Re: [PATCH bpf-next v3 5/6] bpf: Add ECDSA signature verification kfuncs
From: Song Liu
Date: Tue Dec 16 2025 - 17:35:54 EST
On Mon, Dec 8, 2025 at 5:43 PM Daniel Hodges <git@xxxxxxxxxxxxxxxx> wrote:
>
> Add context-based ECDSA signature verification kfuncs:
> - bpf_ecdsa_ctx_create(): Creates reusable ECDSA context with public key
> - bpf_ecdsa_verify(): Verifies signatures using the context
> - bpf_ecdsa_ctx_acquire(): Increments context reference count
> - bpf_ecdsa_ctx_release(): Releases context with RCU safety
>
> The ECDSA implementation supports NIST curves (P-256, P-384, P-521) and
> uses the kernel's crypto_sig API. Public keys must be in uncompressed
> format (0x04 || x || y), and signatures are in r || s format.
>
> Signed-off-by: Daniel Hodges <git@xxxxxxxxxxxxxxxx>
> ---
> kernel/bpf/crypto.c | 230 ++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 230 insertions(+)
>
> diff --git a/kernel/bpf/crypto.c b/kernel/bpf/crypto.c
> index 47e6a43a46d4..138abe58e87e 100644
> --- a/kernel/bpf/crypto.c
> +++ b/kernel/bpf/crypto.c
> @@ -9,6 +9,7 @@
> #include <linux/scatterlist.h>
> #include <linux/skbuff.h>
> #include <crypto/skcipher.h>
> +#include <crypto/sig.h>
>
> struct bpf_crypto_type_list {
> const struct bpf_crypto_type *type;
> @@ -57,6 +58,21 @@ struct bpf_crypto_ctx {
> refcount_t usage;
> };
>
> +#if IS_ENABLED(CONFIG_CRYPTO_ECDSA)
> +/**
> + * struct bpf_ecdsa_ctx - refcounted BPF ECDSA context structure
> + * @tfm: The crypto_sig transform for ECDSA operations
> + * @rcu: The RCU head used to free the context with RCU safety
> + * @usage: Object reference counter. When the refcount goes to 0, the
> + * memory is released with RCU safety.
> + */
> +struct bpf_ecdsa_ctx {
> + struct crypto_sig *tfm;
> + struct rcu_head rcu;
> + refcount_t usage;
> +};
> +#endif
Can we use bpf_crypto_ctx for ECDSA?
Thanks,
Song