On 18/11/2023 18:35, Alexei Starovoitov wrote:
On Sat, Nov 18, 2023 at 3:32 PM Vadim Fedorenko
<vadim.fedorenko@xxxxxxxxx> wrote:
On 18/11/2023 18:23, Alexei Starovoitov wrote:
On Sat, Nov 18, 2023 at 2:55 PM Vadim Fedorenko <vadfed@xxxxxxxx> wrote:
+/**
+ * struct bpf_crypto_lskcipher_ctx - refcounted BPF sync skcipher context structure
+ * @tfm: The pointer to crypto_sync_skcipher struct.
+ * @rcu: The RCU head used to free the crypto context with RCU safety.
+ * @usage: Object reference counter. When the refcount goes to 0, the
+ * memory is released back to the BPF allocator, which provides
+ * RCU safety.
+ */
+struct bpf_crypto_lskcipher_ctx {
+ struct crypto_lskcipher *tfm;
+ struct rcu_head rcu;
+ refcount_t usage;
+};
+
+__bpf_kfunc_start_defs();
+
+/**
+ * bpf_crypto_lskcipher_ctx_create() - Create a mutable BPF crypto context.
Let's drop 'lskcipher' from the kfunc names and ctx struct.
bpf users don't need to know the internal implementation details.
bpf_crypto_encrypt/decrypt() is clear enough.
The only reason I added it was the existence of AEAD subset of crypto
API. And this subset can also be implemented in bpf later, and there
will be inconsistency in naming then if we add aead in future names.
WDYT?
You mean future async apis ? Just bpf_crypto_encrypt_async() ?
Well, not only async. It's about Authenticated Encryption With
Associated Data (AEAD) Cipher API defined in crypto/aead.h. It's
ciphers with additional hmac function, like
'authenc(hmac(sha256),cbc(aes))'. It has very similar API with only
difference of having Authenticated data in the encrypted block.
I'm not sure though if there is explicit sync implementation, but I do
believe async ciphers can be filtered out for this interface too.