Blame view
include/linux/keyslot-manager.h
4.46 KB
aac6c3dec FROMLIST: block: ... |
1 2 3 4 |
/* SPDX-License-Identifier: GPL-2.0 */ /* * Copyright 2019 Google LLC */ |
aac6c3dec FROMLIST: block: ... |
5 6 |
#ifndef __LINUX_KEYSLOT_MANAGER_H #define __LINUX_KEYSLOT_MANAGER_H |
cfd7e6c13 FROMLIST: Update ... |
7 |
#include <linux/bio.h> |
c2b86b727 FROMLIST: Update ... |
8 |
#include <linux/blk-crypto.h> |
cfd7e6c13 FROMLIST: Update ... |
9 |
|
935b0c41f ANDROID: block: r... |
10 11 12 13 14 15 16 17 |
/* Inline crypto feature bits. Must set at least one. */ enum { /* Support for standard software-specified keys */ BLK_CRYPTO_FEATURE_STANDARD_KEYS = BIT(0), /* Support for hardware-wrapped keys */ BLK_CRYPTO_FEATURE_WRAPPED_KEYS = BIT(1), }; |
bea2b9641 ANDROID: dm: add ... |
18 |
#ifdef CONFIG_BLK_INLINE_ENCRYPTION |
c2b86b727 FROMLIST: Update ... |
19 |
struct blk_keyslot_manager; |
cfd7e6c13 FROMLIST: Update ... |
20 |
|
aac6c3dec FROMLIST: block: ... |
21 |
/** |
c2b86b727 FROMLIST: Update ... |
22 |
* struct blk_ksm_ll_ops - functions to manage keyslots in hardware |
cfd7e6c13 FROMLIST: Update ... |
23 24 |
* @keyslot_program: Program the specified key into the specified slot in the * inline encryption hardware. |
aac6c3dec FROMLIST: block: ... |
25 |
* @keyslot_evict: Evict key from the specified keyslot in the hardware. |
cfd7e6c13 FROMLIST: Update ... |
26 27 |
* The key is provided so that e.g. dm layers can evict * keys from the devices that they map over. |
aac6c3dec FROMLIST: block: ... |
28 |
* Returns 0 on success, -errno otherwise. |
1daa058cc ANDROID: block: a... |
29 30 31 |
* @derive_raw_secret: (Optional) Derive a software secret from a * hardware-wrapped key. Returns 0 on success, -EOPNOTSUPP * if unsupported on the hardware, or another -errno code. |
aac6c3dec FROMLIST: block: ... |
32 33 34 35 36 |
* * This structure should be provided by storage device drivers when they set up * a keyslot manager - this structure holds the function ptrs that the keyslot * manager will use to manipulate keyslots in the hardware. */ |
c2b86b727 FROMLIST: Update ... |
37 38 |
struct blk_ksm_ll_ops { int (*keyslot_program)(struct blk_keyslot_manager *ksm, |
cfd7e6c13 FROMLIST: Update ... |
39 |
const struct blk_crypto_key *key, |
aac6c3dec FROMLIST: block: ... |
40 |
unsigned int slot); |
c2b86b727 FROMLIST: Update ... |
41 |
int (*keyslot_evict)(struct blk_keyslot_manager *ksm, |
cfd7e6c13 FROMLIST: Update ... |
42 |
const struct blk_crypto_key *key, |
aac6c3dec FROMLIST: block: ... |
43 |
unsigned int slot); |
c2b86b727 FROMLIST: Update ... |
44 |
int (*derive_raw_secret)(struct blk_keyslot_manager *ksm, |
1daa058cc ANDROID: block: a... |
45 46 47 |
const u8 *wrapped_key, unsigned int wrapped_key_size, u8 *secret, unsigned int secret_size); |
aac6c3dec FROMLIST: block: ... |
48 |
}; |
c2b86b727 FROMLIST: Update ... |
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
