TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fb2b0e2901
twx-linux/crypto
History
KP Singh 3492715683 bpf: Implement signature verification for BPF programs 
This patch extends the BPF_PROG_LOAD command by adding three new fields
to `union bpf_attr` in the user-space API:

  - signature: A pointer to the signature blob.
  - signature_size: The size of the signature blob.
  - keyring_id: The serial number of a loaded kernel keyring (e.g.,
    the user or session keyring) containing the trusted public keys.

When a BPF program is loaded with a signature, the kernel:

1.  Retrieves the trusted keyring using the provided `keyring_id`.
2.  Verifies the supplied signature against the BPF program's
    instruction buffer.
3.  If the signature is valid and was generated by a key in the trusted
    keyring, the program load proceeds.
4.  If no signature is provided, the load proceeds as before, allowing
    for backward compatibility. LSMs can chose to restrict unsigned
    programs and implement a security policy.
5.  If signature verification fails for any reason,
    the program is not loaded.

Tested-by: syzbot@syzkaller.appspotmail.com
Signed-off-by: KP Singh <kpsingh@kernel.org>
Link: https://lore.kernel.org/r/20250921160120.9711-2-kpsingh@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2025-09-22 18:58:03 -07:00
..
asymmetric_keys bpf: Implement signature verification for BPF programs 2025-09-22 18:58:03 -07:00
async_tx lib/raid6: replace custom zero page with ZERO_PAGE 2025-07-09 22:57:54 -07:00
krb5 crypto: krb5 - Fix memory leak in krb5_test_one_prf() 2025-07-18 20:52:00 +10:00
842.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
acompress.c crypto: api - Rename CRYPTO_ALG_REQ_CHAIN to CRYPTO_ALG_REQ_VIRT 2025-05-05 18:20:45 +08:00
adiantum.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
aead.c crypto: api - Add support for duplicating algorithms before registration 2025-04-16 15:36:24 +08:00
aegis128-core.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
aegis128-neon-inner.c crypto: aegis128-neon - add header for internal prototypes 2023-05-24 18:12:33 +08:00
aegis128-neon.c crypto: aegis128-neon - add header for internal prototypes 2023-05-24 18:12:33 +08:00
aegis-neon.h crypto: aegis128-neon - add header for internal prototypes 2023-05-24 18:12:33 +08:00
aegis.h
aes_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
aes_ti.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
af_alg.c crypto: Add missing MODULE_DESCRIPTION() macros 2024-05-31 17:34:56 +08:00
ahash.c This update includes the following changes: 2025-07-31 09:45:28 -07:00
akcipher.c crypto: api - Add support for duplicating algorithms before registration 2025-04-16 15:36:24 +08:00
algapi.c crypto: algapi - Add driver template support to crypto_inst_setname 2025-05-19 13:48:20 +08:00
algboss.c crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS 2025-05-12 13:33:14 +08:00
algif_aead.c crypto: algif_aead - use memcpy_sglist() instead of null skcipher 2025-05-12 13:32:53 +08:00
algif_hash.c crypto: algif_hash - fix double free in hash_accept 2025-05-19 13:44:16 +08:00
algif_rng.c sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
algif_skcipher.c crypto: Add missing MODULE_DESCRIPTION() macros 2024-05-31 17:34:56 +08:00
ansi_cprng.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
anubis.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
api.c crypto: api - Redo lookup on EEXIST 2025-05-23 19:25:47 +08:00
arc4.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
aria_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
authenc.c crypto: authenc - use memcpy_sglist() instead of null skcipher 2025-05-12 13:32:53 +08:00
authencesn.c crypto: authenc - use memcpy_sglist() instead of null skcipher 2025-05-12 13:32:53 +08:00
blake2b_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
blowfish_common.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
blowfish_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
bpf_crypto_skcipher.c crypto: bpf - Add MODULE_DESCRIPTION for skcipher 2025-03-02 15:19:43 +08:00
camellia_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
cast5_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
