On 05/01/2026 17:37, Daniel Hodges wrote:
Add a new bpf_crypto_sig module that registers signature verification
algorithms with the BPF crypto type system. This enables signature
operations (like ECDSA) to use the unified bpf_crypto_ctx structure
instead of requiring separate context types.
The module provides:
- alloc_tfm/free_tfm for crypto_sig transform lifecycle
- has_algo to check algorithm availability
- get_flags for crypto API flags
This allows ECDSA and other signature verification operations to
integrate with the existing BPF crypto infrastructure.
Signed-off-by: Daniel Hodges <[email protected]>
[...]
+static int bpf_crypto_sig_setkey(void *tfm, const u8 *key, unsigned int keylen)
+{
+ return crypto_sig_set_pubkey(tfm, key, keylen);
+}
That effectively means that signature verification only is provided for
BPF programs? Do we plan to extend API to sign a buffer?
+
+static const struct bpf_crypto_type bpf_crypto_sig_type = {
+ .alloc_tfm = bpf_crypto_sig_alloc_tfm,
+ .free_tfm = bpf_crypto_sig_free_tfm,
+ .has_algo = bpf_crypto_sig_has_algo,
+ .get_flags = bpf_crypto_sig_get_flags,
+ .setkey = bpf_crypto_sig_setkey,
+ .owner = THIS_MODULE,
+ .name = "sig",
+};
I think we have to introduce verify() callback here.
