1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * Copyright 2019 Google LLC
4 */
5
6#ifndef __LINUX_BLK_CRYPTO_PROFILE_H
7#define __LINUX_BLK_CRYPTO_PROFILE_H
8
9#include <linux/bio.h>
10#include <linux/blk-crypto.h>
11
12struct blk_crypto_profile;
13
14/**
15 * struct blk_crypto_ll_ops - functions to control inline encryption hardware
16 *
17 * Low-level operations for controlling inline encryption hardware. This
18 * interface must be implemented by storage drivers that support inline
19 * encryption. All functions may sleep, are serialized by profile->lock, and
20 * are never called while profile->dev (if set) is runtime-suspended.
21 */
22struct blk_crypto_ll_ops {
23
24 /**
25 * @keyslot_program: Program a key into the inline encryption hardware.
26 *
27 * Program @key into the specified @slot in the inline encryption
28 * hardware, overwriting any key that the keyslot may already contain.
29 * The keyslot is guaranteed to not be in-use by any I/O.
30 *
31 * This is required if the device has keyslots. Otherwise (i.e. if the
32 * device is a layered device, or if the device is real hardware that
33 * simply doesn't have the concept of keyslots) it is never called.
34 *
35 * Must return 0 on success, or -errno on failure.
36 */
37 int (*keyslot_program)(struct blk_crypto_profile *profile,
38 const struct blk_crypto_key *key,
39 unsigned int slot);
40
41 /**
42 * @keyslot_evict: Evict a key from the inline encryption hardware.
43 *
44 * If the device has keyslots, this function must evict the key from the
45 * specified @slot. The slot will contain @key, but there should be no
46 * need for the @key argument to be used as @slot should be sufficient.
47 * The keyslot is guaranteed to not be in-use by any I/O.
48 *
49 * If the device doesn't have keyslots itself, this function must evict
50 * @key from any underlying devices. @slot won't be valid in this case.
51 *
52 * If there are no keyslots and no underlying devices, this function
53 * isn't required.
54 *
55 * Must return 0 on success, or -errno on failure.
56 */
57 int (*keyslot_evict)(struct blk_crypto_profile *profile,
58 const struct blk_crypto_key *key,
59 unsigned int slot);
60
61 /**
62 * @derive_sw_secret: Derive the software secret from a hardware-wrapped
63 * key in ephemerally-wrapped form.
64 *
65 * This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED
66 * is supported.
67 *
68 * Must return 0 on success, -EBADMSG if the key is invalid, or another
69 * -errno code on other errors.
70 */
71 int (*derive_sw_secret)(struct blk_crypto_profile *profile,
72 const u8 *eph_key, size_t eph_key_size,
73 u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]);
74
75 /**
76 * @import_key: Create a hardware-wrapped key by importing a raw key.
77 *
78 * This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED
79 * is supported.
80 *
81 * On success, must write the new key in long-term wrapped form to
82 * @lt_key and return its size in bytes. On failure, must return a
83 * -errno value.
84 */
85 int (*import_key)(struct blk_crypto_profile *profile,
86 const u8 *raw_key, size_t raw_key_size,
87 u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
88
89 /**
90 * @generate_key: Generate a hardware-wrapped key.
91 *
92 * This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED
93 * is supported.
94 *
95 * On success, must write the new key in long-term wrapped form to
96 * @lt_key and return its size in bytes. On failure, must return a
97 * -errno value.
98 */
99 int (*generate_key)(struct blk_crypto_profile *profile,
100 u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
101
102 /**
103 * @prepare_key: Prepare a hardware-wrapped key to be used.
104 *
105 * Prepare a hardware-wrapped key to be used by converting it from
106 * long-term wrapped form to ephemerally-wrapped form. This only needs
107 * to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED is supported.
108 *
109 * On success, must write the key in ephemerally-wrapped form to
110 * @eph_key and return its size in bytes. On failure, must return
111 * -EBADMSG if the key is invalid, or another -errno on other error.
112 */
113 int (*prepare_key)(struct blk_crypto_profile *profile,
114 const u8 *lt_key, size_t lt_key_size,
115 u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
116};
117
118/**
119 * struct blk_crypto_profile - inline encryption profile for a device
120 *
121 * This struct contains a storage device's inline encryption capabilities (e.g.