cast6_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
cast_common.c crypto: Add missing MODULE_DESCRIPTION() macros 2024-05-31 17:34:56 +08:00
cbc.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
ccm.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
chacha20poly1305.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
chacha.c crypto: lib/chacha - add array bounds to function prototypes 2025-05-12 13:32:53 +08:00
cipher.c module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
cmac.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
compress.h crypto: acomp - Move stream management into scomp layer 2025-03-15 16:21:22 +08:00
crc32.c crypto/crc32[c]: register only "-lib" drivers 2025-06-30 09:31:56 -07:00
crc32c.c crypto/crc32[c]: register only "-lib" drivers 2025-06-30 09:31:56 -07:00
cryptd.c crypto: cryptd - Use nested-BH locking for cryptd_cpu_queue 2025-07-18 20:51:59 +10:00
crypto_engine.c crypto: engine - remove {prepare,unprepare}_crypt_hardware callbacks 2025-07-18 20:52:00 +10:00
crypto_null.c crypto: null - use memcpy_sglist() 2025-05-12 13:32:53 +08:00
crypto_user.c crypto: remove obsolete 'comp' compression API 2025-03-21 17:39:06 +08:00
ctr.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
cts.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
curve25519-generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
deflate.c crypto: acomp - Fix CFI failure due to type punning 2025-07-18 20:52:00 +10:00
des_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
dh_helper.c
dh.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
drbg.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
ecb.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
ecc_curve_defs.h crypto: ecc - Add NIST P521 curve parameters 2024-04-12 15:07:52 +08:00
ecc.c crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() 2025-02-09 18:08:12 +08:00
ecdh_helper.c
ecdh.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
ecdsa-p1363.c crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY 2025-04-16 15:16:21 +08:00
ecdsa-x962.c crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY 2025-04-16 15:16:21 +08:00
ecdsa.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
ecdsasignature.asn1
echainiv.c crypto: geniv - use memcpy_sglist() instead of null skcipher 2025-05-12 13:32:53 +08:00
ecrdsa_defs.h crypto: ecc - Add nbits field to ecc_curve structure 2024-04-12 15:07:52 +08:00
ecrdsa_params.asn1
ecrdsa_pub_key.asn1
ecrdsa.c crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY 2025-04-16 15:16:21 +08:00
essiv.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
fcrypt.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
fips.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
gcm.c crypto: gcm - use memcpy_sglist() instead of null skcipher 2025-05-12 13:32:53 +08:00
geniv.c crypto: geniv - use memcpy_sglist() instead of null skcipher 2025-05-12 13:32:53 +08:00
ghash-generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
hash.h crypto: remove CONFIG_CRYPTO_STATS 2024-04-02 10:49:38 +08:00
hctr2.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
hkdf.c crypto: hkdf - move to late_initcall 2025-06-11 10:59:45 +08:00
hmac.c crypto: hmac - Add ahash support 2025-05-19 13:48:20 +08:00
internal.h crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS 2025-05-12 13:33:14 +08:00
jitterentropy-kcapi.c crypto: jitter - fix intermediary handling 2025-07-07 15:27:04 +12:00
jitterentropy-testing.c crypto: jitter - output full sample from test interface 2024-10-19 08:44:30 +08:00
jitterentropy.c crypto: jitter - replace ARRAY_SIZE definition with header include 2025-07-18 20:52:01 +10:00
jitterentropy.h crypto: jitter - output full sample from test interface 2024-10-19 08:44:30 +08:00
Kconfig crypto: sha1 - Wrap library and add HMAC support 2025-07-14 08:59:20 -07:00
kdf_sp800108.c crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS 2025-05-12 13:33:14 +08:00
khazad.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
kpp.c crypto: api - Add support for duplicating algorithms before registration 2025-04-16 15:36:24 +08:00
krb5enc.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
lrw.c crypto: lrw - Only add ecb if it is not already there 2025-05-19 13:48:20 +08:00
