forked from mirrors/linux
3e1c6f3540
Add crypto API support to BPF to be able to decrypt or encrypt packets in TC/XDP BPF programs. Special care should be taken for initialization part of crypto algo because crypto alloc) doesn't work with preemtion disabled, it can be run only in sleepable BPF program. Also async crypto is not supported because of the very same issue - TC/XDP BPF programs are not sleepable. Signed-off-by: Vadim Fedorenko <vadfed@meta.com> Link: https://lore.kernel.org/r/20240422225024.2847039-2-vadfed@meta.com Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
24 lines
865 B
C
24 lines
865 B
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */
|
|
#ifndef _BPF_CRYPTO_H
|
|
#define _BPF_CRYPTO_H
|
|
|
|
struct bpf_crypto_type {
|
|
void *(*alloc_tfm)(const char *algo);
|
|
void (*free_tfm)(void *tfm);
|
|
int (*has_algo)(const char *algo);
|
|
int (*setkey)(void *tfm, const u8 *key, unsigned int keylen);
|
|
int (*setauthsize)(void *tfm, unsigned int authsize);
|
|
int (*encrypt)(void *tfm, const u8 *src, u8 *dst, unsigned int len, u8 *iv);
|
|
int (*decrypt)(void *tfm, const u8 *src, u8 *dst, unsigned int len, u8 *iv);
|
|
unsigned int (*ivsize)(void *tfm);
|
|
unsigned int (*statesize)(void *tfm);
|
|
u32 (*get_flags)(void *tfm);
|
|
struct module *owner;
|
|
char name[14];
|
|
};
|
|
|
|
int bpf_crypto_register_type(const struct bpf_crypto_type *type);
|
|
int bpf_crypto_unregister_type(const struct bpf_crypto_type *type);
|
|
|
|
#endif /* _BPF_CRYPTO_H */
|