Lines Matching +full:crypto +full:- +full:rst
1 // SPDX-License-Identifier: GPL-2.0
7 * Refer to Documentation/block/inline-encryption.rst for detailed explanation.
10 #define pr_fmt(fmt) "blk-crypto: " fmt
14 #include <linux/blk-crypto-profile.h>
19 #include "blk-crypto-internal.h"
23 .name = "AES-256-XTS",
30 .name = "AES-128-CBC-ESSIV",
44 .name = "SM4-XTS",
62 "Number of bio crypto contexts to preallocate");
84 * Validate the crypto mode properties. This ideally would be done with in bio_crypt_ctx_init()
85 * static assertions, but boot-time checks are the next best thing. in bio_crypt_ctx_init()
114 bc->bc_key = key; in bio_crypt_set_ctx()
115 memcpy(bc->bc_dun, dun, sizeof(bc->bc_dun)); in bio_crypt_set_ctx()
117 bio->bi_crypt_context = bc; in bio_crypt_set_ctx()
122 mempool_free(bio->bi_crypt_context, bio_crypt_ctx_pool); in __bio_crypt_free_ctx()
123 bio->bi_crypt_context = NULL; in __bio_crypt_free_ctx()
128 dst->bi_crypt_context = mempool_alloc(bio_crypt_ctx_pool, gfp_mask); in __bio_crypt_clone()
129 if (!dst->bi_crypt_context) in __bio_crypt_clone()
130 return -ENOMEM; in __bio_crypt_clone()
131 *dst->bi_crypt_context = *src->bi_crypt_context; in __bio_crypt_clone()
135 /* Increments @dun by @inc, treating @dun as a multi-limb integer. */
156 struct bio_crypt_ctx *bc = bio->bi_crypt_context; in __bio_crypt_advance()
158 bio_crypt_dun_increment(bc->bc_dun, in __bio_crypt_advance()
159 bytes >> bc->bc_key->data_unit_size_bits); in __bio_crypt_advance()
163 * Returns true if @bc->bc_dun plus @bytes converted to data units is equal to
164 * @next_dun, treating the DUNs as multi-limb integers.
171 unsigned int carry = bytes >> bc->bc_key->data_unit_size_bits; in bio_crypt_dun_is_contiguous()
174 if (bc->bc_dun[i] + carry != next_dun[i]) in bio_crypt_dun_is_contiguous()
180 if ((bc->bc_dun[i] + carry) < carry) in bio_crypt_dun_is_contiguous()
191 * Checks that two bio crypt contexts are compatible - i.e. that
200 return bc2 && bc1->bc_key == bc2->bc_key; in bio_crypt_ctx_compatible()
205 return bio_crypt_ctx_compatible(rq->crypt_ctx, bio->bi_crypt_context); in bio_crypt_rq_ctx_compatible()
219 return !bc1 || bio_crypt_dun_is_contiguous(bc1, bc1_bytes, bc2->bc_dun); in bio_crypt_ctx_mergeable()
226 bio->bi_crypt_context->bc_key->crypto_cfg.data_unit_size; in bio_crypt_check_alignment()
240 return blk_crypto_get_keyslot(rq->q->crypto_profile, in __blk_crypto_rq_get_keyslot()
241 rq->crypt_ctx->bc_key, in __blk_crypto_rq_get_keyslot()
242 &rq->crypt_keyslot); in __blk_crypto_rq_get_keyslot()
247 blk_crypto_put_keyslot(rq->crypt_keyslot); in __blk_crypto_rq_put_keyslot()
248 rq->crypt_keyslot = NULL; in __blk_crypto_rq_put_keyslot()
254 if (WARN_ON_ONCE(rq->crypt_keyslot)) in __blk_crypto_free_request()
257 mempool_free(rq->crypt_ctx, bio_crypt_ctx_pool); in __blk_crypto_free_request()
258 rq->crypt_ctx = NULL; in __blk_crypto_free_request()
262 * __blk_crypto_bio_prep - Prepare bio for inline encryption
270 * kernel crypto API. When the crypto API fallback is used for encryption,
271 * blk-crypto may choose to split the bio into 2 - the first one that will
279 * Return: true on success; false on error (and bio->bi_status will be set
286 const struct blk_crypto_key *bc_key = bio->bi_crypt_context->bc_key; in __blk_crypto_bio_prep()
290 bio->bi_status = BLK_STS_IOERR; in __blk_crypto_bio_prep()
295 bio->bi_status = BLK_STS_IOERR; in __blk_crypto_bio_prep()
301 * in falling back to the crypto API. in __blk_crypto_bio_prep()
303 if (blk_crypto_config_supported_natively(bio->bi_bdev, in __blk_crypto_bio_prep()
304 &bc_key->crypto_cfg)) in __blk_crypto_bio_prep()
316 if (!rq->crypt_ctx) { in __blk_crypto_rq_bio_prep()
317 rq->crypt_ctx = mempool_alloc(bio_crypt_ctx_pool, gfp_mask); in __blk_crypto_rq_bio_prep()
318 if (!rq->crypt_ctx) in __blk_crypto_rq_bio_prep()
319 return -ENOMEM; in __blk_crypto_rq_bio_prep()
