bpf: crypto: add skcipher to bpf crypto

Implement skcipher crypto in BPF crypto framework.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Link: https://lore.kernel.org/r/20240422225024.2847039-3-vadfed@meta.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>

diff --git a/MAINTAINERS b/MAINTAINERS
index 6a233e1a3cf2e8b505a55b71911c31e9d554aaeb..c9f887fbb47751be1ed67141dbfc7a2dcc1588a8 100644 (file)
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3822,6 +3822,14 @@ F:       kernel/bpf/tnum.c
 F:     kernel/bpf/trampoline.c
 F:     kernel/bpf/verifier.c
 
+BPF [CRYPTO]
+M:     Vadim Fedorenko <vadim.fedorenko@linux.dev>
+L:     bpf@vger.kernel.org
+S:     Maintained
+F:     crypto/bpf_crypto_skcipher.c
+F:     include/linux/bpf_crypto.h
+F:     kernel/bpf/crypto.c
+
 BPF [DOCUMENTATION] (Related to Standardization)
 R:     David Vernet <void@manifault.com>
 L:     bpf@vger.kernel.org

diff --git a/crypto/Makefile b/crypto/Makefile
index 408f0a1f9ab91b84195a2b629d6704bc8c18db39..538124f8bf8a35d12adacfe6aeec6d5e08bcdc18 100644 (file)
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -20,6 +20,9 @@ crypto_skcipher-y += lskcipher.o
 crypto_skcipher-y += skcipher.o
 
 obj-$(CONFIG_CRYPTO_SKCIPHER2) += crypto_skcipher.o
+ifeq ($(CONFIG_BPF_SYSCALL),y)
+obj-$(CONFIG_CRYPTO_SKCIPHER2) += bpf_crypto_skcipher.o
+endif
 
 obj-$(CONFIG_CRYPTO_SEQIV) += seqiv.o
 obj-$(CONFIG_CRYPTO_ECHAINIV) += echainiv.o

diff --git a/crypto/bpf_crypto_skcipher.c b/crypto/bpf_crypto_skcipher.c
new file mode 100644 (file)
index 0000000..b5e6574
--- /dev/null
+++ b/crypto/bpf_crypto_skcipher.c
@@ -0,0 +1,82 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright (c) 2024 Meta, Inc */
+#include <linux/types.h>
+#include <linux/module.h>
+#include <linux/bpf_crypto.h>
+#include <crypto/skcipher.h>
+
+static void *bpf_crypto_lskcipher_alloc_tfm(const char *algo)
+{
+       return crypto_alloc_lskcipher(algo, 0, 0);
+}
+
+static void bpf_crypto_lskcipher_free_tfm(void *tfm)
+{
+       crypto_free_lskcipher(tfm);
+}
+
+static int bpf_crypto_lskcipher_has_algo(const char *algo)
+{
+       return crypto_has_skcipher(algo, CRYPTO_ALG_TYPE_LSKCIPHER, CRYPTO_ALG_TYPE_MASK);
+}
+
+static int bpf_crypto_lskcipher_setkey(void *tfm, const u8 *key, unsigned int keylen)
+{
+       return crypto_lskcipher_setkey(tfm, key, keylen);
+}
+
+static u32 bpf_crypto_lskcipher_get_flags(void *tfm)
+{
+       return crypto_lskcipher_get_flags(tfm);
+}
+
+static unsigned int bpf_crypto_lskcipher_ivsize(void *tfm)
+{
+       return crypto_lskcipher_ivsize(tfm);
+}
+
+static unsigned int bpf_crypto_lskcipher_statesize(void *tfm)
+{
+       return crypto_lskcipher_statesize(tfm);
+}
+
+static int bpf_crypto_lskcipher_encrypt(void *tfm, const u8 *src, u8 *dst,
+                                       unsigned int len, u8 *siv)
+{
+       return crypto_lskcipher_encrypt(tfm, src, dst, len, siv);
+}
+
+static int bpf_crypto_lskcipher_decrypt(void *tfm, const u8 *src, u8 *dst,
+                                       unsigned int len, u8 *siv)
+{
+       return crypto_lskcipher_decrypt(tfm, src, dst, len, siv);
+}
+
+static const struct bpf_crypto_type bpf_crypto_lskcipher_type = {
+       .alloc_tfm      = bpf_crypto_lskcipher_alloc_tfm,
+       .free_tfm       = bpf_crypto_lskcipher_free_tfm,
+       .has_algo       = bpf_crypto_lskcipher_has_algo,
+       .setkey         = bpf_crypto_lskcipher_setkey,
+       .encrypt        = bpf_crypto_lskcipher_encrypt,
+       .decrypt        = bpf_crypto_lskcipher_decrypt,
+       .ivsize         = bpf_crypto_lskcipher_ivsize,
+       .statesize      = bpf_crypto_lskcipher_statesize,
+       .get_flags      = bpf_crypto_lskcipher_get_flags,
+       .owner          = THIS_MODULE,
+       .name           = "skcipher",
+};
+
+static int __init bpf_crypto_skcipher_init(void)
+{
+       return bpf_crypto_register_type(&bpf_crypto_lskcipher_type);
+}
+
+static void __exit bpf_crypto_skcipher_exit(void)
+{
+       int err = bpf_crypto_unregister_type(&bpf_crypto_lskcipher_type);
+       WARN_ON_ONCE(err);
+}
+
+module_init(bpf_crypto_skcipher_init);
+module_exit(bpf_crypto_skcipher_exit);
+MODULE_LICENSE("GPL");