Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp2596110lqt; Mon, 22 Apr 2024 16:02:06 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUaZmKFPE/d/D8Bc+Uw83eG3IwfR19/kML5VtJyh+4tQVReP6NSErOl5u84wEfipyxUxYR9dzOsjnYJZ4/P4U8xnq4+xZHlpVRH2GRMbg== X-Google-Smtp-Source: AGHT+IHla9YLDn1Bwil465PG06uZkIA1Tu6R/dpsp0KIJLuRjAgAg24UpKbk43YUpkkJtLmCdarp X-Received: by 2002:a2e:b0c8:0:b0:2dd:cd88:dda6 with SMTP id g8-20020a2eb0c8000000b002ddcd88dda6mr2123934ljl.9.1713826926144; Mon, 22 Apr 2024 16:02:06 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713826926; cv=pass; d=google.com; s=arc-20160816; b=HhgQ0CqrVvdWTInn4Km1wpOFP9mVtoXx5hI6TS+8Gmimg/NL3x9YDdIAwdvFCnjBZ+ dlSRAmkqt8NVhzl8MYoF0wAx1QMFd/j2sYEwR3GRhaCXybxTC5hmui8YXrpD/lBhq6Xm +ciWXflk9+V6h482soLJExAFOYtzfexxeLZe3sGIfqfhYCa2YiRBW2jaMCkKzDZNcyJQ i7RgK4QwegJ4F8mZLCfCf2AjmVoLiSIhN8zcEW1VSs4EKmiV2MAVZJYYFAorJ2mfGtXC S7XmjxjGQON3cikpRR+6ep34wFsLf7orAQdtwdyR/o5ns87PQTKZ46c6FBfe7ttUJwsa tcgw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=sxCnj8uVkTCLWrUMogvvVrBmQMrM8FNh8SH6NvLuXlA=; fh=M0rEmD0Pic9jtX/RYmPDdUZgtiGxFo1iVCR6SQNjyx0=; b=XahzU34GZilkgPCTnIfvEyws3yUdFkz0nW7CqWIxAnM5kY/jkHo6SnYCDuwt4qvZN9 aH3kJIt1uQRWIk5DQYNQ/45pvw0FwraO7VUuGoFTtejYrAZxwA2i5cWMw1KTdECBrbPs ApduQcfhIZ895itsqRKS6CIyfyonx9UKxJJooDKlmnUUDgFjhDQ4+0Gd95edTo/uNXbc /AhA/SqKmrJhYSGgViC5V867b5DD4VT39+X4Q1UVpLq00AX8mmY97U9yeAMtO/RXSyBv ZYLTa1hKkK16oxWhUyjw4JLKZ94qo2i4DQglYtZzBz6PddVKk1YFK2nwxtkwONOXZEaM 25ow==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@meta.com header.s=s2048-2021-q4 header.b=WkaMrshx; arc=pass (i=1 spf=pass spfdomain=meta.com dkim=pass dkdomain=meta.com dmarc=pass fromdomain=meta.com); spf=pass (google.com: domain of linux-crypto+bounces-3777-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3777-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=meta.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id c44-20020a509faf000000b0056e04471e4bsi6290842edf.221.2024.04.22.16.02.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Apr 2024 16:02:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-3777-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@meta.com header.s=s2048-2021-q4 header.b=WkaMrshx; arc=pass (i=1 spf=pass spfdomain=meta.com dkim=pass dkdomain=meta.com dmarc=pass fromdomain=meta.com); spf=pass (google.com: domain of linux-crypto+bounces-3777-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3777-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=meta.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id B86D71F217CE for ; Mon, 22 Apr 2024 23:02:00 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 52CAF3DB91; Mon, 22 Apr 2024 22:50:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=meta.com header.i=@meta.com header.b="WkaMrshx" X-Original-To: linux-crypto@vger.kernel.org Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 98BC03D3A5; Mon, 22 Apr 2024 22:50:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=67.231.145.42 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713826245; cv=none; b=kOgdJVrb2pfYFljaHIVhsdl0oP+bd9JlhSoLwsvmJwR4oGdIOgdbSWZ/NFmRmfcHJjq4ppJd2/SeYc3TJtKocfsJxuA2SZq88/OgUNIv+etrXF7Deaa8t0EDGDuLkC2zW0iyt0TPyTDAVTG9FIVWY+0PRGIOWrRTjWqNaN0y07w= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713826245; c=relaxed/simple; bh=DUMOW1vrHtmHaun9Jna8/l48KWmYzjUqd/GG0hSDeac=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=G01izgE6IzdhN44hnXn7Arsz1u3D240zPeubZcZgtOK349GYbCyJEnfOYONpw/jBSYshPaAWBTWwgsHl8OIQPEGiU0AODZNMYHTxO24/prnfV4keRQdikqC0CNNOHNFLv24sfsLsVtnREd0AT/0v4mbFxWu2rM5KPCtx6Xzf3MI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=meta.com; spf=pass smtp.mailfrom=meta.com; dkim=pass (2048-bit key) header.d=meta.com header.i=@meta.com header.b=WkaMrshx; arc=none smtp.client-ip=67.231.145.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=meta.