// SPDX-License-Identifier: GPL-2.0-only /* Copyright (c) 2024 Meta, Inc */ #include <linux/bpf.h> #include <linux/bpf_crypto.h> #include <linux/bpf_mem_alloc.h> #include <linux/btf.h> #include <linux/btf_ids.h> #include <linux/filter.h> #include <linux/scatterlist.h> #include <linux/skbuff.h> #include <crypto/skcipher.h> struct bpf_crypto_type_list { … }; /* BPF crypto initialization parameters struct */ /** * struct bpf_crypto_params - BPF crypto initialization parameters structure * @type: The string of crypto operation type. * @reserved: Reserved member, will be reused for more options in future * Values: * 0 * @algo: The string of algorithm to initialize. * @key: The cipher key used to init crypto algorithm. * @key_len: The length of cipher key. * @authsize: The length of authentication tag used by algorithm. */ struct bpf_crypto_params { … }; static LIST_HEAD(bpf_crypto_types); static DECLARE_RWSEM(bpf_crypto_types_sem); /** * struct bpf_crypto_ctx - refcounted BPF crypto context structure * @type: The pointer to bpf crypto type * @tfm: The pointer to instance of crypto API struct. * @siv_len: Size of IV and state storage for cipher * @rcu: The RCU head used to free the crypto context with RCU safety. * @usage: Object reference counter. When the refcount goes to 0, the * memory is released back to the BPF allocator, which provides * RCU safety. */ struct bpf_crypto_ctx { … }; int bpf_crypto_register_type(const struct bpf_crypto_type *type) { … } EXPORT_SYMBOL_GPL(…); int bpf_crypto_unregister_type(const struct bpf_crypto_type *type) { … } EXPORT_SYMBOL_GPL(…); static const struct bpf_crypto_type *bpf_crypto_get_type(const char *name) { … } __bpf_kfunc_start_defs(); /** * bpf_crypto_ctx_create() - Create a mutable BPF crypto context. * * Allocates a crypto context that can be used, acquired, and released by * a BPF program. The crypto context returned by this function must either * be embedded in a map as a kptr, or freed with bpf_crypto_ctx_release(). * As crypto API functions use GFP_KERNEL allocations, this function can * only be used in sleepable BPF programs. * * bpf_crypto_ctx_create() allocates memory for crypto context. * It may return NULL if no memory is available. * @params: pointer to struct bpf_crypto_params which contains all the * details needed to initialise crypto context. * @params__sz: size of steuct bpf_crypto_params usef by bpf program * @err: integer to store error code when NULL is returned. */ __bpf_kfunc struct bpf_crypto_ctx * bpf_crypto_ctx_create(const struct bpf_crypto_params *params, u32 params__sz, int *err) { … } static void crypto_free_cb(struct rcu_head *head) { … } /** * bpf_crypto_ctx_acquire() - Acquire a reference to a BPF crypto context. * @ctx: The BPF crypto context being acquired. The ctx must be a trusted * pointer. * * Acquires a reference to a BPF crypto context. The context returned by this function * must either be embedded in a map as a kptr, or freed with * bpf_crypto_ctx_release(). */ __bpf_kfunc struct bpf_crypto_ctx * bpf_crypto_ctx_acquire(struct bpf_crypto_ctx *ctx) { … } /** * bpf_crypto_ctx_release() - Release a previously acquired BPF crypto context. * @ctx: The crypto context being released. * * Releases a previously acquired reference to a BPF crypto context. When the final * reference of the BPF crypto context has been released, its memory * will be released. */ __bpf_kfunc void bpf_crypto_ctx_release(struct bpf_crypto_ctx *ctx) { … } static int bpf_crypto_crypt(const struct bpf_crypto_ctx *ctx, const struct bpf_dynptr_kern *src, const struct bpf_dynptr_kern *dst, const struct bpf_dynptr_kern *siv, bool decrypt) { … } /** * bpf_crypto_decrypt() - Decrypt buffer using configured context and IV provided. * @ctx: The crypto context being used. The ctx must be a trusted pointer. * @src: bpf_dynptr to the encrypted data. Must be a trusted pointer. * @dst: bpf_dynptr to the buffer where to store the result. Must be a trusted pointer. * @siv__nullable: bpf_dynptr to IV data and state data to be used by decryptor. May be NULL. * * Decrypts provided buffer using IV data and the crypto context. Crypto context must be configured. */ __bpf_kfunc int bpf_crypto_decrypt(struct bpf_crypto_ctx *ctx, const struct bpf_dynptr *src, const struct bpf_dynptr *dst, const struct bpf_dynptr *siv__nullable) { … } /** * bpf_crypto_encrypt() - Encrypt buffer using configured context and IV provided. * @ctx: The crypto context being used. The ctx must be a trusted pointer. * @src: bpf_dynptr to the plain data. Must be a trusted pointer. * @dst: bpf_dynptr to the buffer where to store the result. Must be a trusted pointer. * @siv__nullable: bpf_dynptr to IV data and state data to be used by decryptor. May be NULL. * * Encrypts provided buffer using IV data and the crypto context. Crypto context must be configured. */ __bpf_kfunc int bpf_crypto_encrypt(struct bpf_crypto_ctx *ctx, const struct bpf_dynptr *src, const struct bpf_dynptr *dst, const struct bpf_dynptr *siv__nullable) { … } __bpf_kfunc_end_defs(); BTF_KFUNCS_START(crypt_init_kfunc_btf_ids) BTF_ID_FLAGS(…) BTF_ID_FLAGS(…) BTF_ID_FLAGS(…) BTF_KFUNCS_END(…) static const struct btf_kfunc_id_set crypt_init_kfunc_set = …; BTF_KFUNCS_START(crypt_kfunc_btf_ids) BTF_ID_FLAGS(…) BTF_ID_FLAGS(…) BTF_KFUNCS_END(…) static const struct btf_kfunc_id_set crypt_kfunc_set = …; BTF_ID_LIST(bpf_crypto_dtor_ids) BTF_ID(…) BTF_ID(…) static int __init crypto_kfunc_init(void) { … } late_initcall(crypto_kfunc_init);
Codebase Browser
linux