lskcipher.c crypto: api - Add support for duplicating algorithms before registration 2025-04-16 15:36:24 +08:00
lz4.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
lz4hc.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
lzo-rle.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
lzo.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
Makefile Crypto library updates for 6.17 2025-07-28 17:58:52 -07:00
md4.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
md5.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
michael_mic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
nhpoly1305.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
pcbc.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
pcrypt.c crypto: pcrypt - Optimize pcrypt_aead_init_tfm() 2025-06-13 17:26:17 +08:00
polyval-generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
proc.c crypto: remove obsolete 'comp' compression API 2025-03-21 17:39:06 +08:00
ripemd.h
rmd160.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
rng.c crypto: api - Add support for duplicating algorithms before registration 2025-04-16 15:36:24 +08:00
rsa_helper.c
rsa-pkcs1pad.c crypto: rsassa-pkcs1 - Migrate to sig_alg backend 2024-10-05 13:22:04 +08:00
rsa.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
rsaprivkey.asn1 treewide: Add SPDX identifier to IETF ASN.1 modules 2023-10-27 18:04:28 +08:00
rsapubkey.asn1 treewide: Add SPDX identifier to IETF ASN.1 modules 2023-10-27 18:04:28 +08:00
rsassa-pkcs1.c crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY 2025-04-16 15:16:21 +08:00
scatterwalk.c crypto: scatterwalk - Move skcipher walk and use it for memcpy_sglist 2025-04-28 19:45:26 +08:00
scompress.c crypto: api - Rename CRYPTO_ALG_REQ_CHAIN to CRYPTO_ALG_REQ_VIRT 2025-05-05 18:20:45 +08:00
seed.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
seqiv.c crypto: geniv - use memcpy_sglist() instead of null skcipher 2025-05-12 13:32:53 +08:00
serpent_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
sha1.c crypto: sha1 - Implement export_core() and import_core() 2025-09-02 19:02:35 -07:00
sha3_generic.c crypto: sha3-generic - Use API partial block handling 2025-04-23 15:52:46 +08:00
sha256.c crypto: sha256 - Implement export_core() and import_core() 2025-09-02 19:02:37 -07:00
sha512.c crypto: sha512 - Implement export_core() and import_core() 2025-09-02 19:02:39 -07:00
shash.c crypto: shash - Fix buffer overrun in import function 2025-05-27 13:43:32 +08:00
sig.c crypto: api - Add support for duplicating algorithms before registration 2025-04-16 15:36:24 +08:00
simd.c crypto: simd - Do not call crypto_alloc_tfm during registration 2024-08-24 21:39:15 +08:00
skcipher.c crypto: scatterwalk - Move skcipher walk and use it for memcpy_sglist 2025-04-28 19:45:26 +08:00
skcipher.h crypto: remove CONFIG_CRYPTO_STATS 2024-04-02 10:49:38 +08:00
sm3_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
sm4_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
sm4.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
streebog_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
tcrypt.c crypto: tcrypt - rename CRYPTO_TEST to CRYPTO_BENCHMARK 2025-05-12 13:32:53 +08:00
tcrypt.h crypto: tcrypt - rename CRYPTO_TEST to CRYPTO_BENCHMARK 2025-05-12 13:32:53 +08:00
tea.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
testmgr.c This update includes the following changes: 2025-07-31 09:45:28 -07:00
testmgr.h Revert "crypto: testmgr - Add hash export format testing" 2025-05-23 17:20:59 +08:00
twofish_common.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
twofish_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
wp512.c crypto: wp512 - Use API partial block handling 2025-06-23 16:56:56 +08:00
xcbc.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
xctr.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
xor.c crypto: xor - fix template benchmarking 2024-08-02 20:53:25 +08:00
xts.c crypto: xts - Only add ecb if it is not already there 2025-05-19 13:48:20 +08:00
xxhash_generic.c Revert "crypto: run initcalls for generic implementations earlier" 2025-05-05 18:20:44 +08:00
zstd.c crypto: acomp - Fix CFI failure due to type punning 2025-07-18 20:52:00 +10:00