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=meta.com Received: from pps.filterd (m0109333.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 43MKgpqJ017890; Mon, 22 Apr 2024 15:50:35 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding : content-type; s=s2048-2021-q4; bh=sxCnj8uVkTCLWrUMogvvVrBmQMrM8FNh8SH6NvLuXlA=; b=WkaMrshxmD/k5HjbH+i8uXQ3Axv4wXPVb1N4a6Oy2vAcXv/PkWy601qPDKAtfwluqQgP z19zi1e2WNNT9upmposHzsE5mS47hU1qUORWALi2e2m/ee1juyMmt5Vly9MlShNErV0o HByYOAMPnOE5agz2UN5Q9Fvpaiew+KDevRMCXy3KLIvmLEWhmwbluTJpEooqmVc1gSaL Ep/qSik/X0807DUYk7HvYmqMoPWbHIFTeRa3E7lbA+NzUYEGPqU9vIVI6hgCd+tlNJ+R kPYDEfWXi6evR5hkeiSKke2STj0FZX31rGJHb/9IJlkLqWV0K6Zs68m6+AuVxm84YS70 IA== Received: from mail.thefacebook.com ([163.114.132.120]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 3xm9rpb7p1-9 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 22 Apr 2024 15:50:35 -0700 Received: from devvm4158.cln0.facebook.com (2620:10d:c085:208::11) by mail.thefacebook.com (2620:10d:c085:11d::8) with Microsoft SMTP Server id 15.1.2507.35; Mon, 22 Apr 2024 22:50:31 +0000 From: Vadim Fedorenko To: Vadim Fedorenko , Jakub Kicinski , Martin KaFai Lau , Andrii Nakryiko , Alexei Starovoitov , Mykola Lysenko , Herbert Xu CC: Vadim Fedorenko , , , Subject: [PATCH bpf-next v10 0/4] BPF crypto API framework Date: Mon, 22 Apr 2024 15:50:20 -0700 Message-ID: <20240422225024.2847039-1-vadfed@meta.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: AXxxfu64EjACAm1mI7yfFZlxxIPAmQ5c X-Proofpoint-ORIG-GUID: AXxxfu64EjACAm1mI7yfFZlxxIPAmQ5c X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-22_16,2024-04-22_01,2023-05-22_02 This series introduces crypto kfuncs to make BPF programs able to utilize kernel crypto subsystem. Crypto operations made pluggable to avoid extensive growth of kernel when it's not needed. Only skcipher is added within this series, but it can be easily extended to other types of operations. No hardware offload supported as it needs sleepable context which is not available for TX or XDP programs. At the same time crypto context initialization kfunc can only run in sleepable context, that's why it should be run separately and store the result in the map. Selftests show the common way to implement crypto actions in BPF programs. Benchmark is also added to have a baseline. Vadim Fedorenko (4): bpf: make common crypto API for TC/XDP programs bpf: crypto: add skcipher to bpf crypto selftests: bpf: crypto skcipher algo selftests selftests: bpf: crypto: add benchmark for crypto functions MAINTAINERS | 8 + crypto/Makefile | 3 + crypto/bpf_crypto_skcipher.c | 82 ++++ include/linux/bpf.h | 1 + include/linux/bpf_crypto.h | 24 ++ kernel/bpf/Makefile | 3 + kernel/bpf/crypto.c | 382 ++++++++++++++++++ kernel/bpf/helpers.c | 2 +- kernel/bpf/verifier.c | 1 + tools/testing/selftests/bpf/Makefile | 2 + tools/testing/selftests/bpf/bench.c | 6 + .../selftests/bpf/benchs/bench_bpf_crypto.c | 185 +++++++++ tools/testing/selftests/bpf/config | 5 + .../selftests/bpf/prog_tests/crypto_sanity.c | 197 +++++++++ .../selftests/bpf/progs/crypto_basic.c | 68 ++++ .../selftests/bpf/progs/crypto_bench.c | 109 +++++ .../selftests/bpf/progs/crypto_common.h | 66 +++ .../selftests/bpf/progs/crypto_sanity.c | 169 ++++++++ 18 files changed, 1312 insertions(+), 1 deletion(-) create mode 100644 crypto/bpf_crypto_skcipher.c create mode 100644 include/linux/bpf_crypto.h create mode 100644 kernel/bpf/crypto.c create mode 100644 tools/testing/selftests/bpf/benchs/bench_bpf_crypto.c create mode 100644 tools/testing/selftests/bpf/prog_tests/crypto_sanity.c create mode 100644 tools/testing/selftests/bpf/progs/crypto_basic.c create mode 100644 tools/testing/selftests/bpf/progs/crypto_bench.c create mode 100644 tools/testing/selftests/bpf/progs/crypto_common.h create mode 100644 tools/testing/selftests/bpf/progs/crypto_sanity.c -- 2.43.0