[bpf-next,v8,2/3] bpf: crypto: add skcipher to bpf crypto

Commit Message

Vadim Fedorenko Jan. 15, 2024, 10:08 p.m. UTC

Implement skcipher crypto in BPF crypto framework.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
---
v7 -> v8:
- Move bpf_crypto_skcipher.c to crypto and make it part of
  skcipher module. This way looks more natural and makes bpf crypto
  proper modular. MAINTAINERS files is adjusted to make bpf part
  belong to BPF maintainers.
v6 - v7:
- style issues
v6:
- introduce new file
---
 MAINTAINERS                  |  8 ++++
 crypto/Makefile              |  3 ++
 crypto/bpf_crypto_skcipher.c | 82 ++++++++++++++++++++++++++++++++++++
 3 files changed, 93 insertions(+)
 create mode 100644 crypto/bpf_crypto_skcipher.c

Comments

Martin KaFai Lau Jan. 25, 2024, 1:14 a.m. UTC | #1

On 1/15/24 2:08 PM, Vadim Fedorenko wrote:
> Implement skcipher crypto in BPF crypto framework.
> 
> Signed-off-by: Vadim Fedorenko<vadfed@meta.com>
> ---
> v7 -> v8:
> - Move bpf_crypto_skcipher.c to crypto and make it part of
>    skcipher module. This way looks more natural and makes bpf crypto
>    proper modular. MAINTAINERS files is adjusted to make bpf part
>    belong to BPF maintainers.
> v6 - v7:
> - style issues
> v6:
> - introduce new file
> ---
>   MAINTAINERS                  |  8 ++++
>   crypto/Makefile              |  3 ++
>   crypto/bpf_crypto_skcipher.c | 82 ++++++++++++++++++++++++++++++++++++

The changes are mostly isolated to the new bpf_crypto_skcipher.c file addition 
to the crypto/ but still will be helpful to get an Ack from the crypto 
maintainers (Herbert?).

Herbert Xu Jan. 25, 2024, 9:24 a.m. UTC | #2

On Wed, Jan 24, 2024 at 05:14:56PM -0800, Martin KaFai Lau wrote:
> On 1/15/24 2:08 PM, Vadim Fedorenko wrote:
> > Implement skcipher crypto in BPF crypto framework.
> > 
> > Signed-off-by: Vadim Fedorenko<vadfed@meta.com>
> > ---
> > v7 -> v8:
> > - Move bpf_crypto_skcipher.c to crypto and make it part of
> >    skcipher module. This way looks more natural and makes bpf crypto
> >    proper modular. MAINTAINERS files is adjusted to make bpf part
> >    belong to BPF maintainers.
> > v6 - v7:
> > - style issues
> > v6:
> > - introduce new file
> > ---
> >   MAINTAINERS                  |  8 ++++
> >   crypto/Makefile              |  3 ++
> >   crypto/bpf_crypto_skcipher.c | 82 ++++++++++++++++++++++++++++++++++++
> 
> The changes are mostly isolated to the new bpf_crypto_skcipher.c file
> addition to the crypto/ but still will be helpful to get an Ack from the
> crypto maintainers (Herbert?).

Looks good to me.

Acked-by: Herbert Xu <herbert@gondor.apana.org.au>

Thanks,

Patch

diff --git a/MAINTAINERS b/MAINTAINERS
index c36618d4659e..ae788357c56d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3753,6 +3753,14 @@  F:	kernel/bpf/tnum.c
 F:	kernel/bpf/trampoline.c
 F:	kernel/bpf/verifier.c
 
+BPF [CRYPTO]
+M:	Vadim Fedorenko <vadim.fedorenko@linux.dev>
+L:	bpf@vger.kernel.org
+S:	Maintained
+F:	crypto/bpf_crypto_skcipher.c
+F:	include/linux/bpf_crypto.h
+F:	kernel/bpf/crypto.c
+
 BPF [DOCUMENTATION] (Related to Standardization)
 R:	David Vernet <void@manifault.com>
 L:	bpf@vger.kernel.org
diff --git a/crypto/Makefile b/crypto/Makefile
index 408f0a1f9ab9..538124f8bf8a 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -20,6 +20,9 @@  crypto_skcipher-y += lskcipher.o
 crypto_skcipher-y += skcipher.o
 
