6 Jan
2026
6 Jan
'26
11:11 p.m.
On 05/01/2026 17:37, Daniel Hodges wrote:
Add support for ECDSA signature verification in BPF programs through the unified bpf_crypto_ctx API.
Changes:
- Add enum bpf_crypto_type_id for efficient type checking
- Update all crypto type modules to set type_id field
- Implement bpf_ecdsa_verify() for signature verification
- Add bpf_ecdsa_keysize(), bpf_ecdsa_digestsize(), bpf_ecdsa_maxsize() helper functions for querying context properties
- Add type_id checks in all ECDSA kfuncs for type safety
- Register ECDSA kfuncs for SCHED_CLS and XDP program types
ECDSA contexts are created using bpf_crypto_ctx_create() with type="sig" and appropriate algorithm (e.g., "p1363(ecdsa-nist-p256)"). The public key is passed via the key/key_len fields in bpf_crypto_params.
This enables BPF programs to perform cryptographic signature verification for use cases such as packet authentication and content validation.
Signed-off-by: Daniel Hodges git@danielhodges.dev @@ -57,6 +58,7 @@ struct bpf_crypto_ctx { refcount_t usage; };
- int bpf_crypto_register_type(const struct bpf_crypto_type *type) { struct bpf_crypto_type_list *node;
This chunk is extra empty line - no need for it