libbpf: Implement SHA256 internal helper

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Use AF_ALG sockets to not have libbpf depend on OpenSSL. The helper is
used for the loader generation code to embed the metadata hash in the
loader program and also by the bpf_map__make_exclusive API to calculate
the hash of the program the map is exclusive to.

Acked-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: KP Singh <kpsingh@kernel.org>
Link: https://lore.kernel.org/r/20250914215141.15144-4-kpsingh@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

KP Singh and committed by

Alexei Starovoitov 6 months ago c297fe3e baefdbdf

+63

2 changed files

expand all

tools

lib

bpf

libbpf.c

libbpf_internal.h

+59

tools/lib/bpf/libbpf.c

··· 43 43 #include <sys/vfs.h> 44 44 #include <sys/utsname.h> 45 45 #include <sys/resource.h> 46 + #include <sys/socket.h> 47 + #include <linux/if_alg.h> 48 + #include <linux/socket.h> 46 49 #include <libelf.h> 47 50 #include <gelf.h> 48 51 #include <zlib.h> ··· 14219 14216 free(s->maps); 14220 14217 free(s->progs); 14221 14218 free(s); 14219 + } 14220 + 14221 + int libbpf_sha256(const void *data, size_t data_sz, void *sha_out, size_t sha_out_sz) 14222 + { 14223 + struct sockaddr_alg sa = { 14224 + .salg_family = AF_ALG, 14225 + .salg_type = "hash", 14226 + .salg_name = "sha256" 14227 + }; 14228 + int sock_fd = -1; 14229 + int op_fd = -1; 14230 + int err = 0; 14231 + 14232 + if (sha_out_sz != SHA256_DIGEST_LENGTH) { 14233 + pr_warn("sha_out_sz should be exactly 32 bytes for a SHA256 digest"); 14234 + return -EINVAL; 14235 + } 14236 + 14237 + sock_fd = socket(AF_ALG, SOCK_SEQPACKET, 0); 14238 + if (sock_fd < 0) { 14239 + err = -errno; 14240 + pr_warn("failed to create AF_ALG socket for SHA256: %s\n", errstr(err)); 14241 + return err; 14242 + } 14243 + 14244 + if (bind(sock_fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { 14245 + err = -errno; 14246 + pr_warn("failed to bind to AF_ALG socket for SHA256: %s\n", errstr(err)); 14247 + goto out; 14248 + } 14249 + 14250 + op_fd = accept(sock_fd, NULL, 0); 14251 + if (op_fd < 0) { 14252 + err = -errno; 14253 + pr_warn("failed to accept from AF_ALG socket for SHA256: %s\n", errstr(err)); 14254 + goto out; 14255 + } 14256 + 14257 + if (write(op_fd, data, data_sz) != data_sz) { 14258 + err = -errno; 14259 + pr_warn("failed to write data to AF_ALG socket for SHA256: %s\n", errstr(err)); 14260 + goto out; 14261 + } 14262 + 14263 + if (read(op_fd, sha_out, SHA256_DIGEST_LENGTH) != SHA256_DIGEST_LENGTH) { 14264 + err = -errno; 14265 + pr_warn("failed to read SHA256 from AF_ALG socket: %s\n", errstr(err)); 14266 + goto out; 14267 + } 14268 + 14269 + out: 14270 + if (op_fd >= 0) 14271 + close(op_fd); 14272 + if (sock_fd >= 0) 14273 + close(sock_fd); 14274 + return err; 14222 14275 }

tools/lib/bpf/libbpf_internal.h

··· 736 736 737 737 int probe_fd(int fd); 738 738 739 + #define SHA256_DIGEST_LENGTH 32 740 + #define SHA256_DWORD_SIZE SHA256_DIGEST_LENGTH / sizeof(__u64) 741 + 742 + int libbpf_sha256(const void *data, size_t data_sz, void *sha_out, size_t sha_out_sz); 739 743 #endif /* __LIBBPF_LIBBPF_INTERNAL_H */