122 * the supported crypto algorithms), driver-provided functions to control the
123 * inline encryption hardware (e.g. programming and evicting keys), and optional
124 * device-independent keyslot management data.
125 */
126struct blk_crypto_profile {
127
128 /* public: Drivers must initialize the following fields. */
129
130 /**
131 * @ll_ops: Driver-provided functions to control the inline encryption
132 * hardware, e.g. program and evict keys.
133 */
134 struct blk_crypto_ll_ops ll_ops;
135
136 /**
137 * @max_dun_bytes_supported: The maximum number of bytes supported for
138 * specifying the data unit number (DUN). Specifically, the range of
139 * supported DUNs is 0 through (1 << (8 * max_dun_bytes_supported)) - 1.
140 */
141 unsigned int max_dun_bytes_supported;
142
143 /**
144 * @key_types_supported: A bitmask of the supported key types:
145 * BLK_CRYPTO_KEY_TYPE_RAW and/or BLK_CRYPTO_KEY_TYPE_HW_WRAPPED.
146 */
147 unsigned int key_types_supported;
148
149 /**
150 * @modes_supported: Array of bitmasks that specifies whether each
151 * combination of crypto mode and data unit size is supported.
152 * Specifically, the i'th bit of modes_supported[crypto_mode] is set if
153 * crypto_mode can be used with a data unit size of (1 << i). Note that
154 * only data unit sizes that are powers of 2 can be supported.
155 */
156 unsigned int modes_supported[BLK_ENCRYPTION_MODE_MAX];
157
158 /**
159 * @dev: An optional device for runtime power management. If the driver
160 * provides this device, it will be runtime-resumed before any function
161 * in @ll_ops is called and will remain resumed during the call.
162 */
163 struct device *dev;
164
165 /* private: The following fields shouldn't be accessed by drivers. */
166
167 /* Number of keyslots, or 0 if not applicable */
168 unsigned int num_slots;
169
170 /*
171 * Serializes all calls to functions in @ll_ops as well as all changes
172 * to @slot_hashtable. This can also be taken in read mode to look up
173 * keyslots while ensuring that they can't be changed concurrently.
174 */
175 struct rw_semaphore lock;
176 struct lock_class_key lockdep_key;
177
178 /* List of idle slots, with least recently used slot at front */
179 wait_queue_head_t idle_slots_wait_queue;
180 struct list_head idle_slots;
181 spinlock_t idle_slots_lock;
182
183 /*
184 * Hash table which maps struct *blk_crypto_key to keyslots, so that we
185 * can find a key's keyslot in O(1) time rather than O(num_slots).
186 * Protected by 'lock'.
187 */
188 struct hlist_head *slot_hashtable;
189 unsigned int log_slot_ht_size;
190
191 /* Per-keyslot data */
192 struct blk_crypto_keyslot *slots;
193};
194
195int blk_crypto_profile_init(struct blk_crypto_profile *profile,
196 unsigned int num_slots);
197
198int devm_blk_crypto_profile_init(struct device *dev,
199 struct blk_crypto_profile *profile,
200 unsigned int num_slots);
201
202unsigned int blk_crypto_keyslot_index(struct blk_crypto_keyslot *slot);
203
204void blk_crypto_reprogram_all_keys(struct blk_crypto_profile *profile);
205
206void blk_crypto_profile_destroy(struct blk_crypto_profile *profile);
207
208int blk_crypto_import_key(struct blk_crypto_profile *profile,
209 const u8 *raw_key, size_t raw_key_size,
210 u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
211
212int blk_crypto_generate_key(struct blk_crypto_profile *profile,
213 u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
214
215int blk_crypto_prepare_key(struct blk_crypto_profile *profile,
216 const u8 *lt_key, size_t lt_key_size,
217 u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
218
219void blk_crypto_intersect_capabilities(struct blk_crypto_profile *parent,
220 const struct blk_crypto_profile *child);
221
222bool blk_crypto_has_capabilities(const struct blk_crypto_profile *target,
223 const struct blk_crypto_profile *reference);
224
225void blk_crypto_update_capabilities(struct blk_crypto_profile *dst,
226 const struct blk_crypto_profile *src);
227
228#endif /* __LINUX_BLK_CRYPTO_PROFILE_H */
229

source code of linux/include/linux/blk-crypto-profile.h