Received: by 2002:a05:7412:b130:b0:e2:908c:2ebd with SMTP id az48csp1954345rdb; Sun, 19 Nov 2023 18:31:37 -0800 (PST) X-Google-Smtp-Source: AGHT+IGkE2Xbpn5xQ4taR1uyyumIRKIwxwcmeiwWUBDMCpybDNA5goowetzLz+iDLnUuoS05SRbt X-Received: by 2002:a05:6a20:9387:b0:188:f1dd:62a7 with SMTP id x7-20020a056a20938700b00188f1dd62a7mr5299428pzh.35.1700447497345; Sun, 19 Nov 2023 18:31:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700447497; cv=none; d=google.com; s=arc-20160816; b=yo75y5CaU8tfBuxZ20e8MA54YddtB609rArCjqCpQIWihzYOobC22zqeGgv40lbIBL XPa3oIlU2XvnKUWNWrZOQWNx+LZxlnkgIzCYk/rsakLSBkEcUTBMcAV2anrn2nCYY4Oo Hi/+fTPH+UG1jiPu3TG9HUAryecgfLRXWkg1+B5Jic8iY/1845YTgtkr92cQK3gnudM5 yT2ubo0yZlw1v9RFsughDIUOAixUmgSE0i8SjgljRVoh9nayAP/xz1GOgAPoChPoxwlj JAGq+AdKau/Ty/hmVmjtNKi2QIKhPxVVlmGTeWG/fJAjnlTA6WlmLwHWS1ABjYqrOHqQ 54Dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=umj4itHltkRsbkQLxGQmBEgTrbiiFmAkKZvhOW9+joE=; fh=tQBjE10fvMBuexszDbkazftFsdGcglkS4kikJYeaJK0=; b=cNA1ArqidMeWYb6WzxnkzMHlk7B8Tj6H0ltGqHIHt1fdRk+ihn0GL305jmfin46xjQ MkD6inUSs+dYbq+STDiQozlkqh00inMwRBccvH2Bds27N8BwpEbaj8v34+nhPvE2nvav 2rbE637aLpMWmMiqs6/cySYq0cIMwGWyfx2sCkhtU3EoCIFSmoM1RTacPqhJ3h1QsOTo jzuCan/EUEim4ccPQ2u+LxbGKV7XqfJsZK/xJU3GWBFOXlF6SkwW0Iy/eBqMiu2KFxO7 ErLhzrvXfLCTgOujSsRmU1dYVphva8HoUfw8UZaZzj2a2zI5Qwu/0CPoabAAFz/xSVhk YjEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=A1s5M8Qg; spf=pass (google.com: domain of linux-crypto+bounces-195-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-195-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id br4-20020a17090b0f0400b002839dee7fc2si5917892pjb.184.2023.11.19.18.31.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Nov 2023 18:31:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-195-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=A1s5M8Qg; spf=pass (google.com: domain of linux-crypto+bounces-195-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-195-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id C7DDD280BE9 for ; Mon, 20 Nov 2023 02:31:36 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 838011FC8 for ; Mon, 20 Nov 2023 02:31:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="A1s5M8Qg" X-Original-To: linux-crypto@vger.kernel.org Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0E3FB9; Sun, 19 Nov 2023 17:14:02 -0800 (PST) Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-4083f613272so14422425e9.1; Sun, 19 Nov 2023 17:14:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1700442841; x=1701047641; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=umj4itHltkRsbkQLxGQmBEgTrbiiFmAkKZvhOW9+joE=; b=A1s5M8Qg9GKNuQ9rq+7ybvAUGE0R+tqk7oqX5k8NPN06gGcf448frdF02HUa11kO6t BSaFE5QDIsEWsqSo0l2byfZMHKSukPs8BAMwl+O0DW8/3CwzKCocTB45UPykqsYpOraY z2f33zAhIMdhQQyR8zevqI/gpGJds1Sa4J0yccgEXPlLvimev/VBO1FQ0mAVwhZTOtQq uMhXF+/1U4Nb6k7tTmzZS7wE4qHOhm5I9fiqXwRQsa88klHhpZxu8MGPM0fe18blQp5F jfHOfbYT+Hb2iCvN3uWZzz0Cr31IG1PLkDFErudxCVbBZy3S7UmjWo7H4gq/V2it/tuf E+jQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700442841; x=1701047641; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=umj4itHltkRsbkQLxGQmBEgTrbiiFmAkKZvhOW9+joE=; b=bHQ118j6l1wga+SOp6TX3a/jAyq9b43K/Elgi70Tt0n3h5YGmV0xmhQtI8wL8zy85i szh6HMz8JsYZhyWN8db66wf46yomwTiZgLSWWWJKRJetnZkr1/eCsiHWiziwKbZSpZkJ LRs5NR3BuFJYn2exoJlsAn5joTX9eM6ve2ChA0VuBtzXxdKdkyPCJ65NDJh98CK7RHbU PfHIRQVHo5Roa9O8E/L20lCePtWDHkR9SSFji7/MW6Xk/d1vdKajJvd1uOuKQVbk0m8O ptZ7BouClrmxV5vRc+wdUx9hT7NvoGnIkvWBi4Jxb+/nyfi5CuDpCfH782UgbLwEQbOj WJ7w== X-Gm-Message-State: AOJu0YzrtMpBOXL9yO4HkIYj9+EYml0+wvo8/lRw230yataWUjn5iYis 0szahDa3OUK4AMHvCZyxmxrVHxuukEu87mMhnms= X-Received: by 2002:a5d:64e8:0:b0:332:c9e7:3d28 with SMTP id g8-20020a5d64e8000000b00332c9e73d28mr237114wri.10.1700442840452; Sun, 19 Nov 2023 17:14:00 -0800 (PST) Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20231118225451.2132137-1-vadfed@meta.com> <862c832a-da98-4bef-80ef-8294be1d4601@linux.dev> <312531ec-aba5-4050-b236-dc9b456c7280@linux.dev> In-Reply-To: From: Alexei Starovoitov Date: Sun, 19 Nov 2023 17:13:49 -0800 Message-ID: Subject: Re: [PATCH bpf-next v5 1/2] bpf: add skcipher API support to TC/XDP programs To: Vadim Fedorenko Cc: Vadim Fedorenko , Jakub Kicinski , Martin KaFai Lau , Andrii Nakryiko , Alexei Starovoitov , Mykola Lysenko , Herbert Xu , Network Development , Linux Crypto Mailing List , bpf Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, Nov 19, 2023 at 4:22=E2=80=AFPM Vadim Fedorenko wrote: > > On 19.11.2023 16:56, Alexei Starovoitov wrote: > > On Sat, Nov 18, 2023 at 3:46=E2=80=AFPM Vadim Fedorenko > > wrote: > >> > >> On 18/11/2023 18:35, Alexei Starovoitov wrote: > >>> On Sat, Nov 18, 2023 at 3:32=E2=80=AFPM Vadim Fedorenko > >>> wrote: > >>>> > >>>> On 18/11/2023 18:23, Alexei Starovoitov wrote: > >>>>> On Sat, Nov 18, 2023 at 2:55=E2=80=AFPM Vadim Fedorenko wrote: > >>>>>> > >>>>>> +/** > >>>>>> + * struct bpf_crypto_lskcipher_ctx - refcounted BPF sync skcipher= context structure > >>>>>> + * @tfm: The pointer to crypto_sync_skcipher struct. > >>>>>> + * @rcu: The RCU head used to free the crypto context with = RCU safety. > >>>>>> + * @usage: Object reference counter. When the refcount goes t= o 0, the > >>>>>> + * memory is released back to the BPF allocator, whic= h provides > >>>>>> + * RCU safety. > >>>>>> + */ > >>>>>> +struct bpf_crypto_lskcipher_ctx { > >>>>>> + struct crypto_lskcipher *tfm; > >>>>>> + struct rcu_head rcu; > >>>>>> + refcount_t usage; > >>>>>> +}; > >>>>>> + > >>>>>> +__bpf_kfunc_start_defs(); > >>>>>> + > >>>>>> +/** > >>>>>> + * bpf_crypto_lskcipher_ctx_create() - Create a mutable BPF crypt= o context. > >>>>> > >>>>> Let's drop 'lskcipher' from the kfunc names and ctx struct. > >>>>> bpf users don't need to know the internal implementation details. > >>>>> bpf_crypto_encrypt/decrypt() is clear enough. > >>>> > >>>> The only reason I added it was the existence of AEAD subset of crypt= o > >>>> API. And this subset can also be implemented in bpf later, and there > >>>> will be inconsistency in naming then if we add aead in future names. > >>>> WDYT? > >>> > >>> You mean future async apis ? Just bpf_crypto_encrypt_async() ? > >> > >> Well, not only async. It's about Authenticated Encryption With > >> Associated Data (AEAD) Cipher API defined in crypto/aead.h. It's > >> ciphers with additional hmac function, like > >> 'authenc(hmac(sha256),cbc(aes))'. It has very similar API with only > >> difference of having Authenticated data in the encrypted block. > > > > and ? I'm not following what you're trying to say. > > Where is the inconsistency ? > > My point again is that lskcipher vs skcipher vs foo is an implementatio= n > > detail that shouldn't be exposed in the name. > > Well, I was trying to follow crypto subsystem naming. It might be easier = for > users to understand what part of crypto API is supported by BPF kfuncs. > > At the same we can agree that current implementation will be used for sim= ple > buffer encryption/decryption and any further implementations will have ad= ditions > in the name of functions (like > bpf_crypto_aead_crypt/bpf_crypto_shash_final/bpf_crypto_scomp_compress). > It will be slightly inconsistent, but we will have to expose some impleme= ntation > details unfortunately. If you are ok with this way, I'm ok to implement i= t. but shash vs scomp is the name of the algo ? Didn't you use it as the 1st arg to bpf_crypto_create() ? Take a look at AF_ALG. It's able to express all kinds of cryptos through the same socket abstraction without creating a new name for every algo. Everything is read/write through the socket fd. In our case it will be bpf_crypto_encrypt/decrypt() kfuncs.