 obj-$(CONFIG_CRYPTO_SKCIPHER2) += crypto_skcipher.o
+ifeq ($(CONFIG_BPF_SYSCALL),y)
+obj-$(CONFIG_CRYPTO_SKCIPHER2) += bpf_crypto_skcipher.o
+endif
 
 obj-$(CONFIG_CRYPTO_SEQIV) += seqiv.o
 obj-$(CONFIG_CRYPTO_ECHAINIV) += echainiv.o
diff --git a/crypto/bpf_crypto_skcipher.c b/crypto/bpf_crypto_skcipher.c
new file mode 100644
index 000000000000..e0b32cf7f002
--- /dev/null
+++ b/crypto/bpf_crypto_skcipher.c
@@ -0,0 +1,82 @@ 
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright (c) 2023 Meta, Inc */
+#include <linux/types.h>
+#include <linux/module.h>
+#include <linux/bpf_crypto.h>
+#include <crypto/skcipher.h>
+
+static void *bpf_crypto_lskcipher_alloc_tfm(const char *algo)
+{
+	return crypto_alloc_lskcipher(algo, 0, 0);
+}
+
+static void bpf_crypto_lskcipher_free_tfm(void *tfm)
+{
+	crypto_free_lskcipher(tfm);
+}
+
+static int bpf_crypto_lskcipher_has_algo(const char *algo)
+{
+	return crypto_has_skcipher(algo, CRYPTO_ALG_TYPE_LSKCIPHER, CRYPTO_ALG_TYPE_MASK);
+}
+
+static int bpf_crypto_lskcipher_setkey(void *tfm, const u8 *key, unsigned int keylen)
+{
+	return crypto_lskcipher_setkey(tfm, key, keylen);
+}
+
+static u32 bpf_crypto_lskcipher_get_flags(void *tfm)
+{
+	return crypto_lskcipher_get_flags(tfm);
+}
+
+static unsigned int bpf_crypto_lskcipher_ivsize(void *tfm)
+{
+	return crypto_lskcipher_ivsize(tfm);
+}
+
+static unsigned int bpf_crypto_lskcipher_statesize(void *tfm)
+{
+	return crypto_lskcipher_statesize(tfm);
+}
+
+static int bpf_crypto_lskcipher_encrypt(void *tfm, const u8 *src, u8 *dst,
+					unsigned int len, u8 *siv)
+{
+	return crypto_lskcipher_encrypt(tfm, src, dst, len, siv);
+}
+
+static int bpf_crypto_lskcipher_decrypt(void *tfm, const u8 *src, u8 *dst,
+					unsigned int len, u8 *siv)
+{
+	return crypto_lskcipher_decrypt(tfm, src, dst, len, siv);
+}
+
+static const struct bpf_crypto_type bpf_crypto_lskcipher_type = {
+	.alloc_tfm	= bpf_crypto_lskcipher_alloc_tfm,
+	.free_tfm	= bpf_crypto_lskcipher_free_tfm,
+	.has_algo	= bpf_crypto_lskcipher_has_algo,
+	.setkey		= bpf_crypto_lskcipher_setkey,
+	.encrypt	= bpf_crypto_lskcipher_encrypt,
+	.decrypt	= bpf_crypto_lskcipher_decrypt,
+	.ivsize		= bpf_crypto_lskcipher_ivsize,
+	.statesize	= bpf_crypto_lskcipher_statesize,
+	.get_flags	= bpf_crypto_lskcipher_get_flags,
+	.owner		= THIS_MODULE,
+	.name		= "skcipher",
+};
+
+static int __init bpf_crypto_skcipher_init(void)
+{
+	return bpf_crypto_register_type(&bpf_crypto_lskcipher_type);
+}
+
+static void __exit bpf_crypto_skcipher_exit(void)
+{
+	int err = bpf_crypto_unregister_type(&bpf_crypto_lskcipher_type);
+	WARN_ON_ONCE(err);
+}
+
+module_init(bpf_crypto_skcipher_init);
+module_exit(bpf_crypto_skcipher_exit);
+MODULE_LICENSE("GPL");