Commit 65d6d61d authored by Vadim Fedorenko's avatar Vadim Fedorenko Committed by Alexei Starovoitov
Browse files

bpf: crypto: make state and IV dynptr nullable 



Some ciphers do not require state and IV buffer, but with current
implementation 0-sized dynptr is always needed. With adjustment to
verifier we can provide NULL instead of 0-sized dynptr. Make crypto
kfuncs ready for this.

Reviewed-by: default avatarEduard Zingerman <eddyz87@gmail.com>
Signed-off-by: default avatarVadim Fedorenko <vadfed@meta.com>
Link: https://lore.kernel.org/r/20240613211817.1551967-3-vadfed@meta.com


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent a9079799

kernel/bpf/crypto.c

+13 −13
Original line number Diff line number Diff line
@@ -275,7 +275,7 @@ static int bpf_crypto_crypt(const struct bpf_crypto_ctx *ctx, 
	if (__bpf_dynptr_is_rdonly(dst))

		return -EINVAL;



	siv_len = __bpf_dynptr_size(siv);

	siv_len = siv ? __bpf_dynptr_size(siv) : 0;

	src_len = __bpf_dynptr_size(src);

	dst_len = __bpf_dynptr_size(dst);

	if (!src_len || !dst_len)
@@ -306,18 +306,18 @@ static int bpf_crypto_crypt(const struct bpf_crypto_ctx *ctx, 
 * @ctx:		The crypto context being used. The ctx must be a trusted pointer.

 * @src:		bpf_dynptr to the encrypted data. Must be a trusted pointer.

 * @dst:		bpf_dynptr to the buffer where to store the result. Must be a trusted pointer.

 * @siv:	bpf_dynptr to IV data and state data to be used by decryptor.

 * @siv__nullable:	bpf_dynptr to IV data and state data to be used by decryptor. May be NULL.

 *

 * Decrypts provided buffer using IV data and the crypto context. Crypto context must be configured.

 */

__bpf_kfunc int bpf_crypto_decrypt(struct bpf_crypto_ctx *ctx,

				   const struct bpf_dynptr *src,

				   const struct bpf_dynptr *dst,

				   const struct bpf_dynptr *siv)

				   const struct bpf_dynptr *siv__nullable)

{

	const struct bpf_dynptr_kern *src_kern = (struct bpf_dynptr_kern *)src;

	const struct bpf_dynptr_kern *dst_kern = (struct bpf_dynptr_kern *)dst;

	const struct bpf_dynptr_kern *siv_kern = (struct bpf_dynptr_kern *)siv;

	const struct bpf_dynptr_kern *siv_kern = (struct bpf_dynptr_kern *)siv__nullable;



	return bpf_crypto_crypt(ctx, src_kern, dst_kern, siv_kern, true);

}
@@ -326,19 +326,19 @@ __bpf_kfunc int bpf_crypto_decrypt(struct bpf_crypto_ctx *ctx, 
 * bpf_crypto_encrypt() - Encrypt buffer using configured context and IV provided.

 * @ctx:		The crypto context being used. The ctx must be a trusted pointer.

 * @src:		bpf_dynptr to the plain data. Must be a trusted pointer.

 * @dst:	bpf_dynptr to buffer where to store the result. Must be a trusted pointer.

 * @siv:	bpf_dynptr to IV data and state data to be used by decryptor.

 * @dst:		bpf_dynptr to the buffer where to store the result. Must be a trusted pointer.

 * @siv__nullable:	bpf_dynptr to IV data and state data to be used by decryptor. May be NULL.

 *

 * Encrypts provided buffer using IV data and the crypto context. Crypto context must be configured.

 */

__bpf_kfunc int bpf_crypto_encrypt(struct bpf_crypto_ctx *ctx,

				   const struct bpf_dynptr *src,

				   const struct bpf_dynptr *dst,

				   const struct bpf_dynptr *siv)

				   const struct bpf_dynptr *siv__nullable)

{

	const struct bpf_dynptr_kern *src_kern = (struct bpf_dynptr_kern *)src;

	const struct bpf_dynptr_kern *dst_kern = (struct bpf_dynptr_kern *)dst;

	const struct bpf_dynptr_kern *siv_kern = (struct bpf_dynptr_kern *)siv;

	const struct bpf_dynptr_kern *siv_kern = (struct bpf_dynptr_kern *)siv__nullable;



	return bpf_crypto_crypt(ctx, src_kern, dst_kern, siv_kern, false);

}