[bpf-next,v10,0/4] BPF crypto API framework

Message

Vadim Fedorenko April 22, 2024, 10:50 p.m. UTC

This series introduces crypto kfuncs to make BPF programs able to
utilize kernel crypto subsystem. Crypto operations made pluggable to
avoid extensive growth of kernel when it's not needed. Only skcipher is
added within this series, but it can be easily extended to other types
of operations. No hardware offload supported as it needs sleepable
context which is not available for TX or XDP programs. At the same time
crypto context initialization kfunc can only run in sleepable context,
that's why it should be run separately and store the result in the map.

Selftests show the common way to implement crypto actions in BPF
programs. Benchmark is also added to have a baseline.

Vadim Fedorenko (4):
  bpf: make common crypto API for TC/XDP programs
  bpf: crypto: add skcipher to bpf crypto
  selftests: bpf: crypto skcipher algo selftests
  selftests: bpf: crypto: add benchmark for crypto functions

 MAINTAINERS                                   |   8 +
 crypto/Makefile                               |   3 +
 crypto/bpf_crypto_skcipher.c                  |  82 ++++
 include/linux/bpf.h                           |   1 +
 include/linux/bpf_crypto.h                    |  24 ++
 kernel/bpf/Makefile                           |   3 +
 kernel/bpf/crypto.c                           | 382 ++++++++++++++++++
 kernel/bpf/helpers.c                          |   2 +-
 kernel/bpf/verifier.c                         |   1 +
 tools/testing/selftests/bpf/Makefile          |   2 +
 tools/testing/selftests/bpf/bench.c           |   6 +
 .../selftests/bpf/benchs/bench_bpf_crypto.c   | 185 +++++++++
 tools/testing/selftests/bpf/config            |   5 +
 .../selftests/bpf/prog_tests/crypto_sanity.c  | 197 +++++++++
 .../selftests/bpf/progs/crypto_basic.c        |  68 ++++
 .../selftests/bpf/progs/crypto_bench.c        | 109 +++++
 .../selftests/bpf/progs/crypto_common.h       |  66 +++
 .../selftests/bpf/progs/crypto_sanity.c       | 169 ++++++++
 18 files changed, 1312 insertions(+), 1 deletion(-)
 create mode 100644 crypto/bpf_crypto_skcipher.c
 create mode 100644 include/linux/bpf_crypto.h
 create mode 100644 kernel/bpf/crypto.c
 create mode 100644 tools/testing/selftests/bpf/benchs/bench_bpf_crypto.c
 create mode 100644 tools/testing/selftests/bpf/prog_tests/crypto_sanity.c
 create mode 100644 tools/testing/selftests/bpf/progs/crypto_basic.c
 create mode 100644 tools/testing/selftests/bpf/progs/crypto_bench.c
 create mode 100644 tools/testing/selftests/bpf/progs/crypto_common.h
 create mode 100644 tools/testing/selftests/bpf/progs/crypto_sanity.c

Comments

patchwork-bot+netdevbpf@kernel.org April 24, 2024, 11:10 p.m. UTC | #1

Hello:

This series was applied to bpf/bpf-next.git (master)
by Martin KaFai Lau <martin.lau@kernel.org>:

On Mon, 22 Apr 2024 15:50:20 -0700 you wrote:
> This series introduces crypto kfuncs to make BPF programs able to
> utilize kernel crypto subsystem. Crypto operations made pluggable to
> avoid extensive growth of kernel when it's not needed. Only skcipher is
> added within this series, but it can be easily extended to other types
> of operations. No hardware offload supported as it needs sleepable
> context which is not available for TX or XDP programs. At the same time
> crypto context initialization kfunc can only run in sleepable context,
> that's why it should be run separately and store the result in the map.
> 
> [...]

Here is the summary with links:
  - [bpf-next,v10,1/4] bpf: make common crypto API for TC/XDP programs
    https://git.kernel.org/bpf/bpf-next/c/3e1c6f35409f
  - [bpf-next,v10,2/4] bpf: crypto: add skcipher to bpf crypto
    https://git.kernel.org/bpf/bpf-next/c/fda4f71282b2
  - [bpf-next,v10,3/4] selftests: bpf: crypto skcipher algo selftests
    https://git.kernel.org/bpf/bpf-next/c/91541ab192fc
  - [bpf-next,v10,4/4] selftests: bpf: crypto: add benchmark for crypto functions
    https://git.kernel.org/bpf/bpf-next/c/8000e627dc98

You are awesome, thank you!