| 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
|---|---|
| 2 | /* |
| 3 | * Copyright 2019 Google LLC |
| 4 | */ |
| 5 | |
| 6 | #ifndef __LINUX_BLK_CRYPTO_PROFILE_H |
| 7 | #define __LINUX_BLK_CRYPTO_PROFILE_H |
| 8 | |
| 9 | #include <linux/bio.h> |
| 10 | #include <linux/blk-crypto.h> |
| 11 | |
| 12 | struct blk_crypto_profile; |
| 13 | |
| 14 | /** |
| 15 | * struct blk_crypto_ll_ops - functions to control inline encryption hardware |
| 16 | * |
| 17 | * Low-level operations for controlling inline encryption hardware. This |
| 18 | * interface must be implemented by storage drivers that support inline |
| 19 | * encryption. All functions may sleep, are serialized by profile->lock, and |
| 20 | * are never called while profile->dev (if set) is runtime-suspended. |
| 21 | */ |
| 22 | struct blk_crypto_ll_ops { |
| 23 | |
| 24 | /** |
| 25 | * @keyslot_program: Program a key into the inline encryption hardware. |
| 26 | * |
| 27 | * Program @key into the specified @slot in the inline encryption |
| 28 | * hardware, overwriting any key that the keyslot may already contain. |
| 29 | * The keyslot is guaranteed to not be in-use by any I/O. |
| 30 | * |
| 31 | * This is required if the device has keyslots. Otherwise (i.e. if the |
| 32 | * device is a layered device, or if the device is real hardware that |
| 33 | * simply doesn't have the concept of keyslots) it is never called. |
| 34 | * |
| 35 | * Must return 0 on success, or -errno on failure. |
| 36 | */ |
| 37 | int (*keyslot_program)(struct blk_crypto_profile *profile, |
| 38 | const struct blk_crypto_key *key, |
| 39 | unsigned int slot); |
| 40 | |
| 41 | /** |
| 42 | * @keyslot_evict: Evict a key from the inline encryption hardware. |
| 43 | * |
| 44 | * If the device has keyslots, this function must evict the key from the |
| 45 | * specified @slot. The slot will contain @key, but there should be no |
| 46 | * need for the @key argument to be used as @slot should be sufficient. |
| 47 | * The keyslot is guaranteed to not be in-use by any I/O. |
| 48 | * |
| 49 | * If the device doesn't have keyslots itself, this function must evict |
| 50 | * @key from any underlying devices. @slot won't be valid in this case. |
| 51 | * |
| 52 | * If there are no keyslots and no underlying devices, this function |
| 53 | * isn't required. |
| 54 | * |
| 55 | * Must return 0 on success, or -errno on failure. |
| 56 | */ |
| 57 | int (*keyslot_evict)(struct blk_crypto_profile *profile, |
| 58 | const struct blk_crypto_key *key, |
| 59 | unsigned int slot); |
| 60 | |
| 61 | /** |
| 62 | * @derive_sw_secret: Derive the software secret from a hardware-wrapped |
| 63 | * key in ephemerally-wrapped form. |
| 64 | * |
| 65 | * This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED |
| 66 | * is supported. |
| 67 | * |
| 68 | * Must return 0 on success, -EBADMSG if the key is invalid, or another |
| 69 | * -errno code on other errors. |
| 70 | */ |
| 71 | int (*derive_sw_secret)(struct blk_crypto_profile *profile, |
| 72 | const u8 *eph_key, size_t eph_key_size, |
| 73 | u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]); |
| 74 | |
| 75 | /** |
| 76 | * @import_key: Create a hardware-wrapped key by importing a raw key. |
| 77 | * |
| 78 | * This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED |
| 79 | * is supported. |
| 80 | * |
| 81 | * On success, must write the new key in long-term wrapped form to |
| 82 | * @lt_key and return its size in bytes. On failure, must return a |
| 83 | * -errno value. |
| 84 | */ |
| 85 | int (*import_key)(struct blk_crypto_profile *profile, |
| 86 | const u8 *raw_key, size_t raw_key_size, |
| 87 | u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); |
| 88 | |
| 89 | /** |
| 90 | * @generate_key: Generate a hardware-wrapped key. |
| 91 | * |
| 92 | * This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED |
| 93 | * is supported. |
| 94 | * |
| 95 | * On success, must write the new key in long-term wrapped form to |
| 96 | * @lt_key and return its size in bytes. On failure, must return a |
| 97 | * -errno value. |
| 98 | */ |
| 99 | int (*generate_key)(struct blk_crypto_profile *profile, |
| 100 | u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); |
| 101 | |
| 102 | /** |
| 103 | * @prepare_key: Prepare a hardware-wrapped key to be used. |
| 104 | * |
| 105 | * Prepare a hardware-wrapped key to be used by converting it from |
| 106 | * long-term wrapped form to ephemerally-wrapped form. This only needs |
| 107 | * to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED is supported. |
| 108 | * |
| 109 | * On success, must write the key in ephemerally-wrapped form to |
| 110 | * @eph_key and return its size in bytes. On failure, must return |
| 111 | * -EBADMSG if the key is invalid, or another -errno on other error. |
| 112 | */ |
| 113 | int (*prepare_key)(struct blk_crypto_profile *profile, |
| 114 | const u8 *lt_key, size_t lt_key_size, |
| 115 | u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); |
| 116 | }; |
| 117 | |
| 118 | /** |
