test robot: "Re: [PATCH bpf-next 1/4] bpf: Add SHA hash kfuncs for cryptographic hashing"
Next in thread: kernel test robot: "Re: [PATCH bpf-next 1/4] bpf: Add SHA hash kfuncs for cryptographic hashing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]