On 05/01/2026 17:37, Daniel Hodges wrote:
Add a new bpf_crypto_sig module that registers signature verification algorithms with the BPF crypto type system. This enables signature operations (like ECDSA) to use the unified bpf_crypto_ctx structure instead of requiring separate context types.
The module provides:
- alloc_tfm/free_tfm for crypto_sig transform lifecycle
- has_algo to check algorithm availability
- get_flags for crypto API flags
This allows ECDSA and other signature verification operations to integrate with the existing BPF crypto infrastructure.
Signed-off-by: Daniel Hodges git@danielhodges.dev
[...]
+static int bpf_crypto_sig_setkey(void *tfm, const u8 *key, unsigned int keylen) +{
- return crypto_sig_set_pubkey(tfm, key, keylen);
+}
That effectively means that signature verification only is provided for BPF programs? Do we plan to extend API to sign a buffer?
+static const struct bpf_crypto_type bpf_crypto_sig_type = {
- .alloc_tfm = bpf_crypto_sig_alloc_tfm,
- .free_tfm = bpf_crypto_sig_free_tfm,
- .has_algo = bpf_crypto_sig_has_algo,
- .get_flags = bpf_crypto_sig_get_flags,
- .setkey = bpf_crypto_sig_setkey,
- .owner = THIS_MODULE,
- .name = "sig",
+};
I think we have to introduce verify() callback here.