On Mon, Feb 2, 2026 at 6:48 AM Daniel Hodges <[email protected]> wrote: > > Add a bpf_crypto_sig module that registers signature verification > algorithms with the BPF crypto type system. This enables signature > operations (like ECDSA) to use the unified bpf_crypto_ctx structure. > > The module provides: > - alloc_tfm/free_tfm for crypto_sig transform lifecycle > - has_algo to check algorithm availability > - setkey for public key configuration > - verify for signature verification > - get_flags for crypto API flags > > Introduce bpf_sig_verify, bpf_sig_keysize, bpf_sig_digestsize, > and bpf_sig_maxsize kfuncs enabling BPF programs to verify digital > signatures using the kernel's crypto infrastructure. > > Add enum bpf_crypto_type_id for runtime type checking to ensure > operations are performed on the correct crypto context type. The enum > values are assigned to all crypto type modules (skcipher, hash, sig). > > The verify kfunc takes a crypto context (initialized with the sig > type and appropriate algorithm like "ecdsa-nist-p256"), a message > digest, and a signature. These kfuncs support any signature algorithm > registered with the crypto subsystem (e.g., ECDSA, RSA). > > Signed-off-by: Daniel Hodges <[email protected]> > --- > MAINTAINERS | 1 + > crypto/Makefile | 3 + > crypto/bpf_crypto_sig.c | 89 ++++++++++++++++++++++++++++ > include/linux/bpf_crypto.h | 4 ++ > kernel/bpf/crypto.c | 117 +++++++++++++++++++++++++++++++++++++ > 5 files changed, 214 insertions(+) > create mode 100644 crypto/bpf_crypto_sig.c
Other than the issue spotted by AI the patches look fine, but we need Ack from crypto maintainers. pw-bot: cr
