diff mbox series

[bpf-next,v7,2/3] bpf: crypto: add skcipher to bpf crypto

Message ID 20231202010604.1877561-2-vadfed@meta.com (mailing list archive)
State Not Applicable
Delegated to: Herbert Xu
Headers show
Series [bpf-next,v7,1/3] bpf: make common crypto API for TC/XDP programs | expand

Commit Message

Vadim Fedorenko Dec. 2, 2023, 1:06 a.m. UTC
Implement skcipher crypto in BPF crypto framework.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
---
v6 - v7:
- style issues
v6:
- introduce new file
---
 kernel/bpf/Makefile          |  3 ++
 kernel/bpf/crypto_skcipher.c | 76 ++++++++++++++++++++++++++++++++++++
 2 files changed, 79 insertions(+)
 create mode 100644 kernel/bpf/crypto_skcipher.c

Comments

Herbert Xu Dec. 2, 2023, 3:52 a.m. UTC | #1
On Fri, Dec 01, 2023 at 05:06:03PM -0800, Vadim Fedorenko wrote:
>
> +static int bpf_crypto_lskcipher_encrypt(void *tfm, const u8 *src, u8 *dst,
> +					unsigned int len, u8 *iv)
> +{
> +	return crypto_lskcipher_encrypt(tfm, src, dst, len, iv);
> +}

Please note that the API has been updated and the iv field is now
the siv.  For algorithms with a non-zero statesize, that means that
the IV must be followed by enough memory to store the internal state,
i.e., crypto_lskcipher_statesize(tfm).

Thanks,
Vadim Fedorenko Dec. 3, 2023, 8 p.m. UTC | #2
On 02.12.2023 03:52, Herbert Xu wrote:
> On Fri, Dec 01, 2023 at 05:06:03PM -0800, Vadim Fedorenko wrote:
>>
>> +static int bpf_crypto_lskcipher_encrypt(void *tfm, const u8 *src, u8 *dst,
>> +					unsigned int len, u8 *iv)
>> +{
>> +	return crypto_lskcipher_encrypt(tfm, src, dst, len, iv);
>> +}
> 
> Please note that the API has been updated and the iv field is now
> the siv.  For algorithms with a non-zero statesize, that means that
> the IV must be followed by enough memory to store the internal state,
> i.e., crypto_lskcipher_statesize(tfm).
> 
> Thanks,

Hi Herbert!

Thanks for the reminder. I have read v3 of your patchset and AFAIU only arc4
is affected right now. All other algorithms still have statesize=0, so should
work without any changes. I'll make a TODO note for myself to add state size
check in bpf_crypto part once different trees are merged during merge window.

Am I right that it only affects skcipher and AEAD crypto will not be changed?

Thanks,
Vadim
diff mbox series

Patch

diff --git a/kernel/bpf/Makefile b/kernel/bpf/Makefile
index bcde762bb2c2..f4827bb72bee 100644
--- a/kernel/bpf/Makefile
+++ b/kernel/bpf/Makefile
@@ -43,6 +43,9 @@  obj-${CONFIG_BPF_LSM} += bpf_lsm.o
 endif
 ifeq ($(CONFIG_CRYPTO),y)
 obj-$(CONFIG_BPF_SYSCALL) += crypto.o
+ifeq ($(CONFIG_CRYPTO_SKCIPHER),y)
+obj-$(CONFIG_BPF_SYSCALL) += crypto_skcipher.o
+endif
 endif
 obj-$(CONFIG_BPF_PRELOAD) += preload/
 
diff --git a/kernel/bpf/crypto_skcipher.c b/kernel/bpf/crypto_skcipher.c
new file mode 100644
index 000000000000..d036eb64c1e2
--- /dev/null
+++ b/kernel/bpf/crypto_skcipher.c
@@ -0,0 +1,76 @@ 
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright (c) 2023 Meta, Inc */
+#include <linux/types.h>
+#include <linux/module.h>
+#include <linux/bpf_crypto.h>
+#include <crypto/skcipher.h>
+
+static void *bpf_crypto_lskcipher_alloc_tfm(const char *algo)
+{
+	return crypto_alloc_lskcipher(algo, 0, 0);
+}
+
+static void bpf_crypto_lskcipher_free_tfm(void *tfm)
+{
+	crypto_free_lskcipher(tfm);
+}
+
+static int bpf_crypto_lskcipher_has_algo(const char *algo)
+{
+	return crypto_has_skcipher(algo, CRYPTO_ALG_TYPE_LSKCIPHER, CRYPTO_ALG_TYPE_MASK);
+}
+
+static int bpf_crypto_lskcipher_setkey(void *tfm, const u8 *key, unsigned int keylen)
+{
+	return crypto_lskcipher_setkey(tfm, key, keylen);
+}
+
+static u32 bpf_crypto_lskcipher_get_flags(void *tfm)
+{
+	return crypto_lskcipher_get_flags(tfm);
+}
+
+static unsigned int bpf_crypto_lskcipher_ivsize(void *tfm)
+{
+	return crypto_lskcipher_ivsize(tfm);
+}
+
+static int bpf_crypto_lskcipher_encrypt(void *tfm, const u8 *src, u8 *dst,
+					unsigned int len, u8 *iv)
+{
+	return crypto_lskcipher_encrypt(tfm, src, dst, len, iv);
+}
+
+static int bpf_crypto_lskcipher_decrypt(void *tfm, const u8 *src, u8 *dst,
+					unsigned int len, u8 *iv)
+{
+	return crypto_lskcipher_decrypt(tfm, src, dst, len, iv);
+}
+
+static const struct bpf_crypto_type bpf_crypto_lskcipher_type = {
+	.alloc_tfm	= bpf_crypto_lskcipher_alloc_tfm,
+	.free_tfm	= bpf_crypto_lskcipher_free_tfm,
+	.has_algo	= bpf_crypto_lskcipher_has_algo,
+	.setkey		= bpf_crypto_lskcipher_setkey,
+	.encrypt	= bpf_crypto_lskcipher_encrypt,
+	.decrypt	= bpf_crypto_lskcipher_decrypt,
+	.ivsize		= bpf_crypto_lskcipher_ivsize,
+	.get_flags	= bpf_crypto_lskcipher_get_flags,
+	.owner		= THIS_MODULE,
+	.name		= "skcipher",
+};
+
+static int __init bpf_crypto_skcipher_init(void)
+{
+	return bpf_crypto_register_type(&bpf_crypto_lskcipher_type);
+}
+
+static void __exit bpf_crypto_skcipher_exit(void)
+{
+	int err = bpf_crypto_unregister_type(&bpf_crypto_lskcipher_type);
+	WARN_ON_ONCE(err);
+}
+
+module_init(bpf_crypto_skcipher_init);
+module_exit(bpf_crypto_skcipher_exit);
+MODULE_LICENSE("GPL");