[PATCH v3 03/12] libbpf: Implement SHA256 internal helper

Thu Aug 14 18:46:13 UTC 2025

On Wed, Aug 13, 2025 at 1:55 PM KP Singh <kpsingh at kernel.org> wrote:
>
> Use AF_ALG sockets to not have libbpf depend on OpenSSL. The helper is
> used for the loader generation code to embed the metadata hash in the
> loader program and also by the bpf_map__make_exclusive API to calculate
> the hash of the program the map is exclusive to.
>
> Signed-off-by: KP Singh <kpsingh at kernel.org>
> ---
>  tools/lib/bpf/libbpf.c          | 59 +++++++++++++++++++++++++++++++++
>  tools/lib/bpf/libbpf_internal.h |  4 +++
>  2 files changed, 63 insertions(+)
>

LGTM, but see note about unnecessary libbpf_err()

Acked-by: Andrii Nakryiko <andrii at kernel.org>

> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 8f5a81b672e1..0bb3d71dcd9f 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -43,6 +43,9 @@
>  #include <sys/vfs.h>
>  #include <sys/utsname.h>
>  #include <sys/resource.h>
> +#include <sys/socket.h>
> +#include <linux/if_alg.h>
> +#include <linux/socket.h>
>  #include <libelf.h>
>  #include <gelf.h>
>  #include <zlib.h>
> @@ -14207,3 +14210,59 @@ void bpf_object__destroy_skeleton(struct bpf_object_skeleton *s)
>         free(s->progs);
>         free(s);
>  }
> +
> +int libbpf_sha256(const void *data, size_t data_sz, void *sha_out, size_t sha_out_sz)
> +{
> +       struct sockaddr_alg sa = {
> +               .salg_family = AF_ALG,
> +               .salg_type   = "hash",
> +               .salg_name   = "sha256"
> +       };
> +       int sock_fd = -1;
> +       int op_fd = -1;
> +       int err = 0;
> +
> +       if (sha_out_sz != SHA256_DIGEST_LENGTH) {
> +               pr_warn("sha_out_sz should be exactly 32 bytes for a SHA256 digest");
> +               return libbpf_err(-EINVAL);

this is an internal function, so there is no need to use libbpf_err()
to return error codes. Here and everywhere below should be just
`return -Exxx;`

> +       }
> +
> +       sock_fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
> +       if (sock_fd < 0) {
> +               err = -errno;
> +               pr_warn("failed to create AF_ALG socket for SHA256: %s\n", errstr(err));
> +               return libbpf_err(err);
> +       }
> +
> +       if (bind(sock_fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
> +               err = -errno;
> +               pr_warn("failed to bind to AF_ALG socket for SHA256: %s\n", errstr(err));
> +               goto out;
> +       }
> +
> +       op_fd = accept(sock_fd, NULL, 0);
> +       if (op_fd < 0) {
> +               err = -errno;
> +               pr_warn("failed to accept from AF_ALG socket for SHA256: %s\n", errstr(err));
> +               goto out;
> +       }
> +
> +       if (write(op_fd, data, data_sz) != data_sz) {
> +               err = -errno;
> +               pr_warn("failed to write data to AF_ALG socket for SHA256: %s\n", errstr(err));
> +               goto out;
> +       }
> +
> +       if (read(op_fd, sha_out, SHA256_DIGEST_LENGTH) != SHA256_DIGEST_LENGTH) {
> +               err = -errno;
> +               pr_warn("failed to read SHA256 from AF_ALG socket: %s\n", errstr(err));
> +               goto out;
> +       }
> +
> +out:
> +       if (op_fd >= 0)
> +               close(op_fd);
> +       if (sock_fd >= 0)
> +               close(sock_fd);
> +       return libbpf_err(err);
> +}
> diff --git a/tools/lib/bpf/libbpf_internal.h b/tools/lib/bpf/libbpf_internal.h
> index 477a3b3389a0..8a055de0d324 100644
> --- a/tools/lib/bpf/libbpf_internal.h
> +++ b/tools/lib/bpf/libbpf_internal.h
> @@ -736,4 +736,8 @@ int elf_resolve_pattern_offsets(const char *binary_path, const char *pattern,
>
>  int probe_fd(int fd);
>
> +#define SHA256_DIGEST_LENGTH 32
> +#define SHA256_DWORD_SIZE SHA256_DIGEST_LENGTH / sizeof(__u64)
> +
> +int libbpf_sha256(const void *data, size_t data_sz, void *sha_out, size_t sha_out_sz);
>  #endif /* __LIBBPF_LIBBPF_INTERNAL_H */
> --
> 2.43.0
>