proton/proton.c at main · mas-bandwidth/proton · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
/*
    Proton Linux kernel module

    Tested on Ubuntu 24.04 LTS

    Licensed under the GNU General Public License 3.0

    USAGE:

        sudo insmod proton.ko
        lsmod
        sudo dmesg --follow
        sudo rmmod proton

    BTF debugging:

        sudo bpftool btf show
        sudo bpftool btf dump id <id>
*/

#include "proton.h"
#include <linux/init.h>
#include <linux/module.h>
#include <linux/bpf.h>
#include <linux/btf.h>
#include <crypto/hash.h>
#include <crypto/kpp.h>
#include "hydrogen.h"

// ----------------------------------------------------------------------------------------------------------------------

struct crypto_shash * sha256;

__bpf_kfunc int proton_sha256( void * data, int data__sz, void * output, int output__sz )
{
    SHASH_DESC_ON_STACK( shash, tfm );
    shash->tfm = sha256;
    crypto_shash_digest( shash, data, data__sz, output );
    return 0;
}

// ----------------------------------------------------------------------------------------------------------------------

static __u8 sign_context[hydro_sign_CONTEXTBYTES];

__bpf_kfunc int proton_sign_create( void * data, int data__sz, void * signature, int signature__sz, struct proton_sign_create_args * args )
{
    int result = hydro_sign_create( signature, data, data__sz, sign_context, args->private_key );
    return result;
}

__bpf_kfunc int proton_sign_verify( void * data, int data__sz, void * signature, int signature__sz, struct proton_sign_verify_args * args )
{
    int result = hydro_sign_verify( signature, data, data__sz, sign_context, args->public_key );
    return result;
}

// ----------------------------------------------------------------------------------------------------------------------

static __u8 secretbox_context[hydro_secretbox_CONTEXTBYTES];

int proton_secretbox_encrypt( void * data, int data__sz, __u64 message_id, void * key, int key__sz )
{
    void * message = data + PROTON_SECRETBOX_CRYPTO_HEADER_BYTES;
    int message_bytes = data__sz - PROTON_SECRETBOX_CRYPTO_HEADER_BYTES;
    int result = hydro_secretbox_encrypt( data, message, message_bytes, message_id, secretbox_context, key );
    return result;
}

int proton_secretbox_decrypt( void * data, int data__sz, __u64 message_id, void * key, int key__sz )
{
    void * message = data + PROTON_SECRETBOX_CRYPTO_HEADER_BYTES;
    int result = hydro_secretbox_encrypt( message, data, data__sz, message_id, secretbox_context, key );
    return result;
}

// ----------------------------------------------------------------------------------------------------------------------

BTF_SET8_START( bpf_task_set )
BTF_ID_FLAGS( func, proton_sha256 )
BTF_ID_FLAGS( func, proton_sign_verify )
BTF_ID_FLAGS( func, proton_sign_create )
BTF_ID_FLAGS( func, proton_secretbox_encrypt )
BTF_ID_FLAGS( func, proton_secretbox_decrypt )
BTF_SET8_END( bpf_task_set )

static const struct btf_kfunc_id_set bpf_task_kfunc_set = {
    .owner = THIS_MODULE,
    .set   = &bpf_task_set,
};

// ----------------------------------------------------------------------------------------------------------------------

static int __init proton_init( void )
{
    pr_info( "proton kernel module initializing...\n" );

    sha256 = crypto_alloc_shash( "sha256", 0, 0 );
    if ( IS_ERR( sha256 ) )
    {
        pr_err( "can't create sha256 crypto hash algorithm\n" );
        return PTR_ERR( sha256 );
    }

    int result = register_btf_kfunc_id_set( BPF_PROG_TYPE_XDP, &bpf_task_kfunc_set );
    if ( result != 0 )
    {
        pr_err( "failed to register proton kernel module kfuncs: %d\n", result );
        return -1;
    }

    pr_info( "proton kernel module initialized successfully\n" );

    return result;
}

static void __exit proton_exit( void )
{
    pr_info( "proton kernel module shutting down...\n" );

    if ( !IS_ERR( sha256 ) )
    {
        crypto_free_shash( sha256 );
    }

    pr_info( "proton kernel module shut down successfully\n" );
}

module_init( proton_init );
module_exit( proton_exit );

#include "hydrogen.c"

MODULE_VERSION( "1.0.0" );
MODULE_LICENSE( "GPL" );
MODULE_AUTHOR( "Glenn Fiedler" );
MODULE_DESCRIPTION( "Proton kernel module. Provides crypto functions that are callable from XDP programs." );