1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */
#include "vmlinux.h"
#include "bpf_tracing_net.h"
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_endian.h>
#include <bpf/bpf_tracing.h>
#include "bpf_misc.h"
#include "bpf_kfuncs.h"
#include "crypto_common.h"
const volatile unsigned int len = 16;
char cipher[128] = {};
u32 key_len, authsize;
char dst[256] = {};
u8 key[256] = {};
long hits = 0;
int status;
SEC("syscall")
int crypto_setup(void *args)
{
struct bpf_crypto_ctx *cctx;
struct bpf_crypto_params params = {
.type = "skcipher",
.key_len = key_len,
.authsize = authsize,
};
int err = 0;
status = 0;
if (!cipher[0] || !key_len || key_len > 256) {
status = -EINVAL;
return 0;
}
__builtin_memcpy(¶ms.algo, cipher, sizeof(cipher));
__builtin_memcpy(¶ms.key, key, sizeof(key));
cctx = bpf_crypto_ctx_create(¶ms, sizeof(params), &err);
if (!cctx) {
status = err;
return 0;
}
err = crypto_ctx_insert(cctx);
if (err && err != -EEXIST)
status = err;
return 0;
}
SEC("tc")
int crypto_encrypt(struct __sk_buff *skb)
{
struct __crypto_ctx_value *v;
struct bpf_crypto_ctx *ctx;
struct bpf_dynptr psrc, pdst;
v = crypto_ctx_value_lookup();
if (!v) {
status = -ENOENT;
return 0;
}
ctx = v->ctx;
if (!ctx) {
status = -ENOENT;
return 0;
}
bpf_dynptr_from_skb(skb, 0, &psrc);
bpf_dynptr_from_mem(dst, len, 0, &pdst);
status = bpf_crypto_encrypt(ctx, &psrc, &pdst, NULL);
__sync_add_and_fetch(&hits, 1);
return 0;
}
SEC("tc")
int crypto_decrypt(struct __sk_buff *skb)
{
struct bpf_dynptr psrc, pdst;
struct __crypto_ctx_value *v;
struct bpf_crypto_ctx *ctx;
v = crypto_ctx_value_lookup();
if (!v)
return -ENOENT;
ctx = v->ctx;
if (!ctx)
return -ENOENT;
bpf_dynptr_from_skb(skb, 0, &psrc);
bpf_dynptr_from_mem(dst, len, 0, &pdst);
status = bpf_crypto_decrypt(ctx, &psrc, &pdst, NULL);
__sync_add_and_fetch(&hits, 1);
return 0;
}
char __license[] SEC("license") = "GPL";
|