| 119 | * struct blk_crypto_profile - inline encryption profile for a device |
| 120 | * |
| 121 | * This struct contains a storage device's inline encryption capabilities (e.g. |
| 122 | * the supported crypto algorithms), driver-provided functions to control the |
| 123 | * inline encryption hardware (e.g. programming and evicting keys), and optional |
| 124 | * device-independent keyslot management data. |
| 125 | */ |
| 126 | struct blk_crypto_profile { |
| 127 | |
| 128 | /* public: Drivers must initialize the following fields. */ |
| 129 | |
| 130 | /** |
| 131 | * @ll_ops: Driver-provided functions to control the inline encryption |
| 132 | * hardware, e.g. program and evict keys. |
| 133 | */ |
| 134 | struct blk_crypto_ll_ops ll_ops; |
| 135 | |
| 136 | /** |
| 137 | * @max_dun_bytes_supported: The maximum number of bytes supported for |
| 138 | * specifying the data unit number (DUN). Specifically, the range of |
| 139 | * supported DUNs is 0 through (1 << (8 * max_dun_bytes_supported)) - 1. |
| 140 | */ |
| 141 | unsigned int max_dun_bytes_supported; |
| 142 | |
| 143 | /** |
| 144 | * @key_types_supported: A bitmask of the supported key types: |
| 145 | * BLK_CRYPTO_KEY_TYPE_RAW and/or BLK_CRYPTO_KEY_TYPE_HW_WRAPPED. |
| 146 | */ |
| 147 | unsigned int key_types_supported; |
| 148 | |
| 149 | /** |
| 150 | * @modes_supported: Array of bitmasks that specifies whether each |
| 151 | * combination of crypto mode and data unit size is supported. |
| 152 | * Specifically, the i'th bit of modes_supported[crypto_mode] is set if |
| 153 | * crypto_mode can be used with a data unit size of (1 << i). Note that |
| 154 | * only data unit sizes that are powers of 2 can be supported. |
| 155 | */ |
| 156 | unsigned int modes_supported[BLK_ENCRYPTION_MODE_MAX]; |
| 157 | |
| 158 | /** |
| 159 | * @dev: An optional device for runtime power management. If the driver |
| 160 | * provides this device, it will be runtime-resumed before any function |
| 161 | * in @ll_ops is called and will remain resumed during the call. |
| 162 | */ |
| 163 | struct device *dev; |
| 164 | |
| 165 | /* private: The following fields shouldn't be accessed by drivers. */ |
| 166 | |
| 167 | /* Number of keyslots, or 0 if not applicable */ |
| 168 | unsigned int num_slots; |
| 169 | |
| 170 | /* |
| 171 | * Serializes all calls to functions in @ll_ops as well as all changes |
| 172 | * to @slot_hashtable. This can also be taken in read mode to look up |
| 173 | * keyslots while ensuring that they can't be changed concurrently. |
| 174 | */ |
| 175 | struct rw_semaphore lock; |
| 176 | struct lock_class_key lockdep_key; |
| 177 | |
| 178 | /* List of idle slots, with least recently used slot at front */ |
| 179 | wait_queue_head_t idle_slots_wait_queue; |
| 180 | struct list_head idle_slots; |
| 181 | spinlock_t idle_slots_lock; |
| 182 | |
| 183 | /* |
| 184 | * Hash table which maps struct *blk_crypto_key to keyslots, so that we |
| 185 | * can find a key's keyslot in O(1) time rather than O(num_slots). |
| 186 | * Protected by 'lock'. |
| 187 | */ |
| 188 | struct hlist_head *slot_hashtable; |
| 189 | unsigned int log_slot_ht_size; |
| 190 | |
| 191 | /* Per-keyslot data */ |
| 192 | struct blk_crypto_keyslot *slots; |
| 193 | }; |
| 194 | |
| 195 | int blk_crypto_profile_init(struct blk_crypto_profile *profile, |
| 196 | unsigned int num_slots); |
| 197 | |
| 198 | int devm_blk_crypto_profile_init(struct device *dev, |
| 199 | struct blk_crypto_profile *profile, |
| 200 | unsigned int num_slots); |
| 201 | |
| 202 | unsigned int blk_crypto_keyslot_index(struct blk_crypto_keyslot *slot); |
| 203 | |
| 204 | void blk_crypto_reprogram_all_keys(struct blk_crypto_profile *profile); |
| 205 | |
| 206 | void blk_crypto_profile_destroy(struct blk_crypto_profile *profile); |
| 207 | |
| 208 | int blk_crypto_import_key(struct blk_crypto_profile *profile, |
| 209 | const u8 *raw_key, size_t raw_key_size, |
| 210 | u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); |
| 211 | |
| 212 | int blk_crypto_generate_key(struct blk_crypto_profile *profile, |
| 213 | u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); |
| 214 | |
| 215 | int blk_crypto_prepare_key(struct blk_crypto_profile *profile, |
| 216 | const u8 *lt_key, size_t lt_key_size, |
| 217 | u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); |
| 218 | |
| 219 | void blk_crypto_intersect_capabilities(struct blk_crypto_profile *parent, |
| 220 | const struct blk_crypto_profile *child); |
| 221 | |
| 222 | bool blk_crypto_has_capabilities(const struct blk_crypto_profile *target, |
| 223 | const struct blk_crypto_profile *reference); |
| 224 | |
| 225 | void blk_crypto_update_capabilities(struct blk_crypto_profile *dst, |
| 226 | const struct blk_crypto_profile *src); |
| 227 | |
| 228 | #endif /* __LINUX_BLK_CRYPTO_PROFILE_H */ |
| 229 |
Generated while processing Linux/drivers/md/dm-builtin.c
Generated on 2025-Oct-12 from project Linux revision 6.17.0 (67029a49db6c)
Powered by 
Code Browser 2.1
Generator usage only permitted with license.