On Wed, Dec 17, 2025 at 07:35:22AM +0900, Song Liu wrote:
On Mon, Dec 8, 2025 at 5:43 PM Daniel Hodges git@danielhodges.dev wrote:
Add context-based ECDSA signature verification kfuncs:
- bpf_ecdsa_ctx_create(): Creates reusable ECDSA context with public key
- bpf_ecdsa_verify(): Verifies signatures using the context
- bpf_ecdsa_ctx_acquire(): Increments context reference count
- bpf_ecdsa_ctx_release(): Releases context with RCU safety
The ECDSA implementation supports NIST curves (P-256, P-384, P-521) and uses the kernel's crypto_sig API. Public keys must be in uncompressed format (0x04 || x || y), and signatures are in r || s format.
Signed-off-by: Daniel Hodges git@danielhodges.dev
kernel/bpf/crypto.c | 230 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 230 insertions(+)
diff --git a/kernel/bpf/crypto.c b/kernel/bpf/crypto.c index 47e6a43a46d4..138abe58e87e 100644 --- a/kernel/bpf/crypto.c +++ b/kernel/bpf/crypto.c @@ -9,6 +9,7 @@ #include <linux/scatterlist.h> #include <linux/skbuff.h> #include <crypto/skcipher.h> +#include <crypto/sig.h>
struct bpf_crypto_type_list { const struct bpf_crypto_type *type; @@ -57,6 +58,21 @@ struct bpf_crypto_ctx { refcount_t usage; };
+#if IS_ENABLED(CONFIG_CRYPTO_ECDSA) +/**
- struct bpf_ecdsa_ctx - refcounted BPF ECDSA context structure
- @tfm: The crypto_sig transform for ECDSA operations
- @rcu: The RCU head used to free the context with RCU safety
- @usage: Object reference counter. When the refcount goes to 0, the
memory is released with RCU safety.- */
+struct bpf_ecdsa_ctx {
struct crypto_sig *tfm;struct rcu_head rcu;refcount_t usage;+}; +#endif
Can we use bpf_crypto_ctx for ECDSA?
Thanks, Song
Sure thing!
-Daniel