Re: [PATCH bpf-next v4 2/6] crypto: Add BPF signature algorithm type registration module

Next message: Jonathan Corbet: "Re: [PATCH 0/3] kernel-hacking documentation cleanup"
Previous message: Shakeel Butt: "Re: [PATCH v2] mm/vmscan: mitigate spurious kswapd_failures reset from direct reclaim"
In reply to: Daniel Hodges: "[PATCH bpf-next v4 2/6] crypto: Add BPF signature algorithm type registration module"
Next in thread: Daniel Hodges: "[PATCH bpf-next v4 3/6] bpf: Add hash kfunc for cryptographic hashing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Vadim Fedorenko

Date: Tue Jan 06 2026 - 17:08:22 EST

On 05/01/2026 17:37, Daniel Hodges wrote:

Add a new bpf_crypto_sig module that registers signature verification
algorithms with the BPF crypto type system. This enables signature
operations (like ECDSA) to use the unified bpf_crypto_ctx structure
instead of requiring separate context types.

The module provides:
- alloc_tfm/free_tfm for crypto_sig transform lifecycle
- has_algo to check algorithm availability
- get_flags for crypto API flags

This allows ECDSA and other signature verification operations to
integrate with the existing BPF crypto infrastructure.

Signed-off-by: Daniel Hodges <git@xxxxxxxxxxxxxxxx>

[...]

+static int bpf_crypto_sig_setkey(void *tfm, const u8 *key, unsigned int keylen)
+{
+ return crypto_sig_set_pubkey(tfm, key, keylen);
+}

That effectively means that signature verification only is provided for
BPF programs? Do we plan to extend API to sign a buffer?

+
+static const struct bpf_crypto_type bpf_crypto_sig_type = {
+ .alloc_tfm = bpf_crypto_sig_alloc_tfm,
+ .free_tfm = bpf_crypto_sig_free_tfm,
+ .has_algo = bpf_crypto_sig_has_algo,
+ .get_flags = bpf_crypto_sig_get_flags,
+ .setkey = bpf_crypto_sig_setkey,
+ .owner = THIS_MODULE,
+ .name = "sig",
+};

I think we have to introduce verify() callback here.