tools/testing/selftests/bpf/progs/crypto_sanity.c

Source file repositories/reference/linux-study-clean/tools/testing/selftests/bpf/progs/crypto_sanity.c

File Facts

System
Linux kernel
Corpus path
tools/testing/selftests/bpf/progs/crypto_sanity.c
Extension
.c
Size
4437 bytes
Lines
187
Domain
Support Tooling And Documentation
Bucket
tools
Inferred role
Support Tooling And Documentation: implementation source
Status
source implementation candidate

Why This File Exists

Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.

Dependency Surface

Detected Declarations

Annotated Snippet

// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */

#include "vmlinux.h"
#include "bpf_tracing_net.h"
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_endian.h>
#include <bpf/bpf_tracing.h>
#include "bpf_misc.h"
#include "bpf_kfuncs.h"
#include "crypto_common.h"

/*
 * key[] and algo[] are 8-byte aligned and 'params' is kept off the stack to
 * work around an LLVM code generation bug. clang lowers the memcpy() of these
 * byte-aligned globals into a per-byte load/store sequence staged on the stack,
 * and additionally materializes the on-stack 'struct bpf_crypto_params' twice.
 * Both blow the 512-byte BPF stack limit. Aligning the sources lets clang copy
 * word-wise, and a global 'params' removes the large object from the stack.
 */
unsigned char key[256] __attribute__((aligned(8))) = {};
u16 udp_test_port = 7777;
u32 authsize, key_len;
char algo[128] __attribute__((aligned(8))) = {};
char dst[16] = {}, dst_bad[8] = {};
static struct bpf_crypto_params params;
int status;

static int skb_dynptr_validate(struct __sk_buff *skb, struct bpf_dynptr *psrc)
{
	struct ipv6hdr ip6h;
	struct udphdr udph;
	u32 offset;

	if (skb->protocol != __bpf_constant_htons(ETH_P_IPV6))
		return -1;

	if (bpf_skb_load_bytes(skb, ETH_HLEN, &ip6h, sizeof(ip6h)))
		return -1;

	if (ip6h.nexthdr != IPPROTO_UDP)
		return -1;

	if (bpf_skb_load_bytes(skb, ETH_HLEN + sizeof(ip6h), &udph, sizeof(udph)))
		return -1;

	if (udph.dest != __bpf_htons(udp_test_port))
		return -1;

	offset = ETH_HLEN + sizeof(ip6h) + sizeof(udph);
	if (skb->len < offset + 16)
		return -1;

	/* let's make sure that 16 bytes of payload are in the linear part of skb */
	bpf_skb_pull_data(skb, offset + 16);
	bpf_dynptr_from_skb(skb, 0, psrc);
	bpf_dynptr_adjust(psrc, offset, offset + 16);

	return 0;
}

SEC("syscall")
int skb_crypto_setup(void *ctx)
{
	struct bpf_crypto_ctx *cctx;
	int err;

	status = 0;
	if (key_len > 256) {
		status = -EINVAL;
		return 0;
	}

	__builtin_memcpy(&params.type, "skcipher", sizeof("skcipher"));
	params.key_len = key_len;
	params.authsize = authsize;
	__builtin_memcpy(&params.algo, algo, sizeof(algo));
	__builtin_memcpy(&params.key, key, sizeof(key));

	cctx = bpf_crypto_ctx_create(&params, sizeof(params), &err);
	if (!cctx) {
		status = err;
		return 0;
	}

	err = crypto_ctx_insert(cctx);
	if (err && err != -EEXIST)
		status = err;
	return 0;
}

Annotation

Implementation Notes