struct blk_keyslot_manager { /* * The struct blk_ksm_ll_ops that this keyslot manager will use * to perform operations like programming and evicting keys on the * device */ struct blk_ksm_ll_ops ksm_ll_ops; /* * The maximum number of bytes supported for specifying the data unit * number. */ unsigned int max_dun_bytes_supported; /* * The supported features as a bitmask of BLK_CRYPTO_FEATURE_* flags. * Most drivers should set BLK_CRYPTO_FEATURE_STANDARD_KEYS here. */ unsigned int features; /* * Array of size BLK_ENCRYPTION_MODE_MAX of bitmasks that represents * whether a crypto mode and data unit size are supported. The i'th * bit of crypto_mode_supported[crypto_mode] is set iff a data unit * size of (1 << i) is supported. We only support data unit sizes * that are powers of 2. */ unsigned int crypto_modes_supported[BLK_ENCRYPTION_MODE_MAX]; /* Device for runtime power management (NULL if none) */ struct device *dev; /* Here onwards are *private* fields for internal keyslot manager use */ unsigned int num_slots; /* Protects programming and evicting keys from the device */ struct rw_semaphore lock; /* List of idle slots, with least recently used slot at front */ wait_queue_head_t idle_slots_wait_queue; struct list_head idle_slots; spinlock_t idle_slots_lock; /* * Hash table which maps struct *blk_crypto_key to keyslots, so that we * can find a key's keyslot in O(1) time rather than O(num_slots). * Protected by 'lock'. */ struct hlist_head *slot_hashtable; unsigned int log_slot_ht_size; /* Per-keyslot data */ struct blk_ksm_keyslot *slots; }; |
770581355 ANDROID: block: b... |
104 |
|
c2b86b727 FROMLIST: Update ... |
105 |
int blk_ksm_init(struct blk_keyslot_manager *ksm, unsigned int num_slots); |
aac6c3dec FROMLIST: block: ... |
106 |
|
c2b86b727 FROMLIST: Update ... |
107 108 109 |
blk_status_t blk_ksm_get_slot_for_key(struct blk_keyslot_manager *ksm, const struct blk_crypto_key *key, struct blk_ksm_keyslot **slot_ptr); |
aac6c3dec FROMLIST: block: ... |
110 |
|
c2b86b727 FROMLIST: Update ... |
111 |
unsigned int blk_ksm_get_slot_idx(struct blk_ksm_keyslot *slot); |
aac6c3dec FROMLIST: block: ... |
112 |
|
c2b86b727 FROMLIST: Update ... |
113 |
void blk_ksm_put_slot(struct blk_ksm_keyslot *slot); |
aac6c3dec FROMLIST: block: ... |
114 |
|
c2b86b727 FROMLIST: Update ... |
115 116 |
bool blk_ksm_crypto_cfg_supported(struct blk_keyslot_manager *ksm, const struct blk_crypto_config *cfg); |
aac6c3dec FROMLIST: block: ... |
117 |
|
c2b86b727 FROMLIST: Update ... |
118 119 |
int blk_ksm_evict_key(struct blk_keyslot_manager *ksm, const struct blk_crypto_key *key); |
aac6c3dec FROMLIST: block: ... |
120 |
|
c2b86b727 FROMLIST: Update ... |
121 |
void blk_ksm_reprogram_all_keys(struct blk_keyslot_manager *ksm); |
aac6c3dec FROMLIST: block: ... |
122 |
|
c2b86b727 FROMLIST: Update ... |
123 |
void blk_ksm_destroy(struct blk_keyslot_manager *ksm); |
aac6c3dec FROMLIST: block: ... |
124 |
|
c2b86b727 FROMLIST: Update ... |
125 126 |
void blk_ksm_intersect_modes(struct blk_keyslot_manager *parent, const struct blk_keyslot_manager *child); |
c7da3f4f2 ANDROID: block: I... |
127 |
|
c2b86b727 FROMLIST: Update ... |
128 129 130 131 |
int blk_ksm_derive_raw_secret(struct blk_keyslot_manager *ksm, const u8 *wrapped_key, unsigned int wrapped_key_size, u8 *secret, unsigned int secret_size); |
bea2b9641 ANDROID: dm: add ... |
132 |
|
c2b86b727 FROMLIST: Update ... |
133 |
void blk_ksm_init_passthrough(struct blk_keyslot_manager *ksm); |
1daa058cc ANDROID: block: a... |
134 |
|
bea2b9641 ANDROID: dm: add ... |
135 |
#endif /* CONFIG_BLK_INLINE_ENCRYPTION */ |
aac6c3dec FROMLIST: block: ... |
136 |
#endif /* __LINUX_KEYSLOT_MANAGER_H */ |