321 *rq->crypt_ctx = *bio->bi_crypt_context; in __blk_crypto_rq_bio_prep()
326 * blk_crypto_init_key() - Prepare a key for use with blk-crypto
330 * @key_type: type of the key -- either raw or hardware-wrapped
336 * Return: 0 on success, -errno on failure. The caller is responsible for
351 return -EINVAL; in blk_crypto_init_key()
356 if (key_size != mode->keysize) in blk_crypto_init_key()
357 return -EINVAL; in blk_crypto_init_key()
360 if (key_size < mode->security_strength || in blk_crypto_init_key()
362 return -EINVAL; in blk_crypto_init_key()
365 return -EINVAL; in blk_crypto_init_key()
368 if (dun_bytes == 0 || dun_bytes > mode->ivsize) in blk_crypto_init_key()
369 return -EINVAL; in blk_crypto_init_key()
372 return -EINVAL; in blk_crypto_init_key()
374 blk_key->crypto_cfg.crypto_mode = crypto_mode; in blk_crypto_init_key()
375 blk_key->crypto_cfg.dun_bytes = dun_bytes; in blk_crypto_init_key()
376 blk_key->crypto_cfg.data_unit_size = data_unit_size; in blk_crypto_init_key()
377 blk_key->crypto_cfg.key_type = key_type; in blk_crypto_init_key()
378 blk_key->data_unit_size_bits = ilog2(data_unit_size); in blk_crypto_init_key()
379 blk_key->size = key_size; in blk_crypto_init_key()
380 memcpy(blk_key->bytes, key_bytes, key_size); in blk_crypto_init_key()
388 return __blk_crypto_cfg_supported(bdev_get_queue(bdev)->crypto_profile, in blk_crypto_config_supported_natively()
393 * Check if bios with @cfg can be en/decrypted by blk-crypto (i.e. either the
394 * block_device it's submitted to supports inline crypto, or the
395 * blk-crypto-fallback is enabled and supports the cfg).
401 cfg->key_type == BLK_CRYPTO_KEY_TYPE_RAW) in blk_crypto_config_supported()
407 * blk_crypto_start_using_key() - Start using a blk_crypto_key on a device
412 * supports the key's crypto settings, or the crypto API fallback has transforms
417 * Return: 0 on success; -EOPNOTSUPP if the key is wrapped but the hardware does
418 * not support wrapped keys; -ENOPKG if the key is a raw key but the
419 * hardware does not support raw keys and blk-crypto-fallback is either
420 * disabled or the needed algorithm is disabled in the crypto API; or
421 * another -errno code if something else went wrong.
426 if (blk_crypto_config_supported_natively(bdev, &key->crypto_cfg)) in blk_crypto_start_using_key()
428 if (key->crypto_cfg.key_type != BLK_CRYPTO_KEY_TYPE_RAW) { in blk_crypto_start_using_key()
430 return -EOPNOTSUPP; in blk_crypto_start_using_key()
432 return blk_crypto_fallback_start_using_mode(key->crypto_cfg.crypto_mode); in blk_crypto_start_using_key()
436 * blk_crypto_evict_key() - Evict a blk_crypto_key from a block_device
442 * keyslot(s) or blk-crypto-fallback keyslot it may have been programmed into.
456 if (blk_crypto_config_supported_natively(bdev, &key->crypto_cfg)) in blk_crypto_evict_key()
457 err = __blk_crypto_evict_key(q->crypto_profile, key); in blk_crypto_evict_key()
482 return -EFAULT; in blk_crypto_ioctl_import_key()
485 return -EINVAL; in blk_crypto_ioctl_import_key()
488 return -EINVAL; in blk_crypto_ioctl_import_key()
492 ret = -EFAULT; in blk_crypto_ioctl_import_key()
499 ret = -EOVERFLOW; in blk_crypto_ioctl_import_key()
506 ret = -EFAULT; in blk_crypto_ioctl_import_key()
525 return -EFAULT; in blk_crypto_ioctl_generate_key()
528 return -EINVAL; in blk_crypto_ioctl_generate_key()
534 ret = -EOVERFLOW; in blk_crypto_ioctl_generate_key()
541 ret = -EFAULT; in blk_crypto_ioctl_generate_key()
560 return -EFAULT; in blk_crypto_ioctl_prepare_key()
563 return -EINVAL; in blk_crypto_ioctl_prepare_key()
566 return -EINVAL; in blk_crypto_ioctl_prepare_key()
570 ret = -EFAULT; in blk_crypto_ioctl_prepare_key()
577 ret = -EOVERFLOW; in blk_crypto_ioctl_prepare_key()
584 ret = -EFAULT; in blk_crypto_ioctl_prepare_key()
599 bdev_get_queue(bdev)->crypto_profile; in blk_crypto_ioctl()
602 return -EOPNOTSUPP; in blk_crypto_ioctl()
612 return -ENOTTY; in blk_crypto_ioctl()